function tablesforupdate($var) { global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if ($ret = check_for_lock(basename(__FILE__), $username, $password)) { return $ret; } if (!checkright(basename(__FILE__), $username, $password)) { mark_for_lock(basename(__FILE__), $username, $password); return array('ErrNum' => 9, "ErrDesc" => 'No Permission for plug-in'); } } global $xoopsDB; $sql = "SELECT * FROM " . $xoopsDB->prefix('curl_tables') . " WHERE allowupdate = 1 and visible = 1"; $ret = $xoopsDB->query($sql); $rtn = array(); while ($row = $xoopsDB->fetchArray($ret)) { $t++; $rtn[$t] = array('id' => $row['tbl_id'], 'table' => $row['tablename']); } global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if (!validateuser($var['username'], $var['password'])) { return false; } } return $rtn; }
function retrieve($var) { global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if ($ret = check_for_lock(basename(__FILE__), $username, $password)) { return $ret; } if (!checkright(basename(__FILE__), $username, $password)) { mark_for_lock(basename(__FILE__), $username, $password); return array('ErrNum' => 9, "ErrDesc" => 'No Permission for plug-in'); } } global $xoopsDB; if (strlen($var['tablename']) > 0) { $tbl_id = get_tableid($var['tablename']); } elseif ($var['id'] > 0) { $tbl_id = $var['id']; } else { return array('ErrNum' => 2, "ErrDesc" => 'Table Name or Table ID not specified'); } if (!validate($tbl_id, $var['data'], "allowretrieve")) { return array('ErrNum' => 4, "ErrDesc" => 'Not all fields are allowed retrieve'); } else { $sql = "SELECT "; foreach ($var['data'] as $data) { if ($data['field'] == '*') { return array('ErrNum' => 7, "ErrDesc" => 'Wildcard not accepted'); } $sql_b .= "`" . $data['field'] . "`,"; } if (strlen($var['clause']) > 0) { if (strpos(' ' . strtolower($var['clause']), 'union') > 0) { return array('ErrNum' => 8, "ErrDesc" => 'Union not accepted'); } $sql_c .= 'WHERE ' . $var['clause'] . ""; } global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if (!validateuser($var['username'], $var['password'])) { return false; } } //echo $sql." ".substr($sql_b,0,strlen($str_b)-1)." FROM ".$xoopsDB->prefix(get_tablename($tbl_id))." ".$sql_c; $rt = $xoopsDB->queryf($sql . " " . substr($sql_b, 0, strlen($str_b) - 1) . " FROM " . $xoopsDB->prefix(get_tablename($tbl_id)) . " " . $sql_c); if (!$xoopsDB->getRowsNum($rt)) { return array('ErrNum' => 3, "ErrDesc" => 'No Records Returned from Query'); } else { $rtn = array(); while ($row = $xoopsDB->fetchArray($rt)) { $rdata = array(); foreach ($var['data'] as $data) { $rdata[] = array("fieldname" => $data['field'], "value" => $row[$data['field']]); } $rtn[] = $rdata; } } return array("total_records" => $xoopsDB->getRowsNum($rt), "items" => $rtn); } }
function update($var) { global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if ($ret = check_for_lock(basename(__FILE__), $username, $password)) { return $ret; } if (!checkright(basename(__FILE__), $username, $password)) { mark_for_lock(basename(__FILE__), $username, $password); return array('ErrNum' => 9, "ErrDesc" => 'No Permission for plug-in'); } } global $xoopsDB; if (strlen($var['tablename']) > 0) { $tbl_id = get_tableid($var['tablename']); } elseif ($var['id'] > 0) { $tbl_id = $var['id']; } else { return array('ErrNum' => 2, "ErrDesc" => 'Table Name or Table ID not specified'); } if (!validate($tbl_id, $var['data'], "allowupdate")) { return array('ErrNum' => 5, "ErrDesc" => 'Not all fields are allowed update'); } else { $sql = "UPDATE " . $xoopsDB->prefix(get_tablename($tbl_id)) . ' SET '; foreach ($var['data'] as $data) { if (!is_fieldkey($data['field'], $tbl_id)) { $sql_b .= "`" . $data['field'] . "` = '" . addslashes($data['value']) . "',"; } else { if (strpos(' ' . $data['value'], '%') > 0 || strpos(' ' . $data['value'], '_') > 0) { return array('ErrNum' => 7, "ErrDesc" => 'Wildcard not accepted'); } if (strpos(' ' . strtolower($data['value']), 'union') > 0) { return array('ErrNum' => 8, "ErrDesc" => 'Union not accepted'); } $sql_c .= " WHERE `" . $data['field'] . "` = '" . addslashes($data['value']) . "'"; } } if (strlen($sql_c) == 0) { return array('ErrNum' => 6, "ErrDesc" => 'No primary key set'); } global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if (!validateuser($var['username'], $var['password'])) { return false; } } return $xoopsDB->queryF($sql . substr($sql_b, 0, strlen($sql_b) - 1) . $sql_c); } }
function tableschemer($var) { global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if ($ret = check_for_lock(basename(__FILE__), $username, $password)) { return $ret; } if (!checkright(basename(__FILE__), $username, $password)) { mark_for_lock(basename(__FILE__), $username, $password); return array('ErrNum' => 9, "ErrDesc" => 'No Permission for plug-in'); } } global $xoopsDB; $sql = "SELECT * FROM " . $xoopsDB->prefix('curl_fields') . " WHERE visible = 1 "; if ($var['post'] = 1) { $sql .= "and allowpost = 1 "; } elseif ($var['retrieve'] = 1) { $sql .= "and allowretrieve = 1 "; } elseif ($var['update'] = 1) { $sql .= "and allowupdate = 1 "; } if (strlen($var['tablename']) > 0) { $sql .= "and tbl_id = " . get_tableid($var['tablename']); } elseif ($var['id'] > 0) { $sql .= "and tbl_id = " . $var['id']; } else { return array('ErrNum' => 2, "ErrDesc" => 'Table Name or Table ID not specified'); } $ret = $xoopsDB->query($sql); $rtn = array(); while ($row = $xoopsDB->fetchArray($ret)) { $rtn[] = array('table_id' => $row['tbl_id'], 'field' => $row['fieldname'], 'allowpost' => $row['allowpost'], 'allowretrieve' => $row['allowretrieve'], 'allowupdate' => $row['allowupdate'], 'string' => $row['string'], 'int' => $row['int'], 'float' => $row['float'], 'text' => $row['text'], 'key' => $row['key'], 'other' => $row['other']); } global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if (!validateuser($var['username'], $var['password'])) { return false; } } return $rtn; }
function post($var) { global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if ($ret = check_for_lock(basename(__FILE__), $username, $password)) { return $ret; } if (!checkright(basename(__FILE__), $username, $password)) { mark_for_lock(basename(__FILE__), $username, $password); return array('ErrNum' => 9, "ErrDesc" => 'No Permission for plug-in'); } } global $xoopsDB; if (strlen($var['tablename']) > 0) { $tbl_id = get_tableid($var['tablename']); } elseif ($var['id'] > 0) { $tbl_id = $var['id']; } else { return array('ErrNum' => 2, "ErrDesc" => 'Table Name or Table ID not specified'); } if (!validate($tbl_id, $var['data'], "allowpost")) { return array('ErrNum' => 1, "ErrDesc" => 'Not all fields are allowed posting'); } else { $sql = "INSERT INTO " . $xoopsDB->prefix(get_tablename($tbl_id)); foreach ($var['data'] as $data) { $sql_b .= "`" . $data['field'] . "`,"; $sql_c .= "'" . addslashes($data['value']) . "',"; } global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if (!validateuser($var['username'], $var['password'])) { return false; } } // echo $sql." (".substr($sql_b,0,strlen($str_b)-1).") VALUES (".substr($sql_c,0,strlen($str_c)-1).")"; $rt = $xoopsDB->queryF($sql . " (" . substr($sql_b, 0, strlen($str_b) - 1) . ") VALUES (" . substr($sql_c, 0, strlen($str_c) - 1) . ")"); return array("insert_id" => $xoopsDB->getInsertId($rt)); } }
function retrievekeys($var) { global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if ($ret = check_for_lock(basename(__FILE__), $username, $password)) { return $ret; } if (!checkright(basename(__FILE__), $username, $password)) { mark_for_lock(basename(__FILE__), $username, $password); return array('ErrNum' => 9, "ErrDesc" => 'No Permission for plug-in'); } } global $xoopsDB; $sql = "SELECT * FROM " . $xoopsDB->prefix('curl_fields') . " WHERE `key` = 1 and visible = 1 "; if (strlen($var['tablename']) > 0) { $sql .= "and tbl_id = " . get_tableid($var['tablename']); $tbl_id = get_tableid($var['tablename']); } elseif ($var['id'] > 0) { $sql .= "and tbl_id = " . $var['id']; $tbl_id = $var['id']; } else { return array('ErrNum' => 2, "ErrDesc" => 'Table Name or Table ID not specified'); } $ret = $xoopsDB->query($sql); $sql = "SELECT "; $tmp = array(); while ($row = $xoopsDB->fetchArray($ret)) { $sql .= '`' . $row['fieldname'] . '`'; $tmp[] = $row['fieldname']; $t++; if ($t < $xoopsDB->getRowsNum($ret)) { $sql .= ', '; } } if (strlen($var['tablename']) > 0) { $sql .= ' FROM ' . $xoopsDB->prefix($var['tablename']); } elseif ($var['id'] > 0) { $sql .= ' FROM ' . $xoopsDB->prefix(get_tablename($var['id'])); } if ($var['clause'] == 1) { if (strpos(' ' . strtolower($var['clause']), 'union') > 0) { return array('ErrNum' => 8, "ErrDesc" => 'Union not accepted'); } $sql .= ' WHERE `' . get_fieldname($var['fieldid'], $tbl_id) . '` ' . $var['clause']; } $ret = $xoopsDB->query($sql); $rtn = array(); while ($row = $xoopsDB->fetchArray($ret)) { $id++; $tmp_b = array(); foreach ($tmp as $result) { $tmp_b[] = array("field" => $result, "value" => $row[$result]); } $rtn[] = array('id' => $id, 'data' => $tmp_b); } global $xoopsModuleConfig; if ($xoopsModuleConfig['site_user_auth'] == 1) { if (!validateuser($var['username'], $var['password'])) { return false; } } return $rtn; }
<?php include "database/db_connection.php"; // make connection here include "validateuser.php"; if (isset($_POST['register'])) { if (validateuser()) { $user_name = $_POST['username']; // here getting result from the post array after submitting the form. $user_pass = $_POST['pass']; // same $user_email = $_POST['email']; // same $user_fname = $_POST['fname']; // same $user_lname = $_POST['lname']; // same $user_mname = $_POST['mname']; // same $user_gender = $_POST['gender']; // same $user_dob = $_POST['dob']; // same $user_phonenumber = $_POST['phonenumber']; // same $user_line1 = $_POST['line1']; // same $user_line2 = $_POST['line2']; // same $user_city = $_POST['city']; // same
<?php if (!isset($_REQUEST['cmd'])) { echo '{"result":0,message:"unknown command"}'; exit; } $cmd = $_REQUEST['cmd']; switch ($cmd) { case 1: addUser(); break; case 2: validateuser(); break; case 3: addbooking(); break; case 4: confirmbooking(); break; case 5: getbookingsforprovider(); break; case 6: getservices(); break; case 7: getservicelist(); break; case 8: getmybookings();
<?php include "common/database.php"; include "common/function.php"; $user = $_POST['user']; $pass = $_POST['pass']; if (validateuser($user, $pass)) { $db = new Database(); $conn = $db->connect(); $condition = "where user='******' and pass='******'"; ?> <div class="row"> <div class="col-xs-3 col-sm-3 col-md-3 col-lg-3"> </div> <div class="col-xs-6 col-sm-6 col-md-6 col-lg-6" id="pro-div"> <?php $log_auth = $db->select("*", "users", $condition); if ($log_auth[0]['role'] === 'admin') { ?> <div class="panel-group" id="accordion" role="tablist" aria-multiselectable="true"> <?php $condition = "where role='emp'"; $all_emp = $db->select("*", "users", $condition); foreach ($all_emp as $emp_list) { $uid = $emp_list['id']; ?> <div class="panel panel-default"> <div class="panel-heading" role="tab" id="heading<?php echo $uid; ?>