<?php

require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //echo 'OK';
    $asso_partner_name = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_name'])));
    $asso_partner_details = $_POST['asso_partner_details'];
    $asso_partner_contact = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_contact'])));
    $asso_partner_url = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_url'])));
    @($asso_partner_status = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_status']))));
    @($associate_type_id = mysql_real_escape_string(htmlentities(input_validation($_POST['associate_type_id']))));
    @($allow_log = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log']))));
    @($asso_partner_id = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_id']))));
    $img = mysql_real_escape_string(htmlentities(strtolower($_FILES["asso_partner_img"]["name"])));
    //$new_img = md5(time()).'_'.$img;
    //query existing img
    $query = $con->prepare("SELECT asso_partner_img FROM associate_partner WHERE asso_partner_id=:asso_partner_id");
    $query->execute(array(':asso_partner_id' => $asso_partner_id));
    $query = $query->fetch(PDO::FETCH_ASSOC);
    $exist_img = $query['asso_partner_img'];
    ///*
    $img_type = $_FILES["asso_partner_img"]["type"];
    $img_size = $_FILES["asso_partner_img"]["size"];
    $img_tmp = $_FILES["asso_partner_img"]["tmp_name"];
    $tmp_size = filesize($_FILES["asso_partner_img"]["tmp_name"]);
    $img_error = $_FILES["asso_partner_img"]["error"];
    define("MAX_SIZE", "1000");
    //Kb
    $allowedExt = array("png", "jpeg", "jpg", "gif");
    //$extension = strtolower (substr ($img, strpos($img, '.') + 1)); // just show the file extension in lowercase
<?php

require_once '../../core/init.php';
//check for username availability
/*if(isset($_POST['data'])){
		$username = mysql_real_escape_string(htmlentities(input_validation($_POST['data'])));	
		
		if(!empty($username)){
			if(user_exists_reg($con, $username) === true){
				echo 'Opps, the username \''.$username.'\' is already exist.';
			}
		}
	}*/
//check for email availability
if (isset($_POST['data'])) {
    $email = mysql_real_escape_string(htmlentities(input_validation($_POST['data'])));
    if (!empty($email)) {
        if (email_exists($con, $email) === true) {
            echo 'Opps, the email \'' . $email . '\' is already exist.';
        }
    }
}
     }
     //end item insert check
 } else {
     //if article_id not empty
     $update = mysql_query("UPDATE article_mst SET\r\n\t\t\t\t\t\t\t\t\t\tart_cat_id='{$art_cat_id}', a_code='{$a_code}', a_title='{$a_title}', a_desc='{$a_desc}',\r\n\t\t\t\t\t\t\t\t\t\ta_comment='{$a_comment}', a_status='{$a_status}', a_pdate='{$a_pdate}', a_mdate=NOW(), a_img='{$exist_img}' \r\n\t\t\t\t\t\t\t\t\t\tWHERE article_id = '{$article_id}'");
     if (!$update) {
         echo "Opps! Data not updated./e";
     } else {
         $delete_join = mysql_query("DELETE FROM article_dtl WHERE article_id = '{$article_id}'");
         if (!$delete_join) {
             echo 'Opps! join data not deleted';
         } else {
             $values = array();
             foreach ($_POST['ad_head'] as $key => $ad_head) {
                 @($ad_head = mysql_real_escape_string(htmlentities(input_validation($ad_head))));
                 $ad_article = mysql_real_escape_string(htmlentities(input_validation($_POST['ad_article'][$key])));
                 $values[] = "('','{$article_id}','{$ad_head}','{$ad_article}','')";
             }
             //$values = implode(',', $values); //print_r($values);
             $join_query = mysql_query("INSERT INTO article_dtl (art_dtl_id, article_id, ad_head, ad_article, ad_img) \r\n\t\t\t\t\t\t\t\t\t\tVALUES " . implode(',', $values));
             if (!$join_query) {
                 echo "Opps! something was wrong for Inserting join table./e";
             } else {
                 //for user log;
                 if ($allow_log == 1) {
                     $remark = 'Article Updated';
                     insert_user_log($con, $_SESSION['user_id'], 5, REMOTE_IP, $remark);
                 }
                 echo "Data was updated Successful!";
             }
         }
Ejemplo n.º 4
0
<?php

require_once '../../core/init.php';
protect_page();
only_for_admin($con);
$page_code = 162;
//Fixed Page Code
require_once '../../core/page_setup.php';
//require_once '../script/edit_user_script.php'; //script for member page
if (isset($_GET['log_type_id'])) {
    $log_type_id = mysql_real_escape_string(htmlentities(input_validation($_GET['log_type_id'])));
    $query = $con->prepare("SELECT * FROM log_type WHERE log_type_id=:log_type_id");
    $query->execute(array(':log_type_id' => $log_type_id));
    $result = $query->fetch(PDO::FETCH_ASSOC);
    $log_type_name = $result['log_type_name'];
}
require_once '../../includes/all_header.php';
?>
        
     
    <div id="contents_area">        
    	<div class="form_area" style="width:450px; height:420px;">
        	<div class="control_link_style">
            	<a onclick="clearForm();">Refresh</a>        
            </div>
            
        	<div id="tab_manu">
                <ul id="tabs">
                	<li><a href="#log_type_list_view">List View</a></li>
                    <li><a href="#log_type_add_edit">Log type Add/Edit</a></li>                                          
                </ul>
<?php

//require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = mysql_real_escape_string(htmlentities(input_validation($_POST['name'])));
    $email = mysql_real_escape_string(htmlentities(input_validation($_POST['email'])));
    $address = mysql_real_escape_string(htmlentities(input_validation($_POST['address'])));
    $city = mysql_real_escape_string(htmlentities(input_validation($_POST['city'])));
    $state = mysql_real_escape_string(htmlentities(input_validation($_POST['state'])));
    $country = mysql_real_escape_string(htmlentities(input_validation($_POST['country'])));
    $phone = mysql_real_escape_string(htmlentities(input_validation($_POST['phone'])));
    $age = mysql_real_escape_string(htmlentities(input_validation($_POST['age'])));
    $hour_per_week = mysql_real_escape_string(htmlentities(input_validation($_POST['hour_per_week'])));
    $about_your_self = mysql_real_escape_string(htmlentities(input_validation($_POST['about_your_self'])));
    if (!empty($name) && !empty($email) && !empty($city)) {
        //echo 'OK';
        //for imput text validation (if some one brack the maxlenght="" attribute in html), i also restricted in HTML input tag (maxlength=""), the maxlenght is the first validation.
        if (strlen($name) > 50) {
            $errors[] = 'Oppos! Max leangth for Name field was excceded.';
        } elseif (strlen($email) > 100) {
            $errors[] = 'Oppos! Max leangth for Email field was excceded.';
        } elseif (strlen($about_your_self) > 1000) {
            $errors[] = 'Oppos! Max leangth for Message field was excceded.';
        } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $errors[] = 'Your given email \'' . $email . '\' is not valid.';
        } else {
            $to = "rasheed_rabbi@hotmail.com";
            $header = 'Form: hello@servethepeoplebd.org';
            //$header = "Form: contact@edawah.net\r\n";
            //$header .= "Reply-To: ".$email."\r\n";
Ejemplo n.º 6
0
    $edit_search_employer_name = mysql_real_escape_string(htmlentities($_POST['edit_search_employer_name']));
    $query = $con->prepare("SELECT u.user_id, u.role, ed.employer_name \r\n\t\t\t\t\t\t\t\t\tFROM user AS u\r\n\t\t\t\t\t\t\t\t\tINNER JOIN employer_dtl AS ed ON u.user_id = ed.user_id\r\n\t\t\t\t\t\t\t\t\tWHERE u.role=:role AND ed.employer_name LIKE :employer_name LIMIT 20 ");
    //u.role=:role AND
    $query->execute(array(':role' => 2, ':employer_name' => '%' . $edit_search_employer_name . '%'));
    //':role'=> 2,
    //$result = $query->fetch(PDO::FETCH_ASSOC);
    while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
        $results[] = $row['employer_name'];
    }
    echo json_encode($results);
    //*/work without this
}
//search for username from email or date_of_birth (dob)
if (isset($_POST['value_edit_search_employer_email']) && isset($_POST['value_edit_search_employer_name'])) {
    $email = mysql_real_escape_string(htmlentities(input_validation($_POST['value_edit_search_employer_email'])));
    $employer_name = mysql_real_escape_string(htmlentities(input_validation($_POST['value_edit_search_employer_name'])));
    $user_id = get_user_id_from_email($con, $email);
    //single item
    if (!empty($email) && empty($employer_name)) {
        $query = $con->prepare("SELECT * FROM user WHERE user_id=:user_id AND role=:role ORDER BY email ASC");
        $query->execute(array(':user_id' => $user_id, ':role' => 2));
    } elseif (empty($email) && !empty($employer_name)) {
        $query = $con->prepare("SELECT u.user_id, u.email, u.role, u.active, u.user_lock, u.allow_email, u.tac, ed.employer_name\r\n\t\t\t\t\t  FROM user AS u\r\n\t\t\t\t\t  INNER JOIN employer_dtl AS ed ON ed.user_id = u.user_id\r\n\t\t\t\t\t  WHERE role=:role AND ed.employer_name LIKE :employer_name ");
        $query->execute(array(':role' => 2, ':employer_name' => '%' . $employer_name . '%'));
    } elseif (!empty($email) && !empty($employer_name)) {
        $query = $con->prepare("SELECT u.user_id, u.email, u.role, u.active, u.user_lock, u.allow_email, u.tac, ed.employer_name\r\n\t\t\t\t\t  FROM user AS u\r\n\t\t\t\t\t  INNER JOIN employer_dtl AS ed ON ed.user_id = u.user_id\r\n\t\t\t\t\t  WHERE u.user_id=:user_id AND role=:role AND ed.employer_name LIKE :employer_name ");
        $query->execute(array(':user_id' => $user_id, ':role' => 2, ':employer_name' => '%' . $employer_name . '%'));
    } elseif (empty($email) && empty($employer_name)) {
        return false;
    }
    echo '<table class="table">
<?php

require_once '../../core/init.php';
protect_page();
only_for_admin($con);
$page_code = 215;
//Fixed Page Code
require_once '../../core/page_setup.php';
//require_once '../script/attrib_sub_cat_manage_script.php';
//get data
if (isset($_GET['i_sub_cat_id'])) {
    $i_sub_cat_id = mysql_real_escape_string(htmlentities(input_validation($_GET['i_sub_cat_id'])));
    /*$query = $con->prepare("SELECT * FROM item_attribute WHERE i_attrib_id=:i_attrib_id");
    		$query->execute(array(':i_attrib_id'=>$i_attrib_id));
    		$result = $query->fetch(PDO::FETCH_ASSOC);		
    			$attribute_name = $result['attribute_name'];	*/
}
require_once '../../includes/all_header.php';
?>
        
     
    <div id="contents_area">        
        <div class="form_area" style="width:800px; height:430px;">
        	<div class="control_link_style">
            	<a onclick="clearForm();">Refresh</a>        
            </div>
        
        	<div id="tab_manu">
                <ul id="tabs">
                    <li><a href="#list_view">List View</a></li>
                    <li><a href="#add_edit_attrib_sub_cat_manage">Attrib & Sub-category management</a></li>                      
Ejemplo n.º 8
0
$society = new Society();
# We print the societies
$society->print_all_society($connection);
?>
			</div>
			
			<!-- Get details about society -->
			<div id="singlesociety">
				<h3>Find details about a society</h3>
				<form action="" method="post">
					<input type="text" name="onesociety"/>					
					<input type="submit" name="singlesociety"/>					
				</form>
				<?php 
// activate function to get values from the form and validates the values
$validated_array = input_validation();
##################################
# this is for development only
# print_r($validated_array);
# die;
################################
# Print details about selected society
# We test if we got result from the $_POST['onesociety']
if (!empty($validated_array['onesociety'])) {
    $society->get_details_about_selected_society($connection, $validated_array['onesociety']);
}
?>
			</div> <!-- END <div id="singlesociety">  -->
				
			<!-- Shows the families in one society -->	
			<div id="familiesbysociety">
Ejemplo n.º 9
0
function set_post_num_list($varname)
{
    if (!isset($_POST[$varname]) || $_POST[$varname] == '') {
        $return = array();
    } else {
        $return = set_num_array(explode("_", $_POST[$varname]));
    }
    return input_validation($return);
}
Ejemplo n.º 10
0
        $email = input_validation($_POST["email"]);
    }
    if (empty($_POST["password"])) {
        $passwordErr = "Password is required!!!";
        $EmptyErr = true;
    } else {
        $password = input_validation($_POST["password"]);
    }
    if (empty($_POST["confrmpassword"])) {
        $confrmpasswordErr = "Please confirm your password!!!";
        $EmptyErr = true;
    } elseif ($_POST["confrmpassword"] != $password) {
        $confrmpasswordErr = "Your password is not correctly confirmed!!!";
        $passwordconfrmErr = true;
    } else {
        $confrmpassword = input_validation($_POST["confrmpassword"]);
    }
}
function input_validation($input)
{
    $input = trim($input);
    $input = stripcslashes($input);
    $input = htmlspecialchars($input);
    return $input;
}
?>
	
		<form method = "post" action = "register_mysql.php">
			* required
			<br><br>
			Username:<input type = "text" name = "username" value = "<?php 
Ejemplo n.º 11
0
    $i_user_type_id = $item_query['i_user_type_id'];
    $i_img = $item_query['i_img'];
    //query category and sub-category of item
    $item_sub_cat_query = $con->prepare("SELECT isc.i_sub_cat_id, isc.i_cat_id\r\n\t\t\t\t\t\t\t\tFROM item_sub_category AS isc\r\n\t\t\t\t\t\t\t\tINNER JOIN j_item_sub_cat AS jisc ON jisc.i_sub_cat_id = isc.i_sub_cat_id\r\n\t\t\t\t\t\t\t\tWHERE jisc.item_id=:item_id");
    $item_sub_cat_query->execute(array(':item_id' => $item_id));
    $item_sub_cat_query = $item_sub_cat_query->fetch(PDO::FETCH_ASSOC);
    $i_sub_cat_id = $item_sub_cat_query['i_sub_cat_id'];
    //sub-category
    $i_cat_id = $item_sub_cat_query['i_cat_id'];
    //category
    //query item attribute based on sub-category
    $item_attrib_value_query = $con->prepare("SELECT jiav.i_attrib_id, jiav.attribe_value, jiav.attribe_sirial, ia.attribute_name\r\n\t\t\t\t\t\t\t\tFROM j_item_attrib_value AS jiav\r\n\t\t\t\t\t\t\t\tINNER JOIN item_attribute AS ia ON ia.i_attrib_id = jiav.i_attrib_id\r\n\t\t\t\t\t\t\t\tWHERE jiav.item_id=:item_id");
    $item_attrib_value_query->execute(array(':item_id' => $item_id));
    //$item_attrib_value_query = $item_attrib_value_query->fetch(PDO::FETCH_ASSOC);
} elseif (isset($_SESSION['session_item_id'])) {
    @($item_id = mysql_real_escape_string(htmlentities(input_validation($_SESSION['session_item_id']))));
    //query item
    $item_query = $con->prepare("SELECT * FROM item_mst WHERE item_id=:item_id");
    $item_query->execute(array(':item_id' => $item_id));
    $item_query = $item_query->fetch(PDO::FETCH_ASSOC);
    $i_code = $item_query['i_code'];
    $i_name = $item_query['i_name'];
    $i_details = $item_query['i_details'];
    $i_available = $item_query['i_available'];
    $i_price = $item_query['i_price'];
    $i_quantity = $item_query['i_quantity'];
    $brand_id = $item_query['brand_id'];
    $i_user_type_id = $item_query['i_user_type_id'];
    $i_img = $item_query['i_img'];
    //query category and sub-category of item
    $item_sub_cat_query = $con->prepare("SELECT isc.i_sub_cat_id, isc.i_cat_id\r\n\t\t\t\t\t\t\t\tFROM item_sub_category AS isc\r\n\t\t\t\t\t\t\t\tINNER JOIN j_item_sub_cat AS jisc ON jisc.i_sub_cat_id = isc.i_sub_cat_id\r\n\t\t\t\t\t\t\t\tWHERE jisc.item_id=:item_id");
Ejemplo n.º 12
0
date_default_timezone_set('Etc/UTC');
/***
* Cleans email input to prevent spam, etc.
* @param 	$formData 	input date from HTML form
* @return 	trimed, stripped and html special chars removed
*/
function input_validation($formData)
{
    $formData = trim($formData);
    $formData = stripslashes($formData);
    $formData = htmlspecialchars($formData);
    return $formData;
}
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$firstName = input_validation($request->firstName);
$lastName = input_validation($request->lastName);
$email = input_validation($request->email);
$phone = input_validation($request->phoneNumber);
$message = wordwrap("Email from: " . $firstName . " " . $lastName . "<" . $email . ">\r\n" . "Phone: " . $phone . "\r\nMessage:\r\n" . input_validation($request->message), 70, "\r\n");
// $headers = "MIME-Version: 1.0" . "\r\n";
// $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers = "From: <" . $email . ">" . "\r\n";
$headers .= "Reply-to: " . $email . "\r\n";
$headers .= "X-Mailer: PHP/" . phpversion();
if (mail("krisjbyrum@gmail.com", "Message from Portfolio Website", $message)) {
    echo "Successful sending";
} else {
    echo "Sorry. Something went wrong.";
}
return;
Ejemplo n.º 13
0
<?php

require_once '../../core/init.php';
//Delete User from edit_user form
if (isset($_POST['delete_user_id'])) {
    //if(isset($_POST['term'])){ //where 'term' is the default keyword in jquery autocomplete api
    $delete_user_id = mysql_real_escape_string(htmlentities(input_validation($_POST['delete_user_id'])));
    //use for get role and also log
    $query = $con->prepare("SELECT email, role FROM user WHERE user_id=:user_id");
    $query->execute(array(':user_id' => $delete_user_id));
    $result = $query->fetch(PDO::FETCH_ASSOC);
    $get_email = $result['email'];
    $get_role = $result['role'];
    if (!empty($get_email)) {
        //delete query
        $delete = $con->prepare("DELETE FROM user where user_id=:user_id");
        $delete = $delete->execute(array(':user_id' => $delete_user_id));
        if ($delete) {
            if ($get_role == 1) {
                $query = $con->prepare("SELECT admin_img FROM admin_dtl WHERE user_id=:user_id");
                $query->execute(array(':user_id' => $delete_user_id));
                $result = $query->fetch(PDO::FETCH_ASSOC);
                $get_img = $result['admin_img'];
                if ($get_img) {
                    @unlink('../../files/profile/' . $get_img);
                    //delete img
                    $delete_dtl = $con->prepare("DELETE FROM admin_dtl where user_id=:user_id");
                    $delete_dtl->execute(array(':user_id' => $delete_user_id));
                }
            } elseif ($get_role == 2) {
                $query = $con->prepare("SELECT employer_img FROM employer_dtl WHERE user_id=:user_id");
<?php

require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //echo 'OK';
    $p_code = mysql_real_escape_string(htmlentities(input_validation($_POST['p_code'])));
    $page_name = mysql_real_escape_string(htmlentities(input_validation($_POST['page_name'])));
    $title = mysql_real_escape_string(htmlentities(input_validation($_POST['title'])));
    $keywords = mysql_real_escape_string(htmlentities(input_validation($_POST['keywords'])));
    $page_desc = mysql_real_escape_string(htmlentities(input_validation($_POST['page_desc'])));
    @($allow_log_value = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log_value']))));
    @($allow_log = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log']))));
    @($page_id = mysql_real_escape_string(htmlentities(input_validation($_POST['page_id']))));
    if (!empty($page_name) && !empty($title) && !empty($p_code)) {
        if (empty($page_id)) {
            $insert = mysql_query("INSERT INTO page_setup VALUES ('','{$p_code}','{$page_name}','{$title}','{$keywords}','{$page_desc}', '{$allow_log_value}')");
            $last_insert_id = mysql_insert_id();
            if (!$insert) {
                echo "Opps! Data not inserted./e";
            } else {
                //for user log;
                if ($allow_log == 1) {
                    $remark = 'Page Information added for \'' . display_page_name_from_page_id($con, $last_insert_id) . '\'.';
                    insert_user_log($con, $_SESSION['user_id'], 4, REMOTE_IP, $remark);
                }
                echo "Data was inserted Successful!";
            }
        } else {
            $update = mysql_query("UPDATE page_setup SET p_code='{$p_code}', page_desc='{$page_desc}', page_name = '{$page_name}', \r\n\t\t\t\t\t\t\t\t\t\ttitle = '{$title}', keywords='{$keywords}', allow_log='{$allow_log_value}' \r\n\t\t\t\t\t\t\t\t\t\tWHERE page_id  = '{$page_id}'");
            if (!$update) {
Ejemplo n.º 15
0
<?php

//require_once '../../core/init.php'; //not use for this action without jquery
// Login Script (function use from user.php)
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = mysql_real_escape_string(htmlentities(input_validation($_POST['username'])));
    //@$pin = mysql_real_escape_string(htmlentities(input_validation($_POST['pin'])));
    $password = mysql_real_escape_string(htmlentities(input_validation($_POST['password'])));
    $password_md5 = md5($password);
    @($remember_me = mysql_real_escape_string(htmlentities(input_validation($_POST['remember_me']))));
    if (!empty($username) && !empty($password)) {
        if (user_exists($con, $username) === false) {
            //$con is PDO connection variable
            $errors[] = 'We can\'t find your Username';
        } elseif (user_active($con, $username, $password_md5) === false) {
            //echo 'You haven\'t activated your account.';
            $errors[] = 'Your account isn\'t active. Please contact with administrator.';
        } elseif (user_lock($con, $username, $password_md5) === false) {
            //echo 'You account is Locked, Please contact with admin.';
            $errors[] = 'You account is Locked, Please contact with administrator.';
        } else {
            $login = login($con, $username, $password_md5);
            if ($login === false) {
                //if login return false
                //echo 'Your Username / Password combination is incorrect.';
                $errors[] = 'Your Username / Password combination is incorrect.';
            } else {
                $_SESSION['user_id'] = $login;
                session_regenerate_id();
                //creates a new unique-ID for to represent the current user’s session.
                //for login user log;
Ejemplo n.º 16
0
 function import_netscape()
 {
     while (!feof($this->fp)) {
         $line = trim(fgets($this->fp));
         # netscape seems to store html encoded values
         $line = html_entity_decode($line, ENT_QUOTES, $this->charset);
         # a folder has been found
         if (preg_match("/<DT><H3/", $line)) {
             $this->name_folder = input_validation(preg_replace("/^( *<DT><[^>]*>)([^<]*)(.*)/", "\\2", $line), $this->charset);
             $this->folder_new();
         } else {
             if (preg_match("/<DT><A/", $line)) {
                 $this->name_bookmark = input_validation(preg_replace("/^( *<DT><[^>]*>)([^<]*)(.*)/", "\\2", $line), $this->charset);
                 $this->url = input_validation(preg_replace("/([^H]*HREF=\")([^\"]*)(\".*)/", "\\2", $line), $this->charset);
                 $this->bookmark_new();
                 $insert_id = mysql_insert_id();
             } else {
                 if (preg_match("/<DD>*/", $line)) {
                     if (isset($insert_id)) {
                         $this->description = input_validation(preg_replace("/^( *<DD>)(.*)/", "\\2", $line), $this->charset);
                         $query = sprintf("UPDATE bookmark SET description='%s' WHERE id='%d' and user='%s'", $this->mysql->escape($this->description), $this->mysql->escape($insert_id), $this->mysql->escape($this->username));
                         @$this->mysql->query($query);
                         unset($this->description);
                         unset($insert_id);
                     }
                 } else {
                     if ($line == "</DL><p>") {
                         $this->folder_close();
                     }
                 }
             }
         }
     }
 }
 $user_name = mysql_real_escape_string(htmlentities(input_validation($_POST['user_name'])));
 $username = mysql_real_escape_string(htmlentities(input_validation($_POST['username'])));
 $email = mysql_real_escape_string(htmlentities(input_validation($_POST['email'])));
 $password = mysql_real_escape_string(htmlentities(input_validation($_POST['password'])));
 $password_again = mysql_real_escape_string(htmlentities(input_validation($_POST['password_again'])));
 $dob = mysql_real_escape_string(htmlentities(input_validation($_POST['dob'])));
 $dob = date('Y-m-d', strtotime($dob));
 $user_contact = mysql_real_escape_string(htmlentities(input_validation($_POST['user_contact'])));
 $user_address = mysql_real_escape_string(htmlentities(input_validation($_POST['user_address'])));
 $user_desc = mysql_real_escape_string(htmlentities(input_validation($_POST['user_desc'])));
 @($active = mysql_real_escape_string(htmlentities(input_validation($_POST['active']))));
 @($user_lock = mysql_real_escape_string(htmlentities(input_validation($_POST['user_lock']))));
 @($allow_email = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_email']))));
 @($tac = mysql_real_escape_string(htmlentities(input_validation($_POST['tac']))));
 @($allow_log = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log']))));
 @($send_email = mysql_real_escape_string(htmlentities(input_validation($_POST['send_email']))));
 //$user_img = mysql_real_escape_string(htmlentities(input_validation($_POST['user_img'])));
 $img = mysql_real_escape_string(htmlentities(strtolower($_FILES["user_img"]["name"])));
 //$new_img = md5(time()).'_'.$img; //generate unique name converting timestam into md5 hash
 ///*
 $img_type = $_FILES["user_img"]["type"];
 $img_size = $_FILES["user_img"]["size"];
 $img_tmp = $_FILES["user_img"]["tmp_name"];
 $tmp_size = filesize($_FILES["user_img"]["tmp_name"]);
 $img_error = $_FILES["user_img"]["error"];
 define("MAX_SIZE", "1000");
 //Kb
 $allowedExt = array("png", "jpeg", "jpg", "gif");
 //$extension = strtolower (substr ($img, strpos($img, '.') + 1)); // just show the file extension in lowercase
 $temp = explode(".", $_FILES["user_img"]["name"]);
 $extension = end($temp);
Ejemplo n.º 18
0
<?php

require_once '../../core/init.php';
protect_page();
only_for_admin($con);
$page_code = 203;
//Fixed Page Code
require_once '../../core/page_setup.php';
//require_once '../script/article_mst_script.php'; //script for article mst
if (isset($_GET['article_id'])) {
    $article_id = mysql_real_escape_string(htmlentities(input_validation($_GET['article_id'])));
    $query = mysql_fetch_array(mysql_query("SELECT * FROM article_mst WHERE article_id = '{$article_id}'"));
    $art_cat_id = $query['art_cat_id'];
    $a_code = $query['a_code'];
    $a_title = $query['a_title'];
    $a_desc = $query['a_desc'];
    $a_pdate = $query['a_pdate'];
    $a_comment = $query['a_comment'];
    $a_status = $query['a_status'];
    $file_name = $query['a_img'];
}
require_once '../../includes/all_header.php';
?>
        
     
    <div id="contents_area">
    	<div class="form_area" style="width:700px; height:480px;">
        	<div class="control_link_style">
            	<a onclick="clearForm();">Refresh</a>        
            </div>
        
Ejemplo n.º 19
0
    $user_log_s_email = mysql_real_escape_string(htmlentities($_POST['user_log_s_email']));
    $query = $con->prepare("SELECT email FROM user WHERE email LIKE :email LIMIT 20 ");
    $query->execute(array(':email' => '%' . $user_log_s_email . '%'));
    //$result = $query->fetch(PDO::FETCH_ASSOC);
    while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
        $results[] = $row['email'];
    }
    echo json_encode($results);
    //*/work without this
}
//search for username from email or date_of_birth (dob)
if (isset($_POST['user_log_email']) && isset($_POST['select_log_type']) && isset($_POST['user_log_start_date']) && isset($_POST['user_log_end_date'])) {
    $email = mysql_real_escape_string(htmlentities(input_validation($_POST['user_log_email'])));
    $log_type = mysql_real_escape_string(htmlentities(input_validation($_POST['select_log_type'])));
    $start_date = mysql_real_escape_string(htmlentities(input_validation($_POST['user_log_start_date'])));
    $end_date = mysql_real_escape_string(htmlentities(input_validation($_POST['user_log_end_date'])));
    $user_id = get_user_id_from_email($con, $email);
    //single item
    if (!empty($email) && empty($log_type) && empty($start_date) && empty($end_date)) {
        $query = $con->prepare("SELECT * FROM user_log WHERE user_id=:user_id ORDER BY datetime DESC");
        $query->execute(array(':user_id' => $user_id));
    } elseif (empty($email) && !empty($log_type) && empty($start_date) && empty($end_date)) {
        $query = $con->prepare("SELECT * FROM user_log WHERE log_type=:log_type ORDER BY datetime DESC");
        $query->execute(array(':log_type' => $log_type));
    } elseif (empty($email) && empty($log_type) && !empty($start_date) && empty($end_date)) {
        $query = $con->prepare("SELECT * FROM user_log WHERE datetime LIKE :datetime ORDER BY datetime DESC");
        $query->execute(array(':datetime' => '%' . $start_date . '%'));
    } elseif (empty($email) && empty($log_type) && empty($start_date) && !empty($end_date)) {
        $query = $con->prepare("SELECT * FROM user_log WHERE datetime LIKE :datetime ORDER BY datetime DESC");
        $query->execute(array(':datetime' => '%' . $end_date . '%'));
    } elseif (!empty($email) && !empty($log_type) && empty($start_date) && empty($end_date)) {
Ejemplo n.º 20
0
<?php

//require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $visitor_name = mysql_real_escape_string(htmlentities(input_validation($_POST['visitor_name'])));
    $visitor_email = mysql_real_escape_string(htmlentities(input_validation($_POST['visitor_email'])));
    $visitor_contact = mysql_real_escape_string(htmlentities(input_validation($_POST['visitor_contact'])));
    $email_subject = mysql_real_escape_string(htmlentities(input_validation($_POST['email_subject'])));
    $visitor_message = mysql_real_escape_string(htmlentities(input_validation($_POST['visitor_message'])));
    if (!empty($visitor_name) && !empty($visitor_email) && !empty($email_subject) && !empty($visitor_message)) {
        //echo 'OK';
        //for imput text validation (if some one brack the maxlenght="" attribute in html), i also restricted in HTML input tag (maxlength=""), the maxlenght is the first validation.
        if (strlen($visitor_name) > 40) {
            $errors[] = 'Oppos! Max leangth for Name field was excceded.';
        } elseif (strlen($visitor_email) > 100) {
            $errors[] = 'Oppos! Max leangth for Email field was excceded.';
        } elseif (strlen($email_subject) > 150) {
            $errors[] = 'Oppos! Max leangth for Subject field was excceded.';
        } elseif (strlen($visitor_message) > 1000) {
            $errors[] = 'Oppos! Max leangth for Message field was excceded.';
        } elseif (!filter_var($visitor_email, FILTER_VALIDATE_EMAIL)) {
            $errors[] = 'Your given email \'' . $visitor_email . '\' is not valid.';
        } else {
            $to = COMPANY_CONTACT_EMAIL;
            $header = 'Form: ' . $visitor_email;
            $email_subject = $email_subject;
            $body = $visitor_message . "\n\n" . $visitor_name . "\n" . $visitor_contact . "\n" . $visitor_email;
            if (mail($to, $email_subject, $body, $header)) {
                $_SESSION['contact_form_email'] = $to;
                //for success contact check
<?php

require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $ac_name = mysql_real_escape_string(htmlentities(input_validation($_POST['ac_name'])));
    $ac_code = mysql_real_escape_string(htmlentities(input_validation($_POST['ac_code'])));
    @($art_cat_id = mysql_real_escape_string(htmlentities(input_validation($_POST['art_cat_id']))));
    @($allow_log = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log']))));
    if (!empty($ac_name) && !empty($ac_code)) {
        $preg_ac_name = preg_match("/^[a-zA-Z 0-9.',-]*\$/", $ac_name);
        if (!$preg_ac_name) {
            echo "Opps! Something was wrong with Award type value./e";
        } else {
            if (empty($art_cat_id)) {
                $insert_query = mysql_query("INSERT INTO article_category VALUES ('','{$ac_name}', '{$ac_code}')");
                if (!$insert_query) {
                    echo "Opps! Data not inserted./e";
                } else {
                    //for user log;
                    if ($allow_log == 1) {
                        $remark = 'New article category added';
                        insert_user_log($con, $_SESSION['user_id'], 4, REMOTE_IP, $remark);
                    }
                    echo "Data was inserted Successful!";
                }
            } else {
                $update_query = mysql_query("UPDATE article_category SET ac_name = '{$ac_name}', ac_code='{$ac_code}' WHERE art_cat_id = '{$art_cat_id}'");
                if (!$update_query) {
                    echo "Opps! Data not updated./e";
                } else {
Ejemplo n.º 22
0
<?php

//recover script for both Username And Password
//$email = ''; //for declar global variable
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $email = mysql_real_escape_string(htmlentities(input_validation($_POST['email'])));
    $type = mysql_real_escape_string(htmlentities(input_validation($_GET['type'])));
    $type_allowed = array('ForgotPassword');
    if (isset($type) === true && in_array($type, $type_allowed) === true) {
        if (empty($email) === true) {
            $errors[] = 'You need to enter your email address which you have used for Signup';
        } elseif (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
            $errors[] = 'A valid email addres is required.';
        }
        if (email_exists($con, $email) === false) {
            $errors[] = 'Oops, we can\'t recognize you. Please try again';
        } else {
            recover($con, $email, $type);
            // same function user for recover both Username And Password
            $_SESSION['recover_password_email'] = $email;
            //for success message check
            //for Logout user log;
            $remark = 'Recover login details.';
            insert_user_log($con, user_id_from_email($con, $email), 9, REMOTE_IP, $remark);
            if ($_GET['type'] == 'ForgotPassword') {
                header('Location: auth.php?type=ForgotPassword&Success');
                exit;
            }
        }
    }
    //array check
Ejemplo n.º 23
0
<?php

require_once '../../core/init.php';
protect_page();
only_for_admin($con);
$page_code = 216;
//Fixed Page Code
require_once '../../core/page_setup.php';
//get data
if (isset($_GET['brand_id'])) {
    $brand_id = mysql_real_escape_string(htmlentities(input_validation($_GET['brand_id'])));
    $query = $con->prepare("SELECT * FROM item_brand WHERE brand_id=:brand_id");
    $query->execute(array(':brand_id' => $brand_id));
    $result = $query->fetch(PDO::FETCH_ASSOC);
    $brand_name = $result['brand_name'];
    $brand_details = $result['brand_details'];
    $brand_img = $result['brand_img'];
}
require_once '../../includes/all_header.php';
?>
        
     
    <div id="contents_area">        
        <div class="form_area" style="width:450px; height:430px;">
        	<div class="control_link_style">
            	<a onclick="clearForm();">Refresh</a>        
            </div>
        
        	<div id="tab_manu">
                <ul id="tabs">
                    <li><a href="#list_view">Brand List</a></li>
Ejemplo n.º 24
0
<?php

require_once '../core/init.php';
$auth_value = array('AdminDashboard');
$auth_type = htmlentities(input_validation($_GET['type']));
if (isset($_GET['type']) === true && $auth_type == 'AdminDashboard') {
    require_once 'AuthAdmin/admin.php';
} elseif (isset($_GET['type']) === true && !in_array($auth_type, $auth_value)) {
    //session_start();
    //define("HOST_NAME", $_SERVER['SERVER_NAME']);
    //header('Location: http://'.HOST_NAME.'/index.php');
    //header('Location: '.AUTH_PAGE.'?type=not_found');
    header('Location: ' . NOT_FOUND_PAGE);
} else {
    header('Location: http://' . HOST_NAME . '/index.php');
}
?>