コード例 #1
0
ファイル: photo.php プロジェクト: dagasaga/css
 public function upload()
 {
     // security check first
     $token_handler = new security();
     $token_handler->check_token();
     // receives data from input form:
     /*
     *  <form action="upload.php" method="post" enctype="multipart/form-data">
            Select image to upload:
            <input type="file" name="fileToUpload" id="fileToUpload">
            <input type="submit" value="Upload Image" name="submit">
        </form>
     */
     $target_dir = PHOTO_DIR;
     $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
     $uploadOk = 1;
     $imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);
     // actual photo/image ?
     $msg = '';
     if (isset($_POST["submit"])) {
         $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
         if ($check !== false) {
             $msg .= "File is an image - " . $check["mime"] . ".";
             $uploadOk = 1;
         } else {
             $msg .= "File is not an image.";
             $uploadOk = 0;
         }
     }
     // Check if file already exists
     if (file_exists($target_file)) {
         $msg .= "Sorry, file already exists.";
         $uploadOk = 0;
     }
     // Check file size
     if ($_FILES["fileToUpload"]["size"] > 500000) {
         $msg .= "Sorry, your file is too large.";
         $uploadOk = 0;
     }
     // Allow certain file formats
     if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {
         $msg .= "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
         $uploadOk = 0;
     }
     // Check if $uploadOk is set to 0 by an error
     if ($uploadOk == 0) {
         $msg .= "Sorry, your file was not uploaded.";
         // if everything is ok, try to upload file
     } else {
         if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
             $msg .= "The file " . basename($_FILES["fileToUpload"]["name"]) . " has been uploaded.";
         } else {
             $msg .= "Sorry, there was an error uploading your file.";
         }
     }
     $result = array('message' => $msg, 'ok' => $uploadOk);
     return $result;
 }
コード例 #2
0
ファイル: usersController.php プロジェクト: dagasaga/css
 public function reset()
 {
     $token_handler = new security();
     $token_handler->check_token();
     $content = '';
     // resets users password
     // sends an email containing a link + token with 6h validity
     // from this link, access this same method, but with confirm=yes in url
     if (isset($_GET['confirm'])) {
         if ($_GET['confirm'] == 'yes') {
             // check token with database
             // will arrive here from user's mail - show form to enter new password and UPDATE it in the database
         }
     } else {
         // send email to user with link to reset, redirecting here
         // ?controller=users&action=reset&confirm=yes&token=ETC
         // 1st, check if user + email exist in database
         $connection = new database();
         $sql = "SELECT username, email FROM users WHERE username=?";
         $data[] = $_POST['username'];
         $user_results = $connection->fetchAll($sql, $data);
         if ($connection->row_count = 1) {
             // ok, found one user with this username
             // but, does he/she has an email?
             if ($_POST['email'] != '') {
                 if ($user_results[0]['email'] == $_POST['email']) {
                     // send email with proper link to reset password
                     $content .= "<p>Dear {$_POST['username']}, an email was sent to {$_POST['email']} with instructions on how to reset your password.";
                     $content .= "<p>It should arrive momentarily; if not, check your spam box or contact the administrator.";
                     // TODO: send email to reset password.
                     // Contains a link with a token that redirects to a special page - this only confirms that user has acces to the concerned email
                 } else {
                     $content .= "<p>Email not found or invalid. Please, try again.";
                     $content .= "<p>Contact the administrator if you think you do not have a registered email.";
                 }
             } else {
                 $content .= "<p>Email is obligatory. Please, try again.";
             }
         } else {
             $content .= "User not found. Please, try again!";
         }
     }
     $output['page'] = 'views/forgot.php';
     $output['content'] = $content;
     return $output;
 }
コード例 #3
0
ファイル: simple_table_ops.php プロジェクト: dagasaga/css
 public function update()
 {
     /* UPDATE multiple tables:
             //  UPDATE tables SET table1.col1=table2.col2
             //  WHERE condition;
     
             // needs:
             //      1. column names - $this->cols
             //      2. table name   - $this->table_name
             //      3. id           - $_GET['id'] from action form
             example:
             $sql = " UPDATE {$this->table_name} SET
                     nom=?, prenom=?, nom_khmer=?, prenom_khmer=?, sex_id=?, matricule=?, dob=?, program_id=?
                     WHERE student_id=?";
             /********************************************/
     $security_handler = new security();
     $security_handler->check_token();
     $id = $_GET['id'];
     $i = 0;
     $cols = '';
     $values = array();
     foreach ($this->cols as $column) {
         array_push($values, $_POST[$column]);
         $cols .= $column . '=?,';
         $i++;
     }
     array_push($values, $id);
     // add last value to the array, which corresponds to the record id number.
     $cols = substr($cols, 0, -1);
     $sql = "UPDATE " . $this->table_name . " SET " . $cols . " WHERE " . $this->id_column . "=?";
     //echo "<p>sql: ".$sql."<br>";
     //echo "<p>values: ";
     //var_dump ($values);
     $connection = new database();
     if ($connection->update($sql, $values)) {
         $_SESSION['log'] .= new timestamp("Affected rows: " . $connection->get_row_num());
     } else {
         $_SESSION['log'] .= new timestamp("Record was not updated in {$_GET['controller']}!");
     }
     //die();
 }