<?php session_start(); date_default_timezone_set('EST'); include 'framework.php'; $fw = new framework(); $status = $fw->clean_input($_POST['status']); $scale_id = $fw->clean_input($_POST['scale_id']); $fullname = $_SESSION['val_fullname']; $username = $_SESSION['val_username']; #echo $status . "<br>"; #echo $scale_id . "<br>"; #echo $fullname . "<br>"; #echo $username . "<br>"; #echo $_SESSION['val_username']; @($db = new mysqli('localhost', 'root', '', 'brechbuhler')); if (mysqli_connect_error()) { $errnum = mysqli_connect_errno(); echo "Error({$errnum}): Could not connect to database. Please try again later."; exit; } #Check if the user is actually an admin $query_user = "******"; #echo $query_user; $result_user = $db->query($query_user); if ($result_user) { while ($row = $result_user->fetch_assoc()) { $db_pass = $row['password']; $db_user = $row['username']; $db_name = $row['fullname']; $db_email = $row['email'];
<?php session_start(); date_default_timezone_set('EST'); if (isset($_SESSION['val_username']) && $_SESSION['val_username'] != "" && isset($_SESSION['val_digest']) && $_SESSION['val_digest'] != "") { include 'framework.php'; $fw = new framework(); $techname = $_SESSION['val_fullname']; $username = $_SESSION['val_username']; $oldpass = $fw->clean_input($_POST['oldPass']); $newpass1 = $fw->clean_input($_POST['newPass1']); $newpass2 = $fw->clean_input($_POST['newPass2']); $date = date('m/d/Y') . " @ " . date('h:i:s A'); @($db = new mysqli('localhost', 'root', '', 'brechbuhler')); if (mysqli_connect_error()) { $errnum = mysqli_connect_errno(); echo "Error({$errnum}): Could not connect to database. Please try again later."; exit; } #Check if the scale still exists in the database $query_user = "******" . $username . "'"; $result_user = $db->query($query_user); if ($query_user) { while ($row = $result_user->fetch_assoc()) { $db_pass = $row['password']; $db_name = $row['fullname']; $db_user = $row['username']; } if ($db_pass == sha1($oldpass)) { if ($db_name == $_SESSION['val_fullname'] && $db_user == $_SESSION['val_username']) { if ($newpass1 == $newpass2 && $newpass1 != $oldpass) {
<?php session_start(); date_default_timezone_set("America/Fort_Wayne"); include 'framework.php'; $fw = new framework(); $scale_id = $fw->clean_input($_POST['scale_id']); $tech = $fw->clean_input($_POST['tech']); $status = $fw->clean_input($_POST['status']); $stage = $fw->clean_input($_POST['stage']); $date = date('m/d/Y') . " @ " . date('h:i:s A'); $comments = $fw->clean_input($_POST['comments']); $digest = md5($_POST['scale_id'] . $_POST['tech'] . $_POST['status'] . $_POST['stage'] . $date); $sessionDigest = isset($_SESSION['digest']) ? $_SESSION['digest'] : ''; if ($digest != $sessionDigest) { @($db = new mysqli('localhost', 'root', '', 'brechbuhler')); if (mysqli_connect_error()) { $errnum = mysqli_connect_errno(); echo "Error({$errnum}): Could not connect to database. Please try again later."; exit; } #if ( $stage != "Additional Notes" ) { # $event = "From " . $status . " to " . $stage; #} else { $event = $stage; #} $query = "insert into events values\r\n" . "('NULL', " . "'" . $date . "', " . "'" . $scale_id . "', " . "'" . $tech . "', " . "'" . $event . "', " . "'" . $comments . "'); "; $result = $db->query($query); if ($stage != "Added Additional Notes") { $query_two = "update scales set status='" . $stage . "' where id='" . $scale_id . "';"; $result_two = $db->query($query_two);
<?php session_start(); include 'framework.php'; $fw = new framework(); $type = $fw->clean_input($_POST['search_type']); $criteria = $fw->clean_input($_POST['search_criteria']); if ($type == "default") { $_SESSION['search_go'] = 1; $_SESSION['search_query'] = "select * from scales where status != 'Complete' AND status != 'Non-repairable' AND status != 'Replaced the Scale' AND status != 'Delivered'"; $_SESSION['search_criteria'] = "Based on the default search criteria <br />"; header("Location: showRepairs.php"); die; } else { $db = new mysqli('localhost', 'root', '', 'brechbuhler'); if (mysqli_connect_error()) { $errnum = mysqli_connect_errno(); echo "Error({$errnum}): Could not connect to database. Please try again later."; exit; } if ($type == "id" || $type == "scale_capacity") { $query = "select * from scales where {$type} = '" . $criteria . "'"; } else { $query = "select * from scales where {$type} like '%" . $criteria . "%'"; } $result = $db->query($query); $_SESSION['search_criteria'] = "\n\t\t\t<table class=\"table-striped\" style=\"max-width: 250px;\">\n\t\t\t\t<thead style=\"background-color: black; color: white;\">\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td colspan=\"2\">Based on this search criteria</td>\n\t\t\t\t\t</tr>\n\t\t\t\t</thead>\n\t\t\t\t<tbody>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>Type</td>\n\t\t\t\t\t\t<td>{$type}</td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>Criteria</td>\n\t\t\t\t\t\t<td>{$criteria}</td>\n\t\t\t\t\t</tr>\n\t\t\t\t</tbody>\n\t\t\t</table>"; if ($result) { $_SESSION['search_go'] = 1; $_SESSION['search_query'] = $query; //$result->free();
<?php session_start(); date_default_timezone_set('EST'); include 'framework.php'; $fw = new framework(); $techname = $fw->clean_input($_POST['techname']); $companyname = $fw->clean_input($_POST['companyname']); $street = $fw->clean_input($_POST['street']); $city = $fw->clean_input($_POST['city']); $state = $fw->clean_input($_POST['state']); $zipcode = $fw->clean_input($_POST['zipcode']); $indicator_tag = $fw->clean_input($_POST['indicator_tag']); $indicator_manu = $fw->clean_input($_POST['indicator_manu']); $indicator_model = $fw->clean_input($_POST['indicator_model']); $indicator_serial = $fw->clean_input($_POST['indicator_serial']); $scale_manu = $fw->clean_input($_POST['scale_manu']); $scale_model = $fw->clean_input($_POST['scale_model']); $scale_serial = $fw->clean_input($_POST['scale_serial']); $scale_capacity = $fw->clean_input($_POST['scale_capacity']); $scale_divisions = $fw->clean_input($_POST['scale_divisions']); $units = $fw->clean_input($_POST['units']); $date = date('m/d/Y') . " @ " . date('h:i:s A'); $comments = $fw->clean_input($_POST['comments']); $status = $fw->clean_input($_POST['status']); if ($state == "NU") { $state == "IN"; } $digest = md5($_POST['techname'] . $_POST['companyname'] . $_POST['street'] . $_POST['city'] . $_POST['state'] . $_POST['indicator_manu'] . $_POST['indicator_model'] . $_POST['indicator_serial'] . $_POST['scale_manu'] . $_POST['scale_model'] . $_POST['scale_serial'] . $_POST['scale_capacity'] . $_POST['scale_divisions'] . date('m') . "/" . date('d') . "/" . date('Y')); $sessionDigest = isset($_SESSION['digest']) ? $_SESSION['digest'] : ''; //echo "Digest: " . $digest . "<br />";
<?php session_start(); date_default_timezone_set('EST'); include 'framework.php'; $fw = new framework(); $username = $fw->clean_input($_POST['username']); $password = $fw->clean_input($_POST['password']); @($db = new mysqli('localhost', 'root', '', 'brechbuhler')); if (mysqli_connect_error()) { $errnum = mysqli_connect_errno(); echo "Error({$errnum}): Could not connect to database. Please try again later."; exit; } $query = "select * from users where username like '%" . $username . "%'"; $result = $db->query($query); if ($result) { while ($row = $result->fetch_assoc()) { $db_id = $row['id']; $db_username = $row['username']; $db_pass = $row['password']; $db_fullname = $row['fullname']; $db_email = $row['email']; $db_user = $row['is_user']; $db_admin = $row['is_admin']; $db_superadmin = $row['is_superadmin']; } if (sha1($password) == $db_pass) { $digest = md5($db_id . $db_username . $db_fullname . $db_pass . $db_email . $db_user . $db_admin . $db_superadmin); } else { header("Location: login.php?result=1");
<?php session_start(); date_default_timezone_set('EST'); if (isset($_SESSION['val_username']) && $_SESSION['val_username'] != "" && isset($_SESSION['val_digest']) && $_SESSION['val_digest'] != "") { include 'framework.php'; $fw = new framework(); $techname = $_SESSION['val_fullname']; $scale_id = $fw->clean_input($_POST['scale_id']); $companyname = $fw->clean_input($_POST['companyname']); $street = $fw->clean_input($_POST['street']); $city = $fw->clean_input($_POST['city']); $state = $fw->clean_input($_POST['state']); $zipcode = $fw->clean_input($_POST['zipcode']); $indicator_tag = $fw->clean_input($_POST['indicator_tag']); $indicator_manu = $fw->clean_input($_POST['indicator_manu']); $indicator_model = $fw->clean_input($_POST['indicator_model']); $indicator_serial = $fw->clean_input($_POST['indicator_serial']); $scale_manu = $fw->clean_input($_POST['scale_manu']); $scale_model = $fw->clean_input($_POST['scale_model']); $scale_serial = $fw->clean_input($_POST['scale_serial']); $scale_capacity = $fw->clean_input($_POST['scale_capacity']); $scale_divisions = $fw->clean_input($_POST['scale_divisions']); $units = $fw->clean_input($_POST['units']); $date = date('m/d/Y') . " @ " . date('h:i:s A'); $old = array('companyname' => $fw->clean_input($_POST['old_companyname']), 'street' => $fw->clean_input($_POST['old_street']), 'city' => $fw->clean_input($_POST['old_city']), 'state' => $fw->clean_input($_POST['old_state']), 'zipcode' => $fw->clean_input($_POST['old_zipcode']), 'indicator_tag' => $fw->clean_input($_POST['old_indicator_tag']), 'indicator_manu' => $fw->clean_input($_POST['old_indicator_manu']), 'indicator_model' => $fw->clean_input($_POST['old_indicator_model']), 'indicator_serial' => $fw->clean_input($_POST['old_indicator_serial']), 'scale_manu' => $fw->clean_input($_POST['old_scale_manu']), 'scale_model' => $fw->clean_input($_POST['old_scale_model']), 'scale_serial' => $fw->clean_input($_POST['old_scale_serial']), 'scale_capacity' => $fw->clean_input($_POST['old_scale_capacity']), 'scale_divisions' => $fw->clean_input($_POST['old_scale_divisions'])); $comments = ""; if ($old) { if ($companyname != $old['companyname']) { $comments .= "Changed customer name from " . $old['companyname'] . " to " . $companyname . " <br />\n"; }