function get_user_data()
{
    $connection = connect_to_mysql();
    $query = "SELECT * FROM users WHERE email = '";
    $query .= $_SESSION["email"] . "'";
    $result = mysqli_query($connection, $query);
    $row = mysqli_fetch_array($result);
    if ($row != false) {
        close_mysql_connection($connection);
        return $row;
    }
}
function check_change_password()
{
    $fail = false;
    //if old password is incorrect, exit
    $connection = connect_to_mysql();
    $query = "SELECT * FROM users WHERE email = '" . $_SESSION['email'] . "' AND password = '******'";
    $row = mysqli_query($connection, $query);
    if (mysqli_num_rows($row) != 1) {
        $GLOBALS['oldPasswordIncorrect'] = true;
        $fail = true;
    }
    // if password contains special characters, exit
    if (!filter_var($_POST["InputPW1"], FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => "/^[a-zA-Z0-9_]*\$/")))) {
        $GLOBALS['passwordNotValid'] = true;
        $fail = true;
    }
    //if passwords do not match, exit
    if ($_POST["InputPW1"] != $_POST["InputPW2"]) {
        $GLOBALS['passwordNotMatch'] = true;
        $fail = true;
    }
    if (!$fail) {
        start_password_change($connection);
    }
    close_mysql_connection($connection);
}
function input_listing($connection)
{
    //$connection = connect_to_mysql(); $maprice = filter_input(INPUT_POST, "maxprice", FILTER_VALIDATE_INT);
    $description = filter_input(INPUT_POST, "description", FILTER_SANITIZE_STRING);
    $address = filter_input(INPUT_POST, "address", FILTER_SANITIZE_STRING);
    $zip_code = filter_input(INPUT_POST, "zipcode", FILTER_VALIDATE_INT);
    $city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING);
    $us_state = filter_input(INPUT_POST, "us_state", FILTER_SANITIZE_STRING);
    $price = filter_input(INPUT_POST, "price", FILTER_VALIDATE_INT);
    $sq_ft = filter_input(INPUT_POST, "sq_ft", FILTER_VALIDATE_INT);
    $num_bedrooms = filter_input(INPUT_POST, "num_bedrooms", FILTER_VALIDATE_INT);
    $num_bathrooms = filter_input(INPUT_POST, "num_bathrooms", FILTER_VALIDATE_INT);
    $num_garages = filter_input(INPUT_POST, "num_garages", FILTER_VALIDATE_INT);
    $target_id_query = "Select id from listings Where id<(select max(Id) from listings)\n\t\torder by id desc limit 1";
    $result = mysqli_query($connection, $target_id_query);
    $row = mysqli_fetch_array($result);
    echo $row[0];
    //$target_dir = $target_dir . basename(($_FILES["uploadFile"]["name"]));
    $w_address = $address . ", " . $city . ", " . $us_state;
    $walkscore = get_walkscore($w_address);
    $uploadOk = 1;
    $i = 1;
    while ($i < count($_FILES) + 1) {
        $target_dir = "./assets/home_images/home" . ((int) $row[0] + 2) . "/small/home" . ((int) $row[0] + 2) . "_" . $i . ".jpg";
        if (move_uploaded_file($_FILES["image" . $i]["tmp_name"], $target_dir)) {
            ${'image' . $i} = "home" . ((int) $row[0] + 2) . "_" . $i . ".jpg";
            echo "The file " . basename($_FILES["image" . $i]["name"]) . " has been uploaded.\n";
        } else {
            echo "Sorry, there was an error uploading your file.";
            $i++;
        }
        $i++;
    }
    $query = "INSERT INTO listings (description, address, zip_code, city, us_state, price, sq_ft, num_bedrooms, num_bathrooms, num_garages, image1, image2, image3, walk_score)";
    $query .= "VALUES('{$description}', '{$address}', '{$zip_code}', '{$city}', '{$us_state}', '{$price}', '{$sq_ft}', '{$num_bedrooms}', '{$num_bathrooms}', '{$num_garages}', '{$image1}', '{$image2}', '{$image3}', '{$walkscore}')";
    if (!mysqli_query($connection, $query)) {
        die('Error: ' . mysqli_error($connection));
    }
    echo "1 record added";
    close_mysql_connection($connection);
}
Ejemplo n.º 4
0
                    $end = $plan['end'];
                }
                // affichage des valeurs de paramètres
                echo '<tr class="pg-row">';
                echo '<td style="">' . $i . '</td>';
                echo '<td id="GreenAPAction' . $i . '" style="">' . $action . '</td>';
                echo '<td id="GreenAPStart' . $i . '" style="">' . $start . '</td>';
                echo '<td id="GreenAPEnd' . $i . '" style="">' . $end . '</td>';
                echo '</tr>';
            }
            echo '
				</tbody>
			</table>';
        }
    }
}
// *************************************************************************************
// rapport d'exécution de la requête
// *************************************************************************************
if ($glb_err) {
    echo '<p class="G10RBOLD">Erreur dans le traitement de la requ&ecirc;te :</p>' . htmlentities($msg) . "<br />";
} else {
    //	echo "Requ&ecirc;te ex&eacute;cut&eacute;e avec succ&egrave;s<br />";
}
// fermeture de la connexion à la base
close_mysql_connection();
?>

</BODY>  
</HTML>  
                                            </form>
                                        </div>
                                        <div class="btn-group" role="group">
                                            <form action="home_details.php" method="get">
                                                <button name="details" type="submit" value="<?php 
echo '' . $row[0] . '';
?>
" class="btn btn-success btn-sm">Details</button>
                                            </form>
                                        </div>
                                    </div>
                                </div>
                            </div>
                        </div>
                        <?php 
close_mysql_connection($connection);
?>
                    </div>
                    <div class="col-sm-12 col-sm-6 col-md-6">
                        <?php 
//$connection = connect_to_mysql();
//$results = featured_properties($connection); //no longer necessary
if ($results != "") {
    $row = mysqli_fetch_array($results);
} else {
    echo "<br><br><br><h2>Must enter valid input</h2>";
    die;
}
?>
                        <div class="brdr bgc-fff pad-10 box-shad btm-mrg-20 property-listing" style="overflow:hidden;">
                            <div class="media">
function contact_requests()
{
    $connection = connect_to_mysql();
    $query = "SELECT * FROM touched";
    $result = mysqli_query($connection, $query);
    $row;
    $max = mysqli_num_rows($result);
    for ($i = 0; $i < $max; $i++) {
        mysqli_data_seek($result, $i);
        $row = mysqli_fetch_array($result);
        echo "<tr>\n";
        echo "<td> " . $row['name'] . "</td>\n";
        echo "<td> " . $row['email'] . " </td>\n";
        echo "<td> " . $row['phone'] . " </td>\n";
        echo "<td> " . $row['message'] . " </td>\n";
        echo "<td> <a href=\"home_details.php?details=" . $row['idListing'] . "\">Visit listing</a></td>\n";
        echo "<td>";
        echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">";
        echo "<button name=\"idRow\" type=\"submit\" value=\"" . $row['id'] . "\">Remove contact request</button>";
        echo "</form>";
        echo "</td>\n";
        echo "</tr>";
    }
    close_mysql_connection($connection);
}
Ejemplo n.º 7
0
                echo "DB Problem in deleting unsent sms alert !";
            }
        } else {
            $sms_unsent++;
            $query = mysql_query("UPDATE unsend_sms_alert SET sms_status = '{$sms_status}' WHERE id ='{$row_id}';");
        }
    }
}
// Check for sms status ---------------------------------- ENDED --------------
echo "\n";
echo "--Report---------------------------------\n";
echo "No of Email Sent     : " . $email_sent . "\n";
echo "No of SMS Sent       : " . $sms_count . "\n";
echo "No of SMS DELVRD     : " . $sms_sent . "\n";
echo "No of SMS Not DELVRD : " . $sms_unsent . "\n";
close_mysql_connection($dbhandle);
unlink("/var/lock/skol_sendsms");
echo "Start Time: " . date("Y-M-d H:i:s") . "\n";
echo "SKOL SMS Script Ended --------------------\n";
// SEND EMAIL FUNCTION :
function SEND_EMAIL($to_address, $email_subject, $email_body)
{
    $query = mysql_query("insert into send_email (email_id,email_subject,email_body) values ('" . $to_address . "','" . $email_subject . "','" . $email_body . "');");
    if ($query != false) {
        return true;
    }
    return false;
}
// SEND SMS FUNCTION :
function SEND_SMS($user_phone, $message_body)
{
function create_user()
{
    // hashes the password to store it safely in the DB
    $password = password_hash($_POST["InputPW1"], PASSWORD_DEFAULT);
    $connection = connect_to_mysql();
    // query to create a new user in the DB
    $query = "INSERT INTO users (email,password,user_type,zip_code,phone_number,first_name,last_name)";
    $query .= "VALUES(";
    $query .= "'{$_POST["InputEmail"]}',";
    $query .= "'{$password}',";
    $query .= "1,";
    $query .= "{$_POST["InputZip"]},";
    $query .= "'{$_POST["InputPhone"]}',";
    $query .= "'{$_POST["InputFirstName"]}',";
    $query .= "'{$_POST["InputLastName"]}')";
    if (mysqli_query($connection, $query) == FALSE) {
        echo "Failed to create user";
    }
    close_mysql_connection($connection);
}
function check_login_forgot()
{
    $original_email = trim($_POST["InputEmail"]);
    $clean_email = filter_var($original_email, FILTER_SANITIZE_EMAIL);
    $fail = false;
    // if email has special characters or doesn't have right format, exit
    if ($original_email != $clean_email || !filter_var($original_email, FILTER_VALIDATE_EMAIL)) {
        $GLOBALS['emailNotValid'] = true;
        $fail = true;
    }
    // if email is not already registered, exit
    $connection = connect_to_mysql();
    $query = "SELECT * FROM users WHERE email = '" . $original_email . "'";
    $row = mysqli_query($connection, $query);
    if (mysqli_num_rows($row) != 1) {
        $GLOBALS['emailNotRegistered'] = true;
        $fail = true;
    }
    if (!$fail) {
        start_password_recovery($connection, $clean_email);
    }
    close_mysql_connection($connection);
}