function updateUserPassword($userID, $password, $key) { $options = ['cost' => 11, 'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM)]; $h_password = password_hash($password, PASSWORD_BCRYPT, $options); my_update('si', array(&$h_password, &$userID), "UPDATE user SET Password = ? WHERE ID = ?"); my_update('s', array(&$key), "DELETE FROM `recoveryemails` WHERE `Key` = ?"); }
function recordEvent($eventType, $userID) { $sql = 'INSERT INTO audit(userID, event, timestamp) values (?,?,?)'; date_default_timezone_set('America/Los_Angeles'); $date = new DateTime(); $time = $date->format('Y-m-d H:i:s'); $param = array(&$userID, &$eventType, &$time); my_update('iss', $param, $sql); }
<?php //require_once 'config.php'; require "../database.php"; if ($_POST['act'] == 'rate') { //search if the user(ip) has already gave a note $ip = $_SERVER["REMOTE_ADDR"]; $therate = sanitize($_POST['rate']); $thepost = sanitize($_POST['post_id']); $data = my_query('i', array(&$thepost), "SELECT * FROM ratings WHERE id_post=?"); if (@count($data) == 0) { $param = array(&$thepost, &$ip, &$therate); my_update('isi', $param, "INSERT INTO ratings (id_post, ip, rate) VALUES (?,?,?)"); } else { my_update('ii', array(&$therate, &$thepost), "UPDATE ratings SET rate=? WHERE id_post=?"); } }
// keep track validation errors $nameError = null; // keep track post values $name = $_POST['name']; // validate input $valid = true; if (empty($name)) { $nameError = 'Please enter name'; $valid = false; } $numRows = getNumRows('s', array(&$name), "SELECT name FROM organization WHERE id=?"); $db_result = my_query('i', array(&$id), "SELECT name FROM organization where ID=?"); if ($valid) { $params = array(&$name, &$id); $sql = "UPDATE organization set name = ? where id = ?"; my_update('si', $params, $sql); $_SESSION['crud_update_success'] = true; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="dashboard"> <title>scalabrine | update</title>
$id = 0; if (!empty($_GET['id'])) { $id = $_REQUEST['id']; } $orgID = $_SESSION['orgID']; if (!empty($_POST)) { // keep track post values $id = $_POST['id']; if ($_SESSION['admin'] == 2) { //Developer $sql = "DELETE FROM user WHERE ID = ?"; my_update('i', array(&$id), $sql); } else { //Admin $sql = "DELETE FROM user WHERE ID = ? AND OrgID = ?"; my_update('ii', array(&$id, &$orgID), $sql); } my_disconnect(); header("Location: index"); } else { $data = my_query('ii', array(&$id, &$orgID), "SELECT * FROM user where ID = ? AND OrgID = ?"); if ($data == null) { header("Location: index"); } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8">
require '../database.php'; if (!empty($_POST)) { // keep track validation errors $nameError = null; // keep track post values $name = $_POST['name']; // validate input $valid = true; if (empty($name)) { $nameError = 'Please enter organization Name'; $valid = false; } if ($valid) { $param = array(&$name); $sql = "INSERT INTO organization (name) VALUES (?)"; my_update('s', $param, $sql); header("Location: index"); } my_disconnect(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="dashboard"> <title>scalabrine | create</title>
$email = sanitize($_POST['email']); $password = sanitize($_POST['password']); $confirm_password = sanitize($_POST['confirm_password']); $options = ['cost' => 11, 'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM)]; if (strcmp($password, $confirm_password) === 0) { $numRows = getNumRows('s', array(&$username), "SELECT Username FROM user WHERE username=?"); $numRows1 = getNumRows('s', array(&$email), "SELECT Username FROM user WHERE email=?"); // Username is free if ($numRows == 0 && $numRows1 == 0) { $h_password = password_hash($password, PASSWORD_BCRYPT, $options); $sql = "INSERT INTO user (username, email, password, admin, OrgID) VALUES (?, ?, ?, ?, ?)"; $roleAdmin = "1"; $con = new mysqli("localhost", "root", "Tw0sof+9Ly", "scalabrinedb"); $stuff = $con->query("SELECT MAX(OrgID) AS orgid FROM user"); $orgid = $stuff->fetch_object()->orgid + 1; my_update('sssss', array(&$username, &$email, &$h_password, &$roleAdmin, &$orgid), $sql); $stuff->close(); $_SESSION['signup'] = ""; header("Location: /dashboard/index"); } else { //username is taken $_SESSION['username'] = true; header("Location: /dashboard/registration"); } } else { // passwords didnt match $_SESSION['pass'] = true; header("Location: /dashboard/registration"); } my_disconnect(); } else {
header("Location: /403"); } else { require '../database.php'; $id = 0; if (!empty($_GET['id'])) { $id = $_REQUEST['id']; } if (!empty($_POST)) { // keep track post values $id = $_POST['id']; //delete users $sql = "delete from user where orgID = ?"; my_update('i', array(&$id), $sql); //delete organization $sql = "DELETE FROM organization WHERE ID = ?"; my_update('i', array(&$id), $sql); my_disconnect(); header("Location: index"); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="dashboard"> <title>scalabrine | delete</title> <link rel="icon" href="/img/favicon.ico" type="image/x-icon" />
// Get gravatar Image // https://fr.gravatar.com/site/implement/images/php/ $default = "mm"; $size = 35; $grav_url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($email))) . "?d=" . $default . "&s=" . $size; date_default_timezone_set('America/Los_Angeles'); if (strlen($name) <= '1') { $name = 'Guest'; } $name = sanitize($name); $email = sanitize($email); $comment = sanitize($comment); $id_post = sanitize($id_post); $param = array(&$name, &$email, &$comment, &$id_post); $sql = "INSERT INTO comments (name, email, comment, id_post) VALUES(?,?,?,?)"; if (!my_update('sssi', $param, $sql)) { ?> <div class="cmt-cnt"> <img src="<?php echo $grav_url; ?> " alt="" /> <div class="thecom"> <h5><?php echo $name; ?> </h5><span class="com-dt"><?php echo date('d-m-Y H:i'); ?> </span> <br/>
<?php session_start(); extract($_POST); if ($_POST['act'] == 'rm-com') { // Connect to the database include '../../database.php'; //insert the comment in the database my_update('i', array(&$id_post), "DELETE FROM comments WHERE id=?"); my_update('i', array(&$id_post), "DELETE FROM ratings WHERE id_post=?"); }
$valid = false; } } if (empty($password)) { $passwordError = 'Please enter Password'; $valid = false; } $sql = "SELECT Username FROM user WHERE username=? OR email=?"; $numRows = getNumRows('ss', array(&$name, &$email), $sql); if ($valid) { // Username is free if ($numRows == 0) { $h_password = password_hash($password, PASSWORD_BCRYPT, $options); $param = array(&$name, &$email, &$h_password, &$orgID); $sql = "INSERT INTO user (username, email, password, orgID) VALUES (?, ?, ?, ?)"; my_update('sssi', $param, $sql); header("Location: index"); } else { //username is taken $_SESSION['crud_already_username'] = true; } } my_disconnect(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8">