Example #1
0
<?php

require_once dirname(__FILE__) . "/library/DB.php";
require_once dirname(__FILE__) . "/config/config.php";
session_start();
$db = new DB();
$db->db_connect();
if (isset($_SESSION["user"])) {
    header("Location: list.php");
}
if (isset($_POST["eid"])) {
    $sql = "SELECT * FROM user WHERE (user_eid = '" . $db->db_escape_string($_POST["eid"]) . "' OR LOWER(user_nick_name) = LOWER('" . $db->db_escape_string($_POST["eid"]) . "')) AND active = 1";
    $rs = $db->db_query($sql);
    $user = $db->fetch_array($rs);
    if (!$user) {
        $errors = "EID not exist";
    } else {
        $_SESSION["user"] = $user;
        header("Location: list.php");
    }
}
?>
<!DOCTYPE html>
<html>
	<head>
		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"/>
	  	<!-- Compiled and minified CSS -->
	  	<link rel="stylesheet" href="/bower_components/Materialize/dist/css/materialize.min.css">
		<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
		<!--Let browser know website is optimized for mobile-->
	</head>
Example #2
0
<?php

require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
    header("Location: index.php");
}
$db = new DB();
$db->db_connect();
if (!isset($_GET["uid"])) {
    header("Location: user.php");
} else {
    $sql = "SELECT * FROM user WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'";
    $rs = $db->db_query($sql);
    $user = $db->fetch_array($rs);
    if ($user) {
        $sql = "UPDATE user\r\n\t\t\t\t\t\tSET active='0'\r\n\t\t\t\t\t\tWHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'";
        $db->db_query($sql);
    }
    header("Location: user.php");
}
Example #3
0
session_start();
$db = new DB();
$db->db_connect();
if (isset($_SESSION["admin"])) {
    header("Location: user.php");
}
if (isset($_POST["login_id"])) {
    $errors = array();
    if ($_POST["login_id"] == "") {
        $errors[] = "please enter login id";
    }
    if ($_POST["password"] == "") {
        $errors[] = "please enter password";
    }
    $pw = md5($_POST["password"]);
    $sql = "SELECT * FROM admin WHERE admin_login = '" . $db->db_escape_string($_POST["login_id"]) . "' AND admin_password = '" . $pw . "'";
    $rs = $db->db_query($sql);
    $admin = $db->fetch_array($rs);
    print_r($admin);
    if (!$admin) {
        $errors[] = "login id or password is incorrect!";
    } else {
        $_SESSION["admin"] = $admin;
        header("Location: user.php");
    }
}
?>

<!DOCTYPE html>
<html>
<body>
Example #4
0
$db->db_connect();
//Select from DB
if (isset($_GET["uid"])) {
    $sql = "SELECT * FROM user WHERE user_id = " . $_GET["uid"];
    $rs = $db->db_query($sql);
    $users = $db->fetchAll($rs);
    foreach ($users as $user) {
        $id = $user['user_id'];
        $eid = $user['user_eid'];
        $name = $user['user_nick_name'];
        $gwid = $user['user_gwid'];
    }
}
//Update user information
if (isset($_POST["id"])) {
    $p_id = $db->db_escape_string($_POST["id"]);
    $p_eid = $db->db_escape_string($_POST["eid"]);
    $p_nickname = $db->db_escape_string($_POST["name"]);
    $p_gwid = $db->db_escape_string($_POST["gwid"]);
    if ($_FILES["user_image"]["tmp_name"]) {
        $extention_file = preg_match("/\\.([a-z])+\$/", $_FILES["user_image"]["name"], $match);
        $file_name = $_FILES["user_image"]["name"] . $user_eid . $match[0];
        move_uploaded_file($_FILES["user_image"]["tmp_name"], "../images/" . $file_name);
        $file_name = ", user_img = '{$file_name}'";
    } else {
        $file_name = "";
    }
    print_r($file_name);
    $sql = "UPDATE user SET user_eid = '{$p_eid}', user_nick_name = '{$p_nickname}', user_gwid = '{$p_gwid}'  {$file_name} WHERE user_id=" . $p_id;
    $db->db_query($sql);
    header("Location: ../admin/user.php");
Example #5
0
<?php

require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
    header("Location: index.php");
}
$db = new DB();
$db->db_connect();
$fday = "";
$sort = "";
if ($_GET["year"]) {
    $year = $db->db_escape_string($_GET["year"]);
}
if (isset($_GET["sort"])) {
    switch ($_GET['sort']) {
        case '1':
            $sort .= "ORDER BY thanks ASC";
            break;
        case '2':
            $sort .= "ORDER BY thanks DESC";
            break;
        default:
            $sort .= "ORDER BY thanks DESC";
            break;
    }
} else {
    $sort .= "ORDER BY thanks DESC";
}
$sql = "SELECT *, (SELECT COUNT(*) FROM comment WHERE comment.comment_who_thank = user.user_eid";
Example #6
0
            $sort .= "ORDER BY user_eid DESC";
            break;
        case '3':
            $sort .= "ORDER BY user_nick_name ASC";
            break;
        case '4':
            $sort .= "ORDER BY user_nick_name DESC";
            break;
        default:
            $sort .= "ORDER BY user_eid DESC";
            break;
    }
}
$filter = "";
if (isset($_GET["keyword"])) {
    $filter .= "AND (user.user_nick_name LIKE '%" . $db->db_escape_string($_GET["keyword"]) . "%' OR user.user_eid LIKE '%" . $db->db_escape_string($_GET["keyword"]) . "%') ";
}
$sql = "SELECT *, (SELECT COUNT(*) FROM comment \r\n\t\t\t\t\tWHERE user.user_id = comment.user_id \r\n\t\t\t\t\t\tGROUP BY user_id) AS thanks , \r\n\t\t\t\t  (SELECT COUNT(*) FROM comment \r\n\t\t\t\t\tWHERE user.user_id = comment.user_id AND comment_reg_datetime BETWEEN DATE_FORMAT(NOW() ,'%Y-%m-01') AND NOW() \r\n\t\t\t\t\t\tGROUP BY user_id) AS thank_in_month ,\r\n\t\t\t\t  (SELECT comment_content FROM comment\r\n\t\t\t\t  \tWHERE user.user_id = comment.user_id\r\n\t\t\t\t  \t\tORDER BY comment_reg_datetime DESC LIMIT 1) AS last_comment\r\n\t\t\t\t\t\t\tFROM user WHERE active = '1' " . $filter . $sort;
$rs = $db->db_query($sql);
$users = $db->fetchAll($rs);
$content = file_get_contents("content.htm");
$regex = "/\\/user\\/detail\\?id=([0-9]+)\">([^<]*?)</";
preg_match_all($regex, $content, $matches);
?>
<!DOCTYPE html>
<html>
	<head>
		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"/>
	  	<!-- Compiled and minified CSS -->
	  	<link rel="stylesheet" href="/bower_components/Materialize/dist/css/materialize.min.css">
		<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
Example #7
0
<?php

require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
    header("Location: index.php");
}
$db = new DB();
$db->db_connect();
if (isset($_POST["user_eid"])) {
    try {
        $user_eid = $db->db_escape_string($_POST["user_eid"]);
        if ($_FILES["user_image"]["tmp_name"]) {
            $extention_file = preg_match("/\\.([a-z])+\$/", $_FILES["user_image"]["name"], $match);
            $file_name = $user_eid . $match[0];
            move_uploaded_file($_FILES["user_image"]["tmp_name"], "../images/" . $file_name);
        } else {
            $file_name = "";
        }
        $user_nick_name = $db->db_escape_string($_POST["user_nick_name"]);
        $user_gwid = $db->db_escape_string($_POST["user_gwid"]);
        $sql = "INSERT INTO user (user_eid, user_nick_name, user_reg_datetime, user_gwid,user_img) VALUES ('{$user_eid}', '{$user_nick_name}', NOW(), '{$user_gwid}','{$file_name}')";
        $db->db_query($sql);
    } catch (Exception $e) {
        echo 'Caught exception: ', $e->getMessage(), "\n";
        die;
    }
    header("Location: user.php");
}
?>
Example #8
0
<?php

require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
    header("Location: index.php");
}
$db = new DB();
$db->db_connect();
$fday = "";
$sort = "";
if ($_GET["startdate"]) {
    $startdate = $db->db_escape_string($_GET["startdate"]);
}
if ($_GET["enddate"]) {
    $enddate = $db->db_escape_string($_GET["enddate"]);
}
if ($_GET["year"]) {
    $year = $db->db_escape_string($_GET["year"]);
}
if (strtotime($enddate) < strtotime($startdate)) {
    $error = "date is not valid!";
}
$param = $_GET;
$uri = "";
foreach ($param as $key => $value) {
    if ($uri !== "") {
        $uri .= "&";
    }
    $uri .= $key . "=" . $value;
Example #9
0
<?php

require_once dirname(__FILE__) . "/library/DB.php";
require_once dirname(__FILE__) . "/config/config.php";
require_once dirname(__FILE__) . "/library/emotion.php";
session_start();
if (!isset($_SESSION["user"])) {
    header("Location: index.php");
}
$db = new DB();
$db->db_connect();
if (isset($_POST["user_id"])) {
    $uid = $db->db_escape_string($_POST["user_id"]);
    $comment = $db->db_escape_string($_POST["content"]);
    $who = $_SESSION["user"]["user_eid"];
    $sql = "INSERT INTO comment (user_id, comment_content, comment_who_thank, comment_reg_datetime) VALUES ('{$uid}', '{$comment}', '{$who}',NOW())";
    $db->db_query($sql);
    header("Location: list.php");
} elseif (!isset($_GET["uid"])) {
    header("Location: list.php");
} else {
    $sql = "SELECT * FROM user WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "' AND active = '1'";
    $rs = $db->db_query($sql);
    $user = $db->fetch_array($rs);
    $sql = "SELECT * FROM comment WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'" . " AND comment_reg_datetime >= '" . date("Y-01-01 00:00:00") . "'" . " ORDER BY comment_reg_datetime DESC";
    $rs = $db->db_query($sql);
    $comments = $db->fetchAll($rs);
    if (!$user) {
        header("Location: list.php");
    }
    if (isset($_GET["img"])) {
Example #10
0
<?php

require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
    header("Location: index.php");
}
$db = new DB();
$db->db_connect();
if (!isset($_GET["uid"])) {
    header("Location: user.php");
} else {
    $sql = "SELECT * FROM user WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'";
    $rs = $db->db_query($sql);
    $user = $db->fetch_array($rs);
    if (isset($_GET["startdate"])) {
        $startdate = $db->db_escape_string($_GET["startdate"]);
    }
    if (isset($_GET["enddate"])) {
        $enddate = $db->db_escape_string($_GET["enddate"]);
    }
    $sql = "SELECT comment.*, user.user_nick_name AS who_thank \r\n\t\t\t\t\t\t\tFROM comment LEFT JOIN user \r\n\t\t\t\t\t\t\tON comment.comment_who_thank = user.user_eid \r\n\t\t\t\t\t\t\t\tWHERE comment.user_id = '" . $db->db_escape_string($_GET["uid"]) . "'";
    if ($startdate) {
        $sql .= " AND comment_reg_datetime >= '" . $startdate . "'";
    }
    if ($enddate) {
        $sql .= " AND comment_reg_datetime <= '" . $enddate . "'";
    }
    $sql .= " AND comment_reg_datetime >= '" . date("Y-01-01 00:00:00") . "'";
    $rs = $db->db_query($sql);