function get_user_data() { $connection = connect_to_mysql(); $query = "SELECT * FROM users WHERE email = '"; $query .= $_SESSION["email"] . "'"; $result = mysqli_query($connection, $query); $row = mysqli_fetch_array($result); if ($row != false) { close_mysql_connection($connection); return $row; } }
function check_change_password() { $fail = false; //if old password is incorrect, exit $connection = connect_to_mysql(); $query = "SELECT * FROM users WHERE email = '" . $_SESSION['email'] . "' AND password = '******'"; $row = mysqli_query($connection, $query); if (mysqli_num_rows($row) != 1) { $GLOBALS['oldPasswordIncorrect'] = true; $fail = true; } // if password contains special characters, exit if (!filter_var($_POST["InputPW1"], FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => "/^[a-zA-Z0-9_]*\$/")))) { $GLOBALS['passwordNotValid'] = true; $fail = true; } //if passwords do not match, exit if ($_POST["InputPW1"] != $_POST["InputPW2"]) { $GLOBALS['passwordNotMatch'] = true; $fail = true; } if (!$fail) { start_password_change($connection); } close_mysql_connection($connection); }
function input_listing($connection) { //$connection = connect_to_mysql(); $maprice = filter_input(INPUT_POST, "maxprice", FILTER_VALIDATE_INT); $description = filter_input(INPUT_POST, "description", FILTER_SANITIZE_STRING); $address = filter_input(INPUT_POST, "address", FILTER_SANITIZE_STRING); $zip_code = filter_input(INPUT_POST, "zipcode", FILTER_VALIDATE_INT); $city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING); $us_state = filter_input(INPUT_POST, "us_state", FILTER_SANITIZE_STRING); $price = filter_input(INPUT_POST, "price", FILTER_VALIDATE_INT); $sq_ft = filter_input(INPUT_POST, "sq_ft", FILTER_VALIDATE_INT); $num_bedrooms = filter_input(INPUT_POST, "num_bedrooms", FILTER_VALIDATE_INT); $num_bathrooms = filter_input(INPUT_POST, "num_bathrooms", FILTER_VALIDATE_INT); $num_garages = filter_input(INPUT_POST, "num_garages", FILTER_VALIDATE_INT); $target_id_query = "Select id from listings Where id<(select max(Id) from listings)\n\t\torder by id desc limit 1"; $result = mysqli_query($connection, $target_id_query); $row = mysqli_fetch_array($result); echo $row[0]; //$target_dir = $target_dir . basename(($_FILES["uploadFile"]["name"])); $w_address = $address . ", " . $city . ", " . $us_state; $walkscore = get_walkscore($w_address); $uploadOk = 1; $i = 1; while ($i < count($_FILES) + 1) { $target_dir = "./assets/home_images/home" . ((int) $row[0] + 2) . "/small/home" . ((int) $row[0] + 2) . "_" . $i . ".jpg"; if (move_uploaded_file($_FILES["image" . $i]["tmp_name"], $target_dir)) { ${'image' . $i} = "home" . ((int) $row[0] + 2) . "_" . $i . ".jpg"; echo "The file " . basename($_FILES["image" . $i]["name"]) . " has been uploaded.\n"; } else { echo "Sorry, there was an error uploading your file."; $i++; } $i++; } $query = "INSERT INTO listings (description, address, zip_code, city, us_state, price, sq_ft, num_bedrooms, num_bathrooms, num_garages, image1, image2, image3, walk_score)"; $query .= "VALUES('{$description}', '{$address}', '{$zip_code}', '{$city}', '{$us_state}', '{$price}', '{$sq_ft}', '{$num_bedrooms}', '{$num_bathrooms}', '{$num_garages}', '{$image1}', '{$image2}', '{$image3}', '{$walkscore}')"; if (!mysqli_query($connection, $query)) { die('Error: ' . mysqli_error($connection)); } echo "1 record added"; close_mysql_connection($connection); }
$end = $plan['end']; } // affichage des valeurs de paramètres echo '<tr class="pg-row">'; echo '<td style="">' . $i . '</td>'; echo '<td id="GreenAPAction' . $i . '" style="">' . $action . '</td>'; echo '<td id="GreenAPStart' . $i . '" style="">' . $start . '</td>'; echo '<td id="GreenAPEnd' . $i . '" style="">' . $end . '</td>'; echo '</tr>'; } echo ' </tbody> </table>'; } } } // ************************************************************************************* // rapport d'exécution de la requête // ************************************************************************************* if ($glb_err) { echo '<p class="G10RBOLD">Erreur dans le traitement de la requête :</p>' . htmlentities($msg) . "<br />"; } else { // echo "Requête exécutée avec succès<br />"; } // fermeture de la connexion à la base close_mysql_connection(); ?> </BODY> </HTML>
</form> </div> <div class="btn-group" role="group"> <form action="home_details.php" method="get"> <button name="details" type="submit" value="<?php echo '' . $row[0] . ''; ?> " class="btn btn-success btn-sm">Details</button> </form> </div> </div> </div> </div> </div> <?php close_mysql_connection($connection); ?> </div> <div class="col-sm-12 col-sm-6 col-md-6"> <?php //$connection = connect_to_mysql(); //$results = featured_properties($connection); //no longer necessary if ($results != "") { $row = mysqli_fetch_array($results); } else { echo "<br><br><br><h2>Must enter valid input</h2>"; die; } ?> <div class="brdr bgc-fff pad-10 box-shad btm-mrg-20 property-listing" style="overflow:hidden;"> <div class="media">
function contact_requests() { $connection = connect_to_mysql(); $query = "SELECT * FROM touched"; $result = mysqli_query($connection, $query); $row; $max = mysqli_num_rows($result); for ($i = 0; $i < $max; $i++) { mysqli_data_seek($result, $i); $row = mysqli_fetch_array($result); echo "<tr>\n"; echo "<td> " . $row['name'] . "</td>\n"; echo "<td> " . $row['email'] . " </td>\n"; echo "<td> " . $row['phone'] . " </td>\n"; echo "<td> " . $row['message'] . " </td>\n"; echo "<td> <a href=\"home_details.php?details=" . $row['idListing'] . "\">Visit listing</a></td>\n"; echo "<td>"; echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">"; echo "<button name=\"idRow\" type=\"submit\" value=\"" . $row['id'] . "\">Remove contact request</button>"; echo "</form>"; echo "</td>\n"; echo "</tr>"; } close_mysql_connection($connection); }
echo "DB Problem in deleting unsent sms alert !"; } } else { $sms_unsent++; $query = mysql_query("UPDATE unsend_sms_alert SET sms_status = '{$sms_status}' WHERE id ='{$row_id}';"); } } } // Check for sms status ---------------------------------- ENDED -------------- echo "\n"; echo "--Report---------------------------------\n"; echo "No of Email Sent : " . $email_sent . "\n"; echo "No of SMS Sent : " . $sms_count . "\n"; echo "No of SMS DELVRD : " . $sms_sent . "\n"; echo "No of SMS Not DELVRD : " . $sms_unsent . "\n"; close_mysql_connection($dbhandle); unlink("/var/lock/skol_sendsms"); echo "Start Time: " . date("Y-M-d H:i:s") . "\n"; echo "SKOL SMS Script Ended --------------------\n"; // SEND EMAIL FUNCTION : function SEND_EMAIL($to_address, $email_subject, $email_body) { $query = mysql_query("insert into send_email (email_id,email_subject,email_body) values ('" . $to_address . "','" . $email_subject . "','" . $email_body . "');"); if ($query != false) { return true; } return false; } // SEND SMS FUNCTION : function SEND_SMS($user_phone, $message_body) {
function create_user() { // hashes the password to store it safely in the DB $password = password_hash($_POST["InputPW1"], PASSWORD_DEFAULT); $connection = connect_to_mysql(); // query to create a new user in the DB $query = "INSERT INTO users (email,password,user_type,zip_code,phone_number,first_name,last_name)"; $query .= "VALUES("; $query .= "'{$_POST["InputEmail"]}',"; $query .= "'{$password}',"; $query .= "1,"; $query .= "{$_POST["InputZip"]},"; $query .= "'{$_POST["InputPhone"]}',"; $query .= "'{$_POST["InputFirstName"]}',"; $query .= "'{$_POST["InputLastName"]}')"; if (mysqli_query($connection, $query) == FALSE) { echo "Failed to create user"; } close_mysql_connection($connection); }
function check_login_forgot() { $original_email = trim($_POST["InputEmail"]); $clean_email = filter_var($original_email, FILTER_SANITIZE_EMAIL); $fail = false; // if email has special characters or doesn't have right format, exit if ($original_email != $clean_email || !filter_var($original_email, FILTER_VALIDATE_EMAIL)) { $GLOBALS['emailNotValid'] = true; $fail = true; } // if email is not already registered, exit $connection = connect_to_mysql(); $query = "SELECT * FROM users WHERE email = '" . $original_email . "'"; $row = mysqli_query($connection, $query); if (mysqli_num_rows($row) != 1) { $GLOBALS['emailNotRegistered'] = true; $fail = true; } if (!$fail) { start_password_recovery($connection, $clean_email); } close_mysql_connection($connection); }