include '../csrf_protection/csrf-token.php'; include '../csrf_protection/csrf-class.php'; if (!isset($_SESSION)) { $some_name = session_name("VedicaAdmission"); session_start(); } include '../config/config.php'; include '../config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include '../language/' . $language[$_GET['lang']] . '.php'; } else { include '../language/en.php'; } $update_username = strip_tags(trim_awesome($_POST["update_username"])); $update_finalusername = htmlspecialchars($update_username, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('update-username-form')) { echo $lang['update_username_wrong_security_token']; } else { $usersearch = mysql_query("SELECT * FROM " . $admission_users . " WHERE application_id = " . mysql_real_escape_string_awesome($update_finalusername) . ""); $userresult = mysql_num_rows($usersearch); $userquery = mysql_fetch_array($usersearch); if ($userquery && $userquery['login_system_registrations_user_id'] != $_SESSION['userLogin']) { echo $lang['update_username_already_taken']; } else { $update1 = "UPDATE " . $admission_users . " SET application_id = " . mysql_real_escape_string_awesome($update_finalusername) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery1 = mysql_query($update1); $update2 = "UPDATE " . $mysqltable_name_2 . " SET login_system_login_attempts_username = "******" WHERE login_system_login_attempts_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery2 = mysql_query($update2); $update3 = "UPDATE " . $mysqltable_name_3 . " SET login_system_forgot_password_username = "******" WHERE login_system_forgot_password_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
?> <!doctype html> <html> <head> <?php include dirname(__FILE__) . '/header.php'; ?> </head> <body> <?php $useremail = strip_tags(trim_awesome($_GET["email"])); $passtoken = strip_tags(trim_awesome($_GET["token"])); $finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8'); $finalpasstoken = htmlspecialchars($passtoken, ENT_QUOTES, 'UTF-8'); ?> <div class="container"> <div class="form-bar" id="newpassword"> <div class="top-bar bar-orange"></div> </div> <div class="form"> <div class="header"> <div class="grid-container"> <div class="column-twelve"> <img src="images/logo.JPG"/> </div> <div class="column-twelve">
} $_SESSION['start'] = time(); $_SESSION['expire'] = $_SESSION['start'] + 60 * 60; if (strlen(trim($_SESSION['userName'])) == 0) { session_destroy(); timeout(); die; } $applicationid = strip_tags(trim_awesome($_SESSION['userName'])); $refreetitle = strip_tags(trim_awesome($_POST['refreetitle'])); $refreename = strip_tags(trim_awesome($_POST['refreename'])); $refreeorganization = strip_tags(trim_awesome($_POST['refreeorganization'])); $refreedesignation = strip_tags(trim_awesome($_POST['refreedesignation'])); $refreecontact = strip_tags(trim_awesome($_POST['refreecontact'])); $refreeemail = strip_tags(trim_awesome($_POST['refreeemail'])); $refreeknowing = strip_tags(trim_awesome($_POST['refreeknowing'])); $finalapplicationid = htmlspecialchars($applicationid, ENT_QUOTES, 'UTF-8'); $finalrefreetitle = htmlspecialchars($refreetitle, ENT_QUOTES, 'UTF-8'); $finalrefreename = htmlspecialchars($refreename, ENT_QUOTES, 'UTF-8'); $finalrefreeorganization = htmlspecialchars($refreeorganization, ENT_QUOTES, 'UTF-8'); $finalrefreedesignation = htmlspecialchars($refreedesignation, ENT_QUOTES, 'UTF-8'); $finalrefreecontact = htmlspecialchars($refreecontact, ENT_QUOTES, 'UTF-8'); $finalrefreeemail = htmlspecialchars($refreeemail, ENT_QUOTES, 'UTF-8'); $finalrefreeknowing = htmlspecialchars($refreeknowing, ENT_QUOTES, 'UTF-8'); if ($mysql == true) { $sqlrefree = "INSERT INTO `vedica_admn_2017`.`users_reference_details` (`application_id`, `title_of_refree`, `name_of_refree`, `organization`, `designation`, `phone_number`, `email_id`, `capacity_of_knowing`) VALUES (\n\t\t\t" . mysql_real_escape_string_awesome($finalapplicationid) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreetitle) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreename) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreeorganization) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreedesignation) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreecontact) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreeemail) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreeknowing) . "\n\t\t\t)\n\t\tON DUPLICATE KEY\n\t\tUPDATE\n\t\ttitle_of_refree = VALUES(title_of_refree),\n\t\tname_of_refree = VALUES(name_of_refree),\n\t\torganization = VALUES(organization),\n\t\tdesignation = VALUES(designation),\n\t\tphone_number = VALUES(phone_number),\n\t\temail_id = VALUES(email_id),\n\t\tcapacity_of_knowing = VALUES(capacity_of_knowing)\n\t\t;"; $insertrefree = mysql_query($sqlrefree); if (!$insertrefree) { die('Could not enter data: ' . mysql_error()); } } else {
} else { $time = time(); if ($time > $_SESSION['expire']) { session_destroy(); timeout(); exit(0); } } $_SESSION['start'] = time(); $_SESSION['expire'] = $_SESSION['start'] + 60 * 60; if (strlen(trim($_SESSION['userName'])) == 0) { session_destroy(); timeout(); die; } $applicationid = strip_tags(trim_awesome($_SESSION['userName'])); $finalapplicationid = htmlspecialchars($applicationid, ENT_QUOTES, 'UTF-8'); if ($mysql == true) { $doc_response = array(); $errors = array(); $sqldoc = "SELECT * FROM `users_documents_uploads` WHERE application_id ='" . $finalapplicationid . "'"; $selectdoc = mysql_query($sqldoc); if (!$selectdoc) { die('Could not select data: ' . mysql_error()); } while ($row = mysql_fetch_array($selectdoc, MYSQL_ASSOC)) { $finalnamephoto0 = $row['passport_photo']; $finalnameresume0 = $row['resume']; } if (isset($_FILES['passportphoto'])) { $maxsize = 409600;
${'graduationdegreemodeextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationdegreemodeextra])); ${'finalgraduationdegreemodeextra' . $y} = htmlspecialchars(${'graduationdegreemodeextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationcompletedextra = "graduationcompletedextra{$y}"; ${'graduationcompletedextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationcompletedextra])); ${'finalgraduationcompletedextra' . $y} = htmlspecialchars(${'graduationcompletedextra' . $y}, ENT_QUOTES, 'UTF-8'); $igradationcompletionyearextra = "gradationcompletionyearextra{$y}"; ${'gradationcompletionyearextra' . $y} = strip_tags(trim_awesome($_POST[$igradationcompletionyearextra])); ${'finalgradationcompletionyearextra' . $y} = htmlspecialchars(${'gradationcompletionyearextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationgpaorpercentageextra = "graduationgpaorpercentageextra{$y}"; ${'graduationgpaorpercentageextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationgpaorpercentageextra])); ${'finalgraduationgpaorpercentageextra' . $y} = htmlspecialchars(${'graduationgpaorpercentageextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationclassextra = "graduationclassextra{$y}"; ${'graduationclassextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationclassextra])); ${'finalgraduationclassextra' . $y} = htmlspecialchars(${'graduationclassextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationpercentageextra = "graduationpercentageextra{$y}"; ${'graduationpercentageextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationpercentageextra])); ${'finalgraduationpercentageextra' . $y} = htmlspecialchars(${'graduationpercentageextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationgpaobtainedextra = "graduationgpaobtainedextra{$y}"; ${'graduationgpaobtainedextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationgpaobtainedextra])); ${'finalgraduationgpaobtainedextra' . $y} = htmlspecialchars(${'graduationgpaobtainedextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationgpamaxextra = "graduationgpamaxextra{$y}"; ${'graduationgpamaxextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationgpamaxextra])); ${'finalgraduationgpamaxextra' . $y} = htmlspecialchars(${'graduationgpamaxextra' . $y}, ENT_QUOTES, 'UTF-8'); $sqlacademicextra = "INSERT INTO `vedica_admn_2017`.`added_academic_details` (`application_id`, `extra_academic_degree_level`, `extra_academic_degree_level_other`, `extra_academic_name_of_college`, `extra_academic_university`, `extra_academic_university_other`, `extra_academic_degree_mode`, `extra_academic_degree_name`, `extra_academic_discipline`, `extra_academic_discipline_other`, `extra_academic_specialisation`, `extra_academic_degree_completed`, `extra_academic_year_completion`, `extra_academic_grading_system`, `extra_academic_class`, `extra_academic_aggregate`, `extra_academic_gpa_obtained`, `extra_academic_gpa_max`) VALUES (\n\t\t\t\t" . mysql_real_escape_string_awesome($finalapplicationid) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalacademicextradegreelevel' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalacademicextradegreeother' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgradutationcollegenameextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgradutationunversityextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationuniversityothersextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduatindegreenameextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationdisciplineextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationdisciplineotherextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationspecializationextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationdegreemodeextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationcompletedextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgradationcompletionyearextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationgpaorpercentageextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationclassextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationpercentageextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationgpaobtainedextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationgpamaxextra' . $y}) . "\n\t\t\t\t);"; $insertacademicextra = mysql_query($sqlacademicextra); if (!$insertacademicextra) { die('Could not enter data: ' . mysql_error()); } } } else { }
$currentzip = strip_tags(trim_awesome($_POST["currentzip"])); $permanentsameascurrent = strip_tags(trim_awesome($_POST["permanentsameascurrent"])); $permanentaddress1 = strip_tags(trim_awesome($_POST["permanentaddress1"])); $permanentaddress2 = strip_tags(trim_awesome($_POST["permanentaddress2"])); $permanentaddress3 = strip_tags(trim_awesome($_POST["permanentaddress3"])); $permanentcity = strip_tags(trim_awesome($_POST["permanentcity"])); $permanentcountry = strip_tags(trim_awesome($_POST["permanentcountry"])); $permanentstate = strip_tags(trim_awesome($_POST["permanentstate"])); $permanentstateother = strip_tags(trim_awesome($_POST["permanentstateother"])); $permanentzip = strip_tags(trim_awesome($_POST["permanentzip"])); $parentname = strip_tags(trim_awesome($_POST["parentname"])); $parentmobile = strip_tags(trim_awesome($_POST["parentmobile"])); $parentrelation = strip_tags(trim_awesome($_POST["parentrelation"])); $parentorganisation = strip_tags(trim_awesome($_POST["parentorganisation"])); $parentdesignation = strip_tags(trim_awesome($_POST["parentdesignation"])); $parentqualification = strip_tags(trim_awesome($_POST["parentqualification"])); $finalapplicationid = htmlspecialchars($applicationid, ENT_QUOTES, 'UTF-8'); $finalemail = htmlspecialchars($email, ENT_QUOTES, 'UTF-8'); $finalmobilenumber = htmlspecialchars($mobilenumber, ENT_QUOTES, 'UTF-8'); $finalphonenumber = htmlspecialchars($phonenumber, ENT_QUOTES, 'UTF-8'); $finalcurrentaddress1 = htmlspecialchars($currentaddress1, ENT_QUOTES, 'UTF-8'); $finalcurrentaddress2 = htmlspecialchars($currentaddress2, ENT_QUOTES, 'UTF-8'); $finalcurrentaddress3 = htmlspecialchars($currentaddress3, ENT_QUOTES, 'UTF-8'); $finalcurrentcity = htmlspecialchars($currentcity, ENT_QUOTES, 'UTF-8'); $finalcurrentcountry = htmlspecialchars($currentcountry, ENT_QUOTES, 'UTF-8'); $finalcurrentstate = htmlspecialchars($currentstate, ENT_QUOTES, 'UTF-8'); $finalcurrentstateother = htmlspecialchars($currentstateother, ENT_QUOTES, 'UTF-8'); $finalcurrentzip = htmlspecialchars($currentzip, ENT_QUOTES, 'UTF-8'); $finalpermanentsameascurrent = htmlspecialchars($permanentsameascurrent, ENT_QUOTES, 'UTF-8'); $finalpermanentaddress1 = htmlspecialchars($permanentaddress1, ENT_QUOTES, 'UTF-8'); $finalpermanentaddress2 = htmlspecialchars($permanentaddress2, ENT_QUOTES, 'UTF-8');
include dirname(__FILE__) . '/config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include dirname(__FILE__) . '/language/' . $language[$_GET['lang']] . '.php'; } else { include dirname(__FILE__) . '/language/en.php'; } $firstname = strip_tags(trim_awesome($_POST["firstname"])); $middlename = strip_tags(trim_awesome($_POST["middlename"])); $lastname = strip_tags(trim_awesome($_POST["lastname"])); $useremail = strip_tags(trim_awesome($_POST["useremail"])); $mobile = strip_tags(trim_awesome($_POST["mobile"])); $city = strip_tags(trim_awesome($_POST["city"])); $password = strip_tags(trim_awesome($_POST["password"])); $retypepassword = strip_tags(trim_awesome($_POST["retypepassword"])); $verification = strip_tags(trim_awesome($_POST["captcha"])); $finalprogram = htmlspecialchars($program, ENT_QUOTES, 'UTF-8'); $finalfirstname = htmlspecialchars($firstname, ENT_QUOTES, 'UTF-8'); $finalmiddlename = htmlspecialchars($middlename, ENT_QUOTES, 'UTF-8'); $finallastname = htmlspecialchars($lastname, ENT_QUOTES, 'UTF-8'); // $finalusername = htmlspecialchars( '', ENT_QUOTES, 'UTF-8' ); $finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8'); $finalmobile = htmlspecialchars($mobile, ENT_QUOTES, 'UTF-8'); $finalcity = htmlspecialchars($city, ENT_QUOTES, 'UTF-8'); $finalpass = htmlspecialchars($password, ENT_QUOTES, 'UTF-8'); $finalretypepass = htmlspecialchars($retypepassword, ENT_QUOTES, 'UTF-8'); $finalverification = htmlspecialchars($verification, ENT_QUOTES, 'UTF-8'); if ($SMTP == true) { if ($mysql == true) { $duplicate = mysql_query("SELECT * FROM " . $admission_users . " WHERE email_id = " . mysql_real_escape_string_awesome($finaluseremail) . ""); $result = mysql_num_rows($duplicate);
$time = time(); if ($time > $_SESSION['expire']) { session_destroy(); timeout(); exit(0); } } $_SESSION['start'] = time(); $_SESSION['expire'] = $_SESSION['start'] + 60 * 60; if (strlen(trim($_SESSION['userName'])) == 0) { session_destroy(); timeout(); die; } $applicationid = strip_tags(trim_awesome($_SESSION['userName'])); $personalstatus = strip_tags(trim_awesome($_POST["personalstatus"])); $contactstatus = strip_tags(trim_awesome($_POST["contactstatus"])); $academicestatus = strip_tags(trim_awesome($_POST["academicestatus"])); $workexstatus = strip_tags(trim_awesome($_POST["workexstatus"])); $refreestatus = strip_tags(trim_awesome($_POST["refreestatus"])); $additionalinfostatus = strip_tags(trim_awesome($_POST["additionalinfostatus"])); $docstatus = strip_tags(trim_awesome($_POST["docstatus"])); $datetime = date("Y-m-d H:i:s"); if ($mysql == true) { $sqlstatus = "INSERT INTO `vedica_admn_2017`.`admission_section_status` (`application_id`, `personal_details_status`, `contact_details_status`, `academic_details_status`, `work_ex_details_status`, `reference_details_status`, `additional_details_status`, `document_details_status`, `last_update_date`) VALUES (\n\t\t\t'" . $applicationid . "',\n\t\t\t'" . $personalstatus . "',\n\t\t\t'" . $contactstatus . "',\n\t\t\t'" . $academicestatus . "',\n\t\t\t'" . $workexstatus . "',\n\t\t\t'" . $refreestatus . "',\n\t\t\t'" . $additionalinfostatus . "',\n\t\t\t'" . $docstatus . "',\n\t\t\t'" . $datetime . "'\n\t\t\t)\n\t\tON DUPLICATE KEY\n\t\tUPDATE\n\t\tpersonal_details_status = VALUES(personal_details_status),\n\t\tcontact_details_status = VALUES(contact_details_status),\n\t\tacademic_details_status = VALUES(academic_details_status),\n\t\twork_ex_details_status = VALUES(work_ex_details_status),\n\t\treference_details_status = VALUES(reference_details_status),\n\t\tadditional_details_status = VALUES(additional_details_status),\n\t\tdocument_details_status = VALUES(document_details_status),\n\t\tlast_update_date = VALUES(last_update_date)\n\t\t;"; $insertstatus = mysql_query($sqlstatus); if (!$insertstatus) { die('Could not enter data: ' . mysql_error()); } } else { }
include '../csrf_protection/csrf-token.php'; include '../csrf_protection/csrf-class.php'; if (!isset($_SESSION)) { $some_name = session_name("VedicaAdmission"); session_start(); } include '../config/config.php'; include '../config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include '../language/' . $language[$_GET['lang']] . '.php'; } else { include '../language/en.php'; } $update_email = strip_tags(trim_awesome($_POST["update_email"])); $update_finalemail = htmlspecialchars($update_email, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('update-email-form')) { echo $lang['update_email_wrong_security_token']; } else { $emailsearch = mysql_query("SELECT * FROM " . $admission_users . " WHERE email_id = " . mysql_real_escape_string_awesome($update_finalemail) . ""); $emailresult = mysql_num_rows($emailsearch); $emailquery = mysql_fetch_array($emailsearch); if ($emailquery && $emailquery['login_system_registrations_user_id'] != $_SESSION['userLogin']) { echo $lang['update_email_already_taken']; } else { $update1 = "UPDATE " . $admission_users . " SET email_id = " . mysql_real_escape_string_awesome($update_finalemail) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery1 = mysql_query($update1); $update2 = "UPDATE " . $mysqltable_name_3 . " SET login_system_forgot_password_useremail = " . mysql_real_escape_string_awesome($update_finalemail) . " WHERE login_system_forgot_password_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery2 = mysql_query($update2); $update3 = "UPDATE " . $mysqltable_name_4 . " SET login_system_email_activation_useremail = " . mysql_real_escape_string_awesome($update_finalemail) . " WHERE login_system_email_activation_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
} $_SESSION['start'] = time(); $_SESSION['expire'] = $_SESSION['start'] + 60 * 60; if (strlen(trim($_SESSION['userName'])) == 0) { session_destroy(); timeout(); die; } $applicationid = strip_tags(trim_awesome($_SESSION['userName'])); $firstname = strip_tags(trim_awesome($_POST["firstname"])); $middlename = strip_tags(trim_awesome($_POST["middlename"])); $lastname = strip_tags(trim_awesome($_POST["lastname"])); $dob = strip_tags(trim_awesome($_POST["dob"])); $gender = strip_tags(trim_awesome($_POST["gender"])); $bloodgrp = strip_tags(trim_awesome($_POST["bloodgrp"])); $hearaboutvs = strip_tags(trim_awesome($_POST["hearaboutvs"])); $finalapplicationid = htmlspecialchars($applicationid, ENT_QUOTES, 'UTF-8'); $finalfirstname = htmlspecialchars($firstname, ENT_QUOTES, 'UTF-8'); $finalmiddlename = htmlspecialchars($middlename, ENT_QUOTES, 'UTF-8'); $finallastname = htmlspecialchars($lastname, ENT_QUOTES, 'UTF-8'); $finaldob = htmlspecialchars($dob, ENT_QUOTES, 'UTF-8'); $finalgender = htmlspecialchars($gender, ENT_QUOTES, 'UTF-8'); $finalbloodgrp = htmlspecialchars($bloodgrp, ENT_QUOTES, 'UTF-8'); $finalhearaboutvs = htmlspecialchars($hearaboutvs, ENT_QUOTES, 'UTF-8'); if ($finaldob) { $c = date('Y'); $y = date('Y', strtotime($finaldob)); $finalage = $c - $y; } else { $finalage = ''; }
<?php include '../csrf_protection/csrf-token.php'; include '../csrf_protection/csrf-class.php'; if (!isset($_SESSION)) { $some_name = session_name("VedicaAdmission"); session_start(); } include '../config/config.php'; include '../config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include '../language/' . $language[$_GET['lang']] . '.php'; } else { include '../language/en.php'; } $update_firstname = strip_tags(trim_awesome($_POST["update_firstname"])); $update_lastname = strip_tags(trim_awesome($_POST["update_lastname"])); $update_finalfirstname = htmlspecialchars($update_firstname, ENT_QUOTES, 'UTF-8'); $update_finallastname = htmlspecialchars($update_lastname, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('update-account-form')) { echo $lang['update_account_wrong_security_token']; } else { $update1 = "UPDATE " . $admission_users . " SET f_name = " . mysql_real_escape_string_awesome($update_finalfirstname) . ", l_name = " . mysql_real_escape_string_awesome($update_finallastname) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery1 = mysql_query($update1); if ($updatequery1) { echo $lang['update_account_successful']; } else { echo $lang['update_account_unsuccessful']; } }
$irolesandresponsibility = "rolesandresponsibility{$x}"; $iextraworkexcount = "extraworkexcount{$x}"; $itotalworkex = "totalworkex{$x}"; ${'employementtype' . $x} = strip_tags(trim_awesome($_POST[$iemployementtype])); ${'organizationname' . $x} = strip_tags(trim_awesome($_POST[$iorganizationname])); ${'organizationtype' . $x} = strip_tags(trim_awesome($_POST[$iorganizationtype])); ${'organizationtypeother' . $x} = strip_tags(trim_awesome($_POST[$iorganizationtypeother])); ${'industrytype' . $x} = strip_tags(trim_awesome($_POST[$iindustrytype])); ${'workstarted' . $x} = strip_tags(trim_awesome($_POST[$iworkstarted])); ${'workcompleted' . $x} = strip_tags(trim_awesome($_POST[$iworkcompleted])); ${'comapnyjoinedas' . $x} = strip_tags(trim_awesome($_POST[$icomapnyjoinedas])); ${'currentdesignation' . $x} = strip_tags(trim_awesome($_POST[$icurrentdesignation])); ${'annualrenumeration' . $x} = strip_tags(trim_awesome($_POST[$iannualrenumeration])); ${'rolesandresponsibility' . $x} = strip_tags(trim_awesome($_POST[$irolesandresponsibility])); ${'extraworkexcount' . $x} = strip_tags(trim_awesome($_POST[$iextraworkexcount])); ${'totalworkex' . $x} = strip_tags(trim_awesome($_POST[$itotalworkex])); ${'finalemployementtype' . $x} = htmlspecialchars(${'employementtype' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalorganizationname' . $x} = htmlspecialchars(${'organizationname' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalorganizationtype' . $x} = htmlspecialchars(${'organizationtype' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalorganizationtypeother' . $x} = htmlspecialchars(${'organizationtypeother' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalindustrytype' . $x} = htmlspecialchars(${'industrytype' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalworkstarted' . $x} = htmlspecialchars(${'workstarted' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalworkcompleted' . $x} = htmlspecialchars(${'workcompleted' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalcomapnyjoinedas' . $x} = htmlspecialchars(${'comapnyjoinedas' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalcurrentdesignation' . $x} = htmlspecialchars(${'currentdesignation' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalannualrenumeration' . $x} = htmlspecialchars(${'annualrenumeration' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalrolesandresponsibility' . $x} = htmlspecialchars(${'rolesandresponsibility' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalextraworkexcount' . $x} = htmlspecialchars(${'extraworkexcount' . $x}, ENT_QUOTES, 'UTF-8'); ${'finaltotalworkex' . $x} = htmlspecialchars(${'totalworkex' . $x}, ENT_QUOTES, 'UTF-8'); $sqlworkexextra = "INSERT INTO `vedica_admn_2017`.`added_work_experience_details` (`application_id`, `employement_type`, `name_of_organization`, `organization_type`, `organization_type_other`, `started_work_date`, `completed_work_date`, `joined_as`, `current_designation`, `annual_renumeration`, `roles_and_responsibilty`) VALUES (\n\t\t\t\t" . mysql_real_escape_string_awesome($finalapplicationid) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalemployementtype' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalorganizationname' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalorganizationtype' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalorganizationtypeother' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalworkstarted' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalworkcompleted' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalcomapnyjoinedas' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalcurrentdesignation' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalannualrenumeration' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalrolesandresponsibility' . $x}) . "\n\t\t\t\t);"; $insertworkexextra = mysql_query($sqlworkexextra);
<div class="column-twelve"> <h4><i class="icon-wand"></i><?php echo $lang['activation_form_title']; ?> </h4> </div> </div> </div> <div class="section"> <div class="grid-container"> <div class="column-twelve"> <div id="activation-message"> <?php if (isset($_GET['email']) && isset($_GET['token'])) { $useremail = strip_tags(trim_awesome($_GET["email"])); $emailtoken = strip_tags(trim_awesome($_GET["token"])); $finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8'); $finalemailtoken = htmlspecialchars($emailtoken, ENT_QUOTES, 'UTF-8'); $emailtime = date("Y-m-d H:i:s"); $selectexpire = mysql_query("SELECT * FROM " . $mysqltable_name_4 . " WHERE login_system_email_activation_token = " . mysql_real_escape_string_awesome($finalemailtoken) . " AND login_system_email_activation_expire > " . mysql_real_escape_string_awesome($emailtime) . ""); $resultexpire = mysql_num_rows($selectexpire); if ($resultexpire == 1) { $search = mysql_query("SELECT login_system_email_activation_useremail, login_system_email_activation_token, login_system_email_activation_status FROM " . $mysqltable_name_4 . " WHERE login_system_email_activation_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . " AND login_system_email_activation_token = " . mysql_real_escape_string_awesome($finalemailtoken) . " AND login_system_email_activation_status = '0'"); $result = mysql_num_rows($search); if ($result == 1) { $update = "UPDATE " . $mysqltable_name_4 . " SET login_system_email_activation_status ='1' WHERE login_system_email_activation_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . " AND login_system_email_activation_token = " . mysql_real_escape_string_awesome($finalemailtoken) . " AND login_system_email_activation_status = '0'"; $updatequery = mysql_query($update); if ($updatequery) { echo $lang['activation_successful']; } else { echo $lang['activation_unsuccessful'];
include dirname(__FILE__) . '/language/en.php'; } if (isset($_GET['email']) && isset($_GET['token'])) { $useremail = strip_tags(trim_awesome($_GET["email"])); $passtoken = strip_tags(trim_awesome($_GET["token"])); $finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8'); $finalpasstoken = htmlspecialchars($passtoken, ENT_QUOTES, 'UTF-8'); $passtime = date("Y-m-d H:i:s"); $selectexpire = mysql_query("SELECT * FROM " . $mysqltable_name_3 . " WHERE login_system_forgot_password_token = " . mysql_real_escape_string_awesome($finalpasstoken) . " AND login_system_forgot_password_expire > " . mysql_real_escape_string_awesome($passtime) . ""); $resultexpire = mysql_num_rows($selectexpire); if ($resultexpire == 1) { $search = mysql_query("SELECT login_system_forgot_password_useremail, login_system_forgot_password_token FROM " . $mysqltable_name_3 . " WHERE login_system_forgot_password_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . " AND login_system_forgot_password_token = " . mysql_real_escape_string_awesome($finalpasstoken) . ""); $result = mysql_num_rows($search); if ($result == 1) { $newpassword = strip_tags(trim_awesome($_POST["password"])); $newretypepassword = strip_tags(trim_awesome($_POST["retypepassword"])); $newfinalpass = htmlspecialchars($newpassword, ENT_QUOTES, 'UTF-8'); $newfinalretypepass = htmlspecialchars($newretypepassword, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('newpassword-form')) { echo $lang['new_password_wrong_security_token']; } else { include dirname(__FILE__) . '/php-pass-framework/PasswordHash.php'; $hasher = new PasswordHash(8, false); $finalsalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); $newpassword = $hasher->HashPassword($newfinalpass . $finalsalt . $passwordsalt); $update = "UPDATE " . $admission_users . " SET password = "******", salt = " . mysql_real_escape_string_awesome($finalsalt) . " WHERE email_id = " . mysql_real_escape_string_awesome($finaluseremail) . ""; $updatequery = mysql_query($update); if ($updatequery) { echo $lang['new_password_successful']; } else { echo $lang['new_password_unsuccessful'];
include '../csrf_protection/csrf-token.php'; include '../csrf_protection/csrf-class.php'; if (!isset($_SESSION)) { $some_name = session_name("VedicaAdmission"); session_start(); } include '../config/config.php'; include '../config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include '../language/' . $language[$_GET['lang']] . '.php'; } else { include '../language/en.php'; } $update_social_email = strip_tags(trim_awesome($_POST["update_social_useremail"])); $update_final_social_email = htmlspecialchars($update_social_email, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('update-social-account')) { echo $lang['update_social_account_wrong_security_token']; } else { $emailsearch = mysql_query("SELECT * FROM " . $mysqltable_name_5 . " WHERE login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($update_final_social_email) . ""); $emailresult = mysql_num_rows($emailsearch); $emailquery = mysql_fetch_array($emailsearch); if ($emailquery && $emailquery['login_system_register_social_networks_provider_user_id'] != $_SESSION['loginProviderID']) { echo $lang['update_social_account_already_taken']; } else { $update1 = "UPDATE " . $mysqltable_name_5 . " SET login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($update_final_social_email) . " WHERE login_system_register_social_networks_provider_user_id = " . mysql_real_escape_string_awesome($_SESSION['loginProviderID']) . ""; $updatequery1 = mysql_query($update1); if ($updatequery1) { echo $lang['update_social_account_successful']; } else {
include dirname(__FILE__) . '/csrf_protection/csrf-token.php'; include dirname(__FILE__) . '/csrf_protection/csrf-class.php'; if (!isset($_SESSION)) { $some_name = session_name("VedicaAdmission"); session_start(); } include dirname(__FILE__) . '/config/config.php'; include dirname(__FILE__) . '/config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include dirname(__FILE__) . '/language/' . $language[$_GET['lang']] . '.php'; } else { include dirname(__FILE__) . '/language/en.php'; } $useremail = strip_tags(trim_awesome($_POST["useremail"])); $finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('complete-social-register-form')) { echo $lang['complete_registration_wrong_security_token']; } else { if ($_SESSION['loginProviderID'] && $_SESSION['loginProviderDisplayName']) { $config = dirname(__FILE__) . '/hybridauth/config.php'; include dirname(__FILE__) . '/hybridauth/Hybrid/Auth.php'; try { $hybridauth = new Hybrid_Auth($config); $provider = @trim(strip_tags($_GET["provider"])); $adapter = $hybridauth->getAdapter($provider); $finalemailtoken = md5(uniqid(rand(), true)); $datetime = date("Y-m-d H:i:s"); $expiretokenemail = date("Y-m-d H:i:s", strtotime('+1 hour')); $duplicate = mysql_query("SELECT * FROM " . $mysqltable_name_5 . " WHERE login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($finaluseremail) . "");
include '../csrf_protection/csrf-token.php'; include '../csrf_protection/csrf-class.php'; if (!isset($_SESSION)) { $some_name = session_name("VedicaAdmission"); session_start(); } include '../config/config.php'; include '../config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include '../language/' . $language[$_GET['lang']] . '.php'; } else { include '../language/en.php'; } $update_password = strip_tags(trim_awesome($_POST["update_password"])); $update_retypepassword = strip_tags(trim_awesome($_POST["update_retypepassword"])); $update_finalpass = htmlspecialchars($update_password, ENT_QUOTES, 'UTF-8'); $update_finalretypepass = htmlspecialchars($update_retypepassword, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('update-password-form')) { echo $lang['update_password_wrong_security_token']; } else { include '../php-pass-framework/PasswordHash.php'; $hasher = new PasswordHash(8, false); $finalsalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); $newpassword = $hasher->HashPassword($update_finalpass . $finalsalt . $passwordsalt); $update = "UPDATE " . $admission_users . " SET password = "******", salt = " . mysql_real_escape_string_awesome($finalsalt) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery = mysql_query($update); if ($updatequery) { echo $lang['update_password_successful']; } else { echo $lang['update_password_unsuccessful'];
if ($time > $_SESSION['expire']) { session_destroy(); timeout(); exit(0); } } $_SESSION['start'] = time(); $_SESSION['expire'] = $_SESSION['start'] + 60 * 60; if (strlen(trim($_SESSION['userName'])) == 0) { session_destroy(); timeout(); die; } $applicationid = strip_tags(trim_awesome($_SESSION['userName'])); $rolemodelinfo = strip_tags(trim_awesome($_POST["rolemodelinfo"])); $failureinfo = strip_tags(trim_awesome($_POST["failureinfo"])); $acheivementasalumnus = strip_tags(trim_awesome($_POST["acheivementasalumnus"])); $supportinfo = strip_tags(trim_awesome($_POST["supportinfo"])); $finalapplicationid = htmlspecialchars($applicationid, ENT_QUOTES, 'UTF-8'); $finalrolemodelinfo = htmlspecialchars($rolemodelinfo, ENT_QUOTES, 'UTF-8'); $finalfailureinfo = htmlspecialchars($failureinfo, ENT_QUOTES, 'UTF-8'); $finalacheivementasalumnus = htmlspecialchars($acheivementasalumnus, ENT_QUOTES, 'UTF-8'); $finalsupportinfo = htmlspecialchars($supportinfo, ENT_QUOTES, 'UTF-8'); if ($mysql == true) { $sqladditionalinfo = "INSERT INTO `vedica_admn_2017`.`user_additional_info` (`application_id`, `role_model_info`, `failure_info`, `acheivement_as_alumnus`,`support_info`) VALUES (" . mysql_real_escape_string_awesome($finalapplicationid) . "," . mysql_real_escape_string_awesome($finalrolemodelinfo) . "," . mysql_real_escape_string_awesome($finalfailureinfo) . "," . mysql_real_escape_string_awesome($finalacheivementasalumnus) . "," . mysql_real_escape_string_awesome($finalsupportinfo) . ")\n\t\tON DUPLICATE KEY\n\t\tUPDATE\n\t\trole_model_info = VALUES(role_model_info),\n\t\tfailure_info = VALUES(failure_info),\n\t\tacheivement_as_alumnus = VALUES(acheivement_as_alumnus),\n\t\tsupport_info = VALUES(support_info)\n\t\t;"; $insertaddtionalinfo = mysql_query($sqladditionalinfo); if (!$insertaddtionalinfo) { die('Could not enter data: ' . mysql_error()); } } else { }