function checklogin($name, $passwd) { $dbc = connectToDB("jed"); $encodepw = sha1($passwd); $result = performQuery($dbc, "select * FROM pwdemo where name='{$name}' and pass='******'"); $matches = mysqli_num_rows($result); mysqli_free_result($result); disconnectFromDB($dbc); return $matches == 1; }
function insert($dbc, $query) { $result = performQuery($dbc, $query); if (!$result) { //echo "<br> Registration failed"; errorform('insert'); } else { //echo "<br> Insert success - $query"; successform(); } }
function generateMarkers() { $dbc = connectToDB(); $query = "SELECT * FROM location"; $result = performQuery($dbc, $query); $results = array(); while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $results[] = $row; } header('Content-type: application/json'); echo json_encode(array('results' => $results)); }
function checkPw($mailpw) { $encodedPw = sha1($mailpw); $query = "SELECT * FROM `club` where password='******'"; $dbc = connectToDB(); $result = performQuery($dbc, $query); $numRows = mysqli_num_rows($result); if ($numRows > 0) { echo "Password exists in system. <br/>"; } else { echo "You have entered an incorrect password. Please try again."; } return $numRows; }
function checkFirstTime($username, $passwd) { $dbc = connectToDB("leeawg"); $encodepw = sha1($passwd); $query = "select * FROM account where user_id='{$username}' and password='******'"; $result = performQuery($dbc, $query); $extractedSQL = mysqli_fetch_assoc($result); $firstTimeStatus = $extractedSQL['first_time']; disconnectFromDB($dbc, $result); if ($firstTimeStatus == 1) { return true; } else { return false; } }
function postMessage() { /* require the message the parameter */ if (isset($_GET['message']) && isset($_GET['location_id'])) { $message = $_GET['message']; $location_id = isset($_GET['location_id']) ? $_GET['location_id'] : 1; //default is 1 /* connect to the database */ $dbc = connectToDB(); /* insert the message into the message table query*/ $query = "INSERT INTO message (comment, location_id) VALUES (\"{$message}\", {$location_id})"; $result = performQuery($dbc, $query); echo "postMessage works yay"; return header('status: 200'); } }
function viewMessage() { if (isset($_GET['location_id'])) { $location_id = $_GET['location_id']; $db = connectToDB(); /* query the list of messages*/ $query = "SELECT * from message where message.location_id = {$location_id}"; $result = performQuery($db, $query); /* create array of messages */ $messages = array(); while ($message = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $messages = array('comment' => $message); } header('Content-type: application/json'); echo json_encode($messages); } }
function postDrawing() { /* require the message the parameter */ if (isset($_GET['image']) && isset($_GET['location_id'])) { $image = $_GET['image']; $location_id = isset($_GET['location_id']) ? $_GET['location_id'] : 1; //default is 1 $dbc = connectToDB(); /* insert the message into the message table query*/ $query = "INSERT INTO drawing (image, location_id) VALUES (\"{$image}\", {$location_id})"; $result = performQuery($dbc, $query); //inserted in the database echo "postMessage works yay"; return header('status: 200'); } else { echo "malfunction"; errorJson('Upload malfunction'); } }
function viewMessage() { if (isset($_GET['location_id'])) { $location_id = $_GET['location_id']; $db = connectToDB(); /* query the list of messages*/ $query = "SELECT comment from message where message.location_id = {$location_id} ORDER BY time ASC"; // $query = "SELECT comment,image from message join drawing where message.location_id = $location_id GROUP BY comment // ORDER BY message.time ASC"; $result = performQuery($db, $query); /* create array of messages */ $messages = array(); while ($message = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $messages[] = $message; } header('Content-type: application/json'); echo json_encode(array('messages' => $messages)); } }
function findpages($itemsPerPage) { if (isset($_GET['p'])) { // get it from the URL if we've already been here $pages = $_GET['p']; } else { // starting new, so get it from the database $qry = "SELECT COUNT(CountryCode) as count from countries;"; $dbc = connectToDB("wfb2007"); $result = performQuery($dbc, $qry); extract((array) mysqli_fetch_array($result, MYSQLI_ASSOC)); if ($count > $itemsPerPage) { $pages = ceil($count / $itemsPerPage); } else { $pages = 1; } } return $pages; }
function createContinentMenu($menuname) { echo "<select name=\"{$menuname}\">\n"; $dbc = connectToDB(); $query = "select Continent from countries group by Continent"; $result = performQuery($dbc, $query); while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $continent = $row['Continent']; if (isset($_GET[$menuname]) && $_GET[$menuname] == $continent) { echo "<option value = \"{$continent}\" selected> {$continent} </option>\n"; } else { echo "<option value = \"{$continent}\"> {$continent} </option>\n"; } } echo "</select>"; disconnectFromDB($dbc, $result); }
function getAuthors($guids) { // Construct the query. $whereClause = "guid='" . implode("' OR guid='", $guids) . "'"; $query = "\n SELECT *\n FROM authorcachefull\n WHERE " . $whereClause; // Get the JSON based on the GUIDs. $res = performQuery($query); // Compile the JSON. $jsonResult = array(); while ($row = mysql_fetch_assoc($res)) { $jsonResult[] = $row['json']; } // Return the JSON result to the client. packageJSONResponse(array("data" => $jsonResult, "status" => 1)); }
function checkEmail($enteredemail) { $query = "SELECT email FROM `club` where email='{$enteredemail}'"; $dbc = connectToDB(); $result = performQuery($dbc, $query); $numRows = mysqli_num_rows($result); if ($numRows > 0) { echo "Thank you, a new password has been sent to {$enteredemail}. <br/>"; } else { echo "You have entered an incorrect email. Please try again."; } return $numRows; }
function displayHomePage($string) { ?> <fieldset> <center><img src="boston.png" /><br/> <form method="post"> <input type="submit" name="add" value="Add Attraction" /><br/> </form> <form method="get"> <input type="submit" name="op" value="Clear" id="Clear" /><br/> </form> <form method="get"> Search for a string:<br/> <input type="text" name="entsearch" placeholder="Enter Search" /> <input type="submit" name="search" value="Search" /> <br/><br/> Compute distances:<br/> <input type="text" name="entaddr" placeholder="Enter Address" /> <input type="submit" name="searchaddr" value="Search" /> </form> </center> </fieldset><br/><br/> <?php echo "<fieldset class=reviews>"; //Number of attractions $query = "SELECT attraction_id FROM `bestofbc`"; $dbc = connectToDB(); $result = performQuery($dbc, $query); $rows = mysqli_num_rows($result); echo "There are {$rows} attractions<br/><br/><br/>"; ?> <?php //DISPLAYS ALL ATTRACTIONS OR SEARCH ATTRACTIONS IF ENTERED SEARCH $string = $_GET['entsearch']; $string2 = $_GET['entaddr']; //If nothing in search, display all attractions if (empty($string) && empty($string2)) { $query = "select * from `bestofbc` where attraction_id NOT IN ({$_COOKIE['omitstring']})"; $dbc = connectToDB(); $result = performQuery($dbc, $query); //$row = mysqli_fetch_array($result, MYSQLI_ASSOC); ?> <table> <?php while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { ?> <?php $names = $row['name']; $category = $row['category']; $address = $row['address']; $phone = $row['phone']; $url = $row['url']; $stars = $row['stars']; $price_range = $row['price_range']; $id = $row['attraction_id']; echo "<th>Attraction</th><th>Comment</th><tr><td>"; echo "{$names} <br/> {$category} <br/> {$address} <br/> {$phone} <br/> {$url} <br/> {$stars} <br/> {$price_range} <br/><br/>"; echo "<form method=get>"; echo "<input type=submit name=\"op\" id=\"omitstring\" value=\"Hide Attraction\"/>"; echo "<input type=hidden name=\"id\" value=\"{$id}\"/>"; echo "</form>"; echo "</td>"; $comment = $row['comment']; $user = $row['entered_by']; $date = $row['insertion_date']; echo "<td>"; echo "{$comment} <br/> {$user} <i>{$date}</i> <br/><br/>"; echo "</td></tr>"; } ?> </table> <?php echo "</fieldset>"; } else { //Else, search for attraction if (isset($_GET['search'])) { $string = $_GET['entsearch']; $query = "select entered_by, name, category, address, phone, url, stars, price_range, comment from `bestofbc` where entered_by LIKE '%{$string}%' OR name LIKE '%{$string}%'"; $dbc = connectToDB(); $result = performQuery($dbc, $query); ?> <table> <?php while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { ?> <?php $names = $row['name']; $category = $row['category']; $address = $row['address']; $phone = $row['phone']; $url = $row['url']; $stars = $row['stars']; $price_range = $row['price_range']; $id = $row['attraction_id']; echo "<th>Attraction</th><th>Comment</th><tr><td>"; echo "{$names} <br/> {$category} <br/> {$address} <br/> {$phone} <br/> {$url} <br/> {$stars} <br/> {$price_range} <br/><br/>"; //echo "<input type=submit name='hide' value='Hide Attraction' />"; echo "<form method=get>"; echo "<input type=submit name=\"op\" id=\"hideattr\" value=\"Hide Attraction\"/>"; echo "<input type=hidden name=\"id\" value=\"{$id}\"/>"; echo "</form>"; echo "</td>"; $comment = $row['comment']; $user = $row['entered_by']; $date = $row['insertion_date']; echo "<td>"; echo "{$comment} <br/> {$user} <i>{$date}</i> <br/><br/>"; echo "</td></tr>"; } ?> </table> <?php echo "</fieldset>"; } if (isset($_GET['searchaddr'])) { $addr = $_GET['entaddr']; //echo "$addr <br/>"; $loc2 = makeLocArrayTwo(); $lat2 = $loc2['latitude']; $long2 = $loc2['longitude']; //echo "Lat is $lat2 and long is $long2<br/>"; $query = "select entered_by, name, category, address, phone, url, stars, price_range, comment, latitude, longitude from `bestofbc` where entered_by LIKE '%{$string}%' OR name LIKE '%{$string}%'"; $dbc = connectToDB(); $result = performQuery($dbc, $query); ?> <table> <?php while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { ?> <?php $names = $row['name']; $category = $row['category']; $address = $row['address']; $phone = $row['phone']; $url = $row['url']; $stars = $row['stars']; $price_range = $row['price_range']; echo "<th>Attraction</th><th>Comment</th><th>Distance</th><tr><td>"; echo "{$names} <br/> {$category} <br/> {$address} <br/> {$phone} <br/> {$url} <br/> {$stars} <br/> {$price_range} <br/><br/>"; echo "<input type=submit name='hide' value='Hide Attraction' />"; echo "</td>"; $comment = $row['comment']; $user = $row['entered_by']; $date = $row['insertion_date']; echo "<td>"; echo "{$comment} <br/> {$user} <i>{$date}</i> <br/><br/>"; echo "</td>"; $lat1 = $row['latitude']; $long1 = $row['longitude']; $loc1 = array("latitude" => $lat1, "longitude" => $long1); echo "<td>"; echo dist($loc1, $loc2); echo "</td></tr>"; } ?> </table> <?php echo "</fieldset>"; } } }
function displayMain() { ?> <nav id="menu"> <form method="get"> <ul> <?php //Array of keys that will be used for CSS $classKey = array("interest1" => "rocket", "interest2" => "wine", "interest3" => "burger", "interest4" => "comment", "interest5" => "sport", "interest6" => "earth"); $i_image = 0; //die(9 + (16.5 * ($i_image+1) ) ); $username = $_COOKIE['loginCookieUser']; $dbc = connectToDB("leeawg"); for ($i = 0; $i < 6; $i++) { $x = 'interest' . ($i + 1); $query = "SELECT {$x} FROM account WHERE user_id = '{$username}' and {$x} is not null"; $result = performQuery($dbc, $query); $rowsFound = mysqli_num_rows($result); $extractedSQL = mysqli_fetch_array($result, MYSQLI_ASSOC); if ($rowsFound == 1) { $location_percent = 9 + 16.5 * $i_image; echo "<style>." . $classKey[$x] . ":hover~ .current{ left: {$location_percent}%; }</style> \n"; echo "<li class=" . $classKey[$x] . "> <a href=interestVideos.php?op={$extractedSQL[$x]}>" . $extractedSQL[$x] . "</a></li> \n"; $i_image++; } } ?> <div class="current"> <div class="top-arrow"></div> <div class="current-back"></div> <div class="bottom-arrow"></div> </div> </ul> </form> </nav> <?php }
function handleform($name, $email, $pw1, $membership) { $encoded1 = sha1($pw1); $query = "INSERT INTO `club` values ('{$name}', '{$email}', '{$encoded1}', now(), '{$membership}');"; $dbc = connectToDB(); performQuery($dbc, $query); }
function addInterestToDB($username) { $dbc = connectToDB("leeawg"); // pull interests out from $_POST and add to DB. for ($i = 0; $i < 6; $i++) { $x = 'interest' . ($i + 1); if (isset($_POST[$x])) { $query = "UPDATE account SET {$x} = '{$_POST[$x]}' WHERE user_id = '{$username}'"; performQuery($dbc, $query); } else { $query = "UPDATE account SET {$x} = NULL WHERE user_id = '{$username}'"; performQuery($dbc, $query); } } $query = "UPDATE account SET first_time = 0 WHERE user_id = '{$username}'"; performQuery($dbc, $query); mysqli_close($dbc); echo "<h2>Your interests have been added!</h2>"; ?> <p>You will be redirected to the main page in <span id="counter">5</span> second(s).</p> <script type="text/javascript"> function countdown() { var i = document.getElementById('counter'); if (parseInt(i.innerHTML)<=0) { location.href = 'login.php'; } i.innerHTML = parseInt(i.innerHTML)-1; } setInterval(function(){ countdown(); },1000); </script> <meta http-equiv="refresh" content="5;URL='main.php'" /> <?php }
function getTimestamp($link) { $result = performQuery($link, 'SELECT UNIX_TIMESTAMP()'); $value = $result ? fetchOnlyValue($result) : null; mysqli_free_result($result); return $value; }