function DisplayTagSelector($includeRestricted, $activeTags)
{
$conn = connectToDB();
$sql = 'SELECT CName, CEntryAdvice, CIcon FROM Categories ' . ($includeRestricted ? '' : 'WHERE Restricted=0 ') . 'ORDER BY CName';
$categories = CheckedQuery($sql, $conn);
while ($category = $categories->fetch_assoc()) {
$icon = $category['CIcon'];
if (!isset($icon)) {
$icon = "mdi-file-folder-open";
}
echo '<li> <div class="collapsible-header" title="' . sanitizeOut($category['CEntryAdvice']) . '">';
echo '<i class="' . $icon . '"></i>';
echo sanitizeOut($category['CName']);
echo '</div> <div class="collapsible-body">';
$tags = CheckedQuery("SELECT TName, TEntryAdvice FROM Tags WHERE CName='" . sanitizeOut($category['CName']) . "' ORDER BY TName", $conn);
while ($tag = $tags->fetch_assoc()) {
$id = sanitizeOut($tag['TName']);
//If we need unique {Category, Tag} rather than {Tag}: $category['CName'] . ':' . $tag['TName'];
echo '<ul class="left" title="' . sanitizeOut($tag['TEntryAdvice']) . '">';
echo '<input type="checkbox" class="filled-in" id="' . $id . '" name="Tags[]" value="' . $id . '" ';
if ($activeTags[$id]) {
echo 'checked="checked" ';
}
echo '/> <label for="' . $id . '">';
echo sanitizeOut($tag['TName']);
echo '</label> </ul>';
}
}
$conn->close();
}
function AccountName()
{
$user = getUser();
if ($user->isLoggedIn()) {
$data = $user->getData();
echo sanitizeOut($data['FirstName']) . " " . sanitizeOut($data['LastName']);
} else {
echo 'Account';
}
}
function DisplayDetailsBar()
{
$conn = connectToDB();
$FeedbackID = $_GET['FeedbackID'];
SanitizeIn($FeedbackID);
$sql = "SELECT `FeedbackID`, `FirstName`, `LastName`, `Anonymous`, DATE_FORMAT(`Edited`,'%M %d, %Y') AS `Edited` " . "FROM `Feedbacks`, `Users` WHERE `FeedbackID`='" . $FeedbackID . "' AND `Users`.`UserID`=`Feedbacks`.`UserID`";
$feedback = GetSingleDbValue($sql, $conn);
if ($feedback) {
echo '<td>' . sanitizeOut($feedback['FeedbackID']) . '</td>';
//<td>CS is okay</td>
echo '<td>' . AnonOrUserName($feedback) . '</td>';
//<td>Dr.Beane</td>
echo '<td>' . sanitizeOut($feedback['Edited']) . '</td>';
}
$conn->close();
}
function onSigninPost()
{
///first, see if this page is responding to a login attempt
$email = $_POST["Email"];
$password = $_POST["Password"];
if (empty($email) || empty($password)) {
return;
//if not, quit
}
sanitizeIn($email);
sanitizeIn($password);
///if we are dealing with a real login attempt, setup the session state
$user = getUser();
///then (finally) try to log in, and print success or failure to the screen
if ($user->tryLogin($email, $password)) {
$data = $user->getData();
//redirect to the previous page, IFF it is in our website (TODO: can they use an @ or similar?)
if (startsWith($_POST["referer"], WEBSITE_LOCATION)) {
$_SESSION['Header'] = '<meta http-equiv="refresh" content="0; ' . $_POST["referer"] . '" />';
}
$_SESSION['OnLoginMessage'] = "<h6><center>Welcome, " . sanitizeOut($data['FirstName']) . " " . sanitizeOut($data['LastName']) . "!</center></h6>";
$_SESSION['user'] = $user;
//because I'm pretty sure $user isn't passed-by-reference
} else {
$_SESSION['OnLoginMessage'] = "<h6><center>Email or Password incorrect.</center></h6>";
}
}
<div class="input-field col s5 offset-s1"> <input id="email" type="text" class="validate" name="EmailAddress" value="' . sanitizeOut($data['EmailAddress']) . '" /> <label for="email">*Email Address</label> </div> <div class="input-field col s5"> <input id="website" type="text" class="validate" name="Website" value="' . sanitizeOut($data['Website']) . '" /> <label for="website">Website</label> </div> </div> <div class="row"> <div class="input-field col s7 offset-s1"> <input id="address" type="text" class="validate" name="MailingAddress" value="' . sanitizeOut($data['MailingAddress']) . '" /> <label for="address">Address</label> </div> <div class="input-field col s3"> <input id="phone" type="text" class="validate" name="Phone" value="' . sanitizeOut($data['Phone']) . '" /> <label for="phone">Phone</label> </div> </div> <div class="row"> <div class="input-field col s4 offset-s1"> <input id="password" type="password" class="validate" name="Password" value="" /> <label for="password">*Password</label> </div> </div> <div class="row center"> <a onclick="history.go(-1);" id="download-button" class="btn waves-effect waves-light red lighten-1">Cancel</a> <button class="btn waves-effect waves-light " type="submit" formmethod="POST" name="action">Save Changes<i class="mdi-content-send right"></i></button> </div> </form>
function GetTagsString($FeedbackID, $conn)
{
$retVal = '';
$tags = CheckedQuery("SELECT TName FROM `FeedbackTags` WHERE `FeedbackID`='" . $FeedbackID . "'", $conn);
while ($row = $tags->fetch_assoc()) {
$retVal = $retVal . $row['TName'] . ', ';
}
$retVal = substr($retVal, 0, -2);
//chop off the trailing ', '
$retVal = sanitizeOut($retVal);
//sanitize
if (empty($retVal)) {
$retVal = " ";
//prevent column-alignment weirdness
}
return $retVal;
}
function getEmployerFor($userID, $conn)
{
$employerDisp = "";
$employers = CheckedQuery("SELECT EName from EmploymentHistories WHERE UserID='" . $userID . "' AND Current=1 AND Private=0", $conn);
if ($row = $employers->fetch_assoc()) {
$employerDisp = sanitizeOut($row['EName']);
while ($row = $employers->fetch_assoc()) {
$employerDisp = $employerDisp . '<br />' . sanitizeOut($row['EName']);
}
}
return $employerDisp;
}