www.dev2.delv-in.com - UnknownSec 403

upload mass deface mass delete console info server
name : m_guide_menu.php
 <?php


class Guide_Menu {

	private $Database;
	private $db_table = 'guide_menu';

	function __construct(){
		global $Database;
		$this->Database = $Database;
	}

	/*
		Getters / Setters
	*/

	/**
	 * Retrieve jobs from database
	 *
	 * @access	public
	 * @param	int (optional)
	 * @return	array
	 */

	public function get($menuID, $menuCrumbs, $access, $content){

		$data = array();

		// echo __LINE__." menuID=". $menuID . " menuCrumbs=". $menuCrumbs ." access=". $access ."<br>";

		if ($menuID > 0){
			if ($stmt = $this->Database->prepare("SELECT * FROM `" . $this->db_table . "` WHERE `menuID` = ? ")){
				// echo __LINE__.": SELECT * FROM ".$this->db_table." WHERE menuCrumbs ='".$_SESSION['PID']."'  and menuID = '". $menuID."'";
				$stmt->bind_param('i', $menuID);
				$stmt->execute();
				$stmt->store_result();
				$stmt->bind_result($menuID, $menuCrumbs, $content, $access, $rank);
				$stmt->fetch();
				if ($stmt->num_rows >0){
					$data = array('menuID'=>$menuID, 'menuCrumbs'=>$menuCrumbs, 'content'=>$content, 'access'=>$access, 'rank'=>$rank);
				}
				$stmt->close();
			} else {
				die ("ERROR: Could not prepare MySQLi statement. [m_guide_menu :".__LINE__."] ");
			}

		} else {

			$query = "SELECT * FROM `" . $this->db_table . "` WHERE `menuID` > '0' ";

			if ($access != ''){
				$query .= "and (`access` = '". $access . "' or `access` = '') ";
			}

			if ($menuCrumbs != ''){
				$query .= "and `menuCrumbs` LIKE '%" . $menuCrumbs ."%' ";
			}
			if ($content != ''){
				$query .= "and `content` LIKE '%" . $content ."%' ";
			}
			$query .= "ORDER BY `rank`";

			// echo __LINE__.": " . $query . "<br>";

			if ($stmt = $this->Database->query($query)){
				if ($stmt->num_rows > 0){
					while ($row = $stmt->fetch_array()){
						$data[$row['menuID']] = array('menuID'=>$row['menuID'], 'menuCrumbs'=>$row['menuCrumbs'], 'content'=>$row['content'],'access'=>$row['access'], 'rank'=>$row['rank']); 
					}
				}
			}

		}
		return $data;
		$stmt->close();

	}



	public function get_4_menu($level, $menuCrumbs, $access, $content){

	 	$data = array();

		// echo __LINE__." ". $menuCrumbs ."<br>";

	 	$rows = $this->get('', $menuCrumbs, $access, $content);

		// echo "<pre>"; print_r($rows); echo "</pre>";

	 	foreach ($rows as $menuID => $row){

	 		$data[$menuID] = $row['content'];

	 		
	 	}
		// echo "<pre>"; print_r($data); echo "</pre>";

	 	return $data;
	}


	/**
	 * Update Open Time for current practice
	 *
	 * @access	public
	 * @param	int (optional)
	 * @return	NULL
	 */
	public function add_mod($menuID, $menuCrumbs, $content, $access, $rank){

		$Template = new Template;

		// update 

		if ($menuID > 0){

			$query = "UPDATE ".$this->db_table." SET menuCrumbs='".$menuCrumbs."', content = '".$content."', access = '". $access." WHERE menuID = '". $menuID ."'";

			if ($stmt = $this->Database->prepare("UPDATE ".$this->db_table." SET menuCrumbs=?, content=?, access=? WHERE menuID = ?")){
				$stmt->bind_param("sssi", $menuCrumbs, $content, $access, $menuID);
				if ($stmt->execute()){
					$Template->set_alert("Changes saved", "success");
				} else {
					$Template->set_alert("ERROR: Changes NOT saved", "error");;
				}
				$stmt->close();
			} else {
				$Template->set_alert("ERROR: could not prepare SQL statement.<br><span class='comment'>".__LINE__."-m_guide_menu</span>", "error");;
			}
		} else {
			// insert new record
			
			$query = "INSERT ".$this->db_table." (menuCrumbs, content, access, rank) VALUES ('". $menuCrumbs."','".$content."','". $access ."','". $rank ."')";

			if ($stmt = $this->Database->prepare("INSERT ".$this->db_table." (menuCrumbs, content, access, rank) VALUES (?,?,?,?)")){
				$stmt->bind_param('ssss', $menuCrumbs, $content, $access, $rank);
				if ($stmt->execute()){
					$Template->set_alert("Menu item added", "success");
				} else {
					$Template->set_alert("ERROR: Record NOT added", "error");;
				}
				$stmt->close();
			} else {
				$Template->set_alert("ERROR: could not prepare SQL statement", "error");
			}
		}
		// echo __LINE__.": " . $query ."<br>";
	}



    public function update_rank($menuID, $menuCrumbs, $rank, $oldRank){

        $Template = new Template;

        // echo __line__.": rank =".$rank.", oldRank=".$oldRank."<br>";
        $increment = 1;

        if ($rank <= 0){
            // a menu item has been deleted.
            $query = "UPDATE ". $this->db_table . " SET rank = rank-1 WHERE rank > '".$oldRank."' and menuCrumbs = '".$menuCrumbs."'";
        // echo __line__.": ".$query."<br>";

            if ($stmt = $this->Database->prepare('UPDATE ' . $this->db_table . " SET rank = rank-? WHERE rank > ? and menuCrumbs = ?")){
                $stmt->bind_param('iis', $increment, $oldRank, $menuCrumbs);
                $stmt->execute();
                $stmt->close();
            }



        } else if ($rank > $oldRank){

            $this->decrement_rank($menuCrumbs, $rank, $oldRank);
            

        } else if ($rank < $oldRank){

            $this->increment_rank($menuCrumbs, $rank, $oldRank);

        }

        if ($menuID > 0){

        	 $query = "UPDATE " . $this->db_table ." SET rank = '".$rank."' WHERE menuID = '".$menuID."'";
	        // echo __line__.": ".$query."<br>";

	        if ($stmt = $this->Database->prepare("UPDATE " . $this->db_table ." SET rank = ? WHERE menuID = ?")){
	            $stmt->bind_param('ii', $rank, $menuID);
	            if ($stmt->execute()){
	                // $Template->set_alert('Changes saved', 'success');
	            } else {
	                $Template->set_alert('ERROR: Changes not saved', 'error');
	            }
	            $stmt->close();
	        }
        }

       
    }


    public function decrement_rank($menuCrumbs, $rank, $oldRank){

        $increment = 1;

        $Template = new Template;
            
        $query = 'UPDATE ' . $this->db_table . " SET rank = rank-1 WHERE rank > '".$oldRank."' and rank <= '".$rank."' and menuCrumbs = '".$menuCrumbs."'";
        // echo __line__.": ".$query."<br>";

            if ($stmt = $this->Database->prepare('UPDATE ' . $this->db_table . " SET rank = rank-? WHERE rank > ? and rank <= ? and menuCrumbs=?")){
                $stmt->bind_param('iiis', $increment, $oldRank, $rank, $menuCrumbs);
                $stmt->execute();
                // $Template->set_alert($query);
                $stmt->close();
            }

    }

    public function increment_rank($menuCrumbs, $rank, $oldRank){

        $increment = 1;

        $Template = new Template;

        $query = "UPDATE ". $this->db_table . " SET rank = rank + 1 WHERE rank < '".$oldRank."' and rank >= '".$rank."' and menuCrumbs='".$menuCrumbs."'";
        // echo __line__.": ".$query."<br>";

        if ($stmt = $this->Database->prepare('UPDATE ' . $this->db_table . " SET rank = rank+? WHERE rank < ? and rank >= ? and menuCrumbs=?")){
            $stmt->bind_param('iiis', $increment, $oldRank, $rank, $menuCrumbs);
            $stmt->execute();
                // $Template->set_alert($query);
            $stmt->close();
        }

    }




	/**
	 *
	 * @access	public
	 * @param	int
	 * @return	NULL
	 */
	public function delete($menuID, $menuCrumbs, $rank){

		$Template = new Template;


		if ($menuID > 0){
			if ($stmt = $this->Database->prepare("DELETE FROM ".$this->db_table." WHERE menuID = ?")){
				$stmt->bind_param('i', $menuID);
				if ($stmt->execute()){

					$this->update_rank($menuID, $menuCrumbs, '', $rank);

					$Template->set_alert("Data deleted", "success");

				} else {
					$Template->set_alert("ERROR: Delete failed", "error");
				}
				$stmt->close();
			} else {
				$Template->set_alert("ERROR: could not prepare SQL statement.".__LINE__."-m_guide_menu", "error");
			}
		}
	}



}
UnknownSec Shell
