} else {
$instructions = "Please fill in the details below to join.";
}
// Takes <form> heading, instructions, action, formVars name, and formErrors
// name as parameters
$template = new winestoreFormTemplate("Customer Details", $instructions, S_VALIDATE, "custFormVars", "custErrors");
session_start();
$connection = DB::connect($dsn, true);
if (DB::isError($connection)) {
trigger_error($connection->getMessage(), E_USER_ERROR);
}
// Is the user logged in and are there no errors from previous
// validation? If so, look up the customer for editing
if (isset($_SESSION["loginUsername"]) && !isset($_SESSION["custErrors"])) {
// Check the user is properly logged in
sessionAuthenticate(S_MAIN);
$query = "SELECT title_id, surname, firstname, initial, address,\n city, state, zipcode, country_id, phone, \n birth_date \n FROM users, customer \n WHERE users.cust_id = customer.cust_id \n AND user_name = '{$_SESSION["loginUsername"]}'";
$result = $connection->query($query);
if (DB::isError($result)) {
trigger_error($result->getMessage(), E_USER_ERROR);
}
$row = $result->fetchRow(DB_FETCHMODE_ASSOC);
// Reset $_SESSION["custFormVars"], since we're loading
// from the customer table
$_SESSION["custFormVars"] = array();
// Load all the <form> widgets with customer data
foreach ($row as $variable => $value) {
$_SESSION["custFormVars"]["{$variable}"] = $value;
}
}
// Load the titles from the title table
<?php
// Source code example for Web Database Applications with PHP and MySQL, 2nd Edition
// Author: Hugh E. Williams and David Lane, 2001-3
//
// Unless otherwise stated, the source code distributed with this book can be
// redistributed in source or binary form so long as an acknowledgment appears
// in derived source files.
// The citation should list that the code comes from Hugh E. Williams and David
// Lane, "Web Database Application with PHP and MySQL" published by O'Reilly &
// Associates.
//
// This code is under copyright and cannot be included in any other book,
// publication, or educational product without permission from O'Reilly &
// Associates. No warranty is attached; we cannot take responsibility for errors
// or fitness for use.
// This script logs a user out and redirects
// to the calling page.
require_once '../includes/winestore.inc';
require_once '../includes/authenticate.inc';
set_error_handler("customHandler");
// Restore the session
session_start();
// Check they're logged in
sessionAuthenticate(S_LOGIN);
// Destroy the login and all associated data
session_destroy();
// Redirect to the main page
header("Location: " . S_MAIN);
exit;
<?php
if ($login_wordpress == TRUE) {
if (is_user_logged_in() == FALSE) {
$pumilio_loggedin = FALSE;
} else {
$pumilio_loggedin = TRUE;
}
} else {
if (!sessionAuthenticate($connection)) {
#header("Location: error.php?e=login");
#die();
$pumilio_loggedin = FALSE;
} else {
$pumilio_loggedin = TRUE;
}
}
if (!isset($force_loggedin)) {
$force_loggedin = FALSE;
}
if ($force_loggedin == TRUE && $pumilio_loggedin == FALSE) {
header("Location: error.php?e=login");
die;
}
function is_user_admin2($username, $connection)
{
#Check if user can edit files (i.e. has admin privileges)
if (sessionAuthenticate($connection)) {
if ($username != "") {
$resultname = mysqli_query($connection, "SELECT UserRole FROM Users WHERE UserName='******' LIMIT 1");
$rowname = mysqli_fetch_array($resultname);
extract($rowname);
if ($UserRole == "admin") {
return true;
} else {
return false;
}
} else {
return false;
}
}
}
$template->setVariable("QTY", $row["qty"]);
$template->setVariable("WINE", $wineDetail);
$template->setVariable("PRICE", sprintf("\$%4.2f", $row["price"]), 11);
$template->setVariable("TOTAL", sprintf("\$%4.2f", $itemsPrice));
$template->parseCurrentBlock("row");
}
$template->setCurrentBlock("items");
$template->setVariable("ORDER_TOTAL", sprintf("\$%4.2f\n", $orderTotalPrice));
$template->parseCurrentBlock("items");
$template->setCurrentBlock();
$template->showWinestore(NO_CART, B_HOME);
}
// ----------
session_start();
// Connect to a authenticated session
sessionAuthenticate(S_SHOWCART);
// Check the correct parameters have been passed
if (!isset($_GET["cust_id"]) || !isset($_GET["order_id"])) {
$_SESSION["message"] = "Incorrect parameters to order-step4.php";
header("Location: " . S_SHOWCART);
exit;
}
// Check this customer matches the $cust_id
$connection = DB::connect($dsn, true);
if (DB::isError($connection)) {
trigger_error($connection->getMessage(), E_USER_ERROR);
}
$cust_id = pearclean($_GET, "cust_id", 5, $connection);
$order_id = pearclean($_GET, "order_id", 5, $connection);
$real_cust_id = getCust_id($_SESSION["loginUsername"]);
if ($cust_id != $real_cust_id) {
if (!isset($AudioPreviewFormat)) {
$AudioPreviewFormat = "";
}
if ($AudioPreviewFormat == "ogg") {
$player_encoder = "dir2ogg";
} elseif ($AudioPreviewFormat == "mp3") {
#LAME encoder
$player_encoder = "lame";
} elseif ($AudioPreviewFormat == "") {
#$AudioPreviewFormat="ogg";
#$player_encoder="dir2ogg";
$AudioPreviewFormat = "mp3";
$player_encoder = "lame";
}
$player_format = $AudioPreviewFormat;
if (!sessionAuthenticate($connection) && isset($_COOKIE["usercookie"])) {
$cookie_to_test = $_COOKIE["usercookie"];
$cookie_to_testa = explode(".", $cookie_to_test);
$cookie_to_test1 = $cookie_to_testa['0'];
$cookie_to_test2 = $cookie_to_testa['1'];
$query = "DELETE FROM Cookies WHERE user_id = '{$cookie_to_test1}' AND cookie = '{$cookie_to_test2}'";
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
setcookie("usercookie", "1", time() - 3600, $app_dir);
setcookie("username", "1", time() - 3600, $app_dir);
}
if (!isset($special_wrapper)) {
$special_wrapper = FALSE;
}
if (!isset($useR)) {
$useR = FALSE;
}
<?php
session_start();
require "include/functions.php";
$config_file = 'config.php';
if (file_exists($config_file)) {
require "config.php";
} else {
header("Location: error.php?e=config");
die;
}
require "include/apply_config.php";
if (!$allow_upload || !sessionAuthenticate($connection)) {
header("Location: error.php?e=login");
die;
}
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n<title>{$app_custom_name} - Upload file</title>";
require "include/get_css.php";
require "include/get_jqueryui.php";
?>
<script src="js/jquery.validate.js"></script>
<!-- Form validation from http://bassistance.de/jquery-plugins/jquery-plugin-validation/ -->
<script type="text/javascript">
$().ready(function() {
// validate signup form on keyup and submit
$("#fileForm").validate({
rules: {
file: {
<?php
require_once '../../Connections/config.php';
require '../../includes/authentication.inc.php';
session_start();
sessionAuthenticate();
$dbTable = "brewing";
if (isset($_GET['dbTable'])) {
$dbTable = get_magic_quotes_gpc() ? $_GET['dbTable'] : addslashes($_GET['dbTable']);
}
if ($dbTable == "brewing") {
$excel_output = "BrewBlog_DB_Export";
}
if ($dbTable == "recipes") {
$excel_output = "Recipe_DB_Export";
}
mysql_select_db($database_brewing);
// Thanks to http://www.stargeek.com/scripts.php?script=2&cat=sql for the following script.
$result = mysql_query("SELECT * FROM {$dbTable}");
$count = mysql_num_fields($result);
for ($i = 0; $i < $count; $i++) {
$header .= mysql_field_name($result, $i) . "\t";
}
while ($row = mysql_fetch_row($result)) {
$line = '';
foreach ($row as $value) {
if (!isset($value) || $value == "") {
$value = "\t";
} else {
# important to escape any quotes to preserve them in the data.
$value = str_replace('"', '""', $value);
// Validate password - between 6 and 8 characters
if (checkMandatory("loginPassword", "password", "custErrors", "custFormVars")) {
checkMinAndMaxLength("loginPassword", 6, 8, "password", "custErrors", "custFormVars");
}
}
// Now the script has finished the validation,
// check if there were any errors
if (count($_SESSION["custErrors"]) > 0) {
// There are errors. Relocate back to the client form
header("Location: " . S_DETAILS);
exit;
}
// Is this an update?
if (isset($_SESSION["loginUsername"])) {
// Check the user is properly logged in
sessionAuthenticate(S_DETAILS);
$cust_id = getCust_id($_SESSION["loginUsername"], $connection);
$query = "UPDATE customer SET \n title_id = {$_SESSION["custFormVars"]["title_id"]},\n surname = '{$_SESSION["custFormVars"]["surname"]}',\n firstname = '{$_SESSION["custFormVars"]["firstname"]}',\n initial = '{$_SESSION["custFormVars"]["initial"]}',\n address = '{$_SESSION["custFormVars"]["address"]}',\n city = '{$_SESSION["custFormVars"]["city"]}',\n state = '{$_SESSION["custFormVars"]["state"]}',\n zipcode = '{$_SESSION["custFormVars"]["zipcode"]}',\n country_id = {$_SESSION["custFormVars"]["country_id"]},\n phone = '{$_SESSION["custFormVars"]["phone"]}',\n birth_date = '{$_SESSION["custFormVars"]["birth_date"]}'\n WHERE cust_id = {$cust_id}";
$result = $connection->query($query);
if (DB::isError($result)) {
trigger_error($result->getMessage(), E_USER_ERROR);
}
} else {
// Lock to get the next available customer ID
$result = $connection->query("LOCK TABLES customer WRITE");
if (DB::isError($result)) {
trigger_error($result->getMessage(), E_USER_ERROR);
}
// Find the max cust_id
$result = $connection->query("SELECT max(cust_id) FROM customer");
if (DB::isError($result)) {
}
$endid = $how_many_to_show;
$endid_show = $startid_q + $endid;
if ($startid_q + $how_many_to_show >= $no_sounds) {
$endid_show = $no_sounds;
}
$sql_limit = "{$startid_q}, {$endid}";
echo "\n\t\t\t<div class=\"page-header\">\n\t\t\t<div class=\"row\">\n\t\t\t\t<div class=\"col-lg-8\">\n\t\t\t\t\t<h2>Sounds at the Site: {$SiteName}</h2>\n\t\t\t\t\t<p>Coordinates: {$SiteLat}, {$SiteLon}</p>\n\t\t\t\t\t<p>{$no_sounds} sounds at this site</p>\n\t\t\t\t</div>\n\t\t\t\t<div class=\"col-lg-4\">\n\t\t\t\t\t<div id=\"map\"></div>\n\t\t\t\t</div>\n\t\t\t</div>\n\n\t\t\t</div>\n\t\t\n\t\t\t<div class=\"row\">\n\t\t\t\t<div class=\"col-lg-4\">";
/*if (sessionAuthenticate($connection) || !$hide_latlon_guests) {
#echo "Coordinates: $SiteLat, $SiteLon | <a href=\"viewsite_map.php?SiteID=$SiteID\" title=\"View site in a map\"><strong>Map</strong></a>";
echo "Coordinates: $SiteLat, $SiteLon";
}
else {
#echo "<a href=\"viewsite_map.php?SiteID=$SiteID\" title=\"View site in a map\"><strong>Map</strong></a>";
}*/
if (sessionAuthenticate($connection) && is_user_admin2($username, $connection)) {
echo "<br><a href=\"edit_site.php?SiteID={$SiteID}\" title=\"Edit this site\">[edit site]</a>";
}
#Select particular date
/*$query_dates = "SELECT DISTINCT DATE_FORMAT(Date,'%d-%b-%Y') AS Date_f, Date FROM Sounds
WHERE Date IS NOT NULL AND SiteID='$SiteID' AND Sounds.SoundStatus!='9' $qf_check ORDER BY Date";
$result_dates=query_several($query_dates, $connection);
$nrows_dates = mysqli_num_rows($result_dates);
if ($nrows_dates>0) {
if ($special_wrapper==TRUE){
echo "<form action=\"$wrapper\" method=\"GET\">
<input type=\"hidden\" name=\"page\" value=\"browse_site_date\">";
}
else {
echo "<form action=\"browse_site_date.php\" method=\"GET\">";
}