Example #1
0
<?php

require '../classes/db.php';
require '../classes/validate.php';
$vl = new Validate();
$db = new Database();
$db->connect();
if (isset($_POST['user']) && isset($_POST['pass1'])) {
    $user = $vl->test_input($_POST['user']);
    $pass = $vl->test_input($_POST['pass1']);
    if (!empty($user) && !empty($pass)) {
        $query = sprintf("\n\t\tSELECT * \n\t\tFROM signup \n\t\tWHERE user = '******' AND password = '******'\n\t\t LIMIT 1;", $db->mysqli_escape($user), $db->mysqli_escape(md5($pass)));
        $result = $db->selectdata($query);
        if (mysqli_num_rows($result) == 1) {
            $row = mysqli_fetch_array($result);
            $_SESSION['user'] = $user;
            $_SESSION['id'] = $row['id'];
            $_SESSION['proimg'] = $row['imgname'];
            header('Location:../profile/user.php');
        } else {
            $_SESSION['warning'] = 'no such user';
            header('Location:../register/login.php');
        }
    } else {
        $_SESSION['warning'] = 'cant leave empty';
        header('Location:../register/login.php');
    }
} else {
    die('Error');
}
<?php

$row;
if (isset($_GET['eventid'])) {
    $db = new Database();
    $db->connect();
    $eventid = $_GET['eventid'];
    $query = sprintf("SELECT * FROM `event` WHERE `event_id`=%d ", $db->mysqli_escape($eventid));
    $result = $db->selectdata($query);
    $row = mysqli_fetch_assoc($result);
}
<?php

require '../classes/validate.php';
require '../classes/db.php';
$vl = new Validate();
$db = new Database();
$db->connect();
if (isset($_POST['pass1']) && isset($_POST['pass2']) && isset($_POST['prev'])) {
    $prev = $vl->test_input($_POST['prev']);
    $pass1 = $vl->test_input($_POST['pass1']);
    $pass2 = $vl->test_input($_POST['pass2']);
    if (!empty($prev) && !empty($pass1) && !empty($pass2)) {
        $query1 = sprintf("\n\t\tSELECT * \n\t\tFROM signup \n\t\tWHERE user = '******' AND password = '******'\n\t\t LIMIT 1;", $db->mysqli_escape($_SESSION['user']), $db->mysqli_escape(md5($prev)));
        $res = $db->selectdata($query1);
        if (!mysqli_num_rows($res) == 1) {
            $_SESSION['wrong'] = 'Invalid Current Password';
            header('Location:../profile/edit_profile.php');
        }
        if ($vl->valid_password($pass1, $pass2)) {
            $query = sprintf("UPDATE `signup` SET  `password`='%s' WHERE id =%d; ", md5($pass1), $_SESSION['id']);
            if ($result = $db->insertquery($query)) {
                $_SESSION['pass_update'] = 'Password Changed';
                header('Location:../profile/edit_profile.php');
            } else {
                die('Error');
            }
        } else {
            die('Error');
        }
    }
}
require '../classes/db.php';
require '../classes/validate.php';
$vl = new Validate();
$db = new Database();
$db->connect();
if (isset($_POST['regno']) && isset($_POST['first']) && isset($_POST['last']) && isset($_POST['email']) && isset($_POST['pass1']) && isset($_POST['pass2']) && isset($_POST['user']) && isset($_POST['contact']) && isset($_POST['domain'])) {
    $regno = $vl->test_input($_POST['regno']);
    $first = $vl->test_input($_POST['first']);
    $last = $vl->test_input($_POST['last']);
    $email = $vl->test_input($_POST['email']);
    $pass1 = $vl->test_input($_POST['pass1']);
    $pass2 = $vl->test_input($_POST['pass2']);
    $domain = $vl->test_input($_POST['domain']);
    $user = $vl->test_input($_POST['user']);
    $contact = $vl->test_input($_POST['contact']);
    $query = sprintf("\n\t\tSELECT id \n\t\tFROM signup \n\t\tWHERE user = '******' \n\t\tLIMIT 1;", $db->mysqli_escape($user));
    $result = $db->selectdata($query);
    if (mysqli_num_rows($result) == 1) {
        die('Username Already Exist');
    }
    if (!empty($regno) && !empty($first) && !empty($last) && !empty($email) && !empty($pass1) && !empty($pass2) && !empty($user) && !empty($contact) && !empty($domain)) {
        if ($vl->valid_password($pass1, $pass2) && $vl->valid_register($regno) && $vl->valid_email($email) && $vl->valid_username_name($user)) {
            $pass1 = md5($pass1);
            $query = sprintf("INSERT INTO `signup` (`user`,`password`, `fname`, `lname`, `regno`, `contact`, `email`, `domain`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s');", $user, $pass1, $first, $last, $regno, $contact, $email, $domain);
            if ($result = $db->insertquery($query)) {
                $_SESSION['signup'] = 'signup';
                header('Location:../register/login.php');
            } else {
                die('Error');
            }
        } else {
<?php

$db = new Database();
$db->connect();
$query = sprintf("SELECT * FROM `event` WHERE `author_id`=%d ORDER BY `event`.`update_time` DESC", $db->mysqli_escape($_SESSION['id']));
$result = $db->selectdata($query);
$len = @mysqli_num_rows($result);
if ($len == 0) {
    echo "No Events Added Yet";
}
<?php

$db = new Database();
$db->connect();
if (isset($_SESSION['user']) && isset($_SESSION['id'])) {
    $query = sprintf("\n\t\tSELECT * \n\t\tFROM signup \n\t\tWHERE id = %d LIMIT 1;", $db->mysqli_escape($_SESSION['id']));
    $result = $db->selectdata($query);
    if (mysqli_num_rows($result) == 1) {
        $row = mysqli_fetch_array($result);
        $fname = $row['fname'];
        $lname = $row['lname'];
        $regno = $row['regno'];
        $domain = $row['domain'];
        $contact = $row['contact'];
    } else {
        $_SESSION['warning'] = 'no such user';
        header('Location:../register/login.php');
    }
} else {
    header('Location:../index.php');
}