function get_user_data()
{
$connection = connect_to_mysql();
$query = "SELECT * FROM users WHERE email = '";
$query .= $_SESSION["email"] . "'";
$result = mysqli_query($connection, $query);
$row = mysqli_fetch_array($result);
if ($row != false) {
close_mysql_connection($connection);
return $row;
}
}
function check_change_password()
{
$fail = false;
//if old password is incorrect, exit
$connection = connect_to_mysql();
$query = "SELECT * FROM users WHERE email = '" . $_SESSION['email'] . "' AND password = '******'";
$row = mysqli_query($connection, $query);
if (mysqli_num_rows($row) != 1) {
$GLOBALS['oldPasswordIncorrect'] = true;
$fail = true;
}
// if password contains special characters, exit
if (!filter_var($_POST["InputPW1"], FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => "/^[a-zA-Z0-9_]*\$/")))) {
$GLOBALS['passwordNotValid'] = true;
$fail = true;
}
//if passwords do not match, exit
if ($_POST["InputPW1"] != $_POST["InputPW2"]) {
$GLOBALS['passwordNotMatch'] = true;
$fail = true;
}
if (!$fail) {
start_password_change($connection);
}
close_mysql_connection($connection);
}
function input_listing($connection)
{
//$connection = connect_to_mysql(); $maprice = filter_input(INPUT_POST, "maxprice", FILTER_VALIDATE_INT);
$description = filter_input(INPUT_POST, "description", FILTER_SANITIZE_STRING);
$address = filter_input(INPUT_POST, "address", FILTER_SANITIZE_STRING);
$zip_code = filter_input(INPUT_POST, "zipcode", FILTER_VALIDATE_INT);
$city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING);
$us_state = filter_input(INPUT_POST, "us_state", FILTER_SANITIZE_STRING);
$price = filter_input(INPUT_POST, "price", FILTER_VALIDATE_INT);
$sq_ft = filter_input(INPUT_POST, "sq_ft", FILTER_VALIDATE_INT);
$num_bedrooms = filter_input(INPUT_POST, "num_bedrooms", FILTER_VALIDATE_INT);
$num_bathrooms = filter_input(INPUT_POST, "num_bathrooms", FILTER_VALIDATE_INT);
$num_garages = filter_input(INPUT_POST, "num_garages", FILTER_VALIDATE_INT);
$target_id_query = "Select id from listings Where id<(select max(Id) from listings)\n\t\torder by id desc limit 1";
$result = mysqli_query($connection, $target_id_query);
$row = mysqli_fetch_array($result);
echo $row[0];
//$target_dir = $target_dir . basename(($_FILES["uploadFile"]["name"]));
$w_address = $address . ", " . $city . ", " . $us_state;
$walkscore = get_walkscore($w_address);
$uploadOk = 1;
$i = 1;
while ($i < count($_FILES) + 1) {
$target_dir = "./assets/home_images/home" . ((int) $row[0] + 2) . "/small/home" . ((int) $row[0] + 2) . "_" . $i . ".jpg";
if (move_uploaded_file($_FILES["image" . $i]["tmp_name"], $target_dir)) {
${'image' . $i} = "home" . ((int) $row[0] + 2) . "_" . $i . ".jpg";
echo "The file " . basename($_FILES["image" . $i]["name"]) . " has been uploaded.\n";
} else {
echo "Sorry, there was an error uploading your file.";
$i++;
}
$i++;
}
$query = "INSERT INTO listings (description, address, zip_code, city, us_state, price, sq_ft, num_bedrooms, num_bathrooms, num_garages, image1, image2, image3, walk_score)";
$query .= "VALUES('{$description}', '{$address}', '{$zip_code}', '{$city}', '{$us_state}', '{$price}', '{$sq_ft}', '{$num_bedrooms}', '{$num_bathrooms}', '{$num_garages}', '{$image1}', '{$image2}', '{$image3}', '{$walkscore}')";
if (!mysqli_query($connection, $query)) {
die('Error: ' . mysqli_error($connection));
}
echo "1 record added";
close_mysql_connection($connection);
}
$end = $plan['end'];
}
// affichage des valeurs de paramètres
echo '<tr class="pg-row">';
echo '<td style="">' . $i . '</td>';
echo '<td id="GreenAPAction' . $i . '" style="">' . $action . '</td>';
echo '<td id="GreenAPStart' . $i . '" style="">' . $start . '</td>';
echo '<td id="GreenAPEnd' . $i . '" style="">' . $end . '</td>';
echo '</tr>';
}
echo '
</tbody>
</table>';
}
}
}
// *************************************************************************************
// rapport d'exécution de la requête
// *************************************************************************************
if ($glb_err) {
echo '<p class="G10RBOLD">Erreur dans le traitement de la requête :</p>' . htmlentities($msg) . "<br />";
} else {
// echo "Requête exécutée avec succès<br />";
}
// fermeture de la connexion à la base
close_mysql_connection();
?>
</BODY>
</HTML>
</form>
</div>
<div class="btn-group" role="group">
<form action="home_details.php" method="get">
<button name="details" type="submit" value="<?php
echo '' . $row[0] . '';
?>
" class="btn btn-success btn-sm">Details</button>
</form>
</div>
</div>
</div>
</div>
</div>
<?php
close_mysql_connection($connection);
?>
</div>
<div class="col-sm-12 col-sm-6 col-md-6">
<?php
//$connection = connect_to_mysql();
//$results = featured_properties($connection); //no longer necessary
if ($results != "") {
$row = mysqli_fetch_array($results);
} else {
echo "<br><br><br><h2>Must enter valid input</h2>";
die;
}
?>
<div class="brdr bgc-fff pad-10 box-shad btm-mrg-20 property-listing" style="overflow:hidden;">
<div class="media">
function contact_requests()
{
$connection = connect_to_mysql();
$query = "SELECT * FROM touched";
$result = mysqli_query($connection, $query);
$row;
$max = mysqli_num_rows($result);
for ($i = 0; $i < $max; $i++) {
mysqli_data_seek($result, $i);
$row = mysqli_fetch_array($result);
echo "<tr>\n";
echo "<td> " . $row['name'] . "</td>\n";
echo "<td> " . $row['email'] . " </td>\n";
echo "<td> " . $row['phone'] . " </td>\n";
echo "<td> " . $row['message'] . " </td>\n";
echo "<td> <a href=\"home_details.php?details=" . $row['idListing'] . "\">Visit listing</a></td>\n";
echo "<td>";
echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">";
echo "<button name=\"idRow\" type=\"submit\" value=\"" . $row['id'] . "\">Remove contact request</button>";
echo "</form>";
echo "</td>\n";
echo "</tr>";
}
close_mysql_connection($connection);
}
echo "DB Problem in deleting unsent sms alert !";
}
} else {
$sms_unsent++;
$query = mysql_query("UPDATE unsend_sms_alert SET sms_status = '{$sms_status}' WHERE id ='{$row_id}';");
}
}
}
// Check for sms status ---------------------------------- ENDED --------------
echo "\n";
echo "--Report---------------------------------\n";
echo "No of Email Sent : " . $email_sent . "\n";
echo "No of SMS Sent : " . $sms_count . "\n";
echo "No of SMS DELVRD : " . $sms_sent . "\n";
echo "No of SMS Not DELVRD : " . $sms_unsent . "\n";
close_mysql_connection($dbhandle);
unlink("/var/lock/skol_sendsms");
echo "Start Time: " . date("Y-M-d H:i:s") . "\n";
echo "SKOL SMS Script Ended --------------------\n";
// SEND EMAIL FUNCTION :
function SEND_EMAIL($to_address, $email_subject, $email_body)
{
$query = mysql_query("insert into send_email (email_id,email_subject,email_body) values ('" . $to_address . "','" . $email_subject . "','" . $email_body . "');");
if ($query != false) {
return true;
}
return false;
}
// SEND SMS FUNCTION :
function SEND_SMS($user_phone, $message_body)
{
function create_user()
{
// hashes the password to store it safely in the DB
$password = password_hash($_POST["InputPW1"], PASSWORD_DEFAULT);
$connection = connect_to_mysql();
// query to create a new user in the DB
$query = "INSERT INTO users (email,password,user_type,zip_code,phone_number,first_name,last_name)";
$query .= "VALUES(";
$query .= "'{$_POST["InputEmail"]}',";
$query .= "'{$password}',";
$query .= "1,";
$query .= "{$_POST["InputZip"]},";
$query .= "'{$_POST["InputPhone"]}',";
$query .= "'{$_POST["InputFirstName"]}',";
$query .= "'{$_POST["InputLastName"]}')";
if (mysqli_query($connection, $query) == FALSE) {
echo "Failed to create user";
}
close_mysql_connection($connection);
}
function check_login_forgot()
{
$original_email = trim($_POST["InputEmail"]);
$clean_email = filter_var($original_email, FILTER_SANITIZE_EMAIL);
$fail = false;
// if email has special characters or doesn't have right format, exit
if ($original_email != $clean_email || !filter_var($original_email, FILTER_VALIDATE_EMAIL)) {
$GLOBALS['emailNotValid'] = true;
$fail = true;
}
// if email is not already registered, exit
$connection = connect_to_mysql();
$query = "SELECT * FROM users WHERE email = '" . $original_email . "'";
$row = mysqli_query($connection, $query);
if (mysqli_num_rows($row) != 1) {
$GLOBALS['emailNotRegistered'] = true;
$fail = true;
}
if (!$fail) {
start_password_recovery($connection, $clean_email);
}
close_mysql_connection($connection);
}