function checkEmailKey($key, $userID)
{
$curDate = date("Y-m-d H:i:s");
$sql = "SELECT `UserID` FROM `recoveryemails` WHERE `Key` = ? AND `UserID` = ? AND `expDate` >= ?";
$data = my_query('sis', array(&$key, &$userID, &$curDate), $sql);
$numRows = getNumRows('sis', array(&$key, &$userID, &$curDate), $sql);
if ($numRows > 0 && $data['UserID'] != '') {
return array('status' => true, 'userID' => $data['UserID']);
}
return false;
}
$name = $dataInfo['keyword'];
$linkUrl = $dataInfo['linkUrl'];
$linkImage = $dataInfo['linkImage'];
include "keywords_add.inc.php";
} else {
$error_message = $strNoExits;
include "error_web.php";
}
} else {
//查找和浏览
$title = "{$strKeywordsTitle}";
if ($order == "") {
$order = "id";
}
//Find condition
$find = "";
if ($seekname != "") {
$find .= " and (name like '%{$seekname}%')";
}
if ($find != "") {
$find = substr($find, 5);
$sql = "select * from " . $DBPrefix . "keywords where {$find} order by {$order}";
$nums_sql = "select count(id) as numRows from " . $DBPrefix . "keywords where {$find}";
} else {
$sql = "select * from " . $DBPrefix . "keywords order by {$order}";
$nums_sql = "select count(id) as numRows from " . $DBPrefix . "keywords";
}
$total_num = getNumRows($nums_sql);
include "keywords_list.inc.php";
}
}
}
if (null == $id) {
header("Location: index");
}
if (!empty($_POST)) {
// keep track validation errors
$nameError = null;
// keep track post values
$name = $_POST['name'];
// validate input
$valid = true;
if (empty($name)) {
$nameError = 'Please enter name';
$valid = false;
}
$numRows = getNumRows('s', array(&$name), "SELECT name FROM organization WHERE id=?");
$db_result = my_query('i', array(&$id), "SELECT name FROM organization where ID=?");
if ($valid) {
$params = array(&$name, &$id);
$sql = "UPDATE organization set name = ? where id = ?";
my_update('si', $params, $sql);
$_SESSION['crud_update_success'] = true;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<head>
<title>dStory Viewer</title>
<link rel="stylesheet" type="text/css" href="dstory.css" media="screen" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<div id="wrapper">
<div class="main">
<?php
//$search="WHERE (MATCH(title,description) AGAINST ('school education parent grade' IN BOOLEAN MODE))";
//$search="WHERE (MATCH(title,description) AGAINST ('theory' IN BOOLEAN MODE))";
$search = "";
// get rows
$num_rows = getNumRows($search);
$pages = new Paginator();
$pages->items_total = $num_rows;
$pages->mid_range = 9;
echo "<div class=\"paginate\">";
$pages->paginate();
echo $pages->display_pages();
echo "<span style=\"margin-left:25px\"> " . $pages->display_jump_menu() . $pages->display_items_per_page() . "</span>";
echo "</div>\n";
// print the stories
printStoriesPaginator($pages, $search);
echo "<div class=\"paginate\">" . $pages->display_pages() . "</div>";
echo "<p>Page {$pages->current_page} of {$pages->num_pages} </p>";
include 'closedb.php';
?>
$valid = true;
if (empty($name)) {
$nameError = 'Please enter Username';
$valid = false;
}
if (empty($email)) {
$emailError = 'Please enter Email Address';
$valid = false;
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailError = 'Please enter a valid Email Address';
$valid = false;
}
}
$numRows = getNumRows('s', array(&$name), "SELECT Username FROM user WHERE username=?");
$numRows1 = getNumRows('s', array(&$email), "SELECT Username FROM user WHERE email=?");
$db_result = my_query('i', array(&$id), "SELECT Username, Email FROM user where ID=?");
if ($valid) {
// Username is free
if ($numRows == 0 && $numRows1 == 0 || strcmp($name, $db_result['Username']) == 0 && strcmp($email, $db_result['Email']) == 0) {
if (isset($_POST['password'])) {
$h_password = password_hash($password, PASSWORD_BCRYPT, $options);
}
if ($_SESSION['admin'] == 1) {
$params = array(&$name, &$email, &$h_password, &$level, &$id);
$sql = "UPDATE user set Username = ?, Email = ?, Password = ?, admin = ? WHERE ID = ?";
my_update('sssii', $params, $sql);
} else {
$params = array(&$name, &$email, &$h_password, &$id);
$sql = "UPDATE user set Username = ?, Email = ?, Password = ? WHERE ID = ?";
my_update('sssi', $params, $sql);
function pageController()
{
// Login information for db_connect.php.
require '../park_login.php';
// How we call to connect to the db via an outside file.
require '../db_connect.php';
// Calling file of functions for Input aka $_GET.
require '../Input.php';
// "&& is_numeric" prevents letter inputs into browser query string.
// "round(abs())" prevents decimals and negative numbers as input to browser query string.
$page = Input::has('page') && is_numeric(Input::get('page')) ? round(abs(Input::get('page'))) : 1;
// Prevents page numbers less than 1. 0 causes problems by making a negative $offset.
if ($page < 1) {
$page = 1;
}
// Prevents changes to browser query string for limit value. 'newlimit' is tied to the Change Rows button.
$limit = Input::has('newlimit') && is_numeric(Input::get('newlimit')) ? abs(intval(Input::get('newlimit'))) : 3;
$offset = $page * $limit - $limit;
// Gets the total number of rows of data.
function getNumRows($dbc)
{
$stmt = $dbc->prepare('SELECT * FROM national_parks');
$stmt->execute();
$rowTotal = $stmt->rowCount();
return $rowTotal;
}
$rowTotal = getNumRows($dbc);
// Dividing $rowTotal by $limit gives us the number of pages to hold the data.
$numOfPages = ceil($rowTotal / $limit);
// Prevents page numbers more than the total number of pages.
if ($page > $numOfPages) {
$page = $numOfPages;
$offset = $page * $limit - $limit;
}
// Uses variables of $limit and $offset to run the SELECT query in a scalable way.
function getAllParks($dbc, $limit, $offset)
{
$stmt = $dbc->prepare('SELECT * FROM national_parks ORDER BY name LIMIT :limit OFFSET :offset');
$stmt->bindValue(':limit', $limit, PDO::PARAM_INT);
$stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$stmt->execute();
$parksArray = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $parksArray;
}
function getAllAllParks($dbc)
{
$stmt = $dbc->prepare('SELECT * FROM national_parks ORDER BY name');
$stmt->execute();
$parksAllArray = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $parksAllArray;
}
$parksArray = getAllParks($dbc, $limit, $offset);
$parksAllArray = getAllAllParks($dbc);
// Uses the 'Submit A National Park' form to insert new values to the table and database.
function insertParks($dbc)
{
// Now calls on the Input class's getString and getDate methods with try catches.
// Try catch create an array of errors for passing to the user in the HTML.
$errorArray = [];
try {
$name = Input::getString('name', 0, 50);
} catch (Exception $e) {
$error = $e->getMessage();
$errorArray['errName'] = $error;
}
try {
$location = Input::getString('location', 0, 50);
} catch (Exception $e) {
$error = $e->getMessage();
$errorArray['errLoc'] = $error;
}
try {
$date_established = Input::getDate('date_established', '1776-07-04', 'next month');
$date_established = $date_established->format('Y-m-d');
} catch (Exception $e) {
$error = $e->getMessage();
$errorArray['errDate'] = $error;
}
try {
$area_in_acres = Input::getNumber('area_in_acres', 0, 375000000);
} catch (Exception $e) {
$error = $e->getMessage();
$errorArray['errArea'] = $error;
}
try {
$description = Input::getString('description', 0, 500);
} catch (Exception $e) {
$error = $e->getMessage();
$errorArray['errDes'] = $error;
}
// If the $errorArray is not empty, this will return out of the method before binding values and executing below. The $errorArray returns with an array of strings.
if (!empty($errorArray)) {
return $errorArray;
}
$stmt = $dbc->prepare('INSERT INTO national_parks (name, location, date_established, area_in_acres, description) VALUES (:name, :location, :date_established, :area_in_acres, :description)');
$stmt->bindValue(':name', $name, PDO::PARAM_STR);
$stmt->bindValue(':location', $location, PDO::PARAM_STR);
$stmt->bindValue(':date_established', $date_established, PDO::PARAM_STR);
$stmt->bindValue(':area_in_acres', $area_in_acres, PDO::PARAM_STR);
$stmt->bindValue(':description', $description, PDO::PARAM_STR);
$stmt->execute();
}
// Uses the 'Delete A Park' form to delete a row of data from the table and database.
function deletePark($dbc)
{
$park_to_delete = Input::get('park_to_delete');
$stmt = $dbc->prepare('DELETE FROM national_parks WHERE id = :park_to_delete');
$stmt->bindValue(':park_to_delete', $park_to_delete, PDO::PARAM_INT);
$stmt->execute();
}
// Logic that checks for $_POST values and empty string before running the functions to insert or delete.
// Additionally, saves a different $noteToUser variable and $errorArray to show the user in the HTML.
$noteToUser = '';
$errorArray = [''];
$formName = '';
$formLoc = '';
$formDate = '';
$formArea = '';
$formDes = '';
if (!empty($_POST)) {
if (Input::notEmpty('name') && Input::notEmpty('location') && Input::notEmpty('date_established') && Input::notEmpty('area_in_acres') && Input::notEmpty('description')) {
// If insertsParks() throws exceptions, it returns an array of strings. If no exceptions thrown, null.
$errorArray = insertParks($dbc);
$parksArray = getAllParks($dbc, $limit, $offset);
$parksAllArray = getAllAllParks($dbc);
$rowTotal = getNumRows($dbc);
// This if checks the $errorArray, if empty insertParks() did not throw exception and it worked.
if ($errorArray == []) {
$noteToUser = '******';
$errorArray = [''];
} else {
$formName = Input::get('name');
$formLoc = Input::get('location');
$formDate = Input::get('date_established');
$formArea = Input::get('area_in_acres');
$formDes = Input::get('description');
}
} elseif (Input::notEmpty('park_to_delete')) {
deletePark($dbc);
$parksArray = getAllParks($dbc, $limit, $offset);
$parksAllArray = getAllAllParks($dbc);
$rowTotal = getNumRows($dbc);
$noteToUser = '******';
} else {
$noteToUser = '******';
}
}
return array('parksArray' => $parksArray, 'parksAllArray' => $parksAllArray, 'page' => $page, 'limit' => $limit, 'offset' => $offset, 'rowTotal' => $rowTotal, 'numOfPages' => $numOfPages, 'noteToUser' => $noteToUser, 'errorArray' => $errorArray, 'formName' => $formName, 'formLoc' => $formLoc, 'formDate' => $formDate, 'formArea' => $formArea, 'formDes' => $formDes);
}
session_start();
require_once '../../lib/dbcon.php';
require_once '../../lib/func.php';
require_once '../../lib/pagination_class.php';
require_once '../../lib/tglindo.php';
$mnu = 'setbiaya';
$tb = 'psb_' . $mnu;
if (!isset($_POST['aksi'])) {
$out = json_encode(array('status' => 'invalid_no_post'));
} else {
switch ($_POST['aksi']) {
// -----------------------------------------------------------------
case 'tampil':
$kelompok = isset($_POST['kelompokS']) ? $_POST['kelompokS'] : '';
$nGol = getNumRows('golongan');
$nTing = getNumRows2('tingkat');
checkSetBiaya($kelompok);
$sql = 'SELECT
k.tingkat,
k.replid,
(
SELECT
count(*)
FROM
psb_golongan
) jumgol
FROM
aka_tingkat k';
// print_r($sql);exit();
if (isset($_POST['starting'])) {
require_once '../../lib/func.php';
require_once '../../lib/pagination_class.php';
require_once '../../lib/tglindo.php';
$mnu = 'setbiaya';
$tb = 'psb_'.$mnu;
if(!isset($_POST['aksi'])){
$out=json_encode(array('status'=>'invalid_no_post'));
// $out=['status'=>'invalid_no_post'];
}else{
switch ($_POST['aksi']) {
// -----------------------------------------------------------------
case 'tampil':
$kelompok = isset($_POST['kelompokS'])?filter(trim($_POST['kelompokS'])):'';
$nGol = getNumRows('golongan');
$nKrit = getNumRows('kriteria');
checkSetBiaya($kelompok);
$sql ='SELECT
k.kriteria,
k.replid,(
SELECT count(*)
FROM psb_golongan
) jumgol
FROM
psb_kriteria k';
// print_r($sql);exit();
if(isset($_POST['starting'])){
$starting=$_POST['starting'];
}else{
$starting=0;
if (trim($_POST['user']) == '') {
warn('Indique el usuario');
header('Location: login.php');
exit;
}
if (trim($_POST['password']) == '') {
warn('Indique la contraseña');
header('Location: login.php');
exit;
}
$host = $cfg['db_corporativo']['host'];
$user = $cfg['db_corporativo']['user'];
$pass = $cfg['db_corporativo']['password'];
$database = $cfg['db_corporativo']['database'];
$linkCorporativo = createLink($host, $user, $pass, $database);
$user = strtoupper($_POST['user']);
$pass = $_POST['password'];
$result = doQuery(sqlUsuario($user, $pass, $linkCorporativo), $linkCorporativo, $err);
if (getNumRows($result) == 0) {
err('Datos incorrectos, verifique');
header('Location: login.php');
exit;
} else {
$usuario = getDict($result);
$_SESSION['clave_usuario'] = $usuario['clave_usuario'];
$_SESSION['autentificado'] = true;
$_SESSION['last_activity'] = $_SERVER['REQUEST_TIME'];
header('Location: index.php');
}
doClose($linkCorporativo);
}
}
if (empty($email)) {
$emailError = 'Please enter Email Address';
$valid = false;
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailError = 'Please enter a valid Email Address';
$valid = false;
}
}
if (empty($password)) {
$passwordError = 'Please enter Password';
$valid = false;
}
$sql = "SELECT Username FROM user WHERE username=? OR email=?";
$numRows = getNumRows('ss', array(&$name, &$email), $sql);
if ($valid) {
// Username is free
if ($numRows == 0) {
$h_password = password_hash($password, PASSWORD_BCRYPT, $options);
$param = array(&$name, &$email, &$h_password, &$orgID);
$sql = "INSERT INTO user (username, email, password, orgID) VALUES (?, ?, ?, ?)";
my_update('sssi', $param, $sql);
header("Location: index");
} else {
//username is taken
$_SESSION['crud_already_username'] = true;
}
}
my_disconnect();
}
