Author: Eric A. Bonney
Date: September 24, 2009
Updated:
*/
require_once "includes/db.inc";
session_start();
// Get a connection to the database.
if (!($connection = @mysql_connect($hostName, $username, $password))) {
die("Could not connect to database");
}
// Now that we are connected, select the correct database.
if (!mysql_select_db($databaseName, $connection)) {
showerror();
}
$user_name = mysqlclean($_GET, "username", 25, $connection);
$email = mysqlclean($_GET, "email", 50, $connection);
// See if this username and email address is actually in the database and
// not already confirmed.
$query = "SELECT * FROM users WHERE user_name = '" . $user_name . "' AND email = '" . $email . "' AND\n\t confirmed = false";
if (!($result = @mysql_query($query, $connection))) {
showerror();
}
// Did we get only one row?
if (mysql_num_rows($result) != 1) {
// Either the account has already been confirmed or something doesn't match.
$_SESSION["headerMessage"] = "Confirmation Error!";
$_SESSION["message"] = "Either this account has already been confirmed or the user name and\n\t\t\t\temail that you provided did not match.";
header("Location: logout.php");
} else {
// User is infact the correct one, update the account and redirect to login page.
$query = "UPDATE users SET confirmed = true WHERE user_name = '{$user_name}'";
<?php
include "db_secure.php";
if (!($connection = @mysql_connect(DB_HOST, 'conference', 'conference'))) {
showerror();
}
$name = mysqlclean($_POST, "name", 50, $connection);
$email = mysqlclean($_POST, "email", 50, $connection);
$category = mysqlclean($_POST, "category", 50, $connection);
if (!mysql_select_db('conference', $connection)) {
showerror();
}
// lock tables
$lock_query = "LOCK TABLES registrations3 WRITE";
if (!mysql_query($lock_query)) {
showerror();
}
$id_query = "SELECT MAX(id) AS id FROM registrations3";
if (!($result = mysql_query($id_query))) {
showerror();
}
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$next_id = $row['id'] + 1;
} else {
if (mysql_num_rows($results) == 0) {
$next_id = 1;
} else {
// something bad has happened
exit;
}
}
// end while loop body
// Finish the <table>
print "\n</table>";
}
// end if $rowsFound body
// Report how many rows were found
print "{$rowsFound} records found matching your criteria<br>";
}
// end of function
// Connect to the MySQL server
if (!($connection = @mysql_connect(DB_HOST, DB_USER, DB_PW))) {
die("Could not connect");
}
// Secure the user parameter $regionName
$regionName = mysqlclean($_GET, "regionName", 30, $connection);
if (!mysql_select_db(DB_NAME, $connection)) {
showerror();
}
// Start a query ...
$query = "SELECT wine_id, wine_name, description, year, winery_name\n FROM winery, region, wine\n WHERE winery.region_id = region.region_id\n AND wine.winery_id = winery.winery_id";
// ... then, if the user has specified a region, add the regionName
// as an AND clause ...
if (isset($regionName) && $regionName != "All") {
$query .= " AND region_name = '{$regionName}'";
}
// ... and then complete the query.
$query .= " ORDER BY wine_name";
// run the query and show the results
displayWinesList($connection, $query, $regionName);
?>
<?php
include "db_secure.php";
if (!($connection = @mysql_connect(DB_HOST, 'conference', 'conference'))) {
showerror();
}
$id = mysqlclean($_GET, "id", 11, $connection);
if (!isset($id)) {
die('no id given');
}
if (!mysql_select_db('conference', $connection)) {
showerror();
}
$query = "SELECT * FROM registrations2 WHERE id = {$id}";
// echo $query;
if (!($result = mysql_query($query))) {
showerror();
}
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result, MYSQL_ASSOC);
} else {
// something bad has happened
exit;
}
?>
<html>
<head>
<title>Update Registration form</title>
</head>
<body>
// Now that we are connected, select the correct database.
if (!mysql_select_db($databaseName, $connection)) {
showerror();
}
session_start();
//See if we have an authenticated user, if so, setup the appropriate message.
if (isset($_SESSION["loggedinUserName"])) {
// Get and clean all the possible settings.
$first_name = mysqlclean($_POST, "FirstName", 25, $connection);
$last_name = mysqlclean($_POST, "LastName", 25, $connection);
$street_addr = mysqlclean($_POST, "StAdd", 50, $connection);
$city = mysqlclean($_POST, "City", 25, $connection);
$state = mysqlclean($_POST, "State", 2, $connection);
$zipcode = mysqlclean($_POST, "ZipCode", 5, $connection);
$newpass1 = mysqlclean($_POST, "NewPass1", 16, $connection);
$newpass2 - mysqlclean($_POST, "NewPass2", 16, $connection);
// Get the logged in user's user_id
$usr_ID = getUserID($connection);
// Go ahead and save the personal settings, or update them.
if (!updateSettings($usr_ID, $first_name, $last_name, $street_addr, $city, $state, $zipcode, $connection)) {
showerror();
} else {
header("Location: settings.php");
}
} else {
//Seems the user has attempted to navigate directly to the dashboard without
//logging in. Send them to the logout page with an error message.
$_SESSION["headerMessage"] = "Error!!";
$_SESSION["message"] = "You must first log into the system before you can view the page.";
// Send user to the logout page.
header("Location: logout.php");
<?php
include "db_secure.php";
if (!($connection = @mysql_connect(DB_HOST, 'conference', 'conference'))) {
showerror();
}
if (!mysql_select_db('conference', $connection)) {
showerror();
}
$deleted = false;
if ($_POST['delete'] == 'Submit') {
$id = mysqlclean($_POST, "registrant_id", 11, $connection);
if (!isset($id)) {
die('no id given');
}
$query = "DELETE FROM registrations2 WHERE id = {$id}";
// echo $query;
if (!mysql_query($query)) {
showerror();
exit;
}
if (mysql_affected_rows() != 1) {
// something bad has happened
exit;
}
$deleted = true;
unset($_POST['delete']);
}
$query = "SELECT * FROM registrations2 ORDER BY name";
// echo $query;
if (!($result = mysql_query($query))) {
Author: Eric A. Bonney
Date: September 24, 2009
Updated:
*/
require_once "includes/authentication.inc";
require_once "includes/db.inc";
// Get a connection to the database.
if (!($connection = @mysql_connect($hostName, $username, $password))) {
die("Could not connect to database");
}
// Now that we are connected, select the correct database.
if (!mysql_select_db($databaseName, $connection)) {
showerror();
}
$user_name = mysqlclean($_POST, "username", 25, $connection);
$pass1 = mysqlclean($_POST, "password", 16, $connection);
session_start();
// Authenticate the user.
if (authenticateUser($connection, $user_name, $pass1)) {
//Register the username
$_SESSION["loggedinUserName"] = $user_name;
//Register the current IP address of the user.
$_SESSION["loginIP"] = $_SERVER["REMOTE_ADDR"];
// Send the user to the Dashboard.
header("Location: dashboard.php");
exit;
} else {
//Authentication failed, setup a logout message
$_SESSION["message"] = "Could not login as '{$user_name}'";
// Send user to the logout page.
header("Location: logout.php");
require_once "includes/db.inc";
require_once "HTML/Template/ITX.php";
require_once "Mail.php";
require_once "fitlogfunc.php";
// Get a connection to the database.
if (!($connection = @mysql_connect($hostName, $username, $password))) {
die("Could not connect to database");
}
// Now that we are connected, select the correct database.
if (!mysql_select_db($databaseName, $connection)) {
showerror();
}
$user_name = mysqlclean($_POST, "username", 25, $connection);
$email = mysqlclean($_POST, "email", 50, $connection);
$pass1 = mysqlclean($_POST, "password", 16, $connection);
$pass2 = mysqlclean($_POST, "confirmpass", 16, $connection);
// First let's see if the username is already in the database, if so error out
// and tell the user.
$query = "SELECT user_name FROM users WHERE user_name='" . $user_name . "'";
if (!($result = @mysql_query($query, $connection))) {
showerror();
} else {
// check to see if we have any results.
if (mysql_num_rows($result)) {
die("Can't use the selected user name, it is already registered: " . $user_name);
}
}
// See if the email address already is registered to a user.
$query = "SELECT email FROM users WHERE email='" . $email . "'";
if (!($result = @mysql_query($query, $connection))) {
showerror();
$_SESSION['name'] = $result1[0];
term_now();
echo "<script language='javascript' type='text/javascript'>window.location.href='admin/default.php'</script>";
} else {
echo "<script language='javascript' type='text/javascript'>window.location.href='error.html';</script>";
}
} else {
echo "<script language='javascript' type='text/javascript'>window.location.href='error.html';</script>";
}
} else {
if ($usertype == 'admin_view') {
$sql = "select user_name from `user_user` where user_name='" . $identify1 . "' and user_type='view' limit 1";
$query = mysql_query($sql);
$result = mysql_fetch_row($query);
if ($result[0] == $identify && $result[0] == true) {
$sql = "select user_name from `user_user` where user_name='" . $identify1 . "' and (user_pass='******' or user_pass='******') limit 1";
$query = mysql_query($sql);
$result1 = mysql_fetch_row($query);
if ($result1[0] == true) {
$_SESSION['user_id'] = $identify1;
$_SESSION['type'] = $usertype;
$_SESSION['name'] = $result1[0];
term_now();
echo "<script language='javascript' type='text/javascript'>window.location.href='admin/other_user/other_default.php'</script>";
} else {
echo "<script language='javascript' type='text/javascript'>window.location.href='error.html';</script>";
}
} else {
echo "<script language='javascript' type='text/javascript'>window.location.href='error.html';</script>";
exit('未知错误');
}
