function db_get_course_name($id)
{
$id = db_clean($id);
$sql = "SELECT namn FROM kurs WHERE id='{$id}' LIMIT 1";
$r = mysql_fetch_array(mysql_query($sql));
return $r['namn'];
}
function _fields()
{
$data = array (
'langname' => strtolower(db_clean($_POST['langname'])),
'status' => db_clean($_POST['status']),
);
return $data;
}
function _fields()
{
$data = array(
'email' => db_clean($_POST['mail']),
'password' => $this->userlib->encode_password($_POST['password0'])
);
return $data;
}
function updateEmployee()
{
$birthday = isset($_POST['birthday']) ? $_POST['birthday'] : '0-0-0';
$array_birth = explode('-', $birthday);
$enterday = isset($_POST['enterday']) ? $_POST['enterday'] : '0-0-0';
$array_enter = explode('-', $enterday);
$data = array('name' => db_clean($_POST['name']), 'dept_id' => id_clean($_POST['dept_id']), 'position' => db_clean($_POST['position']), 'mobile' => db_clean($_POST['mobile']), 'telephone' => db_clean($_POST['telephone']), 'address' => db_clean($_POST['address']), 'zipcode' => db_clean($_POST['zipcode']), 'birth_year' => id_clean($array_birth[0]), 'birth_month' => id_clean($array_birth[1]), 'birth_day' => id_clean($array_birth[2]), 'enter_year' => id_clean($array_enter[0]), 'enter_month' => id_clean($array_enter[1]), 'enter_day' => id_clean($array_enter[2]), 'idcard' => db_clean($_POST['idcard']), 'graduateschool' => db_clean($_POST['graduateschool']), 'education' => db_clean($_POST['education']));
$this->db->where('id', $_POST['id']);
$this->db->update('yz_employees', $data);
}
function _fields()
{
$temp = str_replace("@$%#@", 'style="color: ',$_POST['backup']);
$temp = str_replace("&$%#@", 'style="background-color: ',$temp);
$data = array(
'title' => db_clean($_POST['title']),
'content' => $temp
);
return $data;
}
function updateSubscriber()
{
$data = array(
'name' => db_clean($_POST['name']),
'email' => db_clean($_POST['email'])
);
$this->db->where('id', id_clean($_POST['id']));
$this->db->update('omc_subscribers', $data);
}
function _feild()
{
$data = array(
'name' => db_clean($_POST['name']),
'shortdesc' => db_clean($_POST['shortdesc']),
'longdesc' => db_clean($_POST['longdesc'],5000),
'status' => db_clean($_POST['status'],8),
'image' => $this->input->post('image'),
);
return $data;
}
function updateDepartment($id, $name)
{
$data = array('name' => db_clean($name));
$this->db->where('id', $id);
$this->db->update('yz_departments', $data);
if ($this->db->affected_rows() > 0) {
return true;
} else {
return false;
}
}
function _fields()
{
$data = array(
'yahoo_nick1' => db_clean($_POST['online1']),
'yahoo_nick2' => db_clean($_POST['online2']),
'name' => db_clean($_POST['name']),
'phone' => db_clean($_POST['phone'])
);
return $data;
}
function updateUser()
{
$data = array(
'username' => db_clean($_POST['username'], 16),
'e-mail' => db_clean($_POST['email'], 255),
'status' => db_clean($_POST['status'], 8),
'password' => db_clean(hash('md5', $_POST['password']), 16)
);
$this->db->where('id', id_clean($_POST['id']));
$this->db->update('admins', $data);
}
function _fields_settings()
{
$data = array(
'site_name' => db_clean($_POST['SITE_NAME']),
'site_url' => db_clean($_POST['SITE_URL']),
'site_secure' => db_clean($_POST['SITE_URL_SECURE']),
'friendly_url' => db_clean($_POST['FRIENDLY_URL']),
'temporary' => db_clean($_POST['temporary_close'])
);
return $data;
}
function _fields()
{
$data = array(
'name' => db_clean($_POST['name']),
'metadesc' => db_clean($_POST['metadesc']),
'metakeyword' => db_clean($_POST['metakeyword']),
'shortdesc' => db_clean($_POST['shortdesc']),
'longdesc' => $this->input->post('longdesc'),
'is_display_in_menu' => $_POST['is_display_in_menu'],
'parentid' => $_POST['parent_id']
);
return $data;
}
function _feild()
{
$data = array(
'name' => db_clean($_POST['name']),
'shortdesc' => db_clean($_POST['shortdesc']),
'longdesc' => db_clean($_POST['longdesc'],5000),
'status' => db_clean($_POST['status'],8),
'slide_order' => db_clean($_POST['slide_order']),
'thumbnail' => db_clean($_POST['thumbnail']),
'image' => db_clean($_POST['image']),
);
return $data;
}
function _feild()
{
$data = array(
'name' => db_clean($_POST['name']),
'shortdesc' => db_clean($_POST['shortdesc']),
'longdesc' => db_clean($_POST['longdesc'],5000),
'status' => db_clean($_POST['status'],8),
'slide_order' => db_clean($_POST['slide_order']),
'thumbnail' => db_clean($_POST['thumbnail']),
'image' => db_clean($_POST['image']),
'readmorelink' => $this->input->post('readmorelink'),
);
return $data;
}
function _fields()
{
$data = array(
'customer_first_name' => db_clean($_POST['customer_first_name'],25),
'customer_last_name' => db_clean($_POST['customer_last_name'],25),
'phone_number' => db_clean($_POST['phone_number'],15),
'email' => db_clean($_POST['email'],50),
'address' => db_clean($_POST['address'],50),
'city' => db_clean($_POST['city'],25),
'post_code' => db_clean($_POST['post_code'],10),
'password' => db_clean(do_hash($_POST['password']),16)
);
return $data;
}
function _fields()
{
//$content=htmlentities($this->input->post('content'));
$data = array(
'name' => db_clean($_POST['name']),
'metakeyword' => db_clean($_POST['metakeyword']),
'metadesc' => db_clean($_POST['metadesc']),
'path' => db_clean($_POST['path']),
'content' => $this->input->post('content'),
'status' => db_clean($_POST['status'],8),
'lang_id' => $this->input->post('lang_id'),
);
return $data;
}
function updatePage()
{
$data = array(
'name' => db_clean($_POST['name']),
'keywords' => db_clean($_POST['keywords']),
'description' => db_clean($_POST['description']),
'status' => db_clean($_POST['status'], 8),
'path' => db_clean($_POST['path']),
'content' => $_POST['content']
);
$this->db->where('id', $_POST['id']);
$this->db->update('pages', $data);
}
function checkSubscriber($email)
{
$numrow = 0;
$this->db->select('id');
$this->db->where('email', db_clean($email));
$this->db->limit(1);
$Q = $this->db->get('omc_subscribers');
if ($Q->num_rows() > 0) {
$numrow = TRUE;
return $numrow;
} else {
$numrow = FALSE;
return $numrow;
}
}
function _fields()
{
$data = array(
'name' => db_clean($_POST['name']),
'shortdesc' => db_clean($_POST['shortdesc']),
'status' => db_clean($_POST['status'],8),
'parentid' => id_clean($_POST['parentid']),
'order' => id_clean($_POST['order'],10),
'page_uri_id' => db_clean($_POST['page_uri_id']),
'lang_id' => db_clean($_POST['lang_id']),
'menu_id' => db_clean($_POST['menu_id'])
);
// $this->MKaimonokago->addItem($this->module, $data);
return $data;
}
function updateRole()
{
$data = array('name' => db_clean($_POST['name']), 'description' => db_clean($_POST['description']));
$this->db->where('role_id', $_POST['roleid']);
$this->db->update('yz_roles', $data);
$this->db->where('role_id', $_POST['roleid']);
$this->db->delete('yz_roles_actions');
$actions = $_POST['actionItems'];
$array_actions = explode(',', $actions);
if (count($array_actions)) {
foreach ($array_actions as $value) {
$data = array('role_id' => $_POST['roleid'], 'action_id' => intval($value));
$this->db->insert('yz_roles_actions', $data);
}
}
}
function _fields()
{
$data = array(
'name' => db_clean($_POST['name']),
'metadesc' => db_clean($_POST['metadesc']),
'metakeyword' => db_clean($_POST['metakeyword']),
'shortdesc' => db_clean($_POST['shortdesc']),
'longdesc' => $this->input->post('longdesc'),
'status' => db_clean($_POST['status'],8),
'parentid' => id_clean($_POST['parentid']),
'lang_id' => id_clean($_POST['lang_id']),
'order' => id_clean($_POST['order'],10),
'table_id' => id_clean($_POST['table_id'])
);
// $this->MKaimonokago->addItem($this->module, $data);
return $data;
}
function updateUser()
{
$data = array('username' => db_clean($_POST['username']), 'password' => md5($_POST['password']), 'email' => db_clean($_POST['email']), 'group' => id_clean($_POST['group']), 'status' => id_clean($_POST['status']));
$this->db->where('uid', $_POST['uid']);
$this->db->update('yz_users', $data);
/* $this->db->where('roleid', $_POST['roleid']);
$this->db->delete('yz_role_action');
$actions= $_POST['actionItems'];
$array_actions=explode(',',$actions);
if (count($array_actions)){
foreach ($array_actions as $value){
$data = array('roleid' => $_POST['roleid'],
'actionid' => intval($value));
$this->db->insert('yz_role_action',$data);
}
} */
}
function updateCustomer()
{
$data = array('name' => db_clean($_POST['name']), 'contact' => db_clean($_POST['contact']), 'mobile' => db_clean($_POST['moblie']), 'phone' => db_clean($_POST['phone']), 'fax' => db_clean($_POST['fax']), 'addr' => db_clean($_POST['addr']), 'zipcode' => db_clean($_POST['zipcode']));
$this->db->where('id', $_POST['id']);
$this->db->update('yz_customers', $data);
/* $this->db->where('roleid', $_POST['roleid']);
$this->db->delete('yz_role_action');
$actions= $_POST['actionItems'];
$array_actions=explode(',',$actions);
if (count($array_actions)){
foreach ($array_actions as $value){
$data = array('roleid' => $_POST['roleid'],
'actionid' => intval($value));
$this->db->insert('yz_role_action',$data);
}
} */
}
function verifyCustomer($e, $pw)
{
$this->db->where('email', db_clean($e, 50));
$this->db->where('password', db_clean(dohash($pw), 16));
$this->db->limit(1);
$Q = $this->db->get('omc_customer');
if ($Q->num_rows() > 0) {
$row = $Q->row_array();
$_SESSION['customer_id'] = $row['customer_id'];
$_SESSION['customer_first_name'] = $row['customer_first_name'];
$_SESSION['customer_last_name'] = $row['customer_last_name'];
$_SESSION['phone_number'] = $row['phone_number'];
$_SESSION['email'] = $row['email'];
$_SESSION['address'] = $row['address'];
$_SESSION['city'] = $row['city'];
$_SESSION['post_code'] = $row['post_code'];
} else {
// $_SESSION['customer_id'] = 0; // this will eliminate error
}
}
<?php
session_start();
if (!isset($_SESSION['sendMe']['id'])) {
header("Location: index.php");
}
require 'config.php';
require 'functions.php';
$fid = explode("-", $_GET['file']);
$time = db_clean($fid[0]);
$name = db_clean($fid[1]);
$safe_name = $time . "-" . $name;
// om vi postar en kommentar/betyg
if (isset($_POST['submitGrade'])) {
$comments = db_clean($_POST['comments']);
$grade = db_clean($_POST['grade']);
if ($grade == 0) {
$message = "Du måste ange ett omdöme/betyg för uppgiften.";
} else {
$sql = "SELECT id FROM uppgifter WHERE name_orig='{$name}' AND inlamnad='{$time}' LIMIT 1";
$r = mysql_fetch_array(mysql_query($sql));
$uid = $r['id'];
// lagra
$update_sql = "UPDATE uppgifter SET rattad='1', rattad_av='" . $_SESSION['sendMe']['id'] . "', betyg='" . $grade . "' WHERE id='{$uid}'";
$update_query = mysql_query($update_sql);
$insert_sql = sprintf("INSERT INTO kommentar(uppgift_id, kommentar, tid, kommentar_av) VALUES('%s','%s','%s','%s')", $uid, $comments, time(), $_SESSION['sendMe']['id']);
$insert_query = mysql_query($insert_sql);
$message = "Din kommentar och ditt omdöme registerades.";
unset($_POST);
}
}
function _fields()
{
$data = array('name' => db_clean($_POST['name']), 'shortdesc' => db_clean($_POST['shortdesc']), 'longdesc' => db_clean($_POST['longdesc'], 5000), 'status' => db_clean($_POST['status'], 8), 'parentid' => id_clean($_POST['parentid']), 'lang_id' => id_clean($_POST['lang_id']), 'table_id' => id_clean($_POST['table_id']));
// $this->MKaimonokago->addItem($this->module, $data);
return $data;
}
<?php
session_start();
if (!isset($_SESSION['sendMe']['id'])) {
header("Location: index.php");
}
require 'config.php';
require 'functions.php';
if (isset($_POST['submitAddCourse'])) {
$kurs_id = db_clean($_POST['kurs_id']);
//$message = $kurs_id;
$sql = "SELECT id FROM kurs_user WHERE user_id='" . $_SESSION['sendMe']['id'] . "' AND kurs_id='{$kurs_id}' LIMIT 1";
if (mysql_num_rows(mysql_query($sql)) == 1) {
$message = "Du är redan medlem i den kursen.";
} else {
$sql = "INSERT INTO kurs_user(user_id, kurs_id) VALUES('" . $_SESSION['sendMe']['id'] . "','" . $kurs_id . "')";
mysql_query($sql);
$message = "Du lades till i kursen " . db_get_course_name($kurs_id) . " .";
}
}
require 'top.php';
?>
<h1>SendMe :: Mina kurser</h1>
<p>Här kan du se vilka kurser du är medlem i och lägga till nya.</p>
<h2>Mina kurser</h2>
<?php
$sql = "SELECT kurs_id FROM kurs_user WHERE user_id='" . $_SESSION['sendMe']['id'] . "' AND active='1'";
$q = mysql_query($sql);
if (mysql_num_rows($q) > 0) {
print "<table>";
while ($r = mysql_fetch_array($q)) {
function emailorder()
{
$data['title'] = $this->preference->item('site_name') . " | " . "checkout";
// old way of validation, I hope Bep will update to CI 1.7.2
$fields['customerr_first_name'] = lang('orders_first_name');
$fields['customerr_last_name'] = lang('orders_last_name');
$fields['telephone'] = lang('webshop_mobile_tel');
$fields['email'] = lang('orders_email');
$fields['emaildonf'] = lang('orders_email_confirm');
$fields['shippingaddress'] = lang('orders_shipping_address');
$fields['city'] = lang('orders_post_code');
$fields['post_code'] = lang('orders_city');
$this->validation->set_fields($fields);
$rules['customer_first_name'] = 'trim|required|min_length[3]|max_length[20]';
$rules['customer_last_name'] = 'trim|required|min_length[3]|max_length[20]';
$rules['telephone'] = 'trim|required|min_length[8]|max_length[12]|numeric';
$rules['email'] = 'trim|required|matches[emailconf]|valid_email';
$rules['emailconf'] = 'trim|required|valid_email';
$rules['shippingaddress'] = 'required';
$rules['city'] = 'trim|required';
$rules['post_code'] = 'trim|required';
$this->validation->set_rules($rules);
$shippingprice = $this->shippingprice();
$data['shippingprice'] = $shippingprice['shippingprice'];
if ($this->validation->run() == FALSE) {
// $this->session->set_flashdata('msg', 'Please fill all the fields. Please try again!');
// send back to confirmorder. validation error will be displayed automatically
$this->validation->output_errors();
$data['page'] = $this->config->item('backendpro_template_shop') . 'confirmorder';
$data['module'] = $this->module;
$this->load->view($this->_container, $data);
} else {
/*
* If validation is ok, then
* 1. enter customer info to db through $this->MOrders->entercustomerinfo();
* 2. enter oder info to db through $this->MOrders->enterorderinfo();
* 3. enter oder items to db $this->MOrders->enterorderitems();
* 4. send email to the customer and me
* 5. redirect to ordersuccess page and display thanks message
*
*/
$totalprice = $_SESSION['totalprice'];
$this->MOrders->enterorder($totalprice);
//Create body of message by cleaning each field and then appending each name and value to it
$body = "<h1>" . lang('email_here_is') . "</h1><br />";
$email = db_clean($this->input->post('email'));
$lastname = db_clean($this->input->post('lname'));
$firstname = db_clean($this->input->post('fname'));
$name = $firstname + " " + $lastname;
// $shipping= 65;
$shipping = $_SESSION['shippingprice'];
$body .= "<table border='1' cellspacing='0' cellpadding='5' width='80%'><tr><td><b>" . lang('email_number_of_order') . "</b></td><td><b>" . lang('email_product_name') . "</b></td><td><b>" . lang('email_product_price') . "</b></td></tr>";
if (count($_SESSION['cart'])) {
$count = 1;
foreach ($_SESSION['cart'] as $PID => $row) {
$body .= "<tr><td><b>" . $row['count'] . "</b></td><td><b>" . $row['name'] . "</b></td><td><b>" . $row['price'] . "</b></td></tr>";
}
}
$grandtotal = (int) $totalprice + $shipping;
$body .= "<tr><td colspan='2'><b>" . lang('orders_sub_total_nor') . " </b></td><td colspan='1'><b>" . number_format($totalprice, 2, '.', ',') . "</b></td></tr>";
$body .= "<tr><td colspan='2'><b>" . lang('orders_shipping_nor') . " </b></td><td colspan='1'><b>" . number_format($shipping, 2, '.', ',') . "</b></td></tr>";
$body .= "<tr><td colspan='2'><b>" . lang('orders_total_with_shipping') . " </b></td><td colspan='1'><b>" . number_format($grandtotal, 2, '.', ',') . "</b></td></tr>";
$body .= "</table><br />";
$body .= "<table border=\"1\" cellspacing='0' cellpadding='5' width='80%'>";
$body .= "<tr><td><b>" . lang('orders_name') . ": </b></td><td><b>" . $_POST['customer_first_name'] . " " . $_POST['customer_last_name'] . "</b></td></tr>";
$body .= "<tr><td><b>" . lang('orders_email') . ": </b></td><td><b>" . $_POST['email'] . "</b></td></tr>";
$body .= "<tr><td><b>" . lang('webshop_mobile_tel') . ": </b></td><td><b>" . $_POST['telephone'] . "</b></td></tr>";
$body .= "<tr><td><b>" . lang('orders_shipping_address') . ": </b></td><td><b>" . $_POST['shippingaddress'] . "</b></td></tr>";
$body .= "<tr><td><b>" . lang('orders_post_code') . ": </b></td><td><b>" . $_POST['post_code'] . "</b></td></tr>";
$body .= "<tr><td><b>" . lang('orders_city') . ": </b></td><td><b>" . $_POST['city'] . "</b></td></tr>";
$body .= "</table>";
$body .= "<p><b>" . lang('email_we_will_call') . "</b></p>";
extract($_POST);
//removes newlines and returns from $email and $name so they can't smuggle extra email addresses for spammers
$headers = "Content-Type: text/html; charset=UTF-8\n";
$headers .= "Content-Transfer-Encoding: 8bit\n\n";
//Create header that puts email in From box along with name in parentheses and sends bcc to alternate address
$from = 'From: ' . $email . "(" . $name . ")" . "\r\n" . 'Bcc: admin@gmail.com' . "\r\n";
//Creates intelligible subject line that also shows me where it came from
$subject = 'webshop.com Order confirmation';
$admin_email = $this->preference->item('admin_email');
//Sends mail to me, with elements created above
mail($admin_email, $subject, $body, $headers, $from);
$site_name = $this->preference->item('site_name');
// Send confirmation email to the customer
mail($email, $subject, $body, $headers, $site_name);
// $this->session->set_flashdata('msg', 'Thank you for your order! We will get in touch as soon as possible.');
redirect($this->module . '/ordersuccess');
}
}
function updateColor()
{
$data = array('name' => db_clean($_POST['name'], 32), 'status' => db_clean($_POST['status'], 8));
$this->db->where('id', id_clean($_POST['id']));
$this->db->update('colors', $data);
}
function updateCategory()
{
$data = array(
'name' => db_clean($_POST['name']),
'shortdesc' => db_clean($_POST['shortdesc']),
'longdesc' => db_clean($_POST['longdesc'],5000),
'status' => db_clean($_POST['status'],8),
'parentid' => id_clean($_POST['parentid'])
);
$this->db->where('id', id_clean($_POST['id']));
$this->db->update('omc_category', $data);
}