<?php
require 'includes/constant/config.inc.php';
require_once 'includes/swift/lib/swift_required.php';
return_meta("Thank You!");
//Process a submission on quote_form.php
if ($_POST) {
//validate if required fields are filled
//http://www.w3schools.com/php/php_form_required.asp
//if a required field is empty, return an error message
if (empty($_POST["club"]) || empty($_POST["shaft"]) || empty($_POST["quantity"]) || empty($_POST["customer"]) || empty($_POST["email"])) {
$err = "Please fill all of the required field.<br><br>";
$err .= "Use browser's back button to go back to the form and type in again.";
} elseif (!check_email($_POST['email'])) {
//validate the email address
$err = "Entered email address does not seem to be an valid email address.<br><br>";
$err .= "Use browser's back button to go back to the form and type it again.";
} else {
//if all of required fields are NOT empty, sanitize the post data
$club = filter($_POST["club"]);
$shaft = filter($_POST["shaft"]);
$quantity = preg_replace('#[^0-9]#', '', $_POST['quantity']);
//get rid of letters except numbers
$customer_email = filter($_POST['email']);
$customer_name = filter($_POST['customer']);
$comment = filter($_POST['comment']);
//Check if subscribe check box is left checked or unchecked
//http://www.webdeveloper.com/forum/showthread.php?209721-Posting-an-UNCHECKED-check-box
if (!empty($_POST['subscribe'])) {
$subscribe = 'yes';
} else {
<?php
require 'includes/constant/config.inc.php';
require_once 'includes/swift/lib/swift_required.php';
return_meta();
//Process a submission on quote_form.php and insert the data into the inquiry table.
if ($_POST) {
//Assign variables and sanitize POST data
$club = mysql_real_escape_string($_POST['club']);
$shaft = mysql_real_escape_string($_POST['shaft']);
$quantity = preg_replace('#[^0-9]#', '', $_POST['quantity']);
//get rid of letters except numbers
$customer_name = mysql_real_escape_string($_POST['customer']);
$customer_email = mysql_real_escape_string($_POST['email']);
$comment = mysql_real_escape_string($_POST['comment']);
$subscribe = $_POST['subscribe'];
//The value is 'yes' or 'no' only
//Build a query statement for insertion
$query = "INSERT INTO " . TABLE_INQUIRIES . "(customer, email, club, shaft, quantity, subscribe, comment, time) VALUES ('" . $customer_name . "', '" . $customer_email . "', '" . $club . "', '" . $shaft . "', '" . $quantity . "', '" . $subscribe . "', '" . $comment . "', now());";
mysql_query($query) or die(mysql_error());
}
//Swift
$username = "******";
$email_password = "";
$email_from = "*****@*****.**";
$from_name = "Umi Neko";
//Compute prices for quote
//Fetch price for single club from the product table
$query_club_pcice = "SELECT `price` FROM `" . TABLE_PRODUCTS . "` WHERE `club` = '" . $club . "' limit 1";
$result_club_price = mysql_query($query_club_pcice) or die("Failed to retrieve rows: " . mysql_error());
//Fetch price for single shaft from the shaft table
<?php
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Write your blog " . $_SESSION['fullname'] . "!");
$blogtitle = NULL;
$blogentry = NULL;
$userid = $_SESSION['user_id'];
$msg = NULL;
$err = array();
if (isset($_POST['postblog'])) {
//filter is defined config.inc.php, line 258
$blogtitle = filter($_POST['blogtitle']);
$blogentry = filter($_POST['blogentry']);
$date = date('Y-m-d H:i:s');
$err = array();
if (empty($blogtitle) || strlen($blogentry) < 2) {
$err[] = "You must enter blog title";
}
if (empty($blogentry) || strlen($blogentry) < 4) {
$err[] = "You must enter blog entry";
}
$q2 = mysql_query("INSERT INTO " . USER_BLOG . " (id, blog_title, blog_entry, time_submitted) VALUES ('{$userid}', '{$blogtitle}', '{$blogentry}', '{$date}')", $link) or die("Unable to insert data");
//if there are no errors, set $msg to "post successful!" - later on, it is displayed on the page
if (count($err) == 0) {
$msg = "Blog Post Successful!";
$meta_title = "Blog Post Successful!";
}
}
?>
<?php
include 'includes/constant/config.inc.php';
return_meta("User Blog");
/*
//Listing of existing images in directory
$media = get_images($file_location); //calls dir_tree function in constant.inc.php file
print_r($media);
$media_count = 0;
if(!empty($media))
{
foreach($media as $media_disp)
{
$media_loc = htmlspecialchars($media_disp);
list($width, $height, $type, $attr)= getimagesize($media_loc);
$media_count++;
}
}
else
{
}
*/
?>
</head>
<body>
<div id="container">
<?php
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Golf Club Entries");
include '../includes/constant/nav.inc.php';
?>
<h1>Golf Clubs</h1>
<?php
$query_for_table = mysql_query("SELECT * FROM " . TABLE_PRODUCTS . " ORDER BY club ASC;") or die(mysql_error());
//constant/config.inc.php line 393
generate_html_table();
include '../includes/constant/footer.inc.php';
<?php
require 'includes/constant/config.inc.php';
return_meta("Get A Quote Now!");
?>
<script>
//Function which gets executed when the document is loaded
$(function()
{
/*** JQUERY UI AUTO-COMPLETION ***/
//define an array to hold club string
var availableClubs = [ ];
$.ajax(
{
type: "POST",
url: "includes/constant/generate_club.php",
data: "",
success: function(response)
{
/* use JSON's function to parse the response */
var parsed_response = JSON.parse(response);
/* retrieve the club array that is part of the response. */
availableClubs = parsed_response.club;
/* select the HTML element with id="club" and call the autocomplete() function from the jquery UI library */
<?php
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Edit your blog " . $_SESSION['fullname'] . "!");
$msg = NULL;
$date = date('Y-m-d H:i:s');
if (isset($_POST['update'])) {
$update = mysql_query("UPDATE " . USER_BLOG . " SET blog_title = '" . filter($_POST['blogtitle']) . "', blog_entry = '" . filter($_POST['blogentry']) . "', time_submitted = '" . $date . "' WHERE blog_id = '" . $_POST['blogid'] . "';") or die(mysql_error());
echo $update;
if ($update) {
$msg = "Blog updated successfully!";
}
}
?>
<script>
</script>
</head>
<body>
<div id="container">
<?php
include '../includes/constant/nav.inc.php';
?>
<h1>Hey <?php
echo $_SESSION['fullname'];
?>
! Edit your blog!</h1>
<?php
require '../includes/constant/config.inc.php';
return_meta("Activate your account");
$err = array();
$msg = array();
$user = NULL;
$activ = NULL;
$user_email = NULL;
/******** EMAIL ACTIVATION LINK**********************/
if (isset($_GET['user']) && !empty($_GET['activ_code']) and !empty($_GET['user']) && is_numeric($_GET['activ_code'])) {
$user = filter($_GET['user']);
$activ = filter($_GET['activ_code']);
//check if activ code and user is valid
$rs_check = mysql_query("SELECT id FROM " . USERS . " WHERE md5_id='{$user}' AND activation_code='{$activ}'") or die(mysql_error());
$num = mysql_num_rows($rs_check);
// Match row found with more than 1 results - the user is authenticated.
if ($num <= 0) {
$err[] = "Unable to verify account";
}
if (empty($err)) {
// set the approved field to 1 to activate the account
$rs_activ = mysql_query("UPDATE " . USERS . " SET approved='1' WHERE\n\t\tmd5_id='{$user}' AND activation_code = '{$activ}' ") or die(mysql_error());
$msg[] = "Account activated successfully! You may now <a href=\"" . SITE_BASE . "/login.php\">login</a>.";
}
}
/******************* ACTIVATION BY FORM**************************/
if (isset($_POST['activate'])) {
$user_email = filter($_POST['user_email']);
$activ = filter($_POST['activ_code']);
//check if activ code and user is valid as precaution
<?php
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Edit " . $_SESSION['fullname'] . "'s Profile");
$msg = NULL;
if (isset($_POST['update'])) {
$update = "UPDATE " . USERS . " SET full_name = '" . filter($_POST['fullname']) . "', user_name = '" . filter($_POST['username']) . "', usr_email = AES_ENCRYPT('" . filter($_POST['email']) . "', '{$salt}')";
if (!empty($_POST['newpass'])) {
$update .= ", usr_pwd = '" . hash_pass(filter($_POST['newpass'])) . "'";
}
$update .= " WHERE id = '" . $_SESSION['user_id'] . "'";
$run_update = mysql_query($update) or die(mysql_error());
if ($run_update) {
$msg = "Profile updated successfully!";
}
}
?>
<?php
include '../includes/constant/nav.inc.php';
?>
<h1>Edit My Profile</h1>
<?php
if (isset($msg)) {
echo '<div class="success">' . $msg . '</div>';
}
$in = mysql_query("SELECT *, AES_DECRYPT(usr_email, '{$salt}') AS email FROM " . USERS . " WHERE id = '" . $_SESSION['user_id'] . "'") or die("Unable to get your info!");
<?php
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Import CSV Files");
//http://www.johnboy.com/blog/tutorial-import-a-csv-file-using-php-and-mysql
//http://www.johnboy.com/scripts/import-csv-file-with-php-mysql/import.phps
if (isset($_POST['submit_club'])) {
if ($_FILES['csv1']['size'] > 0) {
//get the csv file
$file = $_FILES['csv1']['tmp_name'];
$handle = fopen($file, "r");
//loop through the csv file and insert into database
do {
if ($data[1]) {
mysql_query("INSERT INTO " . TABLE_PRODUCTS . " (product_id, club, brand, category, price, cost, status, details, time) VALUES\n\t\t\t\t\t(\n\t\t\t\t\t\t'" . addslashes($data[0]) . "',\n\t\t\t\t\t\t'" . addslashes($data[1]) . "',\n\t\t\t\t\t\t'" . addslashes($data[2]) . "',\n\t\t\t\t\t\t'" . addslashes($data[3]) . "',\n\t\t\t\t\t\t'" . addslashes($data[4]) . "',\n\t\t\t\t\t\t'" . addslashes($data[5]) . "',\n\t\t\t\t\t\t'" . addslashes($data[6]) . "',\n\t\t\t\t\t\t'" . addslashes($data[7]) . "'\n\t\t\t\t\t)\n\t\t\t\t");
}
} while ($data = fgetcsv($handle, 1000, ",", "'"));
//redirect
header('Location: import.php?success=1');
die;
}
fclose($handle);
}
//Insert data to the SHAFT table
if (isset($_POST['submit_shaft'])) {
if ($_FILES['csv2']['size'] > 0) {
//get the csv file
$file = $_FILES['csv2']['tmp_name'];
$handle = fopen($file, "r");
//loop through the csv file and insert into database
<?php
/*ADMIN index.php - secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Welcome to the secured user area " . $_SESSION['fullname'] . "!");
/****CHART****/
//Retrieve data (all column) from the inquiry table
$query = "SELECT * FROM " . TABLE_INQUIRIES . " ORDER BY club DESC;";
//$query = "SELECT club, COUNT(*) AS CLUBCOUNT FROM " . TABLE_INQUIRIES . " GROUP BY club ORDER BY CLUBCOUNT DESC;";
//execute it
$result = mysql_query($query) or die("Failed to retrieve rows: " . mysql_error());
//array to store the rows
$table_rows = array();
while ($row = mysql_fetch_array($result)) {
$table_rows[] = $row;
//add the next row to the list of rows stored in $table_rows
}
//print_r($table_rows); echo "<br><br>";
//CHART 1: BAR CHART: Number of inquiries per club
//step 1: extract all categories
$club = array();
foreach ($table_rows as $current_row) {
//if the product category of the current row is not in the list, add it
if (!in_array($current_row['club'], $club)) {
$club[] = $current_row['club'];
}
}
//print_r($club); echo "<br><br>";
//step 2-1: compute the order counts for each club
$counts_per_club = array();
<?php
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
if (!is_admin()) {
header("Location: " . SITE_BASE . "/login.php");
}
return_meta("Administrator User listing");
$msg = array();
$err = array();
/*Update user account
===================================================*/
if (isset($_POST['update'])) {
$update = "UPDATE " . USERS . " SET full_name = '" . filter($_POST['fullname']) . "', user_name = '" . filter($_POST['username']) . "', usr_email = AES_ENCRYPT('" . filter($_POST['email']) . "', '{$salt}'), user_level = '" . filter($_POST['user_level']) . "'";
if (!empty($_POST['newpass'])) {
$update .= ", usr_pwd = '" . hash_pass(filter($_POST['newpass'])) . "'";
}
$update .= " WHERE id = '" . filter($_POST['user_id']) . "'";
$run_update = mysql_query($update) or die(mysql_error());
if ($run_update) {
$msg[] = stripslashes(ucfirst($_POST['fullname'])) . "'s Profile updated successfully!";
}
}
/*Delete user
===================================================*/
if (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) {
$dq = mysql_query("DELETE FROM " . USERS . " WHERE id = '" . filter($_GET['id']) . "' LIMIT 1") or die(mysql_error());
if ($dq) {
$msg[] = "Successfully deleted user.";
} else {
$fullname = filter($_POST['fullname']);
$username = filter($_POST['username']);
$password = filter($_POST['password']);
$email = filter($_POST['email']);
$date = date('Y-m-d');
$user_ip = $_SERVER['REMOTE_ADDR'];
$activation_code = rand(1000, 9999);
//define in config.inc.php, line 39
$err = add_user($fullname, $username, $password, $email, $date, $user_ip, $activation_code);
//if there are no errors, set $msg to "Registration Successfull" - later on, it is displayed on the page
if (count($err) == 0) {
$msg = "Registration successful!";
$meta_title = "Registration successful!";
}
}
return_meta($meta_title);
?>
<?php
include '../includes/constant/nav.inc.php';
?>
<h1>Add Admin Users</h1>
<?php
//Show message if isset
if (isset($msg)) {
echo '<div class="success">' . $msg . '</div>';
}
//Show error message if isset
if (!empty($err)) {
<?php
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Shaft Entries");
include '../includes/constant/nav.inc.php';
?>
<h1>Shafts</h1>
<?php
$query_for_table = mysql_query("SELECT * FROM " . TABLE_SHAFTS . " ORDER BY shaft ASC;") or die(mysql_error());
//constant/config.inc.php line 393
generate_html_table();
include '../includes/constant/footer.inc.php';
<?php
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Customer Inquiries");
include '../includes/constant/nav.inc.php';
?>
<h1>Inquiries</h1>
<?php
//get all fields from the inquiry table and sort by date, newer comes to the top
$query_for_table = mysql_query("SELECT * FROM " . TABLE_INQUIRIES . " ORDER BY time DESC;") or die(mysql_error());
//constant/config.inc.php line 393
generate_html_table();
include '../includes/constant/footer.inc.php';
$msg = "Logged in successfully!";
//redirect to a new location
header("Location: " . SITE_BASE . "/admin");
} else {
//Passwords don't match, issue an error
$err[] = "Invalid User or Password";
}
} else {
//No rows found in DB matching username or email, issue error
$err[] = "This user was not found in the database.";
}
}
//end if no error
}
//end form posted
return_meta("Administrator Login");
?>
<?php
include 'includes/constant/nav.inc.php';
?>
<?php
//Show message if isset
if (isset($msg) || !empty($_GET['msg'])) {
if (!empty($_GET['msg'])) {
$msg = $_GET['msg'];
}
echo '<div class="success">' . $msg . '</div>';
}
//Show error message if isset