<?php
include '../../include/connect.php';
$user = secureTxt($_REQUEST['user']);
$type = secureTxt($_REQUEST['type']);
if ($type == 'suspend') {
$update = $conn->prepare("UPDATE staff SET status = 1 WHERE username = :user");
$update->bindParam(':user', $user);
if ($update->execute()) {
?>
<div class="alert alert-success">
<strong>Staff account suspended</strong><br>reloading page...
</div>
<script>
setTimeout(function() {
window.location.reload();
}, 2000);
</script>
<?php
} else {
?>
<div class="alert alert-danger">
<strong>Staff account unable to suspend</strong>
</div>
<?php
}
} elseif ($type == 'unsuspend') {
$update = $conn->prepare("UPDATE staff SET status = 0 WHERE username = :user");
$update->bindParam(':user', $user);
if ($update->execute()) {
?>
<script>
$('body').oLoader('hide');
</script>
<?php
include 'connect.php';
$title = secureTxt($_REQUEST['title']);
$desc = secureTxt($_REQUEST['desc']);
$user = secureTxt($_REQUEST['user']);
$id = secureTxt($_REQUEST['id']);
$rate = secureTxt($_REQUEST['rate']);
$q = $conn->prepare("INSERT INTO rating (username, title, post_id, rate, review) VALUES (:user, :title, :post_id, :rate, :description)");
$q->bindParam(':user', $user);
$q->bindParam(':title', $title);
$q->bindParam(':post_id', $id);
$q->bindParam(':rate', $rate);
$q->bindParam(':description', $desc);
if ($q->execute()) {
?>
<div class="alert alert-success">
<strong>Post have been successfully reviewed</strong>
<br>Refreshing post...
</div>
<script>
$('#rate-title, #rate-description').val('');
localStorage.setItem('rate-number', '');
setTimeout(function() {
window.location.replace('explore?post=<?php
echo $id;
?>
');
<!-- Panes -->
<div class="tab-content">
<div id="account" class="tab-pane active">
<?php
if (isset($_POST['user'])) {
$name = secureTxt($_POST['name']);
$user = secureTxt($_POST['user']);
$pwd = securePwd($_POST['pwd']);
$address = secureTxt($_POST['address']);
$gender = secureTxt($_POST['gender']);
$role = secureTxt($_POST['role']);
$email = secureTxt($_POST['email']);
$phone = secureTxt($_POST['phone']);
$target_dir = "uploads/profile/";
$target_file = $target_dir . basename($_FILES["image"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if (isset($_POST["name"])) {
$check = getimagesize($_FILES["image"]["tmp_name"]);
if ($check !== false) {
$uploadOk = 1;
} else {
echo "<div class='alert alert-warning'>File is not an image.</div>";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($target_file)) {
echo "<div class='alert alert-warning'>Sorry, photo already exists.</div>";
$q->bindParam(':source', $target_file);
if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file) && $q->execute()) {
?>
<div class="alert alert-success">
<strong>Your post have been successfully uploaded.</strong><br>
</div>
<?php
} else {
echo "<div class='alert alert-danger'>Sorry, there was an error uploading your image post.</div>";
}
}
} elseif (isset($_POST['title2'])) {
/*Video upload*/
$title = secureTxt($_POST['title2']);
$description = secureTxt($_POST['description']);
$category = secureTxt($_POST['category']);
$type = "video";
$target_dir = "uploads/post/";
$target_file = $target_dir . basename($_FILES["video"]["name"]);
$uploadOk = 1;
$videoFileType = pathinfo($target_file, PATHINFO_EXTENSION);
//convert file type extension to lower case
$videoFileType = strtolower($videoFileType);
// Check if image file is a actual image or fake image
if (isset($_POST["name"])) {
$check = getimagesize($_FILES["video"]["tmp_name"]);
if ($check !== false) {
$uploadOk = 1;
} else {
echo "<div class='alert alert-warning'>File is not a video.</div>";
$uploadOk = 0;
<?php
include '../../include/connect.php';
$user = secureTxt($_SESSION['logged_staff']);
function limit_words($string, $word_limit)
{
$words = explode(" ", $string);
return implode(" ", array_splice($words, 0, $word_limit));
}
$q = $conn->prepare("SELECT * FROM staff_conversation WHERE sender = :user OR receiver = :user ORDER BY timestamp DESC");
$q->bindParam(':user', $user);
$q->execute();
$q4 = $conn->prepare("SELECT * FROM staff_conversation WHERE sender = :user OR receiver = :user ORDER BY timestamp DESC LIMIT 1");
$q4->bindParam(':user', $user);
$q4->execute();
$row4 = $q4->fetch();
$id4 = $row4['conversation_id'];
if ($q->rowCount() != 0) {
while ($row = $q->fetch()) {
$id = $row['conversation_id'];
?>
<li class="list-group-item msg-list <?php
if ($id == $id4) {
echo "active";
}
?>
" id="<?php
echo $id;
?>
">
<a href="javascript:;">
<?php
include '../../include/connect.php';
$msg = secureTxt($_REQUEST['msg']);
$sender = secureTxt($_SESSION['logged_staff']);
$receiver = secureTxt($_REQUEST['receiver']);
$timestamp = time();
$q = $conn->prepare("SELECT * FROM staff_conversation WHERE sender = :sender AND receiver = :receiver OR receiver = :sender2 AND sender = :receiver2");
$q->bindParam(':sender', $sender);
$q->bindParam(':receiver', $receiver);
$q->bindParam(':sender2', $sender);
$q->bindParam(':receiver2', $receiver);
$q->execute();
$w = $q->fetch();
$id = $w['conversation_id'];
if ($q->rowCount() != 0) {
$qe = $conn->prepare("INSERT INTO staff_message (conversation_id, sender, message, date, time) VALUES (:id, :sender, :msg, :d, :t)");
$qe->bindParam(':id', $id);
$qe->bindParam(':sender', $sender);
$qe->bindParam(':msg', $msg);
$qe->bindParam(':d', $d);
$qe->bindParam(':t', $timestamp);
$update = $conn->prepare("UPDATE staff_conversation SET date = :d, time = :t, timestamp = :time WHERE sender = :sender AND receiver = :receiver OR sender = :sender2 AND receiver = :receiver2");
$update->bindParam(':d', $d);
$update->bindParam(':t', $t);
$update->bindParam(':time', $timestamp);
$update->bindParam(':sender', $receiver);
$update->bindParam(':sender2', $sender);
$update->bindParam(':receiver', $sender);
$update->bindParam(':receiver2', $receiver);
if ($qe->execute() && $update->execute()) {
<?php
if (isset($_GET['post'])) {
$id = secureTxt($_GET['post']);
$us = secureTxt($_SESSION['logged_user']);
$q51 = $conn->prepare("SELECT * FROM post_views WHERE post_id = :id AND username = :user");
$q51->bindParam(':id', $id);
$q51->bindParam(':user', $us);
$q51->execute();
$we = $conn->prepare("SELECT * FROM post WHERE id = :id");
$we->bindParam(':id', $id);
$we->execute();
$row5 = $we->fetch();
$post_views = $row5['views'];
if ($q51->rowCount() != 0) {
$views = $post_views;
} else {
$insert = $conn->prepare("INSERT INTO post_views (post_id, username) VALUES (:id, :user)");
$insert->bindParam(':id', $id);
$insert->bindParam(':user', $us);
$view = $post_views + 1;
$views_update = $conn->prepare("UPDATE post SET views = :views WHERE id = :id");
$views_update->bindParam(':id', $id);
$views_update->bindParam(':views', $view);
if ($insert->execute() && $views_update->execute()) {
$we = $conn->prepare("SELECT * FROM post WHERE id = :id");
$we->bindParam(':id', $id);
$we->execute();
$row5 = $we->fetch();
$post_views = $row5['views'];
$views = $post_views;
<?php
$user = secureTxt($_GET['username']);
$q = $conn->prepare("SELECT * FROM post WHERE username = :user ORDER BY id DESC");
$q->bindParam(':user', $user);
?>
<div class="row grid js-masonry"
data-masonry-options='{ "itemSelector": ".grid-item", "columWidth": 200 }' data-toggle="isotope">
<?php
$q->execute();
function limit_words($string, $word_limit)
{
$words = explode(" ", $string);
return implode(" ", array_splice($words, 0, $word_limit));
}
while ($row = $q->fetch()) {
?>
<div class="item col-xs-12 col-sm-6 col-lg-6 grid-item">
<div class="panel panel-default paper-shadow" data-z="0.5">
<a href="<?php
if (isset($view_type) && $view_type == 'video') {
echo 'video';
} else {
echo 'explore';
}
?>
?post=<?php
echo $row['id'];
?>
" id="<?php
<?php
include '../../include/connect.php';
$user = secureTxt($_REQUEST['user']);
$q = $conn->prepare("SELECT * FROM staff WHERE username = :user");
$q->bindParam(':user', $user);
$q->execute();
$row = $q->fetch();
?>
<form class="form-horizontal" action='<?php
echo htmlspecialchars('staff?ref=list');
?>
' method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="inputEmail3" class="col-sm-2 control-label">Photo</label>
<div class="col-md-6">
<div class="media v-middle">
<div class="media-left">
<div class="icon-block width-100 bg-grey-100">
<output id="list" style="padding-top: 0px;">
<span id="span">
<img <?php
echo 'src="' . $row['photo'] . '"';
?>
alt="<?php
echo $user;
?>
" class="" style="height: 100px; width: 100px;" id="image" />
</span>
</output>
<?php
include 'connect.php';
$id = secureTxt($_REQUEST['id']);
$q = $conn->prepare("SELECT * FROM rating WHERE post_id = :id ORDER BY id DESC");
$q->bindParam(':id', $id);
$q->execute();
$count = $q->rowCount();
if ($count > 0) {
while ($row = $q->fetch()) {
?>
<div class="item">
<div class="testimonial">
<div class="panel panel-default">
<div class="panel-body">
<p><?php
echo $row['review'];
?>
</p>
</div>
</div>
<div class="media v-middle">
<div class="media-left">
<?php
if ($row['role'] == 'user') {
$table = 'profile';
} else {
$table = 'staff';
}
$q1 = $conn->prepare("SELECT * FROM {$table} WHERE username = :user");
$q1->bindParam(':user', $row['username']);
</div>
</header>
<h2 class="home_text_head">LETS RATE YOU</h2>
<section class="">
<p class="home_text_body">Knot and Rings is the world's first online wedding rating magazine, focused on showcasing iconic wedding moments.</p>
<ul class="social">
<li class="social_item"><a href="#" class="fb homefb"><span class="socicon socicon-facebook"></span> Sign Up with Facebook</a></li>
</ul>
<?php
if (isset($_POST['email'])) {
$user = secureTxt($_POST['user']);
$email = secureTxt($_POST['email']);
$pwd = securePwd($_POST['pwd']);
$code = rand('1642853729', '9356782341');
$verification_code = securePwd($code);
$q = $conn->prepare("SELECT * FROM account WHERE username = :user");
$q->bindParam(':user', $user);
$q->execute();
$row = $q->fetch();
if ($row['username'] == $user) {
?>
<div class="alert alert-warning">
<strong>This username is already registered</strong>
</div>
<?php
} else {
$insert = $conn->prepare("INSERT INTO account (username, email, password, signup_date, signup_time, verification_code) VALUES (:user, :email, :pwd, :signup_date, :signup_time, :code)");
<?php
include 'connect.php';
$id = secureTxt($_REQUEST['id']);
$msg = secureTxt($_REQUEST['msg']);
$logged_user = secureTxt($_SESSION['logged_user']);
$receiver = secureTxt($_SESSION['receiver']);
$timestamp = time();
$q = $conn->prepare("INSERT INTO message (conversation_id, sender, message, date, time) VALUES (:id, :user, :msg, :d, :t)");
$q->bindParam(':id', $id);
$q->bindParam(':user', $logged_user);
$q->bindParam(':msg', $msg);
$q->bindParam(':d', $d);
$q->bindParam(':t', $timestamp);
$update = $conn->prepare("UPDATE conversation SET date = :d, time = :t, timestamp = :time WHERE sender = :sender AND receiver = :receiver OR sender = :sender2 AND receiver = :receiver2");
$update->bindParam(':d', $d);
$update->bindParam(':t', $t);
$update->bindParam(':time', $timestamp);
$update->bindParam(':sender', $receiver);
$update->bindParam(':sender2', $logged_user);
$update->bindParam(':receiver', $logged_user);
$update->bindParam(':receiver2', $receiver);
if ($q->execute() && $update->execute()) {
?>
<div class="alert alert-success" id="msgAlert">
Message sent!
</div>
<script>
$('#userMessage').val('');
$('#messageLoad').load('include/message_load.php');
$('#conversation_load').load('include/conversation_load.php');
</div>
</header>
<section class="">
<h2>LETS RATE YOU</h2>
<p class="home_text_body">Knot and Rings is the world's first online wedding rating magazine, focused on showcasing iconic wedding moments.</p>
<center>
<!-- <li class="social_item"><a href="#" class="fb homefb"><span class="socicon socicon-facebook"></span> Sign in with Facebook</a></li> -->
<fb:login-button scope="public_profile,email" onlogin="******">
</fb:login-button>
<p id="status"></p>
</center>
<?php
if (isset($_POST['user'])) {
$user = secureTxt($_POST['user']);
$pwd = securePwd($_POST['pwd']);
$q = $conn->prepare("SELECT * FROM account WHERE username = :user");
$q->bindParam(':user', $user);
$q->execute();
$row = $q->fetch();
if ($row['username'] == $user) {
//checking to make sure useraccount have been verified
if ($row['status'] == 0) {
?>
<div class="alert alert-danger">
<strong>Your account is not yet verified.</strong><br>
A verification link was sent to your inbox.
</div>
<?php
} else {
