Author: Eric A. Bonney Date: September 24, 2009 Updated: */ require_once "includes/db.inc"; session_start(); // Get a connection to the database. if (!($connection = @mysql_connect($hostName, $username, $password))) { die("Could not connect to database"); } // Now that we are connected, select the correct database. if (!mysql_select_db($databaseName, $connection)) { showerror(); } $user_name = mysqlclean($_GET, "username", 25, $connection); $email = mysqlclean($_GET, "email", 50, $connection); // See if this username and email address is actually in the database and // not already confirmed. $query = "SELECT * FROM users WHERE user_name = '" . $user_name . "' AND email = '" . $email . "' AND\n\t confirmed = false"; if (!($result = @mysql_query($query, $connection))) { showerror(); } // Did we get only one row? if (mysql_num_rows($result) != 1) { // Either the account has already been confirmed or something doesn't match. $_SESSION["headerMessage"] = "Confirmation Error!"; $_SESSION["message"] = "Either this account has already been confirmed or the user name and\n\t\t\t\temail that you provided did not match."; header("Location: logout.php"); } else { // User is infact the correct one, update the account and redirect to login page. $query = "UPDATE users SET confirmed = true WHERE user_name = '{$user_name}'";
<?php include "db_secure.php"; if (!($connection = @mysql_connect(DB_HOST, 'conference', 'conference'))) { showerror(); } $name = mysqlclean($_POST, "name", 50, $connection); $email = mysqlclean($_POST, "email", 50, $connection); $category = mysqlclean($_POST, "category", 50, $connection); if (!mysql_select_db('conference', $connection)) { showerror(); } // lock tables $lock_query = "LOCK TABLES registrations3 WRITE"; if (!mysql_query($lock_query)) { showerror(); } $id_query = "SELECT MAX(id) AS id FROM registrations3"; if (!($result = mysql_query($id_query))) { showerror(); } if (mysql_num_rows($result) == 1) { $row = mysql_fetch_array($result, MYSQL_ASSOC); $next_id = $row['id'] + 1; } else { if (mysql_num_rows($results) == 0) { $next_id = 1; } else { // something bad has happened exit; }
} // end while loop body // Finish the <table> print "\n</table>"; } // end if $rowsFound body // Report how many rows were found print "{$rowsFound} records found matching your criteria<br>"; } // end of function // Connect to the MySQL server if (!($connection = @mysql_connect(DB_HOST, DB_USER, DB_PW))) { die("Could not connect"); } // Secure the user parameter $regionName $regionName = mysqlclean($_GET, "regionName", 30, $connection); if (!mysql_select_db(DB_NAME, $connection)) { showerror(); } // Start a query ... $query = "SELECT wine_id, wine_name, description, year, winery_name\n FROM winery, region, wine\n WHERE winery.region_id = region.region_id\n AND wine.winery_id = winery.winery_id"; // ... then, if the user has specified a region, add the regionName // as an AND clause ... if (isset($regionName) && $regionName != "All") { $query .= " AND region_name = '{$regionName}'"; } // ... and then complete the query. $query .= " ORDER BY wine_name"; // run the query and show the results displayWinesList($connection, $query, $regionName); ?>
<?php include "db_secure.php"; if (!($connection = @mysql_connect(DB_HOST, 'conference', 'conference'))) { showerror(); } $id = mysqlclean($_GET, "id", 11, $connection); if (!isset($id)) { die('no id given'); } if (!mysql_select_db('conference', $connection)) { showerror(); } $query = "SELECT * FROM registrations2 WHERE id = {$id}"; // echo $query; if (!($result = mysql_query($query))) { showerror(); } if (mysql_num_rows($result) == 1) { $row = mysql_fetch_array($result, MYSQL_ASSOC); } else { // something bad has happened exit; } ?> <html> <head> <title>Update Registration form</title> </head> <body>
// Now that we are connected, select the correct database. if (!mysql_select_db($databaseName, $connection)) { showerror(); } session_start(); //See if we have an authenticated user, if so, setup the appropriate message. if (isset($_SESSION["loggedinUserName"])) { // Get and clean all the possible settings. $first_name = mysqlclean($_POST, "FirstName", 25, $connection); $last_name = mysqlclean($_POST, "LastName", 25, $connection); $street_addr = mysqlclean($_POST, "StAdd", 50, $connection); $city = mysqlclean($_POST, "City", 25, $connection); $state = mysqlclean($_POST, "State", 2, $connection); $zipcode = mysqlclean($_POST, "ZipCode", 5, $connection); $newpass1 = mysqlclean($_POST, "NewPass1", 16, $connection); $newpass2 - mysqlclean($_POST, "NewPass2", 16, $connection); // Get the logged in user's user_id $usr_ID = getUserID($connection); // Go ahead and save the personal settings, or update them. if (!updateSettings($usr_ID, $first_name, $last_name, $street_addr, $city, $state, $zipcode, $connection)) { showerror(); } else { header("Location: settings.php"); } } else { //Seems the user has attempted to navigate directly to the dashboard without //logging in. Send them to the logout page with an error message. $_SESSION["headerMessage"] = "Error!!"; $_SESSION["message"] = "You must first log into the system before you can view the page."; // Send user to the logout page. header("Location: logout.php");
<?php include "db_secure.php"; if (!($connection = @mysql_connect(DB_HOST, 'conference', 'conference'))) { showerror(); } if (!mysql_select_db('conference', $connection)) { showerror(); } $deleted = false; if ($_POST['delete'] == 'Submit') { $id = mysqlclean($_POST, "registrant_id", 11, $connection); if (!isset($id)) { die('no id given'); } $query = "DELETE FROM registrations2 WHERE id = {$id}"; // echo $query; if (!mysql_query($query)) { showerror(); exit; } if (mysql_affected_rows() != 1) { // something bad has happened exit; } $deleted = true; unset($_POST['delete']); } $query = "SELECT * FROM registrations2 ORDER BY name"; // echo $query; if (!($result = mysql_query($query))) {
Author: Eric A. Bonney Date: September 24, 2009 Updated: */ require_once "includes/authentication.inc"; require_once "includes/db.inc"; // Get a connection to the database. if (!($connection = @mysql_connect($hostName, $username, $password))) { die("Could not connect to database"); } // Now that we are connected, select the correct database. if (!mysql_select_db($databaseName, $connection)) { showerror(); } $user_name = mysqlclean($_POST, "username", 25, $connection); $pass1 = mysqlclean($_POST, "password", 16, $connection); session_start(); // Authenticate the user. if (authenticateUser($connection, $user_name, $pass1)) { //Register the username $_SESSION["loggedinUserName"] = $user_name; //Register the current IP address of the user. $_SESSION["loginIP"] = $_SERVER["REMOTE_ADDR"]; // Send the user to the Dashboard. header("Location: dashboard.php"); exit; } else { //Authentication failed, setup a logout message $_SESSION["message"] = "Could not login as '{$user_name}'"; // Send user to the logout page. header("Location: logout.php");
require_once "includes/db.inc"; require_once "HTML/Template/ITX.php"; require_once "Mail.php"; require_once "fitlogfunc.php"; // Get a connection to the database. if (!($connection = @mysql_connect($hostName, $username, $password))) { die("Could not connect to database"); } // Now that we are connected, select the correct database. if (!mysql_select_db($databaseName, $connection)) { showerror(); } $user_name = mysqlclean($_POST, "username", 25, $connection); $email = mysqlclean($_POST, "email", 50, $connection); $pass1 = mysqlclean($_POST, "password", 16, $connection); $pass2 = mysqlclean($_POST, "confirmpass", 16, $connection); // First let's see if the username is already in the database, if so error out // and tell the user. $query = "SELECT user_name FROM users WHERE user_name='" . $user_name . "'"; if (!($result = @mysql_query($query, $connection))) { showerror(); } else { // check to see if we have any results. if (mysql_num_rows($result)) { die("Can't use the selected user name, it is already registered: " . $user_name); } } // See if the email address already is registered to a user. $query = "SELECT email FROM users WHERE email='" . $email . "'"; if (!($result = @mysql_query($query, $connection))) { showerror();
$_SESSION['name'] = $result1[0]; term_now(); echo "<script language='javascript' type='text/javascript'>window.location.href='admin/default.php'</script>"; } else { echo "<script language='javascript' type='text/javascript'>window.location.href='error.html';</script>"; } } else { echo "<script language='javascript' type='text/javascript'>window.location.href='error.html';</script>"; } } else { if ($usertype == 'admin_view') { $sql = "select user_name from `user_user` where user_name='" . $identify1 . "' and user_type='view' limit 1"; $query = mysql_query($sql); $result = mysql_fetch_row($query); if ($result[0] == $identify && $result[0] == true) { $sql = "select user_name from `user_user` where user_name='" . $identify1 . "' and (user_pass='******' or user_pass='******') limit 1"; $query = mysql_query($sql); $result1 = mysql_fetch_row($query); if ($result1[0] == true) { $_SESSION['user_id'] = $identify1; $_SESSION['type'] = $usertype; $_SESSION['name'] = $result1[0]; term_now(); echo "<script language='javascript' type='text/javascript'>window.location.href='admin/other_user/other_default.php'</script>"; } else { echo "<script language='javascript' type='text/javascript'>window.location.href='error.html';</script>"; } } else { echo "<script language='javascript' type='text/javascript'>window.location.href='error.html';</script>"; exit('未知错误'); }