function edit($id)
{
// Set a few globals
$data = array('page_title' => 'Inn Strategy - Admin');
$query = $this->get_ad_packages();
$data['adPackage'] = $query->result_array();
$query = $this->get_edit_methods();
$data['editMethod'] = $query->result_array();
$query = $this->get_classifications();
$data['classification'] = $query->result_array();
$query = $this->get_price_type();
$data['price_type'] = $query->result_array();
$query = $this->get_link_type();
$data['link_type'] = $query->result_array();
$data['states'] = $this->get_state_list();
$data['client_states'] = $this->get_states_served($id);
$query = $this->get_BBData_SelectOne($id);
$data['bbdata'] = $query->row();
$UserName = userID();
//The userID to use for demos is set in search.php controller
$query = $this->get_ClientBBDataSelectOne($UserName, $id);
$data['ad_log'] = $query->row();
$data['ad_log_count'] = $query->num_rows();
//die(print_r($data));
$this->load->vars($data);
$this->load->helper('url');
$this->load->helper('html');
$this->load->view('header_user');
$this->load->view('admin_detail');
$this->load->view('footer_std');
}
function isUserInLoginWaitingPeriod($email)
{
require '/home/simpleco/demo2/app/includes_php/db.inc.php';
// get the user id
$userID = userID($_POST['email']);
// get the wait required since last bad login
$sql = 'SELECT failed_logins FROM users WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $userID);
$s->execute();
$row = $s->fetch();
$wait = pow(2, $row['failed_logins']);
if ($row['failed_logins'] == 0) {
$wait = 0;
}
// get the time of the last bad login
$sql = 'SELECT time FROM log WHERE userID = :userID AND action = "bad login"
ORDER BY time DESC LIMIT 1';
$s = $pdo->prepare($sql);
$s->bindValue(':userID', $userID);
$s->execute();
$row = $s->fetch();
$last_attempt = $row['time'];
// get the current time
$current_time = date('Y-m-d H:i:s');
$end_of_wait = date('Y-m-d H:i:s', strtotime($last_attempt . ' + ' . $wait . 'seconds'));
if ($end_of_wait > $current_time) {
return TRUE;
} else {
return FALSE;
}
}
function modify()
{
// has the form been submitted and with valid form info (not empty values)
if ($this->input->post('Save')) {
// load model
$this->load->model('profile_model', '', TRUE);
$this->load->library('form_validation');
// Set Validation Rules
$this->form_validation->set_rules('txtPropertyName', 'Property Name', 'trim|required');
$this->form_validation->set_rules('txtAddress', 'Address', 'trim|required');
$this->form_validation->set_rules('txtCity', 'City', 'trim|required');
$this->form_validation->set_rules('ddlState', 'State', 'trim|required|min_length[2]');
$this->form_validation->set_rules('txtZip', 'Zip', 'trim|required|min_length[5]');
$this->form_validation->set_rules('txtPropertyURL', 'Property URL', 'trim|callback_valid_urls');
$this->form_validation->set_rules('txtContact1', 'First Contact', 'trim|required');
$this->form_validation->set_rules('txtEmail1', 'First Email', 'trim|required|valid_email');
if ($this->form_validation->run() == FALSE) {
$this->load->view('profile');
} else {
$today = mktime(date("m"), date("d"), date("Y"));
$today = date("Y-m-d H:i:s", $today);
$id = userID();
$profile = array('PropertyName' => $_POST['txtPropertyName'], 'Address' => $_POST['txtAddress'], 'City' => $_POST['txtCity'], 'State' => $_POST['ddlState'], 'Zip' => $_POST['txtZip'], 'Contact1' => $_POST['txtContact1'], 'Title1' => $_POST['txtTitle1'], 'Email1' => $_POST['txtEmail1'], 'Phone1' => $_POST['txtPhone1'], 'Contact2' => $_POST['txtContact2'], 'Title2' => $_POST['txtTitle2'], 'Email2' => $_POST['txtEmail2'], 'Phone2' => $_POST['txtPhone2'], 'LastUpdateDate' => $today, 'URL' => $_POST['txtPropertyURL']);
// Don't allow them to mess with the demo client
if ($this->uri->segment(2) !== 'demo') {
$this->profile_model->update($id, $profile);
}
}
}
redirect('/profile', 'location');
}
function update_password($pswd)
{
$uncrypt_password = set_value($pswd);
$password = $this->_salt(set_value($pswd));
$userID = userID();
$user_table = user_table();
$this->db->query("UPDATE `{$user_table}` SET `password` = '{$password}' WHERE `UserID` = '{$userID}'");
$userdata = $this->db->query("SELECT * FROM `{$user_table}` WHERE `UserID` = '{$userID}'");
$result = $userdata->row();
$this->send_change_email($result->username, $uncrypt_password, $result->email);
}
function userLogged()
{
$id = userID();
// Si l'utilisateur n'est pas connecté on ne peut pas récuperer ses infos
if ($id === false) {
return false;
}
$r = getDB()->prepare('SELECT * FROM users WHERE user_id = :id LIMIT 1');
$r->bindParam(':id', $id, PDO::PARAM_INT);
$r->execute();
return $r->fetch();
}
function update($id, $force = false)
{
global $db;
#Odbiorca
if (!is_numeric($this->to)) {
$this->to = userID($this->to);
}
$q = $db->prepare('UPDATE ' . PRE . 'pms SET th=:th, topic=:topic, usr=:usr,
owner=:owner, st=:st, date=:date, txt=:txt WHERE owner=:you AND st=3 AND ID=:id');
$q->execute(array('you' => UID, 'id' => $id, 'th' => $this->thread, 'owner' => $this->status > 2 ? $this->sender : $this->to, 'usr' => $this->status < 3 ? $this->sender : $this->to, 'topic' => $this->topic, 'txt' => $this->text, 'st' => $this->status, 'date' => $_SERVER['REQUEST_TIME']));
#Zwiêksz liczbê nieodebranych wiadomo¶ci
if ($this->status === 1) {
$db->exec('UPDATE ' . PRE . 'users SET pms=pms+1 WHERE ID=' . $this->to);
}
}
function edit()
{
$this->load->helper('url');
$this->load->helper('html');
$this->load->helper('auth');
// Set a few globals
$data = array('page_title' => 'Inn Strategy - Account Information');
$UserID = $this->uri->segment(2);
//'13baaeb6-1bba-4bad-8893-3f0bca64e274';
if ($this->input->post('btnSaveTop') || $this->input->post('btnSaveBottom')) {
// load model
$this->load->model('profile_model', '', TRUE);
$this->load->model('admin_notes_model', '', TRUE);
$this->load->library('form_validation');
if ($this->form_validation->run() != FALSE) {
// Don't allow them to mess with the demo client
// (BELT AND BRACES)
if ($this->uri->segment(2) !== 'demo') {
$today = mktime(date("m"), date("d"), date("Y"));
$today = date("Y-m-d H:i:s", $today);
$userID = userID();
$detail = array('Geo' => $_POST['rblGeo'], 'Enabled' => $_POST['rblEnabled'], 'Processor' => $_POST['ddProcessor'], 'SubscriptionEndDate' => $_POST['txtSubscriptionEndDate'], 'PayType' => $_POST['rblPayType'], 'LastUpdateDate' => $today, 'Price' => $_POST['txtPrice']);
$this->profile_model->update($userID, $detail);
$detail = array('AdminNote' => $_POST['txtAdminNotes']);
$this->admin_notes_model->update($_POST['BBDataID'], $detail);
//$this->states_served_model->delete_all($_POST['BBDataID']);
foreach ($data['client_states'] as $state) {
if ($this->input->post('MyStates_' . $state['StateCode'])) {
$detail = array('StateServed' => $state['StateCode'], 'BBDataID' => $_POST['BBDataID']);
$this->states_served_model->insert($detail);
}
}
}
}
}
$query = $this->get_ClientProfile_SelectOne($UserID);
$data['client'] = $query->row();
$data['states'] = $this->get_state_list();
$data['client_states'] = $this->get_client_states($UserID);
$this->load->vars($data);
$this->load->view('header_user');
$this->load->view('client_detail');
$this->load->view('footer_std');
}
function show($id)
{
// Set a few globals
$data = array('page_title' => 'Inn Strategy - Search');
$query = $this->get_BBData_SelectOne($id);
$data['bbdata'] = $query->row();
$UserName = userID();
//The userID to use for demos is set in search.php controller
$query = $this->get_ClientBBDataSelectOne($UserName, $id);
$data['ad_log'] = $query->row();
$data['ad_log_count'] = $query->num_rows();
//die(print_r($data));
$this->load->vars($data);
$this->load->helper('url');
$this->load->helper('html');
$this->load->view('header_user');
$this->load->view('detail');
$this->load->view('footer_std');
}
if (isset($_POST['action']) and $_POST['action'] == 'add_events_property') {
try {
$sql = 'INSERT INTO lookup_events_eventproperties SET
eventID = :eventID,
eventpropertyID = :eventpropertyID';
$s = $pdo->prepare($sql);
$s->bindValue(':eventID', $_POST['eventID']);
$s->bindValue(':eventpropertyID', $_POST['eventpropertyID']);
$s->execute();
} catch (PDOException $e) {
$error = 'Error adding event property to this event!';
include '/home/simpleco/demo2/app/pages_eventadmin/error.inc.html.php';
exit;
}
// get the user id and log the event
$id = userID($_SESSION['email']);
logevent($id, $_POST['eventID'], 'added property ' . $_POST['eventpropertyID']);
$title = "Event Property Added to Event";
$longdesc = 'You have successfully added an event property to that event.';
include '/home/simpleco/demo2/app/pages_eventadmin/confirmation.inc.html.php';
exit;
}
/*
* responds to request to delete an event's property
*/
if (isset($_POST['action']) and $_POST['action'] == 'delete_events_property') {
$sql = 'DELETE FROM lookup_events_eventproperties WHERE eventID = :eventID AND
eventpropertyID = :eventpropertyID LIMIT 1';
$s = $pdo->prepare($sql);
$s->bindValue(':eventID', $_POST['eventID']);
$s->bindValue(':eventpropertyID', $_POST['eventpropertyID']);
/**
* do prepare params from the url
* Enter description here ...
* @param unknown_type $params
*/
public static function prepareInputParams($params)
{
$array = array(':id', ':o', ':uid', ':limit', ':type', ':p');
if (!empty($params)) {
foreach ($array as $val) {
$getval = ltrim($val, ':');
if (isset($_POST[$getval]) && intval($_POST[$getval])) {
$params = str_replace($val, $_POST[$getval], $params);
}
if ($getval === 'uid') {
$params = str_replace($val, userID(), $params);
}
if ($getval === 'a') {
$params = str_replace($val, ACTION_NAME, $params);
}
if ($getval === 'm') {
$params = str_replace($val, MODULE_NAME, $params);
}
}
}
return $params;
}
function index()
{
// Set a few globals
$data = array('page_title' => 'Inn Strategy - Search');
$query = $this->get_classifications();
$data['classification'] = $query->result_array();
$data['class_count'] = $query->num_rows();
if (user_group('admin') === TRUE) {
$query = $this->get_price_type();
$data['price_type'] = $query->result_array();
$query = $this->get_link_type();
$data['link_type'] = $query->result_array();
$query = $this->get_ad_packages();
$data['ad_package'] = $query->result_array();
$query = $this->get_state_list();
$data['states'] = $query->result_array();
}
if ($this->uri->segment(2) === 'demo') {
set_userID('b2cd1871-34e4-4472-a004-1d6dccb0f0a2');
}
/*
$Website = '';
$Classification = '';
$PriceType = '';
$BBSpecials = '';
$UserReview = '';
$Google = '';
$Yahoo = '';
$MSN = '';
$Quantified = '';
$Rating = '';
$State = '';
$LinkType = '';
$AdPackage = '';
$BBCategory = '';
$MaxPR = '';
$LinkPR = '';
$Limited = '';
$query = $this->client_select_many($Website, $Classification, $PriceType, $BBSpecials, $UserReview, $Google, $Yahoo, $MSN, $Quantified, $Rating, $State, $LinkType, $AdPackage, $BBCategory, $MaxPR, $LinkPR, $Limited);
$data['bbdata'] = $query->result_array();
*/
$prev_sort_column = isset($_POST['prev_sort_column']) ? $_POST['prev_sort_column'] : "";
//$this->input->post("prev_sort_column");
$sort_column = isset($_POST['sort_column']) ? $_POST['sort_column'] : user_group('admin') === TRUE ? "LastUpdated" : "WebSiteText";
$data['prev_sort_column'] = $sort_column;
$sort_direction = user_group('admin') === TRUE ? "DESC" : "ASC";
if ($prev_sort_column == $sort_column) {
if (isset($_POST['sort_direction']) && $_POST['sort_direction'] == "ASC") {
$sort_direction = "DESC";
} else {
$sort_direction = "ASC";
}
}
$data['sort_direction'] = $sort_direction;
$Website = isset($_POST['txtSearch']) ? $_POST['txtSearch'] : '';
$Classification = $this->get_classification_list($data['classification']);
$PriceType = $this->get_price_selection();
$BBSpecials = isset($_POST['rblBBSpecials']) ? $_POST['rblBBSpecials'] : '';
$UserReview = isset($_POST['rblUserReview']) ? $_POST['rblUserReview'] : '';
$Google = isset($_POST['rblGoogle']) ? $_POST['rblGoogle'] : '';
$Yahoo = isset($_POST['rblYahoo']) ? $_POST['rblYahoo'] : '';
$MSN = isset($_POST['rblMSN']) ? $_POST['rblMSN'] : '';
$Quantified = isset($_POST['rblQuantified']) ? $_POST['rblQuantified'] : '';
$VacationRental = isset($_POST['rblVacationRental']) ? $_POST['rblVacationRental'] : '';
$Rating = $this->get_rating();
$Limited = $this->uri->segment(2) === 'demo';
$BBCategory = isset($_POST['rblBBCategory']) ? $_POST['rblBBCategory'] : '';
$AdPackage = isset($_POST['ddAdPackage']) ? $_POST['ddAdPackage'] : '';
$State = isset($_POST['ddStates']) ? $_POST['ddStates'] : '';
$LinkType = isset($_POST['ddLinkType']) ? $_POST['ddLinkType'] : '';
if ($this->uri->total_segments() == 3 && $this->uri->segment(2) !== 'demo') {
$UserName = $this->uri->segment(3);
} else {
$UserName = userID();
}
//'13baaeb6-1bba-4bad-8893-3f0bca64e274'; //'b61fc9d0-d42f-4a8d-a8ae-f75042c1f039';
$data['client_name'] = $this->get_client_name($UserName);
$LinkPR = '';
for ($i = 0; $i < 10; $i++) {
if (isset($_POST["chkLinkPR{$i}"])) {
$LinkPR .= ",{$i}";
}
}
if (strpos($LinkPR, ',') == 0) {
$LinkPR = substr($LinkPR, 1);
}
$MaxPR = '';
for ($i = 0; $i < 10; $i++) {
if (isset($_POST["chkMaxPR{$i}"])) {
$MaxPR .= ",{$i}";
}
}
if (strpos($MaxPR, ',') == 0) {
$MaxPR = substr($MaxPR, 1);
}
$my_list = $this->uri->segment(2) == 'my' || $this->uri->segment(3) == 'my';
//!($this->uri->segment(2) === FALSE) && ($this->uri->segment(2) !== 'demo');
if (user_group('admin') === TRUE) {
if ($my_list) {
$query = $this->client_data_search($Website, $Classification, $PriceType, $BBSpecials, $UserReview, $Google, $Yahoo, $MSN, $Quantified, $VacationRental, $Rating, $Limited, $UserName, $LinkPR, $BBCategory, $LinkType, $sort_column, $sort_direction);
} else {
$query = $this->client_admin_search($Rating, $LinkPR, $MaxPR, $Quantified, $BBSpecials, $Yahoo, $BBCategory, $MSN, $Google, $UserReview, $PriceType, $LinkType, $AdPackage, $Website, $Classification, $State, $Limited, $sort_column, $sort_direction);
}
} else {
$query = $this->client_data_search($Website, $Classification, $PriceType, $BBSpecials, $UserReview, $Google, $Yahoo, $MSN, $Quantified, $VacationRental, $Rating, $Limited, $UserName, $LinkPR, $BBCategory, $LinkType, $sort_column, $sort_direction);
}
$data['bbdata'] = $query->result_array();
$data['row_count'] = $query->num_rows();
$UserName = $this->uri->segment(2) === 'demo' ? 'Demonstration' : userID();
$this->load->vars($data);
$this->load->helper('url');
$this->load->helper('html');
$this->load->helper('form');
$this->load->library('ajax');
$this->load->view(user_group('admin') === TRUE ? 'header_user' : 'header_user');
$this->load->view($my_list ? 'my_list' : (user_group('admin') === TRUE ? 'admin_search' : 'search'), $data);
$this->load->view('footer_std');
}
$password = generateHash($salt, $_POST['password']);
$sql = 'UPDATE users SET
password = :password
WHERE email = :email';
$s = $pdo->prepare($sql);
$s->bindValue(':email', $_POST['email']);
$s->bindValue(':password', $password);
$s->execute();
} catch (PDOException $e) {
$error = 'Error updating new user record with password!';
include $siteroot . 'demo2/app/pages_admin/error.inc.html.php';
exit;
}
try {
// get the user id of the newly-created user account
$new_user_id = userID($_POST['email']);
// assign the new user a role of 1
$sql = 'INSERT INTO lookup_users_userroles (userID, roleID) VALUES
(:id, 1)';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $new_user_id);
$s->execute();
} catch (PDOException $e) {
$error = 'Error assinging default role of 1 for new user!';
include $siteroot . 'demo2/app/pages_admin/error.inc.html.php';
exit;
}
// get the user id and log the event
logevent($user_info['id'], NULL, 'created user ' . $new_user_id);
$title = "User Added";
$longdesc = 'You have successfully added: ' . $_POST['firstname'] . ' ' . $_POST['lastname'] . '.';
function getInterest()
{
$db = db();
$id = userID();
$sql = "SELECT ClientID FROM clients WHERE UserID = ?";
$cmd = $db->prepare($sql);
$cmd->execute(array($id));
$row = $cmd->fetch();
$sql2 = "SELECT s.ServiceName,e.EventName FROM services AS s INNER JOIN my_interests AS mi ON s.ServiceID = mi.ServiceID INNER JOIN events AS e ON e.EventID = mi.EventID WHERE mi.ClientID = ?";
$cmd2 = $db->prepare($sql2);
$cmd2->execute(array($row['ClientID']));
$result = $cmd2->fetchAll();
$db = null;
return $result;
}
function editSProviderDetails($data)
{
$id = userID();
$db = db();
$sql = "UPDATE service_providers SET SPName = ?, SPAddress = ?, SPContactNo = ?,SPEmail = ?,OwnerName = ? ,SPmobile = ?, SPType = ? WHERE UserID = ?";
$cmd = $db->prepare($sql);
$cmd->execute(array($data['espname'], $data['espaddress'], $data['espcontact'], $data['espemail'], $data['espowner'], $data['espmobile'], $data['esptype'], $id));
$db = null;
getSPDetails($id);
return "Update successful.";
}
<?php
include_once 'include/view-helper.php';
// Si des erreurs surviennent, elles seront placées dans ce tableau
$errors = [];
// Si on recoit un 'id' numérique en get, on est en mode édition, sinon en mode ajout
$editMode = verifyKeysIn($_GET, 'id') && is_numeric($_GET['id']);
if ($editMode) {
$user = getUserById($_GET['id']);
// Si l'utilisateur n'existe pas, on repasse en mode ajout
if ($user === false) {
$editMode = false;
}
// On verifie si l'utilisateur essaie de s'auto-modifier ou si c'est un admin
if ($user['user_id'] != userID() && !userIsAdmin()) {
abort('Vous n\'avez pas le droit de modifier cet utilisateur');
}
}
// Gestion de l'envoi du formulaire
if (verifyKeysIn($_POST, 'submit')) {
// Si les champs du formulaire sont valides
if (verifyKeysIn($_POST, 'name', 'fname', 'mail', 'username', 'pwd', 'birth', 'desc')) {
if ($editMode) {
editUser($_GET['id'], $_POST['name'], $_POST['fname'], $_POST['mail'], $_POST['username'], $_POST['pwd'], $_POST['birth'], $_POST['desc']);
} else {
insertUser($_POST['name'], $_POST['fname'], $_POST['mail'], $_POST['username'], $_POST['pwd'], $_POST['birth'], $_POST['desc']);
}
// Retour à la liste des utilisateurs
redirect('list-users.php');
} else {
$errors[] = "Il manque des champs dans le formulaire";
<th>Action</th>
</tr>
<?php
foreach ($users as $user) {
echo '<tr>';
$td = '<td>%s</td>';
// On va l'utiliser plusieurs fois, donc on le stocke
$uid = $user['user_id'];
// Les données
echo sprintf($td, $uid);
echo sprintf($td, $user['user_name']);
echo sprintf($td, $user['user_firstname']);
echo sprintf($td, $user['user_username']);
$link = '<a href="%s?id=' . $uid . '">%s</a> ';
// Les liens
$links = sprintf($link, 'show-user.php', 'Détail');
// S'il s'agit de l'utilisateur courant ou d'un admin
if ($uid === userID() || userIsAdmin()) {
$links .= sprintf($link, 'edit-user.php', 'Modifier');
}
// S'il s'agit d'un admin
if (userIsAdmin()) {
$links .= sprintf($link, 'delete-user.php', 'Supprimer');
}
echo sprintf($td, $links);
echo '</tr>';
}
?>
</table>
<?php
foot();
}
$errors = [];
// Le paramètre GET 'id' permet de spécifier quel utilisateur on veut supprimer
if (!verifyKeysIn($_GET, 'id')) {
$errors[] = 'Aucun utilisateur spécifié';
}
// Le paramètre POST 'submit' permet de spécifier qu'on veux supprimer l'utilisateur _maintenant_
if (verifyKeysIn($_POST, 'submit', 'id')) {
$uid = $_POST['id'];
$user = getUserById($uid);
if ($user === false) {
$errors[] = 'Cet utilisateur n\'existe pas';
} else {
deleteUser($uid);
// Si on s'auto-supprime, on déconnecte l'utilisateur
if ($uid === userID()) {
userLogout();
}
// Retour à la liste des utilisateurs
redirect('list-users.php');
}
}
head();
?>
<h1>Suppression</h1>
<?php
// Les éventuelles erreurs
if (count($errors) > 0) {
?>
<div class="errors">
<ul>
