<?php require_once 'libs/common/global_inc.php'; if (is_loged_in()) { header('Location: ' . WEB_BASE_COMMON . 'index.php'); die; } $db_connection = new pg_database_class(); if (false === $db_connection->open_connection(FUNCTION_LIBRARY_POSTGRES_DB_NAME, FUNCTION_LIBRARY_POSTGRES_USER, FUNCTION_LIBRARY_POSTGRESS_PASSWORD)) { trigger_error('Database DEAD...' . $db_connection->get_last_error_message()); exit; } foreach ($_REQUEST as $key => $val) { $_REQUEST[$key] = make_database_safe(strip_tags(trim($val))); } if ($_REQUEST && isset($_REQUEST['user_id'])) { $sql = "Select sec_question,user_id from wl_users where user_id ='{$_REQUEST['user_id']}'"; $rs = $db_connection->db_query($sql); if (pg_num_rows($rs) == 0) { echo json_encode(array("status" => "FAIL", "message" => "No User Found")); } else { $row = pg_fetch_assoc($rs); echo json_encode(array("status" => 'SUCCESS', "sec_question" => $row['sec_question'], "user_id" => $row['user_id'])); } die; } elseif ($_REQUEST && isset($_REQUEST['seca'])) { $sql = "Select sec_question from wl_users where user_id ='{$_REQUEST['uid']}' and sec_ans='{$_REQUEST['seca']}'"; $rs = $db_connection->db_query($sql); if (pg_num_rows($rs) == 0) { echo json_encode(array("status" => "FAIL", "message" => "Anwser is not correct")); } else {
<?php require_once 'libs/common/global_inc.php'; if (is_loged_in()) { header('Location: ' . WEB_BASE_COMMON . 'index.php'); die; } $db_connection = new pg_database_class(); if (false === $db_connection->open_connection(FUNCTION_LIBRARY_POSTGRES_DB_NAME, FUNCTION_LIBRARY_POSTGRES_USER, FUNCTION_LIBRARY_POSTGRESS_PASSWORD)) { trigger_error('Database DEAD...' . $db_connection->get_last_error_message()); exit; } $pass = sha1(strip_tags(trim($_REQUEST['password']))); $sql = "SELECT * from wl_users where password='******' and user_id='" . make_database_safe(strip_tags(trim($_REQUEST['inputUserName']))) . "'"; $rs = $db_connection->db_query($sql); if (pg_num_rows($rs) > 0) { $row = pg_fetch_assoc($rs); $_SESSION['user'] = $row; $_SESSION['login_id'] = $row['id']; echo json_encode(array("status" => "SUCCESS")); } else { echo json_encode(array("status" => "FAIL", "message" => "User and Password combination not found")); }
<div> Date Posted: ' . date('m-d-Y g:i:s A', strtotime($row['date'])) . ' </div> </div> <div syle="clear:both;"> </div> <div class="guestbook_msg_area"> ' . nl2br(htmlspecialchars($row['msg'], ENT_QUOTES)) . ' </div> </div>'; } echo $output; exit; break; case 'add_new_guest_entry': $name = make_database_safe(strip_tags(trim($name))); $msg = make_database_safe(strip_tags(trim($msg))); $sql = 'Insert into guestbook (username,msg,ip_address) VALUES (\'' . $name . '\',\'' . $msg . '\',\'' . $_SERVER['REMOTE_ADDR'] . '\')'; $rs = $db_connection->db_query($sql); if ($rs === false || pg_affected_rows($rs) == 0) { echo 'false'; } else { echo 'success'; } exit; break; default: //this was to cover a bug in some old versions of browsers I think safari and Opera had issues if an ajax return //nothing. echo ' '; break; }