OpenVPN_Management_GUI/Modules/Forum/add_topic.php

<?php
session_start();

include($_SERVER["DOCUMENT_ROOT"]."/Site/checkuser.php");
$tbl_name="forum_question"; // Table name
$uebergabe = 1;
// Connect to server and select database.
include ($_SERVER["DOCUMENT_ROOT"]."/Config/_dbconfig_.php");

$moduleurl = $_POST['path'];
@$y = mysql_connect($MYSQL_HOST,$MYSQL_USER,$MYSQL_PASS);
@$x = mysql_select_db($MYSQL_DATABASE);
if (empty($x)) 
{ 
  die ("Keine Verbindung zur Datenbank! [<b><font color=red>FAIL</b></font>]<br>"); 
} 

// get data that sent from form
$topic=mysql_real_escape_string($_POST['topic']);
$writeperm=mysql_real_escape_string($_POST['writeperm']);
$readperm=mysql_real_escape_string($_POST['readperm']);
$detail=mysql_real_escape_string($_POST['detail']);
$name=mysql_real_escape_string($_SESSION['user_nickname']);
$avatar=mysql_real_escape_string($_SESSION['user_avatar']);

$datetime=date("d-m-y H:i:s"); //create date time
if($topic != "" && $detail != "")
{
	$sql="INSERT INTO $tbl_name(topic, detail, name, avatar, w_adminonly, w_guest, r_adminonly, r_guest, datetime)VALUES('$topic', '$detail', '$name', '$avatar', ";
	if($writeperm=="admin"){$sql=$sql."1, ";}else{$sql=$sql."0, ";}
	if($writeperm=="any"){$sql=$sql."1, ";}else{$sql=$sql."0, ";}
	if($readperm=="admin"){$sql=$sql."1, ";}else{$sql=$sql."0, ";}
	if($readperm=="any"){$sql=$sql."1, ";}else{$sql=$sql."0, ";}
	$sql=$sql."'$datetime')";
	//echo $sql;
	$result=mysql_query($sql);

	if($result)
	{
		header ("Location: ".$moduleurl."&uebergabe=0"); 
	}
	else 
	{
		echo "ERROR";
	}
}
else
{
	header ("Location: ".$moduleurl."&uebergabe=0"); 
}
mysql_close();
?>
VPN-Management-GUI 2.0.3 porting start 2012-07-16 21:30:19 +02:00			`<?php`
			`session_start();`

			`include($_SERVER["DOCUMENT_ROOT"]."/Site/checkuser.php");`
			`$tbl_name="forum_question"; // Table name`
			`$uebergabe = 1;`
			`// Connect to server and select database.`
			`include ($_SERVER["DOCUMENT_ROOT"]."/Config/_dbconfig_.php");`

			`$moduleurl = $_POST['path'];`
			`@$y = mysql_connect($MYSQL_HOST,$MYSQL_USER,$MYSQL_PASS);`
			`@$x = mysql_select_db($MYSQL_DATABASE);`
			`if (empty($x))`
			`{`
			`die ("Keine Verbindung zur Datenbank! [<b><font color=red>FAIL</b></font>]<br>");`
			`}`

			`// get data that sent from form`
			`$topic=mysql_real_escape_string($_POST['topic']);`
			`$writeperm=mysql_real_escape_string($_POST['writeperm']);`
			`$readperm=mysql_real_escape_string($_POST['readperm']);`
			`$detail=mysql_real_escape_string($_POST['detail']);`
			`$name=mysql_real_escape_string($_SESSION['user_nickname']);`
			`$avatar=mysql_real_escape_string($_SESSION['user_avatar']);`

			`$datetime=date("d-m-y H:i:s"); //create date time`
			`if($topic != "" && $detail != "")`
			`{`
			`$sql="INSERT INTO $tbl_name(topic, detail, name, avatar, w_adminonly, w_guest, r_adminonly, r_guest, datetime)VALUES('$topic', '$detail', '$name', '$avatar', ";`
			`if($writeperm=="admin"){$sql=$sql."1, ";}else{$sql=$sql."0, ";}`
			`if($writeperm=="any"){$sql=$sql."1, ";}else{$sql=$sql."0, ";}`
			`if($readperm=="admin"){$sql=$sql."1, ";}else{$sql=$sql."0, ";}`
			`if($readperm=="any"){$sql=$sql."1, ";}else{$sql=$sql."0, ";}`
			`$sql=$sql."'$datetime')";`
			`//echo $sql;`
			`$result=mysql_query($sql);`

			`if($result)`
			`{`
			`header ("Location: ".$moduleurl."&uebergabe=0");`
			`}`
			`else`
			`{`
			`echo "ERROR";`
			`}`
			`}`
			`else`
			`{`
			`header ("Location: ".$moduleurl."&uebergabe=0");`
			`}`
			`mysql_close();`
			`?>`