Демино, Веломарафон 2015 //require ($_SERVER ["DOCUMENT_ROOT"] . "/login/index.htm"); require_once ($_SERVER ["DOCUMENT_ROOT"] . "/login/privilege.htm"); require_once ($_SERVER ["DOCUMENT_ROOT"] . "/login/user.htm"); require_once ($_SERVER ["DOCUMENT_ROOT"] . "/db/link.htm"); function selectCompetitionListToHTML () { //echo ""; $addl_where = "isPublish=1"; if(isset($_SESSION ['sitepriv']) && $_SESSION ['sitepriv'] == 'admin') { //$sitePrivilage = $_SESSION ['sitepriv']; $addl_where = "1"; } if(isset($_SESSION ['idUser']) && $_SESSION ['idUser'] == 239) { $addl_where = "1"; } if (isset($_GET ["competitionFilter"])) if ($_GET ["competitionFilter"] != "") $search = $_GET ["competitionFilter"]; if (isset($_GET ["competitionSearchQuery"])) if ($_GET ["competitionSearchQuery"] != "") $search = $_GET ["competitionSearchQuery"]; if (isset ($search)) // order by relevance $query = "SELECT isPublish, max(id) id, title FROM competition WHERE {$addl_where} and title like '%$search" . "%' GROUP BY title ORDER BY CASE WHEN title like '$search" . "%' THEN 0 WHEN title like '% %$search" . "% %' THEN 1 WHEN title like '%$search' THEN 2 ELSE 3 END, title"; //$query = "SELECT id, title FROM competition WHERE title LIKE '%" . "$search" . "%'"; else $query = "SELECT id, title,isPublish FROM competition where {$addl_where} order by id desc"; echo ""; $link = connectToDB (); $result = mysql_query ($query) or die ('Запрос не удался: ' . mysql_error()); // Выводим результаты в html while ($line = mysql_fetch_array ($result, MYSQL_ASSOC)) { //TODO: исправить //if( $line ["isPublish"] == 0 && $_SESSION ['idUser'] != 134) continue; $competitionID = $line ["id"]; $competitionName = $line ["title"]; $href = "/catalog/?id1=$competitionID"; echo "
  • $competitionName
  • \r\n"; } mysql_free_result ($result); mysql_close ($link); return 0; } function centralSearchStrg () { if (isset($_GET ["competitionFilter"])) if ($_GET ["competitionFilter"] != "") return $_GET ["competitionFilter"]; if (isset($_GET ["competitionSearchQuery"])) if ($_GET ["competitionSearchQuery"] != "") return $_GET ["competitionSearchQuery"]; return ""; } // main. Логика перехода на другие страницы // опять же, ничего не фильтруется. в $competitionID можно записать всё, что угодно: не число, словом. Можно преобразовать $_GET ["id1"] в число, при фейле - die if (isset($_GET ["id1"])) if ($_GET ["id1"] != "") { $competitionID = $_GET ["id1"]; setUserCurrentCompID ($competitionID); $priv = getPriv (); if ($priv === "admin") $href = "http://old.mysportfilm.ru/competition/"; elseif (TRUE/*$priv === "user"*/) $href = "http://old.mysportfilm.ru/commonfilm/"; if (isset($_GET ["to"])) if ($_GET ["to"] != "" && $_GET ["to"] == "myfilm") $href = "http://old.mysportfilm.ru/myfilm/"; header ("Location: $href"); } ?>

    Как создавать свой фильм

    1. ">Главная
    2. Каталог

    Каталог соревнований

    "; $login = $_POST ["LogInUserLogin"]; $password = $_POST ["LogInUserPassword"]; authentification ($login, $password); header ("Location: https://" . $_SERVER ['HTTP_HOST'] . "/index.htm"); exit; } if (isset ($_GET ["action"])) if ($_GET ["action"] === "logout") { echo "

    Сейчас начтётся логаут

    "; logOut (); } elseif ($_GET ["action"] === "login") { require_once "../template/login_popup.php"; } ?>