/**
* Deletes a list of objects that match given conditions
* @param multidimensional array {("field", "comparator", "value"), ("field", "comparator", "value"), ...}
* @param bool $deep
* @return
*/
function DeleteList($fcv_array)
{
if (sizeof($fcv_array) > 0) {
$Database = new DatabaseConnection();
$pog_query = "delete from `news` where ";
for ($i = 0, $c = sizeof($fcv_array); $i < $c; $i++) {
if (sizeof($fcv_array[$i]) == 1) {
$pog_query .= " " . $fcv_array[$i][0] . " ";
continue;
} else {
if ($i > 0 && sizeof($fcv_array[$i - 1]) !== 1) {
$pog_query .= " AND ";
}
if (isset($this->pog_attribute_type[$fcv_array[$i][0]]) && $this->pog_attribute_type[$fcv_array[$i][0]][0] != 'NUMERIC' && $this->pog_attribute_type[$fcv_array[$i][0]][0] != 'SET') {
$pog_query .= "`" . $fcv_array[$i][0] . "` " . $fcv_array[$i][1] . " '" . $Database->Escape($fcv_array[$i][2]) . "'";
} else {
$pog_query .= "`" . $fcv_array[$i][0] . "` " . $fcv_array[$i][1] . " '" . $fcv_array[$i][2] . "'";
}
}
}
return $Database->Query($pog_query);
}
}
<?php
require "common_all.php";
if (isset($_POST["reset"])) {
$db = new DatabaseConnection();
$email = $db->Escape($_POST["email"]);
$password = "";
for ($i = 1; $i <= 6; $i++) {
$password .= chr(mt_rand(97, 122)) . chr(mt_rand(65, 90));
}
$db->Query("UPDATE onlineuser SET pass_word=PASSWORD('{$password}') WHERE email='{$email}'");
$db->Query("SELECT first_name, last_name FROM onlineuser WHERE email='{$email}'");
if ($db->Rows() > 0) {
$fname = $db->Result(0, "first_name");
$lname = $db->Result(0, "last_name");
$headers = "From: noreply@fastfoodjobsuk.co.uk\r\n";
$headers .= "X-Mailer: CJS_MailSystem\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$message = "<HTML><pre>";
$message .= "Dear {$fname} {$lname}\n\n";
$message .= "You password is: {$password} and if you need any further help please e-mail\n";
$message .= "support@fastfoodjobsuk.co.uk\n\n";
$message .= "Regards,\n\n";
$message .= "The Fast Food Jobs Support Team.";
$message .= "</pre></html>";
mail($email, "Fastfoodjobsuk Password Reset", $message, $headers);
}
header("Location: forgotten_password_success.php");
exit;
}
}
if (($result = validate($telephone, "phonenumber", 45)) !== true) {
$errorText .= "<LI>Your telephone number is {$result}";
}
if ($fax != "" && ($result = validate($fax, "phonenumber", 45)) !== true) {
$errorText .= "<LI>Your fax number is {$result}";
}
}
if (($result = validate($password, "password", 45, 6)) !== true) {
$errorText .= "<LI>Your password is {$result}";
}
if ($_POST["readTerms"] != "on") {
$errorText .= "<LI>Please read the terms and then tick the box to proceed";
}
if ($errorText == "") {
$query = $db->Query("SELECT * FROM onlineuser WHERE email='" . $db->Escape($email) . "' LIMIT 1");
if ($db->Rows() > 0) {
$errorText .= "<LI>The email address you have entered is taken";
} else {
$user = new OnlineUser($email, $first_name, $last_name, $password, $address1, $address2, $address3, $postcode, $telephone, $fax, '', 'temp');
if (isSuperUser(false) && $status != "") {
$user->user_status = $status;
}
$userId = $user->Save();
$user = $user->Get($userId);
$created = strtotime($user->dt_created);
$mail = new Emailer();
$mail->setTo($email);
$mail->setFrom($configuration["fromEmail"]);
$mail->setSubject("Fastfoodjobsuk Registration");
$url = "http://www.fastfoodjobsuk.co.uk/register_activate.php?email={$email}&code={$created}";
<?php
require "common_all.php";
if (isset($_POST["email"])) {
$db = new DatabaseConnection();
$results = $db->Query("SELECT * FROM onlineuser WHERE email='" . $db->Escape($_POST["email"]) . "' AND pass_word=PASSWORD('" . $db->Escape($_POST["password"]) . "')");
if ($db->Rows() != null) {
$user = new OnlineUser();
$user = $user->populate($db);
// are they active?
$status = $user->user_status;
switch ($status) {
case "temp":
header("Location: register_activate.php");
exit;
break;
case "disabled":
header("Location: logout.php");
exit;
break;
}
$_SESSION["onlineuser"] = $user;
//proceed to loged in page
if (isSuperUser(false)) {
header("Location: admin_account.php");
exit;
} else {
if (isset($_SESSION["redirect"]) || isset($_POST["redirect"])) {
$url = isset($_SESSION["redirect"]) ? $_SESSION["redirect"] : $_POST["redirect"];
unset($_SESSION["redirect"]);
header("Location: {$url}");
/**
* Saves the object to the database
* @return integer $userId
*/
function Save()
{
$Database = new DatabaseConnection();
$this->pog_query = "select userid from `user` where `userid`='" . $this->userId . "' LIMIT 1";
$Database->Query($this->pog_query);
if ($Database->Rows() > 0) {
$this->pog_query = "update `user` set \r\n\t\t\t`username`='" . $Database->Escape($this->username) . "', \r\n\t\t\t`password`='" . $Database->Escape($this->password) . "', \r\n\t\t\t`firstname`='" . $Database->Escape($this->firstname) . "', \r\n\t\t\t`lastname`='" . $Database->Escape($this->lastname) . "', \r\n\t\t\t`question`='" . $Database->Escape($this->question) . "', \r\n\t\t\t`answer`='" . $Database->Escape($this->answer) . "', \r\n\t\t\t`groupid`='" . $this->groupId . "', \r\n\t\t\t`lastlogin`='" . $Database->Escape($this->lastlogin) . "', \r\n\t\t\t`disabled`='" . $Database->Escape($this->disabled) . "' where `userid`='" . $this->userId . "'";
} else {
$this->pog_query = "insert into `user` (`username`, `password`, `firstname`, `lastname`, `question`, `answer`, `groupid`, `lastlogin`, `disabled` ) values (\r\n\t\t\t'" . $Database->Escape($this->username) . "', \r\n\t\t\t'" . $Database->Escape($this->password) . "', \r\n\t\t\t'" . $Database->Escape($this->firstname) . "', \r\n\t\t\t'" . $Database->Escape($this->lastname) . "', \r\n\t\t\t'" . $Database->Escape($this->question) . "', \r\n\t\t\t'" . $Database->Escape($this->answer) . "', \r\n\t\t\t'" . $this->groupId . "', \r\n\t\t\t'" . $Database->Escape($this->lastlogin) . "', \r\n\t\t\t'" . $Database->Escape($this->disabled) . "' )";
}
$Database->InsertOrUpdate($this->pog_query);
if ($this->userId == "") {
$this->userId = $Database->GetCurrentId();
}
return $this->userId;
}
/**
* Saves the object to the database
* @return integer $customerId
*/
function Save()
{
$Database = new DatabaseConnection();
$this->pog_query = "select customerid from `customer` where `customerid`='" . $this->customerId . "' LIMIT 1";
$Database->Query($this->pog_query);
if ($Database->Rows() > 0) {
$this->pog_query = "update `customer` set \r\n\t\t\t`company`='" . $Database->Escape($this->company) . "', \r\n\t\t\t`firstname`='" . $Database->Escape($this->firstname) . "', \r\n\t\t\t`lastname`='" . $Database->Escape($this->lastname) . "', \r\n\t\t\t`address1`='" . $Database->Escape($this->address1) . "', \r\n\t\t\t`address2`='" . $Database->Escape($this->address2) . "', \r\n\t\t\t`city`='" . $Database->Escape($this->city) . "', \r\n\t\t\t`mobile`='" . $Database->Escape($this->mobile) . "', \r\n\t\t\t`landline`='" . $Database->Escape($this->landline) . "', \r\n\t\t\t`email`='" . $Database->Escape($this->email) . "', \r\n\t\t\t`limit`='" . $Database->Escape($this->limit) . "', \r\n\t\t\t`available`='" . $Database->Escape($this->available) . "', \r\n\t\t\t`deleted`='" . $Database->Escape($this->deleted) . "' where `customerid`='" . $this->customerId . "'";
} else {
$this->pog_query = "insert into `customer` (`company`, `firstname`, `lastname`, `address1`, `address2`, `city`, `mobile`, `landline`, `email`, `limit`, `available`, `deleted` ) values (\r\n\t\t\t'" . $Database->Escape($this->company) . "', \r\n\t\t\t'" . $Database->Escape($this->firstname) . "', \r\n\t\t\t'" . $Database->Escape($this->lastname) . "', \r\n\t\t\t'" . $Database->Escape($this->address1) . "', \r\n\t\t\t'" . $Database->Escape($this->address2) . "', \r\n\t\t\t'" . $Database->Escape($this->city) . "', \r\n\t\t\t'" . $Database->Escape($this->mobile) . "', \r\n\t\t\t'" . $Database->Escape($this->landline) . "', \r\n\t\t\t'" . $Database->Escape($this->email) . "', \r\n\t\t\t'" . $Database->Escape($this->limit) . "', \r\n\t\t\t'" . $Database->Escape($this->available) . "', \r\n\t\t\t'" . $Database->Escape($this->deleted) . "' )";
}
$Database->InsertOrUpdate($this->pog_query);
if ($this->customerId == "") {
$this->customerId = $Database->GetCurrentId();
}
return $this->customerId;
}
}
if (($result = validate($user->address_2, "", 255)) !== true) {
$errorText .= "<LI>The second line of your address is {$result}";
}
if (($result = validate($user->postcode, "", 20)) !== true) {
$errorText .= "<LI>Your post code is {$result}";
}
if (($result = validate($user->tel, "phonenumber", 45)) !== true) {
$errorText .= "<LI>Your telephone number is {$result}";
}
if ($user->fax != "" && ($result = validate($user->fax, "phonenumber", 45)) !== true) {
$errorText .= "<LI>Your fax number is {$result}";
}
}
if ($errorText == "") {
$query = $db->Query("SELECT * FROM onlineuser WHERE email='" . $db->Escape($user->email) . "' AND onlineuserid!='" . $user->onlineuserId . "' LIMIT 1");
if ($db->Rows() > 0) {
$errorText .= "<LI>The email address you have entered is taken";
} else {
$_SESSION["onlineuser"] = $user;
$user->Save();
header("Location: {$adminUrl}");
exit;
}
}
$errorText = "<ul>" . $errorText . "</ul>";
}
require "top.php";
?>
<form action="user_profile.php" method="POST">
<?php
require "common_super.php";
//reset onlineuser to super
$_SESSION["onlineuser"] = $_SESSION["superuser"];
$db = new DatabaseConnection();
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$email = $_POST["email"];
$matches = false;
$resultArray = array();
if ($firstname != "" || $lastname != "" || $email != "") {
$where = "";
$where = $firstname != "" ? "first_name like '%" . $db->Escape($firstname) . "%'" : "";
if ($lastname != "") {
if ($where != "") {
$where .= " AND ";
}
$where .= "last_name like '%" . $db->Escape($lastname) . "%'";
}
if ($email != "") {
if ($where != "") {
$where .= " AND ";
}
$where .= "email like '%" . $db->Escape($email) . "%'";
}
$result = $db->Query("SELECT onlineuserId, first_name, last_name, email FROM onlineuser WHERE {$where} AND onlineuserId!='1'");
if (($rows = $db->Rows()) > 0) {
$matches = true;
for ($i = 0; $i < $rows; $i++) {
$resultArray[$i] = mysql_fetch_row($result);
/**
* Saves the object to the database
* @return integer $supplierId
*/
function Save()
{
$Database = new DatabaseConnection();
$this->pog_query = "select supplierid from `supplier` where `supplierid`='" . $this->supplierId . "' LIMIT 1";
$Database->Query($this->pog_query);
if ($Database->Rows() > 0) {
$this->pog_query = "update `supplier` set \r\n\t\t\t`company`='" . $Database->Escape($this->company) . "', \r\n\t\t\t`address1`='" . $Database->Escape($this->address1) . "', \r\n\t\t\t`address2`='" . $Database->Escape($this->address2) . "', \r\n\t\t\t`city`='" . $Database->Escape($this->city) . "', \r\n\t\t\t`phone`='" . $Database->Escape($this->phone) . "', \r\n\t\t\t`contactname`='" . $Database->Escape($this->contactname) . "', \r\n\t\t\t`contactno`='" . $Database->Escape($this->contactno) . "', \r\n\t\t\t`deleted`='" . $Database->Escape($this->deleted) . "' where `supplierid`='" . $this->supplierId . "'";
} else {
$this->pog_query = "insert into `supplier` (`company`, `address1`, `address2`, `city`, `phone`, `contactname`, `contactno`, `deleted` ) values (\r\n\t\t\t'" . $Database->Escape($this->company) . "', \r\n\t\t\t'" . $Database->Escape($this->address1) . "', \r\n\t\t\t'" . $Database->Escape($this->address2) . "', \r\n\t\t\t'" . $Database->Escape($this->city) . "', \r\n\t\t\t'" . $Database->Escape($this->phone) . "', \r\n\t\t\t'" . $Database->Escape($this->contactname) . "', \r\n\t\t\t'" . $Database->Escape($this->contactno) . "', \r\n\t\t\t'" . $Database->Escape($this->deleted) . "' )";
}
$Database->InsertOrUpdate($this->pog_query);
if ($this->supplierId == "") {
$this->supplierId = $Database->GetCurrentId();
}
return $this->supplierId;
}
<?php
require "common_all.php";
$errorText = "";
if (isset($_GET["code"])) {
if (strlen($code) > 20) {
$errorText .= "<LI>Please enter a valid code";
}
if (strlen($email) > 45) {
$errorText .= "<LI>Please enter a valid email address";
}
if ($errorText == "") {
$db = new DatabaseConnection();
$code = $db->Escape($_GET["code"]);
$email = $db->Escape($_GET["email"]);
$db->Query("SELECT onlineuserid FROM onlineuser WHERE email='{$email}'");
if ($db->Rows() > 0) {
$user = new OnlineUser();
$user = $user->Get($db->Result(0, "onlineuserid"));
if ($code == strtotime($user->dt_created)) {
$user->user_status = "active";
$user->Save();
//$_SESSION["onlineuser"]=$user;
header("Location: register_activated.php");
}
}
$errorText = "<LI>Either the email address or code you entered is incorrect";
} else {
$errorText = "<ul>{$errorText}</ul>";
}
}
/**
* Saves the object to the database
* @return integer $statsId
*/
function Save()
{
$Database = new DatabaseConnection();
$this->pog_query = "select `statsid` from `stats` where `statsid`='" . $this->statsId . "' LIMIT 1";
$Database->Query($this->pog_query);
if ($Database->Rows() > 0) {
$this->pog_query = "update `stats` set \n\t\t\t`objectname`='" . $Database->Escape($this->objectname) . "', \n\t\t\t`objectid`='" . $Database->Escape($this->objectid) . "', \n\t\t\t`impressions`='" . $Database->Escape($this->impressions) . "', \n\t\t\t`clicks`='" . $Database->Escape($this->clicks) . "' where `statsid`='" . $this->statsId . "'";
} else {
$this->pog_query = "insert into `stats` (`objectname`, `objectid`, `impressions`, `clicks`) values (\n\t\t\t'" . $Database->Escape($this->objectname) . "', \n\t\t\t'" . $Database->Escape($this->objectid) . "', \n\t\t\t'" . $Database->Escape($this->impressions) . "', \n\t\t\t'" . $Database->Escape($this->clicks) . "' )";
}
$Database->InsertOrUpdate($this->pog_query);
if ($this->statsId == "") {
$this->statsId = $Database->GetCurrentId();
}
return $this->statsId;
}
/**
* Saves the object to the database
* @return integer $groupId
*/
function Save($deep = true)
{
$Database = new DatabaseConnection();
$this->pog_query = "select groupid from `group` where `groupid`='" . $this->groupId . "' LIMIT 1";
$Database->Query($this->pog_query);
if ($Database->Rows() > 0) {
$this->pog_query = "update `group` set \r\n\t\t\t`name`='" . $Database->Escape($this->name) . "', \r\n\t\t\t`desc`='" . $Database->Escape($this->desc) . "'where `groupid`='" . $this->groupId . "'";
} else {
$this->pog_query = "insert into `group` (`name`, `desc`) values (\r\n\t\t\t'" . $Database->Escape($this->name) . "', \r\n\t\t\t'" . $Database->Escape($this->desc) . "')";
}
$Database->InsertOrUpdate($this->pog_query);
if ($this->groupId == "") {
$this->groupId = $Database->GetCurrentId();
}
if ($deep) {
$userList = $this->GetUserList();
foreach ($this->_userList as $user) {
$user->Save($deep);
}
}
return $this->groupId;
}
