function updateUserPassword($userID, $password, $key)
{
$options = ['cost' => 11, 'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM)];
$h_password = password_hash($password, PASSWORD_BCRYPT, $options);
my_update('si', array(&$h_password, &$userID), "UPDATE user SET Password = ? WHERE ID = ?");
my_update('s', array(&$key), "DELETE FROM `recoveryemails` WHERE `Key` = ?");
}
function recordEvent($eventType, $userID)
{
$sql = 'INSERT INTO audit(userID, event, timestamp) values (?,?,?)';
date_default_timezone_set('America/Los_Angeles');
$date = new DateTime();
$time = $date->format('Y-m-d H:i:s');
$param = array(&$userID, &$eventType, &$time);
my_update('iss', $param, $sql);
}
<?php
//require_once 'config.php';
require "../database.php";
if ($_POST['act'] == 'rate') {
//search if the user(ip) has already gave a note
$ip = $_SERVER["REMOTE_ADDR"];
$therate = sanitize($_POST['rate']);
$thepost = sanitize($_POST['post_id']);
$data = my_query('i', array(&$thepost), "SELECT * FROM ratings WHERE id_post=?");
if (@count($data) == 0) {
$param = array(&$thepost, &$ip, &$therate);
my_update('isi', $param, "INSERT INTO ratings (id_post, ip, rate) VALUES (?,?,?)");
} else {
my_update('ii', array(&$therate, &$thepost), "UPDATE ratings SET rate=? WHERE id_post=?");
}
}
// keep track validation errors
$nameError = null;
// keep track post values
$name = $_POST['name'];
// validate input
$valid = true;
if (empty($name)) {
$nameError = 'Please enter name';
$valid = false;
}
$numRows = getNumRows('s', array(&$name), "SELECT name FROM organization WHERE id=?");
$db_result = my_query('i', array(&$id), "SELECT name FROM organization where ID=?");
if ($valid) {
$params = array(&$name, &$id);
$sql = "UPDATE organization set name = ? where id = ?";
my_update('si', $params, $sql);
$_SESSION['crud_update_success'] = true;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="dashboard">
<title>scalabrine | update</title>
$id = 0;
if (!empty($_GET['id'])) {
$id = $_REQUEST['id'];
}
$orgID = $_SESSION['orgID'];
if (!empty($_POST)) {
// keep track post values
$id = $_POST['id'];
if ($_SESSION['admin'] == 2) {
//Developer
$sql = "DELETE FROM user WHERE ID = ?";
my_update('i', array(&$id), $sql);
} else {
//Admin
$sql = "DELETE FROM user WHERE ID = ? AND OrgID = ?";
my_update('ii', array(&$id, &$orgID), $sql);
}
my_disconnect();
header("Location: index");
} else {
$data = my_query('ii', array(&$id, &$orgID), "SELECT * FROM user where ID = ? AND OrgID = ?");
if ($data == null) {
header("Location: index");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
require '../database.php';
if (!empty($_POST)) {
// keep track validation errors
$nameError = null;
// keep track post values
$name = $_POST['name'];
// validate input
$valid = true;
if (empty($name)) {
$nameError = 'Please enter organization Name';
$valid = false;
}
if ($valid) {
$param = array(&$name);
$sql = "INSERT INTO organization (name) VALUES (?)";
my_update('s', $param, $sql);
header("Location: index");
}
my_disconnect();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="dashboard">
<title>scalabrine | create</title>
$email = sanitize($_POST['email']);
$password = sanitize($_POST['password']);
$confirm_password = sanitize($_POST['confirm_password']);
$options = ['cost' => 11, 'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM)];
if (strcmp($password, $confirm_password) === 0) {
$numRows = getNumRows('s', array(&$username), "SELECT Username FROM user WHERE username=?");
$numRows1 = getNumRows('s', array(&$email), "SELECT Username FROM user WHERE email=?");
// Username is free
if ($numRows == 0 && $numRows1 == 0) {
$h_password = password_hash($password, PASSWORD_BCRYPT, $options);
$sql = "INSERT INTO user (username, email, password, admin, OrgID) VALUES (?, ?, ?, ?, ?)";
$roleAdmin = "1";
$con = new mysqli("localhost", "root", "Tw0sof+9Ly", "scalabrinedb");
$stuff = $con->query("SELECT MAX(OrgID) AS orgid FROM user");
$orgid = $stuff->fetch_object()->orgid + 1;
my_update('sssss', array(&$username, &$email, &$h_password, &$roleAdmin, &$orgid), $sql);
$stuff->close();
$_SESSION['signup'] = "";
header("Location: /dashboard/index");
} else {
//username is taken
$_SESSION['username'] = true;
header("Location: /dashboard/registration");
}
} else {
// passwords didnt match
$_SESSION['pass'] = true;
header("Location: /dashboard/registration");
}
my_disconnect();
} else {
header("Location: /403");
} else {
require '../database.php';
$id = 0;
if (!empty($_GET['id'])) {
$id = $_REQUEST['id'];
}
if (!empty($_POST)) {
// keep track post values
$id = $_POST['id'];
//delete users
$sql = "delete from user where orgID = ?";
my_update('i', array(&$id), $sql);
//delete organization
$sql = "DELETE FROM organization WHERE ID = ?";
my_update('i', array(&$id), $sql);
my_disconnect();
header("Location: index");
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="dashboard">
<title>scalabrine | delete</title>
<link rel="icon" href="/img/favicon.ico" type="image/x-icon" />
// Get gravatar Image
// https://fr.gravatar.com/site/implement/images/php/
$default = "mm";
$size = 35;
$grav_url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($email))) . "?d=" . $default . "&s=" . $size;
date_default_timezone_set('America/Los_Angeles');
if (strlen($name) <= '1') {
$name = 'Guest';
}
$name = sanitize($name);
$email = sanitize($email);
$comment = sanitize($comment);
$id_post = sanitize($id_post);
$param = array(&$name, &$email, &$comment, &$id_post);
$sql = "INSERT INTO comments (name, email, comment, id_post) VALUES(?,?,?,?)";
if (!my_update('sssi', $param, $sql)) {
?>
<div class="cmt-cnt">
<img src="<?php
echo $grav_url;
?>
" alt="" />
<div class="thecom">
<h5><?php
echo $name;
?>
</h5><span class="com-dt"><?php
echo date('d-m-Y H:i');
?>
</span>
<br/>
<?php
session_start();
extract($_POST);
if ($_POST['act'] == 'rm-com') {
// Connect to the database
include '../../database.php';
//insert the comment in the database
my_update('i', array(&$id_post), "DELETE FROM comments WHERE id=?");
my_update('i', array(&$id_post), "DELETE FROM ratings WHERE id_post=?");
}
$valid = false;
}
}
if (empty($password)) {
$passwordError = 'Please enter Password';
$valid = false;
}
$sql = "SELECT Username FROM user WHERE username=? OR email=?";
$numRows = getNumRows('ss', array(&$name, &$email), $sql);
if ($valid) {
// Username is free
if ($numRows == 0) {
$h_password = password_hash($password, PASSWORD_BCRYPT, $options);
$param = array(&$name, &$email, &$h_password, &$orgID);
$sql = "INSERT INTO user (username, email, password, orgID) VALUES (?, ?, ?, ?)";
my_update('sssi', $param, $sql);
header("Location: index");
} else {
//username is taken
$_SESSION['crud_already_username'] = true;
}
}
my_disconnect();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
