<input type="submit" name="search" value="Search" /> <br /> <?php if (isset($_GET['search'])) { echo "<br /><table class=\"schedule\">"; searchCourses($_GET['searchbar']); echo "</table>"; echo "<br /><input type=\"submit\" name=\"add\" value=\"Add\" />"; } ?> <br /> <?php if (isset($_GET['add'])) { $classesadded = 0; $sql = "SELECT intStudentID FROM tblStudent WHERE strStudentEID = ?;"; $studenteid = dbGetFirst($sql, "s", $_SESSION["cruser"])[0]; foreach ($_GET['check'] as $key => $value) { if (addCourse($studenteid, $value)) { $classesadded = $classesadded + 1; } } if ($classesadded > 0) { echo "<table class=\"schedule\"><tr><td class=\"advcell\">You have successfully enrolled in " . $classesadded . " classes.</td></tr>"; } else { echo "<table class=\"schedule\"><tr><td class=\"advcell\">No classes have been enrolled.</td></tr>"; } } ?> </form> </div> </body>
function getSchoolContactInfo($eid) { $sql = "SELECT intContactID AS id,\n\t\t\tstrStreet AS street,\n\t\t\tstrCity AS city,\n\t\t\tstrState AS state,\n\t\t\tstrCountry AS country,\n\t\t\tstrPostCode AS postCode,\n\t\t\tstrMobileNumber AS mobileNumber,\n\t\t\tstrHomeNumber AS homeNumber,\n\t\t\tstrEmail AS email\n\t\tFROM tblUserContact\n\t\tWHERE strExternalEID = ? AND blnEmergencyContact = 0 AND blnPermanent = 0"; if ($result = dbGetFirst($sql, "s", $eid)) { return $result; } return false; }
<?php echo "<table id=\"quicklist\">\r\n"; echo "<tr><td> ACCOUNT HOLD:</td><td>Financial Obligation Agreement</td></tr>\r\n"; echo "<tr><td> </td><td> </td></tr>\r\n"; $sql = "SELECT dblDues FROM tblstudent WHERE strStudentEID = ?;"; $row = dbGetFirst($sql, "s", $_SESSION['cruser']); echo "<tr><td> Future Due:</td><td>\$" . $row["dblDues"] . " <span class=\"text-attn\">(Pay your bills deadbeat!)</span></td></tr>\r\n"; $sql = "SELECT CONCAT(fac.strFirstName,' ',fac.strLastName) AS \"strAdvisor\", fac.strPhone AS \"strAdvPhone\"\n\t\tFROM tblstudent stu\n\t\tJOIN tblfaculty fac ON stu.intFacultyID = fac.intFacultyID\n\t\tWHERE strStudentEID = ?;"; $row = dbGetFirst($sql, "s", $_SESSION['cruser']); echo "<tr><td> Advisor:</td><td>" . $row["strAdvisor"] . " -- " . preg_replace("/(\\d{3})(\\d{3})(\\d{4})/", "(\\1) \\2-\\3", $row["strAdvPhone"]) . "</td></tr>\r\n"; echo "<tr><td> </td><td> </td></tr>\r\n"; $sql = "SELECT strStreet, CONCAT(strCity,', ',strState,' ',strPostCode) AS \"strUserAddress\", strMobileNumber, strEmail\n\t\tFROM tblusercontact WHERE blnPermanent = true AND strExternalEID = ?;"; $row = dbGetFirst($sql, "s", $_SESSION['cruser']); echo "<tr><td> Contact Info:</td><td> </td></tr>\r\n"; echo "<tr><td> -Address:</td><td>" . preg_replace("/\\d{3,4}\\s/", "*** ", $row["strStreet"]) . "</td></tr>\r\n"; echo "<tr><td> -City:</td><td>" . $row["strUserAddress"] . "</td></tr>\r\n"; echo "<tr><td> -Phone:</td><td>" . preg_replace("/(\\d).(\\d)(\\d).(\\d)(\\d)..(\\d)/", "(\\1*\\2)\\3*\\4-\\5**\\6", $row["strMobileNumber"]) . "</td></tr>\r\n"; echo "<tr><td> -Email:</td><td>" . preg_replace("/([A-Za-z])\\w+(.)@/", "\\1*\\2@", $row["strEmail"]) . "</td></tr>\r\n"; echo "<tr><td> </td><td> </td></tr>"; echo "<tr><td> Outages:</td><td>None planned at the moment.</td></tr>"; echo "</table>";
//With this it won't log us out when traversing through pages. if (!isset($_SESSION["crlogin"])) { $_SESSION["crlogin"] = false; } $error = ""; //This string is displayed to the user upon f**k ups. if ($_SERVER["REQUEST_METHOD"] == "POST" && $_SESSION["crlogin"] == false) { $username = strtolower(fixInput($_POST["username"])); $password = fixInput($_POST["password"]); $row = dbGetFirst("SELECT * FROM tbluser WHERE strEID = ?", "s", $username); if ($password != "" && $password == $row[2]) { $_SESSION["crlogin"] = true; $_SESSION["cruser"] = $username; $row = dbGetFirst("SELECT strFirstName, strLastName FROM tblStudent WHERE strStudentEID = ?", "s", $username); $_SESSION["crname"] = $row[0] . " " . $row[1]; $row = dbGetFirst("SELECT vntImage FROM tblPictureID WHERE strOwner = ?", "s", $username); $_SESSION["crphototb"] = $row[0] . ".jpg"; } else { $_SESSION["crlogin"] = false; $error = "*Incorrect user and password combination!"; } } if ($_SESSION["crlogin"] == true) { header("Location:/index.php"); exit; } else { echo "<div style=\"width:304px; border:1px solid #2f2f2f; background-color:#e7e7e7; margin:auto; position:relative; height:112px; top:64px; padding:16px; box-shadow:0px 0px 24px #4f4f4f;\">"; echo "<span class=\"title\">Login:</span>"; echo "<form method=\"post\" action=\"" . htmlspecialchars($_SERVER["PHP_SELF"]) . "\"><table>\r\n"; echo "<tr><td>Username:</td><td><input type=\"text\" name=\"username\" size=\"28\"></td></tr>\r\n"; echo "<tr><td>Password:</td><td><input type=\"password\" name=\"password\" size=\"28\"></td></tr>\r\n";