define('MyPHPForum', true);
include 'mysql.php';
include 'config.inc.php';
//include("includes/fonction.sys.php");
include 'fonctions.php';
include 'headers_sans_image_fr.php';
include_once "fckeditor/fckeditor.php";
//if(!isset($_SESSION["_pseudo"]) || !isset($_SESSION["_mdp"]))
if (!isset($_COOKIE["myforum_login_guides1"]) or !isset($_COOKIE["myforum_pass_guides1"])) {
echo "<center><br><br>Vous devez vous identifier pour acceder à cette page</center>";
exit;
} else {
//Si on est bien loguer, on affiche le reste
$pseudo = mysqlsafe($_SESSION['_pseudo']);
$mdp = mysqlsafe($_SESSION['_mdp']);
echo '<div class="conteiner">';
echo '<br><br>Bonjour <b>' . safest($_SESSION['_pseudo']) . '</b><br>';
// echo 'Votre rang : <b>'.safest($_SESSION['_rank']).'</b><br><br />';
?>
<br/>
<a href="./">
Retour Accueil
</a>
<br/>
function getPlayerPitching($playerID)
{
$pitchingTable = "";
$connection = mysqli_connect("localhost", "root", "", "baseball");
$playerID = mysqlsafe($playerID, $connection);
$query = mysqli_query($connection, "SELECT PlayerID, yearID, teamID, lgID, W, L, G, GS, CG, SHO, SV, IPouts, H, ER, HR, BB, SO, BAOpp, IBB, WP, HBP, BK, BFP, GF, R, SH, SF, GIDP FROM pitching WHERE playerID = '{$playerID}' ORDER BY yearID ASC");
$rowCount = mysqli_num_rows($query);
if ($rowCount >= 1) {
$pitchingTable = "<br><h1>Pitching</h1>\n";
$pitchingTable .= "<table>\n";
$pitchingTable .= "\t<tr>\n";
$pitchingTable .= "\t\t<th>Year</th>\n";
$pitchingTable .= "\t\t<th>Team</th>\n";
$pitchingTable .= "\t\t<th>League</th>\n";
$pitchingTable .= "\t\t<th>W</th>\n";
$pitchingTable .= "\t\t<th>L</th>\n";
$pitchingTable .= "\t\t<th>ERA</th>\n";
$pitchingTable .= "\t\t<th>G</th>\n";
$pitchingTable .= "\t\t<th>GS</th>\n";
$pitchingTable .= "\t\t<th>CG</th>\n";
$pitchingTable .= "\t\t<th>SHO</th>\n";
$pitchingTable .= "\t\t<th>SV</th>\n";
$pitchingTable .= "\t\t<th>IP</th>\n";
$pitchingTable .= "\t\t<th>H</th>\n";
$pitchingTable .= "\t\t<th>ER</th>\n";
$pitchingTable .= "\t\t<th>HR</th>\n";
$pitchingTable .= "\t\t<th>BB</th>\n";
$pitchingTable .= "\t\t<th>SO</th>\n";
$pitchingTable .= "\t\t<th>IBB</th>\n";
$pitchingTable .= "\t\t<th>WP</th>\n";
$pitchingTable .= "\t\t<th>HBP</th>\n";
$pitchingTable .= "\t\t<th>BK</th>\n";
$pitchingTable .= "\t\t<th>BFP</th>\n";
$pitchingTable .= "\t\t<th>GF</th>\n";
$pitchingTable .= "\t\t<th>R</th>\n";
$pitchingTable .= "\t\t<th>SH</th>\n";
$pitchingTable .= "\t\t<th>SF</th>\n";
$pitchingTable .= "\t\t<th>GIDP</th>\n";
$pitchingTable .= "\t\t<th>AVG</th>\n";
$pitchingTable .= "\t\t<th>WHIP</th>\n";
$pitchingTable .= "\t</tr>\n";
while ($row = mysqli_fetch_assoc($query)) {
if ($row['G'] != 0 || !is_null($row['G'])) {
$pitchingTable .= "\t<tr>\n";
$pitchingTable .= "\t\t<td>" . $row['yearID'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['teamID'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['lgID'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['W'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['L'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . getEra($row['ER'], $row['IPouts']) . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['G'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['GS'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['CG'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['SHO'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['SV'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . number_format($row['IPouts'] / 3, 1) . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['H'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['ER'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['HR'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['BB'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['SO'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['IBB'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['WP'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['HBP'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['BK'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['BFP'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['GF'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['R'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['SH'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['SF'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['GIDP'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . $row['BAOpp'] . "</td>\n";
$pitchingTable .= "\t\t<td>" . getWhip($row['H'], $row['BB'], $row['IPouts']) . "</td>\n";
$pitchingTable .= "\t</tr>\n";
}
}
$pitchingTable .= "</table>";
}
mysqli_close($connection);
return $pitchingTable;
}
<?php
define('MyPHPForum', true);
session_start();
include 'mysql.php';
include 'fonctions.php';
include "connexion.php";
$mdp_test = mysqlsafe($_POST['mdp']);
$pseudo_test = mysqlsafe($_POST['pseudo']);
//$requete = mysql_query("select * from table_5_user where mdp='$mdp_test' AND pseudo='$pseudo_test'");
$requete = mysql_query("select * from partenaires where reserve_1='{$mdp_test}' AND e_mail='{$pseudo_test}'");
$test = mysql_num_rows($requete);
if ($test != 1) {
exit("<p>Pseudo et/ou mot de passe incorrect<br /><a href=\"./index.php\">retour</a></p>");
} else {
$ligne = mysql_fetch_object($requete);
$_pseudo = "{$ligne->e_mail}";
$_mdp = "{$ligne->reserve_1}";
$id = "{$ligne->id}";
//$_rank = "$ligne->rank";
//$_email = "$ligne->email";
//$_id_p = "$ligne->id";
$recherche = $bdd->query('SELECT * FROM partenaires WHERE e_mail ="' . $_pseudo . '"');
$_SESSION['id'] = $donnees['id'];
$recherche->CloseCursor();
$_SESSION['_pseudo'] = $_pseudo;
$_SESSION['_mdp'] = $_mdp;
//$_SESSION["_rank"] = $_rank;
//$_SESSION["_email"] = $_email;
//$_SESSION["_id_p"] = $_id_p;
//$_SESSION["_mbr_id"] = $_id_p;
<?php
include 'Functions.php';
include 'PlayerFunctions.php';
$playerInfo = "";
$battingTable = "";
$fieldingTable = "";
$pitchingTable = "";
$playerTable = "";
$error = "";
if (isset($_POST['submit'])) {
$connection = mysqli_connect("localhost", "root", "", "baseball");
$playerFirstname = mysqlsafe($_POST['PlayerFirstname'], $connection);
$playerLastname = mysqlsafe($_POST['PlayerLastname'], $connection);
$query = mysqli_query($connection, "SELECT playerID, nameFirst, nameLast, weight, height, bats, throws, debut, finalGame, birthCity, birthState FROM master WHERE nameFirst='{$playerFirstname}' AND nameLast='{$playerLastname}'");
$rowCount = mysqli_num_rows($query);
if ($rowCount == 0) {
$error = "Player name not contained in database.";
} else {
if ($rowCount == 1) {
$row = mysqli_fetch_assoc($query);
$playerID = $row['playerID'];
$playerInfo = getPlayerInfo($playerID);
$battingTable = getPlayerBatting($playerID);
$fieldingTable = getPlayerFielding($playerID);
$pitchingTable = getPlayerPitching($playerID);
} else {
if ($rowCount > 1) {
$playerTable = "<table >\n";
$playerTable .= "\t<tr>\n";
$playerTable .= "\t\t<th>Name</th>\n";
$teamTable .= "\t\t<td>" . $row['SOA'] . "</td>\n";
$teamTable .= "\t\t<td>" . $row['E'] . "</td>\n";
$teamTable .= "\t\t<td>" . $row['DP'] . "</td>\n";
$teamTable .= "\t\t<td>" . $row['FP'] . "</td>\n";
$teamTable .= "\t\t<td>" . $row['park'] . "</td>\n";
$teamTable .= "\t\t<td>" . $row['attendance'] . "</td>\n";
$teamTable .= "\t\t<td>" . $row['BPF'] . "</td>\n";
$teamTable .= "\t\t<td>" . $row['PPF'] . "</td>\n";
$teamTable .= "\t</tr>\n";
$teamTable .= "</table>\n";
mysqli_close($connection);
}
} else {
if (isset($_POST['TeamNamesSel'])) {
$connection = mysqli_connect("localhost", "root", "", "baseball");
$teamName = mysqlsafe($_POST['TeamNamesSel'], $connection);
$query = mysqli_query($connection, "SELECT name, yearID, lgID, divID, G, GHome, W, L,DivWin, WCWin, LgWin, WSWin, R, AB, H, 2B, 3B, HR, BB, SO, SB, CS, HBP, SF, RA, ER, ERA, CG, SHO, SV, IPOuts, HA, HRA, BBA, SOA, E, DP, FP, park, attendance, BPF, PPF FROM teams WHERE name='{$teamName}'");
$rowCount = mysqli_num_rows($query);
if ($rowCount >= 1) {
$teamTable = "<br><h1>Team</h1>\n";
$teamTable .= "<table>\n";
$teamTable .= "\t<tr>\n";
$teamTable .= "\t\t<th>Team</th>\n";
$teamTable .= "\t\t<th>Year</th>\n";
$teamTable .= "\t\t<th>League</th>\n";
$teamTable .= "\t\t<th>Div</th>\n";
$teamTable .= "\t\t<th>G</th>\n";
$teamTable .= "\t\t<th>GHome</th>\n";
$teamTable .= "\t\t<th>W </th>\n";
$teamTable .= "\t\t<th>L</th>\n";
$teamTable .= "\t\t<th>DivWin</th>\n";
<?php
include 'Functions.php';
if (isset($_POST['TeamSelected'])) {
$connection = mysqli_connect("localhost", "root", "", "baseball");
$TeamName = mysqlsafe($_POST['TeamSelected'], $connection);
$query = mysqli_query($connection, "SELECT yearID FROM teams WHERE name='{$TeamName}'");
echo "<option disabled selected hidden>Choose A Team</option>\n";
while ($row = mysqli_fetch_assoc($query)) {
echo "<option value='" . $row["yearID"] . "'>" . $row["yearID"] . "</option>\n";
}
//echo($input);
} else {
if (isset($_POST['TeamYear'])) {
$connection = mysqli_connect("localhost", "root", "", "baseball");
$TeamName = mysqlsafe($_POST['TeamName'], $connection);
$TeamYear = mysqlsafe($_POST['TeamYear'], $connection);
$query = mysqli_query($connection, "\nSELECT master.playerID AS playerID, master.nameFirst AS Firstname, master.nameLast AS Lastname\nFROM `appearances`\nINNER JOIN master ON appearances.playerID = master.playerID\nINNER JOIN teams ON appearances.teamID = teams.teamID \nWHERE teams.name = '{$TeamName}'\nAND appearances.yearID = '{$TeamYear}'\nGroup BY master.playerID\nORDER BY nameLast ASC, nameFirst ASC");
echo "<option disabled selected hidden>Choose A Player or Click Submit</option>\n";
while ($row = mysqli_fetch_assoc($query)) {
echo "<option value='" . $row["playerID"] . "'>" . $row["Firstname"] . " " . $row["Lastname"] . "</option>\n";
}
}
}
// variable to store error output from ready
//Run on user hitting submit button
if (isset($_POST['submit'])) {
//Send to function FormReady check if form input is valid
$output = FormReady();
//If no form input errors go
if ($output == "") {
//setup database connection information
$connection = mysqli_connect("localhost", "root", "", "baseball");
//set varables from user input after mysql_safe function is run from funtions.php file
$firstname = mysqlsafe($_POST['firstname'], $connection);
$lastname = mysqlsafe($_POST['lastname'], $connection);
$username = mysqlsafe($_POST['username'], $connection);
$email = mysqlsafe($_POST['email'], $connection);
//for password hash with MD5 first then SHA
$password = sha1(md5(mysqlsafe($_POST['password'], $connection)));
//Get query to check for user is in database
$query = mysqli_query($connection, "select username from login where username='******'");
$row = mysqli_fetch_assoc($query);
$userCheck = $row['username'];
//checks to see if the username input by user is the same as the one from database
if (!isset($userCheck)) {
//get query to check if email is in database
$query = mysqli_query($connection, "select email from login where email='{$email}'");
$row = mysqli_fetch_assoc($query);
$emailCheck = $row['email'];
//check to see if email that was input by user is already in database
if (!isset($emailCheck)) {
//checks if error while connecting to databes
if (mysqli_query($connection, "INSERT INTO login(firstname, lastname, username, password, email) VALUES('{$firstname}','{$lastname}','{$username}', '{$password}', '{$email}')")) {
//now that the user can login, redirect to login page
session_start();
// Starting Session
$error = '';
// Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
} else {
// Define $username and $password
$username = $_POST['username'];
$password = $_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "", "baseball");
// To protect MySQL injection for Security purpose
$username = mysqlsafe($username, $connection);
$password = sha1(md5(mysqlsafe($password, $connection)));
// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query($connection, "select * from login where password='******' AND username='******'");
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user'] = $username;
// Initializing Session
header("location: LoginSuccess.php");
// Redirecting To Other Page
} else {
$error = "Username or Password is invalid ";
}
mysqli_close($connection);
// Closing Connection
}
}
