$table2 = "votaxmi_petitioner";
$casetype = "match_voter_with_petitioner";
}
$match = pairsystem($email, $table2, $table);
if ($match == "nomatch") {
mail_alert_divorce($email);
} else {
mail_alert_divorce($email);
email_match_confirmation($email, $match, $casetype);
}
//end of if ( $match == "nomatch" )
}
//end of function pair_neworphan
/////////// MAIN CODE /////////////
$email = test_input_get($_GET['email']);
$key = test_input_get($_GET['key']);
//echo "$email $key";
// check if email and code are correct/exist
$sql_check_get = "SELECT * FROM votaxmi_unsubscriptions WHERE email='{$email}'";
$result = mysqli_query($db_con, $sql_check_get);
$row = mysqli_fetch_assoc($result);
if ($row['unsubscribe_code'] != $key) {
header('Location: ../event.php?event=31');
//echo "no exist in table unsbubs";
}
//User is a voter or a petitioner?
//1) check in table voter
$sql_check_voter = "SELECT * FROM votaxmi_voter WHERE email='{$email}'";
$result = mysqli_query($db_con, $sql_check_voter);
$rowcount = mysqli_num_rows($result);
//echo "rowcount: ".$rowcount;
<?php
include 'functions.php';
// VARIABLES
$name = test_input_get($_POST["name"]);
$email = test_input_get($_POST["email"]);
$constituency = test_input_get($_POST["constituency"]);
$prensa = test_input_get($_POST["prensa"]);
$comentario = test_input_get($_POST["comentario"]);
if ($prensa == "on") {
$prensa = "si";
} else {
$prensa = "no";
}
// decide what table to use according to form. is the user a voter or a petitioner?
// table is the one the user checks in. table2 is the opposite one. If user is a voter, $table is voter, and the opposite one to look for a pair is $table2, petitioner
$registry = $_POST["registry"];
if ($registry == "voter") {
$table = "votaxmi_voter";
$table2 = "votaxmi_petitioner";
} else {
if ($registry == "petitioner") {
$table = "votaxmi_petitioner";
$table2 = "votaxmi_voter";
} else {
header('Location: ../event.php?event=10');
exit;
}
}
// open db connection with utf-8
require 'dbconnection.php';
<?php
include 'functions.php';
include 'dbconnection.php';
$email = test_input_get($_POST["email"]);
$message = test_input_get($_POST["unsubsmessage"]);
$unsubscribe_code = md5(uniqid(rand(), true));
$sql = "INSERT INTO votaxmi_unsubscriptions (email,unsubscribe_code,message) VALUES ('{$email}','{$unsubscribe_code}','{$message}')";
if (mysqli_query($db_con, $sql)) {
if (!mail_unsubscription($email, $unsubscribe_code)) {
header('Location: ../event.php?event=32');
} else {
header('Location: ../event.php?event=6');
}
} else {
header('Location: ../event.php?event=32');
}
mysqli_close($db_con);
?>
// $sql_update_match = "UPDATE $db_table_where_search_for_partner SET paired_to = '$email' where email='$match'";
// $result= mysqli_query ($db_con,$sql_update_match) or die ('Error: ' . mysqli_error($db_con));
// $sql_update_matched = "UPDATE $db_table SET paired_to = '$match' where email='$email'";
// $result= mysqli_query ($db_con,$sql_update_matched) or die ('Error: ' . mysqli_error($db_con));
// return ($match);
// }
//}
//****** MAIN CODE
// we receive an email with vars passed with GET. verify that email exist and activation_code existe and match, in that case, activate the user and try to find him a match
// case where activation link is no comleted
if (!isset($_GET["email"]) || !isset($_GET["key"])) {
header('Location: ../event.php?event=20');
}
// before anything security test must be excuted to stop XSS or any security fails from code injection
$email = test_input_get($_GET["email"]);
$key_received = test_input_get($_GET["key"]);
// check in what table user is: a voter or a petitioner
$table = "votaxmi_voter";
$sql_find_user_table = "select email from {$table} WHERE email='{$email}';";
$result = mysqli_query($db_con, $sql_find_user_table);
$rowcount = mysqli_num_rows($result);
if ($rowcount != 1) {
$table = "votaxmi_petitioner";
$table2 = "votaxmi_voter";
$casetype = "match_petitioner_with_voter";
} else {
$table2 = "votaxmi_petitioner";
$casetype = "match_voter_with_petitioner";
}
// start activation process and pair the user with someone if availibility exist
$sql_get_key_from_email = "SELECT activation_code,confirmed FROM {$table} WHERE email='{$email}'";
<link rel="stylesheet" type="text/css" href="../css/affichage_notice.css">
<title> </title>
</head>
<body>
<div class="main">
<?php
// open db connection with utf-8
require 'dbconnection.php';
function test_input_get($data)
{
$data = htmlspecialchars($data);
#a verifier pour quoi il marche pas avec les '"' dans mysqli_query
return $data;
}
$id = test_input_get($_GET["id"]);
$sql_id_result = "SELECT * FROM inventaire WHERE id='{$id}'";
$result = mysqli_query($db_con, $sql_id_result) or die('Error: ' . mysqli_error($db_con));
echo "<h2>Description de la source :</h2>";
while ($row = mysqli_fetch_assoc($result)) {
echo "<b>Identifiant</b> : " . $row["id"] . "<br>";
echo "<b>Fonds</b> : " . $row["fonds"] . "<br>";
echo "<b>Thème</b> : " . $row["theme"] . "<br>";
echo "<b>Type</b> : " . $row["type"] . "<br>";
echo "<b>Titre</b> : " . $row["titre"] . "<br>";
echo "<b>Auteur(s)</b> : " . $row["auteur"] . "<br>";
echo "<b>Fonction(s)</b> : " . $row["functions"] . "<br>";
echo "<b>Date</b> : " . $row["date"] . "<br>";
echo "<b>Description</b> : " . $row["description"] . "<br>";
echo "<b>Format</b> : " . $row["format"] . "<br>";
echo "<b>Nombre de pages</b> : " . $row["pages"] . "<br>";
