function GetProfileTimelineEvents($username) { $dbh = SqlConnect(); $stmt = $dbh->prepare("SELECT from_unixtime(entrydate,\n get_format(datetime, 'ISO')) AS start,\n CONCAT(p.firstname, ': ', title) AS title,\n description,\n 'false' AS durationEvent,\n CONCAT('http://saalonmuyo.com/viewprofile.php?user='******':username', $username); if ($stmt->execute()) { return $stmt->fetchAll(); } else { return ''; } }
function SaveError($ip, $email, $browser) { SqlConnect(); $numbererrors = mysql_query("SELECT emailaddress FROM login_errors WHERE emailaddress='{$email}' AND logged is null "); if (mysql_num_rows($numbererrors) < MAX_LOGIN) { mysql_query("insert into login_errors (date,ipaddress,emailaddress,browser) values (now(),'{$ip}','{$email}','{$browser}')"); } else { mysql_query("insert into login_errors (date,ipaddress,emailaddress,browser) values ('{$date}','{$ip}','{$email}','{$browser}')"); global $myErrorsToEmailAddress, $myServerEmailAddress; mail_to($myServerEmailAddress, $myErrorsToEmailAddress, '3 errors logged', 'the email address ' . $email . ' has tried to login ' . mysql_num_rows($numbererrors) . ' times'); //$a=mail(EMAILLOGERRORS,'3 errors logged ', 'the email address '.$email.' has tried to login '.mysql_num_rows($numbererrors).' times'); mysql_query("UPDATE login_errors SET logged=1 WHERE emailaddress = '{$email}'"); } mysql_close(); }
<?php require_once 'classes/errors.php'; require_once 'functions/global.php'; require_once 'classes/user.php'; SqlConnect(); $user = new User(); $verifier = $_GET['v']; $valid = false; $allowchange = false; $ans1 = $_POST['answer1']; $ans2 = $_POST['answer2']; if (isset($_POST['newpass'])) { $user->changePassword($verifier, $_POST['newpass']); header("Location: login.php"); } if ($verifier != "") { $user = $user->GetUserByValidationCode($verifier); if ($user != null) { $valid = true; if (isset($_POST['answer1'])) { if ($user->checkSecurityQuestionOne($verifier, $ans1)) { $allowchange = true; } else { //echo ('sec 1 is not valid'); } } if (!$allowchange && isset($_POST['answer2'])) { if ($user->checkSecurityQuestionTwo($verifier, $ans2)) { $allowchange = true; } else {
function SubmitTimelineEntry($username, $title, $description, $entrydate) { $success = false; $dbh = SqlConnect(); $stmt = $dbh->prepare('INSERT INTO timeline (userid, profileid, title, description, entrydate) VALUES ( (SELECT userid FROM users u WHERE username = :username), (SELECT p.profileid FROM profiles p JOIN users u ON p.userid = u.userid WHERE u.username = :username), :title, :description, :entrydate)'); $stmt->bindParam(':username', $username); $stmt->bindParam(':title', $title); $stmt->bindParam(':description', $description); $stmt->bindParam(':entrydate', $entrydate); if ($stmt->execute()) { $success = true; } return $success; }