Example #1
0
echo htmlspecialchars($event['Description']);
?>
</textarea>
		</div>
		<div class="form-group">
			<label for="Location">Location</label>
			<input class="form-control" id="Location" type='text' name='Location' placeholder='Where is the event'
				value="<?php 
echo htmlspecialchars($event['Location']);
?>
">
		</div>
		<div class="form-group">
			<label for="Atendees">Group members to invite:</label>
				<br>
				<?php 
foreach ($Members as $attendees) {
    if ($attendees['email'] != get_user($db, get_logged_in_user_id())['email']) {
        echo '<input id="Atendees" type="checkbox" name="Attending[]" value="' . htmlspecialchars($attendees['email']) . '">' . htmlspecialchars($attendees['name']) . '</option><br>';
    }
}
?>
			<?php 
echo "<input type='hidden' value='" . urlencode($_GET['group_id']) . "' name='group_id'>";
?>
			<input type='submit' value='Create' class='btn btn-default'>
		</div>
	</form>
  </body>
</html>
Example #2
0
<?php

require_once 'includes/all.php';
if (!is_logged_in()) {
    header("Location: signin.php");
    exit(0);
}
$db = connect_db();
$user_courses = get_user_courses($db, get_logged_in_user_id());
?>
<!DOCTYPE html>
<html>
<head>
    <title> Search Groups | Study Group Finder </title>
    <?php 
include 'includes/_head.html';
?>
</head>

<body>
    <?php 
include 'includes/_nav.php';
?>

  <div class="breadcrumbs">
    <a href="index.php">Home</a>
    » Search
  </div>

<div class='row'>
    <div class='col-md-6'>
Example #3
0
<?php

require_once 'includes/all.php';
if (!is_logged_in()) {
    header("Status: 403");
    exit;
}
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
    header("Status: 405");
    // method not allowed
    exit;
}
$db = connect_db();
$group = get_group($db, $_POST['group_id']);
$course = get_course($db, $group['course_id']);
$user = get_user($db, get_logged_in_user_id());
function user_is_in_group($db, $user, $group_id)
{
    $stmt = $db->prepare("SELECT EXISTS (SELECT 1 FROM group_members WHERE group_id = :group_id AND user_id = :user_id)");
    $stmt->bindValue(":user_id", $user['id']);
    $stmt->bindValue(":group_id", $group_id);
    $stmt->execute();
    $row = $stmt->fetch(PDO::FETCH_NUM);
    return !!$row[0];
}
function json_die($status, $msg)
{
    header("Status: 400");
    header("Content-Type: application/json");
    echo json_encode(array("error" => $msg));
    exit;
Example #4
0
    // create the group
    // TODO(ae): transation
    if ($action !== 'add_user' && !count($errors)) {
        $stmt = $db->prepare("INSERT INTO groups (course_id, name, day, time, place, campus) VALUES (:course_id, :name, :day, :time, :place, :campus)");
        $stmt->bindValue(":course_id", $form['course']);
        $stmt->bindValue(":name", $form['name']);
        $stmt->bindValue(":day", $form['day']);
        $stmt->bindValue(":time", $form['time']);
        $stmt->bindValue(":place", $form['place']);
        $stmt->bindValue(":campus", $form['campus']);
        $stmt->execute();
        $group_id = $db->lastInsertId();
        $stmt = $db->prepare("INSERT INTO group_members (group_id, user_id) VALUES (:group_id, :user_id)");
        // Add current user to the group
        $stmt->bindValue(":group_id", $group_id, PDO::PARAM_INT);
        $stmt->bindValue(":user_id", get_logged_in_user_id(), PDO::PARAM_INT);
        $stmt->execute();
        // Add any other members
        // TODO(ae): send invites instead
        foreach ($form['members'] as $user_id) {
            $stmt->bindValue(":user_id", $user_id, PDO::PARAM_INT);
            $stmt->execute();
        }
        $url = "group.php?id=" . urlencode($group_id);
        header("Location: " . $url);
        exit(0);
    }
}
// Returns 'has-error' if the key exists in $errors.
function has_error($key)
{
Example #5
0
}
$db = connect_db();
$user = get_user($db, $_GET['id']);
if (!$user) {
    header('Status: 404');
    die('no such user');
}
$courses = get_user_courses($db, $user['id']);
$college = null;
if ($user['college_id']) {
    $q = $db->prepare("SELECT * FROM colleges WHERE id=?");
    $q->bindValue(1, $user['college_id']);
    $q->execute();
    $college = $q->fetch();
}
$is_myself = $user['id'] == get_logged_in_user_id();
$id = $_GET['id'];
?>
<!DOCTYPE html>
<html>
  <head>
    <title><?php 
echo htmlspecialchars($user['name']);
?>
</title>
    <?php 
include 'includes/_head.html';
?>
  </head>

  <body>
Example #6
0
    echo '<a class="btn btn-danger" href="logout.php" role="button">Sign out</a>';
} else {
    echo '<a class="btn btn-success" href="signin.php" role="button">Sign in</a>';
}
?>
          </div>
        </div>
      </div>
    </nav>

    <div class="container">

      <?php 
if (is_logged_in()) {
    ?>
        <div class="masthead">
          <nav>
            <ul class="nav nav-justified">
              <li><a href="index.php">Home</a></li>
              <li><a href="profile.php?id=<?php 
    echo get_logged_in_user_id();
    ?>
">Your Profile</a></li>
				  <li><a href="group.php">Your Groups</a></li>
              <li><a href="newgroup.php">Create a Group</a></li>
              <li><a href="form.php">Search</a></li>
            </ul>
          </nav>
        </div>
      <?php 
}
Example #7
0
require_once 'includes/all.php';
if (!is_logged_in()) {
    header("Location: signin.php");
    exit(0);
}
if (!isset($_GET['id'])) {
    // um
    header('Status: 404');
    die('missing id');
}
$db = connect_db();
if (!is_member($db, get_logged_in_user_id(), $_REQUEST['id'])) {
    header("Status: 403 Forbidden");
    exit("403 Forbidden");
}
$user_groups = get_user_groups($db, get_logged_in_user_id());
$group = get_group($db, $_GET['id']);
$members = get_group_members($db, $_GET['id']);
?>

<!DOCTYPE html>
<html>
  <head>
    <title> Members Editing | Study Group Finder </title>
    <script src="js/jquery-1.12.1.min.js" type="text/javascript"></script>
    <script>
        function reload(id){
            self.location="members_edit.php?id="+id;
        }
    </script>
    <?php
Example #8
0
<?php

require_once 'includes/all.php';
if (!is_logged_in()) {
    header("Location: signin.php");
    exit(0);
}
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
    header('Status: 405');
    // 405 Method Not Allowed
}
$db = connect_db();
$user_id = get_logged_in_user_id();
$pic = $_FILES["fileupload"]["name"];
$tmp = $_FILES["fileupload"]["tmp_name"];
$size = $_FILES["fileupload"]["size"];
$errors = array();
$maxsize = 1048756;
if ($size > $maxsize) {
    $errors[] = "Upload failed: file size {$size} exceeds maximum size of {$maxsize}";
}
if (count($errors)) {
    $_SESSION['flash_errors'] = $errors;
    header("Location: profile_edit.php");
    exit(0);
}
$info = @getimagesize($tmp);
if ($info === false) {
    $errors[] = "Upload failed: not an image";
} else {
    $type = $info[2];
Example #9
0
<?php

require_once 'includes/all.php';
if (!is_logged_in()) {
    header("Location: signin.php");
    exit(0);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $db = connect_db();
    $user = get_user($db, get_logged_in_user_id());
    if (!password_verify($_POST["oldPassword"], $user["password_hash"])) {
        $_SESSION["flash_errors"] = array('Old password did not match current password');
    } else {
        $stmt = $db->prepare("UPDATE users SET password_hash = :password_hash WHERE users.id = :usrId");
        $stmt->bindValue("password_hash", password_hash($_POST["newPassword"], PASSWORD_BCRYPT));
        $stmt->bindValue("usrId", get_logged_in_user_id());
        $stmt->execute();
    }
}
header("Location: profile_edit.php");