<?php
require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//echo 'OK';
$asso_partner_name = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_name'])));
$asso_partner_details = $_POST['asso_partner_details'];
$asso_partner_contact = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_contact'])));
$asso_partner_url = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_url'])));
@($asso_partner_status = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_status']))));
@($associate_type_id = mysql_real_escape_string(htmlentities(input_validation($_POST['associate_type_id']))));
@($allow_log = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log']))));
@($asso_partner_id = mysql_real_escape_string(htmlentities(input_validation($_POST['asso_partner_id']))));
$img = mysql_real_escape_string(htmlentities(strtolower($_FILES["asso_partner_img"]["name"])));
//$new_img = md5(time()).'_'.$img;
//query existing img
$query = $con->prepare("SELECT asso_partner_img FROM associate_partner WHERE asso_partner_id=:asso_partner_id");
$query->execute(array(':asso_partner_id' => $asso_partner_id));
$query = $query->fetch(PDO::FETCH_ASSOC);
$exist_img = $query['asso_partner_img'];
///*
$img_type = $_FILES["asso_partner_img"]["type"];
$img_size = $_FILES["asso_partner_img"]["size"];
$img_tmp = $_FILES["asso_partner_img"]["tmp_name"];
$tmp_size = filesize($_FILES["asso_partner_img"]["tmp_name"]);
$img_error = $_FILES["asso_partner_img"]["error"];
define("MAX_SIZE", "1000");
//Kb
$allowedExt = array("png", "jpeg", "jpg", "gif");
//$extension = strtolower (substr ($img, strpos($img, '.') + 1)); // just show the file extension in lowercase
<?php
require_once '../../core/init.php';
//check for username availability
/*if(isset($_POST['data'])){
$username = mysql_real_escape_string(htmlentities(input_validation($_POST['data'])));
if(!empty($username)){
if(user_exists_reg($con, $username) === true){
echo 'Opps, the username \''.$username.'\' is already exist.';
}
}
}*/
//check for email availability
if (isset($_POST['data'])) {
$email = mysql_real_escape_string(htmlentities(input_validation($_POST['data'])));
if (!empty($email)) {
if (email_exists($con, $email) === true) {
echo 'Opps, the email \'' . $email . '\' is already exist.';
}
}
}
}
//end item insert check
} else {
//if article_id not empty
$update = mysql_query("UPDATE article_mst SET\r\n\t\t\t\t\t\t\t\t\t\tart_cat_id='{$art_cat_id}', a_code='{$a_code}', a_title='{$a_title}', a_desc='{$a_desc}',\r\n\t\t\t\t\t\t\t\t\t\ta_comment='{$a_comment}', a_status='{$a_status}', a_pdate='{$a_pdate}', a_mdate=NOW(), a_img='{$exist_img}' \r\n\t\t\t\t\t\t\t\t\t\tWHERE article_id = '{$article_id}'");
if (!$update) {
echo "Opps! Data not updated./e";
} else {
$delete_join = mysql_query("DELETE FROM article_dtl WHERE article_id = '{$article_id}'");
if (!$delete_join) {
echo 'Opps! join data not deleted';
} else {
$values = array();
foreach ($_POST['ad_head'] as $key => $ad_head) {
@($ad_head = mysql_real_escape_string(htmlentities(input_validation($ad_head))));
$ad_article = mysql_real_escape_string(htmlentities(input_validation($_POST['ad_article'][$key])));
$values[] = "('','{$article_id}','{$ad_head}','{$ad_article}','')";
}
//$values = implode(',', $values); //print_r($values);
$join_query = mysql_query("INSERT INTO article_dtl (art_dtl_id, article_id, ad_head, ad_article, ad_img) \r\n\t\t\t\t\t\t\t\t\t\tVALUES " . implode(',', $values));
if (!$join_query) {
echo "Opps! something was wrong for Inserting join table./e";
} else {
//for user log;
if ($allow_log == 1) {
$remark = 'Article Updated';
insert_user_log($con, $_SESSION['user_id'], 5, REMOTE_IP, $remark);
}
echo "Data was updated Successful!";
}
}
<?php
require_once '../../core/init.php';
protect_page();
only_for_admin($con);
$page_code = 162;
//Fixed Page Code
require_once '../../core/page_setup.php';
//require_once '../script/edit_user_script.php'; //script for member page
if (isset($_GET['log_type_id'])) {
$log_type_id = mysql_real_escape_string(htmlentities(input_validation($_GET['log_type_id'])));
$query = $con->prepare("SELECT * FROM log_type WHERE log_type_id=:log_type_id");
$query->execute(array(':log_type_id' => $log_type_id));
$result = $query->fetch(PDO::FETCH_ASSOC);
$log_type_name = $result['log_type_name'];
}
require_once '../../includes/all_header.php';
?>
<div id="contents_area">
<div class="form_area" style="width:450px; height:420px;">
<div class="control_link_style">
<a onclick="clearForm();">Refresh</a>
</div>
<div id="tab_manu">
<ul id="tabs">
<li><a href="#log_type_list_view">List View</a></li>
<li><a href="#log_type_add_edit">Log type Add/Edit</a></li>
</ul>
<?php
//require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = mysql_real_escape_string(htmlentities(input_validation($_POST['name'])));
$email = mysql_real_escape_string(htmlentities(input_validation($_POST['email'])));
$address = mysql_real_escape_string(htmlentities(input_validation($_POST['address'])));
$city = mysql_real_escape_string(htmlentities(input_validation($_POST['city'])));
$state = mysql_real_escape_string(htmlentities(input_validation($_POST['state'])));
$country = mysql_real_escape_string(htmlentities(input_validation($_POST['country'])));
$phone = mysql_real_escape_string(htmlentities(input_validation($_POST['phone'])));
$age = mysql_real_escape_string(htmlentities(input_validation($_POST['age'])));
$hour_per_week = mysql_real_escape_string(htmlentities(input_validation($_POST['hour_per_week'])));
$about_your_self = mysql_real_escape_string(htmlentities(input_validation($_POST['about_your_self'])));
if (!empty($name) && !empty($email) && !empty($city)) {
//echo 'OK';
//for imput text validation (if some one brack the maxlenght="" attribute in html), i also restricted in HTML input tag (maxlength=""), the maxlenght is the first validation.
if (strlen($name) > 50) {
$errors[] = 'Oppos! Max leangth for Name field was excceded.';
} elseif (strlen($email) > 100) {
$errors[] = 'Oppos! Max leangth for Email field was excceded.';
} elseif (strlen($about_your_self) > 1000) {
$errors[] = 'Oppos! Max leangth for Message field was excceded.';
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Your given email \'' . $email . '\' is not valid.';
} else {
$to = "*****@*****.**";
$header = 'Form: hello@servethepeoplebd.org';
//$header = "Form: contact@edawah.net\r\n";
//$header .= "Reply-To: ".$email."\r\n";
$edit_search_employer_name = mysql_real_escape_string(htmlentities($_POST['edit_search_employer_name']));
$query = $con->prepare("SELECT u.user_id, u.role, ed.employer_name \r\n\t\t\t\t\t\t\t\t\tFROM user AS u\r\n\t\t\t\t\t\t\t\t\tINNER JOIN employer_dtl AS ed ON u.user_id = ed.user_id\r\n\t\t\t\t\t\t\t\t\tWHERE u.role=:role AND ed.employer_name LIKE :employer_name LIMIT 20 ");
//u.role=:role AND
$query->execute(array(':role' => 2, ':employer_name' => '%' . $edit_search_employer_name . '%'));
//':role'=> 2,
//$result = $query->fetch(PDO::FETCH_ASSOC);
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$results[] = $row['employer_name'];
}
echo json_encode($results);
//*/work without this
}
//search for username from email or date_of_birth (dob)
if (isset($_POST['value_edit_search_employer_email']) && isset($_POST['value_edit_search_employer_name'])) {
$email = mysql_real_escape_string(htmlentities(input_validation($_POST['value_edit_search_employer_email'])));
$employer_name = mysql_real_escape_string(htmlentities(input_validation($_POST['value_edit_search_employer_name'])));
$user_id = get_user_id_from_email($con, $email);
//single item
if (!empty($email) && empty($employer_name)) {
$query = $con->prepare("SELECT * FROM user WHERE user_id=:user_id AND role=:role ORDER BY email ASC");
$query->execute(array(':user_id' => $user_id, ':role' => 2));
} elseif (empty($email) && !empty($employer_name)) {
$query = $con->prepare("SELECT u.user_id, u.email, u.role, u.active, u.user_lock, u.allow_email, u.tac, ed.employer_name\r\n\t\t\t\t\t FROM user AS u\r\n\t\t\t\t\t INNER JOIN employer_dtl AS ed ON ed.user_id = u.user_id\r\n\t\t\t\t\t WHERE role=:role AND ed.employer_name LIKE :employer_name ");
$query->execute(array(':role' => 2, ':employer_name' => '%' . $employer_name . '%'));
} elseif (!empty($email) && !empty($employer_name)) {
$query = $con->prepare("SELECT u.user_id, u.email, u.role, u.active, u.user_lock, u.allow_email, u.tac, ed.employer_name\r\n\t\t\t\t\t FROM user AS u\r\n\t\t\t\t\t INNER JOIN employer_dtl AS ed ON ed.user_id = u.user_id\r\n\t\t\t\t\t WHERE u.user_id=:user_id AND role=:role AND ed.employer_name LIKE :employer_name ");
$query->execute(array(':user_id' => $user_id, ':role' => 2, ':employer_name' => '%' . $employer_name . '%'));
} elseif (empty($email) && empty($employer_name)) {
return false;
}
echo '<table class="table">
<?php
require_once '../../core/init.php';
protect_page();
only_for_admin($con);
$page_code = 215;
//Fixed Page Code
require_once '../../core/page_setup.php';
//require_once '../script/attrib_sub_cat_manage_script.php';
//get data
if (isset($_GET['i_sub_cat_id'])) {
$i_sub_cat_id = mysql_real_escape_string(htmlentities(input_validation($_GET['i_sub_cat_id'])));
/*$query = $con->prepare("SELECT * FROM item_attribute WHERE i_attrib_id=:i_attrib_id");
$query->execute(array(':i_attrib_id'=>$i_attrib_id));
$result = $query->fetch(PDO::FETCH_ASSOC);
$attribute_name = $result['attribute_name']; */
}
require_once '../../includes/all_header.php';
?>
<div id="contents_area">
<div class="form_area" style="width:800px; height:430px;">
<div class="control_link_style">
<a onclick="clearForm();">Refresh</a>
</div>
<div id="tab_manu">
<ul id="tabs">
<li><a href="#list_view">List View</a></li>
<li><a href="#add_edit_attrib_sub_cat_manage">Attrib & Sub-category management</a></li>
$society = new Society();
# We print the societies
$society->print_all_society($connection);
?>
</div>
<!-- Get details about society -->
<div id="singlesociety">
<h3>Find details about a society</h3>
<form action="" method="post">
<input type="text" name="onesociety"/>
<input type="submit" name="singlesociety"/>
</form>
<?php
// activate function to get values from the form and validates the values
$validated_array = input_validation();
##################################
# this is for development only
# print_r($validated_array);
# die;
################################
# Print details about selected society
# We test if we got result from the $_POST['onesociety']
if (!empty($validated_array['onesociety'])) {
$society->get_details_about_selected_society($connection, $validated_array['onesociety']);
}
?>
</div> <!-- END <div id="singlesociety"> -->
<!-- Shows the families in one society -->
<div id="familiesbysociety">
function set_post_num_list($varname)
{
if (!isset($_POST[$varname]) || $_POST[$varname] == '') {
$return = array();
} else {
$return = set_num_array(explode("_", $_POST[$varname]));
}
return input_validation($return);
}
$email = input_validation($_POST["email"]);
}
if (empty($_POST["password"])) {
$passwordErr = "Password is required!!!";
$EmptyErr = true;
} else {
$password = input_validation($_POST["password"]);
}
if (empty($_POST["confrmpassword"])) {
$confrmpasswordErr = "Please confirm your password!!!";
$EmptyErr = true;
} elseif ($_POST["confrmpassword"] != $password) {
$confrmpasswordErr = "Your password is not correctly confirmed!!!";
$passwordconfrmErr = true;
} else {
$confrmpassword = input_validation($_POST["confrmpassword"]);
}
}
function input_validation($input)
{
$input = trim($input);
$input = stripcslashes($input);
$input = htmlspecialchars($input);
return $input;
}
?>
<form method = "post" action = "register_mysql.php">
* required
<br><br>
Username:<input type = "text" name = "username" value = "<?php
$i_user_type_id = $item_query['i_user_type_id'];
$i_img = $item_query['i_img'];
//query category and sub-category of item
$item_sub_cat_query = $con->prepare("SELECT isc.i_sub_cat_id, isc.i_cat_id\r\n\t\t\t\t\t\t\t\tFROM item_sub_category AS isc\r\n\t\t\t\t\t\t\t\tINNER JOIN j_item_sub_cat AS jisc ON jisc.i_sub_cat_id = isc.i_sub_cat_id\r\n\t\t\t\t\t\t\t\tWHERE jisc.item_id=:item_id");
$item_sub_cat_query->execute(array(':item_id' => $item_id));
$item_sub_cat_query = $item_sub_cat_query->fetch(PDO::FETCH_ASSOC);
$i_sub_cat_id = $item_sub_cat_query['i_sub_cat_id'];
//sub-category
$i_cat_id = $item_sub_cat_query['i_cat_id'];
//category
//query item attribute based on sub-category
$item_attrib_value_query = $con->prepare("SELECT jiav.i_attrib_id, jiav.attribe_value, jiav.attribe_sirial, ia.attribute_name\r\n\t\t\t\t\t\t\t\tFROM j_item_attrib_value AS jiav\r\n\t\t\t\t\t\t\t\tINNER JOIN item_attribute AS ia ON ia.i_attrib_id = jiav.i_attrib_id\r\n\t\t\t\t\t\t\t\tWHERE jiav.item_id=:item_id");
$item_attrib_value_query->execute(array(':item_id' => $item_id));
//$item_attrib_value_query = $item_attrib_value_query->fetch(PDO::FETCH_ASSOC);
} elseif (isset($_SESSION['session_item_id'])) {
@($item_id = mysql_real_escape_string(htmlentities(input_validation($_SESSION['session_item_id']))));
//query item
$item_query = $con->prepare("SELECT * FROM item_mst WHERE item_id=:item_id");
$item_query->execute(array(':item_id' => $item_id));
$item_query = $item_query->fetch(PDO::FETCH_ASSOC);
$i_code = $item_query['i_code'];
$i_name = $item_query['i_name'];
$i_details = $item_query['i_details'];
$i_available = $item_query['i_available'];
$i_price = $item_query['i_price'];
$i_quantity = $item_query['i_quantity'];
$brand_id = $item_query['brand_id'];
$i_user_type_id = $item_query['i_user_type_id'];
$i_img = $item_query['i_img'];
//query category and sub-category of item
$item_sub_cat_query = $con->prepare("SELECT isc.i_sub_cat_id, isc.i_cat_id\r\n\t\t\t\t\t\t\t\tFROM item_sub_category AS isc\r\n\t\t\t\t\t\t\t\tINNER JOIN j_item_sub_cat AS jisc ON jisc.i_sub_cat_id = isc.i_sub_cat_id\r\n\t\t\t\t\t\t\t\tWHERE jisc.item_id=:item_id");
date_default_timezone_set('Etc/UTC');
/***
* Cleans email input to prevent spam, etc.
* @param $formData input date from HTML form
* @return trimed, stripped and html special chars removed
*/
function input_validation($formData)
{
$formData = trim($formData);
$formData = stripslashes($formData);
$formData = htmlspecialchars($formData);
return $formData;
}
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$firstName = input_validation($request->firstName);
$lastName = input_validation($request->lastName);
$email = input_validation($request->email);
$phone = input_validation($request->phoneNumber);
$message = wordwrap("Email from: " . $firstName . " " . $lastName . "<" . $email . ">\r\n" . "Phone: " . $phone . "\r\nMessage:\r\n" . input_validation($request->message), 70, "\r\n");
// $headers = "MIME-Version: 1.0" . "\r\n";
// $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers = "From: <" . $email . ">" . "\r\n";
$headers .= "Reply-to: " . $email . "\r\n";
$headers .= "X-Mailer: PHP/" . phpversion();
if (mail("*****@*****.**", "Message from Portfolio Website", $message)) {
echo "Successful sending";
} else {
echo "Sorry. Something went wrong.";
}
return;
<?php
require_once '../../core/init.php';
//Delete User from edit_user form
if (isset($_POST['delete_user_id'])) {
//if(isset($_POST['term'])){ //where 'term' is the default keyword in jquery autocomplete api
$delete_user_id = mysql_real_escape_string(htmlentities(input_validation($_POST['delete_user_id'])));
//use for get role and also log
$query = $con->prepare("SELECT email, role FROM user WHERE user_id=:user_id");
$query->execute(array(':user_id' => $delete_user_id));
$result = $query->fetch(PDO::FETCH_ASSOC);
$get_email = $result['email'];
$get_role = $result['role'];
if (!empty($get_email)) {
//delete query
$delete = $con->prepare("DELETE FROM user where user_id=:user_id");
$delete = $delete->execute(array(':user_id' => $delete_user_id));
if ($delete) {
if ($get_role == 1) {
$query = $con->prepare("SELECT admin_img FROM admin_dtl WHERE user_id=:user_id");
$query->execute(array(':user_id' => $delete_user_id));
$result = $query->fetch(PDO::FETCH_ASSOC);
$get_img = $result['admin_img'];
if ($get_img) {
@unlink('../../files/profile/' . $get_img);
//delete img
$delete_dtl = $con->prepare("DELETE FROM admin_dtl where user_id=:user_id");
$delete_dtl->execute(array(':user_id' => $delete_user_id));
}
} elseif ($get_role == 2) {
$query = $con->prepare("SELECT employer_img FROM employer_dtl WHERE user_id=:user_id");
<?php
require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//echo 'OK';
$p_code = mysql_real_escape_string(htmlentities(input_validation($_POST['p_code'])));
$page_name = mysql_real_escape_string(htmlentities(input_validation($_POST['page_name'])));
$title = mysql_real_escape_string(htmlentities(input_validation($_POST['title'])));
$keywords = mysql_real_escape_string(htmlentities(input_validation($_POST['keywords'])));
$page_desc = mysql_real_escape_string(htmlentities(input_validation($_POST['page_desc'])));
@($allow_log_value = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log_value']))));
@($allow_log = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log']))));
@($page_id = mysql_real_escape_string(htmlentities(input_validation($_POST['page_id']))));
if (!empty($page_name) && !empty($title) && !empty($p_code)) {
if (empty($page_id)) {
$insert = mysql_query("INSERT INTO page_setup VALUES ('','{$p_code}','{$page_name}','{$title}','{$keywords}','{$page_desc}', '{$allow_log_value}')");
$last_insert_id = mysql_insert_id();
if (!$insert) {
echo "Opps! Data not inserted./e";
} else {
//for user log;
if ($allow_log == 1) {
$remark = 'Page Information added for \'' . display_page_name_from_page_id($con, $last_insert_id) . '\'.';
insert_user_log($con, $_SESSION['user_id'], 4, REMOTE_IP, $remark);
}
echo "Data was inserted Successful!";
}
} else {
$update = mysql_query("UPDATE page_setup SET p_code='{$p_code}', page_desc='{$page_desc}', page_name = '{$page_name}', \r\n\t\t\t\t\t\t\t\t\t\ttitle = '{$title}', keywords='{$keywords}', allow_log='{$allow_log_value}' \r\n\t\t\t\t\t\t\t\t\t\tWHERE page_id = '{$page_id}'");
if (!$update) {
<?php
//require_once '../../core/init.php'; //not use for this action without jquery
// Login Script (function use from user.php)
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = mysql_real_escape_string(htmlentities(input_validation($_POST['username'])));
//@$pin = mysql_real_escape_string(htmlentities(input_validation($_POST['pin'])));
$password = mysql_real_escape_string(htmlentities(input_validation($_POST['password'])));
$password_md5 = md5($password);
@($remember_me = mysql_real_escape_string(htmlentities(input_validation($_POST['remember_me']))));
if (!empty($username) && !empty($password)) {
if (user_exists($con, $username) === false) {
//$con is PDO connection variable
$errors[] = 'We can\'t find your Username';
} elseif (user_active($con, $username, $password_md5) === false) {
//echo 'You haven\'t activated your account.';
$errors[] = 'Your account isn\'t active. Please contact with administrator.';
} elseif (user_lock($con, $username, $password_md5) === false) {
//echo 'You account is Locked, Please contact with admin.';
$errors[] = 'You account is Locked, Please contact with administrator.';
} else {
$login = login($con, $username, $password_md5);
if ($login === false) {
//if login return false
//echo 'Your Username / Password combination is incorrect.';
$errors[] = 'Your Username / Password combination is incorrect.';
} else {
$_SESSION['user_id'] = $login;
session_regenerate_id();
//creates a new unique-ID for to represent the current user’s session.
//for login user log;
function import_netscape()
{
while (!feof($this->fp)) {
$line = trim(fgets($this->fp));
# netscape seems to store html encoded values
$line = html_entity_decode($line, ENT_QUOTES, $this->charset);
# a folder has been found
if (preg_match("/<DT><H3/", $line)) {
$this->name_folder = input_validation(preg_replace("/^( *<DT><[^>]*>)([^<]*)(.*)/", "\\2", $line), $this->charset);
$this->folder_new();
} else {
if (preg_match("/<DT><A/", $line)) {
$this->name_bookmark = input_validation(preg_replace("/^( *<DT><[^>]*>)([^<]*)(.*)/", "\\2", $line), $this->charset);
$this->url = input_validation(preg_replace("/([^H]*HREF=\")([^\"]*)(\".*)/", "\\2", $line), $this->charset);
$this->bookmark_new();
$insert_id = mysql_insert_id();
} else {
if (preg_match("/<DD>*/", $line)) {
if (isset($insert_id)) {
$this->description = input_validation(preg_replace("/^( *<DD>)(.*)/", "\\2", $line), $this->charset);
$query = sprintf("UPDATE bookmark SET description='%s' WHERE id='%d' and user='******'", $this->mysql->escape($this->description), $this->mysql->escape($insert_id), $this->mysql->escape($this->username));
@$this->mysql->query($query);
unset($this->description);
unset($insert_id);
}
} else {
if ($line == "</DL><p>") {
$this->folder_close();
}
}
}
}
}
}
$user_name = mysql_real_escape_string(htmlentities(input_validation($_POST['user_name'])));
$username = mysql_real_escape_string(htmlentities(input_validation($_POST['username'])));
$email = mysql_real_escape_string(htmlentities(input_validation($_POST['email'])));
$password = mysql_real_escape_string(htmlentities(input_validation($_POST['password'])));
$password_again = mysql_real_escape_string(htmlentities(input_validation($_POST['password_again'])));
$dob = mysql_real_escape_string(htmlentities(input_validation($_POST['dob'])));
$dob = date('Y-m-d', strtotime($dob));
$user_contact = mysql_real_escape_string(htmlentities(input_validation($_POST['user_contact'])));
$user_address = mysql_real_escape_string(htmlentities(input_validation($_POST['user_address'])));
$user_desc = mysql_real_escape_string(htmlentities(input_validation($_POST['user_desc'])));
@($active = mysql_real_escape_string(htmlentities(input_validation($_POST['active']))));
@($user_lock = mysql_real_escape_string(htmlentities(input_validation($_POST['user_lock']))));
@($allow_email = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_email']))));
@($tac = mysql_real_escape_string(htmlentities(input_validation($_POST['tac']))));
@($allow_log = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log']))));
@($send_email = mysql_real_escape_string(htmlentities(input_validation($_POST['send_email']))));
//$user_img = mysql_real_escape_string(htmlentities(input_validation($_POST['user_img'])));
$img = mysql_real_escape_string(htmlentities(strtolower($_FILES["user_img"]["name"])));
//$new_img = md5(time()).'_'.$img; //generate unique name converting timestam into md5 hash
///*
$img_type = $_FILES["user_img"]["type"];
$img_size = $_FILES["user_img"]["size"];
$img_tmp = $_FILES["user_img"]["tmp_name"];
$tmp_size = filesize($_FILES["user_img"]["tmp_name"]);
$img_error = $_FILES["user_img"]["error"];
define("MAX_SIZE", "1000");
//Kb
$allowedExt = array("png", "jpeg", "jpg", "gif");
//$extension = strtolower (substr ($img, strpos($img, '.') + 1)); // just show the file extension in lowercase
$temp = explode(".", $_FILES["user_img"]["name"]);
$extension = end($temp);
<?php
require_once '../../core/init.php';
protect_page();
only_for_admin($con);
$page_code = 203;
//Fixed Page Code
require_once '../../core/page_setup.php';
//require_once '../script/article_mst_script.php'; //script for article mst
if (isset($_GET['article_id'])) {
$article_id = mysql_real_escape_string(htmlentities(input_validation($_GET['article_id'])));
$query = mysql_fetch_array(mysql_query("SELECT * FROM article_mst WHERE article_id = '{$article_id}'"));
$art_cat_id = $query['art_cat_id'];
$a_code = $query['a_code'];
$a_title = $query['a_title'];
$a_desc = $query['a_desc'];
$a_pdate = $query['a_pdate'];
$a_comment = $query['a_comment'];
$a_status = $query['a_status'];
$file_name = $query['a_img'];
}
require_once '../../includes/all_header.php';
?>
<div id="contents_area">
<div class="form_area" style="width:700px; height:480px;">
<div class="control_link_style">
<a onclick="clearForm();">Refresh</a>
</div>
$user_log_s_email = mysql_real_escape_string(htmlentities($_POST['user_log_s_email']));
$query = $con->prepare("SELECT email FROM user WHERE email LIKE :email LIMIT 20 ");
$query->execute(array(':email' => '%' . $user_log_s_email . '%'));
//$result = $query->fetch(PDO::FETCH_ASSOC);
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$results[] = $row['email'];
}
echo json_encode($results);
//*/work without this
}
//search for username from email or date_of_birth (dob)
if (isset($_POST['user_log_email']) && isset($_POST['select_log_type']) && isset($_POST['user_log_start_date']) && isset($_POST['user_log_end_date'])) {
$email = mysql_real_escape_string(htmlentities(input_validation($_POST['user_log_email'])));
$log_type = mysql_real_escape_string(htmlentities(input_validation($_POST['select_log_type'])));
$start_date = mysql_real_escape_string(htmlentities(input_validation($_POST['user_log_start_date'])));
$end_date = mysql_real_escape_string(htmlentities(input_validation($_POST['user_log_end_date'])));
$user_id = get_user_id_from_email($con, $email);
//single item
if (!empty($email) && empty($log_type) && empty($start_date) && empty($end_date)) {
$query = $con->prepare("SELECT * FROM user_log WHERE user_id=:user_id ORDER BY datetime DESC");
$query->execute(array(':user_id' => $user_id));
} elseif (empty($email) && !empty($log_type) && empty($start_date) && empty($end_date)) {
$query = $con->prepare("SELECT * FROM user_log WHERE log_type=:log_type ORDER BY datetime DESC");
$query->execute(array(':log_type' => $log_type));
} elseif (empty($email) && empty($log_type) && !empty($start_date) && empty($end_date)) {
$query = $con->prepare("SELECT * FROM user_log WHERE datetime LIKE :datetime ORDER BY datetime DESC");
$query->execute(array(':datetime' => '%' . $start_date . '%'));
} elseif (empty($email) && empty($log_type) && empty($start_date) && !empty($end_date)) {
$query = $con->prepare("SELECT * FROM user_log WHERE datetime LIKE :datetime ORDER BY datetime DESC");
$query->execute(array(':datetime' => '%' . $end_date . '%'));
} elseif (!empty($email) && !empty($log_type) && empty($start_date) && empty($end_date)) {
<?php
//require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$visitor_name = mysql_real_escape_string(htmlentities(input_validation($_POST['visitor_name'])));
$visitor_email = mysql_real_escape_string(htmlentities(input_validation($_POST['visitor_email'])));
$visitor_contact = mysql_real_escape_string(htmlentities(input_validation($_POST['visitor_contact'])));
$email_subject = mysql_real_escape_string(htmlentities(input_validation($_POST['email_subject'])));
$visitor_message = mysql_real_escape_string(htmlentities(input_validation($_POST['visitor_message'])));
if (!empty($visitor_name) && !empty($visitor_email) && !empty($email_subject) && !empty($visitor_message)) {
//echo 'OK';
//for imput text validation (if some one brack the maxlenght="" attribute in html), i also restricted in HTML input tag (maxlength=""), the maxlenght is the first validation.
if (strlen($visitor_name) > 40) {
$errors[] = 'Oppos! Max leangth for Name field was excceded.';
} elseif (strlen($visitor_email) > 100) {
$errors[] = 'Oppos! Max leangth for Email field was excceded.';
} elseif (strlen($email_subject) > 150) {
$errors[] = 'Oppos! Max leangth for Subject field was excceded.';
} elseif (strlen($visitor_message) > 1000) {
$errors[] = 'Oppos! Max leangth for Message field was excceded.';
} elseif (!filter_var($visitor_email, FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Your given email \'' . $visitor_email . '\' is not valid.';
} else {
$to = COMPANY_CONTACT_EMAIL;
$header = 'Form: ' . $visitor_email;
$email_subject = $email_subject;
$body = $visitor_message . "\n\n" . $visitor_name . "\n" . $visitor_contact . "\n" . $visitor_email;
if (mail($to, $email_subject, $body, $header)) {
$_SESSION['contact_form_email'] = $to;
//for success contact check
<?php
require_once '../../core/init.php';
//Data Saving Script
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$ac_name = mysql_real_escape_string(htmlentities(input_validation($_POST['ac_name'])));
$ac_code = mysql_real_escape_string(htmlentities(input_validation($_POST['ac_code'])));
@($art_cat_id = mysql_real_escape_string(htmlentities(input_validation($_POST['art_cat_id']))));
@($allow_log = mysql_real_escape_string(htmlentities(input_validation($_POST['allow_log']))));
if (!empty($ac_name) && !empty($ac_code)) {
$preg_ac_name = preg_match("/^[a-zA-Z 0-9.',-]*\$/", $ac_name);
if (!$preg_ac_name) {
echo "Opps! Something was wrong with Award type value./e";
} else {
if (empty($art_cat_id)) {
$insert_query = mysql_query("INSERT INTO article_category VALUES ('','{$ac_name}', '{$ac_code}')");
if (!$insert_query) {
echo "Opps! Data not inserted./e";
} else {
//for user log;
if ($allow_log == 1) {
$remark = 'New article category added';
insert_user_log($con, $_SESSION['user_id'], 4, REMOTE_IP, $remark);
}
echo "Data was inserted Successful!";
}
} else {
$update_query = mysql_query("UPDATE article_category SET ac_name = '{$ac_name}', ac_code='{$ac_code}' WHERE art_cat_id = '{$art_cat_id}'");
if (!$update_query) {
echo "Opps! Data not updated./e";
} else {
<?php
//recover script for both Username And Password
//$email = ''; //for declar global variable
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = mysql_real_escape_string(htmlentities(input_validation($_POST['email'])));
$type = mysql_real_escape_string(htmlentities(input_validation($_GET['type'])));
$type_allowed = array('ForgotPassword');
if (isset($type) === true && in_array($type, $type_allowed) === true) {
if (empty($email) === true) {
$errors[] = 'You need to enter your email address which you have used for Signup';
} elseif (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'A valid email addres is required.';
}
if (email_exists($con, $email) === false) {
$errors[] = 'Oops, we can\'t recognize you. Please try again';
} else {
recover($con, $email, $type);
// same function user for recover both Username And Password
$_SESSION['recover_password_email'] = $email;
//for success message check
//for Logout user log;
$remark = 'Recover login details.';
insert_user_log($con, user_id_from_email($con, $email), 9, REMOTE_IP, $remark);
if ($_GET['type'] == 'ForgotPassword') {
header('Location: auth.php?type=ForgotPassword&Success');
exit;
}
}
}
//array check
<?php
require_once '../../core/init.php';
protect_page();
only_for_admin($con);
$page_code = 216;
//Fixed Page Code
require_once '../../core/page_setup.php';
//get data
if (isset($_GET['brand_id'])) {
$brand_id = mysql_real_escape_string(htmlentities(input_validation($_GET['brand_id'])));
$query = $con->prepare("SELECT * FROM item_brand WHERE brand_id=:brand_id");
$query->execute(array(':brand_id' => $brand_id));
$result = $query->fetch(PDO::FETCH_ASSOC);
$brand_name = $result['brand_name'];
$brand_details = $result['brand_details'];
$brand_img = $result['brand_img'];
}
require_once '../../includes/all_header.php';
?>
<div id="contents_area">
<div class="form_area" style="width:450px; height:430px;">
<div class="control_link_style">
<a onclick="clearForm();">Refresh</a>
</div>
<div id="tab_manu">
<ul id="tabs">
<li><a href="#list_view">Brand List</a></li>
<?php
require_once '../core/init.php';
$auth_value = array('AdminDashboard');
$auth_type = htmlentities(input_validation($_GET['type']));
if (isset($_GET['type']) === true && $auth_type == 'AdminDashboard') {
require_once 'AuthAdmin/admin.php';
} elseif (isset($_GET['type']) === true && !in_array($auth_type, $auth_value)) {
//session_start();
//define("HOST_NAME", $_SERVER['SERVER_NAME']);
//header('Location: http://'.HOST_NAME.'/index.php');
//header('Location: '.AUTH_PAGE.'?type=not_found');
header('Location: ' . NOT_FOUND_PAGE);
} else {
header('Location: http://' . HOST_NAME . '/index.php');
}
?>