<?php
require_once dirname(__FILE__) . "/library/DB.php";
require_once dirname(__FILE__) . "/config/config.php";
session_start();
$db = new DB();
$db->db_connect();
if (isset($_SESSION["user"])) {
header("Location: list.php");
}
if (isset($_POST["eid"])) {
$sql = "SELECT * FROM user WHERE (user_eid = '" . $db->db_escape_string($_POST["eid"]) . "' OR LOWER(user_nick_name) = LOWER('" . $db->db_escape_string($_POST["eid"]) . "')) AND active = 1";
$rs = $db->db_query($sql);
$user = $db->fetch_array($rs);
if (!$user) {
$errors = "EID not exist";
} else {
$_SESSION["user"] = $user;
header("Location: list.php");
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"/>
<!-- Compiled and minified CSS -->
<link rel="stylesheet" href="/bower_components/Materialize/dist/css/materialize.min.css">
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<!--Let browser know website is optimized for mobile-->
</head>
<?php
require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
header("Location: index.php");
}
$db = new DB();
$db->db_connect();
if (!isset($_GET["uid"])) {
header("Location: user.php");
} else {
$sql = "SELECT * FROM user WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'";
$rs = $db->db_query($sql);
$user = $db->fetch_array($rs);
if ($user) {
$sql = "UPDATE user\r\n\t\t\t\t\t\tSET active='0'\r\n\t\t\t\t\t\tWHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'";
$db->db_query($sql);
}
header("Location: user.php");
}
session_start();
$db = new DB();
$db->db_connect();
if (isset($_SESSION["admin"])) {
header("Location: user.php");
}
if (isset($_POST["login_id"])) {
$errors = array();
if ($_POST["login_id"] == "") {
$errors[] = "please enter login id";
}
if ($_POST["password"] == "") {
$errors[] = "please enter password";
}
$pw = md5($_POST["password"]);
$sql = "SELECT * FROM admin WHERE admin_login = '******' AND admin_password = '******'";
$rs = $db->db_query($sql);
$admin = $db->fetch_array($rs);
print_r($admin);
if (!$admin) {
$errors[] = "login id or password is incorrect!";
} else {
$_SESSION["admin"] = $admin;
header("Location: user.php");
}
}
?>
<!DOCTYPE html>
<html>
<body>
$db->db_connect();
//Select from DB
if (isset($_GET["uid"])) {
$sql = "SELECT * FROM user WHERE user_id = " . $_GET["uid"];
$rs = $db->db_query($sql);
$users = $db->fetchAll($rs);
foreach ($users as $user) {
$id = $user['user_id'];
$eid = $user['user_eid'];
$name = $user['user_nick_name'];
$gwid = $user['user_gwid'];
}
}
//Update user information
if (isset($_POST["id"])) {
$p_id = $db->db_escape_string($_POST["id"]);
$p_eid = $db->db_escape_string($_POST["eid"]);
$p_nickname = $db->db_escape_string($_POST["name"]);
$p_gwid = $db->db_escape_string($_POST["gwid"]);
if ($_FILES["user_image"]["tmp_name"]) {
$extention_file = preg_match("/\\.([a-z])+\$/", $_FILES["user_image"]["name"], $match);
$file_name = $_FILES["user_image"]["name"] . $user_eid . $match[0];
move_uploaded_file($_FILES["user_image"]["tmp_name"], "../images/" . $file_name);
$file_name = ", user_img = '{$file_name}'";
} else {
$file_name = "";
}
print_r($file_name);
$sql = "UPDATE user SET user_eid = '{$p_eid}', user_nick_name = '{$p_nickname}', user_gwid = '{$p_gwid}' {$file_name} WHERE user_id=" . $p_id;
$db->db_query($sql);
header("Location: ../admin/user.php");
<?php
require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
header("Location: index.php");
}
$db = new DB();
$db->db_connect();
$fday = "";
$sort = "";
if ($_GET["year"]) {
$year = $db->db_escape_string($_GET["year"]);
}
if (isset($_GET["sort"])) {
switch ($_GET['sort']) {
case '1':
$sort .= "ORDER BY thanks ASC";
break;
case '2':
$sort .= "ORDER BY thanks DESC";
break;
default:
$sort .= "ORDER BY thanks DESC";
break;
}
} else {
$sort .= "ORDER BY thanks DESC";
}
$sql = "SELECT *, (SELECT COUNT(*) FROM comment WHERE comment.comment_who_thank = user.user_eid";
$sort .= "ORDER BY user_eid DESC";
break;
case '3':
$sort .= "ORDER BY user_nick_name ASC";
break;
case '4':
$sort .= "ORDER BY user_nick_name DESC";
break;
default:
$sort .= "ORDER BY user_eid DESC";
break;
}
}
$filter = "";
if (isset($_GET["keyword"])) {
$filter .= "AND (user.user_nick_name LIKE '%" . $db->db_escape_string($_GET["keyword"]) . "%' OR user.user_eid LIKE '%" . $db->db_escape_string($_GET["keyword"]) . "%') ";
}
$sql = "SELECT *, (SELECT COUNT(*) FROM comment \r\n\t\t\t\t\tWHERE user.user_id = comment.user_id \r\n\t\t\t\t\t\tGROUP BY user_id) AS thanks , \r\n\t\t\t\t (SELECT COUNT(*) FROM comment \r\n\t\t\t\t\tWHERE user.user_id = comment.user_id AND comment_reg_datetime BETWEEN DATE_FORMAT(NOW() ,'%Y-%m-01') AND NOW() \r\n\t\t\t\t\t\tGROUP BY user_id) AS thank_in_month ,\r\n\t\t\t\t (SELECT comment_content FROM comment\r\n\t\t\t\t \tWHERE user.user_id = comment.user_id\r\n\t\t\t\t \t\tORDER BY comment_reg_datetime DESC LIMIT 1) AS last_comment\r\n\t\t\t\t\t\t\tFROM user WHERE active = '1' " . $filter . $sort;
$rs = $db->db_query($sql);
$users = $db->fetchAll($rs);
$content = file_get_contents("content.htm");
$regex = "/\\/user\\/detail\\?id=([0-9]+)\">([^<]*?)</";
preg_match_all($regex, $content, $matches);
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"/>
<!-- Compiled and minified CSS -->
<link rel="stylesheet" href="/bower_components/Materialize/dist/css/materialize.min.css">
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<?php
require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
header("Location: index.php");
}
$db = new DB();
$db->db_connect();
if (isset($_POST["user_eid"])) {
try {
$user_eid = $db->db_escape_string($_POST["user_eid"]);
if ($_FILES["user_image"]["tmp_name"]) {
$extention_file = preg_match("/\\.([a-z])+\$/", $_FILES["user_image"]["name"], $match);
$file_name = $user_eid . $match[0];
move_uploaded_file($_FILES["user_image"]["tmp_name"], "../images/" . $file_name);
} else {
$file_name = "";
}
$user_nick_name = $db->db_escape_string($_POST["user_nick_name"]);
$user_gwid = $db->db_escape_string($_POST["user_gwid"]);
$sql = "INSERT INTO user (user_eid, user_nick_name, user_reg_datetime, user_gwid,user_img) VALUES ('{$user_eid}', '{$user_nick_name}', NOW(), '{$user_gwid}','{$file_name}')";
$db->db_query($sql);
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
die;
}
header("Location: user.php");
}
?>
<?php
require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
header("Location: index.php");
}
$db = new DB();
$db->db_connect();
$fday = "";
$sort = "";
if ($_GET["startdate"]) {
$startdate = $db->db_escape_string($_GET["startdate"]);
}
if ($_GET["enddate"]) {
$enddate = $db->db_escape_string($_GET["enddate"]);
}
if ($_GET["year"]) {
$year = $db->db_escape_string($_GET["year"]);
}
if (strtotime($enddate) < strtotime($startdate)) {
$error = "date is not valid!";
}
$param = $_GET;
$uri = "";
foreach ($param as $key => $value) {
if ($uri !== "") {
$uri .= "&";
}
$uri .= $key . "=" . $value;
<?php
require_once dirname(__FILE__) . "/library/DB.php";
require_once dirname(__FILE__) . "/config/config.php";
require_once dirname(__FILE__) . "/library/emotion.php";
session_start();
if (!isset($_SESSION["user"])) {
header("Location: index.php");
}
$db = new DB();
$db->db_connect();
if (isset($_POST["user_id"])) {
$uid = $db->db_escape_string($_POST["user_id"]);
$comment = $db->db_escape_string($_POST["content"]);
$who = $_SESSION["user"]["user_eid"];
$sql = "INSERT INTO comment (user_id, comment_content, comment_who_thank, comment_reg_datetime) VALUES ('{$uid}', '{$comment}', '{$who}',NOW())";
$db->db_query($sql);
header("Location: list.php");
} elseif (!isset($_GET["uid"])) {
header("Location: list.php");
} else {
$sql = "SELECT * FROM user WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "' AND active = '1'";
$rs = $db->db_query($sql);
$user = $db->fetch_array($rs);
$sql = "SELECT * FROM comment WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'" . " AND comment_reg_datetime >= '" . date("Y-01-01 00:00:00") . "'" . " ORDER BY comment_reg_datetime DESC";
$rs = $db->db_query($sql);
$comments = $db->fetchAll($rs);
if (!$user) {
header("Location: list.php");
}
if (isset($_GET["img"])) {
<?php
require_once dirname(__FILE__) . "/../library/DB.php";
require_once dirname(__FILE__) . "/../config/config.php";
session_start();
if (!isset($_SESSION["admin"])) {
header("Location: index.php");
}
$db = new DB();
$db->db_connect();
if (!isset($_GET["uid"])) {
header("Location: user.php");
} else {
$sql = "SELECT * FROM user WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'";
$rs = $db->db_query($sql);
$user = $db->fetch_array($rs);
if (isset($_GET["startdate"])) {
$startdate = $db->db_escape_string($_GET["startdate"]);
}
if (isset($_GET["enddate"])) {
$enddate = $db->db_escape_string($_GET["enddate"]);
}
$sql = "SELECT comment.*, user.user_nick_name AS who_thank \r\n\t\t\t\t\t\t\tFROM comment LEFT JOIN user \r\n\t\t\t\t\t\t\tON comment.comment_who_thank = user.user_eid \r\n\t\t\t\t\t\t\t\tWHERE comment.user_id = '" . $db->db_escape_string($_GET["uid"]) . "'";
if ($startdate) {
$sql .= " AND comment_reg_datetime >= '" . $startdate . "'";
}
if ($enddate) {
$sql .= " AND comment_reg_datetime <= '" . $enddate . "'";
}
$sql .= " AND comment_reg_datetime >= '" . date("Y-01-01 00:00:00") . "'";
$rs = $db->db_query($sql);
