<?php
session_start();
include 'include/func.php';
//外部ファイル読み込み(関数群)
//idを取得[select.phpよりGETで取得]
if (isset($_GET["id"]) && $_GET["id"] != "") {
$id = $_GET["id"];
} else {
exit("Error");
}
//var_dump($id);
//select_enq.phpのページのセッションIDを比較し、ログイン認証済みかを判定
//ログイン認証してなければ処理がここでストップする。
sessionCheck();
// include/func.php に記載
//2.DB接続など
//2-1.DB接続
//1. 接続します
$pdo = connect_db();
// new PDO(...を関数として読み込み (include/func.php)
//2-2. DB文字コードを指定(固定)
$stmt = dbCharSet($pdo);
//3.SELECT * FROM gs_an_tableを取得(一覧表示準備)
$stmt = $pdo->prepare("SELECT * FROM an_table");
$status = $stmt->execute();
//4.SQL実行エラーチェック
dbExecError($status, $stmt);
//select_enq.phpと同じようにデータを取得
$view_table = "";
while ($get_id_result = $stmt->fetch(PDO::FETCH_ASSOC)) {
}
//require_once "database.ws";
/*
解析 Action
*/
$p = isset($_GET["p"]) && $_GET["p"] != "" ? $_GET["p"] : "default";
$par = explode("/", $p);
/*
路径初始化
*/
switch ($par[0]) {
case "default":
displayTemp(WATERS_themeFront . "/index.php");
break;
case "admin":
if (sessionCheck("login", "OK")) {
$file = isset($par[1]) && $par[1] != "" ? $par[1] : "index";
if (file_exists(WATERS_themeMan . "/" . $file . ".php")) {
displayTemp(WATERS_themeMan . "/" . $file . ".php", $par[2]);
} else {
$file($par[2]);
}
} else {
displayTemp(WATERS_themeMan . "/login.php");
}
break;
case "page":
$file = isset($par[1]) && $par[1] != "" ? $par[1] . ".php" : "index.php";
displayTemp(WATERS_themeFront . "/" . $file, $par[2]);
break;
case "form":
$MySQLConnection = new Mysql($mysql['host'], $mysql['port'], $mysql['user'], $mysql['password'], $mysql['database']);
$MySQLConnection->connect();
if ($result = $MySQLConnection->getQuery('SELECT x.matchID AS matchID, x.matchDate AS matchDate, y.teamName AS matchHomeTeam, y.teamLogo AS matchHomeTeamLogo, z.teamName AS matchForeignTeam, z.teamLogo AS matchForeignTeamLogo FROM matches AS x JOIN teams AS y ON y.teamID = matchHomeTeam JOIN teams AS z ON z.teamID = matchForeignTeam;')) {
while ($row = mysqli_fetch_assoc($result)) {
$userTips = getUserTips($MySQLConnection, $row["matchID"]);
echo '
<div class="panel panel-default">
<form id="match_' . $row["matchID"] . '" method="POST">
<div class="panel-body">
<div class="panel-heading">' . $row["matchHomeTeam"] . ' vs. ' . $row["matchForeignTeam"] . '</div>
<div class="input-group">
<label>' . $row["matchHomeTeam"] . '</label>
<input type="number"min="0"value="' . $userTips["tipScoreHome"] . '" name="ScoreHome" id="ScoreHome" required/>
</div>
<div class="input-group">
<label>' . $row["matchForeignTeam"] . '</label>
<input type="number"min="0" value="' . $userTips["tipScoreForeign"] . '" name="ScoreForeign" id="ScoreForeign" required/>
<input type="button" value="Place Tip" onclick="placeTip(' . $row["matchID"] . ');"/>
</div>
</div>
</form>
</div>
';
}
}
}
if (sessionCheck()) {
buildPage();
} else {
echo '<script type="text/javascript">', 'printError(\'You are not Logged in!\')', '</script>';
}
<?php
include_once 'bin/include/head.php';
include_once 'bin/mysql.class.php';
function printCountrySelect()
{
global $mysql;
$MySQLConnection = new Mysql($mysql['host'], $mysql['port'], $mysql['user'], $mysql['password'], $mysql['database']);
$MySQLConnection->connect();
$result = $MySQLConnection->getQuery('SELECT * FROM countries;');
echo '<select id="userCountry" name="userCountry"><option value="">---NO COUNTRY SELECTED---</option>';
while ($row = mysqli_fetch_assoc($result)) {
echo '<option value="' . $row["iso3166"] . '">' . $row["countryName"] . '</option>';
}
echo '</select>';
}
if (!sessionCheck()) {
//'.$_SERVER['PHP_SELF'].'
echo '
<div class="col-sm-5">
<form id="regForm" class="form" method="POST">
<fieldset>
<legend>Account Information</legend>
<label for="userLogin">Username: </label>
<input type="text" id="userLogin" name="userLogin" placeholder="Boaty" required/>
<label for="userPassword">Password: </label>
<input type="password" id="userPassword" name="userPassword" placeholder="Pa$$w0rd" required/>
<label for="userPasswordRepeat">Repeat: </label>
<input type="password" id="userPasswordRepeat" name="userPasswordRepeat" placeholder="Pa$$w0rd" required/>
<label for="userPassword">Email: </label>
<input type="text" id="userEmail" name="userEmail" placeholder="*****@*****.**" required/>
</fieldset>
/**
* Back end routines to add/delete courses, invoked by faculty.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
if (!sessionCheck('logged_in')) {
postResponse("error", "Your session has expired, please login again");
}
require_once 'connect_db.php';
rangeCheck('cId', 2, 20);
$cId = strtoupper($_POST['cId']);
if (!isset($_SESSION['faculty'])) {
$_SESSION['faculty'] = $_SESSION['uName'];
}
if (!sessionCheck('level', 'faculty') && !empty($_GET['faculty'])) {
$_SESSION['faculty'] = $_GET['faculty'];
}
if (valueCheck('action', 'add')) {
rangeCheck('cName', 6, 100);
if (empty($_POST["allowConflict"])) {
$_POST["allowConflict"] = 0;
}
try {
$query = $db->prepare('INSERT INTO courses(course_Id,course_name,fac_id,allow_conflict) values (?,?,?,?)');
$query->execute([$cId, $_POST['cName'], $_SESSION['faculty'], $_POST["allowConflict"]]);
$query = $db->prepare('INSERT INTO allowed(course_Id,batch_name,batch_dept) values (?,?,?)');
foreach ($_POST['batch'] as $batch) {
$batch = explode(" : ", $batch);
$query->execute([$cId, $batch[0], $batch[1]]);
}
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_0.txt. |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors : Salah Faya <*****@*****.**> |
+----------------------------------------------------------------------+
$Id: editxml.php 307070 2011-01-04 11:45:55Z rquadling $
*/
//-- The PHPDOC Online XML Editing Tool
//--- Purpose: this is the actual xml editor script
//------- Initialization
require 'base.php';
$user = sessionCheck('?from=editxml');
$lang = $user['phpdocLang'];
$translationPath = $phpdocLangs[$lang]['DocCVSPath'];
//------- Frames split
if (isset($_REQUEST['split'])) {
if ($_REQUEST['split'] == 'false' || !$_REQUEST['split']) {
$_REQUEST['split'] = false;
}
$_SESSION['split'] = $_REQUEST['split'];
}
if (!empty($_SESSION['split']) && !isset($_REQUEST['noframes'])) {
$source = $_REQUEST['source'];
$file = $_REQUEST['file'];
// ToDo automatically show the translated file in one frame and the source in another
print "<frameset cols=*,*><frame name=frame1 src='editxml.php?file={$file}&source={$source}&noframes=1'><frame name=frame2 src='editxml.php?file={$file}&source={$source}&noframes=1'></frameset>";
exit;
<?php
/**
* Back end routines for user management, invoked by manage.php and setup.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
require_once 'connect_db.php';
if ($_POST) {
// if the user is not a dean, allow registration only if the system has no dean
$newAdmin = 0;
if (!sessionCheck('level', 'dean')) {
$query = $db->query("SELECT count(*) FROM faculty where level='dean'");
// Check if the system has no admin configured yet
if ($query->fetch()[0]) {
postResponse("error", "You are not authorized to register accounts.");
}
$newAdmin = 1;
}
rangeCheck('uName', 3, 25, false);
if (valueCheck('action', 'addUser')) {
rangeCheck('fullName', 6, 50);
rangeCheck('pswd', 8, 32, false);
}
$uName = strtolower($_POST['uName']);
if (valueCheck('action', 'deleteFaculty')) {
$db->prepare('DELETE FROM faculty where uName =?')->execute([$uName]);
postResponse("removeOpt", "Faculty deleted");
die;
}
if (!empty($_POST['dept'])) {
$faculty = $query->fetch();
if (!$faculty) {
postResponse("error", "Username is not registered!");
}
if ($faculty['pswd'] == pwdHash($uName, $_POST['pswd']) || @ldap_bind(ldap_connect($config['ldap_host']), "uid={$uName}," . $config['ldap_dn'], $_POST['pswd'])) {
$_SESSION['logged_in'] = true;
$_SESSION['fName'] = $faculty['fac_name'];
$_SESSION['uName'] = $uName;
$_SESSION['level'] = $faculty['level'];
$_SESSION['dept'] = $faculty['dept_code'];
} else {
postResponse("error", "Invalid credentials");
}
}
}
if (sessionCheck('logged_in')) {
$home = "faculty.php";
if ($_SESSION['level'] == "dean") {
$home = "dean.php";
}
if ($_POST) {
postResponse("redirect", $home);
}
header("Location: " . $home);
die;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<?php /* +----------------------------------------------------------------------+ | PHP Version 4 | +----------------------------------------------------------------------+ | Copyright (c) 1997-2011 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.0 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.php.net/license/3_0.txt. | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Authors : Salah Faya <*****@*****.**> | +----------------------------------------------------------------------+ $Id: workbench.php 307070 2011-01-04 11:45:55Z rquadling $ */ //-- The PHPDOC Online XML Editing Tool //--- Purpose: this file is the frameset require 'base.php'; $user = sessionCheck(); ?> <frameset cols="200,*"> <frame name=listingframe src=cvslist.php> <frame name=fileframe src=intro.php> </frameset>
if ($course['allow_conflict'] && $current['allowConflicts']) {
continue;
}
echo "<div class=\"{$course['course_id']}\">";
foreach ($blocked[$course['course_id']] as $slot => $batches) {
echo "<input type= \"hidden\" name=\"{$slot}\" value=\"{$batches}\" >";
}
echo "</div>";
}
?>
</div>
<div id="footer" style="position: relative">Powered by <a href="https://github.com/0verrider/QuickSlots">QuickSlots v1.0</a></div>
</div>
<div id="rightpane" style="width: 235px;margin-left:10px">
<?php
if (!sessionCheck('level', 'faculty')) {
?>
<div class="title">Faculty</div>
<select id="faculty" class="stretch">
<?php
$query = $db->prepare('SELECT * FROM faculty where dept_code=?');
$query->execute([$_SESSION['dept']]);
foreach ($query->fetchall() as $fac) {
echo "<option value=\"{$fac['uName']}\">{$fac['fac_name']} ({$fac['uName']})</option>";
}
?>
</select>
<?php
}
?>
<div class="title" style="padding: 15px 0">Courses</div>
<?php
/**
* Back end routines that call PhantomJS to generate printable timetable snapshot images
* @author Avin E.M
*/
require_once 'functions.php';
if (!empty($_POST['filter']) && sessionCheck('logged_in')) {
$imgPath = 'tmp/print_' . time() . '.png';
$phantom = 'phantomjs' . DIRECTORY_SEPARATOR . 'phantomjs';
$basUrl = 'http://' . $_SERVER['SERVER_ADDR'] . dirname($_SERVER['SCRIPT_NAME']);
$printUrl = escapeshellarg($basUrl . '/?print=true&' . $_POST['filter']);
// Serious vulnerability if not escaped
exec($phantom . ' js/capture.js ' . $printUrl . ' ' . $imgPath);
header('Content-Disposition: attachment; filename=' . $_POST['filename'] . '.png');
header('Content-Type: ' . mime_content_type($imgPath));
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($imgPath));
readfile($imgPath);
unlink($imgPath);
}
