function displayOverdueBooks($mid){
$sql = 'SELECT * FROM member WHERE mid=' . $mid;
$rs = executeSqlQuery($sql);
$rMember = mysql_fetch_assoc($rs);
$sql = sprintf("SELECT l.*, c.*, b.* FROM " .
"(loan l LEFT JOIN copy c ON l.copy=c.cid) LEFT JOIN book b ON c.bid=b.bid WHERE l.returned=0 AND l.date_due < '%s' AND l.member=%d",
date("Y-m-d G:i:s"), $rMember['mid']);
$rsBooks = executeSqlQuery($sql);
$noBooks = mysql_num_rows($rsBooks);
$str1 =
'<table>' .
'<tr>' .
'<td colspan=3><strong>' . $rMember['title'] . ' ' . $rMember['firstnames'] . ' ' . $rMember['surname'] . '</strong></td>' .
'</tr>';
$str2 = '';
while($rBook = mysql_fetch_assoc($rsBooks)){
$str2 = $str2 .
'<tr>' .
'<td>' . '[' . $rBook['access_no'] . ']' . '</td>' .
'<td>' . '(' . date("y-m-d", strtotime($rBook['date_loaned'])) . ' » ' . date("y-m-d", strtotime($rBook['date_due'])) . ')' . '</td>' .
'<td>' . "<a href='book_view.php?ID=" . $rBook['bid'] . "'>" . $rBook['title'] . '</a>' . '</td>' .
'</tr>';
}
$str3 = '</table>';
return $str1 . $str2 . $str3;
}
function getPastLoansByMember($member){
if(is_null($member)){
trigger_error('getPastLoansByMember: The member is not valid', E_USER_ERROR);
exit();
}
$sql = sprintf("select l.lid, l.member mid, l.copy cid, l.date_loaned, l.date_due, l.date_returned, " .
"l.loaned_by, c.access_no, b.bid, b.title, b.authors " .
"FROM ( (loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) " .
"WHERE (l.returned=1 AND l.member=%d)", $member['mid']);
$rs = executeSqlQuery($sql);
return $rs;
}
function login($usr,$pwd){
//[Verify that the inputs are good] ------------------------------
if($usr == ''){
$msg = 'Username is blank.<br>Please enter a valid username';
$title = 'Username is Blank';
$backlink = 'index.php';
displayMsg($msg, $title, $backlink);
}
if($pwd == ''){
$msg = 'Password is blank.<br>Please enter a valid password';
$title = 'Password is Blank';
$backlink = 'index.php';
displayMsg($msg, $title, $backlink);
}
//[Get the user entry] ------------------------------
$sql = "SELECT * FROM member WHERE username = '******'";
$rs = executeSqlQuery($sql);
$rowcount = mysql_num_rows($rs);
if ($rowcount==1){
$row = mysql_fetch_assoc($rs);
if($row["password"]==md5($pwd)){ // Passwords match
$_SESSION['CurrentUser'] = $row; //
logEvent('LOGIN',$row['mid'],$row['mid'], addslashes($row['title'] . ' ' . $row['firstnames'] . ' ' . $row['surname']));
if (isset($_SESSION['BackLink']) && ($_SESSION['BackLink']!="")){
header("Location: " . $_SESSION['BackLink']);
exit();
} else {
header("Location: index.php");
exit();
}
} else { // Password doesn't match
$msg = "Password for the user <strong>$usr</strong> is incorrect.<br>Please try again.";
$title = 'Incorrect Password';
$backlink = 'index.php';
displayMsg($msg, $title, $backlink);
}
} elseif($rowcount==0) { // The user was not found
$msg = "The user <strong>$usr</strong> was not found.<br>Please try again.";
$title = 'User not Found';
$backlink = 'index.php';
displayMsg($msg, $title, $backlink);
} else {
trigger_error("DATA INTEGRITY ERROR: while accessing user: <strong>$usr</strong><br>The admin was notified.", E_USER_ERROR);
exit();
}
}
<?php
/**
* @author
* @copyright 2010
*/
include "connection.php";
if (isset($_GET['appid'])) {
$sqlstr = "select signname,signtype,signsize,signcontent from uploadfile where appid ='" . Remove_SQLi(htmlspecialchars(trim($_GET['appid']))) . "'";
$application = executeSqlQuery($sqlstr);
$row = mysql_fetch_array($application);
header("Content-length: " . $row["signsize"]);
header("Content-type: " . $row["signtype"]);
header("Content-Disposition: attachment; filename=" . $row["signname"]);
echo $row["signcontent"];
exit;
} else {
echo "<script type=\"text/javascript\">alert(\"ERROR:: Registration No. is not entered properly. Pls Check\")</script>";
}
// Check availability
$sqlLoans = sprintf("SELECT * FROM loan WHERE copy=%d AND returned=0",$cid);
$recordsetLoans = executeSqlQuery($sqlLoans);
$NoOfLoans = mysql_num_rows($recordsetLoans);
if($NoOfLoans == 0) {
$CopiesString = $CopiesString . "(available)";
} else if ($NoOfLoans == 1 ){
$rowLoan = mysql_fetch_assoc($recordsetLoans);
$mid = $rowLoan['member'];
$due = $rowLoan['date_due'];
// Get member info
$sqlMember = sprintf("SELECT * FROM member WHERE mid=%d",$mid);
$recordsetMembers = executeSqlQuery($sqlMember);
$rowMember = mysql_fetch_assoc($recordsetMembers);
if($rowMember) {
$MemberName = $rowMember['title'] . " " . $rowMember['firstnames'] . " " . $rowMember['surname'];
$CopiesString = $CopiesString . "(with " . $MemberName . ")";
}
mysql_free_result($recordsetMembers);
} else if ($NoOfLoans > 1 ){
$CopiesString = $CopiesString . "(<strong>Data Error</strong>)";
}
mysql_free_result($recordsetLoans);
}
mysql_free_result($recordsetCopies);
?>
<br>
<?php echo $CopiesString; ?>
function IsReserved($bid){ // returns a bool
$sql = sprintf("SELECT * FROM reservation WHERE (status='Active' OR status='Available') AND bid=%d", $bid);
$rs = executeSqlQuery($sql);
$cnt = mysql_num_rows($rs);
if($cnt>0){
return true;
} else{
return false;
}
}
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Pusthaka. If not, see <http://www.gnu.org/licenses/>.
*/
$allow = "ADMIN;LIBSTAFF;PATRON";
$PageTitle = " My Loans";
include('../inc/init.php');
$sql = sprintf("select l.lid, l.member mid, l.copy cid, l.date_loaned, l.date_due, " .
"l.loaned_by, c.access_no, b.* " .
"FROM ( (loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) " .
"WHERE (l.returned=0 AND l.member=%d)", $_SESSION['CurrentUser']['mid']);
$rsL = executeSqlQuery($sql);
$rowcountL = mysql_num_rows($rsL);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Pusthaka: <?php echo $PageTitle; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="css/styles.css" rel="stylesheet" type="text/css">
<script language="JavaScript" src="js/gen_validatorv2.js" type="text/javascript"></script>
</head>
<body>
<?php include("../inc/top.php"); ?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<td colspan="5"><select name="type" id="type">
<option value="<?php echo $row['type']; ?>" selected><?php echo $row['type']; ?></option>
<?php
$sqlType = sprintf("SELECT DISTINCT type FROM member ORDER BY type");
$rsType = executeSqlQuery($sqlType);
while($rowType = mysql_fetch_array($rsType)){
echo "<option value='" . $rowType[0] . "'>" . $rowType[0] . "</option>";
}
?>
</select>
Lending Category
<select name="category" id="category">
<option value="<?php echo $row['category']; ?>" selected><?php echo $row['category']; ?></option>
<?php
$sqlT = sprintf("SELECT DISTINCT member_type FROM lending_settings ORDER BY member_type");
$rsT = executeSqlQuery($sqlT);
while($rowT = mysql_fetch_array($rsT)){
echo "<option value='" . $rowT[0] . "'>" . $rowT[0] . "</option>";
}
?>
</select>
Login Type
<select name="login_type" id="login_type">
<option value="<?php echo $row['login_type']; ?>" selected><?php echo $row['login_type']; ?></option>
<option value='ADMIN'>ADMIN</option>
<option value='LIBSTAFF'>LIBSTAFF</option>
<option value='PATRON'>PATRON</option>
</select>
Status
<select name="expired" id="expired">
<option value="<?php echo $row['expired']; ?>" selected><?php if($row['expired']==0)echo 'Valid'; else echo 'Expired' ?></option>
* Pusthaka is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Pusthaka. If not, see <http://www.gnu.org/licenses/>.
*/
$allow = "ALL";
$PageTitle = "Purchase Requests";
include('../inc/init.php');
// Retrieve records
$sql = "SELECT * FROM prequests ORDER BY title, dt";
$recordset = executeSqlQuery($sql);
$rowcount = mysql_num_rows($recordset);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Pusthaka: <?php echo $PageTitle; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="css/styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php include("../inc/top.php"); ?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
* Pusthaka is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Pusthaka. If not, see <http://www.gnu.org/licenses/>.
*/
$allow = "ADMIN;LIBSTAFF";
$PageTitle = "Loans";
include('../inc/init.php');
$sql = sprintf("SELECT l.*, m.*, c.*, b.* FROM " .
"((loan l LEFT JOIN member m ON l.member=m.mid) LEFT JOIN copy c ON l.copy=c.cid) LEFT JOIN book b ON c.bid=b.bid WHERE returned=0");
$rsBooks = executeSqlQuery($sql);
$noOnLoan = mysql_num_rows($rsBooks);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Pusthaka: <?php echo $PageTitle; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="css/styles.css" rel="stylesheet" type="text/css">
<script language="JavaScript" src="js/gen_validatorv2.js" type="text/javascript"></script>
</head>
<body>
function changeBarcode($copy, $barcode)
{
$sql = sprintf("SELECT * FROM copy WHERE barcode='%s'", $barcode);
$rs = executeSqlQuery($sql);
$cnt = mysql_num_rows($rs);
if ($cnt > 0) { //Specified barcode already exist
$msg = "The barcode <strong>$barcode</strong> already exists!<br>Barcode was not changed<hr>" .
$this->toStringCopy($copy) . '<hr>' .
"<a href='book_copy_edit.php?ID=$cid'>Edit This Copy Again</a> | <a href='book_edit.php?ID=$bid'>Edit the Associated Book</a> | <a href='book_search.php'>Browse Books</a>";
$title = 'No Changes Made';
displayMsg($msg, $title);
}
$sql = sprintf("update copy set barcode='%s' WHERE cid=%d", $barcode, $copy['cid']);
$a = executeSqlNonQuery($sql);
$rows_affected = $a['rows'];
$bid = $copy['bid'];
$cid = $copy['cid'];
if ($rows_affected == 1) {
//[Log Event]---------------------------
$des = '[' . $copy['barcode'] . "] ==> [$barcode]";
logEvent('BOOK_BARCODE', $_SESSION['CurrentUser']['mid'], 0, addslashes($des));
//[Display message] ------------------------------
$msg = "Barcode Changed to: $barcode<br>Copy Details before the change are:<hr>" .
$this->toStringCopy($copy) . '<hr>' .
"<a href='book_copy_edit.php?ID=$cid'>Edit This Copy Again</a> | <a href='book_edit.php?ID=$bid'>Edit the Associated Book</a> | <a href='book_search.php'>Browse Books</a>";
$title = 'Copy Updated';
displayMsg($msg, $title);
} elseif ($rows_affected == 0) {
$msg = 'Barcode was not changed, because you had specified the old barcode as the new one.<hr>' .
$this->toStringCopy($copy) . '<hr>' .
"<a href='book_copy_edit.php?ID=$cid'>Edit This Copy Again</a> | <a href='book_edit.php?ID=$bid'>Edit the Associated Book</a> | <a href='book_search.php'>Browse Books</a>";
$title = 'No Changes Made';
displayMsg($msg, $title);
}
}
<?php
include "connection.php";
if (isset($_GET["appid"]) && isset($_GET["pin"])) {
$appid = trim($_GET["appid"]);
$pin = trim($_GET["pin"]);
$folder = "photo/";
$trans = array("/" => "_");
$filename = strtr($appid, $trans);
$filename2 = $filename . "_" . "1" . ".jpg";
$filename3 = $filename . "_" . "2" . ".jpg";
$sqlstr = "SELECT a.appid,a.post,c.Desc as category,a.aname,a.nationality,a.father,a.dob,a.age_yr,a.mobile,a.pre_address,\r\nb1.block_muni_nm as block1,\r\nsd1.subdiv as subdiv1,a.pre_dist,a.pre_pin,a.pre_state,a.perm_address,b2.block_muni_nm as block2,sd2.subdiv as subdiv2,\r\na.perm_dist,a.perm_pin,a.perm_state,a.m_inst,a.m_year,a.m_total,a.m_marks,a.m_percent,a.m_grade,a.h_inst,a.h_year,a.h_total,\r\na.h_marks,a.h_percent,a.h_grade,a.g_inst,a.g_year,a.g_total,a.g_marks,a.g_percent,a.g_grade,a.p_inst,a.p_year,a.p_total,a.p_marks,a.p_percent,a.p_grade,a.oth_inst,a.oth_year,a.oth_total,a.oth_marks,a.oth_percent,a.oth_grade,\r\na.cert_inst,a.cert_year,a.cert_total,a.cert_marks,a.cert_percent,a.cert_grade,a.email,a.exprience,s1.StateName As State1,s2.StateName As State2,g.Gender,p.PostName as Postname from ((((((((( applicant as a inner join sex as g on a.sex=g.Code) inner join post as p on a.post = p.PostCode) inner join state as s1 on a.pre_state=s1.Code) inner join state as s2 on a.perm_state=s2.Code)inner join block_muni as b1 on a.pre_block=b1.block_municd)\r\ninner join block_muni as b2 on a.perm_block=b2.block_municd)inner join subdivision as sd1 on a.pre_subdiv=sd1.sdiv_cd)inner join subdivision as sd2 on a.perm_subdiv=sd2.sdiv_cd)inner join cast as c on a.category=c.Code)where a.appid = '" . $appid . "' and md5(md5(`pin`)+111111)='" . $pin . "'";
$result = executeSqlQuery($sqlstr);
if ($row = mysql_fetch_array($result)) {
} else {
header("Location: Add_image.php");
exit;
}
} else {
header("Location: Application_Reprint.php");
exit;
}
?>
<html>
<head>
<title>Application Print</title>
<style type="text/css">
body {
bgcolor:white;
color:black;
font-family : verdana;
* You should have received a copy of the GNU General Public License
* along with Pusthaka. If not, see <http://www.gnu.org/licenses/>.
*/
// $allow = "ADMIN;LIBSTAFF";
$allow = "ADMIN";
$PageTitle = "Edit Book";
include('../inc/init.php');
$bks = new Books;
/** Update 200701 inventory correctness check */
$iBID = isset($_REQUEST['ID'])?$_REQUEST['ID']:$_REQUEST['bid'];
// check the status of this book
$sql3 = "SELECT * FROM book_check WHERE name='200701' AND bid=" . $iBID;
$rs3 = executeSqlQuery($sql3);
$rowcount3 = mysql_num_rows($rs3);
if($rowcount3>0){ // already checked-in
$already_checked = true;
$checkRow = mysql_fetch_assoc($rs3);
} else {
$already_checked = false;
}
// set this book as checked
if(isset($_POST['BtnCheckBook'])){
$current_time = date("Y-m-d G:i:s");
$sql4 = sprintf("INSERT into book_check (name, datetime, bid, checked, mid, comments) VALUES ('200701','%s',%d,1,%d,'')",
$current_time, $iBID, $_SESSION['CurrentUser']['mid']);
$a = executeSqlNonQuery($sql4);
$rowsUpdated = $a['rows'];
function CalcDateDue($rowCopy, $rowMember, $date_loaned){
// Retrieve from DB the number of days allowed on loan for this book's lending type to this member category
$sql = sprintf("select * from lending_settings where book_type='%s' AND member_type='%s'",
$rowCopy['lending_type'], $rowMember['category']);
$rs = executeSqlQuery($sql);
$cnt = mysql_num_rows($rs);
if ($cnt==0){ // No entry
$_SESSION['msg'] = "The lending settings for this (member category <--> book lending type) is not defined.<br>" .
"Member Category = " . $rowMember['category'] . ", Book Lending Type = " . $rowCopy['lending_type'] . "<br>" .
"Please ask the SYS ADMIN to define these settings.";
$_SESSION['msgIcon'] = 'ERROR';
header("Location: " . $_SERVER['PHP_SELF']);
exit();
} elseif ($cnt==1){ //There is an entry
$sr = mysql_fetch_assoc($rs); // (Lending) Settings Row
} elseif($cnt>1){ // Duplicate entry
$_SESSION['msg'] = "ERROR: The lending_settings table contains a duplicate entry for:<br>" .
"Member Category = " . $rowMember['category'] . ", Book Lending Type = " . $rowCopy['lending_type'] . "<br>" .
"Please ask the SYS ADMIN to fix this error";
$_SESSION['msgIcon'] = 'ERROR';
return false;
} else { // Just in case
$_SESSION['msgFR'] = "An un-identified error occurred.";
$_SESSION['msgFRIcon'] = 'ERROR';
return false;
}
$days_allowed = $sr['days_allowed'];
$dt = strtotime($date_loaned);
$y = date("Y",$dt); $m = date("m",$dt); $d = date("d",$dt);
$dueDateTS = mktime(0,0,0,$m,$d+$days_allowed,$y);
$dueDate = date("Y-m-d G:i:s",$dueDateTS);
return $dueDate;
}
function check_appid($appid, &$pin)
{
$email = "";
$sqlstr = "select * from applicant where appid = '" . Remove_SQLi($appid) . "'";
$rec = executeSqlQuery($sqlstr);
if ($row = mysql_fetch_array($rec)) {
$email = $row["email"];
$pin = $row["pin"];
} else {
$email = "";
$pin = "";
}
return $email;
}
function changeBarcode($member, $barcode){
$sql = sprintf("SELECT * FROM member WHERE barcode='%s'", $barcode);
$rs = executeSqlQuery($sql);
$cnt = mysql_num_rows($rs);
if($cnt>0){ //Specified barcode already exist
$midT = $member['mid'];
$msg = "The barcode <strong>$barcode</strong> already exists!<br>Barcode was not changed<hr>" .
$this->toString($member) . '<hr>' .
"<a href='member_edit.php?ID=$midT'>Edit Again</a> | <a href='member_view.php?ID=$midT'>View Full Details</a> | <a href='member_browse.php'>Browse Members</a>";
$title = 'No Changes Made';
displayMsg($msg,$title);
}
$sql = sprintf("update member set barcode='%s' WHERE mid=%d", $barcode, $member['mid']);
$a = executeSqlNonQuery($sql);
$rows_affected = $a['rows'];
$midT = $member['mid'];
if ($rows_affected == 1) {
//[Log Event]---------------------------
$des = '[' . $member['barcode'] . "] ==> [$barcode]";
logEvent('MEMBER_BARCODE', $_SESSION['CurrentUser']['mid'], $member['mid'], addslashes($des));
//[Display message] ------------------------------
$msg = "Barcode Changed to: <strong>$barcode</strong><br>Member Details before the change are:<hr>" .
$this->toString($member) . '<hr>' .
"<a href='member_edit.php?ID=$midT'>Edit Again</a> | <a href='member_view.php?ID=$midT'>View Full Details</a> | <a href='member_browse.php'>Browse Members</a>";
$title = 'Member Barcode Changed';
displayMsg($msg,$title);
} elseif ($rows_affected == 0) {
$msg = 'Barcode was not changed, because you had specified the old barcode as the new one.<hr>' .
$this->toString($member) . '<hr>' .
"<a href='member_edit.php?ID=$midT'>Edit Again</a> | <a href='member_view.php?ID=$midT'>View Full Details</a> | <a href='member_browse.php'>Browse Members</a>";
$title = 'No Changes Made';
displayMsg($msg, $title);
}
}
$sql = sprintf("select l.lid, l.member mid, l.copy cid, l.date_loaned, l.date_due, " .
"l.loaned_by, c.*, b.bid, b.title, b.authors " .
"FROM ( (loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) " .
"WHERE (l.returned=0 AND l.member=%d)", $mid);
$rsL = executeSqlQuery($sql);
$rowcountL = mysql_num_rows($rsL);
// ------------------------------------------------------------------------------------
// Get outstanding payments into $rsOP
$sql = 'SELECT * FROM payable WHERE mid=' . $mid;
$rsOP = executeSqlQuery($sql);
$outstandingPayments = 0;
while($r = mysql_fetch_assoc($rsOP)){
$outstandingPayments += $r['amount'];
}
$rsOP = executeSqlQuery($sql);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Pusthaka: <?php echo $PageTitle; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="css/styles.css" rel="stylesheet" type="text/css">
<link href="css/ir2.css" rel="stylesheet" type="text/css">
</head>
<body <?php if(!isset($_SESSION['Confirm'])) { echo "onload='ir2.Number.focus();'"; } else {echo "onload='ir2.BtnConfirmYes.focus();'";}?> >
<?php include("../inc/top.php"); ?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="margin"><table width="100%" border="0">
function appid_exists($appid)
{
$retval = false;
$sqlstr = "select * from uploadfile where appid = '" . Remove_SQLi($appid) . "'";
$rec = executeSqlQuery($sqlstr);
if ($row = mysql_fetch_array($rec)) {
$retval = true;
} else {
$retval = false;
}
return $retval;
}
<?php
$sdid = $_GET["sdid"];
include "connection.php";
$sqlQList = "Select * from block_muni where sdiv_cd='" . $sdid . "'";
$QList1 = executeSqlQuery($sqlQList);
while ($row1 = mysql_fetch_array($QList1)) {
?>
<option value="<?php
echo $row1["block_muni_nm"];
?>
"><?php
echo $row1["block_muni_nm"];
?>
</option>
<?php
}
$rowNo = $_GET["rowNo"];
include "connection.php";
?>
<tr>
<td height="48" bgcolor="#FFFFFF">
<div align="center">
<select class="listMenu" name="ed00<?php
echo $rowNo + 1;
?>
" id="ed00<?php
echo $rowNo + 1;
?>
">
<?php
$sqlquali = "select * from qualification";
$exam = executeSqlQuery($sqlquali);
echo "<option value=\"0\">--Select Examination Passed--</>";
while ($row = mysql_fetch_array($exam)) {
?>
<option value="<?php
echo $row["desc"];
?>
"><?php
echo $row["desc"];
?>
</option>
<?php
}
?>
</select>
</div>
function GetappId($post)
{
$slno = "";
$sqlstr = "select * from post where PostCode = '" . Remove_SQLi($post) . "'";
$maxno = executeSqlQuery($sqlstr);
if ($row = mysql_fetch_array($maxno)) {
$slno = $row["abbr"] . "/" . $row["SlNo"];
$str = "update post set SlNo = SlNo + 1 where PostCode = '" . Remove_SQLi($post) . "'";
executeSqlQuery($str);
} else {
echo "<script type=\"text/javascript\">alert(\"ERROR :: Registration No not Set in Database. Please call admin\")</script>";
}
return $slno;
}
function check_pin_appid($pin, $appid)
{
$retval = false;
$sqlstr = "select * from applicant where appid = '" . Remove_SQLi($appid) . "' and pin = '" . Remove_SQLi($pin) . "'";
$rec = executeSqlQuery($sqlstr);
if ($row = mysql_fetch_array($rec)) {
$retval = true;
} else {
$retval = false;
}
return $retval;
}
<strong>
<font color="#003399" size="1"
face="Arial, Helvetica, sans-serif">Institute</font>
</strong>
</div>
</div>
</td>
<td width="18%">
<div align="center"><strong><font color="#003399" size="1"
face="Arial, Helvetica, sans-serif">Course
Duration (in Month)</font></strong></div>
</td>
</tr>
<?php
$sqlcomp = "select * from compknowledge where appid='" . $appid . "' order by id asc";
$compList = executeSqlQuery($sqlcomp);
while ($compRow = mysql_fetch_array($compList)) {
?>
<tr>
<td height="22">
<div align="center">
<font size="1"
face="Arial, Helvetica, sans-serif">
<strong> <?php
if ($compRow["course"] != "") {
echo $compRow["course"];
} else {
echo "------";
}
?>
</strong>
$date_end = $y . '-' . $m . '-' . $d . " 23:59:59";
}
if($_REQUEST['IR']=='Issues'){
$sql = sprintf("select l.lid, l.copy cid, l.date_loaned, l.date_due, l.date_returned, " .
"l.loaned_by, c.access_no, b.*, m.mid, concat(m.title, ' ', m.firstnames, ' ', m.surname) AS member_name " .
"FROM ( ((loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) LEFT JOIN member m ON m.mid =l.member ) " .
"WHERE (l.date_loaned > '%s' AND l.date_loaned < '%s') ORDER BY date_loaned DESC", $date_start, $date_end);
$rs1 = executeSqlQuery($sql);
$rs1count = mysql_num_rows($rs1);
} elseif($_REQUEST['IR']=='Returns'){
$sql = sprintf("select l.lid, l.copy cid, l.date_loaned, l.date_due, l.date_returned, " .
"l.loaned_by, c.access_no, b.*, m.mid, concat(m.title, ' ', m.firstnames, ' ', m.surname) AS member_name " .
"FROM ( ((loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) LEFT JOIN member m ON m.mid =l.member ) " .
"WHERE (l.date_returned > '%s' AND l.date_returned < '%s') ORDER BY date_returned DESC", $date_start, $date_end);
$rs2 = executeSqlQuery($sql);
$rs2count = mysql_num_rows($rs2);
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Pusthaka: <?php echo $PageTitle; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="css/styles.css" rel="stylesheet" type="text/css">
<script language="JavaScript" src="js/gen_validatorv2.js" type="text/javascript"></script>
</head>
<body>
$img = new Securimage();
$valid = $img->check($_POST['code']);
$sqlstr = "SELECT * FROM user where userid ='" . Remove_SQLi(htmlspecialchars($_POST['user'])) . "' AND md5(concat(md5(`pass`),md5('" . $_POST['LoginToken'] . "')))='" . Remove_SQLi(htmlspecialchars($_POST['passWD'])) . "'";
$result = executeSqlQuery($sqlstr);
$row = mysql_fetch_array($result);
if ($row != NULL && $valid) {
session_regenerate_id();
$_SESSION['userid'] = $row['userid'];
$_SESSION['ID'] = session_id();
$action = "JustLoggedIn";
$Qry = "INSERT INTO audit_trail (`SessionID`,`IP`,`Referrer`,`UserAgent`,`UserID`,`URL`,`Action`,`Method`,`URI`) values" . "('" . $_SESSION['ID'] . "','" . $_SERVER['REMOTE_ADDR'] . "','" . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . "','" . $_SERVER['HTTP_USER_AGENT'] . "','" . $_SESSION['userid'] . "','" . mysql_real_escape_string($_SERVER['PHP_SELF']) . "','Login: Success','" . mysql_real_escape_string($_SERVER['REQUEST_METHOD']) . "','" . mysql_real_escape_string($_SERVER['REQUEST_URI'] . $_SERVER['QUERY_STRING']) . "')";
executeSqlQuery($Qry);
} else {
$action = "NoAccess";
$Qry = "INSERT INTO audit_trail (`SessionID`,`IP`,`Referrer`,`UserAgent`,`UserID`,`URL`,`Action`,`Method`,`URI`) values" . "('" . $_SESSION['ID'] . "','" . $_SERVER['REMOTE_ADDR'] . "','" . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . "','" . $_SERVER['HTTP_USER_AGENT'] . "','" . $_POST['user'] . "','" . mysql_real_escape_string($_SERVER['PHP_SELF']) . "','Login: Failed','" . mysql_real_escape_string($_SERVER['REQUEST_METHOD']) . "','" . mysql_real_escape_string($_SERVER['REQUEST_URI'] . $_SERVER['QUERY_STRING']) . "')";
executeSqlQuery($Qry);
}
}
}
}
?>
<html><head><title></title>
</head>
<body>
<?php
switch ($action) {
case "LogOut":
echo "<h2 align=\"center\">Thank You! You Have Successfully Logged Out!</h2>";
echo "<br><h2 align=\"center\"><a href=\"index.php\">Login</a></h2>";
break;
case "JustLoggedIn":
