extend_timeout();
print_r($_POST);
//die('sample');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$db = new DBObject(CURRENT_DB);
$set = array();
$id = '';
$col = '';
// (!empty($_POST['sid']) && ctype_digit($_POST['sid']))or die('Error: record does not exist.');
$numbers = array('Age', 'offhours', 'onhours', 'HasPhoto', 'HasCert', 'HasEvalForm', 'schoolyear', 'semester');
$bools = array('HasPhoto' => 'rp', 'HasCert' => 'rc', 'HasEvalForm' => 're');
foreach ($_POST as $key => $value) {
if ($key == 'sid' || $key == 'onid' || $key == 'offid') {
ctype_digit($value) or die('Error: record does not exist.');
$id = $value;
$col = $db->escape($key);
} else {
$key = in_array($key, $bools) ? array_search($key, $bools) : $db->escape($key);
$value = $key === 'Bday' ? date('Y-m-d', strtotime(trim($value))) : $db->escape($value);
if (strstr($key, '-') === false) {
$value = in_array($key, $numbers) ? $value : "'{$value}'";
$sql = "UPDATE students SET {$key} = {$value} WHERE {$col} = {$id}";
} else {
$arrkey = explode('-', $key);
$value = in_array($arrkey[1], $numbers) ? "{$value}" : "'{$value}'";
if (empty($col)) {
$sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value}";
} else {
$sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value} WHERE {$col} = {$id}";
}
}
<?php
chdir('..');
date_default_timezone_set('Asia/Manila');
require_once 'includes/functions.php';
init_session() or die('Error: session has expired. Please log in again.');
init_my_cookie();
refresh_session() or die('Error: could not connect to server. Please log in again if the error persists.');
extend_timeout();
//print_r($_POST);
$db = new DBObject(CURRENT_DB);
//$studno = $db->escape($_POST['studno']);
$lname = $db->escape(trim($_POST['lname']));
$fname = $db->escape(trim($_POST['fname']));
$mname = $db->escape(trim($_POST['mname']));
$course = $db->escape(trim($_POST['course']));
$year = intval($_POST['year']);
$address = $db->escape(trim($_POST['address']));
$Contact = $db->escape(trim($_POST['contact']));
$date = strtotime(trim($_POST['bday']));
$Bday = date('Y-m-d', $date);
$Age = intval($_POST['age']);
$Gender = $db->escape(trim($_POST['gender']));
$CivStat = $db->escape(trim($_POST['civStat']));
$Father = $db->escape(trim($_POST['father']));
$FatherPhone = $db->escape(trim($_POST['fatherPhone']));
$Mother = $db->escape(trim($_POST['mother']));
$MotherPhone = $db->escape(trim($_POST['motherPhone']));
$year = $db->escape($_POST['year']);
//$InCampusHours = intval($_POST['inCampusHours']);
//$OffCampusHours = intval($_POST['offCampusHours']);
private function check_db($table, $name, $file)
{
$db = new DBObject('newspum');
// $sql = "SELECT * FROM images WHERE originalmd5 = '{$this->imagehash}'";
$sql = sprintf("SELECT * FROM {$table} WHERE originalmd5 = '%s'", $this->imagehash);
$result = $db->query($sql);
if ($row = mysqli_fetch_array($result)) {
$this->imagehash = $row['originalmd5'];
$this->newfname = $row[$file];
//default row['imagefile']
$this->newfile = $this->folderpath . $this->newfname;
$temp = explode('.', $row[$file]);
$this->thumbfile = $this->thumbfolder . 't' . $temp[0] . '.' . $this->thumbext;
$this->dbname = $db->escape(trim($row[$name]));
//default row['imagename']
$this->existing = true;
} else {
$this->dbname = $db->escape(trim($this->image['name']));
$this->existing = false;
}
}
chdir('..');
date_default_timezone_set('Asia/Manila');
require_once 'includes/MySessions.php';
//DBObject included
require_once 'includes/Crypto.php';
require_once 'includes/constants.php';
if (!empty($_POST['username']) && !empty($_POST['userpass']) && !empty($_POST['userpass2'])) {
$json = [];
if ($_POST['userpass'] !== $_POST['userpass2']) {
$json['status'] = 2;
$json['response'] = "Passwords do not match!";
die(json_encode($json));
}
$db = new DBObject(CURRENT_DB);
$username = $db->escape($_POST['username']);
$timestamp = Crypto::get_timestamp();
$encpass = Crypto::encrypt_password($_POST['userpass'], $timestamp[0]);
$regdate = Crypto::create_microdate($timestamp);
// $sql = "INSERT INTO userinfo(username, userpass, regdate) VALUES(?, ?, ?)";
$sql = "INSERT INTO userinfo(username, userpass, regdate) VALUES(?username:s, ?userpass:s, ?regdate:s)";
sleep(1);
// $query = $db->prepare($sql);
// $query->bind_param('sss', $username, $encpass, $regdate);
// $db->execute($query);
$db->prepare($sql);
$db->bind(array("username" => $username, "userpass" => $encpass, "regdate" => $regdate));
$db->execute();
if ($db->hasErrno(0)) {
$json['status'] = 0;
$json['response'] = 'Registration successful!';
init_session() or die('Error: Session has expired. Please log in again.');
init_my_cookie();
refresh_session() or die('Error: Could not connect to server. Please log in again if the error persists.');
extend_timeout();
//print_r($_POST);
$db = new DBObject(CURRENT_DB);
$sql = '1';
//die('sample');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['start'])) {
$startstring = "{$_POST['start']} {$_POST['start-hour']}:{$_POST['start-minute']} {$_POST['start-ampm']}";
$start = date_format(date_create_from_format('m/d/Y h:i a', $startstring), 'Y-m-d H:i:s');
$endstring = "{$_POST['end']} {$_POST['end-hour']}:{$_POST['end-minute']} {$_POST['end-ampm']}";
$end = date_format(date_create_from_format('m/d/Y h:i a', $endstring), 'Y-m-d H:i:s');
$actid = intval($_POST['actid']);
$type = $db->escape($_POST['type']);
$sql = "INSERT INTO actdates(actid, type, start, end) VALUES({$actid}, '{$type}', '{$start}', '{$end}')";
// echo $sql;
if ($db->query($sql)) {
echo "Record added!";
} else {
die('Error: ' . $db->getError());
}
} else {
if (isset($_POST['delete'])) {
$dateid = intval($_POST['delete']);
$sql = "DELETE FROM actdates WHERE dateid = {$dateid}";
echo $sql;
if ($db->query($sql)) {
echo "Record deleted!";
} else {
<?php
chdir('..');
date_default_timezone_set('Asia/Manila');
require_once 'includes/functions.php';
$db = new DBObject(CURRENT_DB);
if (isset($_POST['evalcode'])) {
if (strtoupper($_POST['evalcode']) === 'OK') {
die('Error: Invalid evaluation code.');
}
$json = array();
$reqcode = $db->escape(trim($_POST['evalcode']));
$select = 'evaluation.id as evalid, evaluation.schoolyear, evaluation.semester, students.lname, students.fname, students.mname, students.course, students.year';
$where = "evaluation.reqcode = '{$reqcode}'";
$sql = "SELECT {$select} FROM evaluation INNER JOIN students ON evaluation.student = students.sid WHERE {$where}";
if (($result = $db->query($sql)) && mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
$json['id'] = $row['evalid'];
$json['name'] = create_name($row['fname'], $row['lname'], $row['mname'], 'reverse');
$json['course'] = $row['course'];
$json['year'] = $row['year'];
$json['schoolyear'] = $row['schoolyear'];
$json['semester'] = $row['semester'];
echo json_encode($json);
} else {
die('Error: Invalid evaluation code.');
}
} else {
if (isset($_POST['evaluation'])) {
$set = array();
$numbers = array('q5-1', 'q6-1');
