function GetProfileTimelineEvents($username)
{
$dbh = SqlConnect();
$stmt = $dbh->prepare("SELECT from_unixtime(entrydate,\n get_format(datetime, 'ISO')) AS start,\n CONCAT(p.firstname, ': ', title) AS title,\n description,\n 'false' AS durationEvent,\n CONCAT('http://saalonmuyo.com/viewprofile.php?user='******':username', $username);
if ($stmt->execute()) {
return $stmt->fetchAll();
} else {
return '';
}
}
function SaveError($ip, $email, $browser)
{
SqlConnect();
$numbererrors = mysql_query("SELECT emailaddress FROM login_errors WHERE emailaddress='{$email}' AND logged is null ");
if (mysql_num_rows($numbererrors) < MAX_LOGIN) {
mysql_query("insert into login_errors (date,ipaddress,emailaddress,browser) values (now(),'{$ip}','{$email}','{$browser}')");
} else {
mysql_query("insert into login_errors (date,ipaddress,emailaddress,browser) values ('{$date}','{$ip}','{$email}','{$browser}')");
global $myErrorsToEmailAddress, $myServerEmailAddress;
mail_to($myServerEmailAddress, $myErrorsToEmailAddress, '3 errors logged', 'the email address ' . $email . ' has tried to login ' . mysql_num_rows($numbererrors) . ' times');
//$a=mail(EMAILLOGERRORS,'3 errors logged ', 'the email address '.$email.' has tried to login '.mysql_num_rows($numbererrors).' times');
mysql_query("UPDATE login_errors SET logged=1 WHERE emailaddress = '{$email}'");
}
mysql_close();
}
<?php
require_once 'classes/errors.php';
require_once 'functions/global.php';
require_once 'classes/user.php';
SqlConnect();
$user = new User();
$verifier = $_GET['v'];
$valid = false;
$allowchange = false;
$ans1 = $_POST['answer1'];
$ans2 = $_POST['answer2'];
if (isset($_POST['newpass'])) {
$user->changePassword($verifier, $_POST['newpass']);
header("Location: login.php");
}
if ($verifier != "") {
$user = $user->GetUserByValidationCode($verifier);
if ($user != null) {
$valid = true;
if (isset($_POST['answer1'])) {
if ($user->checkSecurityQuestionOne($verifier, $ans1)) {
$allowchange = true;
} else {
//echo ('sec 1 is not valid');
}
}
if (!$allowchange && isset($_POST['answer2'])) {
if ($user->checkSecurityQuestionTwo($verifier, $ans2)) {
$allowchange = true;
} else {
function SubmitTimelineEntry($username, $title, $description, $entrydate)
{
$success = false;
$dbh = SqlConnect();
$stmt = $dbh->prepare('INSERT INTO timeline
(userid, profileid, title, description, entrydate)
VALUES ( (SELECT userid FROM users u WHERE username = :username),
(SELECT p.profileid FROM profiles p JOIN users u ON p.userid = u.userid WHERE u.username = :username),
:title,
:description,
:entrydate)');
$stmt->bindParam(':username', $username);
$stmt->bindParam(':title', $title);
$stmt->bindParam(':description', $description);
$stmt->bindParam(':entrydate', $entrydate);
if ($stmt->execute()) {
$success = true;
}
return $success;
}
