<?php
include_once '../connection/databaseHandler.php';
include_once '../connection/sessionHandler.php';
$database = new DatabaseHandler();
$session = new SessionHandler();
//Mendapatkan semua informasi yang telah divalidasi di client-side
$wall_role = $_POST['wall_role'];
$oldpassword = md5($_POST['oldpassword']);
//masukanuser
$password = md5($_POST['password']);
$username = $session->username;
$querypassword = "******";
$result_pass = $database->execQuery($querypassword);
$datauserrole = mysql_fetch_array($result_pass);
$passuser = $datauserrole['password'];
//hasil query
if ($oldpassword == $passuser) {
$query = "UPDATE {$database->t_user}\n SET\n wall_role='{$wall_role}',\n password='******'\n WHERE\n username='******' ";
if ($database->execQuery($query)) {
header("location:../profile.php");
} else {
header("location:../setting.php");
die;
}
} else {
header("location:../setting.php");
die;
}
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
include_once '../connection/databaseHandler.php';
include_once '../connection/sessionHandler.php';
$database = new DatabaseHandler();
$session = new SessionHandler();
$id_photo = $_GET['id'];
$username = $_GET['tag'];
$type = $_GET['type'];
$dbtag = $database->t_foto_tag;
if ($type == "add") {
$queryCheck = "SELECT id FROM " . $dbtag . "\n WHERE " . $dbtag . ".id_foto ='{$id_photo}' AND " . $dbtag . ".username = '******'";
$resultCheck = $database->execQuery($queryCheck);
if (mysql_num_rows($resultCheck) == 0) {
$query = "INSERT INTO {$dbtag} (\n id_foto,\n username\n ) VALUES (\n '{$id_photo}',\n '{$username}'\n )";
if (!$database->execQuery($query)) {
echo "<script>alert('hai aku salah loch');</script>";
} else {
$query = "INSERT INTO " . $database->t_notif . "(username,message) VALUE ('" . $username . "','" . ${$session}->username . " tagging a photo of you')";
$database->execQuery($query);
header("location:../profile.php?page=photo-detail&photo-id=" . $id_photo . "&id=" . $session->username);
}
} else {
//echo"<script>alert('sudah pernah di tag');</script>";
header("location:../profile.php?page=photo-detail&photo-id=" . $id_photo . "&id=" . $session->username);
}
} else {
$query = "DELETE FROM {$dbtag}\n WHERE {$dbtag}.id_foto = '{$id_photo}' AND {$dbtag}.username='******'";
//Mendapatkan semua informasi yang telah divalidasi di client-side
$username_uploader = $session->username;
$img_ext = substr($_FILES["file"]["name"], strrpos($_FILES["file"]["name"], '.'));
$img_src = "res/upload/";
$id_keyword = $_POST['keyword'];
$description = $_POST['description_content'];
$date_taken = $_POST['date'];
$title = $_POST['title'];
$date_upload = date("Y-m-d");
$id_role = $_POST['photo_role'];
$id_hak_komentar = $_POST['hak_comment'];
// menghilangkan kemungkinan SQL Injection
$username_uploader = stripslashes($username_uploader);
$username_uploader = mysql_escape_string($username_uploader);
$query = "INSERT INTO {$database->t_foto} (\n username_uploader,\n img_src,\n title,\n id_keyword,\n description,\n date_taken,\n date_upload,\n id_role,\n id_hak_komentar\n ) VALUES (\n '{$username_uploader}',\n '{$img_src}',\n '{$title}',\n '{$id_keyword}',\n '{$description}',\n '{$date_taken}',\n '{$date_upload}',\n '{$id_role}',\n '{$id_hak_komentar}'\n )";
if (!$database->execQuery($query)) {
echo "<script>";
echo "alert('Failed, please try again')";
echo "</script>";
die;
} else {
$lastid = mysql_insert_id();
move_uploaded_file($_FILES["file"]["tmp_name"], "../res/upload/" . $lastid . $img_ext);
$new_img_src = $img_src . $lastid . $img_ext;
$queryupdate = "UPDATE {$database->t_foto}\n SET img_src = '{$new_img_src}'\n WHERE id=LAST_INSERT_ID()";
if (!$database->execQuery($queryupdate)) {
echo "<script>";
echo "alert('Failed, please try again')";
echo "</script>";
die;
} else {
$session = new SessionHandler();
//Mendapatkan semua informasi yang telah divalidasi di client-side
$from_username = $session->username;
if (isset($_GET['id'])) {
$to_username = $_GET['id'];
//dari parameter url
} else {
$to_username = $session->username;
}
$content = $_POST['wall_write'];
$date = date("Y-m-d");
$wall_role = 1;
// menghilangkan kemungkinan SQL Injection
$from_username = stripslashes($from_username);
$from_username = mysql_escape_string($from_username);
$to_username = stripslashes($to_username);
$to_username = mysql_real_escape_string($to_username);
$query = "INSERT INTO {$database->t_wall} (\n from_username,\n to_username,\n content,\n date,\n wall_role\n ) VALUES (\n '{$from_username}',\n '{$to_username}',\n '{$content}',\n '{$date}',\n '{$wall_role}'\n )";
if (!$database->execQuery($query)) {
echo "<script>";
echo "alert('Failed, please try again')";
echo "</script>";
die;
}
if ($_GET['id'] != $session->username) {
header("location:../profile.php?id=" . $to_username . "&page=wall");
} else {
header("location:../profile.php?page=wall");
}
?>
<script type="text/javascript" src="script/AJAX.js"></script>
<?php
include_once '../connection/databaseHandler.php';
include_once '../connection/sessionHandler.php';
$database = new DatabaseHandler();
$session = new SessionHandler();
// menghilangkan kemungkinan SQL Injection
$to = stripslashes($_POST['message_to']);
$subject = stripslashes($_POST['message_subject']);
$content = stripslashes($_POST['message_content']);
$to = mysql_escape_string($to);
$subject = mysql_escape_string($subject);
$content = mysql_escape_string($content);
$username = $session->username;
$date = date("Y-m-d");
$query = "SELECT * FROM " . $database->t_user . " WHERE username='******'";
$result = $database->execQuery($query);
$count = mysql_num_rows($result);
if ($count != 1) {
header("location:../profile.php?id=" . $username . "&page=new-message");
} else {
// mengisi database komentar
$query = "INSERT INTO {$database->t_message} (\n id,\n username,\n content,\n subject,\n date\n ) VALUES (\n NULL,\n '{$username}',\n '{$content}',\n '{$subject}',\n '{$date}'\n )";
$database->execQuery($query);
$query = "INSERT INTO {$database->t_messagefor} (\n id_message,\n to_username\n ) VALUES (\n LAST_INSERT_ID(),\n '{$to}'\n )";
$database->execQuery($query);
header("location:../profile.php?id=" . $username . "&page=message&n=1");
}
} else {
if ($_GET['ref'] == "message") {
// mempost komentar di message
$susername = $_POST['username'];
$scontent = $_POST['message_reply_write'];
$sdate = date("Y-m-d");
}
}
}
// menghilangkan kemungkinan SQL Injection
$content = stripslashes($scontent);
$content = mysql_escape_string($scontent);
// mengisi database komentar
$query_c = "INSERT INTO {$database->t_comment} (\n id,\n username,\n content,\n date\n ) VALUES (\n NULL,\n '{$susername}',\n '{$scontent}',\n '{$sdate}'\n )";
// eksekusi database
if (!$database->execQuery($query_c)) {
echo "<script>";
echo "alert('Failed update comment, please try again')";
echo "</script>";
die;
}
if ($_GET['ref'] == "wall") {
// mengisi database relasi
$swall_id = $_POST['wall_id'];
$query_cw = "INSERT INTO {$database->t_comment_wall} (\n id_wall,\n id_comment\n ) VALUES (\n '{$swall_id}',\n LAST_INSERT_ID()\n )";
if (!$database->execQuery($query_cw)) {
echo "<script>";
echo "alert('Failed link comment, please try again')";
echo "</script>";
die;
}
include_once '../connection/databaseHandler.php';
include_once '../connection/sessionHandler.php';
$database = new DatabaseHandler();
$session = new SessionHandler();
//Mendapatkan semua informasi yang telah divalidasi di client-side
$fullname = $_POST['fullname'];
$username = $session->username;
$password = md5($_POST['password']);
$birthdate = $_POST['birthdate'];
$location = $_POST['location'];
$img_src = "./res/upload/";
$img_extension = substr($_FILES["profpict"]["name"], strrpos($_FILES["profpict"]["name"], '.'));
$new_img_location;
if ($img_extension == "") {
$query = "SELECT img_location FROM {$database->t_user}\n WHERE username='******'";
$result = $database->execQuery($query);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$new_img_location = $row['img_location'];
} else {
move_uploaded_file($_FILES["profpict"]["tmp_name"], "../res/upload/" . $username . $img_extension);
$new_img_location = $img_src . $username . $img_extension;
}
$query = "UPDATE {$database->t_user}\n SET\n fullname='{$fullname}',\n password='******',\n birthdate='{$birthdate}',\n location='{$location}',\n img_location = '{$new_img_location}'\n WHERE\n username='******' ";
if ($database->execQuery($query)) {
$query = "SELECT * FROM " . $database->t_user . " WHERE username='******' ";
$result = $database->execQuery($query);
$result = mysql_fetch_array($result);
$session->setSession($result);
header("location:../profile.php?ref=editSuccess");
} else {
header("location:../profile.php?ref=editFailed");
<?php
include_once '../connection/databaseHandler.php';
include_once '../connection/sessionHandler.php';
$database = new DatabaseHandler();
$session = new SessionHandler();
$username_uploader = $_GET['id'];
$photo_id = $_GET['photo-id'];
$rate = $_GET['r'];
$username_commentator = $session->username;
$query_cek_user = "******" . $database->t_fotomark . "\n WHERE\n id_foto='{$photo_id}' AND\n username_commentator='{$username_commentator}'";
$result = $database->execQuery($query_cek_user);
$count = mysql_num_rows($result);
if ($count == 0) {
$query_insert = "INSERT INTO " . $database->t_fotomark . "(\n id_foto,\n username_commentator,\n rate\n ) VALUES (\n '" . $photo_id . "',\n '" . $username_commentator . "',\n '" . $_GET['r'] . "'\n )";
if (!$database->execQuery($query_insert)) {
header("location:../profile.php?page=photo-detail&id=" . $username_uploader . "&photo-id=" . $photo_id . "");
} else {
header("location:../profile.php?page=photo-detail&id=" . $username_uploader . "&photo-id=" . $photo_id . "");
}
} else {
header("location:../profile.php?page=photo-detail&id=" . $username_uploader . "&photo-id=" . $photo_id . "");
}
<?php include_once '../connection/databaseHandler.php'; include_once '../connection/sessionHandler.php'; $database = new DatabaseHandler(); $session = new SessionHandler(); $from = $session->username; $to = $_GET['to']; $message = $_GET['message']; $to = stripslashes($to); $message = stripslashes($message); $to = mysql_escape_string($to); $message = mysql_escape_string($message); $query1 = "INSERT INTO " . $database->t_chat . "(id,username,content,date) VALUE (NULL,'" . $from . "','" . $message . "',NOW())"; $query2 = "INSERT INTO " . $database->t_chatfor . "(id_chat,to_username) VALUE (LAST_INSERT_ID(),'" . $to . "')"; $database->execQuery($query1); $database->execQuery($query2); echo "berhasil mengirim pesan...";
<?php
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
include_once '../connection/databaseHandler.php';
include_once '../connection/sessionHandler.php';
$database = new DatabaseHandler();
$session = new SessionHandler();
$to = $_GET['to'];
$message = $_GET['message'];
$to = stripslashes($to);
$message = stripslashes($message);
$to = mysql_escape_string($to);
$message = mysql_escape_string($message);
$query = "INSERT INTO " . $database->t_notif . "(username,message) VALUE ('" . $to . "','" . $message . "')";
$database->execQuery($query);
echo "berhasil mengirim pesan...";