<?php require 'init.php'; if (getVar('category')) { $articlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE articles.category_id = :category AND articles.private = 0 OR articles.private = :private ORDER BY articles.id DESC LIMIT :start,4 "); $articlesQuery->execute(array('category' => getVar('category'), 'start' => getVar('page') * 4, 'private' => isGuest())); $articles = $articlesQuery->fetchAll(); $allArticlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE articles.category_id = :category AND articles.private = 0 OR articles.private = :private"); $allArticlesQuery->execute(array('category' => getVar('category'), 'private' => isGuest())); } else { $articlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE articles.private = 0 OR articles.private = :private ORDER BY articles.id DESC LIMIT :start,4 "); $articlesQuery->execute(array('start' => getVar('page') * 4, 'private' => isGuest())); $articles = $articlesQuery->fetchAll(); $allArticlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE articles.private = 0 OR articles.private = :private"); $allArticlesQuery->execute(array('private' => isGuest())); } $maxPages = round($allArticlesQuery->rowCount() / 4); $categoriesQuery = $dbh->prepare("SELECT id, name FROM categories "); $categoriesQuery->execute(); $categories = $categoriesQuery->fetchAll(); $page = getVar('page') ? getVar('page') : 1; render('index', array('articles' => $articles, 'categories' => $categories, 'url' => 'index.php', 'npage' => $page, 'maxPages' => $maxPages));
<?php require 'init.php'; if (getVar('title')) { $addGallery = $dbh->prepare("INSERT INTO galleries (title, description, private) VALUES (:title, :description, :private)"); $addGallery->execute(array(':title' => getVar('title'), ':description' => getVar('description'), ':private', getVar('privacy'))); $galleryId = $dbh->lastInsertId(); mkdir('images/galleries/' . $galleryId); render('addpictures', array('galleryId' => $galleryId)); } else { if (getVar('gallery_id')) { $galleriesQuery = $dbh->prepare("SELECT id, title, description FROM galleries WHERE private = 0 OR private = :private"); $galleriesQuery->execute(array('private' => isGuest())); $galleries = $galleriesQuery->fetchAll(); render('pictures', array('galleries' => $galleries)); } else { render('addgallery'); } }
die('Error : (' . $dbcon->errno . ') ' . $dbcon->error); } $stmt->close(); unset($_SESSION['useraddress']); } header("Location: " . SITE_URL . "index.php?orders"); exit; } //when new order is being created set the order status as new. //new order to be created if there was no orderid in the session if ($sess_orderID == -1) { //order status could be new, shippingInfo, review, confirmed, cancelled, shipped, delivered, completed $_SESSION['orderStatus'] = $sess_orderStatus = "new"; } //in all above scenarios, the rest of the page needs to be executed $currUserEmail = isGuest() ? "" : getCurrentUserEmail(); $currUsertype = "2"; $curr_user = ['userid' => '', 'firstname' => '', 'lastname' => '', 'email' => '', 'phone' => '', 'gender' => '', 'address1' => '', 'address2' => '', 'city' => '', 'state' => '', 'postalcode' => '']; $order_add = ['email' => '', 'email' => '', 'ship_add1' => '', 'ship_add2' => '', 'ship_city' => '', 'ship_state' => '', 'ship_postal' => '', 'bill_add1' => '', 'bill_add2' => '', 'bill_city' => '', 'bill_state' => '', 'bill_postal' => '', 'paymenttype' => 'COD', 'phone' => '']; //if the user is not a guest, get the current user details to prefill the order form if (isset($_SESSION['userid'])) { $user_id = $_SESSION['userid']; $curr_user = []; $qry = "SELECT userid, firstname, lastname, email, phone, gender, address1, address2, city, state, postalcode, usertype from user WHERE userid={$user_id}"; if (!($stmt = $dbcon->prepare($qry))) { die('Prepare Error 1 : (' . $dbcon->errno . ') ' . $dbcon->error); } if (!$stmt->execute()) { die('Error : (' . $dbcon->errno . ') ' . $dbcon->error); } $stmt->store_result();
<?php require 'init.php'; $galleryQuery = $dbh->prepare("SELECT id, private, title, description FROM galleries WHERE id = :id"); $galleryQuery->execute(array(':id' => getVar('id'))); $gallery = $galleryQuery->fetch(); $picturesQuery = $dbh->prepare("SELECT id, number, gallery_id, name FROM pictures WHERE gallery_id = :id"); $picturesQuery->execute(array(':id' => getVar('id'))); $pictures = $picturesQuery->fetchAll(); if ($gallery['private'] && !isGuest()) { render('403'); } else { render('gallery', array('gallery' => $gallery, 'pictures' => $pictures)); }
<?php require 'init.php'; $articlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE (articles.title LIKE CONCAT('%', :searchTitle ,'%') OR articles.description LIKE CONCAT('%', :searchDescription ,'%') OR articles.content LIKE CONCAT('%', :searchContent ,'%')) AND articles.private = 0 OR articles.private = :private LIMIT :start,4 "); $articlesQuery->execute(array(':start' => getVar('page') * 4, ':private' => isGuest(), ':searchTitle' => getVar('search'), ':searchDescription' => getVar('search'), ':searchContent' => getVar('search'))); $articles = $articlesQuery->fetchAll(); $allArticlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE (articles.title LIKE CONCAT('%', :searchTitle ,'%') OR articles.description LIKE CONCAT('%', :searchDescription ,'%') OR articles.content LIKE CONCAT('%', :searchContent ,'%')) AND articles.private = 0 OR articles.private = :private"); $allArticlesQuery->execute(array('private' => isGuest(), ':searchTitle' => getVar('search'), ':searchDescription' => getVar('search'), ':searchContent' => getVar('search'))); $maxPages = round($allArticlesQuery->rowCount() / 4); $categoriesQuery = $dbh->prepare("SELECT id, name FROM categories "); $categoriesQuery->execute(); $categories = $categoriesQuery->fetchAll(); $page = getVar('page') ? getVar('page') : 1; render('index', array('articles' => $articles, 'categories' => $categories, 'url' => 'search.php', 'npage' => $page, 'maxPages' => $maxPages));
function tampilMenu() { if (cekSessiKunjung()) { $menu = array('Home' => '?act=HomeKunjung', 'Data Komentar' => '?act=DataKomentar', 'Sign Out' => 'logout.php'); } elseif (cekSessiAdmin()) { $menu = array('Informasi' => '?act=Home', 'About Program' => '?act=HomeAdmin', 'Sign Out' => 'logout.php'); } elseif (cekSessiKelas()) { $menu = array('About Program' => '?act=HomeAdmin', 'Set Tahun & Bulan' => '?act=InputTahun&action=TAMBAH', 'Sign Out' => 'logout.php'); } else { $menu = array('Informasi' => 'index.php?act=Home', 'About Program' => 'index.php?act=Kontak'); } echo "<ul id=\"navlist\">"; $i = 0; foreach ($menu as $key => $val) { $i++; if ($key == 'Sign Out') { $klik = "onclick=\"return confirm('Yakinkah anda akan logout.?');\""; } if (isGuest()) { if ($i == 1) { $last = "class='current_page_item'"; } } else { if ($i == 1) { $last = "class='current_page_item'"; } } echo "<li title='{$key}'><a href='{$val}' >{$key}</a></li>"; } echo "</ul>"; }
$prod_price = $_POST["product_price"]; $customized = 1; $prd_qry = "insert into products (price, mainimg, customized) VALUES (?, ?, ?)"; $ins_stmt = $dbcon->prepare($prd_qry); if (!$ins_stmt) { die('Prepare Error : (' . $dbcon->errno . ') ' . $dbcon->error); } $ins_stmt->bind_param('dsi', $prod_price, $customImgName, $customized); if ($ins_stmt->execute()) { $prodid = $ins_stmt->insert_id; } else { die('Insert Error : (' . $dbcon->errno . ') ' . $dbcon->error); } $ins_stmt->close(); $currUserEmail = isGuest() ? "guest" : getCurrentUserEmail(); $currUsertype = isGuest() ? "2" : "1"; $elem_qry = "INSERT into customdesign (`productid`, `elementid`,`leftPos`, `topPos`, `selectedImage`, `addedBy`, `addedByType` ) VALUES (?,?,?,?,?,?,?)"; $ins_stmt1 = $dbcon->prepare($elem_qry); if (!$ins_stmt1) { die('Prepare Error : (' . $dbcon->errno . ') ' . $dbcon->error); } foreach ($elements as $elem) { $ins_stmt1->bind_param('iiiisss', $prodid, $elem['id'], $elem['leftPos'], $elem['topPos'], $elem['selectedImage'], $currUserEmail, $currUsertype); if (!$ins_stmt1->execute()) { die('Custom Insert Error : (' . $dbcon->errno . ') ' . $dbcon->error); } } $ins_stmt1->close(); $result = "SUCCESS"; $earObj = array("pid" => $prodid, "imgName" => $customImgName, "price" => $prod_price); $custEarrings[] = $earObj;
function section_sendmessage() { require_once 'lib/common.php'; $vars = array('pid', 'tid', 'f_ok_x', 'toteam', 'reply', 'f_subject', 'f_msg', 'replying', 'repid', 'mid', 'link', 'dup'); $s_playerid = $_SESSION['playerid']; foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; } if (isGuest()) { return errorPage('Not Authorized'); } if ($dup) { echo '<BR><CENTER>Duplicate mail not sent (refresh or back button detected)<BR>'; return; } if (isset($pid)) { if ($toteam == 'yes' && isset($_POST['reply_team'])) { $team = mysql_fetch_object(mysql_query("select l_team.id, name from l_team, l_player where l_player.id={$pid} and l_team.id=team")); $tid = $team->id; } else { $toteam = 'no'; $player = mysql_fetch_object(mysql_query("select callsign from l_player where id={$pid}")); } } if (isset($tid)) { $team = mysql_fetch_object(mysql_query("select name from l_team where id={$tid}")); } $error = 1; if ($f_ok_x) { $error = 0; $f_msg = stripslashes($f_msg); if ($f_msg == '') { $error = 1; echo "<div class=error>You must write something to send a message</div>"; } } if ($error) { if (isset($toteam)) { if ($toteam == 'yes') { $rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>'; } else { $rcpt = '<a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>'; } } else { if (isset($tid)) { $rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>'; } else { $rcpt = 'player <a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>'; } } if (isset($reply)) { $msg = mysql_fetch_object(mysql_query($sql = "select * from l_message where msgid={$mid}")); $message = $msg->msg; $f_subject = $msg->subject; if (substr($f_subject, 0, 3) != 'Re:') { $f_subject = 'Re: ' . $f_subject; } // Strip subject if it's too long if (strlen($f_subject) > 80) { $f_subject = substr($f_subject, 0, 80); } echo "<table border=0 align=center cellspacing=0 cellpadding=1>\n <tr class=tablehead><td>Original message:</td></tr>\n <tr class=msgquote><td>"; echo stripslashes(nl2br($message)) . '</td></tr></table><br>'; // Quote initial message $f_msg = ereg_replace("\n", ">", ereg_replace("^", ">", $message)); $f_msg = $f_msg . "\n>\n"; $action = "Replying to "; } else { $action = "Sending a message to "; } echo '<center><form method=post>' . SID_FORM . $action . $rcpt . '.<br><br> Enter your message below:<br> Subject:<input type=text maxlength=80 size=60 name=f_subject value="' . $f_subject . '"><BR> <textarea cols=50 rows=15 name=f_msg>' . stripslashes($f_msg) . '</textarea> <hr><center> <input type=hidden name=link value=' . $link . '>'; snFormInit(); echo '<TABLE><TR><TD>' . htmlFormButton('SEND', 'f_ok_x') . '</td><TD width=10></td><TD>'; if (isset($pid)) { echo htmlURLbutton('Cancel', 'playerinfo', "id={$pid}", CLRBUT); } else { echo htmlURLbutton('Cancel', 'teaminfo', "id={$tid}", CLRBUT); } echo '</td></tr></table><input type=hidden name=link value=' . $link . '>'; if (isset($reply)) { // Flag that we are replying to a message echo '<input type=hidden name=replying value=1>'; echo '<input type=hidden name=repid value=' . $mid . '>'; } if (isset($tid)) { echo '<input type=hidden name=tid value=' . $tid . '>'; } else { echo '<input type=hidden name=pid value=' . $pid . '>'; } echo '</center></form></center>'; } else { // Do send the message echo "<center>Message sent, thank you!</center>"; snCheck('sendmessage', 'dup=1'); // If replying we mark the original message as replied if (isset($replying)) { mysql_query("update l_message set status='replied' where msgid={$repid}"); } if (isset($pid)) { if ($toteam == 'yes') { // Send to a team sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes'); } else { // Send to one player sendBzMail($s_playerid, $pid, $f_subject, $f_msg); } } else { // Send to a team sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes'); } } }
">News(CRUD)</a></li> <li><a href="<?php echo WEB . 'comments/crud'; ?> ">Comments(CRUD)</a></li> </ul> </li> <li class="authorized" id="li-logout" style="display: <?php echo isAuthorized($isUserLoggedIn); ?> "><a href="<?php echo WEB . 'logout'; ?> ">Logout</a></li> <li class="guest" id="li-login" style="display: <?php echo isGuest($isUserLoggedIn); ?> "><a href="#">Login</a></li> <li class="guest" id="li-form" style="display: none"> <form id="form-login" class="navbar-form form-signin" role="form" method="post" action="<?php echo WEB . 'login'; ?> "> <div class="form-group"> <input type="text" class="form-control" id="_username" name="_username" placeholder="Username" maxlength="15" required autofocus> </div> <div class="form-group"> <input type="password" class="form-control" id="_password" name="_password" placeholder="Password" maxlength="20" required> </div> <div class="form-group"> <button type="submit" class="btn btn-default">
<nav class="nav-collapse collapse pull-right tales-nav"> <ul class="nav nav-pills"> <li> <a href="index.php">Blog</a> </li> <li> <a href="pictures.php">Pictures</a> </li> <li> <a href="private.php<?php if ((isGuest() || $private_access) && !$_GET['deco']) { echo '?deco=true'; } ?> "><?php echo (isGuest() || $private_access) && !$_GET['deco'] ? 'Logout' : 'Login'; ?> </a> </li> <li> <a href="about.php">Who are we?</a> </li> </ul> </nav> </div> </div> <div class="widewrapper subheader"> <div class="container"> <div class="tales-breadcrumb"> <a href="#"><?php echo BLOG_DESCRIPTION;