exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) { $err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } if (($db_csrf = $mysqlcon->query("SELECT * FROM `$dbname`.`csrf_token` WHERE `sessionid`='".session_id()."'")->fetchALL(PDO::FETCH_UNIQUE|PDO::FETCH_ASSOC)) === false) { $err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } if(!isset($_POST['number']) || $_POST['number'] == "yes") { $_SESSION[$rspathhex.'showexcepted'] = "yes"; $filter = " WHERE `except`='0'"; } else { $_SESSION[$rspathhex.'showexcepted'] = "no"; $filter = ""; } if(($user_arr = $mysqlcon->query("SELECT `uuid`,`cldbid`,`name` FROM `$dbname`.`user` $filter ORDER BY `name` ASC")->fetchAll(PDO::FETCH_ASSOC)) === false) { $err_msg = "DB Error1: ".print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) { $setontime = 0; if($_POST['setontime_day']) { $setontime = $setontime + $_POST['setontime_day'] * 86400; } if($_POST['setontime_hour']) { $setontime = $setontime + $_POST['setontime_hour'] * 3600; } if($_POST['setontime_min']) { $setontime = $setontime + $_POST['setontime_min'] * 60; } if($_POST['setontime_sec']) { $setontime = $setontime + $_POST['setontime_sec']; } if($setontime == 0) { $err_msg = $lang['errseltime']; $err_lvl = 3; } elseif($_POST['user'] == NULL) { $err_msg = $lang['errselusr']; $err_lvl = 3; } else { $allinsertdata = ''; $succmsg = ''; $nowtime = time(); foreach($_POST['user'] as $uuid) { $allinsertdata .= "('".$uuid."', ".$nowtime.", ".$setontime."),"; $succmsg .= sprintf($lang['sccupcount'],$setontime,$uuid)."
"; } $allinsertdata = substr($allinsertdata, 0, -1); if($mysqlcon->exec("INSERT INTO `$dbname`.`admin_addtime` (`uuid`,`timestamp`,`timecount`) VALUES $allinsertdata;") === false) { $err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } else { $err_msg = substr($succmsg,0,-4); $err_lvl = NULL; } } } elseif(isset($_POST['update'])) { echo '

',$lang['errcsrf'],'

'; rem_session_ts3($rspathhex); exit; } ?>