${'graduationdegreemodeextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationdegreemodeextra])); ${'finalgraduationdegreemodeextra' . $y} = htmlspecialchars(${'graduationdegreemodeextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationcompletedextra = "graduationcompletedextra{$y}"; ${'graduationcompletedextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationcompletedextra])); ${'finalgraduationcompletedextra' . $y} = htmlspecialchars(${'graduationcompletedextra' . $y}, ENT_QUOTES, 'UTF-8'); $igradationcompletionyearextra = "gradationcompletionyearextra{$y}"; ${'gradationcompletionyearextra' . $y} = strip_tags(trim_awesome($_POST[$igradationcompletionyearextra])); ${'finalgradationcompletionyearextra' . $y} = htmlspecialchars(${'gradationcompletionyearextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationgpaorpercentageextra = "graduationgpaorpercentageextra{$y}"; ${'graduationgpaorpercentageextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationgpaorpercentageextra])); ${'finalgraduationgpaorpercentageextra' . $y} = htmlspecialchars(${'graduationgpaorpercentageextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationclassextra = "graduationclassextra{$y}"; ${'graduationclassextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationclassextra])); ${'finalgraduationclassextra' . $y} = htmlspecialchars(${'graduationclassextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationpercentageextra = "graduationpercentageextra{$y}"; ${'graduationpercentageextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationpercentageextra])); ${'finalgraduationpercentageextra' . $y} = htmlspecialchars(${'graduationpercentageextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationgpaobtainedextra = "graduationgpaobtainedextra{$y}"; ${'graduationgpaobtainedextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationgpaobtainedextra])); ${'finalgraduationgpaobtainedextra' . $y} = htmlspecialchars(${'graduationgpaobtainedextra' . $y}, ENT_QUOTES, 'UTF-8'); $igraduationgpamaxextra = "graduationgpamaxextra{$y}"; ${'graduationgpamaxextra' . $y} = strip_tags(trim_awesome($_POST[$igraduationgpamaxextra])); ${'finalgraduationgpamaxextra' . $y} = htmlspecialchars(${'graduationgpamaxextra' . $y}, ENT_QUOTES, 'UTF-8'); $sqlacademicextra = "INSERT INTO `vedica_admn_2017`.`added_academic_details` (`application_id`, `extra_academic_degree_level`, `extra_academic_degree_level_other`, `extra_academic_name_of_college`, `extra_academic_university`, `extra_academic_university_other`, `extra_academic_degree_mode`, `extra_academic_degree_name`, `extra_academic_discipline`, `extra_academic_discipline_other`, `extra_academic_specialisation`, `extra_academic_degree_completed`, `extra_academic_year_completion`, `extra_academic_grading_system`, `extra_academic_class`, `extra_academic_aggregate`, `extra_academic_gpa_obtained`, `extra_academic_gpa_max`) VALUES (\n\t\t\t\t" . mysql_real_escape_string_awesome($finalapplicationid) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalacademicextradegreelevel' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalacademicextradegreeother' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgradutationcollegenameextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgradutationunversityextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationuniversityothersextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduatindegreenameextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationdisciplineextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationdisciplineotherextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationspecializationextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationdegreemodeextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationcompletedextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgradationcompletionyearextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationgpaorpercentageextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationclassextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationpercentageextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationgpaobtainedextra' . $y}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalgraduationgpamaxextra' . $y}) . "\n\t\t\t\t);"; $insertacademicextra = mysql_query($sqlacademicextra); if (!$insertacademicextra) { die('Could not enter data: ' . mysql_error()); } } } else { }
$_SESSION['start'] = time(); $_SESSION['expire'] = $_SESSION['start'] + 60 * 60; if (strlen(trim($_SESSION['userName'])) == 0) { session_destroy(); timeout(); die; } $applicationid = strip_tags(trim_awesome($_SESSION['userName'])); $refreetitle = strip_tags(trim_awesome($_POST['refreetitle'])); $refreename = strip_tags(trim_awesome($_POST['refreename'])); $refreeorganization = strip_tags(trim_awesome($_POST['refreeorganization'])); $refreedesignation = strip_tags(trim_awesome($_POST['refreedesignation'])); $refreecontact = strip_tags(trim_awesome($_POST['refreecontact'])); $refreeemail = strip_tags(trim_awesome($_POST['refreeemail'])); $refreeknowing = strip_tags(trim_awesome($_POST['refreeknowing'])); $finalapplicationid = htmlspecialchars($applicationid, ENT_QUOTES, 'UTF-8'); $finalrefreetitle = htmlspecialchars($refreetitle, ENT_QUOTES, 'UTF-8'); $finalrefreename = htmlspecialchars($refreename, ENT_QUOTES, 'UTF-8'); $finalrefreeorganization = htmlspecialchars($refreeorganization, ENT_QUOTES, 'UTF-8'); $finalrefreedesignation = htmlspecialchars($refreedesignation, ENT_QUOTES, 'UTF-8'); $finalrefreecontact = htmlspecialchars($refreecontact, ENT_QUOTES, 'UTF-8'); $finalrefreeemail = htmlspecialchars($refreeemail, ENT_QUOTES, 'UTF-8'); $finalrefreeknowing = htmlspecialchars($refreeknowing, ENT_QUOTES, 'UTF-8'); if ($mysql == true) { $sqlrefree = "INSERT INTO `vedica_admn_2017`.`users_reference_details` (`application_id`, `title_of_refree`, `name_of_refree`, `organization`, `designation`, `phone_number`, `email_id`, `capacity_of_knowing`) VALUES (\n\t\t\t" . mysql_real_escape_string_awesome($finalapplicationid) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreetitle) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreename) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreeorganization) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreedesignation) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreecontact) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreeemail) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalrefreeknowing) . "\n\t\t\t)\n\t\tON DUPLICATE KEY\n\t\tUPDATE\n\t\ttitle_of_refree = VALUES(title_of_refree),\n\t\tname_of_refree = VALUES(name_of_refree),\n\t\torganization = VALUES(organization),\n\t\tdesignation = VALUES(designation),\n\t\tphone_number = VALUES(phone_number),\n\t\temail_id = VALUES(email_id),\n\t\tcapacity_of_knowing = VALUES(capacity_of_knowing)\n\t\t;"; $insertrefree = mysql_query($sqlrefree); if (!$insertrefree) { die('Could not enter data: ' . mysql_error()); } } else { }
$sqlregister = "INSERT INTO " . $admission_users . " (login_system_registrations_date,login_system_registrations_user_id,f_name,m_name,l_name,application_id,email_id,mobile_number,city,password,salt,registration_ip, application_status) VALUES (CURRENT_TIMESTAMP,'" . $finaluserid . "'," . mysql_real_escape_string_awesome($finalfirstname) . "," . mysql_real_escape_string_awesome($finalmiddlename) . "," . mysql_real_escape_string_awesome($finallastname) . ",''," . mysql_real_escape_string_awesome($finaluseremail) . "," . mysql_real_escape_string_awesome($finalmobile) . "," . mysql_real_escape_string_awesome($finalcity) . "," . mysql_real_escape_string_awesome($finalpassword) . "," . mysql_real_escape_string_awesome($finalsalt) . "," . mysql_real_escape_string_awesome($finaluserip) . "," . mysql_real_escape_string_awesome('Draft') . ")"; $insertregister = mysql_query($sqlregister); $searchid = mysql_query("SELECT uid,login_system_registrations_user_id FROM " . $admission_users . " WHERE email_id = " . mysql_real_escape_string_awesome($finaluseremail) . ""); $resultid = mysql_num_rows($searchid); $queryid = mysql_fetch_array($searchid); $uid = $queryid['uid']; $applicationid = str_pad($uid, 6, '0', STR_PAD_LEFT); $applicationid = 'VS' . $year . $applicationid; $finalusername = $applicationid; $setapplicationid = "UPDATE " . $admission_users . " SET application_id = " . mysql_real_escape_string_awesome($finalusername) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($queryid['login_system_registrations_user_id']) . ""; $setapplicationidquery1 = mysql_query($setapplicationid); $sqlactivation = "INSERT INTO " . $mysqltable_name_4 . " (login_system_email_activation_user_id,login_system_email_activation_username,login_system_email_activation_expire,login_system_email_activation_useremail,login_system_email_activation_token,login_system_email_activation_date,login_system_email_activation_ip,login_system_email_activation_attempts,login_system_email_activation_status) VALUES (" . mysql_real_escape_string_awesome($queryid['login_system_registrations_user_id']) . "," . mysql_real_escape_string_awesome($finalusername) . "," . mysql_real_escape_string_awesome($expiretokenemail) . "," . mysql_real_escape_string_awesome($finaluseremail) . "," . mysql_real_escape_string_awesome($finalemailtoken) . "," . mysql_real_escape_string_awesome($datetime) . "," . mysql_real_escape_string_awesome($finaluserip) . ",'0','0')"; $insertactivation = mysql_query($sqlactivation); $sqlpersonal = "INSERT INTO `vedica_admn_2017`.`users_personal_details` (`application_id`, `f_name`, `m_name`, `l_name`) VALUES (" . mysql_real_escape_string_awesome($finalusername) . "," . mysql_real_escape_string_awesome($finalfirstname) . "," . mysql_real_escape_string_awesome($finalmiddlename) . "," . mysql_real_escape_string_awesome($finallastname) . ")\n\t\t\t\t\t\tON DUPLICATE KEY\n\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\tf_name = VALUES(f_name),\n\t\t\t\t\t\tm_name = VALUES(m_name),\n\t\t\t\t\t\tl_name = VALUES(l_name)\n\t\t\t\t\t\t;"; $insertpersonal = mysql_query($sqlpersonal); $sqlcontact = "INSERT INTO `vedica_admn_2017`.`users_contact_details` (`application_id`, `email_id`, `mobile_number`) VALUES (\n\t\t\t\t\t" . mysql_real_escape_string_awesome($finalusername) . ",\n\t\t\t\t\t" . mysql_real_escape_string_awesome($finaluseremail) . ",\n\t\t\t\t\t" . mysql_real_escape_string_awesome($finalmobile) . "\n\t\t\t\t\t)\n\t\t\t\tON DUPLICATE KEY\n\t\t\t\tUPDATE\n\t\t\t\temail_id = VALUES(email_id),\n\t\t\t\tmobile_number = VALUES(mobile_number)\n\t\t\t\t;"; $insertcontact = mysql_query($sqlcontact); include dirname(__FILE__) . '/phpmailer/PHPMailerAutoload.php'; include dirname(__FILE__) . '/messages/automessageemail.php'; $automail = new PHPMailer(); $automail->IsSMTP(); $automail->SMTPAuth = true; $automail->SMTPSecure = $protocol; $automail->Host = $host; $automail->Port = $port; $automail->Username = $smtpusername; $automail->Password = $smtppassword; $automail->From = $youremail; $automail->FromName = $yourname; $automail->isHTML(true); $automail->CharSet = "UTF-8";
if (count($errors) === 0) { $file_basename1 = substr($_FILES["resume"]["name"], 0, strripos($_FILES["resume"]["name"], '.')); $file_extension1 = substr($_FILES["resume"]["name"], strripos($_FILES["resume"]["name"], '.')); $finalnameresume0 = $file_basename1 . $file_extension1; // Add a name to Random Files ID $finalname1 = $finalapplicationid . "_RESUME" . $file_extension1; if (!is_dir($physicalpath . 'admission-uploads/')) { mkdir($physicalpath . 'admission-uploads/', 0777, true); } move_uploaded_file($_FILES['resume']['tmp_name'], $physicalpath . 'admission-uploads/' . $finalname1); } else { $doc_response['status'] = 'F'; $doc_response['msg'] = $errors; /*foreach ( $errors as $error ) { echo $error; }*/ echo json_encode($doc_response); die; //Ensure no more processing is done } } $sqldocs = "INSERT INTO `users_documents_uploads` (`application_id`, `passport_photo`, `resume`) VALUES (\n\t\t\t" . mysql_real_escape_string_awesome($finalapplicationid) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalnamephoto0) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalnameresume0) . "\n\t\t\t)\n\t\tON DUPLICATE KEY\n\t\tUPDATE\n\t\tpassport_photo = VALUES(passport_photo),\n\t\tresume = VALUES(resume)\n\t\t;"; $insertdocs = mysql_query($sqldocs); if (!$insertdocs) { die('Could not enter data: ' . mysql_error()); } $doc_response['status'] = 'P'; $doc_response['msg'] = $baseurl; echo json_encode($doc_response); } else { }
$finalcurrentaddress1 = htmlspecialchars($currentaddress1, ENT_QUOTES, 'UTF-8'); $finalcurrentaddress2 = htmlspecialchars($currentaddress2, ENT_QUOTES, 'UTF-8'); $finalcurrentaddress3 = htmlspecialchars($currentaddress3, ENT_QUOTES, 'UTF-8'); $finalcurrentcity = htmlspecialchars($currentcity, ENT_QUOTES, 'UTF-8'); $finalcurrentcountry = htmlspecialchars($currentcountry, ENT_QUOTES, 'UTF-8'); $finalcurrentstate = htmlspecialchars($currentstate, ENT_QUOTES, 'UTF-8'); $finalcurrentstateother = htmlspecialchars($currentstateother, ENT_QUOTES, 'UTF-8'); $finalcurrentzip = htmlspecialchars($currentzip, ENT_QUOTES, 'UTF-8'); $finalpermanentsameascurrent = htmlspecialchars($permanentsameascurrent, ENT_QUOTES, 'UTF-8'); $finalpermanentaddress1 = htmlspecialchars($permanentaddress1, ENT_QUOTES, 'UTF-8'); $finalpermanentaddress2 = htmlspecialchars($permanentaddress2, ENT_QUOTES, 'UTF-8'); $finalpermanentaddress3 = htmlspecialchars($permanentaddress3, ENT_QUOTES, 'UTF-8'); $finalpermanentcity = htmlspecialchars($permanentcity, ENT_QUOTES, 'UTF-8'); $finalpermanentcountry = htmlspecialchars($permanentcountry, ENT_QUOTES, 'UTF-8'); $finalpermanentstate = htmlspecialchars($permanentstate, ENT_QUOTES, 'UTF-8'); $finalpermanentstateother = htmlspecialchars($permanentstateother, ENT_QUOTES, 'UTF-8'); $finalpermanentzip = htmlspecialchars($permanentzip, ENT_QUOTES, 'UTF-8'); $finalparentname = htmlspecialchars($parentname, ENT_QUOTES, 'UTF-8'); $finalparentmobile = htmlspecialchars($parentmobile, ENT_QUOTES, 'UTF-8'); $finalparentrelation = htmlspecialchars($parentrelation, ENT_QUOTES, 'UTF-8'); $finalparentorganisation = htmlspecialchars($parentorganisation, ENT_QUOTES, 'UTF-8'); $finalparentdesignation = htmlspecialchars($parentdesignation, ENT_QUOTES, 'UTF-8'); $finalparentqualification = htmlspecialchars($parentqualification, ENT_QUOTES, 'UTF-8'); if ($mysql == true) { $sqlcontact = "INSERT INTO `vedica_admn_2017`.`users_contact_details` (`application_id`, `email_id`, `mobile_number`, `phone_number`, `current_address_line1`, `current_address_line2`, `current_address_line3`, `current_address_city`, `current_address_state`, `current_address_state_other`, `current_address_country`, `current_address_pin`, `permanent_same_as_current_address`, `permanent_address_line1`, `permanent_address_line2`, `permanent_address_line3`, `permanent_address_city`, `permanent_address_state`, `permanent_address_state_other`, `permanent_address_country`, `permanent_address_pin`, `parent_name`, `parent_mobile`, `parent_relation`, `parent_organisation`, `parent_designation`, `parent_qualification`) VALUES (\n\t\t\t" . mysql_real_escape_string_awesome($finalapplicationid) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalemail) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalmobilenumber) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalphonenumber) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalcurrentaddress1) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalcurrentaddress2) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalcurrentaddress3) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalcurrentcity) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalcurrentstate) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalcurrentstateother) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalcurrentcountry) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalcurrentzip) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalpermanentsameascurrent) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalpermanentaddress1) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalpermanentaddress2) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalpermanentaddress3) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalpermanentcity) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalpermanentstate) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalpermanentstateother) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalpermanentcountry) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalpermanentzip) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalparentname) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalparentmobile) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalparentrelation) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalparentorganisation) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalparentdesignation) . ",\n\t\t\t" . mysql_real_escape_string_awesome($finalparentqualification) . "\n\t\t\t)\n\t\tON DUPLICATE KEY\n\t\tUPDATE\n\t\temail_id = VALUES(email_id),\n\t\tmobile_number = VALUES(mobile_number),\n\t\tphone_number = VALUES(phone_number),\n\t\tcurrent_address_line1 = VALUES(current_address_line1),\n\t\tcurrent_address_line2 = VALUES(current_address_line2),\n\t\tcurrent_address_line3 = VALUES(current_address_line3),\n\t\tcurrent_address_city = VALUES(current_address_city),\n\t\tcurrent_address_state = VALUES(current_address_state),\n\t\tcurrent_address_state_other = VALUES(current_address_state_other),\n\t\tcurrent_address_country = VALUES(current_address_country),\n\t\tcurrent_address_pin = VALUES(current_address_pin),\n\t\tpermanent_same_as_current_address = VALUES(permanent_same_as_current_address),\n\t\tpermanent_address_line1 = VALUES(permanent_address_line1),\n\t\tpermanent_address_line2 = VALUES(permanent_address_line2),\n\t\tpermanent_address_line3 = VALUES(permanent_address_line3),\n\t\tpermanent_address_city = VALUES(permanent_address_city),\n\t\tpermanent_address_state = VALUES(permanent_address_state),\n\t\tpermanent_address_state_other = VALUES(permanent_address_state_other),\n\t\tpermanent_address_country = VALUES(permanent_address_country),\n\t\tpermanent_address_pin = VALUES(permanent_address_pin),\n\t\tparent_name = VALUES(parent_name),\n\t\tparent_mobile = VALUES(parent_mobile),\n\t\tparent_relation = VALUES(parent_relation),\n\t\tparent_organisation = VALUES(parent_organisation),\n\t\tparent_designation = VALUES(parent_designation),\n\t\tparent_qualification = VALUES(parent_qualification)\n\t\t;"; $insertcontact = mysql_query($sqlcontact); if (!$insertcontact) { die('Could not enter data: ' . mysql_error()); } } else { }
redirect_time($baseurl . 'admin/dashboard.php?lang=' . $_GET['lang'] . ''); } else { echo $lang['login_no_session']; } } else { if ($sqlUser['login_system_login_attempts_attempts'] >= 3) { $unlocktime = date("Y-m-d H:i:s", strtotime('+1 hour')); $blocked = "UPDATE " . $mysqltable_name_2 . " SET login_system_login_attempts_blocked_time = " . mysql_real_escape_string_awesome($unlocktime) . " WHERE login_system_login_attempts_username = "******""; $blockedquery = mysql_query($blocked); echo $lang['login_account_blocked']; } else { if ($queryUser == 0) { $insertfail = "INSERT INTO " . $mysqltable_name_2 . " (login_system_login_attempts_ip,login_system_login_attempts_attempts,login_system_login_attempts_date,login_system_login_attempts_username) VALUES (" . mysql_real_escape_string_awesome($finaluserip) . ",1," . mysql_real_escape_string_awesome($datetime) . "," . mysql_real_escape_string_awesome($finalusername) . ")"; $insertquery = mysql_query($insertfail); } else { $updatefail = "UPDATE " . $mysqltable_name_2 . " SET login_system_login_attempts_attempts = login_system_login_attempts_attempts+1, login_system_login_attempts_ip = " . mysql_real_escape_string_awesome($finaluserip) . ", login_system_login_attempts_date = " . mysql_real_escape_string_awesome($datetime) . " WHERE login_system_login_attempts_username = "******""; $updatequery = mysql_query($updatefail); } echo $lang['login_incorrect_information']; } } } else { echo $lang['login_account_still_locked']; } } else { echo $lang['login_account_not_activated']; } } else { echo $lang['login_incorrect_information']; } }
<?php include '../csrf_protection/csrf-token.php'; include '../csrf_protection/csrf-class.php'; if (!isset($_SESSION)) { $some_name = session_name("VedicaAdmission"); session_start(); } include '../config/config.php'; include '../config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include '../language/' . $language[$_GET['lang']] . '.php'; } else { include '../language/en.php'; } $update_firstname = strip_tags(trim_awesome($_POST["update_firstname"])); $update_lastname = strip_tags(trim_awesome($_POST["update_lastname"])); $update_finalfirstname = htmlspecialchars($update_firstname, ENT_QUOTES, 'UTF-8'); $update_finallastname = htmlspecialchars($update_lastname, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('update-account-form')) { echo $lang['update_account_wrong_security_token']; } else { $update1 = "UPDATE " . $admission_users . " SET f_name = " . mysql_real_escape_string_awesome($update_finalfirstname) . ", l_name = " . mysql_real_escape_string_awesome($update_finallastname) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery1 = mysql_query($update1); if ($updatequery1) { echo $lang['update_account_successful']; } else { echo $lang['update_account_unsuccessful']; } }
$some_name = session_name("VedicaAdmission"); session_start(); } include '../config/config.php'; include '../config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include '../language/' . $language[$_GET['lang']] . '.php'; } else { include '../language/en.php'; } $update_social_email = strip_tags(trim_awesome($_POST["update_social_useremail"])); $update_final_social_email = htmlspecialchars($update_social_email, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('update-social-account')) { echo $lang['update_social_account_wrong_security_token']; } else { $emailsearch = mysql_query("SELECT * FROM " . $mysqltable_name_5 . " WHERE login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($update_final_social_email) . ""); $emailresult = mysql_num_rows($emailsearch); $emailquery = mysql_fetch_array($emailsearch); if ($emailquery && $emailquery['login_system_register_social_networks_provider_user_id'] != $_SESSION['loginProviderID']) { echo $lang['update_social_account_already_taken']; } else { $update1 = "UPDATE " . $mysqltable_name_5 . " SET login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($update_final_social_email) . " WHERE login_system_register_social_networks_provider_user_id = " . mysql_real_escape_string_awesome($_SESSION['loginProviderID']) . ""; $updatequery1 = mysql_query($update1); if ($updatequery1) { echo $lang['update_social_account_successful']; } else { echo $lang['update_social_account_unsuccessful']; } } }
${'organizationtypeother' . $x} = strip_tags(trim_awesome($_POST[$iorganizationtypeother])); ${'industrytype' . $x} = strip_tags(trim_awesome($_POST[$iindustrytype])); ${'workstarted' . $x} = strip_tags(trim_awesome($_POST[$iworkstarted])); ${'workcompleted' . $x} = strip_tags(trim_awesome($_POST[$iworkcompleted])); ${'comapnyjoinedas' . $x} = strip_tags(trim_awesome($_POST[$icomapnyjoinedas])); ${'currentdesignation' . $x} = strip_tags(trim_awesome($_POST[$icurrentdesignation])); ${'annualrenumeration' . $x} = strip_tags(trim_awesome($_POST[$iannualrenumeration])); ${'rolesandresponsibility' . $x} = strip_tags(trim_awesome($_POST[$irolesandresponsibility])); ${'extraworkexcount' . $x} = strip_tags(trim_awesome($_POST[$iextraworkexcount])); ${'totalworkex' . $x} = strip_tags(trim_awesome($_POST[$itotalworkex])); ${'finalemployementtype' . $x} = htmlspecialchars(${'employementtype' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalorganizationname' . $x} = htmlspecialchars(${'organizationname' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalorganizationtype' . $x} = htmlspecialchars(${'organizationtype' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalorganizationtypeother' . $x} = htmlspecialchars(${'organizationtypeother' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalindustrytype' . $x} = htmlspecialchars(${'industrytype' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalworkstarted' . $x} = htmlspecialchars(${'workstarted' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalworkcompleted' . $x} = htmlspecialchars(${'workcompleted' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalcomapnyjoinedas' . $x} = htmlspecialchars(${'comapnyjoinedas' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalcurrentdesignation' . $x} = htmlspecialchars(${'currentdesignation' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalannualrenumeration' . $x} = htmlspecialchars(${'annualrenumeration' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalrolesandresponsibility' . $x} = htmlspecialchars(${'rolesandresponsibility' . $x}, ENT_QUOTES, 'UTF-8'); ${'finalextraworkexcount' . $x} = htmlspecialchars(${'extraworkexcount' . $x}, ENT_QUOTES, 'UTF-8'); ${'finaltotalworkex' . $x} = htmlspecialchars(${'totalworkex' . $x}, ENT_QUOTES, 'UTF-8'); $sqlworkexextra = "INSERT INTO `vedica_admn_2017`.`added_work_experience_details` (`application_id`, `employement_type`, `name_of_organization`, `organization_type`, `organization_type_other`, `started_work_date`, `completed_work_date`, `joined_as`, `current_designation`, `annual_renumeration`, `roles_and_responsibilty`) VALUES (\n\t\t\t\t" . mysql_real_escape_string_awesome($finalapplicationid) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalemployementtype' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalorganizationname' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalorganizationtype' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalorganizationtypeother' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalworkstarted' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalworkcompleted' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalcomapnyjoinedas' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalcurrentdesignation' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalannualrenumeration' . $x}) . ",\n\t\t\t\t" . mysql_real_escape_string_awesome(${'finalrolesandresponsibility' . $x}) . "\n\t\t\t\t);"; $insertworkexextra = mysql_query($sqlworkexextra); if (!$insertworkexextra) { die('Could not enter data: ' . mysql_error()); } } } else { }
$applicationid = strip_tags(trim_awesome($_SESSION['userName'])); $firstname = strip_tags(trim_awesome($_POST["firstname"])); $middlename = strip_tags(trim_awesome($_POST["middlename"])); $lastname = strip_tags(trim_awesome($_POST["lastname"])); $dob = strip_tags(trim_awesome($_POST["dob"])); $gender = strip_tags(trim_awesome($_POST["gender"])); $bloodgrp = strip_tags(trim_awesome($_POST["bloodgrp"])); $hearaboutvs = strip_tags(trim_awesome($_POST["hearaboutvs"])); $finalapplicationid = htmlspecialchars($applicationid, ENT_QUOTES, 'UTF-8'); $finalfirstname = htmlspecialchars($firstname, ENT_QUOTES, 'UTF-8'); $finalmiddlename = htmlspecialchars($middlename, ENT_QUOTES, 'UTF-8'); $finallastname = htmlspecialchars($lastname, ENT_QUOTES, 'UTF-8'); $finaldob = htmlspecialchars($dob, ENT_QUOTES, 'UTF-8'); $finalgender = htmlspecialchars($gender, ENT_QUOTES, 'UTF-8'); $finalbloodgrp = htmlspecialchars($bloodgrp, ENT_QUOTES, 'UTF-8'); $finalhearaboutvs = htmlspecialchars($hearaboutvs, ENT_QUOTES, 'UTF-8'); if ($finaldob) { $c = date('Y'); $y = date('Y', strtotime($finaldob)); $finalage = $c - $y; } else { $finalage = ''; } if ($mysql == true) { $sqlpersonal = "INSERT INTO `vedica_admn_2017`.`users_personal_details` (`application_id`, `f_name`, `m_name`, `l_name`,`user_dob`, `age`, `gender`, `blood_group`, `hear_abt_vedica`) VALUES (" . mysql_real_escape_string_awesome($finalapplicationid) . "," . mysql_real_escape_string_awesome($finalfirstname) . "," . mysql_real_escape_string_awesome($finalmiddlename) . "," . mysql_real_escape_string_awesome($finallastname) . "," . mysql_real_escape_string_awesome($finaldob) . "," . mysql_real_escape_string_awesome($finalage) . "," . mysql_real_escape_string_awesome($finalgender) . "," . mysql_real_escape_string_awesome($finalbloodgrp) . "," . mysql_real_escape_string_awesome($finalhearaboutvs) . ")\n\t\tON DUPLICATE KEY\n\t\tUPDATE\n\t\tf_name = VALUES(f_name),\n\t\tm_name = VALUES(m_name),\n\t\tl_name = VALUES(l_name),\n\t\tuser_dob = VALUES(user_dob),\n\t\tage = VALUES(age),\n\t\tgender = VALUES(gender),\n\t\tblood_group = VALUES(blood_group),\n\t\thear_abt_vedica = VALUES(hear_abt_vedica)\n\t\t;"; $insertpersonal = mysql_query($sqlpersonal); if (!$insertpersonal) { die('Could not enter data: ' . mysql_error()); } } else { }
<div class="column-twelve"> <div id="activation-message"> <?php if (isset($_GET['email']) && isset($_GET['token'])) { $useremail = strip_tags(trim_awesome($_GET["email"])); $emailtoken = strip_tags(trim_awesome($_GET["token"])); $finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8'); $finalemailtoken = htmlspecialchars($emailtoken, ENT_QUOTES, 'UTF-8'); $emailtime = date("Y-m-d H:i:s"); $selectexpire = mysql_query("SELECT * FROM " . $mysqltable_name_4 . " WHERE login_system_email_activation_token = " . mysql_real_escape_string_awesome($finalemailtoken) . " AND login_system_email_activation_expire > " . mysql_real_escape_string_awesome($emailtime) . ""); $resultexpire = mysql_num_rows($selectexpire); if ($resultexpire == 1) { $search = mysql_query("SELECT login_system_email_activation_useremail, login_system_email_activation_token, login_system_email_activation_status FROM " . $mysqltable_name_4 . " WHERE login_system_email_activation_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . " AND login_system_email_activation_token = " . mysql_real_escape_string_awesome($finalemailtoken) . " AND login_system_email_activation_status = '0'"); $result = mysql_num_rows($search); if ($result == 1) { $update = "UPDATE " . $mysqltable_name_4 . " SET login_system_email_activation_status ='1' WHERE login_system_email_activation_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . " AND login_system_email_activation_token = " . mysql_real_escape_string_awesome($finalemailtoken) . " AND login_system_email_activation_status = '0'"; $updatequery = mysql_query($update); if ($updatequery) { echo $lang['activation_successful']; } else { echo $lang['activation_unsuccessful']; } } else { echo $lang['activation_already_active']; } } else { echo $lang['activation_link_expire']; } } else { echo $lang['activation_wrong_link_or_email']; }
$finalpasstoken = md5(uniqid(rand(), true)); $expiretokenpass = date("Y-m-d H:i:s", strtotime('+1 hour')); if ($resultblock == 0) { $sql = "INSERT INTO " . $mysqltable_name_3 . " (login_system_forgot_password_user_id,login_system_forgot_password_username,login_system_forgot_password_expire,login_system_forgot_password_useremail,login_system_forgot_password_token,login_system_forgot_password_date,login_system_forgot_password_ip,login_system_forgot_password_attempts) VALUES (" . mysql_real_escape_string_awesome($queryid['login_system_registrations_user_id']) . "," . mysql_real_escape_string_awesome($finalusername) . "," . mysql_real_escape_string_awesome($expiretokenpass) . "," . mysql_real_escape_string_awesome($finaluseremail) . "," . mysql_real_escape_string_awesome($finalpasstoken) . "," . mysql_real_escape_string_awesome($datetime) . "," . mysql_real_escape_string_awesome($finaluserip) . ",'1')"; $insert = mysql_query($sql); } else { $updatefail = "UPDATE " . $mysqltable_name_3 . " SET login_system_forgot_password_attempts = login_system_forgot_password_attempts+1, login_system_forgot_password_ip = " . mysql_real_escape_string_awesome($finaluserip) . " ,login_system_forgot_password_expire = " . mysql_real_escape_string_awesome($expiretokenpass) . ", login_system_forgot_password_token = " . mysql_real_escape_string_awesome($finalpasstoken) . ", login_system_forgot_password_date = " . mysql_real_escape_string_awesome($datetime) . " WHERE login_system_forgot_password_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . ""; $updatequery = mysql_query($updatefail); } if ($blockResult['login_system_forgot_password_attempts'] == 5) { $blockedtime = date("Y-m-d H:i:s", strtotime('+1 hour')); $blocked = "UPDATE " . $mysqltable_name_3 . " SET login_system_forgot_password_blocked_time = " . mysql_real_escape_string_awesome($blockedtime) . " WHERE login_system_forgot_password_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . ""; $blockedquery = mysql_query($blocked); echo $lang['forgot_account_locked']; } elseif ($blockResult['login_system_forgot_password_attempts'] >= 6) { $sqlupdate = "UPDATE " . $mysqltable_name_3 . " SET login_system_forgot_password_attempts = '0', login_system_forgot_password_blocked_time = '0000-00-00 00:00:00', login_system_forgot_password_ip = " . mysql_real_escape_string_awesome($finaluserip) . ", login_system_forgot_password_token = " . mysql_real_escape_string_awesome($finalpasstoken) . ", login_system_forgot_password_expire = " . mysql_real_escape_string_awesome($expiretokenpass) . ", login_system_forgot_password_date = " . mysql_real_escape_string_awesome($datetime) . " WHERE login_system_forgot_password_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . ""; $updatesql = mysql_query($sqlupdate); include dirname(__FILE__) . '/phpmailer/PHPMailerAutoload.php'; include dirname(__FILE__) . '/messages/automessagepass.php'; $automail = new PHPMailer(); $automail->IsSMTP(); $automail->SMTPAuth = true; $automail->SMTPSecure = $protocol; $automail->Host = $host; $automail->Port = $port; $automail->Username = $smtpusername; $automail->Password = $smtppassword; $automail->From = $youremail; $automail->FromName = $yourname; $automail->isHTML(true); $automail->CharSet = "UTF-8";
if ($resultexpire == 1) { $search = mysql_query("SELECT login_system_forgot_password_useremail, login_system_forgot_password_token FROM " . $mysqltable_name_3 . " WHERE login_system_forgot_password_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . " AND login_system_forgot_password_token = " . mysql_real_escape_string_awesome($finalpasstoken) . ""); $result = mysql_num_rows($search); if ($result == 1) { $newpassword = strip_tags(trim_awesome($_POST["password"])); $newretypepassword = strip_tags(trim_awesome($_POST["retypepassword"])); $newfinalpass = htmlspecialchars($newpassword, ENT_QUOTES, 'UTF-8'); $newfinalretypepass = htmlspecialchars($newretypepassword, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('newpassword-form')) { echo $lang['new_password_wrong_security_token']; } else { include dirname(__FILE__) . '/php-pass-framework/PasswordHash.php'; $hasher = new PasswordHash(8, false); $finalsalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); $newpassword = $hasher->HashPassword($newfinalpass . $finalsalt . $passwordsalt); $update = "UPDATE " . $admission_users . " SET password = "******", salt = " . mysql_real_escape_string_awesome($finalsalt) . " WHERE email_id = " . mysql_real_escape_string_awesome($finaluseremail) . ""; $updatequery = mysql_query($update); if ($updatequery) { echo $lang['new_password_successful']; } else { echo $lang['new_password_unsuccessful']; } } } else { echo $lang['new_password_wrong_link_email_or_token']; } } else { echo $lang['new_password_link_expire']; } } else { echo $lang['new_password_wrong_link_or_email'];
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include '../language/' . $language[$_GET['lang']] . '.php'; } else { include '../language/en.php'; } $update_username = strip_tags(trim_awesome($_POST["update_username"])); $update_finalusername = htmlspecialchars($update_username, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('update-username-form')) { echo $lang['update_username_wrong_security_token']; } else { $usersearch = mysql_query("SELECT * FROM " . $admission_users . " WHERE application_id = " . mysql_real_escape_string_awesome($update_finalusername) . ""); $userresult = mysql_num_rows($usersearch); $userquery = mysql_fetch_array($usersearch); if ($userquery && $userquery['login_system_registrations_user_id'] != $_SESSION['userLogin']) { echo $lang['update_username_already_taken']; } else { $update1 = "UPDATE " . $admission_users . " SET application_id = " . mysql_real_escape_string_awesome($update_finalusername) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery1 = mysql_query($update1); $update2 = "UPDATE " . $mysqltable_name_2 . " SET login_system_login_attempts_username = "******" WHERE login_system_login_attempts_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery2 = mysql_query($update2); $update3 = "UPDATE " . $mysqltable_name_3 . " SET login_system_forgot_password_username = "******" WHERE login_system_forgot_password_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery3 = mysql_query($update3); $update4 = "UPDATE " . $mysqltable_name_4 . " SET login_system_email_activation_username = "******" WHERE login_system_email_activation_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery4 = mysql_query($update4); if ($updatequery1 && $updatequery2 && $updatequery3 && $updatequery4) { echo $lang['update_username_successful']; } else { echo $lang['update_username_unsuccessful']; } } }
include dirname(__FILE__) . '/hybridauth/Hybrid/Auth.php'; try { $hybridauth = new Hybrid_Auth($config); $provider = @trim(strip_tags($_GET["provider"])); $adapter = $hybridauth->getAdapter($provider); $finalemailtoken = md5(uniqid(rand(), true)); $datetime = date("Y-m-d H:i:s"); $expiretokenemail = date("Y-m-d H:i:s", strtotime('+1 hour')); $duplicate = mysql_query("SELECT * FROM " . $mysqltable_name_5 . " WHERE login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($finaluseremail) . ""); $result = mysql_num_rows($duplicate); if ($result == 0) { $usersuccess = mysql_query("SELECT login_system_register_social_networks_provider_user_id FROM " . $mysqltable_name_5 . " WHERE login_system_register_social_networks_provider_user_id = " . mysql_real_escape_string_awesome($_SESSION['loginProviderID']) . ""); $usersql = mysql_num_rows($usersuccess); $updatesuccess = "UPDATE " . $mysqltable_name_5 . " SET login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($finaluseremail) . ", login_system_register_social_networks_date = " . mysql_real_escape_string_awesome($datetime) . " WHERE login_system_register_social_networks_provider_user_id = " . mysql_real_escape_string_awesome($_SESSION['loginProviderID']) . ""; $updatesession = mysql_query($updatesuccess); $usersearch = mysql_query("SELECT login_system_register_social_networks_email FROM " . $mysqltable_name_5 . " WHERE login_system_register_social_networks_provider_user_id = " . mysql_real_escape_string_awesome($_SESSION['loginProviderID']) . ""); $userquery = mysql_num_rows($usersearch); if ($userquery) { echo $lang['complete_registration_success']; redirect_time($baseurl . 'admin/dashboard.php?provider=' . $provider . '&lang=' . $_GET['lang'] . ''); } else { echo $lang['complete_registration_error']; } } else { echo $lang['complete_registration_duplicate_email']; } } catch (Exception $e) { switch ($e->getCode()) { case 0: $error = $lang['login_social_hybrid_error']; break;
} ?> <!doctype html> <html> <head> <?php include '../header.php'; ?> </head> <body id="dashboard-body"> <?php $userInfo = mysql_query("SELECT login_system_registrations_user_id,application_status FROM " . $admission_users . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""); $userQuery = mysql_num_rows($userInfo); $user = mysql_fetch_array($userInfo); if ($user['application_status'] == "Completed") { redirect($baseurl . 'admin/done.php'); } else { if ($registration_closed == 'Y') { redirect($baseurl . 'admin/thankyou.php'); die; } } ?> <?php if ($_SESSION['userLogin'] && $_SESSION['userName']) {
$resultuser = mysql_fetch_array($searchuser); $finalfirstname = $resultuser['f_name']; $finallastname = $resultuser['l_name']; $finalusername = $resultuser['application_id']; if ($result == 1) { $finalemailtoken = md5(uniqid(rand(), true)); $expiretokenemail = date("Y-m-d H:i:s", strtotime('+1 hour')); $sqlupdate = "UPDATE " . $mysqltable_name_4 . " SET login_system_email_activation_attempts = login_system_email_activation_attempts+1, login_system_email_activation_ip = " . mysql_real_escape_string_awesome($finaluserip) . ", login_system_email_activation_token = " . mysql_real_escape_string_awesome($finalemailtoken) . ",login_system_email_activation_expire = " . mysql_real_escape_string_awesome($expiretokenemail) . ", login_system_email_activation_date = " . mysql_real_escape_string_awesome($datetime) . " WHERE login_system_email_activation_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . ""; $updatesql = mysql_query($sqlupdate); if ($blockResult['login_system_email_activation_attempts'] == 5) { $blockedtime = date("Y-m-d H:i:s", strtotime('+1 hour')); $blocked = "UPDATE " . $mysqltable_name_4 . " SET login_system_email_activation_blocked_time = " . mysql_real_escape_string_awesome($blockedtime) . " WHERE login_system_email_activation_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . ""; $blockedquery = mysql_query($blocked); echo $lang['resend_activation_token_account_locked']; } elseif ($blockResult['login_system_email_activation_attempts'] >= 6) { $sqlupdate = "UPDATE " . $mysqltable_name_4 . " SET login_system_email_activation_attempts = 0, login_system_email_activation_blocked_time = '0000-00-00 00:00:00', login_system_email_activation_ip = " . mysql_real_escape_string_awesome($finaluserip) . ", login_system_email_activation_token = " . mysql_real_escape_string_awesome($finalemailtoken) . ",login_system_email_activation_expire = " . mysql_real_escape_string_awesome($expiretokenemail) . ", login_system_email_activation_date = " . mysql_real_escape_string_awesome($datetime) . " WHERE login_system_email_activation_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . ""; $updatesql = mysql_query($sqlupdate); include dirname(__FILE__) . '/phpmailer/PHPMailerAutoload.php'; include dirname(__FILE__) . '/messages/automessageemail.php'; $automail = new PHPMailer(); $automail->IsSMTP(); $automail->SMTPAuth = true; $automail->SMTPSecure = $protocol; $automail->Host = $host; $automail->Port = $port; $automail->Username = $smtpusername; $automail->Password = $smtppassword; $automail->From = $youremail; $automail->FromName = $yourname; $automail->isHTML(true); $automail->CharSet = "UTF-8";
if (!isset($_SESSION)) { $some_name = session_name("VedicaAdmission"); session_start(); } include '../config/config.php'; include '../config/functions.php'; $language = array('en' => 'en', 'pt' => 'pt'); if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) { include '../language/' . $language[$_GET['lang']] . '.php'; } else { include '../language/en.php'; } $update_password = strip_tags(trim_awesome($_POST["update_password"])); $update_retypepassword = strip_tags(trim_awesome($_POST["update_retypepassword"])); $update_finalpass = htmlspecialchars($update_password, ENT_QUOTES, 'UTF-8'); $update_finalretypepass = htmlspecialchars($update_retypepassword, ENT_QUOTES, 'UTF-8'); if (!CSRF::check('update-password-form')) { echo $lang['update_password_wrong_security_token']; } else { include '../php-pass-framework/PasswordHash.php'; $hasher = new PasswordHash(8, false); $finalsalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); $newpassword = $hasher->HashPassword($update_finalpass . $finalsalt . $passwordsalt); $update = "UPDATE " . $admission_users . " SET password = "******", salt = " . mysql_real_escape_string_awesome($finalsalt) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . ""; $updatequery = mysql_query($update); if ($updatequery) { echo $lang['update_password_successful']; } else { echo $lang['update_password_unsuccessful']; } }
if ($time > $_SESSION['expire']) { session_destroy(); timeout(); exit(0); } } $_SESSION['start'] = time(); $_SESSION['expire'] = $_SESSION['start'] + 60 * 60; if (strlen(trim($_SESSION['userName'])) == 0) { session_destroy(); timeout(); die; } $applicationid = strip_tags(trim_awesome($_SESSION['userName'])); $rolemodelinfo = strip_tags(trim_awesome($_POST["rolemodelinfo"])); $failureinfo = strip_tags(trim_awesome($_POST["failureinfo"])); $acheivementasalumnus = strip_tags(trim_awesome($_POST["acheivementasalumnus"])); $supportinfo = strip_tags(trim_awesome($_POST["supportinfo"])); $finalapplicationid = htmlspecialchars($applicationid, ENT_QUOTES, 'UTF-8'); $finalrolemodelinfo = htmlspecialchars($rolemodelinfo, ENT_QUOTES, 'UTF-8'); $finalfailureinfo = htmlspecialchars($failureinfo, ENT_QUOTES, 'UTF-8'); $finalacheivementasalumnus = htmlspecialchars($acheivementasalumnus, ENT_QUOTES, 'UTF-8'); $finalsupportinfo = htmlspecialchars($supportinfo, ENT_QUOTES, 'UTF-8'); if ($mysql == true) { $sqladditionalinfo = "INSERT INTO `vedica_admn_2017`.`user_additional_info` (`application_id`, `role_model_info`, `failure_info`, `acheivement_as_alumnus`,`support_info`) VALUES (" . mysql_real_escape_string_awesome($finalapplicationid) . "," . mysql_real_escape_string_awesome($finalrolemodelinfo) . "," . mysql_real_escape_string_awesome($finalfailureinfo) . "," . mysql_real_escape_string_awesome($finalacheivementasalumnus) . "," . mysql_real_escape_string_awesome($finalsupportinfo) . ")\n\t\tON DUPLICATE KEY\n\t\tUPDATE\n\t\trole_model_info = VALUES(role_model_info),\n\t\tfailure_info = VALUES(failure_info),\n\t\tacheivement_as_alumnus = VALUES(acheivement_as_alumnus),\n\t\tsupport_info = VALUES(support_info)\n\t\t;"; $insertaddtionalinfo = mysql_query($sqladditionalinfo); if (!$insertaddtionalinfo) { die('Could not enter data: ' . mysql_error()); } } else { }