public function view()
{
$dao = DAO::getDAO('UserDAO');
if (isset($this->params[0]) && trim($this->params[0]) == 'remove') {
// ex: requesting: /user-list/delete/2
$id = trim(sanitizeString($this->params[1]));
$dao->removeById($id);
} else {
if (isset($this->params[0]) && trim($this->params[0]) == 'add') {
$randNum = mt_rand(0, 99999);
$newUser = new User(array('firstName' => 'First', 'lastName' => 'LastName', 'username' => "test{$randNum}", 'email' => "test{$randNum}@example.com", 'createTime' => dbDateTime()));
// #TODO: implement UserDao.create($newUser) instead.
if ($dao->countAll() > 30) {
// Demo mode: clean up if too many users
$dao->execute("DELETE FROM user");
$dao->execute("vacuum");
}
$dao->insertInto("firstName, lastName, username, email, createTime", $newUser->getFields());
}
}
$users = $dao->getAll();
$v = $this->smarty;
$v->assign('title', 'User List');
$v->assign('inc_content', v('user_list.html'));
$v->assign('users', $users);
$v->assign('totalUsers', $dao->countAll());
$this->display($v, v('index.html'));
}
function login()
{
global $conn;
if (postExist(array('username', 'password'))) {
$username = sanitizeString($_POST['username']);
$password = sanitizeString($_POST['password']);
try {
$response = $conn->prepare("SELECT * FROM users WHERE username = :username");
$response->bindParam(':username', $username, \PDO::PARAM_STR);
$response->execute();
$datas = $response->fetchAll();
if (isset($datas[0])) {
if (password_verify($password, $datas[0]['password'])) {
initSession($datas[0]['id'], $username, 0);
redirect('chat.php');
} else {
echo 'Your password does not match your username';
}
} else {
echo 'Your username has not been found';
}
} catch (Exception $e) {
die("An error occured : " . $e);
}
} else {
var_dump($_POST);
die;
}
}
function sanitizeMYSQL($connection, $var)
{
$var = mysqli_real_escape_string($connection, $var);
//Escapes special characters in a string for use in an SQL statement
$var = sanitizeString($var);
return $var;
}
function sanitizeMySQL($connection, $var)
{
// Using the mysqli extension
$var = $connection->real_escape_string($var);
$var = sanitizeString($var);
return $var;
}
function sanitizeSQL($str_array, $connection)
{
for ($i = 0; $i < count($str_array); ++$i) {
$str_array[$i] = $connection->real_escape_string($str_array[$i]);
$str_array[$i] = sanitizeString($str_array[$i]);
}
}
public function view()
{
$dao = DAO::getDAO('SearchDAO');
if (isset($this->params[0]) && trim($this->params[0]) == 'remove') {
// ex: requesting: /search/delete/2
$id = trim(sanitizeString($this->params[1]));
$dao->removeById($id);
} else {
if (isset($this->params[0]) && trim($this->params[0]) == 'add') {
$randNum = mt_rand(0, 99999);
$newSearch = new Search(array('username' => "test{$randNum}", 'email' => "test{$randNum}@example.com", 'created' => dbDateTime()));
// #TODO: implement UserDao.create($newUser) instead.
if ($dao->countAll() > 30) {
// Demo mode: clean up if too many searchs
$dao->execute("DELETE FROM searchs");
$dao->execute("vacuum");
}
$dao->insertInto("username, email, created", $newSearch->getFields());
}
}
$search = $dao->getAll();
$v = $this->smarty;
$v->assign('title', 'Search List');
$v->assign('inc_content', v('search.html'));
$v->assign('search', $search);
$v->assign('totalSearch', $dao->countAll());
$this->display($v, v('index.html'));
}
private function processAction($dao, $v)
{
if ( !isset($this->params[0])) {
$action = 'list'; // default action
} else {
$action = trim($this->params[0]);
}
$err = '';
if ( in_array($action, array('list','show','edit')) )
{
if ($action == 'list') {
$html = BaseController::callController(BASEEXT.'/blog', 'BlogList', array());
}
else {
$postId = trim(sanitizeString($this->params[1]));
if ($action == 'show') {
$html = BaseController::callController(BASEEXT.'/blog', 'BlogShow', array($postId));
}
else if ($action == 'edit') {
$html = BaseController::callController(BASEEXT.'/blog', 'BlogEdit', array($postId));
}
}
$v->assign('inc_content', 'blank.html');
$v->assign('content', $html);
}
else {
if ($action == 'remove')
{
// ex: requesting: /blog/delete/2
$id = trim(sanitizeString($this->params[1]));
if (isDemoMode() && $id == 1) $err = '<span id="msgWarn">Demo Mode: removing entry #1 is not allowed!</span>';
if ($err == '') {
$dao->removeById($id);
}
}
else if ($action == 'add')
{
$randNum = mt_rand(0, 99999);
$dbNow = date( 'Y-m-d H:i:s' );
$newPost = new Post(
array('title' => 'Blog entry '.$randNum,
'description' => 'description '.$randNum,
'content' => 'content '.$randNum,
'createTime' => $dbNow)
);
$dao->execute("INSERT INTO post(title, description, content, createTime)
VALUES(:title, :description, :content, :createTime)", $newPost->getFields());
}
$posts = $dao->getAll();
$v->assign('inc_content', BASEEXT.'/blog/view/admin.html');
$v->assign('err', $err);
$v->assign('posts', $posts);
$v->assign('totalPosts', $dao->countAll());
$v->assign('content', '');
}
return $html;
}
/**
* @return int
*/
function initFromPOST()
{
date_default_timezone_set('Europe/Kiev');
$this->printerID = sanitizeString($_POST['Sticker']);
$this->newCounter = sanitizeString($_POST['counter']);
$this->date = date('Y-m-d H:i:s');
return 1;
}
function initFromPOST()
{
$this->login = sanitizeString($_POST['username']);
$this->password = sanitizeString($_POST['password']);
$this->firstName = sanitizeString($_POST['surname']);
$this->lastName = sanitizeString($_POST['forename']);
return 1;
}
function sanitizeMySQL($conn, $var)
{
$var = $conn->real_escape_string($var);
#Remove escape characters
$var = sanitizeString($var);
#Use sanitizeString()
return $var;
}
function initFromPOST()
{
date_default_timezone_set('Europe/Kiev');
$this->id = sanitizeString($_POST['printernum']);
$this->name = sanitizeString($_POST['printername']);
$this->manufacturer = sanitizeString($_POST['printermanufac']);
$this->model = sanitizeString($_POST['printermodel']);
$this->serNum = sanitizeString($_POST['printerserial']);
$this->currentCount = sanitizeString($_POST['printercount']);
$this->pageCost = sanitizeString($_POST['printercost']);
$this->lastEdit = date('Y-m-d H:i:s');
$this->owner = 2;
$this->balance = 0.0;
return 1;
}
public function processPost()
{
parent::processPost();
// #TODO: User submitted data. Save it to DB, email, etc.
copyArray($_POST, $fv, 'ftoken', 'name', 'email', 'optin|checkbox', 'msg');
session_start();
if ($fv['ftoken'] != $_SESSION['ftoken']) {
die('Error: invalid form token! Do not submit your form twice.');
}
unset($_SESSION['ftoken']);
$v = $this->smarty;
$v->assign('title', 'Thank you!');
$v->assign(array('name' => sanitizeString($fv['name']), 'email' => sanitizeEmail($fv['email']), 'optin' => $fv['optin']));
$v->assign('inc_content', v('contact_us_done.html'));
$this->display($v, v('index.html'));
}
private function dologinWithPostData()
{
//check login form contents
if (empty($_POST['user']) || $_POST['pass']) {
$this->errors[] = "Not all fields were entered";
} elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
$query = "SELECT user,pass FROM members\n WHERE user='******' AND pass='******'";
//if this user exists
if (mysql_num_rows(queryMysql($query)) == 1) {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
}
}
}
function Register()
{
if (!empty($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
$query = mysql_query("SELECT * FROM user where name = '{$user}'") or die(mysql_error());
$row = mysql_fetch_array($query);
if (empty($row['name'])) {
mysql_query("SET AUTOCOMMIT=0");
mysql_query("START TRANSACTION");
$query = mysql_query("INSERT INTO user (NAME,PASS) VALUES ('{$user}','{$pass}')");
if (!$query) {
mysql_query("ROLLBACK");
echo "<h1 align=center>Error</h1>";
echo "<div id='container'>";
echo "<div id='center'>";
echo "<fieldset>";
echo '<p>DATABASE ERROR</p> ' . mysql_error() . '</p>';
echo "<p>Please <a href='index.php'>click here</a> to return.</p>";
echo "</fieldset>";
echo "</div>";
echo "</div>";
} else {
mysql_query("COMMIT");
echo "<h1 align=center>Registration Area</h1>";
echo "<div id='container'>";
echo "<div id='center'>";
echo "<fieldset>";
echo "<p>Registration successfull! Please Log-in.</p>";
echo "<p>Please <a href='index.php'>click here</a> to return.</p>";
echo "</fieldset>";
echo "</div>";
echo "</div>";
}
} else {
echo "<h1 align=center>Error</h1>";
echo "<div id='container'>";
echo "<div id='center'>";
echo "<fieldset>";
echo "<p>Sorry, User name already in use. Please retry.</p>";
echo "<p>Please <a href='index.php'>click here</a> to return.</p>";
echo "</fieldset>";
echo "</div>";
echo "</div>";
}
}
}
public function processPost()
{
parent::processPost();
session_start();
// #TODO: User submitted data. Save it to DB, email, etc.
copyArray($_POST, $fv, 'ftoken', 'name', 'email', 'optin|checkbox', 'msg');
checkFormToken('ftoken_contact_us', $fv['ftoken']);
$v = $this->smarty;
$v->assign('title', 'Thank you!');
$v->assign(array(
'name' => sanitizeString($fv['name']),
'email' => sanitizeEmail($fv['email']),
'optin' => $fv['optin']
));
$v->assign('inc_content', v('contact_us_done.html'));
$this->display($v, v('index.html'));
}
<fieldset class='outer'>
<form method='post' action='rnmessages.php?view={$view}'>
<p style='margin-left:5px;'><b class='defb'>Type here to leave a wALL Message: </b><br /><br/>
<textarea name='text' cols='70' rows='8'></textarea><br />
Public<input type='radio' name='pm' value='0' checked='checked' />
Private<input type='radio' name='pm' value='1' />
<input type='submit' class='button green' value='Post Message' /></p></form>
</fieldset>
</td>
<td width='100%' align='left' ><div style='margin-left:10%;'>
<a href='inbox.php' class='defb'> Compose a Private Message ->></a></div>
</td></tr></table>
_END;
if (isset($_GET['erase'])) {
$erase = sanitizeString($_GET['erase']);
queryMysql("DELETE FROM rnmessages WHERE id={$erase}\nAND recip='{$user}'");
}
$query = "SELECT * FROM rnmessages WHERE recip='{$view}'\nORDER BY time DESC";
$result = queryMysql($query);
$num = mysql_num_rows($result);
for ($j = 0; $j < $num; ++$j) {
$row = mysql_fetch_row($result);
if ($row[3] == 0 || $row[1] == $user || $row[2] == $user) {
echo "<fieldset style='background-image:url(css1/images/beige_paper.png);margin-bottom:0px;' class='iner'>";
echo date('M jS \'y g:sa:', $row[4]);
if (file_exists("pics/profile/{$row['1']}.jpg")) {
echo " <img height=' 60' width='50' src='pics/profile/{$row['1']}.jpg'/>";
} else {
echo " <img height=' 60' width='50' src='pics/p-photo.png'/>";
}
<?php
//results.php
require_once 'functions.php';
require_once 'header.php';
database_connect($dbhost, $dbuser, $dbpass, $dbname);
$query = 'SELECT * FROM nyitevents WHERE Event="' . sanitizeString($_GET['category']) . '"';
$result = queryMysql($query);
if (!$result) {
die('Database access failed: ' . mysql_error());
}
$rows = mysql_num_rows($result);
echo "<div class='container-fluid table-responsive'>";
echo "<table class='table table-striped table-hover table-bordered'>";
echo "<tr><th>Name</th><th>Description</th><th>Date</th><th>Time</th><th>Location</th></tr>";
for ($j = 0; $j < $rows; ++$j) {
$row = mysql_fetch_row($result);
echo "<tr>";
echo "<td>" . $row[0] . "</td>";
echo "<td>" . $row[1] . "</td>";
echo "<td>" . $row[2] . "</td>";
echo "<td>" . $row[3] . "</td>";
echo "<td>" . $row[4] . "</td></tr>";
}
if ($rows == 0) {
echo "<tr><td colspan='5'><img src='img/noFlexZone.png' />\n <h2>It ha no events dawg</h2></td></tr>";
}
echo "</table></div>";
mysql_close(mysql_connect($dbhost, $dbuser, $dbpass));
?>
<?php
// convert.php
$hogsheads = '';
$liters = '';
//Removes html elements from input
if (isset($_POST['hogsheads'])) {
$hogsheads = sanitizeString($_POST['hogsheads']);
}
if (isset($_POST['liters'])) {
$liters = sanitizeString($_POST['liters']);
}
//If hogsheads != blank
if ($hogsheads != '') {
$liters = round($hogsheads * 128 * 63 / 33.814, 5);
if ($hogsheads == 1) {
$out = "{$hogsheads} hogshead equals {$liters} liters";
} else {
$out = "{$hogsheads} hogsheads equals {$liters} liters";
}
} else {
if ($liters != '') {
$hogsheads = round($liters * 33.814 / (63 * 128), 5);
if ($liters == 1) {
$out = "{$liters} liter equals {$hogsheads} hogsheads";
} else {
$out = "{$liters} liters equals {$hogsheads} hogsheads";
}
} else {
$out = "";
}
\t\t\t\t\trequest = false
\t\t\t}
\t\t}
\t}
\treturn request
}
</script>
<h3>Sign up form</h3>
_END;
$error = $user = $pass = "";
if (isset($_SESSION['user'])) {
destroySession();
}
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br /><br />";
} else {
$query = "SELECT * FROM rnmembers WHERE user = '******'";
if (mysql_num_rows($queryMysql($query))) {
$error = "That username already exists<br /><br />";
} else {
$query = "INSERT INTO rnmembers VALUES<'{$user}','{$pass}')";
queryMysql($query);
}
die("<h4>Account created</h4>Please Log in.");
}
}
echo <<<_END
<form method='post' action='rnsignup.php'>{$error}
<?php
/* License
* The following license governs the use of CollegeERP in academic and educational environments. Commercial use requires a commercial license from Muhammed Salman Shamsi.
* ACADEMIC PUBLIC LICENSE
* Copyright (C) 2014 - 2015 Muhammed Salman Shamsi.
* FOR DETAILED TERMS AND CONDITION SEE LICENSE.TXT FILE
* NO WARRANTY
* BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
* IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED ON IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* END OF TERMS AND CONDITIONS
* [license text: http://www.omnetpp.org/intro/license]
* Created On: 27 May, 2015, 10:49:43 AM
* Author: MUhammed Salman Shamsi
*/
require_once 'functions/connect.php';
require_once 'functions/functions.php';
if ($_POST) {
if (isset($_POST['user'])) {
$user = strtolower(sanitizeString($_POST['user']));
$query = "select * from Access where userid='" . $user . "'";
$result = mysql_query($query);
if (mysql_num_rows($result) == 0) {
echo '<font color="green">Username is Available</font><br>';
} else {
echo '<font color="red">Username is already taken. Please select another username.</font><br>';
echo '<script language="javascript">var user=document.getElementById("user");' . 'user.value="";</script>';
}
}
}
<?php
require_once 'functions.php';
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$result = queryMysql("SELECT * FROM members WHERE user='******'");
if ($result->num_rows) {
echo "<span class='taken'> ✘ " . "This username is taken</span>";
} else {
echo "<span class='available'> ✔ " . "This username is available</span>";
}
}
<?php
require_once 'online.php';
require_once 'requirefn.php';
if (isset($_GET['view'])) {
$view = sanitizeString($_GET['view']);
//$id=sanitizeString($_GET['id']);
$qry = queryMysql("SELECT `id` FROM `rnmessages` WHERE((`recip`='{$user}' OR `auth`='{$user}') AND (`auth`='{$view}' OR `recip`='{$view}')) ORDER BY `id` DESC");
$num = mysql_num_rows($qry);
for ($i = 0; $i < $num; $i++) {
$rslt = mysql_fetch_row($qry);
$var .= $rslt[0] . " ";
}
echo $var;
}
if (isset($_GET['status'])) {
$view = sanitizeString($_GET['status']);
$qry = queryMysql("SELECT `read` FROM `rnmessages` WHERE `auth`='{$user}' AND `recip`='{$view}' ORDER BY `id` DESC");
// $num=mysql_num_rows($qry);
//for($i =0 ;$i<$num ;$i++){
$rslt = mysql_fetch_row($qry);
$var .= $rslt[0] . " ";
// }
echo $var;
}
header("Location: CompanyDisplayGrid.php");
}
include "Header.inc.php";
$action = '';
if (!isset($_POST['Create'])) {
if (isset($_GET['id']) === false || isset($_GET['action']) === false) {
header("Location: CompanyDisplayGrid.php");
}
$id = (int) $_GET['id'];
$action = $_GET['action'];
sanitizeString($id);
} else {
$action = 'c';
$id = -1;
}
sanitizeString($action);
// Set up DB connection
$dbBaseClass = new BaseDB();
$recordBase = BaseCompany::$company;
if (Database::getConnection() === false) {
$_SESSION['error'] = "ERROR: Could not connect. " . printf('%s', dbGetErrorMsg());
header("Location: BranchDisplayGrid.php");
exit;
}
// An existing record is expected when the action is not "Create"
if ($action != 'c') {
// Read the record
$records = $dbBaseClass->getAll('Company', "WHERE id = {$id}");
if ($records === false) {
$_SESSION['error'] = dbGetErrorMsg();
header("Location: BranchDisplayGrid.php");
$loggedin = TRUE;
$userstr = " ({$user})";
} else {
$loggedin = FALSE;
}
// If the user is not signed in, they are redirected to the sign in/up form.
if (!$loggedin) {
header('Location: index.php');
exit;
}
// Handle form post.
if (isset($_POST['name']) && isset($_POST['title']) && isset($_POST['text'])) {
// Sanitze inputs.
$name = sanitizeString($db, $_POST['name']);
$title = sanitizeString($db, $_POST['title']);
$text = sanitizeString($db, $_POST['text']);
// Name the file with current timestamp.
$time = $_SERVER['REQUEST_TIME'];
$file_name = $time . '.jpg';
// Get filter setting.
if (isset($_POST['filter'])) {
$filter = $_POST['filter'];
} else {
$filter = "NULL";
}
// Get image file, upload to 'users' folder.
if ($_FILES) {
$tmp_name = $_FILES['upload']['name'];
$dstFolder = '../project/users';
move_uploaded_file($_FILES['upload']['tmp_name'], $dstFolder . DIRECTORY_SEPARATOR . $file_name);
}
<?php
require_once 'session.php';
//Haomin liu,12109377,assignment 2,quizfun
$error = $username = $password = "";
$errorCode = 0;
$errorDesc = "";
if (isset($_POST['user'])) {
$username = sanitizeString($_POST['user']);
$password = sanitizeString($_POST['pass']);
if ($username == "" || $password == "") {
$errorCode = 1;
$errorDesc = "Not all fields were entered";
} else {
//salt and hash for password
$salt1 = "qm&h*";
$salt2 = "pg!@";
$token = hash('ripemd128', "{$salt1}{$password}{$salt2}");
//search input user in database
$result = queryMySQL("SELECT username,password FROM members\n WHERE username='******' AND password='******'");
if ($result->num_rows == 0) {
$errorCode = 2;
$errorDesc = "Username or Password is invalid";
} else {
$_SESSION['user'] = $username;
$errorCode = 0;
$errorDesc = "You are now logged in";
}
}
}
echo json_encode(array('error' => $errorCode, 'errorDesc' => $errorDesc));
function sanitizeMySQL($var)
{
$var = mysql_real_escape_string($var);
$var = sanitizeString($var);
return $var;
}
<?php
// Example 26-7: login.php
require_once 'header.php';
echo "<div class='main'><h3>Please enter your details to log in</h3>";
$error = $user = $pass = "";
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = password_hash(sanitizeString($_POST['pass']), PASSWORD_DEFAULT);
$pass = sha1(sanitizeString($_POST['pass']));
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br>";
} else {
$result = queryMySQL("SELECT user,pass FROM members\n WHERE user='******' AND pass='******'");
if ($result->num_rows == 0) {
$error = "<span class='error'>Username/Password\n invalid</span><br><br>";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='members.php?view={$user}'>" . "click here</a> to continue.<br><br>");
}
}
}
echo $pass;
echo <<<_END
<form method='post' action='login.php'>{$error}
<span class='fieldname'>Username</span><input type='text'
maxlength='16' name='user' value='{$user}'><br>
<span class='fieldname'>Password</span><input type='password'
maxlength='16' name='pass' value='{$pass}'>
_END;
} else {
$name = "{$view}'s";
}
echo "<h3>{$name} Profile</h3>";
showProfile($view);
echo "<a class='button' href='messages.php?view={$view}'>" . "View {$name} messages</a><br><br>";
die("</div></body></html>");
}
if (isset($_GET['add'])) {
$add = sanitizeString($_GET['add']);
$result = queryMysql("SELECT * FROM friends WHERE user='******'\nAND friend='{$user}'");
if (!$result->num_rows) {
queryMysql("INSERT INTO friends VALUES ('{$add}', '{$user}')");
}
} elseif (isset($_GET['remove'])) {
$remove = sanitizeString($_GET['remove']);
queryMysql("DELETE FROM friends WHERE user='******' AND friend='{$user}'");
}
$result = queryMysql("SELECT user FROM members ORDER BY user");
$num = $result->num_rows;
echo "<h3>Other Members</h3><ul>";
for ($j = 0; $j < $num; ++$j) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if ($row['user'] == $user) {
continue;
}
echo "<li><a href='members.php?view=" . $row['user'] . "'>" . $row['user'] . "</a>";
$follow = "follow";
$result1 = queryMysql("SELECT * FROM friends WHERE\nuser='******'user'] . "' AND friend='{$user}'");
$t1 = $result1->num_rows;
$result1 = queryMysql("SELECT * FROM friends WHERE\nuser='******' AND friend='" . $row['user'] . "'");
<?php
// profile.php
include_once 'header.php';
if (!$loggedin) {
die;
}
echo "<div class='main'><h3>Your Profile</h3>";
if (isset($_POST['text'])) {
$text = sanitizeString($conn, $_POST['text']);
$text = preg_replace('/\\s\\s+/', ' ', $text);
if (queryMysql($conn, "SELECT * FROM `profiles` WHERE `user`='{$user}'")->num_rows) {
queryMysql($conn, "UPDATE `profiles` SET `text`='{$text}' where `user`='{$user}'");
} else {
queryMysql($conn, "INSERT INTO `profiles` VALUES(NULL,'{$user}', '{$text}')");
}
} else {
$result = queryMysql($conn, "SELECT * FROM `profiles` WHERE `user`='{$user}'");
if ($result->num_rows) {
$row = mysqli_fetch_row($result);
$text = stripslashes($row[1]);
} else {
$text = "";
}
}
$text = stripslashes(preg_replace('/\\s\\s+/', ' ', $text));
if (isset($_FILES['image']['name'])) {
$saveto = "{$user}.jpg";
move_uploaded_file($_FILES['image']['tmp_name'], $saveto);
$typeok = TRUE;
switch ($_FILES['image']['type']) {
$str = strip_tags($str);
$str = htmlentities($str);
$str = stripslashes($str);
return $str;
}
function toAstronomical($kilometers)
{
return 149600000 * $kilometers;
}
function toKilometers($astronomical)
{
return $astronomical / 149600000;
}
if (isset($_POST['distance'])) {
// sanitize distance
$distance = sanitizeString($_POST['distance']);
$output = "Error!";
// business logic
if (isset($_POST['conversion']) && $_POST['conversion'] === 'astronomical') {
$output = $distance . " KM == " . toKilometers($distance) . " AU ";
} else {
if (isset($_POST['conversion']) && $_POST['conversion'] === 'kilometers') {
$output = $distance . " AU == " . toAstronomical($distance) . " KM ";
}
}
// print distance
echo $output;
}
?>
</div>
