Example #1
0
// INFO REPONSES
$comments = getComments($id);
$contents['comments'] = $comments;
// FIN INFO REPONSES
if (connected()) {
    $id_user = $_SESSION['id'];
    $userDetails = getUserDetails($id_user)['pseudo'];
    $contents['pseudo1'] = $userDetails;
    $userImage = getImages($id_user);
    $contents['lien1'] = $userImage['lien'];
}
/**** Préparation de la vue ****/
$title = $titre['titre'];
$styles = ['forum.css', 'search.css'];
/**** Affichage de la page ****/
//Appel de la vue :
if (empty($_POST)) {
    // Le formulaire n'a pas été rempli
    vue(['sujet'], $styles, $title, $contents);
} else {
    if ($_POST['contenu']) {
        if (connected()) {
            insertMessage($_POST['contenu'], $id, $id_user);
            header('Location: ' . getLink(['forum', 'sujet', $id, 0]));
            exit;
        }
    } else {
        alert('error', 'Vous n\'avez rien écrit !');
        vue(['sujet'], $styles, $title, $contents);
    }
}
    $path = sendMessage($from, $to, array());
    if (count($path) == 0) {
        if ($from == $to) {
            insertMessage($from, $to, $message, "received");
            echo "received";
        } else {
            $path = sendMessageIgnoreInactive($from, $to, array());
            echo json_encode($path);
        }
    } else {
        //        if($from==$to){
        //            insertMessage($from,$to,$message,"received");
        //            echo "received";
        //        }else {
        echo json_encode($path);
        //        }
    }
} else {
    if ($type == "second") {
        $path = sendMessage($from, $to, array());
        if (count($path) == 0) {
            echo "blocked";
        } else {
            echo json_encode($path);
        }
    } else {
        if ($type == "third") {
            insertMessage($from, $to, $message, "received");
        }
    }
}
            insertComment($comment, $sender, $receiver, $postid);
        }
    } else {
        //Get comments petition
        getPostComments($postid);
    }
} else {
    //We know It is a chat message
    if (isset($_POST["check"])) {
        //Get chat messages
        getChatMessages($sender, $receiver);
    } else {
        //Here, We insert a new chat message
        $message = $_POST["message"];
        if (checkSQLInjection($message)) {
            insertMessage($message, $sender, $receiver);
        }
    }
}
function checkSQLInjection($data)
{
    $input = strtolower($data);
    if (strpos($input, 'select') !== 0 and strpos($input, 'alter table') !== 0 and strpos($input, 'update') !== 0 and strpos($input, 'delete') !== 0 and strpos($input, 'insert into') !== 0) {
        return 1;
    } else {
        return 0;
    }
}
function insertMessage($message, $sender, $receiver)
{
    $conn = mysqli_connect("localhost", "adminID5Rju3", "Rz5h2JWnm4xd", "tweb");
Example #4
0
        die("Error: " . mysql_error());
    } else {
        return $res;
    }
}
/******************************
	MANAGE REQUESTS
/******************************/
if (!$_POST['action']) {
    //We are redirecting people to the welcome page if they try to enter in our shoutbox.php
    header("Location: welcome.php");
} else {
    $link = connect(HOST, USER, PASSWORD);
    switch ($_POST['action']) {
        case "update":
            $res = getContent($link, 20);
            while ($row = mysql_fetch_array($res)) {
                if ($row['user'] == "Roobarb_admin") {
                    $result .= "<li><strong><span style='color:red'>Roobarb</span></strong><img src=\"css/img_shoutbox/bullet.gif\" alt=\"-\" />" . $row['message'] . " <span class=\"date\">(" . $row['date'] . ")</span></li>";
                } else {
                    $result .= "<li><strong>" . $row['user'] . "</strong><img src=\"css/img_shoutbox/bullet.gif\" alt=\"-\" />" . $row['message'] . " <span class=\"date\">(" . $row['date'] . ")</span></li>";
                }
            }
            echo $result;
            break;
        case "insert":
            echo insertMessage($_POST['nick'], $_POST['message']);
            break;
    }
    mysql_close($link);
}
function blockMessage($from, $to, $messageContext, $state)
{
    insertMessage($from, $to, $messageContext, $state);
}
Example #6
0
         </div>
      <table>
        <tr><td colspan='2' align='center'>
        <?php 
if (isset($_POST["textAreaRecipient"]) && $_POST["textAreaRecipient"] == "") {
    ?>
                      <script type="text/javascript">
                       alert('Recipient field mustn\'t be empty!');
 
                        </script> 
                        <?php 
} else {
    if (isset($_POST["textAreaRecipient"]) && $_POST["textAreaRecipient"] != "") {
        try {
            connectToDatabase();
            if (insertMessage($_POST["textAreaRecipient"], "SMS:TEXT", $_POST["textAreaMessage"])) {
                ?>
                      <script type="text/javascript">
                       alert('Insert was successful!');
 
                        </script> 
                        <?php 
            }
            closeConnection();
        } catch (Exception $exc) {
            ?>
                      <script type="text/javascript">
                       alert('Error !');
 
                        </script> 
                        <?php 
    $baseurl = $user_row["baseurl"];
    $fee = $user_row["fee"];
    $amount = '0';
    if ($fee == "100") {
        $amount = '8';
    } elseif ($fee == "600") {
        $amount = '120';
    } elseif ($fee == "1200") {
        $amount = '288';
    } elseif ($fee == "3000") {
        $amount = '780';
    } elseif ($fee == "6800") {
        $amount = '2040';
    } elseif ($fee == "12800") {
        $amount = '4608';
    } else {
        $amount = '' . intval($fee) / 10;
    }
    $message = array('SEND_USER_ID' => 0, 'RECEIVE_USER_ID' => $user_id, 'GIFT_TYPE' => 1, 'AMOUNT' => $amount, 'TEXT_ID' => 1000);
    $dp_ip = "";
    if ($baseurl == "itofdp4.miyigame.com:40002") {
        $dp_ip = "192.168.169.66";
    } elseif ($baseurl == "itofdp5.miyigame.com:40003") {
        $dp_ip = "192.168.169.68";
    } elseif ($baseurl == "itofdp6.miyigame.com:40004") {
        $dp_ip = "192.168.169.69";
    }
    print_r($dp_ip . "\r\n");
    insertMessage($dp_ip, $message);
    return;
}
Example #8
0
<?php 
include "files_inc.php";
include "functions.php";
//Send message to ozekimessageout table
//Retrieve records once appointment is due
$sql = "SELECT patient.lname,patient.fname,patient.patientId,patient.phone,patient_appointment.visit_date," . "patient_appointment.visit_time,patient_appointment.purpose " . "FROM patient INNER JOIN patient_appointment USING (patientId)" . "WHERE DATE(visit_date) =DATE(NOW())+1 " . "AND status = 'Alertpending' ";
$results = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_assoc($results)) {
    //specify what to have in ozekimessageout table
    $id = $row['patientId'];
    $status = "send";
    $msgtype = "SMS:TEXT";
    $receiver = $row['phone'];
    $msg = "Hi {$row['lname']}, this is to notify you to attend {$row['purpose']} at {$row['visit_time']} on {$row['visit_date']}. Anti-Retroviral Therapy Program. Thank You.";
    //insertMessage($receiver,$msg,$status);
    insertMessage($receiver, $msgtype, $msg, $status);
    $update = mysql_query("UPDATE patient_appointment SET status = 'Alertdelivered' WHERE patientId='{$id}'") or die("Could not change status!");
}
//Section to restrict sent messages seen by administrators depending on their access levels
$sql = "SELECT * FROM user WHERE id='" . $_SESSION['user'] . "'";
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
    $access_lvl = $row['access_lvl'];
}
//Display messages sent
$header = <<<HAH
<h2>Message Log</h2>
<table width=85% border="1" cellpadding="2" cellspacing="2" >
<tr>
<th>No.</th>
<th>Receiver</th>
Example #9
0
function blockMessage($from, $to, $messageContext)
{
    insertMessage($from, $to, $messageContext, "received");
}