</p>
<p>
<label for="message">Message:</label>
<input autocomplete="off" id="message" tabindex="2" type="text" value="">
</p>
<div>
<input type="submit" value="Send">
</div>
</form>
<script src="/static/js/jquery-1.2.6.min.js" type="text/javascript"></script>
<script src="/static/js/chat.js?v<?php
echo Chat::VERSION;
?>
" type="text/javascript"></script>
<script type="text/javascript">
<!--//
Chat.init({
roomName : '<?php
echo Database::clean($this->room['name']);
?>
',
lastMessageId : <?php
echo (int) Chat::$last_message_id;
?>
});
//-->
</script>
<?php
require_once '../api_builder_includes/class.Database.inc.php';
Database::init_connection("localhost", "organization", "users", "username", "secret_password");
// Array containing the row to change. The only required values are the id and the column being changed.
// All other key => value pairs are ignored but are present here because often rows are updated in batch
// after being returned in 2D array fashion from Database::get_all_results();
$user = array("id" => 2, "first_name" => "Salvester", "last_name" => "Rinehart", "email" => "*****@*****.**", "phone_number" => "8042557684", "city" => "Richmond", "state" => "VA", "bio" => "Total badass.");
//sanitize user input
$user_cleaned = Database::clean($user);
//the 3rd parameter specifies this is an update statement by selecting which column from in the row to update
if (Database::execute_from_assoc($user_cleaned, Database::$table, "phone_number")) {
echo $user['first_name'] . "'s phone number was changed to " . $user['phone_number'];
}
$user = new User();
//print_r($_POST);
// test
$userName = $_POST["username"];
$passWord = $_POST["password"];
$adminCheck = $mydb->first("SELECT `gmlevel` FROM `account` WHERE `username`='{$userName}' AND `sha_pass_hash`='" . SHA1(strtoupper($username . ':' . $password)) . "';");
if ($adminCheck === "3") {
$isadmin = 1;
} elseif (!$adminCheck || $adminCheck == "") {
$isadmin = 0;
} else {
$isadmin = 0;
}
//echo $adminCheck;
if (isset($_POST["assignto"]) && $isadmin == 1) {
$assignto = $mydb->clean($_POST["assignto"], '', '');
$assignedname = $mydb->first("SELECT username FROM account WHERE id='{$assignto}'");
$tickid = $mydb->clean($_POST["tickid"], '', '');
$mydb->query_update('list', array('assigned' => $assignto), "id='{$tickid}'");
// echo $isadmin;
echo $assignedname;
}
if (isset($_POST["titlechange"]) && $isadmin == 1) {
$tickid = $mydb->clean($_POST["tickid"], '', '');
$mydb->query_update("list", array('title' => $_POST["titlechange"]), "id='{$tickid}'");
echo "Title changed.";
}
if (isset($_POST["closeticket"]) && $isadmin == 1) {
$closeticket = $mydb->clean($_POST["tickid"], '', '');
$mydb->query_update('list', array('status' => 0, 'finished' => time()), "id='{$closeticket}'");
echo "Ok";
public static function updateUserInRoom($room_id, $name, $status)
{
if (!$name) {
return;
}
// Set up the data
$ip = $_SERVER['REMOTE_ADDR'];
$name = Database::clean($name);
$status = (int) $status;
// Check if this user has been in this room before
$room_user = null;
$users = self::getUsersByRoomId($room_id);
foreach ($users as $user) {
if ($user['name'] == $name) {
$room_user = $user;
break;
}
}
if ($room_user) {
// Update the user
$pairs = array('hostname' => $ip, 'name' => $name, 'status' => $status);
$where = "(name = '{$name}')";
/*
$where = "((hostname = '$ip') || (name = '$name'))";
$where .= "AND (room_id = $room_id)";
*/
$GLOBALS['MHP']->updateRows('rooms_users', $pairs, $where);
} else {
// "user has entered the room"
#self::putMessages($room_id, $name, array(self::TEXT_ENTER));
// Insert the user
$GLOBALS['MHP']->insertRow('rooms_users', array('hostname' => $ip, 'name' => $name, 'room_id' => $room_id, 'status' => $status, 'timestamp' => time()));
}
}
<?php
//include the API Builder mini lib
require_once "api_builder_includes/class.API.inc.php";
//set page to output JSON
header("Content-Type: application/json; charset=utf-8");
//If API parameters were included in the http request via $_GET...
if (isset($_GET) && !empty($_GET)) {
//specify the columns that will be output by the api as a comma-delimited list
$columns = "column_name,\n\t \t\t\t\tcolumn_name,\n\t \t\t\t\tcolumn_name,\n\t \t\t\t\tcolumn_name,\n\t \t\t\t\tcolumn_name,\n\t \t\t\t\tetc...";
//setup the API
$api = new API("your_host", "your_database_name", "your_table_name", "your_database_username", "your_database_password");
$api->setup($columns);
$api->set_default_order("column_name");
$api->set_searchable("column_name, column_name, etc...");
$api->set_default_search_order("column_name");
$api->set_pretty_print(true);
//sanitize the contents of $_GET to insure that
//malicious strings cannot disrupt your database
$get_array = Database::clean($_GET);
//output the results of the http request
echo $api->get_json_from_assoc($get_array);
}
// include the API Builder Database class
require_once '../api_builder_includes/class.Database.inc.php';
var_dump($_POST);
//if POST is present...
if (isset($_POST) && !empty($_POST)) {
// Do any neccissary validation here. You can use something like https://github.com/ASoares/PHP-Form-Validation
// if you are not going to validate input, which you absolutely should if users are submitting it, then at least
// make sure the correct values are present
if (isset($_POST['first_name']) && !empty($_POST['first_name']) && isset($_POST['last_name']) && !empty($_POST['last_name']) && isset($_POST['email']) && !empty($_POST['email']) && isset($_POST['phone_number']) && !empty($_POST['phone_number']) && isset($_POST['city']) && !empty($_POST['city']) && isset($_POST['state']) && !empty($_POST['state']) && isset($_POST['bio']) && !empty($_POST['bio'])) {
// Open the database connection. This is what happens inside of the API class constructor
// but if this page is simply for submitting data to the database you can just call this method
Database::init_connection("localhost", "organization", "users", "username", "secret_password");
// Sanitize the array so that it can be safely inserted into the database.
// This method uses MySQLi real escape string and htmlspecialchars encoding.
$post_array = Database::clean($_POST);
//submit the data to your table.
if (Database::execute_from_assoc($post_array, Database::$table)) {
echo "The data was submitted to the database";
} else {
echo "There was an error submitting the data to the database";
}
} else {
echo "One or more of the required values is missing from the POST";
}
} else {
echo "Nothing was added to the database because the http request has no POST values";
}
?>
<form method="post" action="">
<?php
//Load Database Class
require '/classes/database.php';
//Instantiate db class
$db = new Database();
//Recieve Data
$what = $db->clean($_POST['your_thing']);
$achievable = $db->clean($_POST['your_promo_goal']);
$username = $db->clean($_POST['your_email']);
$password = $db->clean(md5($_POST['your_password']));
//Check to see if the user account exists
$value = $db->check($username, $password);
//Check against db to see if user exists.
$user_info = "SELECT username FROM company_information WHERE username = '******'";
$username_db = mysql_query($user_info);
if ($value == true) {
//Log user in
$sql = "UPDATE company_information SET logged_in = 1 WHERE username = '******' AND password = '******'";
mysql_query($sql);
//Put data into database and then redirect user to the payment page (dash).
} elseif ($username != $username_db && $value == false) {
//Redirect to 'do you want to create a new account page.'
header("Location: do_it.php?what={$what}&achievable={$achievable}&email={$username}&enc={$password}");
} else {
echo "I think you type in the wrong password. <a href='/a_query_post.php/'>Click here to go back and correct it</a>";
}
