<?php include '../../include/connect.php'; $user = secureTxt($_REQUEST['user']); $type = secureTxt($_REQUEST['type']); if ($type == 'suspend') { $update = $conn->prepare("UPDATE staff SET status = 1 WHERE username = :user"); $update->bindParam(':user', $user); if ($update->execute()) { ?> <div class="alert alert-success"> <strong>Staff account suspended</strong><br>reloading page... </div> <script> setTimeout(function() { window.location.reload(); }, 2000); </script> <?php } else { ?> <div class="alert alert-danger"> <strong>Staff account unable to suspend</strong> </div> <?php } } elseif ($type == 'unsuspend') { $update = $conn->prepare("UPDATE staff SET status = 0 WHERE username = :user"); $update->bindParam(':user', $user); if ($update->execute()) { ?>
<script> $('body').oLoader('hide'); </script> <?php include 'connect.php'; $title = secureTxt($_REQUEST['title']); $desc = secureTxt($_REQUEST['desc']); $user = secureTxt($_REQUEST['user']); $id = secureTxt($_REQUEST['id']); $rate = secureTxt($_REQUEST['rate']); $q = $conn->prepare("INSERT INTO rating (username, title, post_id, rate, review) VALUES (:user, :title, :post_id, :rate, :description)"); $q->bindParam(':user', $user); $q->bindParam(':title', $title); $q->bindParam(':post_id', $id); $q->bindParam(':rate', $rate); $q->bindParam(':description', $desc); if ($q->execute()) { ?> <div class="alert alert-success"> <strong>Post have been successfully reviewed</strong> <br>Refreshing post... </div> <script> $('#rate-title, #rate-description').val(''); localStorage.setItem('rate-number', ''); setTimeout(function() { window.location.replace('explore?post=<?php echo $id; ?> ');
<!-- Panes --> <div class="tab-content"> <div id="account" class="tab-pane active"> <?php if (isset($_POST['user'])) { $name = secureTxt($_POST['name']); $user = secureTxt($_POST['user']); $pwd = securePwd($_POST['pwd']); $address = secureTxt($_POST['address']); $gender = secureTxt($_POST['gender']); $role = secureTxt($_POST['role']); $email = secureTxt($_POST['email']); $phone = secureTxt($_POST['phone']); $target_dir = "uploads/profile/"; $target_file = $target_dir . basename($_FILES["image"]["name"]); $uploadOk = 1; $imageFileType = pathinfo($target_file, PATHINFO_EXTENSION); // Check if image file is a actual image or fake image if (isset($_POST["name"])) { $check = getimagesize($_FILES["image"]["tmp_name"]); if ($check !== false) { $uploadOk = 1; } else { echo "<div class='alert alert-warning'>File is not an image.</div>"; $uploadOk = 0; } } // Check if file already exists if (file_exists($target_file)) { echo "<div class='alert alert-warning'>Sorry, photo already exists.</div>";
$q->bindParam(':source', $target_file); if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file) && $q->execute()) { ?> <div class="alert alert-success"> <strong>Your post have been successfully uploaded.</strong><br> </div> <?php } else { echo "<div class='alert alert-danger'>Sorry, there was an error uploading your image post.</div>"; } } } elseif (isset($_POST['title2'])) { /*Video upload*/ $title = secureTxt($_POST['title2']); $description = secureTxt($_POST['description']); $category = secureTxt($_POST['category']); $type = "video"; $target_dir = "uploads/post/"; $target_file = $target_dir . basename($_FILES["video"]["name"]); $uploadOk = 1; $videoFileType = pathinfo($target_file, PATHINFO_EXTENSION); //convert file type extension to lower case $videoFileType = strtolower($videoFileType); // Check if image file is a actual image or fake image if (isset($_POST["name"])) { $check = getimagesize($_FILES["video"]["tmp_name"]); if ($check !== false) { $uploadOk = 1; } else { echo "<div class='alert alert-warning'>File is not a video.</div>"; $uploadOk = 0;
<?php include '../../include/connect.php'; $user = secureTxt($_SESSION['logged_staff']); function limit_words($string, $word_limit) { $words = explode(" ", $string); return implode(" ", array_splice($words, 0, $word_limit)); } $q = $conn->prepare("SELECT * FROM staff_conversation WHERE sender = :user OR receiver = :user ORDER BY timestamp DESC"); $q->bindParam(':user', $user); $q->execute(); $q4 = $conn->prepare("SELECT * FROM staff_conversation WHERE sender = :user OR receiver = :user ORDER BY timestamp DESC LIMIT 1"); $q4->bindParam(':user', $user); $q4->execute(); $row4 = $q4->fetch(); $id4 = $row4['conversation_id']; if ($q->rowCount() != 0) { while ($row = $q->fetch()) { $id = $row['conversation_id']; ?> <li class="list-group-item msg-list <?php if ($id == $id4) { echo "active"; } ?> " id="<?php echo $id; ?> "> <a href="javascript:;">
<?php include '../../include/connect.php'; $msg = secureTxt($_REQUEST['msg']); $sender = secureTxt($_SESSION['logged_staff']); $receiver = secureTxt($_REQUEST['receiver']); $timestamp = time(); $q = $conn->prepare("SELECT * FROM staff_conversation WHERE sender = :sender AND receiver = :receiver OR receiver = :sender2 AND sender = :receiver2"); $q->bindParam(':sender', $sender); $q->bindParam(':receiver', $receiver); $q->bindParam(':sender2', $sender); $q->bindParam(':receiver2', $receiver); $q->execute(); $w = $q->fetch(); $id = $w['conversation_id']; if ($q->rowCount() != 0) { $qe = $conn->prepare("INSERT INTO staff_message (conversation_id, sender, message, date, time) VALUES (:id, :sender, :msg, :d, :t)"); $qe->bindParam(':id', $id); $qe->bindParam(':sender', $sender); $qe->bindParam(':msg', $msg); $qe->bindParam(':d', $d); $qe->bindParam(':t', $timestamp); $update = $conn->prepare("UPDATE staff_conversation SET date = :d, time = :t, timestamp = :time WHERE sender = :sender AND receiver = :receiver OR sender = :sender2 AND receiver = :receiver2"); $update->bindParam(':d', $d); $update->bindParam(':t', $t); $update->bindParam(':time', $timestamp); $update->bindParam(':sender', $receiver); $update->bindParam(':sender2', $sender); $update->bindParam(':receiver', $sender); $update->bindParam(':receiver2', $receiver); if ($qe->execute() && $update->execute()) {
<?php if (isset($_GET['post'])) { $id = secureTxt($_GET['post']); $us = secureTxt($_SESSION['logged_user']); $q51 = $conn->prepare("SELECT * FROM post_views WHERE post_id = :id AND username = :user"); $q51->bindParam(':id', $id); $q51->bindParam(':user', $us); $q51->execute(); $we = $conn->prepare("SELECT * FROM post WHERE id = :id"); $we->bindParam(':id', $id); $we->execute(); $row5 = $we->fetch(); $post_views = $row5['views']; if ($q51->rowCount() != 0) { $views = $post_views; } else { $insert = $conn->prepare("INSERT INTO post_views (post_id, username) VALUES (:id, :user)"); $insert->bindParam(':id', $id); $insert->bindParam(':user', $us); $view = $post_views + 1; $views_update = $conn->prepare("UPDATE post SET views = :views WHERE id = :id"); $views_update->bindParam(':id', $id); $views_update->bindParam(':views', $view); if ($insert->execute() && $views_update->execute()) { $we = $conn->prepare("SELECT * FROM post WHERE id = :id"); $we->bindParam(':id', $id); $we->execute(); $row5 = $we->fetch(); $post_views = $row5['views']; $views = $post_views;
<?php $user = secureTxt($_GET['username']); $q = $conn->prepare("SELECT * FROM post WHERE username = :user ORDER BY id DESC"); $q->bindParam(':user', $user); ?> <div class="row grid js-masonry" data-masonry-options='{ "itemSelector": ".grid-item", "columWidth": 200 }' data-toggle="isotope"> <?php $q->execute(); function limit_words($string, $word_limit) { $words = explode(" ", $string); return implode(" ", array_splice($words, 0, $word_limit)); } while ($row = $q->fetch()) { ?> <div class="item col-xs-12 col-sm-6 col-lg-6 grid-item"> <div class="panel panel-default paper-shadow" data-z="0.5"> <a href="<?php if (isset($view_type) && $view_type == 'video') { echo 'video'; } else { echo 'explore'; } ?> ?post=<?php echo $row['id']; ?> " id="<?php
<?php include '../../include/connect.php'; $user = secureTxt($_REQUEST['user']); $q = $conn->prepare("SELECT * FROM staff WHERE username = :user"); $q->bindParam(':user', $user); $q->execute(); $row = $q->fetch(); ?> <form class="form-horizontal" action='<?php echo htmlspecialchars('staff?ref=list'); ?> ' method="post" enctype="multipart/form-data"> <div class="form-group"> <label for="inputEmail3" class="col-sm-2 control-label">Photo</label> <div class="col-md-6"> <div class="media v-middle"> <div class="media-left"> <div class="icon-block width-100 bg-grey-100"> <output id="list" style="padding-top: 0px;"> <span id="span"> <img <?php echo 'src="' . $row['photo'] . '"'; ?> alt="<?php echo $user; ?> " class="" style="height: 100px; width: 100px;" id="image" /> </span> </output>
<?php include 'connect.php'; $id = secureTxt($_REQUEST['id']); $q = $conn->prepare("SELECT * FROM rating WHERE post_id = :id ORDER BY id DESC"); $q->bindParam(':id', $id); $q->execute(); $count = $q->rowCount(); if ($count > 0) { while ($row = $q->fetch()) { ?> <div class="item"> <div class="testimonial"> <div class="panel panel-default"> <div class="panel-body"> <p><?php echo $row['review']; ?> </p> </div> </div> <div class="media v-middle"> <div class="media-left"> <?php if ($row['role'] == 'user') { $table = 'profile'; } else { $table = 'staff'; } $q1 = $conn->prepare("SELECT * FROM {$table} WHERE username = :user"); $q1->bindParam(':user', $row['username']);
</div> </header> <h2 class="home_text_head">LETS RATE YOU</h2> <section class=""> <p class="home_text_body">Knot and Rings is the world's first online wedding rating magazine, focused on showcasing iconic wedding moments.</p> <ul class="social"> <li class="social_item"><a href="#" class="fb homefb"><span class="socicon socicon-facebook"></span> Sign Up with Facebook</a></li> </ul> <?php if (isset($_POST['email'])) { $user = secureTxt($_POST['user']); $email = secureTxt($_POST['email']); $pwd = securePwd($_POST['pwd']); $code = rand('1642853729', '9356782341'); $verification_code = securePwd($code); $q = $conn->prepare("SELECT * FROM account WHERE username = :user"); $q->bindParam(':user', $user); $q->execute(); $row = $q->fetch(); if ($row['username'] == $user) { ?> <div class="alert alert-warning"> <strong>This username is already registered</strong> </div> <?php } else { $insert = $conn->prepare("INSERT INTO account (username, email, password, signup_date, signup_time, verification_code) VALUES (:user, :email, :pwd, :signup_date, :signup_time, :code)");
<?php include 'connect.php'; $id = secureTxt($_REQUEST['id']); $msg = secureTxt($_REQUEST['msg']); $logged_user = secureTxt($_SESSION['logged_user']); $receiver = secureTxt($_SESSION['receiver']); $timestamp = time(); $q = $conn->prepare("INSERT INTO message (conversation_id, sender, message, date, time) VALUES (:id, :user, :msg, :d, :t)"); $q->bindParam(':id', $id); $q->bindParam(':user', $logged_user); $q->bindParam(':msg', $msg); $q->bindParam(':d', $d); $q->bindParam(':t', $timestamp); $update = $conn->prepare("UPDATE conversation SET date = :d, time = :t, timestamp = :time WHERE sender = :sender AND receiver = :receiver OR sender = :sender2 AND receiver = :receiver2"); $update->bindParam(':d', $d); $update->bindParam(':t', $t); $update->bindParam(':time', $timestamp); $update->bindParam(':sender', $receiver); $update->bindParam(':sender2', $logged_user); $update->bindParam(':receiver', $logged_user); $update->bindParam(':receiver2', $receiver); if ($q->execute() && $update->execute()) { ?> <div class="alert alert-success" id="msgAlert"> Message sent! </div> <script> $('#userMessage').val(''); $('#messageLoad').load('include/message_load.php'); $('#conversation_load').load('include/conversation_load.php');
</div> </header> <section class=""> <h2>LETS RATE YOU</h2> <p class="home_text_body">Knot and Rings is the world's first online wedding rating magazine, focused on showcasing iconic wedding moments.</p> <center> <!-- <li class="social_item"><a href="#" class="fb homefb"><span class="socicon socicon-facebook"></span> Sign in with Facebook</a></li> --> <fb:login-button scope="public_profile,email" onlogin="******"> </fb:login-button> <p id="status"></p> </center> <?php if (isset($_POST['user'])) { $user = secureTxt($_POST['user']); $pwd = securePwd($_POST['pwd']); $q = $conn->prepare("SELECT * FROM account WHERE username = :user"); $q->bindParam(':user', $user); $q->execute(); $row = $q->fetch(); if ($row['username'] == $user) { //checking to make sure useraccount have been verified if ($row['status'] == 0) { ?> <div class="alert alert-danger"> <strong>Your account is not yet verified.</strong><br> A verification link was sent to your inbox. </div> <?php } else {