$realName = mysqli_real_escape_string($con, $_POST['realName']); $password = mysqli_real_escape_string($con, $_POST['oldPassword']); $password1 = mysqli_real_escape_string($con, $_POST['newPassword']); $email = mysqli_real_escape_string($con, $_POST['email']); $gender = mysqli_real_escape_string($con, $_POST['gender']); $age = mysqli_real_escape_string($con, $_POST['age']); $city = mysqli_real_escape_string($con, $_POST['city']); $occupation = mysqli_real_escape_string($con, $_POST['occupation']); $hobbies = mysqli_real_escape_string($con, $_POST['hobbies']); $userIp = $_SERVER['REMOTE_ADDR']; $userName = null; $phone = null; if (empty($age)) { $age = 18; } if (!empty($userId) && !empty($password) && !empty($email)) { $userUpdate = mysqli_query($con, "call spUserUpdate('" . $userId . "','" . $userName . "', '" . $realName . "', '" . $password . "', '" . $password1 . "', '" . $gender . "', {$age}, '" . $email . "', '" . $phone . "', '" . $city . "', '" . $occupation . "', '" . $hobbies . "', 1, '" . $userIp . "')"); if ($userUpdate->num_rows > 0) { $row = mysqli_fetch_array($userUpdate); $userId = $row['UserId']; if ($userId > 1) { showMessageRedirect(EDIT_MSG, 0); } else { showMessageRedirect(EDIT_MSG1, 2); } } else { showMessageRedirect(EDIT_MSG1, 2); } } else { showMessageRedirect(EDIT_MSG1, 2); }
<?php include "base.php"; include "global.php"; $userId = $_SESSION['UserId']; mysqli_query($con, "call spUserRemove('" . $userId . "')"); if (mysqli_affected_rows($con) > 0) { $_SESSION['UserName'] = null; $_SESSION['UserId'] = null; $_SESSION['LoggedIn'] = 0; showMessageRedirect(DEREGISTER_MSG, 0); } else { showMessageRedirect(DEREGISTER_MSG1, 2); }
$password = mysqli_real_escape_string($con, $_POST['password']); $email = mysqli_real_escape_string($con, $_POST['email']); $gender = mysqli_real_escape_string($con, $_POST['gender']); $age = mysqli_real_escape_string($con, $_POST['age']); $city = mysqli_real_escape_string($con, $_POST['city']); $occupation = mysqli_real_escape_string($con, $_POST['occupation']); $hobbies = mysqli_real_escape_string($con, $_POST['hobbies']); $userIp = $_SERVER['REMOTE_ADDR']; $phone = null; $password1 = null; //$passwordMD5 = md5($password); if (empty($age)) { $age = 18; } if (!empty($userName) && !empty($password) && !empty($email)) { $userUpdate = mysqli_query($con, "call spUserUpdate(0,'" . $userName . "', '" . $realName . "', '" . $password . "', '" . $password1 . "', '" . $gender . "', {$age}, '" . $email . "', '" . $phone . "', '" . $city . "', '" . $occupation . "', '" . $hobbies . "', 1, '" . $userIp . "')"); //$userUpdate = mysqli_query($con, "call spUserUpdate(0,'vango2', 'vango', '111', 'F', 24, '*****@*****.**', '', 'Burnaby', 'student', 'Hiking', 1, '127.0.0.1')"); if ($userUpdate && $userUpdate->num_rows > 0) { $row = mysqli_fetch_array($userUpdate); $userId = $row['UserId']; if ($userId > 1) { showMessageRedirect(REGISTER_SUCCESS, 0); } else { showMessageRedirect(REGISTER_ERROR, 1); } } else { showMessageRedirect(REGISTER_ERROR, 1); } } else { showMessageRedirect(REGISTER_ERROR, 1); }
<?php // Stores user's contact information (contactName, email, subject, // message) when the form is submitted. include "base.php"; include "global.php"; $yourName = mysqli_real_escape_string($con, $_POST['yourName']); $email = mysqli_real_escape_string($con, $_POST['email']); $subject = mysqli_real_escape_string($con, $_POST['subject']); $message = mysqli_real_escape_string($con, $_POST['message']); if (!empty($yourName) && !empty($email) && !empty($subject) && !empty($message)) { $contactUpdate = mysqli_query($con, "call spContactUpdate(0,'" . $yourName . "', '" . $email . "', '" . $subject . "', '" . $message . "')"); if ($contactUpdate) { showMessageRedirect(CONTACT_MSG, 0); } else { header("location:javascript://history.go(-1)"); } } else { header("location:javascript://history.go(-1)"); }
<?php // Updates the user's password with a temporary one (5-bit) // if the input username and email are correct. include "base.php"; include "global.php"; $userName = mysqli_real_escape_string($con, $_POST['userName']); $email = mysqli_real_escape_string($con, $_POST['email']); $password = strtoupper(substr(md5(microtime()), rand(0, 26), 5)); if (!empty($userName) && !empty($email)) { mysqli_query($con, "call spUserFindPassword('" . $userName . "', '" . $email . "', '" . $password . "')"); if (mysqli_affected_rows($con) > 0) { showMessage($password); } else { showMessageRedirect(RECOVER_MSG2, 2); } } else { showMessageRedirect(RECOVER_MSG2, 2); }