function updateProfFacts($fact1, $fact2, $fact3, $username, $db_server) { $query = "SELECT * FROM profiles WHERE username='******'"; $result = $db_server->query($query); checkQueryResults($result); $row = $result->fetch_row(); if (strlen($fact1) > 0) { $fact1 = $db_server->real_escape_string($fact1); $query = "UPDATE profiles SET fact1='{$fact1}' WHERE username='******';"; $result = $db_server->query($query); checkQueryResults($result); echo "<p>Fact 1 successfully updated.</p>"; } if (strlen($fact2) > 0) { $fact2 = $db_server->real_escape_string($fact2); $query = "UPDATE profiles SET fact2='{$fact2}' WHERE username='******';"; $result = $db_server->query($query); checkQueryResults($result); echo "<p>Fact 2 successfully updated.</p>"; } if (strlen($fact1) > 0) { $fact3 = $db_server->real_escape_string($fact3); $query = "UPDATE profiles SET fact3='{$fact3}' WHERE username='******';"; $result = $db_server->query($query); checkQueryResults($result); echo "<p>Fact 3 successfully updated.</p>"; } }
require "class_lib.php"; $debug = false; if ($debug) { error_reporting(E_ALL); } // check if session has already been started // if so, destroy current session // validate credentials if (isset($_POST['username']) && isset($_POST['password'])) { $db_server = connect(); // validate credentials $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM users WHERE username='******'"; $result = $db_server->query($query); checkQueryResults($result); $row = $result->fetch_row(); $fixedPass = hash('sha1', $password, false); if ($fixedPass == $row[1]) { // user/pw combo correct; kill any current sessions, initiate new session, redirect to index $_SESSION['username'] = $username; if ($debug) { print_r($_SESSION); } // redirect to index page header('Location: index.php'); exit(0); //echo "<h1>Unknown error. If you have disabled cookies, please re-enable them.</br><a href = login.php>Return</a> to login page</br></h1>"; //session_destroy(); //$sessionStarted = session_start(); //header('Location: index.php');
function searchGeneral($search, $users, $db_server) { $query = "SELECT * FROM profiles"; $result = $db_server->query($query); checkQueryResults($result); while ($row = $result->fetch_row()) { $matchFact1 = strpos($row[1], $search); $matchFact2 = strpos($row[2], $search); $matchFact3 = strpos($row[3], $search); if ($matchFact1 !== false || $matchFact2 !== false || $matchFact3 !== false) { $users[] = $row[0]; } } $query = "SELECT * FROM messages"; $result = $db_server->query($query); checkQueryResults($result); while ($row = $result->fetch_row()) { $matchResult = strpos($messages[2], $search); $alreadyExists = array_search($search, $users); if ($alreadyExists === false) { $users[] = $row[1]; } } return $users; }