function updateStats($objectName, $objectId, $type) { $db = new DatabaseConnection(); $stats = new Stats(); $query = "SELECT statsid FROM stats WHERE objectname='{$objectName}' AND objectid='{$objectId}'"; $results = $db->Query($query); if ($db->Rows() > 0) { //exsiting $data = mysql_fetch_row($results); $stats = $stats->Get((int) $data[0]); } else { //new record $stats->objectname = $objectName; $stats->objectid = $objectId; } $stats->{$type} = $stats->{$type} + 1; $stats->Save(); }
/** * Deletes the object from the database * @return boolean */ function Delete() { $Database = new DatabaseConnection(); $this->pog_query = "delete from `user` where `userid`='" . $this->userId . "'"; return $Database->Query($this->pog_query); }
function generateJobLink($user) { global $truncateText; $db = new DatabaseConnection(); $result = $db->Query("SELECT * FROM job where onlineuser_onlineuserid={$user->onlineuserId} ORDER BY dt_created DESC"); $rows = $db->Rows(); $alt = false; $rowclass = ""; if ($rows > 0 || isSuperUser(false)) { echo "<br/>"; echo "<span class='adminrowheader'>Job Admin</span>"; echo " - <a href='job_post.php' class='newslarge'>create new</a>"; echo "<div class=\"spacer\"></div>"; echo "<table class=\"table\">"; if ($rows == 0) { if (isSuperUser(false)) { echo "<tr><td>"; echo "currently have no entries"; echo "</td></tr>"; } } else { echo "<TR><TD>Position</td><TD>Description</td><TD>Salary</td><TD>Location</td><TD>Company</td><TD>Created</td><TD>Expires</td><TD>Status</td><TD><!-- Functions --></td></tr>"; for ($i = 0; $i < $rows; $i++) { $row = mysql_fetch_assoc($result); if ($alt) { $rowclass = "row_even"; } else { $rowclass = "row_odd"; } $alt = !$alt; echo "<tr>"; echo "<td class=\"{$rowclass}\">" . $row["position"] . "</td>"; echo "<td class=\"{$rowclass}\">" . substr($row["profile"], 0, $truncateText) . "...</td>"; echo "<td class=\"{$rowclass}\">" . $row["bonus"] . "</td>"; echo "<td class=\"{$rowclass}\">" . $row["location"] . "</td>"; echo "<td class=\"{$rowclass}\">" . $row["company"] . "</td>"; echo "<td class=\"{$rowclass}\">" . FormatDateTime($row["dt_created"], 7) . "</td>"; echo "<td class=\"{$rowclass}\">" . FormatDateTime($row["dt_expire"], 7) . "</td>"; $jobid = $row["jobid"]; if ($row["job_status"] != "temp" && $row["dt_expire"] <= date("Y-m-d")) { echo "<td class=\"{$rowclass}\">Expired</td><td class=\"{$rowclass}\"><ul>"; echo "<li><a href=\"renew.php?type=Job&id=" . $jobid . "\">Renew</a></li>"; } else { switch ($row["job_status"]) { case "temp": echo "<td class=\"{$rowclass}\">Temporary</td><td class=\"{$rowclass}\"><ul>"; echo "<li><a href='activate.php?type=Job&id={$jobid}'>Activate</a></li>"; break; case "active": echo "<td class=\"{$rowclass}\">Active</td><td class=\"{$rowclass}\"><ul>"; if (isSuperUser(false)) { echo "<li><a href='deactivate.php?type=Job&id={$jobid}'>Pause</a></li>"; } break; case "disabled": echo "<td class=\"{$rowclass}\">Paused</td><td class=\"{$rowclass}\"><ul>"; if (isSuperUser(false)) { echo "<li><a href='activate.php?type=Job&id={$jobid}'>Continue</a></li>"; } } } echo "<li><a href='jobedit.php?jobid={$jobid}'>Modify</a></li>"; //echo "<li><a href='jobview.php?jobid=$jobid' target='_blank'>View</a></li>"; if (isSuperUser(false)) { echo "<li><a href='#' onClick=\"sure('Job','{$jobid}')\">Delete</a></li>"; } echo "</ul>"; echo "</td>"; echo "</tr>"; } } echo "</table>"; echo "<br/>"; echo "<br/>"; } }
function hasSpotlight() { $db = new DatabaseConnection(); $result = $db->Query("SELECT spotlightid FROM spotlight WHERE membershipid='" . $this->gold_membershipId . "' AND spotlight_type='gold_membership'"); if ($db->Rows() > 0) { $id = mysql_fetch_row($result); return $id[0]; } else { return false; } }
require "common_super.php"; require "top.php"; $class = stripslashes($_GET["type"]); $id = (int) $_GET["id"]; if ($class == "news" || $class == "restaurant" || $class == "franchise") { $adminUrl = "admin_account.php"; } else { $adminUrl = "account.php"; } if ($class == "Job") { $db = new DatabaseConnection(); $db->Query("delete from job where jobid={$id}"); } else { if ($class == "CV") { $db = new DatabaseConnection(); $db->Query("delete from cv where cvid={$id}"); } else { $object = new $class(); $object = $object->Get($id); $object->Delete(); } } ?> <table width="459" border="0" cellspacing="0" cellpadding="0" > <tr> <td><img src="images/spacer.gif" alt="spacer" width="1" height="5" border="0" /></td> </tr> <tr> <td><div class="roundcont"> <div class="roundtop"> <img class="corner" src="images/bl_01.gif" alt="edge" style=" display: none;" /></div> <h1>Delete Item</h1>
/** * Deletes the object from the database * @return boolean */ function Delete($deep = false) { if ($deep) { $userList = $this->GetUserList(); foreach ($userList as $user) { $user->Delete($deep); } } $Database = new DatabaseConnection(); $this->pog_query = "delete from `group` where `groupid`='" . $this->groupId . "'"; return $Database->Query($this->pog_query); }
} else { if ($instance->pog_attribute_type[strtolower($attribute)][0] != "OBJECT") { $instance->{$attribute} = "1"; } } } } //Test Save() $instanceId = false; $instance->{strtolower($className) . "Id"} = 0; $instanceId = $instance->Save(false); if (!$instanceId) { //table doesn't exist //try to create table $database = new DatabaseConnection(); $database->Query($sql); $instanceId = $instance->Save(false); if (!$instanceId) { $diagnostics .= "Could not create table."; $diagnostics .= "ERROR: Save() could not be performed\n"; $diagnostics .= $instance->pog_query . "\n"; $errors++; } else { $diagnostics .= "Created Table {$className} successfully\n"; $diagnostics .= "Testing Save()....OK\n"; } } else { $diagnostics .= "Testing Save()....OK\n"; } //Test SaveNew() if (!$instance->SaveNew(false)) {
<?php require "common_super.php"; $id = (int) $_GET["id"]; $db = new DatabaseConnection(); $user = new OnlineUser(); if ((bool) $_POST["submitting"]) { $id = (int) $_POST["id"]; $user = $user->Get($id); $tables = array("cv", "franchise", "gold_membership", "job", "platinum_membership", "restaurant", "supplier"); foreach ($tables as $tableName) { $db->Query("DELETE FROM {$tableName} WHERE onlineuser_onlineuserid='{$id}'"); } $user->Delete(); $_SESSION["onlineuser"] = $_SESSION["superuser"]; header("Location: delete_user_success.php"); exit; } $db->Query("SELECT dt_created FROM cv WHERE onlineuser_onlineuserid='{$id}'"); $cvCount = $db->Rows(); $db->Query("SELECT dt_created FROM franchise WHERE onlineuser_onlineuserid='{$id}'"); $franchiseCount = $db->Rows(); $db->Query("SELECT dt_created FROM gold_membership WHERE onlineuser_onlineuserid='{$id}'"); $goldCount = $db->Rows(); $db->Query("SELECT dt_created FROM job WHERE onlineuser_onlineuserid='{$id}'"); $jobCount = $db->Rows(); $db->Query("SELECT dt_created FROM platinum_membership WHERE onlineuser_onlineuserid='{$id}'"); $platinumCount = $db->Rows(); $db->Query("SELECT dt_created FROM restaurant WHERE onlineuser_onlineuserid='{$id}'"); $restaurantCount = $db->Rows(); $db->Query("SELECT dt_created FROM supplier WHERE onlineuser_onlineuserid='{$id}'");
if ($firstname != "" || $lastname != "" || $email != "") { $where = ""; $where = $firstname != "" ? "first_name like '%" . $db->Escape($firstname) . "%'" : ""; if ($lastname != "") { if ($where != "") { $where .= " AND "; } $where .= "last_name like '%" . $db->Escape($lastname) . "%'"; } if ($email != "") { if ($where != "") { $where .= " AND "; } $where .= "email like '%" . $db->Escape($email) . "%'"; } $result = $db->Query("SELECT onlineuserId, first_name, last_name, email FROM onlineuser WHERE {$where} AND onlineuserId!='1'"); if (($rows = $db->Rows()) > 0) { $matches = true; for ($i = 0; $i < $rows; $i++) { $resultArray[$i] = mysql_fetch_row($result); } } } require "top_wide.php"; ?> <style type="text/css" media="screen"> <!-- a { color: #0083cc; font-size: 10px; font-family: Verdana, Arial, Helvetica, SunSans-Regular; text-decoration: none } a:hover { color: #0083cc; font-size: 10px; font-family: Verdana, Arial, Helvetica, SunSans-Regular; text-decoration: underline } #wrapper table { width:740px;} #wrapper td {padding:5px;}
<?php require "common_all.php"; $errorText = ""; if (isset($_GET["code"])) { if (strlen($code) > 20) { $errorText .= "<LI>Please enter a valid code"; } if (strlen($email) > 45) { $errorText .= "<LI>Please enter a valid email address"; } if ($errorText == "") { $db = new DatabaseConnection(); $code = $db->Escape($_GET["code"]); $email = $db->Escape($_GET["email"]); $db->Query("SELECT onlineuserid FROM onlineuser WHERE email='{$email}'"); if ($db->Rows() > 0) { $user = new OnlineUser(); $user = $user->Get($db->Result(0, "onlineuserid")); if ($code == strtotime($user->dt_created)) { $user->user_status = "active"; $user->Save(); //$_SESSION["onlineuser"]=$user; header("Location: register_activated.php"); } } $errorText = "<LI>Either the email address or code you entered is incorrect"; } else { $errorText = "<ul>{$errorText}</ul>"; } }
<?php require "common_user.php"; require "top.php"; $class = stripslashes($_GET["type"]); $id = (int) $_GET["id"]; $newExpiryDate = expiryDate(); if ($class == "gold_membership" || $class == "platinum_membership") { $newExpiryDate = expiryYear(); } if ($class == "Job") { $db = new DatabaseConnection(); $db->Query("update job set job_status = 'active', dt_expire='{$newExpiryDate}' where onlineuser_onlineuserid={$user->onlineuserId} and jobid={$id}"); } else { $object = new $class(); $object = $object->Get($id); if (isSuperUser(false) || $user->canAccess($object)) { /* no point check this, where if an object is live or not are determined by status and expiry date $expires=strtotime($object->dt_expire); if (date("U") > $expires){ // at this point the advert has already expired // maybe redirect to a pay now link ? exit; } */ $status = $class . "_status"; $object->{$status} = "active"; $object->dt_expire = $newExpiryDate; $object->Save(); } else { // this user is not allowed to access this resource
<?php require "common_user.php"; require "top.php"; $class = stripslashes($_GET["type"]); $id = (int) $_GET["id"]; if ($class == "Job") { $db = new DatabaseConnection(); $db->Query("update job set job_status = 'disabled' where onlineuser_onlineuserid={$user->onlineuserId} and jobid={$id}"); } else { $object = new $class(); $object = $object->Get($id); if (isSuperUser(false) || $user->canAccess($object)) { $status = $class . "_status"; $object->{$status} = "disabled"; $object->Save(); } else { // this user is not allowed to access this resource exit; } } ?> <table width="459" border="0" cellspacing="0" cellpadding="0" > <tr> <td><img src="images/spacer.gif" alt="spacer" width="1" height="5" border="0" /></td> </tr> <tr> <td><div class="roundcont"> <div class="roundtop"> <img class="corner" src="images/bl_01.gif" alt="edge" style=" display: none;" /></div> <h1>Deactivate Advert</h1> <div class="roundbottom"> <img src="images/bl_06.gif" alt="edge" class="corner" style=" display: none;" /></div>
/** * Deletes the object from the database * @return boolean */ function Delete() { $Database = new DatabaseConnection(); $this->pog_query = "delete from `stats` where `statsid`='" . $this->statsId . "'"; return $Database->Query($this->pog_query); }
echo "<a href=\"platinum.php?id=" . $platinumImages[$imagePos][0] . "\">"; echo "<img src=\"logos/" . $platinumImages[$imagePos][1] . "\" width='153' height='104' border='0' class='platinumImages'></a>"; $imagePos++; } else { echo "<a href=\"advertise.php\">"; echo "<img src='logos/your_company_here.gif' width='153' height='104' border='0' class='platinumImages'></a>"; } } if (isset($_GET["redir"])) { $_SESSION["redir"] = $_GET["redir"]; header("Location: index.php"); exit; } $platinumImages = array(6); $db = new DatabaseConnection(); $result = $db->Query("SELECT platinum_membershipId,logo\n FROM platinum_membership\n WHERE platinum_membership_status='active'\n AND dt_expire>'" . date("Y-m-d") . "'\n ORDER BY RAND() LIMIT 6"); $rows = $db->Rows(); for ($i = 0; $i < $rows; $i++) { $qr = mysql_fetch_row($result); $platinumImages[$i] = $qr; } $imagePos = 0; for ($i = 0; $i < count($platinumImages); $i++) { updateImpressions("platinum_membership", $platinumImages[$i][0]); } $loginEmail = showLoggedInAs(); //default $button1 = "homebuttonIff_04"; $button2 = "homebuttonIff_05"; $button3 = "homebuttonIff_06"; $button4 = "homebuttonIff_07";
<?php require "common_all.php"; if (isset($_POST["reset"])) { $db = new DatabaseConnection(); $email = $db->Escape($_POST["email"]); $password = ""; for ($i = 1; $i <= 6; $i++) { $password .= chr(mt_rand(97, 122)) . chr(mt_rand(65, 90)); } $db->Query("UPDATE onlineuser SET pass_word=PASSWORD('{$password}') WHERE email='{$email}'"); $db->Query("SELECT first_name, last_name FROM onlineuser WHERE email='{$email}'"); if ($db->Rows() > 0) { $fname = $db->Result(0, "first_name"); $lname = $db->Result(0, "last_name"); $headers = "From: noreply@fastfoodjobsuk.co.uk\r\n"; $headers .= "X-Mailer: CJS_MailSystem\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; $message = "<HTML><pre>"; $message .= "Dear {$fname} {$lname}\n\n"; $message .= "You password is: {$password} and if you need any further help please e-mail\n"; $message .= "support@fastfoodjobsuk.co.uk\n\n"; $message .= "Regards,\n\n"; $message .= "The Fast Food Jobs Support Team."; $message .= "</pre></html>"; mail($email, "Fastfoodjobsuk Password Reset", $message, $headers); } header("Location: forgotten_password_success.php"); exit; }
} if (($result = validate($user->address_2, "", 255)) !== true) { $errorText .= "<LI>The second line of your address is {$result}"; } if (($result = validate($user->postcode, "", 20)) !== true) { $errorText .= "<LI>Your post code is {$result}"; } if (($result = validate($user->tel, "phonenumber", 45)) !== true) { $errorText .= "<LI>Your telephone number is {$result}"; } if ($user->fax != "" && ($result = validate($user->fax, "phonenumber", 45)) !== true) { $errorText .= "<LI>Your fax number is {$result}"; } } if ($errorText == "") { $query = $db->Query("SELECT * FROM onlineuser WHERE email='" . $db->Escape($user->email) . "' AND onlineuserid!='" . $user->onlineuserId . "' LIMIT 1"); if ($db->Rows() > 0) { $errorText .= "<LI>The email address you have entered is taken"; } else { $_SESSION["onlineuser"] = $user; $user->Save(); header("Location: {$adminUrl}"); exit; } } $errorText = "<ul>" . $errorText . "</ul>"; } require "top.php"; ?> <form action="user_profile.php" method="POST">
<?php require "common_all.php"; $id = (int) $_GET["id"]; $member = new Spotlight(); $member = $member->Get($id); if ($member->spotlightId == 0) { // pull latest out of db $db = new DatabaseConnection(); $result = $db->Query("SELECT spotlightid FROM spotlight ORDER BY dt_created DESC LIMIT 1"); if ($db->Rows() == 1) { $qr = mysql_fetch_row($result); $member = $member->Get($qr[0]); } else { header("Location: index.php"); exit; } } require "top_wide.php"; ?> <link rel=stylesheet href="css/platinum.css" type="text/css"> <img src="logos/<?php echo $member->logo; ?> " width="<?php echo $platinumImageWidth; ?> " height="<?php echo $platinumImageHeight; ?> " class="topimageleft">
function getCVId() { $db = new DatabaseConnection(); $result = $db->Query("select cvid from `cv` where onlineuser_onlineuserid='" . $this->onlineuserId . "'"); return $db->Result(0, "cvid"); }
} if (($result = validate($telephone, "phonenumber", 45)) !== true) { $errorText .= "<LI>Your telephone number is {$result}"; } if ($fax != "" && ($result = validate($fax, "phonenumber", 45)) !== true) { $errorText .= "<LI>Your fax number is {$result}"; } } if (($result = validate($password, "password", 45, 6)) !== true) { $errorText .= "<LI>Your password is {$result}"; } if ($_POST["readTerms"] != "on") { $errorText .= "<LI>Please read the terms and then tick the box to proceed"; } if ($errorText == "") { $query = $db->Query("SELECT * FROM onlineuser WHERE email='" . $db->Escape($email) . "' LIMIT 1"); if ($db->Rows() > 0) { $errorText .= "<LI>The email address you have entered is taken"; } else { $user = new OnlineUser($email, $first_name, $last_name, $password, $address1, $address2, $address3, $postcode, $telephone, $fax, '', 'temp'); if (isSuperUser(false) && $status != "") { $user->user_status = $status; } $userId = $user->Save(); $user = $user->Get($userId); $created = strtotime($user->dt_created); $mail = new Emailer(); $mail->setTo($email); $mail->setFrom($configuration["fromEmail"]); $mail->setSubject("Fastfoodjobsuk Registration"); $url = "http://www.fastfoodjobsuk.co.uk/register_activate.php?email={$email}&code={$created}";
<?php require "common_all.php"; if (isset($_POST["email"])) { $db = new DatabaseConnection(); $results = $db->Query("SELECT * FROM onlineuser WHERE email='" . $db->Escape($_POST["email"]) . "' AND pass_word=PASSWORD('" . $db->Escape($_POST["password"]) . "')"); if ($db->Rows() != null) { $user = new OnlineUser(); $user = $user->populate($db); // are they active? $status = $user->user_status; switch ($status) { case "temp": header("Location: register_activate.php"); exit; break; case "disabled": header("Location: logout.php"); exit; break; } $_SESSION["onlineuser"] = $user; //proceed to loged in page if (isSuperUser(false)) { header("Location: admin_account.php"); exit; } else { if (isset($_SESSION["redirect"]) || isset($_POST["redirect"])) { $url = isset($_SESSION["redirect"]) ? $_SESSION["redirect"] : $_POST["redirect"]; unset($_SESSION["redirect"]); header("Location: {$url}");
/** * Deletes a list of objects that match given conditions * @param multidimensional array {("field", "comparator", "value"), ("field", "comparator", "value"), ...} * @param bool $deep * @return */ function DeleteList($fcv_array) { if (sizeof($fcv_array) > 0) { $Database = new DatabaseConnection(); $pog_query = "delete from `news` where "; for ($i = 0, $c = sizeof($fcv_array); $i < $c; $i++) { if (sizeof($fcv_array[$i]) == 1) { $pog_query .= " " . $fcv_array[$i][0] . " "; continue; } else { if ($i > 0 && sizeof($fcv_array[$i - 1]) !== 1) { $pog_query .= " AND "; } if (isset($this->pog_attribute_type[$fcv_array[$i][0]]) && $this->pog_attribute_type[$fcv_array[$i][0]][0] != 'NUMERIC' && $this->pog_attribute_type[$fcv_array[$i][0]][0] != 'SET') { $pog_query .= "`" . $fcv_array[$i][0] . "` " . $fcv_array[$i][1] . " '" . $Database->Escape($fcv_array[$i][2]) . "'"; } else { $pog_query .= "`" . $fcv_array[$i][0] . "` " . $fcv_array[$i][1] . " '" . $fcv_array[$i][2] . "'"; } } } return $Database->Query($pog_query); } }
$emailMessage .= "{$job_contact_email}\n\n"; $emailMessage .= "None of your contact details have been revealed\n"; $emailMessage .= "and it is totally up to you if you wish to make\n"; $emailMessage .= "contact with the interested employer.\n\n"; $emailMessage .= "Regards,\n\n"; $emailMessage .= "The Fast Food Jobs Team\n\n"; $emailMessage .= "Tel: 0845 644 8252\n"; $emailMessage .= "*****@*****.**"; return $emailMessage; } $cvid = (int) $_GET["cvid"]; if ($cvid == "") { $cvid = (int) $_POST["cvid"]; } $db = new DatabaseConnection(); $results = $db->Query("SELECT first_name, last_name, email FROM cv WHERE cvid='{$cvid}'"); if ($db->Rows() <= 0) { // possibly post/get data has been tampered with // you should always get 1 row back with this query exit; } $data = mysql_fetch_row($results); $cv_first_name = $data[0]; $cv_last_name = $data[1]; $cv_email = $data[2]; if ((bool) $_POST["submitting"]) { $jobId = (int) $_POST["jobIds"]; $queryJob = $db->Query("SELECT contact_email FROM job WHERE jobid='{$jobId}'"); if ($db->Rows() <= 0) { // shouldn't really ever get here exit;