function secret($dbs, $cryptKey, $id, $data = NULL) { global $db; $maxLen = strlen('9223372036854775807') - 1; // keep it shorter than biggest usable unsigned "big int" in MySQL $table = 'offsite'; extract((array) $dbs[$db_name = key($dbs)], EXTR_PREFIX_ALL, 'db'); $db = new PDO("{$db_driver}:host={$db_host};port={$db_port};dbname={$db_name}", $db_user, $db_pass); if (!isset($data)) { return offlog(35, $result = lookup('data', $table, $id)) == '' ? '' : base64_encode(ezdecrypt($result, $cryptKey)); } // retrieval is easy $data = ezencrypt(base64_decode($data), $cryptKey); if ($id) { return offlog(38, query("UPDATE {$table} SET data=? WHERE id=?", array($data, $id)) ? $id : FALSE); } // replacing old data with new value while (TRUE) { // new data, find an unused id $id = randomInt($maxLen); if (!lookup(1, $table, $id)) { break; } } return offlog(44, query("INSERT INTO {$table} (id, data) VALUES (?, ?)", array($id, $data)) ? $id : FALSE); }
function createWikiTable($header, $filelist, $filespecs, $languages) { global $linkprefix; global $version; global $subversion; //Get the DBpedia Version Number for Preview File preg_match('~/([0-9]+\\.[0-9]+)/~', $linkprefix, $matches); echo "===" . $header . "===\n"; echo "**NOTE: You can find DBpedia dumps in 97 languages at our ((http://downloads.dbpedia.org/" . $version . "." . $subversion . "/ DBpedia download server)).**\n\n"; echo "//Click on the dataset names to obtain additional information.//\n"; echo "#||\n||**Dataset**|**" . implode('**|**', $languages) . "**||\n"; if ($header == "Core Datasets") { echo "||((#dbpediaontology DBpedia Ontology)) ++(<# <a href=\"http://downloads.dbpedia.org/preview.php?file=" . $version . "." . $subversion . "_sl_dbpedia_" . $version . "." . $subversion . ".owl.bz2\">preview</a> #>)++|++<# <a href=\"http://downloads.dbpedia.org/" . $version . "." . $subversion . "/dbpedia_" . $version . "." . $subversion . ".owl.bz2\" title=\"Triples: unknown; Filesize(download): unknown; Filesize(unpacked): unknown\">owl</a> #>++|++--++|++--++|++--++|++--++|++--++|++--++|++--++|++--++|++--++|++--++|++--++||"; } foreach ($filelist as $name) { foreach ($languages as $index => $lang) { if ($index === 0) { echo '||((#' . str_replace(" ", "", strtolower($name['title'])) . ' ' . $name['title'] . ')) ++(<# <a href="http://downloads.dbpedia.org/preview.php?file=' . $matches[1] . '_sl_' . $lang . '_sl_' . $name['file'] . $lang . '.nt.bz2">preview</a> #>)++|'; } echo '++' . lookup($name['file'], $lang, $filespecs) . '++|'; } echo "|\n"; } echo "||# \n"; }
function lookup($user, $operation, $acl, $type) { $id = (string) $user->id; if (isset($acl->users->{$id}) and ($acl->users->{$id}->{$type} === '*' or in_array($operation, $acl->users->{$id}->{$type}))) { return true; } elseif ($groups = intersect($acl->groups, $user->groups)) { foreach ($groups as $group) { if (isset($group->{$type}) and ($group->{$type} === '*' or in_array($operation, $group->{$type}))) { return true; } } } if (isset($acl->parent)) { return lookup($user, $operation, $acl->parent, $type); } else { return false; } }
render("sell_form.php", ["positions" => $positions]); // else if user has sold a position (stored in $_POST) } else { // access variables $id = $_SESSION["id"]; $id_int = intval($id); $symbol = $_POST["symbol"]; $symbol_str = strval($symbol); $positions = $_SESSION["positions"]; // get revenue of sold stock // get number of shares foreach ($positions as $position) { if ($position["symbol"] == $symbol_str) { $total = $position["total"]; $shares = $position["shares"]; } } // get price of stock $stock = lookup("{$symbol}"); $price = $stock["price"]; //add revenue of sold stock to cash query("UPDATE `users` SET cash = cash + {$total} WHERE id = {$id}"); // delete position from porfolio query("DELETE FROM `portfolios` WHERE id = ? AND symbol = ?", $id_int, $symbol_str); // store transaction in transactions table $rows = query("SELECT NOW()"); $datetime = $rows[0]["NOW()"]; query("INSERT INTO `transactions` (id, transaction, datetime, symbol, shares, price)" . " VALUES (?, ?, ?, ?, ?, ?)", $id, "SELL", $datetime, $symbol, $shares, $price); //redirect to index.php redirect("index.php"); }
<?php // Configuration require "../includes/config.php"; // Get the user's id number, provided to $_SESSION upon login $id = $_SESSION["id"]; // Declare a table to load in the data we want from lookup() and query() $userport = []; // Get every row from the stocks table where the id matches the session $portquery = query("SELECT * FROM stocks WHERE id = ?", $id); // Query all the user's information to attain cash reserves $userquery = query("SELECT * FROM users WHERE id = ?", $id); $username = $userquery[0]["username"]; // Loop through each row of the portquery foreach ($portquery as $row) { // Perform a lookup on the symbol found in the current row $stock = lookup($row["symbol"]); // If there was no lookup error, i.e. $stock is not false if ($stock !== false) { // Load up the userport table with appropriate key-val pairs $userport[] = ["name" => $stock["name"], "symbol" => $row["symbol"], "shares" => $row["shares"], "price" => $stock["price"], "totval" => $row["shares"] * $stock["price"], "cash" => $userquery[0]["cash"]]; } } ?> <?php // render portfolio render("portfolio.php", ["title" => "Portfolio", "userport" => $userport, "username" => $username]);
if ($_SERVER["REQUEST_METHOD"] == "GET") { render("buy_form.php", ["title" => "Buy"]); } else { if ($_SERVER["REQUEST_METHOD"] == "POST") { // ensure that a whole number > 0 was entered, no fractions of shares allowed $shares = $_POST["shares"]; if (preg_match("/^\\d+\$/", $shares) == false) { apologize("You must enter a whole number!"); } elseif ($shares <= 0) { apologize("Enter a number greater than zero!"); } $symbol = strtoupper($_POST["symbol"]); $id = $_SESSION["id"]; $action = "BUY"; // get a quote for the requested share $quote = lookup($symbol); if (!$quote) { apologize("Symbol not found!"); } // users are unique so select the first row [0] $user = cs50::query("SELECT * FROM users WHERE id = ?", $id)[0]; $value = $shares * $quote["price"]; $cash_available = $user["cash"]; if ($value > $cash_available) { apologize("You don't have enough cash!"); } // add purchase to user's portfolio cs50::query("INSERT INTO portfolios (user_id, symbol, shares) VALUES (?, ?, ?)\n ON DUPLICATE KEY UPDATE shares = shares + ?", $id, $symbol, $shares, $shares); // set user's cash to reflect purchase cs50::query("UPDATE users SET cash = cash - ? WHERE id = ?", $value, $id); // add purchase information into history
$string = str_replace(" ", "+", urlencode($string)); $details_url = "http://maps.googleapis.com/maps/api/geocode/json?address=" . $string . "&sensor=false"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $details_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = json_decode(curl_exec($ch), true); // If Status Code is ZERO_RESULTS, OVER_QUERY_LIMIT, REQUEST_DENIED or INVALID_REQUEST if ($response['status'] != 'OK') { return null; } $geometry = $response['results'][0]['geometry']; $array = array('latitude' => $geometry['location']['lat'], 'longitude' => $geometry['location']['lng']); return $array; } $result = mysqli_query($conn, "Select id,Address,City,Zip,State,Latitude,Longitude from tbl_name;"); if (!$result) { die('Invalid query: ' . mysql_error()); } else { if (mysqli_num_rows($result) == 0) { die("No rows found."); } while ($row = mysqli_fetch_assoc($result)) { if ($row["Latitude"] != 0 || $row["Longitude"] != 0) { continue; } $latlon = lookup($row['Address'] . " " . $row['City'] . " " . $row['Zip'] . " " . $row['State']); mysqli_query($conn, "Update tbl_name set Latitude ='" . $latlon["latitude"] . "', Longitude = '" . $latlon["longitude"] . "' where id=" . $row["id"] . ";"); echo $row['Address'] . " " . $latlon["latitude"] . " " . $latlon["longitude"] . " <br />"; } } include "CloseConnection.php";
<input type="text" class="form-control" name="search" placeholder="ex: University of Central Florida"> </div> <button type="submit" class="btn btn-primary">Search</button> </form> <?php // TESTING NOTE: To see function results, change "$see_output" value to True $see_output = False; if (isset($_POST['search']) && trim($_POST['search']) != '') { $search = $_POST['search']; $Name = '%' . $search . '%'; $search_string = htmlentities($search); //We use google's geocode api to take in the place of interest //and see if we can return a valid result back from it. $search_lookup = lookup($search_string); if ($see_output) { print_r($search_lookup); } $search_name = "SELECT * \n FROM University U\n WHERE U.Name like :name AND U.University_id <> 1"; $university_name_params = array(':name' => $Name); $result_name = $db->prepare($search_name); $result_name->execute($university_name_params); $number = $result_name->rowCount(); if ($number == 1) { echo "<h3><strong>{$number} result found searching for '{$search_string}' by Name. </strong></h3><hr/>"; } else { echo "<h3><strong>{$number} results found searching for '{$search_string}' by Name. </strong></h3><hr/>"; } while ($row = $result_name->fetch()) { $Name = $row['Name'];
apologize("Error communicating with databse"); } else { render("sell_form.php", ["title" => "Sell Form", "symbols" => $symbols]); } } else { if ($_SERVER["REQUEST_METHOD"] == "POST") { // if no stock was selected to back to index if ($_POST["symbol"] === " ") { redirect("/"); } // put symbol into a variable $symbol = $_POST["symbol"]; // look up the number of shares of that stock a user has $shares = query("SELECT shares FROM portfolios WHERE id = ? AND symbol = '{$symbol}'", $_SESSION["id"]); // get current information on stock $stock = lookup($symbol); // the amount of money selling all shares of that stock would be worth $sale_value = $stock["price"] * $shares[0]["shares"]; // delete that stock form their portfolio if (query("DELETE FROM portfolios WHERE id = ? AND symbol = '{$symbol}'", $_SESSION["id"]) === false) { apologize("error communicating with databse"); } // update the amount of cash a user now has if (query("UPDATE users SET cash = cash + {$sale_value} WHERE id = ?", $_SESSION["id"]) === false) { apologize("error communicating with databse"); } // put sale into history if (query("INSERT INTO history (id, symbol, shares, price, boughtSold)\n VALUES(?, '{$symbol}', ?, ?, 'SELL')", $_SESSION["id"], $shares[0]["shares"], $stock["price"]) === false) { apologize("error communicating with databse"); } // redirect to index
if ($qty == $boh[0]["shares"]) { query("DELETE from shares WHERE id = ? AND ticker = UPPER(?)", $id, $ticker); } if (query("COMMIT") === false) { if (query("ROLLBACK")) { apologize("TRANSACTION ERROR, ROLLED BACK"); } else { apologize("CRITICAL: TRANSACTION ERROR *AND* ROLLBACK FAILED!!!"); } } else { redirect("index.php"); } } } } } else { $data = array(); $stocksheld = query("SELECT * FROM shares WHERE id = ?", $id); foreach ($stocksheld as $stock) { $stockticker = $stock["ticker"]; $shares = $stock["shares"]; $lookup = lookup($stockticker); $price = $lookup["price"]; $name = $lookup["name"]; $data[$stockticker] = ["ticker" => $stockticker, "shares" => $shares, "price" => $price, "name" => $name]; } if ($stocksheld === false) { apologize("No Stock to Sell"); } render("sell_form.php", ["title" => "Sell Shares", "data" => $data]); }
<?php // configuration require "../includes/config.php"; // if form was submitted if ($_SERVER["REQUEST_METHOD"] == "POST") { // render the quote (validation in the template... sorry but your MVC videos werent working and I dont see the point render("price_quote.php", ["stock" => lookup($_POST["symbol"])]); } else { // else render only form render("price_quote_request.php", ["title" => "Request Price Quote"]); }
$ip = getenv('HTTP_CLIENT_IP'); } elseif (getenv('HTTP_X_FORWARDED_FOR')) { $ip = getenv('HTTP_X_FORWARDED_FOR'); } else { $ip = getenv('REMOTE_ADDR'); } if (file_exists('/etc/redhat-release')) { $fnewsize = filesize('/etc/redhat-release'); $fp = fopen('/etc/redhat-release', 'r'); $redhat = fread($fp, $fnewsize); fclose($fp); } $Fields = $dbc->db->dsn; $Fields['SYSTEM'] = $redhat; $Fields['MYSQL'] = $row['VERSION']; $Fields['PHP'] = phpversion(); $Fields['FLUID'] = RBAC_VERSION; $Fields['IP'] = lookup($ip); $Fields['ENVIRONMENT'] = SYS_SYS; $Fields['SERVER_SOFTWARE'] = getenv('SERVER_SOFTWARE'); $Fields['SERVER_NAME'] = getenv('SERVER_NAME'); $Fields['SERVER_PROTOCOL'] = getenv('SERVER_PROTOCOL'); $Fields['SERVER_PORT'] = getenv('SERVER_PORT'); $Fields['REMOTE_HOST'] = getenv('REMOTE_HOST'); $Fields['SERVER_ADDR'] = getenv('SERVER_ADDR'); $Fields['HTTP_USER_AGENT'] = getenv('HTTP_USER_AGENT'); $Fields['a'] = $dbc; $G_PUBLISH = new Publisher(); $G_PUBLISH->SetTo($dbc); $G_PUBLISH->AddContent('xmlform', 'xmlform', 'rbac/dbInfo', '', $Fields, 'appNew2'); G::RenderPage('publish');
<?php if (isset($portfolio)) { if (empty($portfolio)) { printf("Your portfolio is empty! Go <a href = \"quote.php\">buy stocks</a> and build your portfolio now!"); } else { ?> <form method="post" action="sell-confirm.php"> <!--action="sell-confirm.php" --> <fieldset> <div class="form-group"> <select class = "form-control" name = "sellStock"> <?php if (isset($portfolio)) { foreach ($portfolio as $item) { printf("<option style=\"width:200px;text-align:center\" value = " . $item["symbol"] . ">"); $ticker = lookup($item["symbol"]); printf($ticker["name"] . " (" . $ticker["symbol"] . ")"); printf("</option>"); } } ?> </select> </div> <div class="form-group"> <input class="form-control" style = "text-align:center" align = "center" autocomplete = "off" name="sellShares" placeholder="Shares" /> </div> <div class = "form-group"> <p id = "calculation"></p> </div> <div class="form-group"> <button type="submit" class="btn btn-default">Sell Shares</button>
function calculateCost($ticker, $shares) { $data = lookup($ticker); return $data["price"] * $shares; }
/** * Puts data into history table. */ function history($transaction, $symbol, $shares) { $price = lookup($symbol); // $price["price"] *= $shares; query("INSERT INTO history (id, transaction, symbol, shares, price) VALUES(?, ?, ?, ?, ?)", $_SESSION["id"], $transaction, $symbol, $shares, $price["price"]); }
function IP2C($string, $isCLI) { include_once "config.php"; include_once "functions.php"; if ($isCLI == 'NO') { // Running from a browser $when = 'WHERE ' . hextostr($string) . ' AND '; } else { // Running from the command line if ($string == 0) { $when = "WHERE "; } if ($string == 1) { $startDate = gmdate("Y-m-d"); $startTime = "00:00:00"; $endDate = gmdate("Y-m-d", strtotime($startDate . "+1 day")); $endTime = "00:00:00"; $when = "WHERE e.timestamp BETWEEN '{$startDate} {$startTime}' AND '{$endDate} {$endTime}' AND"; } echo "Performing base queries (this can take a while)..\n\n"; } function lookup($list) { while ($row = mysql_fetch_row($list)) { $ip = $row[0]; $dot = long2ip((double) $ip); $ipLookup = mysql_query("SELECT registry, cc, c_long, type, date, status FROM ip2c WHERE\n {$ip} >=start_ip AND {$ip} <= end_ip LIMIT 1"); $result = mysql_fetch_array($ipLookup); if ($result) { $registry = $result[0]; $cc = $result[1]; $c_long = $result[2]; $type = $result[3]; $date = $result[4]; $status = $result[5]; mysql_query("REPLACE INTO mappings (registry,cc,c_long,type,ip,date,status)\n VALUES (\"{$registry}\",\"{$cc}\",\"{$c_long}\",\"{$type}\",\"{$ip}\",\"{$date}\",\"{$status}\")"); echo "-- Mapped {$dot} ({$ip}) to {$cc} ({$c_long})\n"; } } } // DB Connect $db = mysql_connect($dbHost, $dbUser, $dbPass) or die(mysql_error()); mysql_select_db($dbName, $db) or die(mysql_error()); // Start timing $st = microtime(true); $sipList = mysql_query("SELECT DISTINCT(e.src_ip) FROM event AS e LEFT JOIN mappings AS m ON e.src_ip=m.ip\n WHERE (m.ip IS NULL OR m.cc = '01')"); $dipList = mysql_query("SELECT DISTINCT(e.dst_ip) FROM event AS e LEFT JOIN mappings AS m ON e.dst_ip=m.ip\n WHERE (m.ip IS NULL OR m.cc = '01')"); $sipCount = $dipCount = 0; if ($sipList) { $sipCount = mysql_num_rows($sipList); if ($sipCount > 0) { lookup($sipList); } } if ($dipList) { $dipCount = mysql_num_rows($dipList); if ($dipCount > 0) { lookup($dipList); } } $allRecs = mysql_query("SELECT COUNT(*) FROM mappings"); $allCount = mysql_fetch_row($allRecs); // Stop Timing $et = microtime(true); $time = $et - $st; $rt = sprintf("%01.3f", $time); if ($isCLI == 'NO') { $html = "\r<table align=left>\n \r<tr><td align=left style=\"font-size: 10px;\"><b> -> Query Time: {$rt} seconds</b></td></tr>\n \r<tr><td align=left style=\"font-size: 10px;\"><b> -> Source Count: {$sipCount}</b></td></tr>\n \r<tr><td align=left style=\"font-size: 10px;\"><b> -> Destination Count: {$dipCount}</b></td>\n \r<tr><td align=left style=\"font-size: 10px;\"><b> -> Total Mapped: {$allCount['0']}</b></td></tr>\n \r</table>"; return $html; } if ($isCLI == 'YES' && $string == 0) { echo "\n-> Query Time: {$rt} seconds\n \r-> Source Count: {$sipCount}\n \r-> Destination Count: {$dipCount}\n \r-> Total Mapped: {$allCount['0']}\n\n"; } }
function tryCreateEvent($db, $is_type_super_admin, $name, $category_id, $description, $location, $room_number, $address, $event_date, $event_time, $event_type, $contact_email, $contact_phone, $rso_id) { $admin_id = $_SESSION['user']['User_id']; // Only Admins or Super-Admins can see the form // If the event is an RSO event, then approval from the super-admin isn't needed $approved = 0; if ($event_type == RSO_EVENT || $is_type_super_admin) { $approved = 1; } // Store the date and time into an appropriate format to insert into the database list($month, $day, $year) = explode('/', $event_date); list($hour, $dayType) = explode(' ', $event_time); $hour = $hour != 12 && $dayType == "PM" ? $hour + 12 : $hour; $date_time = $year . '-' . $month . '-' . $day . ' ' . $hour . ':00:00'; // Retrieve the latitude and longitude of the address $search_lookup = lookup($address); if ($search_lookup['latitude'] == 'failed') { return INVALID_LOCATION; } // Create the location name to be stored into the Location table and check for conflicts $location_name = ''; if ($room_number != '') { $location_name .= $room_number . ' at '; } $location_name .= $location . ' at '; $location_name .= $address; // Check to see if there is an existing event with the same date, time, and place $event_conflict_params = array(':date_time' => $date_time, ':location_name' => strtolower($location_name)); $event_conflict_query = ' SELECT COUNT(*) FROM Event E, Event_Location EL, Location L WHERE (E.date_time = :date_time) AND (E.Event_id = EL.Event_id) AND (EL.Location_id = L.Location_id) AND (LOWER(L.Name) = :location_name) '; $result = $db->prepare($event_conflict_query); $result->execute($event_conflict_params); $event_conflict = $result->fetchColumn(); if ($event_conflict) { return CONFLICT; } // Check the user correctly submitted an RSO to be associated with the event if applicable if ($rso_id == 'Not Applicable' && $event_type == RSO_EVENT) { return MISSING_RSO; } if ($rso_id != 'Not Applicable' && $event_type != RSO_EVENT) { return UNNEEDED_RSO; } if ($rso_id != 'Not Applicable' && $event_type == RSO_EVENT) { $find_rso_params = array(':rso_id' => $rso_id, ':admin_id' => $admin_id); $find_rso_query = ' SELECT COUNT(*) FROM RSO R WHERE (R.RSO_id = :rso_id) AND (R.Admin_id = :admin_id) '; $result = $db->prepare($find_rso_query); $result->execute($find_rso_params); $admin_of_rso = $result->fetchColumn(); if (!$admin_of_rso) { return WRONG_RSO; } } // Insert the event information into the Event table $create_event_params = array(':admin_id' => $admin_id, ':name' => $name, ':category_id' => $category_id, ':description' => $description, ':date_time' => $date_time, ':event_type' => $event_type, ':contact_email' => $contact_email, ':contact_phone' => $contact_phone, ':approved' => $approved); $create_event_query = ' INSERT INTO Event ( Admin_id, Name, Category_id, Description, Date_time, Type, Contact_email, Contact_phone, Approved ) VALUES ( :admin_id, :name, :category_id, :description, :date_time, :event_type, :contact_email, :contact_phone, :approved ) '; $result = $db->prepare($create_event_query)->execute($create_event_params); // Find the event_id from the Event table $event_id = $db->lastInsertId(); // Update the rso_id from a NULL value if applicable to the Event table if ($rso_id != 'Not Applicable') { $update_rso_id_params = array(':event_id' => $event_id, ':rso_id' => $rso_id); $update_rso_id_query = ' UPDATE Event SET RSO_id = :rso_id WHERE Event_id = :event_id '; $result = $db->prepare($update_rso_id_query)->execute($update_rso_id_params); } // Insert the relation into the University_Event table $create_event_relation_params = array(':university_id' => $_SESSION['user']['University_id'], 'event_id' => $event_id); $create_event_relation_query = ' INSERT INTO University_Event ( University_id, Event_id ) VALUES ( :university_id, :event_id ) '; $result = $db->prepare($create_event_relation_query)->execute($create_event_relation_params); // Insert the location into the Location table $create_location_params = array(':location_name' => $location_name, ':latitude' => $search_lookup['latitude'], ':longitude' => $search_lookup['longitude']); $create_location_query = ' INSERT INTO Location ( Name, Latitude, Longitude ) VALUES ( :location_name, :latitude, :longitude ) '; $result = $db->prepare($create_location_query)->execute($create_location_params); // Find the location_id from the Location table $location_id = $db->lastInsertId(); // Insert the relation into the Event_Location table $create_location_relation_params = array(':event_id' => $event_id, ':location_id' => $location_id); $create_location_relation_query = ' INSERT INTO Event_Location ( Event_id, Location_id ) VALUES ( :event_id, :location_id ) '; $result = $db->prepare($create_location_relation_query)->execute($create_location_relation_params); if ($approved) { return VALID_SUBMIT_APPROVED; } return VALID_SUBMIT_PENDING_APPROVAL; }
<?php require "../includes/config.php"; // check to see if page requested if ($_SERVER["REQUEST_METHOD"] == "POST") { // if stock is legitimate then extract symbol, name, price $stock = lookup($_POST["ticker"]); if ($stock === false) { apologize("Stock symbol invalid"); } // render display page, passing in symbol name and price render("quote_display.php", ["title" => "quote display", "symbol" => $stock["symbol"], "name" => $stock["name"], "price" => $stock["price"]]); } else { render("quote_form.php"); }
<?php // configuration require "../includes/config.php"; // if form was submitted if ($_SERVER["REQUEST_METHOD"] == "POST") { // Validate the name if (empty($_POST["symbol"])) { apologize("Please enter the stock symbol."); } $s = lookup($_POST["symbol"]); if ($s === false) { apologize("Please select a valid stock ID."); } $query = query("SELECT shares FROM portfolio WHERE id = ? and symbol = ?", $_SESSION["id"], $_POST["symbol"]); if ($query === false) { apologize("Error while selling shares."); } $value = $s["price"] * $query[0]["shares"]; $transaction = "SELL"; $rows = query("SELECT shares FROM portfolio WHERE id = ? and symbol = ?", $_SESSION["id"], $_POST["symbol"]); $amount = $rows[0]["shares"]; query("UPDATE users set cash = cash + ? WHERE id = ?", $value, $_SESSION["id"]); query("INSERT INTO history (id, trans, symbol, shares, price) VALUES(?, ?, ?, ?, ?)", $_SESSION["id"], $transaction, $s["symbol"], $amount, $value); query("DELETE FROM portfolio where id = ? and symbol = ?", $_SESSION["id"], $_POST["symbol"]); redirect("index.php"); } else { // else render form render("sell.php", ["title" => "Sell"]); }
<table class = "portfolio"> <?php if (isset($deposit)) { print "<h4>" . money_format($deposit, 2) . " has been deposited into your account. </h4>"; } print "<tr>"; print "<th>" . "SYMBOL" . "</th>"; print "<th>" . "NAME" . "</th>"; print "<th>" . "SHARES" . "</th>"; print "<th>" . "COST PER SHARE" . "</th>"; print "<th>" . "CURRENT VALUE" . "</th>"; print "</tr>"; $portfolio_bal = 0; foreach ($positions as $position) { $stock = lookup($position["symbol"]); print "<tr>"; print "<td>" . $position["symbol"] . "</td>"; print "<td>" . $stock["name"] . "</td>"; print "<td>" . $position["shares"] . "</td>"; print "<td>" . "\$ " . number_format($position["price"], 2) . "</td>"; print "<td>" . "\$ " . number_format($position["price"] * $position["shares"], 2) . "</td>"; print "</tr>"; $portfolio_bal += $position["price"] * $position["shares"]; } print "<tr>"; print "<td>" . "CASH" . "</td>"; print "<td>" . "</td>" . "<td>" . "</td>" . "<td>" . "</td>"; print "<td>" . "\$ " . number_format($balance, 2) . "</td>"; print "</tr>"; $portfolio_bal += $balance; print "<tr>";
mysql_query("{$RackObject_statement}"); mysql_query("{$RackObjectHistory_statement}"); echo "RackObject statement: {$RackObject_statement}\n"; echo "RackObjectHistory statement: {$RackObjectHistory_statement}\n"; } } function update_master_object($master_object_id) { global $master_object_name; global $object_name; global $name; if ($name != $object_name) { $master_object_name_new = preg_replace("/{$object_name}/", $name, $master_object_name); //UPDATE ************ mysql update $master_object_update_query = "update RackObject set name=\"" . $master_object_name_new . "\" where id=" . $master_object_id; mysql_query("{$master_object_update_query}"); } } lookup(); if (authenticate() == 0) { exit("incorrect username and/or password"); } if ($object_id) { //if lookup() set $object_id, there was a successfull object lookup update_object($object_id); } if ($master_object_id) { //if lookup() set $master_object_id, there was a successfull master object lookup update_master_object($master_object_id); } mysql_close();
curl_setopt($ch, CURLOPT_URL, $details_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = json_decode(curl_exec($ch), true); // If Status Code is ZERO_RESULTS, OVER_QUERY_LIMIT, REQUEST_DENIED or INVALID_REQUEST if ($response['status'] != 'OK') { return null; } // print_r($response); $geometry = $response['results'][0]['geometry']; $longitude = $geometry['location']['lat']; $latitude = $geometry['location']['lng']; $array = array('latitude' => $geometry['location']['lat'], 'longitude' => $geometry['location']['lng'], 'location_type' => $geometry['location_type']); return $array; } $city = $_POST['city']; $array = lookup($city); $lats = $array['latitude']; $lons = $array['longitude']; //echo $lats . "/" . $lons; if (isset($city)) { if (isset($next)) { $urls = "http://ws.anomo.com/v210/index.php/webservice/user/search_user/" . $token . "/" . $userid . "/" . $lats . "/" . $lons . "/" . $next . "/0/18/100"; } else { $urls = "http://ws.anomo.com/v210/index.php/webservice/user/search_user/" . $token . "/" . $userid . "/" . $lats . "/" . $lons . "/1/0/18/100"; } //echo $urls; $chs = curl_init($urls); curl_setopt($chs, CURLOPT_POST, 1); // curl_setopt ($chs, CURLOPT_POSTFIELDS, "Keyword=$user"); curl_setopt($chs, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($chs, CURLOPT_HEADER, 0);
<?php include_once '../config.php'; include_once './libs/wx.php'; $array = array(); $menu1 = new YDWXMenu(); $menu1->name = "我的标签"; $menu1->type = YDWXMenu::TYPE_VIEW; $menu1->url = SITE_URI . "app/myqrcodes.php"; $menu2 = new YDWXMenu(); $menu2->name = "购买标签"; $menu2->type = YDWXMenu::TYPE_VIEW; $menu2->url = SITE_URI . "app/pay.php"; $menu3 = new YDWXMenu(); $menu3->name = "扫描标签"; $menu3->type = YDWXMenu::TYPE_SCANCODE_PUSH; $menu3->key = "scan_qrcode"; $access_token = lookup("value", "options", "name='access_token'"); //echo "access token",$access_token,"<br/>"; // createMenus($access_token, array($menu1, $menu2, $menu3)); //removeMenus($access_token); echo "getmenus:<br/>"; print_r(getMenus($access_token)); // $gift_number = lookup("value", "options", "name='new_user_gift_number'"); // createEmptyQrcode($gift_number);
<?php // configuration require "../includes/config.php"; // common variables $id = $_SESSION["id"]; if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["ticker"]) || empty($_POST["qty"])) { apologize("Please specify both ticker and qty to purchase stock."); } else { $balance = query("SELECT cash FROM users where id = ?", $id); $balance = $balance[0]["cash"]; $lookup = lookup($_POST["ticker"]); if ($lookup === false) { apologize("Sorry, could not lookup stock quote. ABORT."); } $cost = $lookup["price"] * $_POST["qty"]; if ($lookup["price"] * $_POST["qty"] > $balance) { apologize("INSUFFICIENT FUNDS"); } else { query("START TRANSACTION"); query("UPDATE users SET cash = cash - ? WHERE id = ?", $cost, $id); query("INSERT shares (id, ticker, shares) values (?, UPPER(?), ?) ON DUPLICATE KEY UPDATE shares = shares + VALUES(shares)", $id, $_POST["ticker"], $_POST["qty"]); query("INSERT INTO history (id, buy, ticker, shares, shareprice) VALUES (?, 1, UPPER(?), ?, ?)", $id, $_POST["ticker"], $_POST["qty"], $lookup["price"]); if (query("COMMIT") === false) { if (query("ROLLBACK")) { apologize("TRANSACTION ERROR, ROLLED BACK"); } else { apologize("CRITICAL: TRANSACTION ERROR *AND* ROLLBACK FAILED!!!"); } } else {
<?php // configuration require "../includes/config.php"; if ($_SERVER["REQUEST_METHOD"] == "GET") { render("buy_form.php", ["title" => "Sell"]); } else { if ($_SERVER["REQUEST_METHOD"] == "POST") { if (!preg_match("/^\\d+\$/", $_POST['quantity'])) { apologize("Sale canceled. You can only buy whole shares, please indicate a positive integer"); } if (lookup($_POST["symbol"]) === false) { apologize("Sale canceled. Please choose a valid stock symbol"); } $sharearray = lookup(strtoupper($_POST["symbol"])); $stock = strtoupper($_POST["symbol"]); $idrows = query("SELECT * FROM users WHERE id = ?", $_SESSION["id"]); $saleprice = moneyformat($sharearray["price"] * $_POST["quantity"]); if ($saleprice > $idrows[0]['cash']) { apologize("Sale canceled. Poor you! you don't have enough money to buy these shares of " . $_POST["symbol"]); } else { query("INSERT INTO portfolio (id, symbol, shares) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE shares = \n shares + VALUES(shares)", $_SESSION["id"], "{$stock}", $_POST["quantity"]); $newbalance = $idrows[0]['cash'] - $saleprice; query("UPDATE users SET cash = ? WHERE id = ?", $newbalance, $_SESSION["id"]); query("INSERT INTO history (id, symbol, soldorbought, number, price) VALUES (?, ?, 0, ?, ?)", $_SESSION["id"], "{$stock}", $_POST["quantity"], $saleprice); redirect("/"); } } } ?>
render("../templates/buy.php", ["title" => "Buy"]); } else { if ($_SERVER["REQUEST_METHOD"] == "POST") { // verify presence of symbol and desired number of shares if (empty($_POST["symbol"])) { apologize("Please name the stock you want to buy"); } else { if (empty($_POST["shares"]) || preg_match("/^\\d+\$/", $_POST["shares"] === false)) { apologize("Please give a positive number of shares."); } else { // make sure symbol is valid $symbup = strtoupper($_POST["symbol"]); if ($symbol = lookup($symbup) === false) { apologize("This is not a valid stock symbol. Try again!"); } else { $stock = lookup($symbup); $symbol = $stock["symbol"]; $id = $_SESSION["id"]; $cash = query("SELECT cash FROM users WHERE id = {$id}"); $shares = $_POST["shares"]; $price = $stock["price"]; $cost = $price * $shares; // verify sufficient cash if ($cost > $cash[0]["cash"]) { apologize("You have insufficient cash to buy this number of the desired shares. Please modify your buying order!"); } else { // process the acquisition query("INSERT INTO portfolio (id, symbol, shares) VALUES({$id}, '{$symbol}', {$shares}) \n \t\t ON DUPLICATE KEY UPDATE shares = shares + {$shares}"); query("UPDATE users SET cash = cash - {$cost} WHERE id = {$id}"); query("INSERT INTO history (uid, symbol, shares, price, trans) VALUES ({$id}, '{$symbol}', {$shares}, {$price}, 'BUY')"); // confirm the acquisition
require "../includes/config.php"; // if user reached page via GET (as by clicking a link or via redirect) if ($_SERVER["REQUEST_METHOD"] == "GET") { $cash = query("SELECT cash FROM users WHERE id = ?", $_SESSION["id"]); render("comprar_form.php", ["cash" => $cash[0]["cash"], "nombreUsuario" => $_SESSION["nombreUsuario"], "title" => "Comprar"]); } else { if ($_SERVER["REQUEST_METHOD"] == "POST") { /* Verificar nombre se usuario y contraseña correcta */ if (empty($_POST["simbolo"])) { apologize("¡Debes ingresar un simbolo!"); } else { if (empty($_POST["cantidad"])) { apologize("¡Debes ingresar una cantidad!"); } else { // insertar un nuevo usuario a la base de datos $stock = lookup($_POST["simbolo"]); if ($stock === false) { apologize("¡El simbolo es incorrecto!"); } else { if (preg_match("/^\\d+\$/", $_POST["cantidad"])) { $filas = query("SELECT cash FROM users WHERE id = ?", $_SESSION["id"]); // calcular el costo $costo = $stock["price"] * $_POST["cantidad"]; // verificar cantidad de cash if ($costo > $filas[0]["cash"]) { apologize("¡No Tiene sufuciente cash!"); } else { $_POST["simbolo"] = strtoupper($_POST["simbolo"]); query("INSERT INTO portfolios (id, simbolo, shares) VALUES (?, ? ,?)\n\t\t\t\t\tON DUPLICATE KEY UPDATE shares = shares + VALUES(shares)", $_SESSION["id"], $_POST["simbolo"], $_POST["cantidad"]); query("UPDATE users SET cash = cash - ? WHERE id = ?", $stock["price"] * $_POST["cantidad"], $_SESSION["id"]); // Actualizar historial
<?php require_once "../includes/config.php"; $id = $_SESSION["id"]; $userquery = query("SELECT * FROM users WHERE id = ?", $id); $cash = $userquery[0]["cash"]; if (empty($_POST["symbol"]) || empty($_POST["sellshares"])) { render("../templates/sell_form.php", ["title" => "Get Quote", "cash" => $cash]); } else { $stocksym = strtoupper($_POST["symbol"]); $stocklook = lookup($stocksym); $shareprice = $stocklook["price"]; $sellshares = $_POST["sellshares"]; $transtype = "SELL"; if ($stocklook["name"] == "N/A") { apologize("The stock symbol you entered does not exist!"); break; } if (!is_numeric($sellshares)) { apologize("Please enter the number of shares you want to sell!"); break; } $idquery = query("SELECT * FROM stocks WHERE id = ? AND symbol = ?", $id, $stocksym); $sharesowned = $idquery[0]["shares"]; // If query finds no rows w/ this id and stocksym, apologize if (empty($idquery)) { apologize("You don't own that stock!"); break; } else { if ($sellshares > $sharesowned) { apologize("You don't own that many shares!");
<?php require "../includes/config.php"; if ($_SERVER["REQUEST_METHOD"] == "GET") { // else render form render("buy.php"); } else { if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["symbol"])) { apologize("Something went wrong"); } $stock = lookup($_POST["symbol"]); if ($stock === false) { apologize("Error ocurred - there are no shares with that symbol."); } if (!preg_match("/^\\d+\$/", $_POST["shares"])) { apologize("You can't buy fractions of shares or non-positive number of shares."); } $money = query("SELECT cash FROM users WHERE id =?", $_SESSION["id"]); if ($_POST["shares"] * $stock["price"] > $money[0]["cash"]) { apologize("I'm sorry, you can't afford so many shares."); } $_POST["symbol"] = strtoupper($_POST["symbol"]); date_default_timezone_set('Europe/Warsaw'); $time = date('Y-m-d H:i:s'); query("INSERT INTO usersStocks (id, symbol, shares) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE shares = shares + ?", $_SESSION["id"], $_POST["symbol"], $_POST["shares"], $_POST["shares"]); query("UPDATE users SET cash = cash - ? WHERE id =?", $_POST["shares"] * $stock["price"], $_SESSION["id"]); query("INSERT INTO history (id, symbol, shares, transaction, price, time) VALUES (?, ?, ?, 'BUY', ?, ?)", $_SESSION["id"], $_POST["symbol"], $_POST["shares"], $stock["price"], $time); $users = query("SELECT * FROM users WHERE id =?", $_SESSION["id"]); $address = $users[0]["mail"]; require_once "libphp-phpmailer/class.phpmailer.php";
<?php // configuration require "../includes/config.php"; // if we get called via POST containing a quote, then we pass it on // for display if (isset($_POST["quote"])) { $quote = lookup($_POST["quote"]); render("quote.php", ["title" => "Quote", "quote" => $quote]); } else { if (isset($quote)) { unset($quote); } render("quote.php", ["title" => "Quote"]); }