function DisplayTagSelector($includeRestricted, $activeTags)
{
    $conn = connectToDB();
    $sql = 'SELECT CName, CEntryAdvice, CIcon FROM Categories ' . ($includeRestricted ? '' : 'WHERE Restricted=0 ') . 'ORDER BY CName';
    $categories = CheckedQuery($sql, $conn);
    while ($category = $categories->fetch_assoc()) {
        $icon = $category['CIcon'];
        if (!isset($icon)) {
            $icon = "mdi-file-folder-open";
        }
        echo '<li> <div class="collapsible-header" title="' . sanitizeOut($category['CEntryAdvice']) . '">';
        echo '<i class="' . $icon . '"></i>';
        echo sanitizeOut($category['CName']);
        echo '</div> <div class="collapsible-body">';
        $tags = CheckedQuery("SELECT TName, TEntryAdvice FROM Tags WHERE CName='" . sanitizeOut($category['CName']) . "' ORDER BY TName", $conn);
        while ($tag = $tags->fetch_assoc()) {
            $id = sanitizeOut($tag['TName']);
            //If we need unique {Category, Tag} rather than {Tag}:  $category['CName'] . ':' . $tag['TName'];
            echo '<ul class="left" title="' . sanitizeOut($tag['TEntryAdvice']) . '">';
            echo '<input type="checkbox" class="filled-in" id="' . $id . '" name="Tags[]" value="' . $id . '" ';
            if ($activeTags[$id]) {
                echo 'checked="checked" ';
            }
            echo '/>  <label for="' . $id . '">';
            echo sanitizeOut($tag['TName']);
            echo '</label> </ul>';
        }
    }
    $conn->close();
}
function AccountName()
{
    $user = getUser();
    if ($user->isLoggedIn()) {
        $data = $user->getData();
        echo sanitizeOut($data['FirstName']) . " " . sanitizeOut($data['LastName']);
    } else {
        echo 'Account';
    }
}
function DisplayDetailsBar()
{
    $conn = connectToDB();
    $FeedbackID = $_GET['FeedbackID'];
    SanitizeIn($FeedbackID);
    $sql = "SELECT `FeedbackID`, `FirstName`, `LastName`, `Anonymous`, DATE_FORMAT(`Edited`,'%M %d, %Y') AS `Edited` " . "FROM `Feedbacks`, `Users` WHERE `FeedbackID`='" . $FeedbackID . "' AND `Users`.`UserID`=`Feedbacks`.`UserID`";
    $feedback = GetSingleDbValue($sql, $conn);
    if ($feedback) {
        echo '<td>' . sanitizeOut($feedback['FeedbackID']) . '</td>';
        //<td>CS is okay</td>
        echo '<td>' . AnonOrUserName($feedback) . '</td>';
        //<td>Dr.Beane</td>
        echo '<td>' . sanitizeOut($feedback['Edited']) . '</td>';
    }
    $conn->close();
}
function onSigninPost()
{
    ///first, see if this page is responding to a login attempt
    $email = $_POST["Email"];
    $password = $_POST["Password"];
    if (empty($email) || empty($password)) {
        return;
        //if not, quit
    }
    sanitizeIn($email);
    sanitizeIn($password);
    ///if we are dealing with a real login attempt, setup the session state
    $user = getUser();
    ///then (finally) try to log in, and print success or failure to the screen
    if ($user->tryLogin($email, $password)) {
        $data = $user->getData();
        //redirect to the previous page, IFF it is in our website (TODO: can they use an @ or similar?)
        if (startsWith($_POST["referer"], WEBSITE_LOCATION)) {
            $_SESSION['Header'] = '<meta http-equiv="refresh" content="0; ' . $_POST["referer"] . '" />';
        }
        $_SESSION['OnLoginMessage'] = "<h6><center>Welcome, " . sanitizeOut($data['FirstName']) . " " . sanitizeOut($data['LastName']) . "!</center></h6>";
        $_SESSION['user'] = $user;
        //because I'm pretty sure $user isn't passed-by-reference
    } else {
        $_SESSION['OnLoginMessage'] = "<h6><center>Email or Password incorrect.</center></h6>";
    }
}
예제 #5
0
					<div class="input-field col s5 offset-s1">
						<input id="email" type="text" class="validate" name="EmailAddress" value="' . sanitizeOut($data['EmailAddress']) . '" />
						<label for="email">*Email Address</label>
					</div>
					<div class="input-field col s5">
						<input id="website" type="text" class="validate" name="Website" value="' . sanitizeOut($data['Website']) . '" />
						<label for="website">Website</label>
					</div>
				</div>
				<div class="row">
					<div class="input-field col s7 offset-s1">
						<input id="address" type="text" class="validate" name="MailingAddress" value="' . sanitizeOut($data['MailingAddress']) . '" />
						<label for="address">Address</label>
					</div>
					<div class="input-field col s3">
						<input id="phone" type="text" class="validate" name="Phone" value="' . sanitizeOut($data['Phone']) . '" />
						<label for="phone">Phone</label>
					</div>
				</div>
				<div class="row">
					<div class="input-field col s4 offset-s1">
						<input id="password" type="password" class="validate" name="Password" value="" />
						<label for="password">*Password</label>
					</div>
				</div>
				
				<div class="row center">
				<a onclick="history.go(-1);" id="download-button" class="btn waves-effect waves-light red lighten-1">Cancel</a>&nbsp;
	  			<button class="btn waves-effect waves-light " type="submit" formmethod="POST" name="action">Save Changes<i class="mdi-content-send right"></i></button>
				</div>
				</form>
function GetTagsString($FeedbackID, $conn)
{
    $retVal = '';
    $tags = CheckedQuery("SELECT TName FROM `FeedbackTags` WHERE `FeedbackID`='" . $FeedbackID . "'", $conn);
    while ($row = $tags->fetch_assoc()) {
        $retVal = $retVal . $row['TName'] . ', ';
    }
    $retVal = substr($retVal, 0, -2);
    //chop off the trailing ', '
    $retVal = sanitizeOut($retVal);
    //sanitize
    if (empty($retVal)) {
        $retVal = "&nbsp;";
        //prevent column-alignment weirdness
    }
    return $retVal;
}
예제 #7
0
function getEmployerFor($userID, $conn)
{
    $employerDisp = "";
    $employers = CheckedQuery("SELECT EName from EmploymentHistories WHERE UserID='" . $userID . "' AND Current=1 AND Private=0", $conn);
    if ($row = $employers->fetch_assoc()) {
        $employerDisp = sanitizeOut($row['EName']);
        while ($row = $employers->fetch_assoc()) {
            $employerDisp = $employerDisp . '<br />' . sanitizeOut($row['EName']);
        }
    }
    return $employerDisp;
}