$table2 = "votaxmi_petitioner"; $casetype = "match_voter_with_petitioner"; } $match = pairsystem($email, $table2, $table); if ($match == "nomatch") { mail_alert_divorce($email); } else { mail_alert_divorce($email); email_match_confirmation($email, $match, $casetype); } //end of if ( $match == "nomatch" ) } //end of function pair_neworphan /////////// MAIN CODE ///////////// $email = test_input_get($_GET['email']); $key = test_input_get($_GET['key']); //echo "$email $key"; // check if email and code are correct/exist $sql_check_get = "SELECT * FROM votaxmi_unsubscriptions WHERE email='{$email}'"; $result = mysqli_query($db_con, $sql_check_get); $row = mysqli_fetch_assoc($result); if ($row['unsubscribe_code'] != $key) { header('Location: ../event.php?event=31'); //echo "no exist in table unsbubs"; } //User is a voter or a petitioner? //1) check in table voter $sql_check_voter = "SELECT * FROM votaxmi_voter WHERE email='{$email}'"; $result = mysqli_query($db_con, $sql_check_voter); $rowcount = mysqli_num_rows($result); //echo "rowcount: ".$rowcount;
<?php include 'functions.php'; // VARIABLES $name = test_input_get($_POST["name"]); $email = test_input_get($_POST["email"]); $constituency = test_input_get($_POST["constituency"]); $prensa = test_input_get($_POST["prensa"]); $comentario = test_input_get($_POST["comentario"]); if ($prensa == "on") { $prensa = "si"; } else { $prensa = "no"; } // decide what table to use according to form. is the user a voter or a petitioner? // table is the one the user checks in. table2 is the opposite one. If user is a voter, $table is voter, and the opposite one to look for a pair is $table2, petitioner $registry = $_POST["registry"]; if ($registry == "voter") { $table = "votaxmi_voter"; $table2 = "votaxmi_petitioner"; } else { if ($registry == "petitioner") { $table = "votaxmi_petitioner"; $table2 = "votaxmi_voter"; } else { header('Location: ../event.php?event=10'); exit; } } // open db connection with utf-8 require 'dbconnection.php';
<?php include 'functions.php'; include 'dbconnection.php'; $email = test_input_get($_POST["email"]); $message = test_input_get($_POST["unsubsmessage"]); $unsubscribe_code = md5(uniqid(rand(), true)); $sql = "INSERT INTO votaxmi_unsubscriptions (email,unsubscribe_code,message) VALUES ('{$email}','{$unsubscribe_code}','{$message}')"; if (mysqli_query($db_con, $sql)) { if (!mail_unsubscription($email, $unsubscribe_code)) { header('Location: ../event.php?event=32'); } else { header('Location: ../event.php?event=6'); } } else { header('Location: ../event.php?event=32'); } mysqli_close($db_con); ?>
// $sql_update_match = "UPDATE $db_table_where_search_for_partner SET paired_to = '$email' where email='$match'"; // $result= mysqli_query ($db_con,$sql_update_match) or die ('Error: ' . mysqli_error($db_con)); // $sql_update_matched = "UPDATE $db_table SET paired_to = '$match' where email='$email'"; // $result= mysqli_query ($db_con,$sql_update_matched) or die ('Error: ' . mysqli_error($db_con)); // return ($match); // } //} //****** MAIN CODE // we receive an email with vars passed with GET. verify that email exist and activation_code existe and match, in that case, activate the user and try to find him a match // case where activation link is no comleted if (!isset($_GET["email"]) || !isset($_GET["key"])) { header('Location: ../event.php?event=20'); } // before anything security test must be excuted to stop XSS or any security fails from code injection $email = test_input_get($_GET["email"]); $key_received = test_input_get($_GET["key"]); // check in what table user is: a voter or a petitioner $table = "votaxmi_voter"; $sql_find_user_table = "select email from {$table} WHERE email='{$email}';"; $result = mysqli_query($db_con, $sql_find_user_table); $rowcount = mysqli_num_rows($result); if ($rowcount != 1) { $table = "votaxmi_petitioner"; $table2 = "votaxmi_voter"; $casetype = "match_petitioner_with_voter"; } else { $table2 = "votaxmi_petitioner"; $casetype = "match_voter_with_petitioner"; } // start activation process and pair the user with someone if availibility exist $sql_get_key_from_email = "SELECT activation_code,confirmed FROM {$table} WHERE email='{$email}'";
<link rel="stylesheet" type="text/css" href="../css/affichage_notice.css"> <title> </title> </head> <body> <div class="main"> <?php // open db connection with utf-8 require 'dbconnection.php'; function test_input_get($data) { $data = htmlspecialchars($data); #a verifier pour quoi il marche pas avec les '"' dans mysqli_query return $data; } $id = test_input_get($_GET["id"]); $sql_id_result = "SELECT * FROM inventaire WHERE id='{$id}'"; $result = mysqli_query($db_con, $sql_id_result) or die('Error: ' . mysqli_error($db_con)); echo "<h2>Description de la source :</h2>"; while ($row = mysqli_fetch_assoc($result)) { echo "<b>Identifiant</b> : " . $row["id"] . "<br>"; echo "<b>Fonds</b> : " . $row["fonds"] . "<br>"; echo "<b>Thème</b> : " . $row["theme"] . "<br>"; echo "<b>Type</b> : " . $row["type"] . "<br>"; echo "<b>Titre</b> : " . $row["titre"] . "<br>"; echo "<b>Auteur(s)</b> : " . $row["auteur"] . "<br>"; echo "<b>Fonction(s)</b> : " . $row["functions"] . "<br>"; echo "<b>Date</b> : " . $row["date"] . "<br>"; echo "<b>Description</b> : " . $row["description"] . "<br>"; echo "<b>Format</b> : " . $row["format"] . "<br>"; echo "<b>Nombre de pages</b> : " . $row["pages"] . "<br>";