function set_financial_aid($clientid, $aidid, $amount) { $s = q("insert into family_to_aid values('" . clean_query($clientid) . "', '" . clean_query($aidid) . "', '" . clean_query($amount) . "');"); if (a() > 0) { return true; } return false; }
function delete_product($productid) { $s = q("delete from product where productid = '" . clean_query($productid) . "' limit 1;"); $a = a(); $s = q("delete from bag_to_product where productid = '" . clean_query($productid) . "' limit 1;"); if ($a > 0 || a() > 0) { return true; } return false; }
public function action_index() { if (isset($_POST['action']) && $_POST['action'] === 'view') { $id = (int) clean_query($_POST['id']); $data = $this->model->show_article_by_id($id); $this->view->generate('article_view.php', 'template_view.php', $data); } else { $data = $this->model->last_posted(); $this->view->generate('article_view.php', 'template_view.php', $data); } }
function user_change_password($userid, $old_password, $new_password) { $user_entry = get_user_by_id($userid); $checksum = md5(md5($old_password) . $user_entry['salt']); if ($checksum == $user_entry['password']) { // valid old password, set new password $new_checksum = md5(md5($new_password) . $user_entry['salt']); $s = q("UPDATE user SET password = '******' WHERE userid = '" . clean_query($userid) . "' LIMIT 1;"); if (a() > 0) { return true; } return false; } else { // invalid old password return false; } }
function new_bag_transaction_date($clientid, $date) { $client = get_family_by_id($clientid); $s = q("insert into transaction values('', '" . clean_query($clientid) . "', '" . clean_query($client['delivery']) . "', '" . clean_query($date) . "');"); if (a() == 0) { return false; } $id = i(); $sources = get_all_bag_food_sources($client['bagid']); foreach ($sources as $source) { $s = q("insert into transaction_to_food_source values('" . $id . "', '" . $source['sourceid'] . "', '" . $source['weight'] . "', '" . $source['price'] . "');"); } if (a() == 0) { $s = q("delete from transaction where transaction.transactionid = '" . clean_query($id) . "' limit 1;"); return false; } return true; }
function start_session_tracking() { session_start(); return true; clean_session_db(); error_reporting(E_ALL); $sessionhash = md5(get_session_id()); $idhash = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']); // see: mysql.lib.php $s = q("select * from `session` where `hash` = '" . clean_query($sessionhash) . "' limit 1;"); if (n($s) == 0) { $s = q("insert into `session` values('', '0', '" . clean_query($sessionhash) . "', '" . clean_query($idhash) . "', '" . clean_query(time()) . "');"); if (a() == 1) { // success return true; } else { // failure return false; } } else { while ($r = f($s)) { //4c5b06225553e12bed914e6836ff4859 if ($r["identity"] != $idhash) { return false; } $s = q("update `session` set `activity` = '" . clean_query(time()) . "' where `hash` = '" . clean_query($sessionhash) . "' limit 1;"); return true; /*if (a() == 1) { // success return true; } else { // failure return false; }*/ } } return false; }
function delete_client_transaction($transactionid) { $s = q("delete from transaction where transactionid = '" . clean_query($transactionid) . "';"); if (a() <= 0) { return false; } $s = q("delete from transaction_to_food_source where transactionid = '" . clean_query($transactionid) . "';"); if (a() <= 0) { return false; } return true; }
require_once "../includes/session.php"; require_once "../includes/db_connection.php"; require_once "../includes/functions.php"; require_once "../includes/validation_functions.php"; ?> <?php if (isset($_POST["submit"])) { /* process the form */ $user_name = clean_query($_POST["user_name"]); $user_pass = clean_query($_POST["user_pass"]); $user_mail = clean_query($_POST["user_mail"]); $user_type = clean_query($_POST["user_type"]); if ($_SESSION["user_type"] == "admin") { $user_type = clean_query($_POST["user_type"]); /* validations */ $required_fields = array("user_name", "user_pass", "user_mail", "user_type"); validate_presences($required_fields); } elseif ($_SESSION["user_type"] == "user") { $_SESSION["message"] = "Only one account per user please."; redirect_to("index_user.php"); } else { $user_type = "user"; /* validations */ $required_fields = array("user_name", "user_pass", "user_mail"); validate_presences($required_fields); } if (!empty($errors)) { $_SESSION["errors"] = $errors; redirect_to("new_user.php");
function get_logs($action, $time) { $s = q("select uid from log where log.action = '" . clean_query($action) . "' and log.ip = '" . clean_query(get_ip()) . "' and log.date > '" . clean_query(time() - $time) . "';"); return n($s); }
<?php require_once "../includes/session.php"; require_once "../includes/db_connection.php"; require_once "../includes/functions.php"; require_once "../includes/validation_functions.php"; find_selected_listing(); ?> <?php if (isset($_POST["submit"])) { /* process the form */ $id = $listing["id"]; $user_id = 0; $ad_name = clean_query($_POST["ad_name"]); $ad_info = clean_query($_POST["ad_info"]); /* validations */ $required_fields = array("ad_name", "ad_info"); validate_presences($required_fields); $fields_with_max_lengths = array("ad_name" => 30); validate_max_lengths($fields_with_max_lengths); if (!empty($errors)) { $_SESSION["errors"] = $errors; redirect_to("edit_listing.php?listing={$id}"); } /* perform database query */ $query = "update listings set "; $query .= "ad_name = '{$ad_name}', "; $query .= "ad_info = '{$ad_info}' "; $query .= "where id = {$id} "; $query .= "limit 1";
function delete_aid($id) { $s = q("delete from aid where aidid = '" . clean_query($id) . "' limit 1;"); if (a() > 0) { return true; } return false; }
public function create_category() { $name = clean_query($_POST['category_name']); $create = $this->model->add_category($name); $this->view->generate('category_view.php', 'template_view.php', $create); }
function delete_bag_content($bagid, $productid) { $s = q("delete from bag_to_product where bagid = '" . clean_query($bagid) . "' and productid = '" . clean_query($productid) . "' limit 1;"); if (a() > 0) { return true; } return false; }