/**
* Function to login for the admin
* Function return true if the admin
* is successfully identified using provided
* username and password, Otherwise return false.
*
* @param $username
* @param $password
* @return true if successful login, otherwise false.
*/
function login($username, $password)
{
$mysqli = connecttoMysql();
$username = sanitise($username, 40);
$password = sanitise($password, 40);
//$password = sha1($password);
$result = false;
//check if there is an error connecting to database
if ($mysqli->connect_errno) {
echo "Failed to connect to MySql:-> " . $mysqli->connect_error;
}
/* Create and execute statement to get the result set/Statement Object */
if ($stmt = $mysqli->query("SELECT username, password FROM users WHERE username = '******' AND password = '******'")) {
//iterator to match the results
while ($row = $stmt->fetch_array(MYSQLI_ASSOC)) {
if ($row['username'] == $username && $row['password'] == $password) {
$result = true;
break;
}
}
} else {
echo "Error -> " . $mysqli->error;
$result = false;
}
$mysqli->close();
return $result;
}
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$account = sanitise('account');
$query = "INSERT INTO accounts (UserID, AccountName) VALUES ('{$user}', '{$account}')";
mysql_query($query) or die(mysql_error());
accountList($user);
accountForm();
} else {
loginform();
}
<?php
include_once '../functions.php';
checklogin();
opendb();
if ($loggedin == 1) {
$label = sanitise('label');
//Need a long list of colours!
$colourarray = array('#A00', '#0A0', '#565600', '#00A', '#0F7DEE');
$query = "SELECT * FROM labels WHERE UserID='{$user}'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
foreach ($colourarray as $key => $colour) {
if ($row['Colour'] == $colour) {
$colourarray[$key] = NULL;
}
}
}
foreach ($colourarray as $key => $colour) {
if ($pickedcolour == NULL) {
if ($colour != NULL) {
$pickedcolour = $colour;
}
}
}
$query = "INSERT INTO labels (LabelName, Colour, UserID) VALUES ('{$label}', '{$pickedcolour}', '{$user}')";
mysql_query($query) or die(mysql_error());
labellist($user);
} else {
loginform();
}
<?php
include_once 'functions.php';
checklogin();
if ($loggedin == 0) {
$email = sanitise('email', 'p');
$query = "SELECT * FROM users WHERE Email='{$email}'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
$UserID = $row['UserID'];
$key = $row['ValidationKey'];
if ($row['Validated'] == 0) {
resendvalidationkey($email, $key, $UserID);
$msg .= "We've resent your validation link to your email address. Make sure you check your spam folder too. ";
} else {
$msg .= "You've already validated your account, try logging in instead ";
}
} elseif (mysql_num_rows($result) > 1) {
$msg .= "We couldn't find your email on file. Are you sure you've registered? ";
}
}
include 'index.php';
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
$index = sanitise("i");
echo "<select id='otherparty' name='otherparty'>";
$query = "SELECT * FROM accounts WHERE UserID='{$user}' AND Archived='0' ORDER BY AccountName ASC";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
echo "<option value='ThisAccount" . $row['AccountID'] . "'>" . stripslashes($row['AccountName']) . "</option>";
}
echo "</select><span onclick=\"otherParty(" . $index . ")\" class='clickable'>Not between accounts?</span>";
$data = htmlspecialchars($data);
return $data;
}
require_once "settings.php";
//connection info
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "team_series";
//check whether the form fields in the register form are set
if (isset($_POST["series_id"])) {
$seriesid = sanitise($_POST["series_id"]);
$teamone = sanitise($_POST["team_one"]);
$teamtwo = sanitise($_POST["team_two"]);
}
$query_one = "INSERT INTO {$sql_table} (SeriesId, TeamId) VALUES ('{$seriesid}', '{$teamone}')";
$query_two = "INSERT INTO {$sql_table} (SeriesId, TeamId) VALUES ('{$seriesid}', '{$teamtwo}')";
$result_one = mysqli_query($conn, $query_one);
$result_two = mysqli_query($conn, $query_two);
if ($result_one && $result_two) {
header("location:series_successful.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Please Enter a valid Team ID</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='series_teams.php'>Go Back</a>";
public $first_name;
public $last_name;
public $location;
public $user_email;
}
function sanitise($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$first_name = sanitise($_POST['first_name']);
$last_name = sanitise($_POST['last_name']);
$location = sanitise($_POST['location']);
$user_email = sanitise($_POST['user_email']);
$user_name = $_SESSION['user_name'];
echo 'Profile of ' . $_SESSION['user_name'] . '.<br/>';
$update = "UPDATE users SET first_name='{$first_name}' WHERE user_name= '{$user_name}'";
$inserted = mysql_query($update);
$update = "UPDATE users SET last_name='{$last_name}' WHERE user_name= '{$user_name}' ";
$inserted = mysql_query($update);
$update = "UPDATE users SET location='{$location}' WHERE user_name='{$user_name}'";
$inserted = mysql_query($update);
$update = "UPDATE users SET user_email='{$user_email}' WHERE user_name= '{$user_name}'";
$inserted = mysql_query($update);
//session must change
if (!$inserted) {
echo 'Something went wrong. Please try again
later.';
} else {
<?php
include_once 'functions.php';
checklogin();
//make sure the user's logged in
if ($loggedin == 1) {
if (!isset($user)) {
$user = mysql_real_escape_string($_COOKIE['userid']);
}
$conn = opendb();
$pass = sanitise('currentpassword', 'p');
$newpass1 = sanitise('newpassword1', 'p');
$newpass2 = sanitise('newpassword2', 'p');
$query = "SELECT * FROM users WHERE UserID='{$user}'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
$hash = sha1($pass . $row['Salt']);
//check that they've provided the correct password:
if ($hash == $row['Password']) {
//check that provided passwords match:
if ($newpass1 == $newpass2) {
//check that new password is long enough:
if (strlen($newpass1) > 5) {
//generating some salty hashes:
$salt = generatesalt();
$hash = sha1($newpass1 . $salt);
//now we change their password...
$query = "UPDATE users SET Password='******', Salt='{$salt}' WHERE UserID='{$user}'";
$result = mysql_query($query) or die(mysql_error());
//tell the user that it has been sucessfull:
<?php
include 'functions.php';
$conn = opendb();
$email = sanitise('email', 'p');
$pass = sanitise('password', 'p');
$repeatpass = sanitise('repeatpassword', 'p');
$msg = NULL;
if (strlen($pass) < 6) {
$msg = $msg . "Your passsword is too short! ";
}
if ($pass != $repeatpass) {
$msg = $msg . "Your passwords don't match! ";
}
if ($email == NULL || $pass == NULL || $repeatpass == NULL) {
$msg = $msg . "One of the fields is empty! ";
}
if ($msg == NULL) {
$query = "SELECT * FROM users WHERE Email='{$email}'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 0) {
$time = time() + 604800;
$salt = generatesalt();
$hash = sha1($pass . $salt);
$validationkey = sha1(generatesalt(64));
$query = "INSERT INTO users (Email, Password, Salt, ValidatedTimeout, ValidationKey, PrefCurrency, PrefPaymentMethod) VALUES ('{$email}', '{$hash}', '{$salt}', '{$time}', '{$validationkey}', '£', 'Card')";
//insrt
mysql_query($query) or die(mysql_error());
$UserID = mysql_insert_id();
$query = "INSERT INTO accounts (UserID, AccountName) VALUES ('{$UserID}', 'Current')";
mysql_query($query) or die(mysql_error());
<?php
if (isset($_POST['dir_name'])) {
if ($_POST['dir_name'] !== '') {
$name = $_POST['dir_name'];
$lenght = strlen($name);
$newdir = sanitise($name, $lenght);
chdir("storage");
create_dir($newdir);
} else {
echo "Please enter the directory name";
}
}
?>
<div class="col-lg-12">
<div class="panel-body">
<form method="post" action="main.php?tab=storage&id=make_dir" class="form-inline">
<div class="form-group">
<label for="directory_name">Create Directory</label>
<input type="text" name="dir_name" class="form-control" id="directory_name" placeholder="Name">
</div>
<button type="submit" class="btn btn-default">Create</button>
</form>
</div>
</div>
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$currency = '&' . sanitise('currency') . ';';
if (isset($currency)) {
$query = "UPDATE users SET PrefCurrency='{$currency}' WHERE UserID='{$user}'";
mysql_query($query) or die(mysql_error());
echo "Success! Your currency has been changed to " . $currency;
}
} else {
loginform();
}
$sql_table = "match_team_details";
//check whether the form fields in the register form are set
if (isset($_POST["match_id"])) {
$matchid = sanitise($_POST["match_id"]);
$teamoneid = sanitise($_POST["teamone_id"]);
$teamonescore = sanitise($_POST["teamone_score"]);
$teamoneovers = sanitise($_POST["teamone_overs"]);
$teamonewickets = sanitise($_POST["teamone_wickets"]);
$teamonetoss = sanitise($_POST["teamone_toss"]);
$teamonewon = sanitise($_POST["teamone_won"]);
$teamtwoid = sanitise($_POST["teamtwo_id"]);
$teamtwoscore = sanitise($_POST["teamtwo_score"]);
$teamtwoovers = sanitise($_POST["teamtwo_overs"]);
$teamtwowickets = sanitise($_POST["teamtwo_wickets"]);
$teamtwotoss = sanitise($_POST["teamtwo_toss"]);
$teamtwowon = sanitise($_POST["teamtwo_won"]);
}
$query_one = "INSERT INTO {$sql_table} (MatchId, TeamId, TeamToss, TeamScore, TeamOvers, TeamWickets, TeamWon) VALUES ('{$matchid}', '{$teamoneid}','{$teamonetoss}', '{$teamonescore}', '{$teamoneovers}', '{$teamonewickets}', '{$teamonewon}')";
$query_two = "INSERT INTO {$sql_table} (MatchId, TeamId, TeamToss, TeamScore, TeamOvers, TeamWickets, TeamWon) VALUES ('{$matchid}', '{$teamtwoid}','{$teamtwotoss}', '{$teamtwoscore}', '{$teamtwoovers}', '{$teamtwowickets}', '{$teamtwowon}')";
$result_one = mysqli_query($conn, $query_one);
$result_two = mysqli_query($conn, $query_two);
if ($result_one && $result_two) {
header("location:matchess_player_details.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Oops! seems like you did not enter something right!</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='matches_team_details.php'>Go Back</a>";
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$account = sanitise('id');
$archive = sanitise('archive');
checkAccount($user, $account, 0);
$query = "UPDATE accounts SET Archived='{$archive}' WHERE AccountID='{$account}'";
mysql_query($query) or die(mysql_error());
$query = "SELECT * FROM accounts WHERE AccountID='{$account}'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
accountInList($row['AccountID'], $row['AccountName'], $archive);
}
$data = htmlspecialchars($data);
return $data;
}
class Purchase
{
public $credit;
public $item;
public $stock;
public $date_purchased;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$post_purchase = new Purchase();
$credit = sanitise($_POST["purchase_credit"]);
$post_purchase->item = sanitise($_POST["purchase_item "]);
$post_purchase->quantity = sanitise($_POST["purchase_quantity"]);
$post_purchase->date_purchased = sanitise($_POST["purchase_date"]);
$valid = true;
$Errorcode = "";
if (empty($post_purchase->credit)) {
$valid = false;
$Errorcode = "card number empty";
}
$rows = mysql_query("SELECT * purchase WHERE credit = {$credit};");
for ($i = 0; $i < mysql_num_rows($rows); $i++) {
$credit = mysql_result($rows, $i, "purchase_credit");
$item = mysql_result($rows, $i, "purchase_item");
$quantity = mysql_result($rows, $i, "purchase_quantity");
$date_purchased = mysql_result($rows, $i, "purchase_date");
echo "<tr>";
echo "<td>{$credit}</td>";
echo "<td>{$item}</td>";
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
require_once "settings.php";
//connection info
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "series";
//check whether the form fields in the register form are set
if (isset($_POST["series_id"])) {
$serieswinner = sanitise($_POST["series_winner"]);
$seriesid = sanitise($_POST["series_id"]);
}
$query_one = "UPDATE {$sql_table} SET SeriesWinner = '{$serieswinner}' WHERE SeriesId = '{$seriesid}'";
$result_one = mysqli_query($conn, $query_one);
if ($result_one) {
header("location:series_winner.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Please Enter a valid Series and Team ID</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='series_winner.php'>Go Back</a>";
echo "</div>";
//header("location:index.php");
} else {
//GET YELP DATA
if ($refresh == 'true') {
$places = getyelpall($lat, $long, $cat, $radius);
$places = parseyelp($places);
$_SESSION['refresh'] = 'false';
} else {
$places = $_SESSION['places'];
}
}
print_r($_SESSION);
//users history
$userevents = getevents($user);
//sanitise data
//yelp
$places = sanitise($places, $userevents);
// get user tags
$usertags = gettags($user);
// weight yelp
for ($i = 0; $i < count($places); $i++) {
$places[$i] = weight($places[$i], $usertags);
}
//sort yelp
$places = sortevents($places);
$places = array_values($places);
$_SESSION['places'] = $places;
$userlat = $_SESSION['userlat'];
$userlong = $_SESSION['userlong'];
//display top
$suggestion = $places[0];
$postcode = $suggestion['postcode'];
}
require_once "settings.php";
//connection info
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "player";
//check whether the form fields in the register form are set
if (isset($_POST["player_fname"])) {
//$playerid = sanitise($_POST["player_id"]);
$playerfname = sanitise($_POST["player_fname"]);
$playerlname = sanitise($_POST["player_lname"]);
$playerdob = sanitise($_POST["player_dob"]);
$playernationality = sanitise($_POST["player_nationality"]);
}
$query = "INSERT INTO {$sql_table} (PlayerFirstName, PlayerLastName, PlayerDOB, PlayerNationality) VALUES ('{$playerfname}', '{$playerlname}','{$playerdob}', '{$playernationality}')";
$result = mysqli_query($conn, $query);
if ($result) {
header("location:register_player_role.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Please Enter a Non existing Role ID</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='role.php'>Add Role</a>";
echo "</div>";
//header("location:index.php");
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
require_once "settings.php";
//connection info
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "umpire";
//check whether the form fields in the register form are set
if (isset($_POST["umpire_id_one"])) {
$umpire = sanitise($_POST["umpire_id_one"]);
$query = "DELETE FROM {$sql_table} WHERE UmpireId = {$umpire}";
$result = mysqli_query($conn, $query);
if (!$result) {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Oops! seems like you did not enter something right!</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='delete_umpire.php'>Go Back</a>";
echo "</div>";
//header("location:index.php");
} else {
header("location:delete_umpire.php");
}
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
require_once "settings.php";
//connection info
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "role";
//check whether the form fields in the register form are set
if (isset($_POST["role_id"])) {
$roleid = sanitise($_POST["role_id"]);
$rolename = sanitise($_POST["role_name"]);
}
$query = "INSERT INTO {$sql_table} (RoleId, RoleDescription) VALUES ('{$roleid}', '{$rolename}')";
$result = mysqli_query($conn, $query);
if ($result) {
header("location:role_successful.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Please Enter a Non existing Role ID</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='role.php'>Add Role</a>";
echo "</div>";
//header("location:index.php");
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$account = sanitise('account');
$sd = sanitise('sd');
$sm = sanitise('sm');
$sy = sanitise('sy');
$ed = sanitise('ed');
$em = sanitise('em');
$ey = sanitise('ey');
$value = sanitise('value');
$order = sanitise('order');
$field = sanitise('field');
$perpage = intval(sanitise('perpage'));
if ($perpage == 0) {
$perpage = 20;
}
$offset = intval(sanitise('offset'));
checkAccount($user, $account, 0);
$startdate = strtotime($sm . "/" . $sd . "/" . $sy) - 1;
$enddate = strtotime($em . "/" . $ed . "/" . $ey) + 1;
if ($enddate < $startdate) {
$enddate = $startdate + 2;
}
statement($perpage, $user, $order, $account, $offset, $value, $field, $startdate, $enddate);
} else {
loginform();
}
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
$id = sanitise('id');
$paymentid = sanitise('id');
$query = "SELECT * FROM repeats WHERE RepeatID='{$id}' AND UserID='{$user}'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$paired = $row['PairedID'];
$query = "DELETE FROM repeats WHERE RepeatID='{$id}' OR RepeatID='{$paired}'";
mysql_query($query) or die(mysql_error());
if ($paired == 0) {
$paired = NULL;
}
//Delete later repeats
$query = "SELECT * FROM payments WHERE PaymentID='{$paymentid}' AND RepeatID='{$id}' AND UserID='{$user}'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$query = "UPDATE payments SET Deleted='1' WHERE (RepeatID='{$id}' OR RepeatID='{$paired}') AND UserID='{$user}' AND Timestamp>'" . $row['Timestamp'] . "'";
mysql_query($query) or die(mysql_error());
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$method = sanitise('pm');
if (isset($method)) {
$query = "UPDATE users SET PrefPaymentMethod='{$method}' WHERE UserID='{$user}'";
mysql_query($query) or die(mysql_error());
echo "Success! Your default payment method has been changed to " . $method;
}
} else {
loginform();
}
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
require_once "settings.php";
//connection info
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "series_type";
//check whether the form fields in the register form are set
if (isset($_POST["game_type_id"])) {
$gametypeid = sanitise($_POST["game_type_id"]);
$gametypename = sanitise($_POST["game_type_name"]);
}
$query = "INSERT INTO {$sql_table} (SeriesTypeId, SeriesTypeName) VALUES ('{$gametypeid}', '{$gametypename}')";
$result = mysqli_query($conn, $query);
if ($result) {
header("location:gametype_successful.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Please Enter a Non existing Game Type ID</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='game_type.php'>Add Game Type</a>";
echo "</div>";
//header("location:index.php");
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
require_once "settings.php";
//connection info
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "player_role";
//check whether the form fields in the register form are set
if (isset($_POST["player_role_id"])) {
$playerid = sanitise($_POST["player_id"]);
$playerrole = sanitise($_POST["player_role_id"]);
}
$query = "INSERT INTO {$sql_table} (PlayerId, RoleId) VALUES ('{$playerid}', '{$playerrole}')";
$result = mysqli_query($conn, $query);
if ($result) {
header("location:player_successful.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Please Enter a valid Role ID</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='register_player_role.php'>Go Back</a>";
echo "</div>";
//header("location:index.php");
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$id = sanitise('id');
$a = sanitise('a');
checkaccount($user, $id, 0);
//Return 0 if not account, therefore affecting no rows in the table AccountID!=0
if ($a != NULL) {
$query = "UPDATE accounts SET AccountName='{$a}' WHERE UserID='{$user}' AND AccountID='{$id}'";
mysql_query($query) or die(mysql_error());
echo "<div id='account" . $id . "'>" . stripslashes($a) . " <button onclick=\"editAccountForm(" . $id . ",'" . stripslashes($a) . "')\">Edit</button></div>";
}
} else {
loginform();
}
$_SESSION['yelp'] = $yelp;
//eventful
$eventful = parseeventful($events);
$_SESSION['eventful'] = $eventful;
$_SESSION['refresh'] = false;
}
$yelp = $_SESSION['yelp'];
$eventful = $_SESSION['eventful'];
//users history
$userevents = getevents($user);
//sanitise data
//yelp
$yelp = sanitise($yelp, $userevents);
//eventful
if ($eventful) {
$eventful = sanitise($eventful, $userevents);
}
// get user tags
$usertags = gettags($user);
// weight yelp
for ($i = 0; $i < count($yelp); $i++) {
$yelp[$i] = weight($yelp[$i], $usertags);
}
//weight eventful
if ($eventful) {
for ($i = 0; $i < count($eventful); $i++) {
$eventful[$i] = weight($eventful[$i], $usertags);
}
}
//sort yelp
$yelp = sortevents($yelp);
<?php
include_once 'functions.php';
$conn = opendb();
$email = sanitise('email', 'p');
$pass = sanitise('password', 'p');
$msg = 'Your email or password were incorrect or your account is not yet validated';
$query = "SELECT * FROM users WHERE Email='{$email}' AND Validated='1'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_assoc($result);
$salted = sha1($pass . $row['Salt']);
if ($salted == $row['Password']) {
$user = $row['UserID'];
//Login
$sesskey = sha1(mt_rand());
$query = "SELECT * FROM sessions WHERE SessionKey='{$sesskey}'";
$result = mysql_query($query) or die(mysql_error());
while (mysql_num_rows($result) > 1) {
$sesskey = sha1(mt_rand());
$query = "SELECT * FROM sessions WHERE SessionKey='{$sesskey}'";
$result = mysql_query($query) or die(mysql_error());
}
$time = time() + 86400;
$ip = $_SERVER['REMOTE_ADDR'];
$query = "INSERT INTO sessions (SessionKey, UserID, SessionTimeout, IP) VALUES ('{$sesskey}', '{$user}', '{$time}', '{$ip}')";
mysql_query($query) or die(mysql_error());
setcookie("userid", $user, $time);
setcookie("sessionkey", $sesskey, $time);
setcookie("userid", $user, $time, "/xmlhttp/");
setcookie("sessionkey", $sesskey, $time, "/xmlhttp/");
echo "<h4>Oops! seems like you did not enter something right!</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='matches_player_details.php'>Go Back</a>";
echo "</div>";
//header("location:index.php");
} else {
if (isset($_POST["player_2_id"])) {
$playerr = sanitise($_POST["player_2_id"]);
$matchh = sanitise($_POST["match_id"]);
$teamm = sanitise($_POST["team_id"]);
$positionn = sanitise($_POST["pos2"]);
$scoree = sanitise($_POST["player_2_score"]);
$ballss = sanitise($_POST["player_2_balls"]);
$overss = sanitise($_POST["player_2_overs"]);
$wicketss = sanitise($_POST["player_2_bowled"]);
$query_one = "INSERT INTO {$sql_table} (MatchId, TeamId, PlayerId, BattingPosition, RunScored, BallsFaced, WicketsTaken, OversBowled) ";
$query_one .= "VALUES ('{$matchh}', '{$teamm}','{$playerr}', '{$positionn}', '{$scoree}', '{$ballss}', '{$wicketss}', '{$overss}')";
$result_one = mysqli_query($conn, $query_one);
if (!$result_one) {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Oops! seems like you did not enter something right!</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='matches_player_details.php'>Go Back</a>";
echo "</div>";
//header("location:index.php");
}
} else {
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "match_team_player_details";
$query = "INSERT INTO {$sql_table} (MatchId, TeamId, PlayerId, BattingPosition, RunScored, BallsFaced, WicketsTaken, OversBowled) ";
//check whether the form fields in the register form are set
if (isset($_POST["player_one_id"])) {
$player = sanitise($_POST["player_one_id"]);
$match = sanitise($_POST["match_id"]);
$team = sanitise($_POST["team_id"]);
$position = sanitise($_POST["pos1"]);
$score = sanitise($_POST["player_one_score"]);
$balls = sanitise($_POST["player_one_balls"]);
$overs = sanitise($_POST["player_one_overs"]);
$wickets = sanitise($_POST["player_one_bowled"]);
$query .= "VALUES ('{$match}', '{$team}','{$player}', '{$position}', '{$score}', '{$balls}', '{$wickets}', '{$overs}')";
$result = mysqli_query($conn, $query);
if (!$result) {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Oops! seems like you did not enter something right!</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='matches_player_details.php'>Go Back</a>";
echo "</div>";
//header("location:index.php");
} else {
header("location:scorecardd_successful.php");
}
<?php
ini_set('display_errors', 'Off');
include_once '../functions.php';
checklogin();
$conn = opendb();
$id = sanitise('id');
$query = "SELECT * FROM payments WHERE PaymentID='{$id}' AND UserID='{$user}'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$pairedid = $row['PairedID'];
$query = "UPDATE payments SET Deleted='1' WHERE (PaymentID='{$id}' AND UserID='{$user}') OR (PaymentID='{$pairedid}' AND UserID='{$user}')";
mysql_query($query) or die(mysql_error());
if ($row['RepeatID'] != 0) {
echo $row['RepeatID'];
}
