function deleteGroup($id) { $database = connectDatabase(); if ($database == false) { return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>"; } @ $result = $database->query("select id from groups where id='$id'"); if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } if (!$result->num_rows) { return "<p>Grupa o podanym id nie istnieje.</p>"; } @ $result = $database->query("delete from groups where id='$id'"); if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } return "<p>Grupa została poprawnie usunięta</p>"; }
function addGroup($group) { // wywołanie funkcji łączącej się z bazą $database = connectDatabase(); // zwrócenie błędu jeśli nie dostano zasobu bazy if ($database == false) { return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>"; } @ $result = $database->query("select name from groups where name='$group'"); if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } if ($result->num_rows > 0) { return "<p>Grupa o takiej nazwie już istnieje.</p>"; } // zapytanie bazy danych o użytkownika @ $result = $database->query("insert into groups (name) values ('$group')"); // jeśli nie udało się wykonać zapytania if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } else { return "<p>Grupa została dodana</p>"; } $database->close(); }
function setLogin($login) { $database = connectDatabase(); $indeks = $_SESSION['userIndeks']; // zwrócenie błędu jeśli nie dostano zasobu bazy if ($database == false) { return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>"; } @ $result = $database->query("select * from users where login = '******'"); // jeśli nie udało się wykonać zapytania if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } // jeśli nie otrzymano żadnego rezultatu if ($result->num_rows > 0) { return "<p>Podany login jest już zarejestrowany. Musisz wybrać inny.</p>"; } @ $result = $database->query("update users set login = '******' where indeks = '$indeks'"); // jeśli nie udało się wykonać zapytania if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } else { $_SESSION['userLogin'] = $login; return "<p>Login został ustawiony poprawnie.</p>"; } }
/** * @param $login_form * @return false | User ログイン失敗時にfalseを返し、成功の場合はUserを返す。 */ public function login($login_form) { $dbh = connectDatabase(); $sql = "select * from users where name = :name and email = :email"; $stmt = $dbh->prepare($sql); $stmt->bindParam(":name", $login_form['name']); $stmt->bindParam(":email", $login_form['email']); $stmt->execute(); $stmt->setFetchMode(PDO::FETCH_CLASS | PDO::FETCH_PROPS_LATE, 'User', array('id', 'name', 'email', 'image_type', 'image', 'created_at', 'login_count')); return $stmt->fetch(); }
function registerFormSubmitted() { require 'include/configGlobals.php'; connectDatabase(); slashAllInputs(); //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['email'] | !$_POST['firstName'] | !$_POST['lastName']) { die('You did not complete all of the required fields'); } if (!isUsernameValid($_POST['username'])) { die('Sorry, that username is invalid. Please go back and try again.'); } // checks if the username is in use $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '******'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username ' . $_POST['username'] . ' is already in use. Please go back and try again.'); } $emailcheck = $_POST['email']; $check = mysql_query("SELECT email FROM users WHERE email = '{$emailcheck}'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the email exists it gives an error if ($check2 != 0) { die('Sorry, the email ' . $_POST['email'] . ' has already been registered. Please go back and try again.'); } $tempPassword = rand_string(16); // here we encrypt the password and add slashes if needed $hashPassword = md5($tempPassword); $hashUsername = md5($_POST['username']); $hash256Password = bin2hex(mhash(MHASH_SHA256, $tempPassword)); $hash256Username = bin2hex(mhash(MHASH_SHA256, $_POST['username'])); $creationDate = date('Y-m-d'); // now we insert it into the database $insert = "INSERT INTO users (username, pass, sha256_user, sha256_pass, fname, lname, addr1, addr2, city, state, zip, hphone, cphone, email, econtact, econtact_phone, econtact_rel, creation) VALUES (\n '" . $_POST['username'] . "',\n '" . $hashPassword . "',\n\t\t '" . $hash256Username . "',\n\t\t '" . $hash256Password . "',\n '" . $_POST['firstName'] . "',\n '" . $_POST['lastName'] . "',\n '" . $_POST['address1'] . "',\n '" . $_POST['address2'] . "',\n '" . $_POST['city'] . "',\n '" . $_POST['state'] . "',\n '" . $_POST['zipCode'] . "',\n '" . $_POST['homePhone'] . "',\n '" . $_POST['cellPhone'] . "',\n '" . $_POST['email'] . "',\n '" . $_POST['econtact'] . "',\n '" . $_POST['econtactPhone'] . "',\n '" . $_POST['econtactRel'] . "',\n '" . $creationDate . "'\n )"; $add_member = mysql_query($insert); $to = $_POST['email']; $from = $email_Administrator; $subject = 'Registered on ' . $club_Abbr . ' Online Registration Site'; $message = "--{$mime_boundary}\n"; $message .= "Content-Type: text/plain; charset=UTF-8\r\n"; $message .= "Content-Transfer-Encoding: 8bit\r\n"; $message .= 'Thank you for registering on the ' . $club_Abbr . ' Online Registration site.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n"; $message .= "--{$mime_boundary}--\n\n"; if (sendEmail($to, $from, $subject, $message) != false) { echo "<h1>Registered</h1>\n"; echo "Thank you, you have registered. An email has been sent to " . $to . " \n"; echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n"; echo "When you receive your temporary password you may <a href=\"index.php\">login</a> to continue.\n"; } else { echo "<h1>Internal Email Error. Please contact administrator at " . $email_Administrator . "</h1>\n"; } }
/** * すでに登録されているユーザネームか判定する * @param $name 判定対象のユーザネーム * @return bool 登録されているユーザネームの場合、trueを返す */ function is_registered($name) { $dbh = connectDatabase(); $sql = "SELECT name FROM users WHERE name = :name"; $stmt = $dbh->prepare($sql); $stmt->bindParam(':name', $name); $stmt->execute(); if ($stmt->fetch()) { return true; } else { return false; } }
function changePassword($email, $pass) { $hash = hashPassword($pass); $con = connectDatabase(); while (1) { $stmt = $con->prepare("CALL changePassword(?,?)"); $stmt->bind_param("ss", $email, $hash); $stmt->execute(); $stmt->close(); break; } $con->close(); }
function updateUserField($email, $value, $procName, &$errMsg = "") { $returnVal = true; $conn = connectDatabase(); $stmt = $conn->prepare("Call {$procName}(?,?)"); $stmt->bind_param("ss", $email, $value); $stmt->execute(); if ($stmt->errno !== 0) { $returnVal = false; } $errMsg = $stmt->error; $stmt->close(); closeDatabase($conn); return $returnVal; }
function forgotFormSubmitted() { require 'include/configGlobals.php'; // Connects to your Database connectDatabase(); slashAllInputs(); //This makes sure they did not leave any fields blank if (!$_POST['email']) { die('You did not complete all of the required fields'); } // checks if the email is in use $emailcheck = $_POST['email']; $check = mysql_query("SELECT username FROM users WHERE email = '{$emailcheck}'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the email doesn't exists it gives an error if ($check2 == 0) { die('Sorry, no user with email ' . $emailcheck . ' is registered in the database. Please try again.'); } while ($info = mysql_fetch_array($check)) { $usercheck = $info['username']; } $tempPassword = rand_string(16); // here we encrypt the password $sha256_pass = bin2hex(mhash(MHASH_SHA256, $tempPassword)); // now we insert it into the database $update_member = mysql_query("UPDATE users SET sha256_pass='******' WHERE username='******'"); $sha256_pass = rand_string(128); // clear md5 hash $update_member = mysql_query("UPDATE users SET pass='' WHERE username='******'"); $to = $emailcheck; $from = $email_Administrator; $subject = 'Reset Info for ' . $club_Abbr . ' Online Registration Site'; $message = "--{$mime_boundary}\n"; $message .= "Content-Type: text/plain; charset=UTF-8\r\n"; $message .= "Content-Transfer-Encoding: 8bit\r\n"; $message .= 'Your password has been reset on the ' . $club_Abbr . ' Online Registration site at your request.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n"; $message .= "--{$mime_boundary}--\n\n"; sendEmail($to, $from, $subject, $message); $tempPassword = rand_string(16); // clear variable data echoMainHeader(); echo "<h1>Email Sent.</h1>\n"; echo "Thank you, you have registered. An email has been sent to " . $_POST['email'] . " \n"; echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n"; echo "When you receive your temporary password you may <a href=\"" . $http_Logout . "\">login</a> to continue.\n"; echoMainFooter(); }
function logoutUser() { header("Content-Type: text/html; charset=utf-8"); logLogout(getCookie('ID')); if (getCookie('ID')) { connectDatabase(); slashArray($_COOKIE); // reset session id $sessionId = rand_string(32); $update = "UPDATE users SET session_id='{$sessionId}' WHERE sha256_user='******'ID') . "'"; $result = mysql_query($update); $sessionId = rand_string(32); } //this deletes the cookies clearCookies(); header("Location: index.php"); }
function getAllRelations() { $conn = connectDatabase(); $pEmail = ""; $cEmail = ""; $resultArray = []; $resultArray['pEmails'] = []; $resultArray['cEmails'] = []; $stmt = $conn->prepare("CALL getRelations()"); $stmt->execute(); $stmt->bind_result($pEmail, $cEmail); while ($stmt->fetch()) { array_push($resultArray['pEmails'], $pEmail); array_push($resultArray['cEmails'], $cEmail); } return $resultArray; }
function iduResults($statement) { $output = ""; $outputArray = array(); $db = connectDatabase(); if ($db) { $result = mysql_query($statement); if (!$result) { $output .= "ERROR"; $output .= "<br /><font color=red>MySQL No: " . mysql_errno(); $output .= "<br />MySQL Error: " . mysql_error(); $output .= "<br />SQL Statement: " . $statement; $output .= "<br />MySQL Affected Rows: " . mysql_affected_rows() . "</font><br />"; } else { $output = mysql_affected_rows(); } } else { $output = 'ERROR-No DB Connection'; } return $output; }
function changePassword($oldPassword, $newPassword) { // wywołanie funkcji łączącej się z bazą $database = connectDatabase(); $email = $_SESSION['userMail']; // zwrócenie błędu jeśli nie dostano zasobu bazy if ($database == false) { return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>"; } @ $result = $database->query("select mail from users where pass = sha1('$oldPassword')"); // jeśli nie udało się wykonać zapytania if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } // jeśli nie otrzymano żadnego rezultatu if ($result->num_rows == 0) { return "<p>Podane hasło jest błędne.</p>"; } // zapytanie bazy danych o użytkownika @ $result = $database->query("update users set pass = sha1('$newPassword') where mail = '$email' and pass=sha1('$oldPassword')"); // jeśli nie udało się wykonać zapytania if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } else { return "<p>Hasło zostało poprawnie zmienione.</p>"; } $database->close(); }
function insertComment() { session_start(); $story_id = $_SESSION['story_id']; $comment_to = htmlspecialchars($_POST["replyCommentTo"]); $comment_creator = $_SESSION['user_name']; $comment_content = htmlspecialchars($_POST["commentContent"]); $connectComment = connectDatabase(); $insertComment = $connectComment->prepare("insert into comment (story_id,comment_creator,comment_to,comment_content) values ( ?, ?, ?, ?)"); if (!$insertComment) { printf("insert failed: %s\n", $connectComment->connect_errno); } $insertComment->bind_param('isss', $story_id, $comment_creator, $comment_to, $comment_content); $insertComment->execute(); $insertComment->close; ///////new message $comment_id; $connect = connectDatabase(); $queryComment = $connect->prepare("select id from comment order by comment_time DESC LIMIT 1"); if (!$queryComment) { printf("query failed: %s\n", $connect->connect_errno); } $queryComment->execute(); $queryComment->bind_result($commentId); if ($queryComment->fetch()) { $comment_id = $commentId; } $queryComment->close; //////insert new message $user_id = $_POST["user_name"]; $connectUnread = connectDatabase(); $insertUnread = $connectUnread->prepare("insert into unread_comment (user_id,comment_id) values (?, ?)"); if (!$insertUnread) { printf("insert failed: %s\n", $connectUnread->connect_errno); } $insertUnread->bind_param('si', $comment_to, $comment_id); $insertUnread->execute(); $insertUnread->close; }
<?php session_start(); include '../functions.php'; $connect = connectDatabase(); //Getting form elements if (isset($_SESSION['currentCity'])) { if (isset($_SESSION['userId'])) { $city = $_SESSION['currentCity']; // $movie = $_SESSION['movie']; $theatre = $_SESSION['theatre']; $numberOfTickets = $_POST['ticketsCount']; $showId = $_POST['selectedShow']; $userId = $_SESSION['userId']; //Procedure call to DB $query = "CALL insertBookings(?, ?, ?, @booking_id)"; $stmt = $connect->prepare($query); $stmt->bind_param('iii', $userId, $showId, $numberOfTickets); $stmt->execute(); $result = $stmt->get_result(); $select = $connect->query('SELECT @booking_id'); $fetched = $select->fetch_assoc(); $id = $fetched['@booking_id']; header("Location: ../bookinStatus.php"); exit; } else { $_SESSION['loginAlert'] = "Please login to book tickets"; header("Location: ../book.php"); exit; } }
<h1>Moje rozwiązania</h1> <?php $database = connectDatabase(); if (!$database) { include('php/database_fail.php'); } else if (!isset($_SESSION['userId'])) { loginForm($category, $authStatus); } else { $limitSize = 100; $result = $database->query("SELECT COUNT(id) AS 'pages' FROM solutions;"); $row = $result->fetch_assoc(); $page_count = intval($row['pages'] / $limitSize); if ($row['pages'] % $limitSize) { $page_count = $page_count + 1; } if (!empty($_GET["page"]) && is_numeric($_GET["page"]) && $_GET["page"] > 0 && $_GET["page"] <= $page_count) { $page = ' LIMIT '.$limitSize.' OFFSET '.(($_GET["page"]-1)*$limitSize); $actual_page = $_GET["page"]; } else { $page = ' LIMIT '.$limitSize.' OFFSET 0'; $actual_page = 1; } $result = $database->query("SELECT solutions.id, solutions.task_id, solutions.make_date, solutions.lang_id, solutions.points, solutions.error, solutions.error_str, taskList.title AS 'task_title', languages.language_name AS 'lang_name', languages.compiler_system_name AS 'compiler' FROM solutions LEFT JOIN taskList ON solutions.task_id = taskList.id
function validateLogon() { $userid = $_POST['userid']; $password = $_POST['password']; //check if user ID and password are recieved /* print "<p>user ID: ".$userid."</p>"; print "<p>password: "******"</p>"; */ //connect to MySQL database and set $db $db = connectDatabase(); //check if MySQL connection established if (!$db) { print "<p>Unable to Connect to MySQL</p>"; } else { print "<p>Connected to MySQL</p>"; } //compile select statement $sql_statement = "SELECT firstname, lastname, email "; $sql_statement .= "FROM patron "; $sql_statement .= "WHERE userid = '" . $userid . "' "; $sql_statement .= "AND password = '******' "; //prints out select statement //print "<p>select statement: ".$sql_statement."</p>"; //run select statement $result = mysqli_query($db, $sql_statement); $outputDisplay = ""; $myrowcount = 0; if (!$result) { //to be removed print "<p>SQL statement to check user id and password not run</p>"; $outputDisplay .= "<p style='color: red;'>MySQL No: " . mysqli_errno($db) . "<br>"; $outputDisplay .= "MySQL Error: " . mysqli_error($db) . "<br>"; $outputDisplay .= "<br>SQL: " . $statement . "<br>"; $outputDisplay .= "<br>MySQL Affected Rows: " . mysqli_affected_rows($db) . "</p>"; } else { //to be removed print "<p>SQL statement to check user id and password run</p>"; $numresults = mysqli_num_rows($result); if ($numresults == 0) { $outputDisplay = "<p>The username and/or password you have entered is invalid<br/>"; $outputDisplay .= "System cannot log you onto the system.</p>"; $outputDisplay .= "<p>GO BACK and try again</p>"; } else { //gets a single row from resulting table $row = mysqli_fetch_array($result); $email = $row['email']; $firstname = $row['firstname']; $lastname = $row['lastname']; $outputDisplay = "<p>Successful Logon for Patron:</p>"; $outputDisplay .= "<p>Name: " . $firstname . " " . $lastname . "<br/>"; $outputDisplay .= "Email: " . $email . "</p>"; } } print $outputDisplay; }
<?php error_reporting(E_ALL); ini_set('display_errors', 'on'); require_once "libPreferences.php"; $pr = new Preferences(); $DBHost = $pr->get('DBHost'); $DBUser = $pr->get('DBUser'); $DBPass = $pr->get('DBPass'); $DBName = $pr->get('DBName'); $prefix = $pr->get('DBPrefix'); $db = connectDatabase($DBHost, $DBUser, $DBPass, $DBName); $html = ""; for ($i = $_GET['start']; $i < $_GET['end']; $i++) { $html .= "<h2>Precommit Info for TimeSlot {$i}</h2>\n<br />\n"; $html .= getPrecommitInfoInTimeSlotAsTable($db, $i, $DBName, $prefix); } echo $html; function connectDatabase($DBHost, $DBUser, $DBPass, $DBName) { //new connection using mysqli $db = new mysqli($DBHost, $DBUser, $DBPass, $DBName); //connection successfull? if ($db->connect_errno) { die('Couldnt connect: ' . $db->connect_error); } return $db; } function queryDatabase($db, $query) { //submit query and store result
require_once "includes/twitteroauth/twitteroauth.php"; require_once "includes/config.php"; require_once "includes/bibliohelper.php"; require_once "includes/dbhelper.php"; //Miramos que estén todos los parámetros if (!empty($_GET['oauth_verifier']) && !empty($_SESSION['oauth_token']) && !empty($_SESSION['oauth_token_secret'])) { //Hacemos que la conexión sea permanente $twitteroauth = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']); $access_token = $twitteroauth->getAccessToken($_GET['oauth_verifier']); $user_info = $twitteroauth->get('account/verify_credentials'); if (isset($user_info->error)) { //Se ha producido un error header('Location: logout.php'); } else { //Nos conectamos a la BDD $db = connectDatabase(); //Miramos si el usuario existe //Ojo, que no estamos teniendo en cuenta ataques por SQL Injection $query = mysql_query("SELECT * \n FROM usuario \n WHERE usu_oauth_provider = 'twitter' \n AND usu_oauth_uid = " . $user_info->id, $db); $result = mysql_fetch_array($query); if (!$result) { //Si no existe el usuario, lo insertamos y recuperamos nuestro ID //No usamos el mysql_insert_id por si acaso $query = mysql_query("INSERT INTO usuario (usu_oauth_provider, usu_oauth_uid, usu_oauth_nick, usu_oauth_token, usu_oauth_secret,usu_oauth_timestamp) \n VALUES ('twitter', {$user_info->id}, '{$user_info->screen_name}', '{$access_token['oauth_token']}', '{$access_token['oauth_token_secret']}',now())", $db); $query = mysql_query("SELECT * \n \t\t\t\t\t FROM usuario \n \t\t\t\t\t WHERE usu_oauth_provider = 'twitter'\n \t\t\t\t\t\t AND usu_oauth_uid = " . $user_info->id, $db); $result = mysql_fetch_array($query); } else { //El usuario existe. Hacemos un update de los tokens y de la fecha de login. //Hemos leído por ahí que los tokens no cambian, así que no sabemos porqué se hace eso. $query = mysql_query("UPDATE usuario \n \t\t\t\t\t\t SET usu_oauth_token = '{$access_token['oauth_token']}', \n \t\t\t\t\t\t usu_oauth_secret = '{$access_token['oauth_token_secret']}',\n \t\t\t\t\t\t usu_oauth_timestamp = now(),\n \t\t\t\t\t\t usu_oauth_nick = '{$user_info->screen_name}'\n \t\t\t\t\t WHERE usu_id = {$result['usu_id']}", $db); }
function executeInsert($sql) { connectDatabase(); $rows = mysql_query($sql) or die(mysql_error() . printError($sql)); return mysql_insert_id(); }
} echo "{"; if ($_GET["action"] == "update") { connectDatabase("usagedata"); getData(); echo ", "; getMeta(); } else { if ($_GET["action"] == "headers") { connectDatabase("usagedata"); getHeaders(); } else { if ($_GET["action"] == "locations") { connectDatabase("usagedata"); getLocations(); } else { if ($_GET["action"] == "delete") { connectDatabase("usagedata"); deleteRecord(); } else { connectDatabase("usagedata"); getHeaders(); echo ", "; getData(); echo ", "; getMeta(); } } } } echo "}";
function validateSession() { // 3/6/2010 Current Server does not allow for Server side detection. Now using forceSSL() in functions.js // see function isSSL() above. if (!isSSL()) { header("Location: logout.php"); } slashAllInputs(); connectDatabase(); validateUser(); // if they are not valid, they don't come back from here. }
function showComment() { session_start(); $story_id = $_SESSION['story_id']; $user_name = $_SESSION['user_name']; $connectComment = connectDatabase(); $queryComment = $connectComment->prepare("SELECT count(*) FROM comment where story_id=?"); if (!$queryComment) { printf("Query all story list failed: %s\n", $connectComment->connect_errno); exit; } $queryComment->bind_param('i', $story_id); $queryComment->execute(); $queryComment->bind_result($num); $queryComment->fetch(); $queryComment->close(); if ($num != 0) { $connectComment = connectDatabase(); $queryComment = $connectComment->prepare("SELECT id, comment_to, comment_creator, comment_content, comment_time FROM comment where story_id=?"); if (!$queryComment) { printf("Query all story list failed: %s\n", $connectComment->connect_errno); exit; } $queryComment->bind_param('i', $story_id); $queryComment->execute(); $queryComment->bind_result($comment_id, $comment_to, $comment_creator, $comment_content, $comment_time); echo $story_title; echo "<table>\n"; while ($queryComment->fetch()) { echo "<tr>"; printf("<td colspan = 3 ><h4> %s </h4></td>", htmlspecialchars($comment_content)); echo "<tr>"; printf("<td>%s to %s</td> <td>%s</td>", htmlspecialchars($comment_creator), htmlspecialchars($comment_to), htmlspecialchars($comment_time)); echo "<td>"; if (htmlspecialchars($comment_creator) == $user_name) { echo "<form action = \"editComment.php\" method=\"POST\">"; echo "<input type=\"hidden\" name=\"token\" value=" . htmlspecialchars($_SESSION['token']) . ">"; echo "<input type=\"hidden\" name=\"comment_id\" value = " . htmlspecialchars($comment_id) . ">"; echo "<input type=\"submit\" name=\"editCommentButton\" value=\"Edit\">"; echo "</form>"; echo "<form action = \"deleteComment.php\" method=\"POST\">"; echo "<input type=\"hidden\" name=\"token\" value=" . htmlspecialchars($_SESSION['token']) . ">"; echo "<input type=\"hidden\" name=\"comment_id\" value = " . htmlspecialchars($comment_id) . ">"; echo "<input type=\"submit\" name=\"deleteCommentButton\" value=\"Delete\">"; echo "</form>"; } else { echo "<form action = \"showStory.php\" method=\"POST\">"; echo "<input type=\"hidden\" name=\"token\" value=" . htmlspecialchars($_SESSION['token']) . ">"; echo "<input type=\"hidden\" name=\"replyCommentTo\" value = " . htmlspecialchars($comment_creator) . ">"; echo "<input type=\"submit\" name=\"replyCommentButton\" value=\"Reply\">"; echo "</form>"; } echo "</td>"; echo "</tr>"; } echo "</table>\n"; echo "<p></p>"; } }
} } else { echo "ファイル未選択"; } $dbh = connectDatabase(); $sql = "insert into image (name, title, file_name, created_at, updated_at) values (:name, :title, :file_name, now(), now())"; $stmt = $dbh->prepare($sql); $stmt->bindParam(":name", $name); $stmt->bindParam(":title", $title); $stmt->bindParam(":file_name", $img_name); $stmt->execute(); header('Location: index.php'); exit; } } $dbh = connectDatabase(); $sql = "select * from image order by updated_at desc"; $stmt = $dbh->prepare($sql); $stmt->execute(); $posts = $stmt->fetchAll(PDO::FETCH_ASSOC); // var_dump($posts); ?> <!DOCTYPEhtml> <html> <head> <meta charset="utf-8"> <title>会員制掲示板</title> </head> <body> <h1><?php
/** * @return User */ public function createUser() { $user_mapper = new UserMapper(connectDatabase()); $user = ["name" => $this->name, "email" => $this->email, "image_type" => $this->image_type, "image_file" => $this->image_file]; return $user_mapper->create($user); }
function addUser($name, $surname, $email, $acctype, $indeks) { // wywołanie funkcji łączącej się z bazą $database = connectDatabase(); $login; // zwrócenie błędu jeśli nie dostano zasobu bazy if ($database == false) { return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>"; } if ($acctype == "admin") { $login = $indeks; @ $result = $database->query("select login from users where login='******'"); if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } if ($result->num_rows > 0) { return "<p>Podany login jest już zarejestrowany</p>"; } @ $result = $database->query("select min(indeks) from users"); if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } $row = $result->fetch_row(); $indeks = $row[0] - 1; } else { @ $result = $database->query("select indeks from users where indeks='$indeks'"); if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } if ($result->num_rows > 0) { return "<p>Numer indeksu jest już zarejestrowany.</p>"; } } @ $result = $database->query("select mail from users where mail='$email'"); if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } if ($result->num_rows > 0) { return "<p>Adres email jest już zarejestrowany</p>"; } //$password = $name . $surname; $zestaw_znakow = 'qwertyuiopasdfghjklzxcvbnm0123456789'; $password = ''; $dlugosc_zestawu = strlen($zestaw_znakow)-1; for ( $i = 0; $i <= 7; $i++ ) { $losowy = rand(0, $dlugosc_zestawu); $password .= $zestaw_znakow{$losowy}; } //echo $password; if ($acctype == "admin") { @ $result = $database->query("insert into users (name, surname, login, pass, mail, indeks) values ('$name', '$surname', '$login', sha1('$password'), '$email', '$indeks')"); } else { @ $result = $database->query("insert into users (name, surname, pass, mail, indeks) values ('$name', '$surname', sha1('$password'), '$email', '$indeks')"); } // jeśli nie udało się wykonać zapytania if ($result == false) { return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>"; } else { $mess1 = "Twoje konto na serwisie spoj-clone jest już aktywne. Dane do pierwszego logowania:\n\nLogin: "******" (numer twojego indeksu)\nHasło: "; $mess3 = "\n\nNie zapomnij o stworzeniu własnego loginu po pierwszym logowaniu.\n\n--------------------\n". "Życzymi miłego rozwiązywania\nspoj-clone development team\n"; $headers = 'From: Spoj-Clone_admin@213.184.8.82'."\r\n".'Reply-To: Spoj-Clone_admin@213.184.8.82'."\r\n"; mail($email, 'Witamy na spoj-clone [Dominatrix 2000]!!!', wordwrap($mess1.$login.$mess2.$password.$mess3, 70), $headers); return "<p>Użytkownik został dodany</p>"; } $database->close(); }
<?php include 'qFunctions.php'; $ClientiP = getIP(); $date = getDateYMDHIS(); $conn = connectDatabase("localhost", "root", "password29", "questionnaire"); $numberColumns = getNumberColumn("questionnaire", "general_information", $conn); registerInTable("general_information", $_POST, $date, $ClientiP, $numberColumns, $conn); $conn = connectDatabase("localhost", "root", "password29", "questionnaire"); registerInTable("mechanicalpen", $_POST, $date, $ClientiP, $numberColumns, $conn); disconnectDatabase($conn);
if (!isset($_POST['cpword']) || $_POST['cpword'] == "") { $nameErr = "Password is required"; } else { if (!preg_match("/^[a-zA-Z ]*\$/", $_POST['first_name']) || !preg_match("/^[a-zA-Z ]*\$/", $_POST['last_name'])) { $nameErr = "Only letters and white space allowed"; } else { $first_name = $_POST["first_name"]; $last_name = $_POST["last_name"]; $email = $_POST["email"]; $phone = $_POST["phone"]; $pword = $_POST["pword"]; $cpword = $_POST["cpword"]; if ($pword != $cpword) { echo '<font color = "red">Passwords do not match</font><br>'; } $link = connectDatabase(); $check = checkNewUser($email, $link); if (FALSE == $check) { $flag = addNewUser($first_name, $last_name, $email, $phone, $pword, $link); if (FALSE == $flag) { echo '<font color = "red">Oops techie issues !!</font><br>'; } else { echo "<script type='text/javascript'>alert('User " . $email . " was created successfully.');</script>"; closeConn($link); } } else { echo "<script type='text/javascript'>alert('User " . $email . " already registered.');</script>"; } } } }
機能を使用することができます。 勤怠情報とカレンダー部分はPDF,EXCEL出力することが可能です。 作成者 : 鈴木一紘 作成日 : 2015/8/27 ===================================================================================== */ //セッション使用開始 session_start(); //インクルード require_once '../lib/mysql.inc'; require_once '../lib/db.inc'; require_once '../lib/util.inc'; require_once 'settingRestTime_model.inc'; //データベース接続 if (!connectDatabase($db)) { $errmsg = "DB接続エラーが発生しました。"; //エラー画面へ遷移 callErrorPage($errMsg, "logout"); exit; } //セッションチェック if (!isset($_SESSION['userinfo'])) { //セッション切れの場合、エラー画面に遷移 callErrorPage("セッション切れのためメインメニュー画面を表示できませんでした。再度ログインしてください。", "logout"); exit; } //クラスをインスタンス化 $model = new settingRestTime_model(); //画面項目取得 $model->getForm();
function searchFor($procFunc, $keyword, $sort, $by) { $email = ""; $firstName = ""; $lastName = ""; $result = []; $resultArray = array(); $conn = connectDatabase(); $stmt = $conn->prepare($procFunc); $stmt->bind_param("sss", $keyword, $sort, $by); $stmt->execute(); $stmt->bind_result($email, $firstName, $lastName); while ($stmt->fetch()) { $result['email'] = $email; $result['firstName'] = $firstName; $result['lastName'] = $lastName; array_push($resultArray, $result); } closeDatabase($conn); return $resultArray; }