function update_log($m_id, $answer)
{
$sex = getNewLogSex($m_id, $answer);
$db = new mydb();
$query = "insert into log (m_id, sex) values(\$1, \$2)";
$result = $db->query($query, array($m_id, $sex), "setlog");
}
function get_questions_with_search($search)
{
$db = new mydb();
$query = "select c.id, c.date, c.content, m.login_name from crystal c, member m where c.m_id = m.id and c.content like \$1";
$result = $db->query($query, array("%" . $search . "%"), "search");
return $result;
}
function get_my_answers($id)
{
$db = new mydb();
$query = "select q.id as q_id, q.content, c.choice, c.answer from crystal q, answer a, choices c where a.q_id = q.id and a.answer = c.id and a.m_id = \$1";
$result = $db->query($query, array($id), "getans");
return $result;
}
function get_choices($id)
{
$db = new mydb();
$query = "select * from choices c where c.q_id = \$1";
$result = $db->query($query, array($id), "choices");
return $result;
}
public static function getInstance()
{
if (self::$instance == NULL) {
self::$instance = new self();
}
return self::$instance;
}
function getNewLogSex($id, $n)
{
$db = new mydb();
$query = "select c.answer from answer a, choices c where a.m_id = \$1 and c.id = a.answer";
$result = $db->query($query, array($id), "getNewLogSex");
$num = pg_num_rows($result);
$sum = 0;
if ($num == 0) {
return "1000";
}
for ($i = 0; $i < $num; $i++) {
$row = pg_fetch_assoc($result, $i);
$sum += intval($row['answer']);
}
$sum += $n;
return $sum / ($num + 1);
}
public static function cxn()
{
if (!self::$_connection) {
/*********************************************************************/
/*************<< Specify the LIVE dB or the DEV dB >>*****************/
/*********************************************************************/
//$mode = $_SESSION['production_mode']; // Either "live" or "dev", defined in "includes/constants.php"
$mode = "live";
switch ($mode) {
case "live":
$host = "raprecsiskiyou.db.4665018.hostedresource.com";
// LIVE
$user = "******";
// LIVE
$passwd = "Tr1ckyStats";
// LIVE
$database = "raprecsiskiyou";
// LIVE
$port = 65536;
// LIVE
break;
case "amazon":
$host = "aatn7x1ex5ss96.cxttuzijpd1s.us-west-2.rds.amazonaws.com:3306";
// LIVE
$user = "******";
// LIVE
$passwd = "Tr1ckyStats";
// LIVE
$database = "raprecsiskiyou";
// LIVE
$port = 3306;
// LIVE
break;
case "dev":
default:
$host = "localhost";
// DEV
//$host = "127.0.0.1"; // DEV
$user = "******";
// DEV
$passwd = "Tr1ckyStats";
// DEV
$database = "raprecsiskiyou";
// DEV
break;
}
//end switch
// Using mysqli (PHP 5)
self::$_connection = new mysqli($host, $user, $passwd, $database);
/* Check Connection */
if (self::$_connection->connect_error) {
printf("Database connect failed: %s\n", mysqli_connect_error());
exit;
}
}
return self::$_connection;
}
function next_photo()
{
// Find the ID of the next photo to use
$query = "SELECT id FROM photo_of_the_week ORDER BY last_date_used,id LIMIT 1";
$result = mydb::cxn()->query($query);
$row = $result->fetch_assoc();
$next_photo_id = $row['id'];
$query = "UPDATE photo_of_the_week SET last_date_used = curdate() where id = " . $next_photo_id;
$result = mydb::cxn()->query($query);
}
public function exists($id = false)
{
if (is_numeric($id)) {
mydb::cxn()->query('SELECT count(*) FROM scheduled_courses WHERE id = ' . $id);
if (mydb::cxn()->affected_rows >= 1) {
return 1;
}
} else {
return 0;
}
}
function get_chuck_norris_fact()
{
//require_once("scripts/connect.php");
//$dbh = connect();
$query = "SELECT MAX(id) as max, MIN(id) as min from chuck_norris_facts";
$result = mydb::cxn()->query($query);
$row = $result->fetch_assoc();
$min_id = $row['min'];
$max_id = $row['max'];
$id = rand($min_id, $max_id);
$query = "SELECT fact FROM chuck_norris_facts WHERE id LIKE '" . $id . "'";
$result = mydb::cxn()->query($query);
$row = $result->fetch_assoc();
echo $row['fact'];
}
function check_hrap($hrap_id)
{
// This function will accept an INTEGER and check for a corresponding HRAP ID in the database (hraps.id).
// If the requested hrap exists, the function returns the rappeller's full name (as a string).
// If the requested hrap does not exist, or a non-integer value is passed, return 0
if (is_numeric($hrap_id) && intval($hrap_id) == floatval($hrap_id)) {
//Match an integer value
$query = "SELECT firstname, lastname FROM hraps WHERE id = " . $hrap_id;
$result = mydb::cxn()->query($query);
if (mydb::cxn()->affected_rows > 0) {
$row = $result->fetch_assoc();
return $row['firstname'] . " " . $row['lastname'];
}
}
return 0;
}
function is_valid($year)
{
//Check to see if a given year is present in the database
// Return 1 if given year is valid
// Return 0 otherwise
$result = mydb::cxn()->query("SELECT DISTINCT year FROM roster");
if (mydb::cxn()->error != '') {
die("Retrieving valid YEARs failed: " . mydb::cxn()->error . "<br>\n" . $query);
}
while ($row = $result->fetch_assoc()) {
if ($row['year'] == $year) {
return 1;
}
}
return 0;
//Year is NOT valid or else function would have returned 1 by now
}
function build_auth_info_array()
{
global $auth_info;
$query = "SELECT id, username, real_name, access_level FROM authentication WHERE 1 ORDER BY username";
$result = mydb::cxn()->query($query) or die("Error retrieving usernames for edit_user list: " . mydb::cxn()->error);
//Build a local array of access privileges for each user
$access_levels = array('account_management', 'backup_restore', 'roster', 'edit_phonelist', 'inventory', 'edit_incidents', 'budget_helper', 'budget_helper_admin', 'flight_hours', 'crew_status', 'photos', 'update_jobs', 'order_apparel', 'manage_apparel');
while ($row = $result->fetch_assoc()) {
$auth_info[$row['id']] = array('username' => $row['username'], 'real_name' => $row['real_name'], 'id' => $row['id']);
foreach ($access_levels as $area) {
if (strpos($row['access_level'], $area) !== false) {
$auth_info[$row['id']][$area] = 1;
} else {
$auth_info[$row['id']][$area] = 0;
}
}
}
}
public static function cxn()
{
if (!self::$_connection) {
/*********************************************************************/
/*************<< Specify the LIVE dB or the DEV dB >>*****************/
/*********************************************************************/
$mode = 2;
// 1 = LIVE, 2 = DEV
switch ($mode) {
case 1:
$host = "siskiyou_general.db.4665018.hostedresource.com";
// LIVE
$user = "******";
// LIVE
$passwd = "Siskiyou09";
// LIVE
$database = "siskiyou_general";
// LIVE
$port = 65536;
// LIVE
break;
case 2:
default:
$host = "localhost";
// DEV
$user = "******";
// DEV
$passwd = "Siskiyou09";
// DEV
$database = "siskiyou_general";
// DEV
break;
}
//end switch
// Using mysqli (PHP 5)
self::$_connection = new mysqli($host, $user, $passwd, $database);
/* Check Connection */
if (self::$_connection->connect_error) {
printf("Database connect failed: %s\n", mysqli_connect_error());
exit;
}
}
return self::$_connection;
}
function update_rss_feed()
{
$description_length = 300;
$title_length = 40;
$num_entries = 4;
// The number of blog entries to include in the RSS feed
$query = "SELECT name, unix_timestamp(date) as date, status FROM current_sticky WHERE 1";
$result = mydb::cxn()->query($query);
$sticky = $result->fetch_assoc();
$query = "SELECT name, unix_timestamp(date) as date, status FROM current ORDER BY date DESC LIMIT " . $num_entries;
$result = mydb::cxn()->query($query);
$rss = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n\n" . "<rss version=\"2.0\" xmlns:atom=\"http://www.w3.org/2005/Atom\">\n" . "<channel>\n\n" . "<title>SRC - Crew Status</title>\n" . "<link>http://www.siskiyourappellers.com/current.php</link>\n" . "<description>\n" . "\tThe Crew Status Page provides information on the whereabouts of crewmembers\n" . "\tand the various projects that we're currently working on.\n" . "</description>\n\n" . "<atom:link href=\"http://www.siskiyourappellers.com/rss.php\" rel=\"self\" type=\"application/rss+xml\" />\n" . "<lastBuildDate>" . date("r") . "</lastBuildDate>\n" . "<language>en-us</language>\n\n";
//Post the "sticky" content at the top of the RSS Feed
if (strlen($sticky['status']) > 0) {
if (strlen($sticky['status']) > $title_length) {
$content_title = substr($sticky['status'], 0, $title_length) . "...";
} else {
$content_title = $sticky['status'];
}
$timestamp_sticky = date("r", $sticky['date']);
$timestamp_title = date("M jS", $sticky['date']);
$rss .= "<item>\n" . "<title>[!] " . $content_title . "</title>\n" . "<link>http://www.siskiyourappellers.com/current.php</link>\n" . "<guid>http://www.siskiyourappellers.com/current.php?id=" . $sticky['date'] . "</guid>\n" . "<pubDate>" . $timestamp_sticky . "</pubDate>\n" . "<description>" . $sticky['status'] . "</description>\n" . "</item>\n\n";
}
//Add the most recent updates to the RSS feed
while ($row = $result->fetch_assoc()) {
//Replace <br> with a single space - " "
$status = str_replace(array("<br>", "<br />", "<BR>", "<BR />"), " ", $row['status']);
//Generate a Title for this update
if (strlen($status) > $title_length) {
$content_title = substr($status, 0, $title_length) . "...";
} else {
$content_title = $status;
}
//Format the date strings
$timestamp_status = date("r", $row['date']);
$timestamp_title = date("M jS", $row['date']);
$rss .= "<item>\n" . "<title>[" . $timestamp_title . "] " . $content_title . "</title>\n" . "<link>http://www.siskiyourappellers.com/current.php</link>\n" . "<guid>http://www.siskiyourappellers.com/current.php?id=" . $row['date'] . "</guid>\n" . "<pubDate>" . $timestamp_status . "</pubDate>\n" . "<description>" . $status . "</description>\n" . "</item>\n\n";
}
// END WHILE
$rss .= "</channel>\n" . "</rss>\n";
//Open the rss.xml file for writing
$rss_file = fopen("../rss.xml", "w");
fwrite($rss_file, $rss);
}
function set($var, $value)
{
// This function handles a SPECIAL CASE where the use_offset is queried for a ROPE object. This is special because a ROPE has a different use_offset
// for each end (end 'a' and end 'b'), which are serialized into a single STRING value for database storage.
// If this set function is called and the special case does not apply, the 'set' function in the parent class will be invoked.
$value = strtolower(mydb::cxn()->real_escape_string($value));
switch ($var) {
case 'use_offset':
if ($value == "") {
$this->use_offset = 'a0,b0';
} elseif (preg_match('/\\ba\\d{1,3},b\\d{1,3}\\b/', $value) != 1) {
throw new Exception('The USE OFFSET for a rope must include both the \'A\' end and the \'B\' end.');
} else {
$this->use_offset = $value;
}
case 'use_offset_a':
if ($value == "") {
$this->use_offset = 'a0,b0';
}
if ($this->var_is_int($value) && $value >= 0) {
$this->use_offset = 'a' . $value . ',b' . $this->get_use_offset('b');
} else {
throw new Exception('The use-offset for end \'A\' must be a number greater than or equal to zero.');
}
break;
case 'use_offset_b':
if ($this->var_is_int($value) && $value >= 0) {
$this->use_offset = 'a' . $this->get_use_offset('a') . ',b' . $value;
} else {
throw new Exception('The use-offset for end \'B\' must be a number greater than or equal to zero.');
}
break;
default:
parent::set($var, $value);
}
// End: switch()
}
function update_or_insert_paycheck($year, $payperiod, $person_id, $status)
{
//This function will change the STATUS of a specific paycheck.
//Sanitize inputs
$year = mydb::cxn()->real_escape_string($year);
$payperiod = mydb::cxn()->real_escape_string($payperiod);
$person_id = mydb::cxn()->real_escape_string($person_id);
$status = mydb::cxn()->real_escape_string($status);
//Check to see if this paycheck is already in the database
$query = "\tSELECT id FROM paychecks\n\t\t\t\t\tWHERE \tpaychecks.year = " . $year . "\n\t\t\t\t\tAND\t\tpaychecks.payperiod = " . $payperiod . "\n\t\t\t\t\tAND\t\tpaychecks.crewmember_id = " . $person_id;
$result = mydb::cxn()->query($query);
$row = $result->fetch_assoc();
echo $query . "<br /><br />\n\n";
if ($result->num_rows > 0) {
// This paycheck is already in the database. UPDATE the status.
$query = "UPDATE paychecks SET status = " . $status . " WHERE id = " . $row['id'];
$result = mydb::cxn()->query($query);
} else {
// This paycheck is NOT in the database. INSERT it with the requested status.
$query = "\tINSERT INTO paychecks (year,payperiod,crewmember_id,status)\n\t\t\t\t\t\tvalues(" . $year . "," . $payperiod . "," . $person_id . "," . $status . ")";
$result = mydb::cxn()->query($query);
}
echo $query . "\n\n" . mydb::cxn()->error;
}
<!DOCTYPE html>
<?php
include_once dirname(__FILE__) . "/functions/inc/mydb.inc.php";
$db = new mydb();
$categorias = $db->consulta("SELECT * FROM categoria_producto WHERE idioma_id=1 AND catp_eliminado=0 AND catp_publicado=1");
?>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<title>Texur</title>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href="global/css/bootstrap.min.css" rel="stylesheet">
<!-- <link href="//netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.min.css" rel="stylesheet">
<!--[if lt IE 9]>
<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<link href="global/css/styles.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-fixed-top" style="background-color:#0A376E;color:#b2aa00;">
<div class="container">
<div class="navbar-header">
<a class="navbar-brand " href="index.html" > <b>Home</b>
</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li><a href="#">Cursos/Tutoriales</a></li>
<li><a href="#">Manuales</a></li>
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE pedido SET pedido_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE pedido_id=" . $_GET["id"]);
$db->rawData("UPDATE reclamo SET reclamo_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE pedido_id=" . $_GET["id"]);
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$rs = $db->consulta("SELECT * FROM imagen_curso WHERE ic_id=" . $_GET["id"]);
$db->rawData("DELETE FROM imagen_curso WHERE ic_id=" . $_GET["id"]);
if (file_exists(dirname(dirname(dirname(dirname(__FILE__)))) . "/img/curso/" . $rs[0]["ic_imagen"])) {
unlink(dirname(dirname(dirname(dirname(__FILE__)))) . "/img/curso/" . $rs[0]["ic_imagen"]);
}
header("Location:../../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "" && trim($_POST["descripcion"]) != "" && $_POST["categoria"] != 0) {
$img_del = "";
if ($_POST["elim_img"] == 1) {
$img_del = ",prod_foto='' ";
$rs = $db->consulta("SELECT * FROM producto WHERE prod_id=" . $_POST["id"]);
if (file_exists(dirname(dirname(dirname(__FILE__))) . "/img/producto/" . $rs[0]["prod_foto"])) {
unlink(dirname(dirname(dirname(__FILE__))) . "/img/producto/" . $rs[0]["prod_foto"]);
}
}
$db->rawData("UPDATE producto SET prod_nombre='" . addslashes($_POST["nombre"]) . "'," . "prod_descripcion='" . addslashes($_POST["descripcion"]) . "'," . "catp_id=" . $_POST["categoria"] . "," . "prod_destacado=" . $_POST["destacada"] . ",prod_keywords='" . addslashes($_POST["palabras_clave"]) . "'" . ",prod_publicado=" . addslashes($_POST["publicada"]) . " " . $img_del . " " . "WHERE prod_id=" . $_POST["id"]);
if ($_FILES["imagen"]["size"] > max_upload_file_size()) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["imagen"]["name"] != "" && in_array($_FILES["imagen"]["type"], $formatos_img)) {
$ext = obtenerExtension($_FILES["imagen"]["name"]);
move_uploaded_file($_FILES["imagen"]["tmp_name"], $conf->getRoot() . "/img/producto/" . $_POST["id"] . "." . $ext);
$db->rawData("UPDATE producto SET prod_foto='" . $_POST["id"] . "." . $ext . "' WHERE prod_id=" . $_POST["id"]);
} else {
if ($_FILES["imagen"]["name"] != "") {
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("DELETE FROM video_curso WHERE vc_id=" . $_GET["id"]);
header("Location:../../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE usuario_sitio SET usw_eliminado={$_SESSION["usuario_gestor"]["us_id"]},usw_fecha_baja='" . date("Y-m-d H:i:s") . "' WHERE usw_id=" . $_GET["id"]);
$db->rawData("UPDATE direccion_envio SET dire_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE usw_id=" . $_GET["id"]);
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
function get_incidents($crewmember_id = -1)
{
// Build a database query based on a user-specified sort field
// Run display_inv to step through each row and display the inventory data
$query = "\tSELECT\tincidents.idx,\n\t\t\t\t\tunix_timestamp(incidents.date) as date,\n\t\t\t\t\tincidents.event_type,\n\t\t\t\t\tincidents.number,\n\t\t\t\t\tincidents.name,\n\t\t\t\t\tincidents.code,\n\t\t\t\t\tincidents.override,\n\t\t\t\t\tincidents.size,\n\t\t\t\t\tincidents.type,\n\t\t\t\t\tincidents.fuel_models,\n\t\t\t\t\tincidents.description,\n\t\t\t\t\tincidents.latitude_degrees,\n\t\t\t\t\tincidents.latitude_minutes,\n\t\t\t\t\tincidents.longitude_degrees,\n\t\t\t\t\tincidents.longitude_minutes\n\t\t\tFROM incidents\n\t\t\tWHERE year(date) = '" . $_SESSION['incident_year'] . "'";
$sort_by = $_SESSION['sort_view_by'];
switch ($sort_by) {
case "number":
$query .= " ORDER BY number, date";
break;
case "name":
$query .= " ORDER BY name, number, date";
break;
case "override":
$query .= " ORDER BY override, number, date";
break;
case "event_type":
$query .= " ORDER BY event_type, number, date";
break;
case "date":
default:
$query .= " ORDER BY date, number";
$_SESSION['sort_view_by'] = "date";
break;
}
$result = mydb::cxn()->query($query) or die("dB query failed (Retrieving incidents): " . mydb::cxn()->error);
$incident_array = array();
$i = 0;
while ($row = $result->fetch_assoc()) {
$query2 = "\tSELECT CONCAT(crewmembers.firstname,' ',crewmembers.lastname) AS name, crewmembers.id\n\t\t\t\t\tFROM crewmembers\tINNER JOIN incident_roster\tON crewmembers.id = incident_roster.crewmember_id\n\t\t\t\t\t\t\t\t\t\tINNER JOIN incidents\t\tON incident_roster.idx = incidents.idx\n\t\t\t\t\tWHERE incident_roster.idx LIKE '" . $row['idx'] . "' ORDER BY name";
$result2 = mydb::cxn()->query($query2) or die("dB query failed (Retrieving incident_roster): " . mydb::cxn()->error);
//If a specific crewmember has been specified, only return incidents where that crewmember was present
if ($crewmember_id != -1) {
$searching = 1;
} else {
$searching = 0;
}
$found = 0;
while ($roster_row = $result2->fetch_assoc()) {
$one_incident_roster[] = $roster_row['name'];
if ($crewmember_id == $roster_row['id']) {
$found = 1;
}
}
if (!$searching || $searching && $found) {
$incident_array[$i] = $row;
$incident_array[$i]['roster'] = $one_incident_roster;
$i++;
}
$one_incident_roster = array();
}
return $incident_array;
}
<?php
//$shopnr = $_GET['Shop'];
$shopnr = '';
include_once "conf{$shopnr}.php";
include_once "error.php";
//Fehlerinstanz
$api = php_sapi_name();
$err = new error($api);
include_once "dblib.php";
include_once "pepper.php";
include_once "erplib.php";
$erpdb = new mydb($ERPhost, $ERPdbname, $ERPuser, $ERPpass, $ERPport, 'pgsql', $err, $debug);
$shopdb = new mydb($SHOPhost, $SHOPdbname, $SHOPuser, $SHOPpass, $SHOPport, 'mysql', $err, $debug);
$sql = "SELECT * FROM custom_variable_configs WHERE name = 'pepperkunde'";
$rs = $erpdb->getOne($sql);
if (isset($rs['id'])) {
$cvarid = $rs['id'];
} else {
exit;
}
$sql = "SELECT k_ID,Kunden_NR FROM kunde WHERE Kunden_NR != '0'";
$kunden = $shopdb->getAll($sql);
$sqlkdnr = "SELECT id FROM customer WHERE customernumber = '%s' ";
$sqldel = "DELETE FROM custom_variables WHERE config_id={$cvarid} AND trans_id=";
$sqlins = "INSERT INTO custom_variables (config_id,trans_id,text_value) VALUES ({$cvarid},%d,'%s')";
$i = 0;
if ($kunden) {
foreach ($kunden as $nr) {
$rs = $erpdb->getOne(sprintf($sqlkdnr, $nr['kunden_nr']));
if (isset($rs['id'])) {
private function rappel_id_exists($rappel_id = false)
{
// Check for the requested rappel_id in the database
// Return values: true : The specified rappel_id is NOT found in the database
// false : The specified rappel_id was found (already exists)
if (!$rappel_id) {
return false;
}
$query = "SELECT id FROM rappels WHERE id = " . $rappel_id;
$result = mydb::cxn()->query($query);
if (mydb::cxn()->affected_rows > 0) {
return true;
} else {
return false;
}
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE pagina SET pagina_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE pagina_id=" . $_GET["id"]);
$rs = $db->consulta("SELECT * FROM pagina WHERE pagina_id=" . $_GET["id"]);
if (file_exists(dirname(dirname(dirname(__FILE__))) . "/img/pagina/" . $rs[0]["pagina_foto"])) {
unlink(dirname(dirname(dirname(__FILE__))) . "/img/pagina/" . $rs[0]["pagina_foto"]);
}
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<body>
<div id="wrapper" style="height:170px; min-height:170px; width:900px;">
<div id="banner">
<a href="http://www.siskiyourappellers.com/training" style="display:block; width:900px; height:75px; padding:0;"><img src="images/banner_index2.jpg" style="border:none" alt="Scroll down..." /></a>
</div>
</div>
<div id="wrapper" style="width:95%;">
<div id="content" style="text-align:center">
<?php
echo "<br /><h2 style=\"font-size:1.7em;\">Upcoming Courses</h2>\n" . "<table style=\"font-size:1.5em; margin:0 auto 0 auto;\">\n" . "<tr><th>Start Date</th><th>Course</th><th>Student</th><th>Status</th></tr>\n";
$query = "SELECT\n\t\t\t scheduled_courses.id,\n\t\t\t scheduled_courses.name as course_name,\n\t\t\t scheduled_courses.date_start,\n\t\t\t scheduled_courses.date_end,\n\t\t\t CONCAT(people.firstname,' ',people.lastname) as student,\n\t\t\t enrollment.status\n\t\t\t \n\t\t\t FROM\n\t\t\t scheduled_courses INNER JOIN enrollment\n\t\t\t ON enrollment.scheduled_course_id = scheduled_courses.id\n\t\t\t INNER JOIN people on people.id = enrollment.student_id\n\t\t\t \n\t\t\t WHERE\n\t\t\t scheduled_courses.date_end >= CURDATE()";
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != '') {
throw new Exception('There was a problem retrieving enrolled courses for this crew');
}
$last_course_id = -1;
$row_class = 'evn';
while ($row = $result->fetch_assoc()) {
if ($row['id'] == $last_course_id) {
echo "<tr class=\"" . $row_class . "\"><td colspan=\"2\"> </td>";
} else {
if ($row_class == 'evn') {
$row_class = 'odd';
} else {
$row_class = 'evn';
}
echo "<tr class=\"" . $row_class . "\"><td>" . $row['date_start'] . "</td>" . "<td>" . $row['course_name'] . "</td>";
}
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$_SESSION["campos"] = $_POST;
if (trim($_POST["nombre"]) != "" && trim($_FILES["archivo"]["name"]) != "" && trim($_POST["curso"]) != "") {
$db->rawData("INSERT INTO archivo_curso (ac_archivo,ac_descripcion,curso_id,ac_nombre)" . " VALUES ('','" . addslashes($_POST["descripcion"]) . "'," . $_POST["curso"] . ",'" . addslashes($_POST["nombre"]) . "')");
$id_max = $db->consulta("SELECT * FROM archivo_curso WHERE 1 ORDER BY ac_id DESC LIMIT 1");
if ($_FILES["archivo"]["size"] > max_upload_file_size()) {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["archivo"]["name"] != "") {
$ext = obtenerExtension($_FILES["archivo"]["name"]);
move_uploaded_file($_FILES["archivo"]["tmp_name"], $conf->getRoot() . "/archivos/curso/" . $id_max[0]["ac_id"] . "." . $ext);
$db->rawData("UPDATE archivo_curso SET ac_archivo='" . $id_max[0]["ac_id"] . "." . $ext . "' WHERE ac_id=" . $id_max[0]["ac_id"]);
} else {
if ($_FILES["archivo"]["name"] != "") {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=2");
die;
}
}
unset($_SESSION["campos"]);
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=3");
die;
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "") {
$img_del = "";
if ($_POST["elim_img"] == 1) {
$img_del = ",marca_foto='' ";
$rs = $db->consulta("SELECT * FROM marca WHERE marca_id=" . $_POST["id"]);
if (file_exists(dirname(dirname(dirname(__FILE__))) . "/img/marca/" . $rs[0]["marca_foto"])) {
unlink(dirname(dirname(dirname(__FILE__))) . "/img/marca/" . $rs[0]["marca_foto"]);
}
}
$db->rawData("UPDATE marca SET marca_nombre='" . addslashes($_POST["nombre"]) . "' " . $img_del . " WHERE marca_id=" . $_POST["id"]);
if ($_FILES["imagen"]["size"] > max_upload_file_size()) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["imagen"]["name"] != "" && in_array($_FILES["imagen"]["type"], $formatos_img)) {
$ext = obtenerExtension($_FILES["imagen"]["name"]);
move_uploaded_file($_FILES["imagen"]["tmp_name"], $conf->getRoot() . "/img/marca/" . $_POST["id"] . "." . $ext);
$db->rawData("UPDATE marca SET marca_foto='" . $_POST["id"] . "." . $ext . "' WHERE marca_id=" . $_POST["id"]);
} else {
if ($_FILES["imagen"]["name"] != "") {
