$pdoquery = $dbconn->prepare($theq); $pdoquery->execute(array(':checknumber' => clean_user_input($_POST['checkno' . $value]), ':receivedby' => $_SESSION["userid"], ':invoiceid' => $value)); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } } } unset($_SESSION['invoices']); logit($logname, 'GETting back to recordpayment'); header('Location: recordpayment.php'); exit; } else { // get invoices $dbconnw = PDOconnect('nakaweb', $_SESSION["clientdefaults"]["host"], $logname); $theq = " select fullname,invoiceid,invoicedate,paymentreceived,login,invoiceamount,"; $theq .= " case when login is null then "; $theq .= ' \'<input type="text" name="checkno\'||invoiceid::text||\'">\''; $theq .= " else checknumber end as checknumber"; $theq .= " from invoices i"; $theq .= " join client c on i.schoolid=c.clientid"; $theq .= " left join users u on u.userid=receivedby"; $theq .= " order by paymentreceived desc, invoicedate desc, invoiceamount desc"; try { $pdoquery = $dbconnw->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(); $invoices = $pdoquery->fetchAll(); unset($_SESSION['invoices']); $i = 0;
try { $theq = " delete from sysdef.system_defaults where sd_item=:key"; $pdoquery = $dbconn->prepare($theq); $pdoquery->execute(array(":key" => $key)); $theq = " insert into sysdef.system_defaults (sd_value,sd_item)"; $theq .= " values (:value,:key)"; $pdoquery = $dbconn->prepare($theq); $pdoquery->execute(array(":key" => $key, ":value" => $value)); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } } // create a pg conection $dbconn = PDOconnect($_SESSION["clientdefaults"]["dbname"], $_SESSION["clientdefaults"]["host"], $logname); if (key_exists('schoolname', $_POST)) { // was called by self so do update logit($logname, 'updating school'); updatesysdef("School Name", $_POST["schoolname"], $dbconn, $logname); updatesysdef("School Address", $_POST["schooladdress"], $dbconn, $logname); updatesysdef("School Address2", $_POST["schooladdress2"], $dbconn, $logname); updatesysdef("School City", $_POST["schoolcity"], $dbconn, $logname); updatesysdef("School State", $_POST["schoolstate"], $dbconn, $logname); updatesysdef("School Zip", $_POST["schoolzip"], $dbconn, $logname); updatesysdef("School Phone", $_POST["schoolphone"], $dbconn, $logname); logit($logname, 'going back to school'); header('Location: school.php'); exit; } //school info
$_SESSION["clientdefaults"]["fedidprefix"] = $client->fedidprefix; } if ($cancontinue) { $cancontinue = GetTheHTMLs($_SESSION["userlanguage"], $_SESSION["clientdefaults"]["clientid"], $PDOconn, $logname); } if ($cancontinue) { header('Location: school.php'); } return $cancontinue; } /* * if this program is called with GET params for tag and client (must have been * self called) then, check that the user has rights to that (to prevent * cheating) and put them in. */ $PDOconn = PDOconnect('nakaweb', $_SESSION["dbhost"], $logname); if (key_exists('clientid', $_GET)) { $theq = 'select * '; $theq .= ' from clientuser '; $theq .= ' where userid = :userid'; $theq .= ' and clientid = :clientid'; try { $pdoquery = $PDOconn->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(array(':userid' => $_SESSION["userid"], ':clientid' => $_GET["clientid"])); $row = $pdoquery->fetch(); if ($pdoquery->rowCount() != 1) { logit($logname, ' looks like the user is cheating! NOT letting them in!'); $cancontinue = FALSE; echo 'CHEATER!!!'; exit;
function LoadTheHTML($thehtmlfile, $allrows, $logname, $mulitrow, $depth = 1, $changeoncol = '*') { /* * funtion to do row-by-row replacements on html file. final result should be an * html ready to display to the client. * * $thehtmlfile : name of the $_SESSION['html'] key that holds the html text * $allrows : an array of arrays of objects. the first key must match the name of the html file that * will use that particular data. objects, represetning all rows of the data make up the second key * $depth : just for debugging info to tell you how many times the function has recursivly called itself * $multirow : either 1 or x. tells the function that only one row of data is expected for the sake of * doing replacements (there is then no need to repeat the html multiple times) * $changeoncol : column that will dictate the changing of the row color. when this column changes * from one row of data to the next, the color of the row will change too. '*' * means the row color will change every time * * for testing purposes, leftover replacement fields are NOT removed. */ if ($depth > 100) { //prevent infinte loops exit; } $indent = substr(' ', 0, $depth); logit($logname, $indent . 'Loading HTML: ' . $thehtmlfile); $therow = ''; // initialze some vars if (!key_exists($thehtmlfile, $_SESSION['html'])) { logit($logname, $indent . ' **ERROR** the html is MISSING'); exit; } $thehtml = $_SESSION['html'][$thehtmlfile]; $rowtype = 'ReportDetailsEvenDataRow'; // check if there are html's inside this html $i = 0; while (strpos($thehtml, '%%%') != 0 and $i < 10) { // get next html replacement $nextpiece = substr($thehtml, strpos($thehtml, '%%%') + 3); $nextpiece = substr($nextpiece, 0, strpos($nextpiece, '%%%')); //fill var that indicates multi or single row replacements $nextmulitrow = substr($thehtml, strpos($thehtml, '%%%') + 3, 1); //extract the html name $thehtmlname = substr($nextpiece, 2); // get the color change col if present if (strpos($thehtmlname, '|') > 1) { $changeoncol = substr($thehtmlname, strpos($thehtmlname, '|') + 1); //$changeoncol = substr($changeoncol,0,strlen($changeoncol)-3); $thehtmlname = substr($thehtmlname, 0, strpos($thehtmlname, '|')); } else { $changeoncol = '*'; } $newstuff = LoadTheHTML($thehtmlname, $allrows, $logname, $nextmulitrow, $depth + 1, $changeoncol); $thehtml = str_replace('%%%' . $nextpiece . '%%%', $newstuff, $thehtml); $i++; } //for each row of data in the query $lastchangeonvalue = '~%~%~'; if ($mulitrow == 'x') { foreach ($allrows[$thehtmlfile] as $row) { $therow .= $thehtml; //alternating row colors if ($changeoncol == '*' or $row->{$changeoncol} != $lastchangeonvalue) { if ($changeoncol != '*') { $lastchangeonvalue = $row->{$changeoncol}; } if ($rowtype != 'ReportDetailsEvenDataRow') { $rowtype = 'ReportDetailsEvenDataRow'; } else { $rowtype = 'ReportDetailsOddDataRow'; } } $therow = str_replace('%%rowtype%%', $rowtype, $therow); // set tooltips if any if (strpos($therow, '%%tooltip|') != 0) { if (!isset($pdowebcntrl)) { $pdowebcntrl = PDOconnect('wc2', $_SESSION["wc2host"], $logname); } while (strpos($therow, '%%tooltip|') != 0) { $thecol = substr($therow, strpos($therow, '%%tooltip|') + 10); $thecol = substr($thecol, 0, strpos($thecol, '%%')); $thecolvalue = (array) $row; $therow = str_replace('%%tooltip|' . $thecol . '%%', CreateToolTip($thehtmlfile, $thecol, $thecolvalue[$thecol], $_SESSION["userlanguage"], $pdowebcntrl, 'left', $logname), $therow); } } //for each column of the row of data, replace the merge fields with the data form the query foreach ($row as $key => $value) { $therow = str_replace('%%data-' . $key . '%%', $value, $therow); //echo $key.' '; } //echo '<br>'; } } else { if ($mulitrow == '1' or isset($allrows[$thehtmlfile][0])) { // not a multi row $therow .= $thehtml; // set tooltips if any if (strpos($therow, '%%tooltip|') != 0) { if (!isset($pdowebcntrl)) { $pdowebcntrl = PDOconnect('wc2', $_SESSION["wc2host"], $logname); } while (strpos($therow, '%%tooltip|') != 0) { $thecol = substr($therow, strpos($therow, '%%tooltip|') + 10); $thecol = substr($thecol, 0, strpos($thecol, '%%')); //echo ' ' . $thecol; $therow = str_replace('%%tooltip|' . $thecol . '%%', CreateToolTip($thehtmlfile, $thecol, '', $_SESSION["userlanguage"], $pdowebcntrl, 'left', $logname), $therow); } } //for each column of the row of data (if there is any data), replace the merge fields with the data form the query if (isset($allrows[$thehtmlfile][0])) { //var_dump($allrows[$thehtmlfile][0]); foreach ($allrows[$thehtmlfile][0] as $key => $value) { $therow = str_replace('%%data-' . $key . '%%', $value, $therow); } } } } // put menu in if (isset($_SESSION['viewlevel'])) { if ($_SESSION['viewlevel'] == 5) { $therow = str_replace('%%vertmenu%%', $_SESSION['usermenu-account'], $therow); } else { $therow = str_replace('%%vertmenu%%', $_SESSION['usermenu-field'], $therow); } } //localization replacements // foreach ($_SESSION['local'] as $key => $value) { //$therow = str_replace('%%local-' . $key . '%%', $value, $therow); //logit($logname, $key); //} //clientdefault replacements foreach ($_SESSION['clientdefaults'] as $key => $value) { $therow = str_replace('%%clientdefaults-' . $key . '%%', $value, $therow); //logit($logname, $key); } // other misc replacements (accountinfo, userinfo, languagebar) foreach ($_SESSION as $key => $value) { if (!is_array($value)) { $therow = str_replace('%%' . $key . '%%', $value, $therow); // echo $value.'<br>'; } } // erase any leftovers ONLY when running under production if ($_SERVER['SERVER_NAME'] != 'localhost') { $therow = preg_replace('/%%.+%%/', '', $therow); } return $therow; }
/** * subCount($name, $group) * * get submission count for a user name and group number * **/ function subCount($name, $group) { // connect to database server and return handle $dbhandle = PDOconnect(); // set some common variables $stmt = null; $results = null; // MySQL statement $sql = "SELECT count(*) FROM leader_board WHERE grp = :grp1 AND " . "name = :name"; // prepare the statement and get statement object $stmt = $dbhandle->prepare($sql); // bind parameter to variable name for a statement object $stmt->bindParam(":grp1", $group); $stmt->bindParam(":name", $name); // execute or catch the error try { // if execute successful fetch results as associative array if ($stmt->execute() !== false) { $results = $stmt->fetchAll(PDO::FETCH_ASSOC); } } catch (PDOException $error) { // return the error message return $error->getMessage(); } // return contents of two dimensional array return $results[0]['count(*)']; }
<?php date_default_timezone_set('America/Chicago'); //America/Chicago echo date("l F j, Y @ g:i:s a T") . "<br>"; //print_r($_POST); include '../include/helfun.php'; $dbhandle = PDOconnect(); // set some common variables $stmt = null; $results = null; // MySQL statement $sql = "select id, grp, name, min(total) as total, dload, tcheck, size, unload, " . "mem, typ from leader_board group by name order by total"; /** [id] => 47 [grp] => 3 [name] => AlexGierczyk [total] => 0.1982 [dload] => 0.0606 [tcheck] => 0.1209 [size] => 0 [unload] => 0.0176 [mem] => 7.09676 [typ] => Hash Table **/ // prepare the statement and get statement object // $stmt = $dbhandle->prepare($sql); // bind parameter to variable name for a statement object //$stmt->bindParam(":grp1", $group); //$stmt->bindParam(":name", $name);
<?php header("location: /"); exit; include "../include/helfun.php"; $mySQL_Handle = PDOconnect(); $grp = 6; $rows = getPut("rows", $grp); $outFileHandle = fopen('../include/archive2014/rows_0.txt', 'w'); foreach ($rows as $row) { $line = $row['name'] . "," . $row['total'] . "," . $row['dload'] . "," . $row['tcheck'] . "," . $row['size'] . "," . $row['unload'] . "," . $row['mem'] . "," . $row['typ'] . "\r\n"; fwrite($outFileHandle, $line); } echo "done";