Example #1
0
function checkLogin($email, $password)
{
    $person = getPersonId($email);
    if (!$person || $password != $person["password"]) {
        return false;
    }
    return $person["person_id"];
}
Example #2
0
// Sanitize the inputs a little bit.
$declarationId = (int)$_GET['declaration_id'];
$startWord = (int)$_GET['start_word'];
$endWord = (int)$_GET['end_word'];
$action = $_GET['action'];

// The content is duplicated from what's in the declaration itself, but we
// want to do this in case in some future we start correcting or editing
// declarations, in which case we'll need to realign the highlights.
$content = mysql_real_escape_string($_GET['content']);

if ($action == 'add') {
  insertHighlight($uid, $declarationId, $startWord, $endWord, $content);
} else {
  deleteHighlight($uid, $declarationId, $startWord, $endWord, $content);
}
// Also record this in the moderation queue so we can see who added what.
$ip = $_SERVER['REMOTE_ADDR'];
$userLogin = getUserLogin($uid);
$personId = getPersonId($declarationId);

mysql_query(
  "INSERT INTO moderation_queue(type, idperson, value, ip, time)
   VALUES('highlight', {$personId}, 'highlight by {$userLogin}', '$ip',
          ". time() . ")");

echo "OK";

require_once('../_bottom.php');
?>
    }
    if (($values[] = getValue('average')) === null) {
        error('Invalid calling - no average');
    }
    if (($values[] = getRecord('regionalSingleRecord')) === null) {
        error('Invalid calling - no regionalSingleRecord');
    }
    if (($values[] = getRecord('regionalAverageRecord')) === null) {
        error('Invalid calling - no regionalAverageRecord');
    }
    $values[] = $resultId;
    pdo_query('UPDATE Results ' . 'SET value1=?, value2=?, value3=?, value4=?, value5=?, best=?, average=?, regionalSingleRecord=?, regionalAverageRecord=? ' . 'WHERE id=?', $values);
    die('{"success":1}');
} else {
    // provide data
    if (!($personId = getPersonId())) {
        error('Invalid calling - no personId');
    }
    if ($competitionId = getCompetitionId()) {
        if ($eventId = getEventId()) {
            $roundId = getRoundId();
        } else {
            $roundId = null;
        }
    } else {
        $eventId = null;
        $roundId = null;
    }
    $return = array();
    if (!$competitionId) {
        $result = pdo_query('SELECT name FROM Persons WHERE id=?', array($personId));