function __construct()
{
$this->DBConnArray = getDBConn();
if (!$this->DBConnArray['ErrorReturn']['Success']) {
$_SESSION['returnArray'] = $this->DBConnArray['ErrorReturn']['ErrorMessage'];
#header("Location: " . $_SERVER['HTTP_REFERER']);
return;
}
}
$hold = htmlspecialchars($value);
$hold = trim($hold);
$hold = stripslashes($hold);
$postArray[$name] = $hold;
}
$listStr = preg_replace("/\\)/", "", $_REQUEST['date_list']);
$listArr = explode("(", $listStr);
$invoiceList = array();
foreach ($listArr as $ownDtPair) {
$arr = explode(",", $ownDtPair);
if (!isset($arr[1])) {
continue;
}
$invoiceList[$arr[0]][] = $arr[1];
}
$DBConnArray = getDBConn();
if (!$DBConnArray['ErrorReturn']['Success']) {
echo json_encode(array('table' => $DBConnArray['ErrorReturn']['ErrorMessage']));
}
########################################################
# get all relevant owners
########################################################
$sql = "SELECT o.* FROM owners as o, users as u, canners as c \n\t\tWHERE u.id=c.user_id AND o.canner_id = c.user_id\n\t\tAND u.email_address = '" . $postArray['email_address'] . "'\n\t\tORDER BY o.collection_day, city_address;";
$returnArray = getDataSet($DBConnArray, $sql);
if (!$returnArray['ErrorReturn']['Success']) {
echo json_encode(array('table' => $DBConnArray['ErrorReturn']['ErrorMessage']));
return;
}
##########################################################
# get invoices and payments
##########################################################
<?php
require_once "config.php";
$db_link = getDBConn();
function getDBConn()
{
set_time_limit(1);
@($db_link = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE)) or print "";
//emailAdmin("Could not connect", "Could not connect to database (utilities.getDBConn):".mysql_error());
//die('Could not connect: ' . mysql_error());
if ($db_link) {
print mysql_error();
return $db_link;
}
}
function doRegister()
{
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$_SESSION['registered'] = false;
$_SESSION['msgToUser'] = "******";
header('Location: register.php');
die;
}
if ($_POST["password"] != $_POST["password2"]) {
$_SESSION['registered'] = false;
$_SESSION['msgToUser'] = "******";
header('Location: register.php');
die;
}
if (strlen($_POST["password"]) < 8) {
$_SESSION['registered'] = false;
$_SESSION['msgToUser'] = "******";
header('Location: register.php');
die;
}
$dbcon = getDBConn();
$stmt = $dbcon->prepare("SELECT `fname` from `users` WHERE `email` = :email");
$stmt->bindParam(':email', $_POST["email"]);
$stmt->execute();
if ($stmt->rowCount() > 0) {
//A user with that email already exists
$_SESSION['registered'] = false;
header('Location: index.php');
} else {
//No user exists so we can register
$pword_hash = password_hash($_POST["password"], PASSWORD_DEFAULT);
$stmt = $dbcon->prepare("INSERT INTO `users` (fname,lname,email,pword,admin) VALUES (:fname,:lname,:email,:pword,FALSE)");
$stmt->bindParam(':fname', $_POST["fname"]);
$stmt->bindParam(':lname', $_POST["lname"]);
$stmt->bindParam(':email', $_POST["email"]);
$stmt->bindParam(':pword', $pword_hash);
$stmt->execute();
$_SESSION['registered'] = true;
header('Location: index.php');
}
}
<?php
include 'functions.php';
doHeader('Upload Project');
$conn = getDBConn();
$ending = ".php";
if (isset($_POST['submit'])) {
$urlname = str_replace(' ', '', $_POST['name']) . $ending;
$stmt = $conn->prepare("INSERT INTO projects (name, description, location)\n VALUES (:name, :description, :loc)");
$stmt->bindValue(':name', htmlentities($_POST['name']));
$stmt->bindValue(':description', htmlentities($_POST['desc']));
$stmt->bindValue(':loc', htmlentities($_POST['loc']));
$stmt->execute();
}
?>
<h2>Upload a Project </h2>
<?php
if (isset($_POST['submit'])) {
echo "<p class='red'> " . $_POST['name'] . " has been successfully uploaded at " . $urlname . "</p>";
echo "<p class='red'>Edit the page <a href='" . $urlname . "'>here.</a></p>";
}
?>
<hr class='separator' align='left'>
<form action="uploadProj.php" name="uploadForm" method="post">
<div class="form-group">
<label>
Name:
function getProductDesc($productNum)
{
$db = getDBConn(getCurrentUser());
$stmt = $db->prepare("SELECT Description FROM AT_Product WHERE ID = :productID");
$stmt->execute(array(':productID' => $productNum));
$description = $stmt->fetchColumn();
return $description;
}
function getPage()
{
$NUMPERPAGE = 10;
$pageToGet = intval($_POST["pageNumber"]);
$pageToGet--;
$sql = "SELECT * FROM `dinfo`";
$dbconn = getDBConn();
$numEntries = $dbconn->query($sql)->rowCount();
$numPages = (int) $numEntries / $NUMPERPAGE;
if ($pageToGet < $numPages && $pageToGet >= 0) {
$startIndex = $pageToGet * $NUMPERPAGE;
$sql2 = "SELECT `dname` FROM `dinfo` LIMIT :numPerPage OFFSET :start";
$drinkInfo = $dbconn->prepare($sql2);
$drinkInfo->bindParam(":numPerPage", $NUMPERPAGE, PDO::PARAM_INT);
$drinkInfo->bindParam(":start", $startIndex, PDO::PARAM_INT);
$drinkInfo->execute();
$drinkInfoResult = $drinkInfo->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($drinkInfoResult);
}
}
function addAdmin()
{
$dbconn = getDBConn();
$stmt = $dbconn->prepare("UPDATE `users` SET admin= 1 WHERE id = :id");
$stmt->bindParam(':id', $_POST['addadmin']);
$stmt->execute();
header("Location: admin.php");
}
