function checklogin($name, $passwd)
{
$dbc = connectToDB("jed");
$encodepw = sha1($passwd);
$result = performQuery($dbc, "select * FROM pwdemo where name='{$name}' and pass='******'");
$matches = mysqli_num_rows($result);
mysqli_free_result($result);
disconnectFromDB($dbc);
return $matches == 1;
}
function insert($dbc, $query)
{
$result = performQuery($dbc, $query);
if (!$result) {
//echo "<br> Registration failed";
errorform('insert');
} else {
//echo "<br> Insert success - $query";
successform();
}
}
function generateMarkers()
{
$dbc = connectToDB();
$query = "SELECT * FROM location";
$result = performQuery($dbc, $query);
$results = array();
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
$results[] = $row;
}
header('Content-type: application/json');
echo json_encode(array('results' => $results));
}
function checkPw($mailpw)
{
$encodedPw = sha1($mailpw);
$query = "SELECT * FROM `club` where password='******'";
$dbc = connectToDB();
$result = performQuery($dbc, $query);
$numRows = mysqli_num_rows($result);
if ($numRows > 0) {
echo "Password exists in system. <br/>";
} else {
echo "You have entered an incorrect password. Please try again.";
}
return $numRows;
}
function checkFirstTime($username, $passwd)
{
$dbc = connectToDB("leeawg");
$encodepw = sha1($passwd);
$query = "select * FROM account where user_id='{$username}' and password='******'";
$result = performQuery($dbc, $query);
$extractedSQL = mysqli_fetch_assoc($result);
$firstTimeStatus = $extractedSQL['first_time'];
disconnectFromDB($dbc, $result);
if ($firstTimeStatus == 1) {
return true;
} else {
return false;
}
}
function postMessage()
{
/* require the message the parameter */
if (isset($_GET['message']) && isset($_GET['location_id'])) {
$message = $_GET['message'];
$location_id = isset($_GET['location_id']) ? $_GET['location_id'] : 1;
//default is 1
/* connect to the database */
$dbc = connectToDB();
/* insert the message into the message table query*/
$query = "INSERT INTO message (comment, location_id) VALUES (\"{$message}\", {$location_id})";
$result = performQuery($dbc, $query);
echo "postMessage works yay";
return header('status: 200');
}
}
function viewMessage()
{
if (isset($_GET['location_id'])) {
$location_id = $_GET['location_id'];
$db = connectToDB();
/* query the list of messages*/
$query = "SELECT * from message where message.location_id = {$location_id}";
$result = performQuery($db, $query);
/* create array of messages */
$messages = array();
while ($message = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
$messages = array('comment' => $message);
}
header('Content-type: application/json');
echo json_encode($messages);
}
}
function postDrawing()
{
/* require the message the parameter */
if (isset($_GET['image']) && isset($_GET['location_id'])) {
$image = $_GET['image'];
$location_id = isset($_GET['location_id']) ? $_GET['location_id'] : 1;
//default is 1
$dbc = connectToDB();
/* insert the message into the message table query*/
$query = "INSERT INTO drawing (image, location_id) VALUES (\"{$image}\", {$location_id})";
$result = performQuery($dbc, $query);
//inserted in the database
echo "postMessage works yay";
return header('status: 200');
} else {
echo "malfunction";
errorJson('Upload malfunction');
}
}
function viewMessage()
{
if (isset($_GET['location_id'])) {
$location_id = $_GET['location_id'];
$db = connectToDB();
/* query the list of messages*/
$query = "SELECT comment from message where message.location_id = {$location_id} ORDER BY time ASC";
// $query = "SELECT comment,image from message join drawing where message.location_id = $location_id GROUP BY comment
// ORDER BY message.time ASC";
$result = performQuery($db, $query);
/* create array of messages */
$messages = array();
while ($message = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
$messages[] = $message;
}
header('Content-type: application/json');
echo json_encode(array('messages' => $messages));
}
}
function findpages($itemsPerPage)
{
if (isset($_GET['p'])) {
// get it from the URL if we've already been here
$pages = $_GET['p'];
} else {
// starting new, so get it from the database
$qry = "SELECT COUNT(CountryCode) as count from countries;";
$dbc = connectToDB("wfb2007");
$result = performQuery($dbc, $qry);
extract((array) mysqli_fetch_array($result, MYSQLI_ASSOC));
if ($count > $itemsPerPage) {
$pages = ceil($count / $itemsPerPage);
} else {
$pages = 1;
}
}
return $pages;
}
function createContinentMenu($menuname)
{
echo "<select name=\"{$menuname}\">\n";
$dbc = connectToDB();
$query = "select Continent from countries group by Continent";
$result = performQuery($dbc, $query);
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
$continent = $row['Continent'];
if (isset($_GET[$menuname]) && $_GET[$menuname] == $continent) {
echo "<option value = \"{$continent}\" selected> {$continent} </option>\n";
} else {
echo "<option value = \"{$continent}\"> {$continent} </option>\n";
}
}
echo "</select>";
disconnectFromDB($dbc, $result);
}
function getAuthors($guids)
{
// Construct the query.
$whereClause = "guid='" . implode("' OR guid='", $guids) . "'";
$query = "\n SELECT *\n FROM authorcachefull\n WHERE " . $whereClause;
// Get the JSON based on the GUIDs.
$res = performQuery($query);
// Compile the JSON.
$jsonResult = array();
while ($row = mysql_fetch_assoc($res)) {
$jsonResult[] = $row['json'];
}
// Return the JSON result to the client.
packageJSONResponse(array("data" => $jsonResult, "status" => 1));
}
function checkEmail($enteredemail)
{
$query = "SELECT email FROM `club` where email='{$enteredemail}'";
$dbc = connectToDB();
$result = performQuery($dbc, $query);
$numRows = mysqli_num_rows($result);
if ($numRows > 0) {
echo "Thank you, a new password has been sent to {$enteredemail}. <br/>";
} else {
echo "You have entered an incorrect email. Please try again.";
}
return $numRows;
}
function displayHomePage($string)
{
?>
<fieldset>
<center><img src="boston.png" /><br/>
<form method="post">
<input type="submit" name="add" value="Add Attraction" /><br/>
</form>
<form method="get">
<input type="submit" name="op" value="Clear" id="Clear" /><br/>
</form>
<form method="get">
Search for a string:<br/>
<input type="text" name="entsearch" placeholder="Enter Search" />
<input type="submit" name="search" value="Search" />
<br/><br/>
Compute distances:<br/>
<input type="text" name="entaddr" placeholder="Enter Address" />
<input type="submit" name="searchaddr" value="Search" />
</form>
</center>
</fieldset><br/><br/>
<?php
echo "<fieldset class=reviews>";
//Number of attractions
$query = "SELECT attraction_id FROM `bestofbc`";
$dbc = connectToDB();
$result = performQuery($dbc, $query);
$rows = mysqli_num_rows($result);
echo "There are {$rows} attractions<br/><br/><br/>";
?>
<?php
//DISPLAYS ALL ATTRACTIONS OR SEARCH ATTRACTIONS IF ENTERED SEARCH
$string = $_GET['entsearch'];
$string2 = $_GET['entaddr'];
//If nothing in search, display all attractions
if (empty($string) && empty($string2)) {
$query = "select * from `bestofbc` where attraction_id NOT IN ({$_COOKIE['omitstring']})";
$dbc = connectToDB();
$result = performQuery($dbc, $query);
//$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
?>
<table>
<?php
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
?>
<?php
$names = $row['name'];
$category = $row['category'];
$address = $row['address'];
$phone = $row['phone'];
$url = $row['url'];
$stars = $row['stars'];
$price_range = $row['price_range'];
$id = $row['attraction_id'];
echo "<th>Attraction</th><th>Comment</th><tr><td>";
echo "{$names} <br/> {$category} <br/> {$address} <br/> {$phone} <br/> {$url} <br/> {$stars} <br/> {$price_range} <br/><br/>";
echo "<form method=get>";
echo "<input type=submit name=\"op\" id=\"omitstring\" value=\"Hide Attraction\"/>";
echo "<input type=hidden name=\"id\" value=\"{$id}\"/>";
echo "</form>";
echo "</td>";
$comment = $row['comment'];
$user = $row['entered_by'];
$date = $row['insertion_date'];
echo "<td>";
echo "{$comment} <br/> {$user} <i>{$date}</i> <br/><br/>";
echo "</td></tr>";
}
?>
</table>
<?php
echo "</fieldset>";
} else {
//Else, search for attraction
if (isset($_GET['search'])) {
$string = $_GET['entsearch'];
$query = "select entered_by, name, category, address, phone, url, stars, price_range, comment from `bestofbc` where entered_by LIKE '%{$string}%' OR name LIKE '%{$string}%'";
$dbc = connectToDB();
$result = performQuery($dbc, $query);
?>
<table>
<?php
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
?>
<?php
$names = $row['name'];
$category = $row['category'];
$address = $row['address'];
$phone = $row['phone'];
$url = $row['url'];
$stars = $row['stars'];
$price_range = $row['price_range'];
$id = $row['attraction_id'];
echo "<th>Attraction</th><th>Comment</th><tr><td>";
echo "{$names} <br/> {$category} <br/> {$address} <br/> {$phone} <br/> {$url} <br/> {$stars} <br/> {$price_range} <br/><br/>";
//echo "<input type=submit name='hide' value='Hide Attraction' />";
echo "<form method=get>";
echo "<input type=submit name=\"op\" id=\"hideattr\" value=\"Hide Attraction\"/>";
echo "<input type=hidden name=\"id\" value=\"{$id}\"/>";
echo "</form>";
echo "</td>";
$comment = $row['comment'];
$user = $row['entered_by'];
$date = $row['insertion_date'];
echo "<td>";
echo "{$comment} <br/> {$user} <i>{$date}</i> <br/><br/>";
echo "</td></tr>";
}
?>
</table>
<?php
echo "</fieldset>";
}
if (isset($_GET['searchaddr'])) {
$addr = $_GET['entaddr'];
//echo "$addr <br/>";
$loc2 = makeLocArrayTwo();
$lat2 = $loc2['latitude'];
$long2 = $loc2['longitude'];
//echo "Lat is $lat2 and long is $long2<br/>";
$query = "select entered_by, name, category, address, phone, url, stars, price_range, comment, latitude, longitude from `bestofbc` where entered_by LIKE '%{$string}%' OR name LIKE '%{$string}%'";
$dbc = connectToDB();
$result = performQuery($dbc, $query);
?>
<table>
<?php
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
?>
<?php
$names = $row['name'];
$category = $row['category'];
$address = $row['address'];
$phone = $row['phone'];
$url = $row['url'];
$stars = $row['stars'];
$price_range = $row['price_range'];
echo "<th>Attraction</th><th>Comment</th><th>Distance</th><tr><td>";
echo "{$names} <br/> {$category} <br/> {$address} <br/> {$phone} <br/> {$url} <br/> {$stars} <br/> {$price_range} <br/><br/>";
echo "<input type=submit name='hide' value='Hide Attraction' />";
echo "</td>";
$comment = $row['comment'];
$user = $row['entered_by'];
$date = $row['insertion_date'];
echo "<td>";
echo "{$comment} <br/> {$user} <i>{$date}</i> <br/><br/>";
echo "</td>";
$lat1 = $row['latitude'];
$long1 = $row['longitude'];
$loc1 = array("latitude" => $lat1, "longitude" => $long1);
echo "<td>";
echo dist($loc1, $loc2);
echo "</td></tr>";
}
?>
</table>
<?php
echo "</fieldset>";
}
}
}
function displayMain()
{
?>
<nav id="menu">
<form method="get">
<ul>
<?php
//Array of keys that will be used for CSS
$classKey = array("interest1" => "rocket", "interest2" => "wine", "interest3" => "burger", "interest4" => "comment", "interest5" => "sport", "interest6" => "earth");
$i_image = 0;
//die(9 + (16.5 * ($i_image+1) ) );
$username = $_COOKIE['loginCookieUser'];
$dbc = connectToDB("leeawg");
for ($i = 0; $i < 6; $i++) {
$x = 'interest' . ($i + 1);
$query = "SELECT {$x} FROM account WHERE user_id = '{$username}' and {$x} is not null";
$result = performQuery($dbc, $query);
$rowsFound = mysqli_num_rows($result);
$extractedSQL = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ($rowsFound == 1) {
$location_percent = 9 + 16.5 * $i_image;
echo "<style>." . $classKey[$x] . ":hover~ .current{ left: {$location_percent}%; }</style> \n";
echo "<li class=" . $classKey[$x] . "> <a href=interestVideos.php?op={$extractedSQL[$x]}>" . $extractedSQL[$x] . "</a></li> \n";
$i_image++;
}
}
?>
<div class="current">
<div class="top-arrow"></div>
<div class="current-back"></div>
<div class="bottom-arrow"></div>
</div>
</ul>
</form>
</nav>
<?php
}
function handleform($name, $email, $pw1, $membership)
{
$encoded1 = sha1($pw1);
$query = "INSERT INTO `club` values ('{$name}', '{$email}', '{$encoded1}', now(), '{$membership}');";
$dbc = connectToDB();
performQuery($dbc, $query);
}
function addInterestToDB($username)
{
$dbc = connectToDB("leeawg");
// pull interests out from $_POST and add to DB.
for ($i = 0; $i < 6; $i++) {
$x = 'interest' . ($i + 1);
if (isset($_POST[$x])) {
$query = "UPDATE account SET {$x} = '{$_POST[$x]}' WHERE user_id = '{$username}'";
performQuery($dbc, $query);
} else {
$query = "UPDATE account SET {$x} = NULL WHERE user_id = '{$username}'";
performQuery($dbc, $query);
}
}
$query = "UPDATE account SET first_time = 0 WHERE user_id = '{$username}'";
performQuery($dbc, $query);
mysqli_close($dbc);
echo "<h2>Your interests have been added!</h2>";
?>
<p>You will be redirected to the main page in <span id="counter">5</span> second(s).</p>
<script type="text/javascript">
function countdown() {
var i = document.getElementById('counter');
if (parseInt(i.innerHTML)<=0) {
location.href = 'login.php';
}
i.innerHTML = parseInt(i.innerHTML)-1;
}
setInterval(function(){ countdown(); },1000);
</script>
<meta http-equiv="refresh" content="5;URL='main.php'" />
<?php
}
function getTimestamp($link)
{
$result = performQuery($link, 'SELECT UNIX_TIMESTAMP()');
$value = $result ? fetchOnlyValue($result) : null;
mysqli_free_result($result);
return $value;
}
