Esempio n. 1
0
 function login($email, $password, $remember_me = false)
 {
     $email = cleanData($email);
     if ($userData = $this->checkUser($email, $password)) {
         $this->loginUser($userData, $remember_me);
         return true;
     }
     return false;
 }
Esempio n. 2
0
function updateQuery($table, $data, $where)
{
    $count = 0;
    foreach ($data as $field => $value) {
        $count > 0 ? $update .= ', ' : ($update = '');
        $update .= $value === 'NOW()' ? $field . "= NOW()" : $field . '="' . cleanData($value) . '"';
        $count++;
    }
    if (mysql_query('UPDATE ' . $table . ' SET ' . $update . ' WHERE ' . $where . ' LIMIT 1')) {
        return true;
    } else {
        return false;
    }
}
Esempio n. 3
0
/**
 * Clean form data 
 * 
 * Strips tags and removes/replaces certain characters from post data
 * 
 * @param array $p Post data from a form
 * @return array $p
 */
function cleanData($p)
{
    $returnArray = array();
    foreach ($p as $key => $value) {
        //if value is an array recursively apply this function
        if (is_array($value)) {
            $returnArray[$key] = cleanData($value);
        } else {
            //arrays with strings to find and replace
            $find = array("<?php", "?>");
            $replace = array("", "");
            //trips possible tags (excluding links, bold, italic, lists, paragraphs) first, then removes certain forbidden strings, then removes backslashes, removes the first pargraph tag, removes the first closing paragraph tag, then converts remaining special characters to htmlentities
            $returnArray[$key] = htmlspecialchars(preg_replace('~<p>(.*?)</p>~is', '$1', stripslashes(str_replace($find, $replace, strip_tags($value, "<a><i><b><strong><em><li><ul><ol><br><p><iframe>"))), 1), ENT_QUOTES);
        }
    }
    //return the cleaned array
    return $returnArray;
}
Esempio n. 4
0
        }
    } else {
        $errors .= $er2;
    }
    return $errors;
}
// When the submit button is pressed Validates and Sanitizes the data
if (isset($submit)) {
    // Checking Date
    $error = cleanData($date, $dateEr1, $dateEr2);
    $errors .= $error;
    // Checking Location
    $error = cleanData($location, $locationEr1, $locationEr2);
    $errors .= $error;
    // Checking Description
    $error = cleanData($desc, $msgEr, $msgEr);
    $errors .= $error;
    // Check to see if there is errors
    if (!$errors) {
        //Insert data in mysql database;
        $sql = "INSERT INTO `blazing`.`vacation` (`id`, `date`, `location`, `desc`) VALUES (NULL, '{$date}', '{$location}', '{$desc}')";
        if (!mysql_query($sql)) {
            echo "<br /> Didn't work";
        } else {
            echo "Saved Results:<br>";
            echo $date . " | " . $location . " | " . $desc . "<br><br>";
            echo '<h1 style="color:green; margin-left:35%; margin-right:50%;">Vacation SUCCESSFULLY CREATED</h1>';
        }
        echo "You have successfully submitted data!<br><br>";
    } else {
        echo $errors;
<?php

require "admin_login.php";
$product = "NailAccessories";
$typenum = '7';
//need to change h2 at line 116
//change num at 89
//change path in 33
//change path at 101
//change num at 102
if (isset($_POST['submit'])) {
    $name = cleanData($_POST['name']);
    $code = cleanData($_POST['code']);
    $price = cleanData($_POST['price']);
    $description = cleanData($_POST['description']);
    //print "Data cleaned";
    addData($name, $code, $price, $description);
} else {
    printform();
}
function cleanData($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    $data = strip_tags($data);
    return $data;
}
function checkPicture()
{
    if (isset($_FILES['picture'])) {
Esempio n. 6
0
            echo $errors;
        }
    } else {
        $errors .= $er2;
    }
    return $errors;
}
// When the submit button is pressed Validates and Santizes the data
if (isset($submit)) {
    // Checking User Name
    $error = cleanData($user_name, $nameEr1, $nameEr2);
    $errors .= $error;
    // Checking User Email
    $error = cleanData($user_email, $emailEr1, $emailEr2);
    $errors .= $error;
    // Checking Message
    $error = cleanData($msg, $msgEr, $msgEr);
    $errors .= $error;
    // Check to see if there is erros
    if (!$errors) {
        $mail_to = '*****@*****.**';
        $header = 'From: ' . $_POST['user_name'];
        $subject = 'New Mail from Business website Form Submission';
        $message = 'From: ' . $_POST['user_name'] . "\n" . 'Email: ' . $_POST['user_email'] . "\n" . 'Message:\\n' . $_POST['msg'] . "\n\n";
        mail($mail_to, $subject, $message, $header);
        //echo $message;
        echo "Thank you for your email!<br><br>";
    } else {
        echo $errors;
    }
}
Esempio n. 7
0
    public function customAjax($id, $data)
    {
        global $dbh;
        global $SETTINGS;
        global $TYPES;
        $return = ['status' => 'success'];
        if ($data['subAction'] == 'list') {
            //list subAction
            $return['options'] = [];
            if ($data['subType'] == 'preDiscount') {
                //list all products and services on the order, plus an order line
                $sth = $dbh->prepare('SELECT CONCAT("P", orderProductID) AS id, name, recurringID, parentRecurringID, date
						FROM products, orders_products
						WHERE orderID = 1 AND products.productID = orders_products.productID
						UNION
						SELECT CONCAT("S", orderServiceID) AS id, name, recurringID, parentRecurringID, date
						FROM services, orders_services
						WHERE orderID = 1 AND services.serviceID = orders_services.serviceID');
                $sth->execute([':orderID' => $id]);
                $return['options'][] = ['value' => 'O', 'text' => 'Order'];
                while ($row = $sth->fetch()) {
                    if ($row['recurringID'] !== null) {
                        $text = 'Recurring: ' . $row['name'];
                    } elseif ($row['parentRecurringID'] !== null) {
                        $text = formatDate($row['date']) . ': ' . $row['name'];
                    } else {
                        $text = $row['name'];
                    }
                    $return['options'][] = ['value' => $row['id'], 'text' => htmlspecialchars($text, ENT_QUOTES | ENT_HTML5, 'UTF-8')];
                }
            } else {
                $discounts = [];
                if ($data['subType'] == 'discount') {
                    //get the list of discounts applied to the item already so we don't apply the same discount twice to the same item
                    $temp = [substr($data['subID'], 0, 1), substr($data['subID'], 1)];
                    $sth = $dbh->prepare('SELECT discountID
							FROM orders_discounts
							WHERE orderID = :orderID AND appliesToType = :appliesToType AND appliesToID = :appliesToID');
                    $sth->execute([':orderID' => $id, ':appliesToType' => $temp[0], ':appliesToID' => $temp[1]]);
                    while ($row = $sth->fetch()) {
                        $discounts[] = $row['discountID'];
                    }
                }
                $sth = $dbh->prepare('SELECT ' . $TYPES[$data['subType']]['idName'] . ', name
						FROM ' . $TYPES[$data['subType']]['pluralName'] . '
						WHERE active = 1');
                $sth->execute();
                while ($row = $sth->fetch()) {
                    if ($data['subType'] != 'discount' || !in_array($row[0], $discounts)) {
                        $return['options'][] = ['value' => $row[0], 'text' => htmlspecialchars($row[1], ENT_QUOTES | ENT_HTML5, 'UTF-8')];
                    }
                }
            }
        } elseif ($data['subAction'] == 'getDefaultPrice') {
            //getDefaultPrice subAction
            $sth = $dbh->prepare('SELECT defaultPrice
					FROM ' . $TYPES[$data['subType']]['pluralName'] . '
					WHERE ' . $TYPES[$data['subType']]['idName'] . ' = :subID');
            $sth->execute([':subID' => $data['subID']]);
            $row = $sth->fetch();
            $return['defaultPrice'] = formatNumber($row['defaultPrice']);
        } elseif ($data['subAction'] == 'add') {
            //add subAction
            $return['status'] = 'fail';
            $subType = $data['subType'];
            unset($data['subAction']);
            unset($data['subType']);
            if ($subType == 'discount') {
                //for discounts, subID contains a one letter indication of the type of item (O = order, P = product, S = service), and the unique subID
                $itemType = substr($data['subID'], 0, 1);
                $uniqueID = substr($data['subID'], 1);
                if ($itemType == 'O') {
                    $itemTypeFull = 'order';
                    $subType = 'discountOrder';
                } elseif ($itemType == 'P') {
                    $itemTypeFull = 'product';
                    $subType = 'discountProduct';
                } elseif ($itemType == 'S') {
                    $itemTypeFull = 'service';
                    $subType = 'discountService';
                }
                if ($itemType == 'O') {
                    $data['subID'] = 0;
                } else {
                    $sth = $dbh->prepare('SELECT ' . $TYPES[$itemTypeFull]['idName'] . '
							FROM orders_' . $TYPES[$itemTypeFull]['pluralName'] . '
							WHERE order' . $TYPES[$itemTypeFull]['formalName'] . 'ID = :uniqueID');
                    $sth->execute([':uniqueID' => $uniqueID]);
                    $row = $sth->fetch();
                    $data['subID'] = $row[0];
                }
            }
            $data = cleanData('order', $subType, $data);
            $return = verifyData('order', $subType, $data);
            if ($return['status'] != 'fail') {
                if ($subType == 'payment') {
                    $dateTS = DateTime::createFromFormat($SETTINGS['dateFormat'] . '|', $data['date'])->getTimestamp();
                    $sth = $dbh->prepare('INSERT INTO orderPayments (orderID, date, paymentType, paymentAmount)
							VALUES(:orderID, :date, :paymentType, :paymentAmount)');
                    $sth->execute([':orderID' => $id, ':date' => $dateTS, ':paymentType' => $data['paymentType'], ':paymentAmount' => $data['paymentAmount']]);
                    $changeData = ['subType' => 'payment', 'date' => $dateTS, 'paymentType' => $data['paymentType'], 'paymentAmount' => $data['paymentAmount']];
                } elseif ($subType == 'product' || $subType == 'service') {
                    $sth = $dbh->prepare('SELECT quantity
							FROM orders_' . $TYPES[$subType]['pluralName'] . '
							WHERE orderID = :orderID AND ' . $TYPES[$subType]['idName'] . ' = :subID AND unitPrice = :unitPrice');
                    $sth->execute([':orderID' => $id, ':subID' => $data['subID'], ':unitPrice' => $data['unitPrice']]);
                    $result = $sth->fetchAll();
                    if (count($result) == 1 && $data['recurring'] == 'no') {
                        //if the product or service is already present in the expense AND we aren't doing a recurring item, add the quantity to the existing row
                        $totalQuantity = $data['quantity'] + $result[0]['quantity'];
                        $sth = $dbh->prepare('UPDATE orders_' . $TYPES[$subType]['pluralName'] . '
								SET quantity = :quantity
								WHERE orderID = :orderID AND ' . $TYPES[$subType]['idName'] . ' = :subID AND unitPrice = :unitPrice');
                        $sth->execute([':quantity' => $totalQuantity, ':orderID' => $id, ':subID' => $data['subID'], ':unitPrice' => $data['unitPrice']]);
                        $changeAction = 'E';
                        //this is technically an edit, not an add
                        $changeData = ['subType' => $subType, 'subID' => $data['subID'], 'unitPrice' => $data['unitPrice'], 'quantity' => $totalQuantity];
                    } else {
                        if ($data['recurring'] == 'yes') {
                            $startTS = DateTime::createFromFormat($SETTINGS['dateFormat'] . '|', $data['startDate'])->getTimestamp();
                            $endTS = DateTime::createFromFormat($SETTINGS['dateFormat'] . '|', $data['endDate'])->getTimestamp();
                            //add the recurring item
                            $sth = $dbh->prepare('SELECT MAX(recurringID) AS recurringID
									FROM orders_' . $TYPES[$subType]['pluralName']);
                            $sth->execute();
                            $result = $sth->fetchAll();
                            $recurringID = $result[0]['recurringID'] + 1;
                            $sth = $dbh->prepare('INSERT INTO orders_' . $TYPES[$subType]['pluralName'] . ' (orderID, ' . $TYPES[$subType]['idName'] . ', unitPrice, quantity, recurringID, dayOfMonth, startDate, endDate)
									VALUES(:orderID, :subID, :unitPrice, :quantity, :recurringID, :dayOfMonth, :startDate, :endDate)');
                            $sth->execute([':orderID' => $id, ':subID' => $data['subID'], ':unitPrice' => $data['unitPrice'], ':quantity' => $data['quantity'], ':recurringID' => $recurringID, ':dayOfMonth' => $data['dayOfMonth'], ':startDate' => $startTS, ':endDate' => $endTS]);
                            //add occasions from start date to now
                            $temp = new DateTime();
                            $temp->setTimestamp($startTS);
                            $patternStart = new DateTime($data['dayOfMonth'] . '-' . $temp->format('M') . '-' . $temp->format('Y'));
                            $interval = new DateInterval('P1M');
                            $now = new DateTime();
                            $period = new DatePeriod($patternStart, $interval, $now);
                            foreach ($period as $date) {
                                $timestamp = $date->getTimestamp();
                                if ($timestamp >= $startTS && $timestamp <= $endTS) {
                                    $sth = $dbh->prepare('INSERT INTO orders_' . $TYPES[$subType]['pluralName'] . ' (orderID, ' . $TYPES[$subType]['idName'] . ', date, unitPrice, quantity, parentRecurringID)
											VALUES(:orderID, :subID, :date, :unitPrice, :quantity, :parentRecurringID)');
                                    $sth->execute([':orderID' => $id, ':subID' => $data['subID'], ':date' => $timestamp, ':unitPrice' => $data['unitPrice'], ':quantity' => $data['quantity'], ':parentRecurringID' => $recurringID]);
                                }
                            }
                            $changeData = ['subType' => $subType, 'subID' => $data['subID'], 'unitPrice' => $data['unitPrice'], 'quantity' => $data['quantity'], 'recurring' => $data['recurring'], 'interval' => $data['interval'], 'dayOfMonth' => $data['dayOfMonth'], 'startDate' => $startTS, 'endDate' => $endTS];
                        } else {
                            //get date of order
                            $sth = $dbh->prepare('SELECT date
									FROM orders
									WHERE orderID = :orderID');
                            $sth->execute([':orderID' => $id]);
                            $row = $sth->fetch();
                            $sth = $dbh->prepare('INSERT INTO orders_' . $TYPES[$subType]['pluralName'] . ' (orderID, ' . $TYPES[$subType]['idName'] . ', date, unitPrice, quantity)
									VALUES(:orderID, :subID, :date, :unitPrice, :quantity)');
                            $sth->execute([':orderID' => $id, ':subID' => $data['subID'], ':date' => $row['date'], ':unitPrice' => $data['unitPrice'], ':quantity' => $data['quantity']]);
                            $changeData = ['subType' => $subType, 'subID' => $data['subID'], 'unitPrice' => $data['unitPrice'], 'quantity' => $data['quantity']];
                        }
                    }
                } elseif ($subType == 'discountOrder' || $subType == 'discountProduct' || $subType == 'discountService') {
                    //get discountType and discountAmount
                    $sth = $dbh->prepare('SELECT discountType, discountAmount
							FROM discounts
							WHERE discountID = :discountID');
                    $sth->execute([':discountID' => $data['discountID']]);
                    $row = $sth->fetch();
                    $discountType = $row['discountType'];
                    $discountAmount = $row['discountAmount'];
                    $sth = $dbh->prepare('INSERT INTO orders_discounts (orderID, discountID, appliesToType, appliesToID, discountType, discountAmount)
							VALUES(:orderID, :discountID, :appliesToType, :appliesToID, :discountType, :discountAmount)');
                    $sth->execute([':orderID' => $id, ':discountID' => $data['discountID'], ':appliesToType' => $itemType, ':appliesToID' => $uniqueID, ':discountType' => $discountType, ':discountAmount' => $discountAmount]);
                    $changeData = ['subType' => $subType, 'subID' => $data['subID'], 'discountID' => $data['discountID']];
                    //determine if the appliesTo item is a recurring item, and if so, add a discount to past recurrences if they don't already have this discount
                    //TODO: user could possibly make a decision to apply this to past and future recurrences, or just future
                    if ($itemType != 'O') {
                        $sth = $dbh->prepare('SELECT recurringID
								FROM orders_' . $TYPES[$itemTypeFull]['pluralName'] . '
								WHERE order' . $TYPES[$itemTypeFull]['formalName'] . 'ID = :uniqueID');
                        $sth->execute([':uniqueID' => $uniqueID]);
                        $row = $sth->fetch();
                        if ($row['recurringID'] != null) {
                            $recurringID = $row['recurringID'];
                            $sth = $dbh->prepare('SELECT order' . $TYPES[$itemTypeFull]['formalName'] . 'ID AS uniqueID
									FROM orders_' . $TYPES[$itemTypeFull]['pluralName'] . '
									WHERE parentRecurringID = :parentRecurringID AND order' . $TYPES[$itemTypeFull]['formalName'] . 'ID NOT IN(
										SELECT appliesToID
										FROM orders_discounts
										WHERE discountID = :discountID AND appliesToType = :appliesToType
									)');
                            $sth->execute([':parentRecurringID' => $recurringID, ':discountID' => $data['discountID'], 'appliesToType' => $itemType]);
                            while ($row = $sth->fetch()) {
                                $sth2 = $dbh->prepare('INSERT INTO orders_discounts (orderID, discountID, appliesToType, appliesToID, discountType, discountAmount)
										VALUES(:orderID, :discountID, :appliesToType, :appliesToID, :discountType, :discountAmount)');
                                $sth2->execute([':orderID' => $id, ':discountID' => $data['discountID'], ':appliesToType' => $itemType, ':appliesToID' => $row['uniqueID'], ':discountType' => $discountType, ':discountAmount' => $discountAmount]);
                            }
                        }
                    }
                }
                self::updateAmountDue($id);
                $temp = isset($changeAction) ? $changeAction : 'A';
                addChange('order', $id, $_SESSION['employeeID'], $temp, json_encode($changeData));
            }
        } elseif ($data['subAction'] == 'edit') {
            //edit subAction
            $subType = $data['subType'];
            unset($data['subAction']);
            unset($data['subType']);
            $sth = $dbh->prepare('SELECT ' . $TYPES[$subType]['idName'] . ' AS id
					FROM orders_' . $TYPES[$subType]['pluralName'] . '
					WHERE order' . $TYPES[$subType]['formalName'] . 'ID = :uniqueID');
            $sth->execute([':uniqueID' => $data['subID']]);
            $row = $sth->fetch();
            $uniqueID = $data['subID'];
            $data['subID'] = $row['id'];
            $data = cleanData('order', $subType, $data);
            $return = verifyData('order', $subType, $data);
            if ($return['status'] != 'fail') {
                $sth = $dbh->prepare('UPDATE orders_' . $TYPES[$subType]['pluralName'] . '
						SET unitPrice = :unitPrice, quantity = :quantity
						WHERE order' . $TYPES[$subType]['formalName'] . 'ID = :uniqueID');
                $sth->execute([':unitPrice' => $data['unitPrice'], ':quantity' => $data['quantity'], ':uniqueID' => $uniqueID]);
                self::updateAmountDue($id);
                addChange('order', $id, $_SESSION['employeeID'], 'E', json_encode(['subType' => $subType, 'subID' => $data['subID'], 'unitPrice' => $data['unitPrice'], 'quantity' => $data['quantity']]));
            }
        } elseif ($data['subAction'] == 'delete') {
            //delete subAction
            if ($data['subType'] == 'payment') {
                $sth = $dbh->prepare('SELECT date, paymentAmount
						FROM orderPayments
						WHERE paymentID = :paymentID');
                $sth->execute([':paymentID' => $data['subID']]);
                $row = $sth->fetch();
                $sth = $dbh->prepare('DELETE FROM orderPayments
						WHERE paymentID = :paymentID');
                $sth->execute([':paymentID' => $data['subID']]);
                $changeData = ['subType' => 'payment', 'date' => $row['date'], 'paymentAmount' => $row['paymentAmount']];
            } elseif ($data['subType'] == 'product' || $data['subType'] == 'service') {
                $appliesToType = $data['subType'] == 'product' ? 'P' : 'S';
                $sth = $dbh->prepare('SELECT ' . $TYPES[$data['subType']]['idName'] . ' AS id, recurringID, unitPrice, quantity
						FROM orders_' . $TYPES[$data['subType']]['pluralName'] . '
						WHERE order' . $TYPES[$data['subType']]['formalName'] . 'ID = :uniqueID');
                $sth->execute([':uniqueID' => $data['subID']]);
                $row = $sth->fetch();
                $recurring = $row['recurringID'] === null ? 'no' : 'yes';
                //delete item discounts and children's discounts (if any)
                $sth = $dbh->prepare('DELETE FROM orders_discounts
						WHERE appliesToType = :appliesToType AND (appliesToID IN (
							SELECT order' . $TYPES[$data['subType']]['formalName'] . 'ID 
							FROM orders_' . $TYPES[$data['subType']]['pluralName'] . ' 
							WHERE parentRecurringID = :recurringID
						) OR appliesToID = :appliesToID)');
                $sth->execute([':appliesToType' => $appliesToType, ':recurringID' => $row['recurringID'], ':appliesToID' => $data['subID']]);
                //delete item and children (if any)
                $sth = $dbh->prepare('DELETE FROM orders_' . $TYPES[$data['subType']]['pluralName'] . '
						WHERE order' . $TYPES[$data['subType']]['formalName'] . 'ID = :uniqueID OR parentRecurringID = :recurringID');
                $sth->execute([':uniqueID' => $data['subID'], ':recurringID' => $row['recurringID']]);
                $changeData = ['subType' => $data['subType'], 'subID' => $row['id'], 'unitPrice' => $row['unitPrice'], 'quantity' => $row['quantity'], 'recurring' => $recurring];
            } elseif ($data['subType'] == 'discount') {
                $sth = $dbh->prepare('SELECT discountID, appliesToType, appliesToID
						FROM orders_discounts
						WHERE orderDiscountID = :orderDiscountID');
                $sth->execute([':orderDiscountID' => $data['subID']]);
                $row = $sth->fetch();
                if ($row['appliesToType'] == 'O') {
                    $subType = 'discountOrder';
                } elseif ($row['appliesToType'] == 'P') {
                    $subType = 'discountProduct';
                } elseif ($row['appliesToType'] == 'S') {
                    $subType = 'discountService';
                }
                $sth = $dbh->prepare('DELETE FROM orders_discounts
						WHERE orderDiscountID = :orderDiscountID');
                $sth->execute([':orderDiscountID' => $data['subID']]);
                $changeData = ['subType' => $subType, 'subID' => $row['appliesToID'], 'discountID' => $row['discountID']];
            }
            self::updateAmountDue($id);
            addChange('order', $id, $_SESSION['employeeID'], 'D', json_encode($changeData));
        }
        return $return;
    }
Esempio n. 8
0
	}
	.error {
		color: red;
	}
	</style>
	
</head>

<body>

<?php 
$iderror = $passworderror = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // Clean data
    $id = cleanData($_POST["id"]);
    $password = cleanData($_POST["password"]);
    if (empty($id)) {
        $iderror = "* Student ID is a required field";
    } else {
        if (!is_numeric($id)) {
            $iderror = "* Student ID is a number";
        }
    }
    if (empty($password)) {
        $passworderror = "* Password is a required field";
        //return;
    }
    // Check for errors
    if (empty($iderror) && empty($passworderror)) {
        // Check user data with database
        // If valid go to next page with sessionID
Esempio n. 9
0
</a></td>
        <td width="15%" align="center" height="12" class="menutable"><?php 
echo strtoupper($msg_showblogs8);
?>
</td>
        <td width="5%" align="center" height="12" class="menutable"><input type="checkbox" name="log" onclick="selectAll();"></td>
    </tr>
    </table>
    <?php 
$q_blogs = mysql_query("SELECT * FROM " . $database['prefix'] . "blogs \n                            {$sql_order} \n                            LIMIT {$limitvalue}, {$SETTINGS->total}\n                            ") or die(mysql_error());
while ($BLOGS = mysql_fetch_object($q_blogs)) {
    ?>
    <table cellpadding="0" cellspacing="1" width="100%" align="center" style="margin-top:3px;border: 1px solid #64798E">
    <tr>
        <td width="50%" align="left" height="15" valign="middle" style="padding-left:5px"><?php 
    echo strlen($BLOGS->title) > 25 ? substr(cleanData($BLOGS->title), 0, 25) . "..." : cleanData($BLOGS->title);
    ?>
</td>
        <td width="30%" align="left" height="15" valign="middle"><?php 
    echo $BLOGS->rawpostdate;
    ?>
</td>
        <td width="15%" align="center" height="15" valign="middle" style="padding:5px 3px 5px 0"><a href="index.php?cmd=edit&amp;id=<?php 
    echo $BLOGS->id;
    ?>
" title="<?php 
    echo $msg_showblogs8;
    ?>
"><img style="padding:2px" src="images/edit.gif" alt="<?php 
    echo $msg_showblogs8;
    ?>
Esempio n. 10
0
 $estampa_large = imagecreatefrompng(FILES_PATH . 'logo_large.png');
 $estampa_medium = imagecreatefrompng(FILES_PATH . 'logo_medium.png');
 $estampa_thumbs = imagecreatefrompng(FILES_PATH . 'logo_thumbs.png');
 $rankImage = 1;
 // put file in DB, and place file in directory, if uploaded
 foreach ($file_image["name"] as $key => $name_file) {
     if ($name_file != "") {
         // insert the item into [news_images], and return photo_id
         $sql_fields = "sales_id, image, rank, date_created, date_modified";
         $sql_values = "'" . magicAddSlashes($item_id) . "', '', '" . $rankImage . "', NOW(), NOW()";
         $photo_id = insertRecord("sale_photos", $sql_fields, $sql_values, TRUE);
         $rankImage++;
         // clean up filenames
         $filename = $name_file;
         $filename = $item_id . "_" . $photo_id . "_" . $filename;
         $filename = cleanData($filename);
         /// include auto cropper, to limit photo filesize
         include_once $path_to_dynamik . "auto_cropper.inc.php";
         // full - save the new (cropped) image to the folder
         $crop = new autoCropper(imagecreatefromjpeg($file_image["tmp_name"][$key]), FILES_PATH . FILES_SALES_LARGE . $filename, IMG_SALES_LARGE_WIDTH, IMG_SALES_LARGE_HEIGHT, IMG_SALES_LARGE_FIXED, 100, array(255, 255, 255));
         $crop->processImage();
         // chmod the file
         @chmod(FILES_PATH . FILES_SALES_LARGE . $filename, 0777);
         // Watermark large
         $margen_dcho = 0;
         $margen_inf = 0;
         $sx = imagesx($estampa_large);
         $sy = imagesy($estampa_large);
         $im = imagecreatefromjpeg(FILES_PATH . FILES_SALES_LARGE . $filename);
         imagecopy($im, $estampa_large, imagesx($im) - $sx - $margen_dcho, imagesy($im) - $sy - $margen_inf, 0, 0, imagesx($estampa_large), imagesy($estampa_large));
         imagejpeg($im, FILES_PATH . FILES_SALES_LARGE . $filename);
Esempio n. 11
0
        mysql_query("DELETE FROM starter WHERE `id`={$id}");
    }
    $form->setError('starter_success', 'Conversation(s) deleted successfully!');
    $form->return_msg_to('starters.php');
} else {
    if (isset($_POST['edit_starter']) && $_POST['edit_starter'] == 'EDIT') {
        $starter_id = $_POST['starter_id'];
        if (sizeof($starter_id) <= 0) {
            $form->setError('starter_error', 'Please select a conversation to edit!');
            $form->return_msg_to('starters.php');
        }
        $id = is_array($starter_id) ? $starter_id[0] : $starter_id;
        if (is_array($starter_id)) {
            $form->return_msg_to('edit-starter.php?id=' . $id);
        } else {
            $starter = cleanData($_POST['starter']);
            if ($starter == '') {
                $form->setError('starter_error', 'You cannot create empty conversation!');
                $form->return_msg_to('edit-starter.php?id=' . $id);
            }
            $result = mysql_query('UPDATE starter SET `starter`="' . $starter . '" WHERE id=' . $id);
            if (!$result) {
                $form->setError('starter_error', 'Conversation edit failed! Please try again.');
                $form->return_msg_to('edit-starter.php?id=' . $id);
            } else {
                $form->setError('starter_success', 'Conversation updated successfully!');
                $form->return_msg_to('starters.php');
            }
        }
    } else {
        $form->return_msg_to('starters.php');
        $Form->setError('error', 'Please write user password');
    }
    // Password
    if (!isset($_POST['phone']) || empty($_POST['phone'])) {
        $Form->setError('error', 'Please write user phone number');
    }
    /**
     * Error Found!
     * Redirect back to form page
     */
    if ($Form->num_errors > 0) {
        $Form->return_msg_to('add-a-administrator.php');
    }
    $first_name = cleanData($_POST['first_name']);
    $last_name = cleanData($_POST['last_name']);
    $email = cleanData($_POST['email']);
    $password = cleanData($_POST['password']);
    $phone = cleanData($_POST['phone']);
    $receive_email = cleanData($_POST['receive_email']);
    $userAdd = insertQuery(TBL_USER, array('type' => 'admin', 'first_name' => $first_name, 'last_name' => $last_name, 'email' => $email, 'password' => $password, 'phone_no' => $phone, 'receive_email' => $receive_email, 'create_date' => 'NOW()'));
    if (!$userAdd) {
        $Form->setError('error', 'Database error! Please try again.');
        $Form->return_msg_to('add-a-administrator.php');
    } else {
        $Form->setError('success', 'New admin added successfully');
        $Form->return_msg_to('add-a-administrator.php');
    }
} else {
    $Form->setError('error', 'Some error occured!');
    $Form->return_msg_to('add-a-administrator.php');
}
Esempio n. 13
0
         if (strlen($value) < $min && !$allowEmpty) {
             $error = "It is too short.";
         } else {
             if ($allowEmpty && strlen($value) > 0 && strlen($value) < $min) {
                 $error = "It is too short.";
             } else {
                 if (strlen($value) > $max) {
                     $error = "It is too long.";
                 }
             }
         }
     }
     return $error;
 }
 if (!empty($_POST)) {
     $data = cleanData($_POST);
     $errors['survey-name'] = checkData($data['survey-name'], 3, 50, 0);
     $errors['survey-description'] = checkData($data['survey-description'], 3, 250, 0);
     $errors['choice1'] = checkData($data['choice1'], 2, 50, 0);
     $errors['choice2'] = checkData($data['choice2'], 2, 50, 0);
     $errors['choice3'] = checkData($data['choice3'], 2, 50, 1);
     $errors['choice4'] = checkData($data['choice4'], 2, 50, 1);
     $errors['choice5'] = checkData($data['choice5'], 2, 50, 1);
     $req = $pdo->prepare('SELECT id, name FROM surveys WHERE name = :name');
     $req->bindvalue(':name', $data['survey-name'], PDO::PARAM_STR);
     $req->execute();
     if ($res = $req->fetch()) {
         $dataId = $res['id'];
         $errors['survey-name'] = 'This survey already exists';
         $disableForm = 'This survey already exists, <a href="survey-' . $dataId . '.html">please check it.</a>';
     }
Esempio n. 14
0
     //==================
 //==================
 // Case : RSS Feed
 //==================
 case 'rss-feed':
     $rss_feed = '';
     $build_date = date('D, j M Y H:i:s') . ' GMT';
     $MW_FEED->path = $SETTINGS->w_path . '/themes/' . THEME;
     // Open channel..
     $rss_feed = $MW_FEED->open_channel();
     // Feed info..
     $rss_feed .= $MW_FEED->feed_info(str_replace("{website_name}", $SETTINGS->website, $msg_rss), $SETTINGS->modR ? $SETTINGS->w_path . '/index.html' : $SETTINGS->w_path . '/index.php', $build_date, str_replace("{website_name}", $SETTINGS->website, $msg_rss2), $SETTINGS->website);
     // Get latest posts..
     $query = mysql_query("SELECT * FROM " . $database['prefix'] . "blogs \n                         ORDER BY id DESC \n                         LIMIT " . $SETTINGS->rssfeeds . "\n                         ") or die(mysql_error());
     while ($RSS = mysql_fetch_object($query)) {
         $rss_feed .= $MW_FEED->add_item($msg_rss3 . $RSS->title, $SETTINGS->modR ? $SETTINGS->w_path . '/blog/' . $RSS->id . '/' . addTitleToUrl(cleanData($RSS->title)) . '.html' : $SETTINGS->w_path . '/index.php?cmd=blog&amp;post=' . $RSS->id, $RSS->rss_date ? $RSS->rss_date : $build_date, $RSS->comments);
     }
     // Close channel..
     $rss_feed .= $MW_FEED->close_channel();
     // Display RSS feed..
     header('Content-Type: text/xml');
     echo get_magic_quotes_gpc() ? stripslashes(trim($rss_feed)) : trim($rss_feed);
     break;
     //==================
     // Case : Captcha
     //==================
 //==================
 // Case : Captcha
 //==================
 case 'captcha':
     $MWC = new PhpCaptcha();
Esempio n. 15
0
        <option<?php 
    echo isset($area) && $area == 'comments' ? " selected " : " ";
    ?>
value="comments"><?php 
    echo $msg_search6;
    ?>
</option>
        </select></td>
    </tr>
    <tr>
        <td class="headbox" align="left"><?php 
    echo $msg_search2;
    ?>
:</td>
        <td align="left"><input class="formbox" type="text" name="keywords" size="30" maxlength="50" value="<?php 
    echo isset($keywords) ? cleanData($keywords) : '';
    ?>
"></td>
    </tr>
    <tr>
        <td class="headbox" align="left"><?php 
    echo $msg_search3;
    ?>
:</td>
        <td valign="top" align="left"><select name="from_day">
        <option selected value="0"> - </option>
        <?php 
    foreach ($days as $s_days) {
        echo '<option' . (isset($from_day) && $from_day == $s_days ? ' selected ' : ' ') . 'value="' . $s_days . '">' . $s_days . '</option>' . "\n";
    }
    ?>
$email = $_POST['email'];
$addressline1 = $_POST['addressline1'];
$addressline2 = $_POST['addressline2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
cleanData($username);
cleanData($userpassword);
cleanData($firstname);
cleanData($lastname);
cleanData($email);
cleanData($addressline1);
cleanData($addressline2);
cleanData($city);
cleanData($state);
cleanData($zip);
$host = "localhost";
$user = "******";
$password = "******";
$dbc = mysql_pconnect($host, $user, $password);
$dbname = "X32720502";
mysql_select_db($dbname) or die("Cannot connect to database " . mysql_error());
//construct the query string
$query = "UPDATE USERS SET FirstName='" . $firstname . "', LastName='" . $lastname . "', Email='" . $email . "', AddressLine1='" . $addressline1 . "', AddressLine2='" . $addressline2 . "', City='" . $city . "', State='" . $state . "', Zip='" . $zip . "', Password='******' WHERE Username='******';";
if (!mysql_query($query, $dbc)) {
    die('Error: ' . mysql_error());
} else {
    echo "<script>alert(\"Your info was updated in the database\")</script>";
}
echo "<script>window.location = 'index.php';</script>";
mysql_close();
Esempio n. 17
0
$humanErr = "Incorrect response to are you a human<br>";
$errString = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $name = cleanData($_POST['name']);
    if (empty($name) || !preg_match("/^[a-zA-Z ]*\$/", $name)) {
        $errString .= $nameErr;
    }
    $emailAddress = cleanData($_POST['email']);
    if (empty($emailAddress) || !filter_var($emailAddress, FILTER_VALIDATE_EMAIL)) {
        $errString .= $emailErr;
    }
    $message = cleanData($_POST['message']);
    if (empty($message)) {
        $errString .= $msgErr;
    }
    $human = cleanData($_POST['human']);
    if (empty($human) || $human != '9') {
        $errString .= $humanErr;
    }
    if (!empty($errString)) {
        // Set a 400 (bad request) response code and exit.
        http_response_code(400);
        echo "Oops! There was a problem with your submission. Please complete the form and try again.";
        exit;
    } else {
        sendMail($name, $emailAddress, $message);
    }
} else {
    // Not a POST request, set a 403 (forbidden) response code.
    http_response_code(403);
    echo "There was a problem with your submission, please try again.";
Esempio n. 18
0
<?php

/**
 * Created by N0B0DY.
 * User: me@suvo.me
 * Date: 9/15/14
 * Time: 1:41 AM
 */
include '../../core.php';
$session->loginRequired('admin');
$Form = new Form();
if (!isset($_GET['id']) || empty($_GET['id'])) {
    $Form->setError('error', 'No agency ID found!');
    $Form->return_msg_to('user.php');
}
$id = cleanData($_GET['id']);
$agency_query = mysql_query("SELECT * FROM " . TBL_AGENCY . " WHERE id = '" . $id . "' LIMIT 1");
if (mysql_num_rows($agency_query) < 1) {
    $Form->setError('error', 'No agency found with given ID!');
    $Form->return_msg_to('user.php');
}
$agency_data = mysql_fetch_assoc($agency_query);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Life Department - Edit Agency</title>
        <!-- Bootstrap CSS -->
        <link rel="stylesheet" href="<?php 
//starting the session
session_start();
function cleanData($text)
{
    $text = trim($text);
    $text = stripcslashes($text);
    $text = htmlspecialchars($text);
}
//if the user tried to submit their login...
if (isset($_POST['submit'])) {
    //get the variables and clean them
    $username = $_POST['username'];
    $userpassword = $_POST['password'];
    cleanData($username);
    cleanData($userpassword);
    //connect to the database
    $host = "localhost";
    $user = "******";
    $password = "******";
    $dbc = mysql_pconnect($host, $user, $password);
    $dbname = "X32720502";
    mysql_select_db($dbname) or die("Cannot connect to database " . mysql_error());
    //construct a query where we look in USERS for a row that has the matching username and passowrd
    $query = mysql_query("SELECT * FROM USERS WHERE Username='******' AND Password='******';");
    //gather the number of rows in the result.
    //if there is one and only one match, log the user in
    $rows = mysql_num_rows($query);
    if ($rows == 1) {
        //initialize session with the username
        $_SESSION['login_user'] = $username;
Esempio n. 20
0
?>
"> [<a href="javascript:void(0);" onclick="return overlib('<?php 
echo $msg_javascript20;
?>
', STICKY, CAPTION,'<?php 
echo $msg_javascript6;
?>
', CENTER);" onmouseout="nd();"><b>?</b></a>]</td>
    </tr>
    <tr>
        <td class="headbox" align="left"><?php 
echo $msg_settings51;
?>
:</td>
        <td align="left"><input class="formbox" type="text" name="meta_d" size="30" value="<?php 
echo cleanData($SETTINGS->meta_d);
?>
"> [<a href="javascript:void(0);" onclick="return overlib('<?php 
echo $msg_javascript21;
?>
', STICKY, CAPTION,'<?php 
echo $msg_javascript6;
?>
', CENTER);" onmouseout="nd();"><b>?</b></a>]</td>
    </tr>
    <tr>
        <td class="headbox" align="left"><?php 
echo $msg_settings53;
?>
: [<a href="javascript:void(0);" onclick="return overlib('<?php 
echo $msg_javascript23;
<?php

if ($_POST['submit'] == "Submit") {
    $email = cleanData($_POST['email']);
    $first = cleanData($_POST['first']);
    $last = cleanData($_POST['last']);
    $mobile = cleanData($_POST['mobile']);
    $image = cleanData($_POST['image']);
    //print "Data cleaned";
    addData($email, $first, $last, $mobile, $image);
} else {
    printForm();
}
function claenData($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    $data = strip_tags($data);
    return $data;
}
function addData($email, $first, $last, $mobile, $image)
{
    //print "ready to add data";
    include "mili.php";
}
function printForm()
{
    //displays the html form
    $pageTitle = "Add a Contact";
    include "header.php";
Esempio n. 22
0
        ?>
"><b><?php 
        echo $msg_addcomments6;
        ?>
</b></a>]</td>
       </tr>
       </table>
       <div id="<?php 
        echo $blogs['id'];
        ?>
" style="display:none">
       <table cellpadding="0" cellspacing="1" width="100%" align="center" style="margin-top:3px">
       <?php 
        while ($comments = mysql_fetch_array($comcount)) {
            $find = array('{poster}', '{date}');
            $replace = array('<b>' . cleanData($comments['name']) . '</b>', $comments['rawpostdate']);
            ?>
       <tr>
           <td align="left" width="80%" valign="middle"><img src="images/tree.gif" border="0"><?php 
            echo str_replace($find, $replace, $msg_addcomments9);
            ?>
</td>
           <td align="center" width="10%" valign="middle"><a href="index.php?cmd=editcomments&amp;id=<?php 
            echo $comments['id'];
            ?>
" title="<?php 
            echo $msg_showblogs8;
            ?>
"><img src="images/edit.gif" alt="<?php 
            echo $msg_showblogs8;
            ?>
Esempio n. 23
0
     //echo md5($_POST['login_password'].$response['salt'])."  -  ".$response['password'];exit;
     if ($response['num_users'] > 0 && crypt($cleanedPost['login_password'], $response['password']) == $response['password']) {
         $_SESSION['loggedin'] = 1;
         $_SESSION['username'] = $response['username'];
         $_SESSION['usertype'] = $response['usertype'];
         header('Location:../admin.php');
         exit;
     } else {
         $_SESSION['loggedin'] = NULL;
         header('Location:../admin.php?loginError=1&usernameAttempt=' . $cleanedPost['login_name']);
         exit;
     }
 } else {
     if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['create_user_name']) && !empty($_POST['create_user_password']) && !empty($_POST['create_user_usertype'])) {
         //clean post data
         $cleanedPost = cleanData($_POST);
         include_once 'db.inc.php';
         //Open a database connection and store it
         $db = new PDO(DB_INFO, DB_USER, DB_PASS);
         //PROCESS PASSWORD source:http://alias.io/2010/01/store-passwords-safely-with-php-and-mysql/
         // A higher "cost" is more secure but consumes more processing power
         $cost = 10;
         // Create a random salt
         $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
         // Prefix information about the hash so PHP knows how to verify it later.
         // "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
         $salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
         // Hash the password with the salt
         $hash = crypt($cleanedPost['create_user_password'], $salt);
         $sql = "INSERT INTO admin (username, password, usertype) VALUES(?, ?, ?)";
         $stmt = $db->prepare($sql);
Esempio n. 24
0
        <tr>
           <td align="left" style="padding:2px;background-color:#F0F6FF;color:#000000">
           <?php 
$q_latest = mysql_query("SELECT * FROM " . $database['prefix'] . "blogs ORDER BY id DESC LIMIT " . LATEST_BLOGS . "") or die(mysql_error());
while ($BLOGS = mysql_fetch_object($q_latest)) {
    ?>
           <table width="100%" cellspacing="0" cellpadding="0" style="margin-top:3px;border:1px solid #64798E">
           <tr>
             <td align="left" width="90%" style="padding:5px;background-color:#FFFFFF"><a href="../index.php?cmd=blog&amp;post=<?php 
    echo $BLOGS->id;
    ?>
" target="_blank" title="<?php 
    echo cleanData($BLOGS->title);
    ?>
"><b><?php 
    echo cleanData($BLOGS->title);
    ?>
</b></a></td>
             <td align="right" style="padding:5px;background-color:#FFFFFF"><a href="index.php?cmd=edit&amp;id=<?php 
    echo $BLOGS->id;
    ?>
"><img src="images/edit_small.gif" alt="<?php 
    echo $msg_showblogs8;
    ?>
" title="<?php 
    echo $msg_showblogs8;
    ?>
" border="0"></a></td>
           </tr>
           </table>
           <?php 
Esempio n. 25
0
    $Form->setError('error', 'Please write user password');
}
// Password
if (!isset($_POST['phone']) || empty($_POST['phone'])) {
    $Form->setError('error', 'Please write user phone number');
}
// Agency
if (!isset($_POST['agency']) || empty($_POST['agency'])) {
    $Form->setError('error', 'Please select a agency');
}
/**
 * Error Found!
 * Redirect back to form page
 */
if ($Form->num_errors > 0) {
    $Form->return_msg_to('add-a-user.php');
}
$first_name = cleanData($_POST['first_name']);
$last_name = cleanData($_POST['last_name']);
$email = cleanData($_POST['email']);
$password = cleanData($_POST['password']);
$phone = cleanData($_POST['phone']);
$agency = cleanData($_POST['agency']);
$userAdd = insertQuery(TBL_USER, array('type' => 'user', 'agency_id' => $agency, 'first_name' => $first_name, 'last_name' => $last_name, 'email' => $email, 'password' => $password, 'phone_no' => $phone, 'create_date' => 'NOW()'));
if (!$userAdd) {
    $Form->setError('error', 'Database error! Please try again.');
    $Form->return_msg_to('add-a-user.php');
} else {
    $Form->setError('success', 'New user added successfully');
    $Form->return_msg_to('user.php');
}
Esempio n. 26
0
$tpl_header->assign('SUBTEXT', $msg_public_header);
$tpl_header->assign('FEED_URL', $SETTINGS->modR ? $SETTINGS->w_path . '/rss-feed.html' : $SETTINGS->w_path . '/index.php?cmd=rss-feed');
$tpl_header->assign('H_URL', $SETTINGS->modR ? $SETTINGS->w_path . '/index.html' : $SETTINGS->w_path . '/index.php');
$tpl_header->assign('P_URL', $SETTINGS->modR ? $SETTINGS->w_path . '/profile.html' : $SETTINGS->w_path . '/index.php?cmd=profile');
$tpl_header->assign('C_URL', $SETTINGS->modR ? $SETTINGS->w_path . '/contact.html' : $SETTINGS->w_path . '/index.php?cmd=contact');
$tpl_header->assign('A_URL', $SETTINGS->modR ? $SETTINGS->w_path . '/all-archive.html' : $SETTINGS->w_path . '/index.php?cmd=all-archive');
$tpl_header->assign('SEARCH_URL', $SETTINGS->modR ? $SETTINGS->w_path . '/index.html' : $SETTINGS->w_path . '/index.php?cmd=search');
$tpl_header->assign('H_CURRENT', $cmd == 'home' ? ' id="current"' : '');
$tpl_header->assign('P_CURRENT', $cmd == 'profile' ? ' id="current"' : '');
$tpl_header->assign('C_CURRENT', $cmd == 'contact' ? ' id="current"' : '');
$tpl_header->assign('A_CURRENT', $cmd == 'archive' || $cmd == 'all-archive' ? ' id="current"' : '');
$tpl_header->assign('H_CURRENT_CLASS', $cmd == 'home' ? ' class="selected"' : '');
$tpl_header->assign('P_CURRENT_CLASS', $cmd == 'profile' ? ' class="selected"' : '');
$tpl_header->assign('C_CURRENT_CLASS', $cmd == 'contact' ? ' class="selected"' : '');
$tpl_header->assign('A_CURRENT_CLASS', $cmd == 'archive' || $cmd == 'all-archive' ? ' class="selected"' : '');
$tpl_header->assign('HOME', $msg_public_header2);
$tpl_header->assign('PROFILE', $msg_public_header3);
$tpl_header->assign('CONTACT', $msg_public_header4);
$tpl_header->assign('ARCHIVE', $msg_public_header5);
$tpl_header->assign('RSS_FEED', $msg_public_header12);
$tpl_header->assign('MENU', $msg_public_header14);
$tpl_header->assign('SHOW_ARCHIVE', buildArchive($SETTINGS->totalArchives));
$tpl_header->assign('VIEW_PROFILE', $msg_public_header8);
$tpl_header->assign('SEARCH_BLOG', $msg_public_header6);
$tpl_header->assign('SEARCH', $msg_public_header7);
$tpl_header->assign('KEYWORDS', $msg_public_header9);
$tpl_header->assign('IMAGE', $SETTINGS->profileImage ? '<img class="profile_image" src="' . $SETTINGS->w_path . '/uploads/' . $SETTINGS->profileImage . '"' . ($SETTINGS->imageWidth > 0 ? ' width="' . $SETTINGS->imageWidth . '"' : ' ') . ' ' . ($SETTINGS->imageHeight > 0 ? ' height="' . $SETTINGS->imageHeight . '" ' : ' ') . 'title="' . $msg_public_header3 . '" alt="' . $msg_public_header3 . '" /><br />' : '');
$tpl_header->assign('ENTERED_KEYWORDS', isset($_GET['keywords']) ? cleanData($_GET['keywords']) : '');
$tpl_header->assign('FAVOURITE_SITES', loadFavouriteSites());
$tpl_header->assign('ADSENSE_BLOCK', loadAdsense());
$tpl_header->display('themes/' . THEME . '/header.tpl.php');
<?php

/*
 Created on : Sep 15, 2014, 3:40:02 PM
 Author        : me@rafi.pro
 Name         : Mohammad Faozul Azim Rafi
*/
include '../../core.php';
$session->loginRequired('admin', false);
$Form = new Form();
if (!isset($_POST['id'])) {
    $Form->setError('error', 'You must select a banner to delete!');
    $Form->return_msg_to('banner.php');
}
$id = cleanData($_POST['id']);
$result = mysql_fetch_array(mysql_query('SELECT * FROM ' . TBL_BANNER . ' WHERE id="' . $id . '"'));
if ($result == FALSE) {
    $Form->setError('error', 'Banner id not found!');
    $Form->return_msg_to('banner.php');
}
$delete_result = mysql_query('DELETE FROM ' . TBL_BANNER . ' WHERE id="' . $id . '"');
if ($delete_result) {
    if (file_exists(UPLOAD_DIR . $result['file_name'])) {
        unlink(UPLOAD_DIR . $result['file_name']);
    }
    $Form->setError('success', 'Banner delete success!');
    $Form->return_msg_to('banner.php');
}
$Form->setError('success', 'Banner delete failed!');
$Form->return_msg_to('banner.php');
Esempio n. 28
0
?>
</b>:<br><br>
        <input class="formbox" type="text" name="email" size="30" maxlength="250" value="<?php 
echo cleanData($COMMENTS->email);
?>
"><br><span class='error'><i>(<?php 
echo $msg_editcomments8;
?>
)</i></td>
    </tr>
    <tr>
        <td align="left"><b><?php 
echo $msg_add2;
?>
</b>:<br><br><textarea style="width:98%" cols="50" rows="12" name="comments"><?php 
echo cleanData($COMMENTS->comments);
?>
</textarea></td>
    </tr>
    <tr>
        <td align="left"><input class="formbutton" type="submit" value="<?php 
echo $msg_editcomments2;
?>
" title="<?php 
echo $msg_editcomments2;
?>
"></td>
    </tr>
    </table>
    </form>
    <table width="100%" cellspacing="0" cellpadding="0" border="0" style="margin-top:3px;border:1px solid #64798E">
Esempio n. 29
0
?>
</a></td>
        <td width="15%" align="center" height="17" class="menutable"><?php 
echo strtoupper($msg_showcomments3);
?>
</td>
    </tr>
    </table>
    <?php 
$q_blogs = mysql_query("SELECT * FROM " . $database['prefix'] . "blogs \n                            {$sql_order} \n                            LIMIT {$limitvalue}, {$SETTINGS->total}\n                            ") or die(mysql_error());
while ($BLOGS = mysql_fetch_object($q_blogs)) {
    ?>
    <table cellpadding="0" cellspacing="1" width="100%" align="center" style="margin-top:3px;border: 1px solid #164677;">
    <tr>
       <td width="75%" align="left" height="15" valign="middle" style="padding:5px"><?php 
    echo strlen($BLOGS->title) > 70 ? substr(cleanData($BLOGS->title), 0, 70) . "..." : cleanData($BLOGS->title);
    ?>
</td>
       <td width="10%" align="center" height="15" valign="middle" style="padding:5px"><b><?php 
    echo number_format($BLOGS->v_count);
    ?>
</b></td>
       <td width="15%" align="center" height="15" valign="middle" style="padding:5px"><a href="index.php?cmd=addcomments&amp;id=<?php 
    echo $BLOGS->id;
    ?>
" title="<?php 
    echo $msg_showcomments3;
    ?>
"><img style="padding:2px" src="images/add.gif" alt="<?php 
    echo $msg_showcomments3;
    ?>
Esempio n. 30
0
    }
    $return['html'] .= '<div class="btnSpacer"><button id="editBtn">Edit</button></div>';
    echo json_encode($return);
}
/*
	Function: editSave
	Inputs: 
	Outputs: 
*/
if ($_POST['action'] == 'editSave') {
    //verify data
    $data = $_POST;
    unset($data['action']);
    unset($data['type']);
    unset($data['id']);
    $data = cleanData($_POST['type'], null, $data);
    $return = verifyData($_POST['type'], null, $data);
    //manual check for managerID (ONLY for editMany (I think only for editMany because otherwise you can't edit the CEO)) because it's required, but not checked in verifyData
    if (array_key_exists('managerID', $data) && $data['managerID'] == '' && count(explode(',', $_POST['id'])) > 1) {
        $return['status'] = 'fail';
        $return['managerID'] = 'Required';
    }
    if ($return['status'] != 'fail') {
        $idArr = explode(',', $_POST['id']);
        $idArrSafe = [];
        foreach ($data as $key => $value) {
            if ($TYPES[$_POST['type']]['fields'][$key]['verifyData'][1] == 'date') {
                //if this is a date, convert it to a unixTS
                $temp = DateTime::createFromFormat($SETTINGS['dateFormat'] . '|', $value)->getTimestamp();
                $data[$key] = $temp;
                $value = $temp;