<?php $id; if (isset($_GET['id'])) { $id = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT); echo "Welcome to " . find_name($id, $mysqli) . "'s posts! You can view all of them from here."; } else { $id = $_SESSION['user_id']; echo "Welcome to your posts, <b>" . find_name($id, $mysqli) . "</b>! You can edit any post you created."; } //echo $id."<br>"; if ($stmt = $shopsv->prepare("SELECT * \n\tFROM posted_lists WHERE user_id = ?")) { $stmt->bind_param('i', $id); $stmt->execute(); $result = $stmt->get_result(); while ($row = $result->fetch_assoc()) { // Get matching name from secure_login $usern = find_name($row["user_id"], $mysqli); echo '<table border="1" style="width:100%">'; if ($id == $_SESSION['user_id']) { echo '<tr><td colspan="2"><a href="edit.php?post_id=' . $row['post_id'] . '">' . 'Edit' . '</a></td></tr>'; } else { echo '<tr><th scope="col" colspan="2">' . $usern . ' says... </th></tr>'; } echo '<tr><td colspan="2">' . nl2br(htmlspecialchars($row["header"])) . '</td></tr>'; echo '<tr><td colspan="2">' . nl2br(htmlspecialchars($row["text"])) . '</td></tr>'; echo '<tr><td>Drop off: ' . htmlspecialchars($row['drop_off']) . '</td><td>Fee: $' . $row['fee'] . '</td><tr>'; echo "</table><br>"; } } ?> </html>
function create_rights($data) { global $db; $person_id = 0; $group_id = 0; $person_name = $data['person']['name']; if ($person_name) { $id_name = find_name('person', $person_name, false, 'exact'); if (count($id_name) == 1) { list($person_id, $person_name) = each($id_name); } } $group_name = $data['group']['name']; if ($group_name) { $id_name = find_name('group', $group_name, false, 'exact'); if (count($id_name) == 1) { list($group_id, $group_name) = each($id_name); } } if ($person_id) { $query = 'filesystem_rights_person ( fs_id, person_id, rights ) values ( "' . $this->data['id'] . '", "' . $person_id . '", "' . implode_rights($data['person']) . '" )'; $db->insert($query); } if ($group_id) { $query = 'filesystem_rights_group ( fs_id, group_id, rights ) values ( "' . $this->data['id'] . '", "' . $group_id . '", "' . implode_rights($data['group']) . '" )'; $db->insert($query); } }
function list_names(&$data, $type) { $data[$type] = array(); $string = ''; $ids = array(); if (isset($_POST[$type])) { $string = $_POST[$type]; if ($string) { $ids = find_name($type, $string); } foreach ($ids as $id => $name) { $data[$type][$id] = array('id' => $id, 'name' => $name); } } $data[$type . '_name'] = stripslashes(mask_html($string)); $data[$type . '_count'] = count($ids); }