コード例 #1
0
ファイル: comment.php プロジェクト: schoepfi88/webinfo
    $sessionid = $_COOKIE["PHPSESSID"];
} else {
    $sessionid = "0";
}
$sqlcheck = "SELECT priv FROM authorize WHERE session_id ='{$sessionid}' AND priv = '{$priv}'";
$resultcheck = $conn->query($sqlcheck);
$rowcheck = $resultcheck->fetch_assoc();
if ($resultcheck->num_rows > 0) {
    // priv must be greater than 2
    if ($rowcheck['priv'] > 2) {
        if ($_POST['action'] == "create") {
            $id = explode("#", $_POST['id'])[0];
            // if anchor stands behind the id
            $name = $_POST['name'];
            $text = $_POST['text'];
            $name = eliminateHtml($name);
            $text = parseContent($text);
            $sql = "INSERT into comment (entry_id, reporter, text) values ({$id}, '{$name}' , '{$text}')";
            $result = $conn->query($sql);
            $sql1 = "SELECT comment_id, created_at, reporter, text from comment where entry_id = '{$id}' ORDER BY comment_id desc LIMIT 1";
            $result1 = $conn->query($sql1);
            $response = "";
            while ($row = $result1->fetch_assoc()) {
                $response = $response . $row['comment_id'] . "#?#" . $row['reporter'] . "#?#" . $row['text'] . "#?#" . $row['created_at'];
            }
            echo $response;
        }
    } else {
        echo "<br><link href='https://fonts.googleapis.com/css?family=Montserrat' rel='stylesheet' type='text/css'>\n        <link rel='stylesheet' type='text/css' href='/css/theme.css'><div style='text-align: center' class='feedback'>Error: Comment not created - Privileges are insufficient</div>";
    }
    // priv must be greater than 7
コード例 #2
0
ファイル: new.php プロジェクト: schoepfi88/webinfo
    $usr = $row["reporter"];
    $subj = $row["subject"];
    $keyw = $row["keyword"];
    $cont = $row["content"];
    $foo = "Change";
}
if (isset($_POST['submit'])) {
    $reporter = $_POST['username'];
    $subject = $_POST['subject'];
    $content = $_POST['content'];
    $keyword = $_POST['keyword'];
    $session_id = session_id();
    // replace < and > in reporter and subject
    $reporter = eliminateHtml($reporter);
    $subject = eliminateHtml($subject);
    $keyword = eliminateHtml($keyword);
    // parse content part
    $content = parseContent($content);
    // check if privileges are correct
    if (isset($_COOKIE['login'])) {
        $priv = $_COOKIE['login'];
    } else {
        $priv = "0";
    }
    if (isset($_COOKIE["PHPSESSID"])) {
        $sessionid = $_COOKIE["PHPSESSID"];
    } else {
        $sessionid = "0";
    }
    $sqlcheck = "SELECT priv FROM authorize WHERE session_id ='{$sessionid}' AND priv = '{$priv}'";
    $resultcheck = $conn->query($sqlcheck);
コード例 #3
0
ファイル: new.php プロジェクト: schoepfi88/webinfo
include 'parseHtml.php';
include 'db.php';
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
if (isset($_POST['submit'])) {
    $reporter = $_POST['username'];
    $subject = $_POST['subject'];
    $content = $_POST['content'];
    $session_id = session_id();
    // replace < and > in reporter and subject
    $reporter = eliminateHtml($reporter);
    $subject = eliminateHtml($subject);
    // parse content part
    $content = parseContent($content);
    $sql = "INSERT INTO entry (session_id, reporter, subject, content) VALUES ('{$session_id}', '{$reporter}', '{$subject}', '{$content}')";
    if ($conn->query($sql) === TRUE) {
        $error = "New entry created successfully";
    } else {
        $error = "Error: " . $sql . "<br>" . $conn->error;
    }
}
$conn->close();
?>

    <!DOCTYPE html>
    <html>