<?php require '../classes/db.php'; require '../classes/validate.php'; $vl = new Validate(); $db = new Database(); $db->connect(); if (isset($_POST['user']) && isset($_POST['pass1'])) { $user = $vl->test_input($_POST['user']); $pass = $vl->test_input($_POST['pass1']); if (!empty($user) && !empty($pass)) { $query = sprintf("\n\t\tSELECT * \n\t\tFROM signup \n\t\tWHERE user = '******' AND password = '******'\n\t\t LIMIT 1;", $db->mysqli_escape($user), $db->mysqli_escape(md5($pass))); $result = $db->selectdata($query); if (mysqli_num_rows($result) == 1) { $row = mysqli_fetch_array($result); $_SESSION['user'] = $user; $_SESSION['id'] = $row['id']; $_SESSION['proimg'] = $row['imgname']; header('Location:../profile/user.php'); } else { $_SESSION['warning'] = 'no such user'; header('Location:../register/login.php'); } } else { $_SESSION['warning'] = 'cant leave empty'; header('Location:../register/login.php'); } } else { die('Error'); }
<?php $row; if (isset($_GET['eventid'])) { $db = new Database(); $db->connect(); $eventid = $_GET['eventid']; $query = sprintf("SELECT * FROM `event` WHERE `event_id`=%d ", $db->mysqli_escape($eventid)); $result = $db->selectdata($query); $row = mysqli_fetch_assoc($result); }
<?php require '../classes/validate.php'; require '../classes/db.php'; $vl = new Validate(); $db = new Database(); $db->connect(); if (isset($_POST['pass1']) && isset($_POST['pass2']) && isset($_POST['prev'])) { $prev = $vl->test_input($_POST['prev']); $pass1 = $vl->test_input($_POST['pass1']); $pass2 = $vl->test_input($_POST['pass2']); if (!empty($prev) && !empty($pass1) && !empty($pass2)) { $query1 = sprintf("\n\t\tSELECT * \n\t\tFROM signup \n\t\tWHERE user = '******' AND password = '******'\n\t\t LIMIT 1;", $db->mysqli_escape($_SESSION['user']), $db->mysqli_escape(md5($prev))); $res = $db->selectdata($query1); if (!mysqli_num_rows($res) == 1) { $_SESSION['wrong'] = 'Invalid Current Password'; header('Location:../profile/edit_profile.php'); } if ($vl->valid_password($pass1, $pass2)) { $query = sprintf("UPDATE `signup` SET `password`='%s' WHERE id =%d; ", md5($pass1), $_SESSION['id']); if ($result = $db->insertquery($query)) { $_SESSION['pass_update'] = 'Password Changed'; header('Location:../profile/edit_profile.php'); } else { die('Error'); } } else { die('Error'); } } }
require '../classes/db.php'; require '../classes/validate.php'; $vl = new Validate(); $db = new Database(); $db->connect(); if (isset($_POST['regno']) && isset($_POST['first']) && isset($_POST['last']) && isset($_POST['email']) && isset($_POST['pass1']) && isset($_POST['pass2']) && isset($_POST['user']) && isset($_POST['contact']) && isset($_POST['domain'])) { $regno = $vl->test_input($_POST['regno']); $first = $vl->test_input($_POST['first']); $last = $vl->test_input($_POST['last']); $email = $vl->test_input($_POST['email']); $pass1 = $vl->test_input($_POST['pass1']); $pass2 = $vl->test_input($_POST['pass2']); $domain = $vl->test_input($_POST['domain']); $user = $vl->test_input($_POST['user']); $contact = $vl->test_input($_POST['contact']); $query = sprintf("\n\t\tSELECT id \n\t\tFROM signup \n\t\tWHERE user = '******' \n\t\tLIMIT 1;", $db->mysqli_escape($user)); $result = $db->selectdata($query); if (mysqli_num_rows($result) == 1) { die('Username Already Exist'); } if (!empty($regno) && !empty($first) && !empty($last) && !empty($email) && !empty($pass1) && !empty($pass2) && !empty($user) && !empty($contact) && !empty($domain)) { if ($vl->valid_password($pass1, $pass2) && $vl->valid_register($regno) && $vl->valid_email($email) && $vl->valid_username_name($user)) { $pass1 = md5($pass1); $query = sprintf("INSERT INTO `signup` (`user`,`password`, `fname`, `lname`, `regno`, `contact`, `email`, `domain`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s');", $user, $pass1, $first, $last, $regno, $contact, $email, $domain); if ($result = $db->insertquery($query)) { $_SESSION['signup'] = 'signup'; header('Location:../register/login.php'); } else { die('Error'); } } else {
<?php $db = new Database(); $db->connect(); $query = sprintf("SELECT * FROM `event` WHERE `author_id`=%d ORDER BY `event`.`update_time` DESC", $db->mysqli_escape($_SESSION['id'])); $result = $db->selectdata($query); $len = @mysqli_num_rows($result); if ($len == 0) { echo "No Events Added Yet"; }
<?php $db = new Database(); $db->connect(); if (isset($_SESSION['user']) && isset($_SESSION['id'])) { $query = sprintf("\n\t\tSELECT * \n\t\tFROM signup \n\t\tWHERE id = %d LIMIT 1;", $db->mysqli_escape($_SESSION['id'])); $result = $db->selectdata($query); if (mysqli_num_rows($result) == 1) { $row = mysqli_fetch_array($result); $fname = $row['fname']; $lname = $row['lname']; $regno = $row['regno']; $domain = $row['domain']; $contact = $row['contact']; } else { $_SESSION['warning'] = 'no such user'; header('Location:../register/login.php'); } } else { header('Location:../index.php'); }