Esempio n. 1
0
include 'logincheck.php';
$room = '';
//***** Errors loading config *****
$result = '';
$queryString = '';
include 'config.php';
include 'string.php';
//contains functions for string manipulation
include 'sql.php';
//contains all the sql functions
if (isset($_POST['roomID']) && !empty($_POST['roomID']) && isset($_POST['itemName']) && !empty($_POST['itemName'])) {
    $roomID = $_POST['roomID'];
    $itemName = $_POST['itemName'];
    //check to ensure no sql injection attachs
    $itemName = stringChecker($itemName);
    //Uppercase the item name
    $itemName = ucfirst($itemName);
    $queryString = "insert into items (roomID,itemName) values ({$roomID},'{$itemName}');";
    $result = insert($queryString, $itemName);
}
?>

<html>
<head>
    <title>Checklist</title>
    <?php 
include 'head.txt';
?>
</head>
<body>
Esempio n. 2
0
    $roomID = $_POST['roomID'];
    if ($_POST['aquired'] = 'on') {
        $aquired = 1;
    } else {
        $aquired = 0;
    }
    if (empty($_POST['itemPrice'])) {
        $price = null;
    } else {
        $price = stringChecker($_POST['itemPrice']);
    }
    if (empty($_POST['itemSize'])) {
        $size = 'null';
    } else {
        //check for sql injection attacks
        $size = stringChecker($_POST['itemSize']);
        //wrap in quotes
        $size = "'" . $size . "'";
    }
    //build query
    $queryString = "update items set roomid={$roomID}, aquired={$aquired}, price={$price}, size={$size} where id={$id};";
    //execute Query
    $result = update($queryString);
    if ($result = 'Updated') {
        header('refresh:3;url=display.php');
    }
}
//****** all below is for display purposes *******
//fills in drop down box with available rooms
$connection = mysql_connect($serverName, $dbUsername, $dbPassword);
// Selecting Database
Esempio n. 3
0
<?php

include 'logincheck.php';
$room = '';
$result = '';
if (isset($_POST['room']) && !empty($_POST['room'])) {
    //include config
    include 'config.php';
    include 'functions/string.php';
    //contains functions for string manipulation
    $room = stringChecker($room);
    $room = $_POST['room'];
    //fill in room
    $room = ucfirst($room);
    //upper case the first word
    $connection = mysql_connect($serverName, $dbUsername, $dbPassword);
    // Selecting Database
    $db = mysql_select_db($dbName, $connection);
    // SQL query to fetch information of registerd users and finds user match.
    $query = mysql_query("insert into rooms (roomName) Values('{$room}');", $connection);
    if ($query == 1) {
        $result = "{$room} added";
    } else {
        $result = 'Error';
    }
    mysql_close($connection);
    // Closing Connection
}
?>

<html>
Esempio n. 4
0
$result = '';
if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])) {
    include 'config.php';
    include 'functions/string.php';
    //contains functions for string manipulation
    //Declare Variables
    // Define $username and $password
    $username = $_POST['username'];
    $passwd = $_POST['password'];
    //Encrypt the password
    $passwd = passwdEncrypt($passwd);
    //ensure username is lowercase
    $username = strtolower($username);
    //check to ensure no sql injection attachs
    $username = stringChecker($username);
    $passwd = stringChecker($passwd);
    //******To do, check the uname session exists otherwise return to login with error message
    $connection = mysql_connect($serverName, $dbUsername, $dbPassword);
    // Selecting Database
    $db = mysql_select_db($dbName, $connection);
    // SQL query to fetch information of registerd users and finds user match.
    $query = mysql_query("insert into users (username,passwd) Values('{$username}','{$passwd}');", $connection);
    if ($query == 1) {
        $result = "{$username} added";
    } else {
        $result = 'Error';
    }
    mysql_close($connection);
    // Closing Connection
}
?>
Esempio n. 5
0
//include config
include 'config.php';
include 'string.php';
//contains functions for string manipulation
//used to check login information
//Declare Variables
// Define $username and $password
$username = $_POST['username'];
$passwd = $_POST['password'];
//encrypt the password
$passwd = passwdEncrypt($passwd);
//ensure username is lowercase
$username = strtolower($username);
// To protect MySQL injection for Security purpose
$passwd = stringChecker($passwd);
$username = stringChecker($username);
$error = '';
// Variable To Store Error Message
$connection = mysql_connect($serverName, $dbUsername, $dbPassword);
//$username = stripslashes($username);
//$passwd = stripslashes($passwd);
//$username = mysql_real_escape_string($username);
//$passwd = mysql_real_escape_string($passwd);
// Selecting Database
$db = mysql_select_db($dbName, $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("SELECT id, username, passwd FROM users where passwd='{$passwd}' AND username='******'", $connection);
$rows = mysql_num_rows($query);
$resultRow = mysql_fetch_row($query);
if ($rows == 1) {
    //session_start(); // Starting Session