// INFO REPONSES $comments = getComments($id); $contents['comments'] = $comments; // FIN INFO REPONSES if (connected()) { $id_user = $_SESSION['id']; $userDetails = getUserDetails($id_user)['pseudo']; $contents['pseudo1'] = $userDetails; $userImage = getImages($id_user); $contents['lien1'] = $userImage['lien']; } /**** Préparation de la vue ****/ $title = $titre['titre']; $styles = ['forum.css', 'search.css']; /**** Affichage de la page ****/ //Appel de la vue : if (empty($_POST)) { // Le formulaire n'a pas été rempli vue(['sujet'], $styles, $title, $contents); } else { if ($_POST['contenu']) { if (connected()) { insertMessage($_POST['contenu'], $id, $id_user); header('Location: ' . getLink(['forum', 'sujet', $id, 0])); exit; } } else { alert('error', 'Vous n\'avez rien écrit !'); vue(['sujet'], $styles, $title, $contents); } }
$path = sendMessage($from, $to, array()); if (count($path) == 0) { if ($from == $to) { insertMessage($from, $to, $message, "received"); echo "received"; } else { $path = sendMessageIgnoreInactive($from, $to, array()); echo json_encode($path); } } else { // if($from==$to){ // insertMessage($from,$to,$message,"received"); // echo "received"; // }else { echo json_encode($path); // } } } else { if ($type == "second") { $path = sendMessage($from, $to, array()); if (count($path) == 0) { echo "blocked"; } else { echo json_encode($path); } } else { if ($type == "third") { insertMessage($from, $to, $message, "received"); } } }
insertComment($comment, $sender, $receiver, $postid); } } else { //Get comments petition getPostComments($postid); } } else { //We know It is a chat message if (isset($_POST["check"])) { //Get chat messages getChatMessages($sender, $receiver); } else { //Here, We insert a new chat message $message = $_POST["message"]; if (checkSQLInjection($message)) { insertMessage($message, $sender, $receiver); } } } function checkSQLInjection($data) { $input = strtolower($data); if (strpos($input, 'select') !== 0 and strpos($input, 'alter table') !== 0 and strpos($input, 'update') !== 0 and strpos($input, 'delete') !== 0 and strpos($input, 'insert into') !== 0) { return 1; } else { return 0; } } function insertMessage($message, $sender, $receiver) { $conn = mysqli_connect("localhost", "adminID5Rju3", "Rz5h2JWnm4xd", "tweb");
die("Error: " . mysql_error()); } else { return $res; } } /****************************** MANAGE REQUESTS /******************************/ if (!$_POST['action']) { //We are redirecting people to the welcome page if they try to enter in our shoutbox.php header("Location: welcome.php"); } else { $link = connect(HOST, USER, PASSWORD); switch ($_POST['action']) { case "update": $res = getContent($link, 20); while ($row = mysql_fetch_array($res)) { if ($row['user'] == "Roobarb_admin") { $result .= "<li><strong><span style='color:red'>Roobarb</span></strong><img src=\"css/img_shoutbox/bullet.gif\" alt=\"-\" />" . $row['message'] . " <span class=\"date\">(" . $row['date'] . ")</span></li>"; } else { $result .= "<li><strong>" . $row['user'] . "</strong><img src=\"css/img_shoutbox/bullet.gif\" alt=\"-\" />" . $row['message'] . " <span class=\"date\">(" . $row['date'] . ")</span></li>"; } } echo $result; break; case "insert": echo insertMessage($_POST['nick'], $_POST['message']); break; } mysql_close($link); }
function blockMessage($from, $to, $messageContext, $state) { insertMessage($from, $to, $messageContext, $state); }
</div> <table> <tr><td colspan='2' align='center'> <?php if (isset($_POST["textAreaRecipient"]) && $_POST["textAreaRecipient"] == "") { ?> <script type="text/javascript"> alert('Recipient field mustn\'t be empty!'); </script> <?php } else { if (isset($_POST["textAreaRecipient"]) && $_POST["textAreaRecipient"] != "") { try { connectToDatabase(); if (insertMessage($_POST["textAreaRecipient"], "SMS:TEXT", $_POST["textAreaMessage"])) { ?> <script type="text/javascript"> alert('Insert was successful!'); </script> <?php } closeConnection(); } catch (Exception $exc) { ?> <script type="text/javascript"> alert('Error !'); </script> <?php
$baseurl = $user_row["baseurl"]; $fee = $user_row["fee"]; $amount = '0'; if ($fee == "100") { $amount = '8'; } elseif ($fee == "600") { $amount = '120'; } elseif ($fee == "1200") { $amount = '288'; } elseif ($fee == "3000") { $amount = '780'; } elseif ($fee == "6800") { $amount = '2040'; } elseif ($fee == "12800") { $amount = '4608'; } else { $amount = '' . intval($fee) / 10; } $message = array('SEND_USER_ID' => 0, 'RECEIVE_USER_ID' => $user_id, 'GIFT_TYPE' => 1, 'AMOUNT' => $amount, 'TEXT_ID' => 1000); $dp_ip = ""; if ($baseurl == "itofdp4.miyigame.com:40002") { $dp_ip = "192.168.169.66"; } elseif ($baseurl == "itofdp5.miyigame.com:40003") { $dp_ip = "192.168.169.68"; } elseif ($baseurl == "itofdp6.miyigame.com:40004") { $dp_ip = "192.168.169.69"; } print_r($dp_ip . "\r\n"); insertMessage($dp_ip, $message); return; }
<?php include "files_inc.php"; include "functions.php"; //Send message to ozekimessageout table //Retrieve records once appointment is due $sql = "SELECT patient.lname,patient.fname,patient.patientId,patient.phone,patient_appointment.visit_date," . "patient_appointment.visit_time,patient_appointment.purpose " . "FROM patient INNER JOIN patient_appointment USING (patientId)" . "WHERE DATE(visit_date) =DATE(NOW())+1 " . "AND status = 'Alertpending' "; $results = mysql_query($sql) or die(mysql_error()); while ($row = mysql_fetch_assoc($results)) { //specify what to have in ozekimessageout table $id = $row['patientId']; $status = "send"; $msgtype = "SMS:TEXT"; $receiver = $row['phone']; $msg = "Hi {$row['lname']}, this is to notify you to attend {$row['purpose']} at {$row['visit_time']} on {$row['visit_date']}. Anti-Retroviral Therapy Program. Thank You."; //insertMessage($receiver,$msg,$status); insertMessage($receiver, $msgtype, $msg, $status); $update = mysql_query("UPDATE patient_appointment SET status = 'Alertdelivered' WHERE patientId='{$id}'") or die("Could not change status!"); } //Section to restrict sent messages seen by administrators depending on their access levels $sql = "SELECT * FROM user WHERE id='" . $_SESSION['user'] . "'"; $result = mysql_query($sql) or die(mysql_error()); while ($row = mysql_fetch_assoc($result)) { $access_lvl = $row['access_lvl']; } //Display messages sent $header = <<<HAH <h2>Message Log</h2> <table width=85% border="1" cellpadding="2" cellspacing="2" > <tr> <th>No.</th> <th>Receiver</th>
function blockMessage($from, $to, $messageContext) { insertMessage($from, $to, $messageContext, "received"); }