function login($username, $password) { $username = clean_up("{$username}"); $password = clean_up("{$password}"); $user_key = get_user_id($username); $results = mysql_db_query("rowanprep", "SELECT user_key FROM users WHERE username = '******' AND password = '******'"); if (mysql_num_rows($results) === 0) { return false; } else { return $user_key; } }
function generateXmlCache($xmlFiles, $callback = 'parseDatabaseDefinitionFile') { global $aSkipFiles, $aOptions, $oDbh, $oCache; foreach ($xmlFiles as $fileName) { if (!in_array(baseName($fileName), $aSkipFiles)) { echo " => " . basename($fileName) . ": "; flush(); $oSchema =& MDB2_Schema::factory($oDbh, $aOptions); $result = $oSchema->{$callback}($fileName, true); if (PEAR::isError($result)) { clean_up(); die("Failed\n"); } else { $oCache->save($result, $fileName); echo "Processed"; eol_flush(); } unset($result); } } }
<?php require '../init.php'; $addnew = true; if (isset($_GET['orchestra'])) { $orchestra = clean_up($_GET['orchestra']); if ($result = mysql_db_query("rowanprep", "SELECT * FROM orchestra WHERE registration_key LIKE '{$orchestra}'")) { $row = mysql_fetch_assoc($result); if (mysql_num_rows($result) !== 0) { $addnew = false; } } } $student = $_POST["student"]; $instrument = $_POST["instrument"]; $ryo_form = $_POST["ryo_form"]; $tuition_due = $_POST["tuition_due"]; $notes = $_POST["notes"]; $tuition_owed = $tuition_due - $tuition_paid; if ($addnew) { $sql = "INSERT INTO `orchestra` (student, instrument, ryo_form, tuition_due, notes) VALUES ('{$student}', '{$instrument}', '{$ryo_form}', '{$tuition_due}', '{$notes}')"; } else { $sql = "UPDATE `orchestra` SET student='{$student}', instrument='{$instrument}', ryo_form='{$ryo_form}', tuition_due='{$tuition_due}', notes='{$notes}' WHERE registration_key= '{$orchestra}'"; } $link = connectDB(); $results = mysql_db_query("rowanprep", $sql); if (!$results) { echo 'Input failed...<br>'; echo mysql_errno($link) . ": " . mysql_error($link) . "\n"; } else { header("Location:../../reports.php");
<?php function clean_up() { $_SESSION['returnArray'] = ""; } session_start(); if (isset($_SESSION['returnArray'])) { echo $_SESSION['returnArray']; clean_up(); } $newActive = 0; if (isset($_GET['stop']) && $_GET['stop'] == "yes") { $newActive = 0; } else { if (isset($_GET['stop']) && $_GET['stop'] == "no") { $newActive = 1; } } if (!isset($_SESSION['entrance'])) { $_SESSION['entrance']['on'] = false; $_SESSION['entrance']['email'] = ""; $_SESSION['entrance']['password'] = ""; } ?> <!doctype html> <html class="no-js" lang="en"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title><?php
// Called after the Office Visit Form is submitted. // If you need an example backend script, please see `submit_pain_form.php` include 'core/init.php'; /* For Debugging */ error_reporting(E_ALL); ini_set('display_errors', 1); /* patient_id will be propagated through a GET variable */ $form_status = STATUS_EMPTY; //assume EMPTY until we determine otherwise if (!isset($_GET['patient_id']) or !isset($_GET['slot_id']) or !isset($_GET['addnew'])) { die("Patient ID and Slot ID and Addnew required"); } $patient_id = clean_up($_GET['patient_id']); $slot_id = clean_up($_GET['slot_id']); $addnew = clean_up($_GET['addnew']); // whether this is new (SQL INSERT) or adding (SQL UPDATE) $form_status = get_form_status($patient_id, $slot_id); $user_role = get_user_role($_SESSION['id']); //role of user (doctor, med student, admin); not the patient if ($form_status == STATUS_LOCKED and $user_role != 'ADMIN') { // Form is locked, sorry, you can't edit it! die("Sorry, this form is locked! <a href = 'patient-info.php?patient_id={$patient_id}'>Click here for a read-only copy of this patient's data</a>"); } /*---------------------------------------------------------------------------------------------------------------------- * Step 1: Collect our POST variables into PHP variables for readability. * We will perform data validation with helper functions. * Pay careful attention to variables which have bounds * As well as date parsing. SQL date convention is: YYYY-MM-DD * As well as Yes/No or True/False responses. SQL convention dictates we * store such information as CHAR(1): 'Y' or 'N'.
} } if (array_key_exists('buildalways', $_GET)) { $force_build = (bool) $_GET['buildalways']; } //echo $force_build; //Check if vtid and version were provided //echo $vtid . $version; if ($vtid != '' and $version != '') { //echo $host . $port . $dbname . $vtid . $version; $request = xmlrpc_encode_request('get_wf_xml', array($host, $port, $dbname, $vtid, $version)); //echo $request; $response = do_call($VT_HOST, $VT_PORT, $request); $response = html_entity_decode($response); header("Content-Type: text/xml"); clean_up($response); } else { echo "ERROR: Vistrails id or version not provided.\n"; } function get_version_from_response($xmlstring) { try { $node = @new SimpleXMLElement($xmlstring); return $node->params[0]->param[0]->value[0]->array[0]->data[0]->value[0]->int[0]; } catch (Exception $e) { echo "bad xml"; } } function clean_up($xmlstring) { try {
} } //var_dumpclean_up($_POST); $first_name = clean_up($_POST["first_name"]); $last_name = clean_up($_POST["last_name"]); $street_address = clean_up($_POST["street_address"]); $city = clean_up($_POST["city"]); $state = clean_up($_POST["state"]); $zip_code = clean_up($_POST["zip_code"]); $email = clean_up($_POST["email"]); $banner_id = clean_up($_POST["banner_id"]); $home_phone = store_phone(clean_up($_POST["home_phone"])); $mobile_phone = store_phone(clean_up($_POST["mobile_phone"])); $alternate_email = clean_up($_POST["alternate_email"]); $faculty_status = clean_up($_POST["faculty_status"]); $instrument = clean_up($_POST["instrument"]); $background_check = clean_up($_POST["background_check"]); /* Prepared statement, stage 1: prepare */ if ($addnew) { $sql = "INSERT INTO teachers (last_name, first_name, banner_id, home_phone, mobile_phone, email, alternate_email, street_address, city, state, zip_code, faculty_status, instrument, background_check) VALUES ('{$last_name}', '{$first_name}','{$banner_id}','{$home_phone}','{$mobile_phone}','{$email}','{$alternate_email}','{$street_address}','{$city}','{$state}','{$zip_code}','{$faculty_status}','{$instrument}','{$background_check}')"; } else { $sql = "UPDATE teachers SET last_name='{$last_name}', first_name='{$first_name}', banner_id='{$banner_id}', home_phone='{$home_phone}', mobile_phone='{$mobile_phone}', email='{$email}', alternate_email='{$alternate_email}', street_address='{$street_address}', city='{$city}', state='{$state}', zip_code='{$zip_code}', faculty_status='{$faculty_status}', instrument='{$instrument}', background_check='{$background_check}' WHERE teacher_key = '{$teacher}'"; } $link = connectDB(); $results = mysql_db_query("rowanprep", $sql); if (!$results) { echo 'Input failed...<br>'; echo mysql_errno($link) . ": " . mysql_error($link) . "\n"; } else { header("Location:../../reports.php?tab=teachers"); }
<td><div class="text-center">', $row['notes'], '</div></td>'; } echo '</tbody>'; } ?> </table> </div> </div> <?php } else { if ($tab == 'class') { ?> <div id="class" class="table-responsive"> <?php if (isset($_GET['class-key'])) { $class_key = clean_up($_GET['class-key']); $results = get_student_list($class_key); } $results = get_class_name($class_key); $row = mysql_fetch_assoc($results); echo "<h3>" . $row['class_name'] . " Class</h3>"; ?> <ul class="list-inline"> <li><a href="reports.php?tab=class&class-key=<?php echo $class_key; ?> &sortby=1">Last Name</a></li> <li><a href="reports.php?tab=class&class-key=<?php echo $class_key; ?> &sortby=2">First name</a></li>
<?php require '../init.php'; if (!isAdmin($_SESSION[id])) { header("Location: ../../index.php"); } if (isset($_GET['key'])) { $key = clean_up($_GET['key']); $delete = false; mysql_db_query("rowanprep", "DELETE FROM `classes` WHERE `class_id` LIKE '{$key}'"); if ($result = mysql_db_query("rowanprep", "SELECT * FROM `classes` WHERE `class_id` LIKE '{$key}'")) { $row = mysql_fetch_assoc($result); if ($result->num_rows == 0) { $delete = true; } } } header("Location: ../../reports.php");
} // of else user filled form ?> <footer> <div class="container"> <div class="row"> <div class="col-md-12"> <br> <p><small>© B.Ζαχαριουδάκης<br><a href="mailto:it@dipe.ira.sch.gr">Τμ. Μηχανογράφησης ΔΙ.Π.Ε. Ηρακλείου</a>, 2015</small></p> </div> </div> </div> </footer> <?php // Clean up old pdf files clean_up($cleanUpAfter); ?> </body> <script type = "text/javascript"> $(document).ready(function() { var div = document.getElementById("postData"); var myData = div.textContent; var userAfm = <?php echo $inpAfm; ?> ; $("#pdfButton").click(function(event){ $.post( "pdf.php", { afm: userAfm, data: myData }, function(data) {
function create_conversation($chater2) { echo "conversation {$chater2}\n"; //variables globales global $table_general, $table_messages, $table_conversations, $id, $session_time; $binome = new Binome($chater2); //un peu de nettoyage... //effacer des messages $sql = "DELETE FROM " . $table_messages . " WHERE conversation IN ( SELECT id_conversation FROM " . $table_conversations . " WHERE user1 = '" . $binome->nom1 . "' AND user2 = '" . $binome->nom2 . "'); "; //effacer les conversations precedentes concernant les noms if (!mysql_query($sql)) { return -1; } //effacer la conversation precedente (les noms sont dans l'ordre) $sql = "DELETE FROM " . $table_conversations . " WHERE user1 = '" . $binome->nom1 . "' AND user2 = '" . $binome->nom2 . "';"; //envoi de la requete if (!mysql_query($sql)) { return -1; } //un peu plus de nettoyage ? $aleat = rand(0, 20); if (aleat < 2) { clean_up(); } //creer la conversation $sql = "INSERT INTO " . $table_conversations . " (user1,session_1,user2,session_2) " . "VALUES ('" . $binome->nom1 . "','" . $binome->session1 . "','" . $binome->nom2 . "','" . $binome->session2 . "');"; if (!mysql_query($sql)) { echo $sql . " " . mysql_error() . "\n"; return -1; } echo $sql . "\n"; return mysql_insert_id(); //retourne l'index }
<?php if (isset($_GET['lesson'])) { $lesson = clean_up($_GET['lesson']); } else { } $addnew = false; $link = connectDB(); $result = mysql_db_query("rowanprep", "SELECT * FROM lessons WHERE lesson_key LIKE '{$lesson}'"); $num_rows = mysql_num_rows($result); if ($num_rows === 0) { $addnew = true; } $row = mysql_fetch_assoc($result); ?> <form action="core/database/add-edit-lessons.php?lesson=<?php echo $row['lesson_key']; ?> " class="form-horizontal" method="post" onsubmit="validate()"> <fieldset> <!-- Form Name --> <legend><div class="row text-center"><?php echo $addnew ? "Add" : "Edit"; ?> Lesson</div></legend> <!-- Text input--> <form class="form-horizontal"> <fieldset>
<?php if (isset($_GET['band'])) { $band = clean_up($_GET['band']); } else { } $addnew = false; $link = connectDB(); $result = mysql_db_query("rowanprep", "SELECT * FROM brass_band WHERE registration_key LIKE '{$band}'"); $num_rows = mysql_num_rows($result); if ($num_rows === 0) { $addnew = true; } else { $row = mysql_fetch_assoc($result); } ?> <form action="core/database/add-edit-band.php?band=<?php echo $row['registration_key']; ?> " class="form-horizontal" method="post" onsubmit="validate()"> <fieldset> <legend><div class="row text-center"><?php echo $addnew ? "Add" : "Edit"; ?> Band Student</div></legend> <!-- Text input-->
<li class="active"><a data-toggle="tab" href="#intake">Intake Paperwork</a></li> <li><a data-toggle="tab" href="#complaint">Chief Complaint</a></li> <li><a data-toggle="tab" href="#history">History</a></li> <li><a data-toggle="tab" href="#vitals">Vitals</a></li> <li><a data-toggle="tab" href="#physical">Physical</a></li> <li><a data-toggle="tab" href="#omm">OMM Exam</a></li> <li><a data-toggle="tab" href="#notes">Notes</a></li> </ul> </div> <div class="tab-content" align="center"> <div id = "intake" class="tab-pane active"> <h2 align="center">Intake Work</h2> <?php $patient_id = clean_up($_GET['patient_id']); //pass patient ID include 'patient-info-content.php'; ?> </div> <!-- Chief Complaint Tab --> <div id="complaint" class="tab-pane"> <form action="submit_visit_form.php?patient_id=<?php echo $patient_id; ?> &slot_id=<?php echo $slot_id; ?> &addnew=<?php
/** * Returns the form status, stored in one of the constants at the top of this file * Example Usage: get_form_status(1, 1) => STATUS_EMPTY * @param $patient_id int The patient ID to look for * @param $slot_id int The scheduled slot aka visit date ID (OfficeVisitForm.visit_date_id) * @return string The status of this form: one of: (STATUS_EMPTY, STATUS_AWAITING_APPROVAL, STATUS_LOCKED) */ function get_form_status($patient_id, $slot_id) { global $db; $patient_id = clean_up($patient_id); $slot_id = clean_up($slot_id); $result = $db->query("SELECT status FROM OfficeVisitForm WHERE patient_id = '{$patient_id}' AND visit_date_id = '{$slot_id}'"); $row = $result->fetch_assoc(); if ($result->num_rows === 0) { return STATUS_EMPTY; } else { return $row['status']; } // return the status, either waiting for doctor approval or locked. }
<?php require '../init.php'; global $db; //if user does not have ADMIN role send them back to index if (!get_user_role($_SESSION['id']) === "ADMIN") { header("Location: index.php"); } $id = clean_up($_GET['id']); //First delete all logs from this user in Log table because each log record has a foreign key constraint //referencing the user_id in the Authentication table $sql = "DELETE FROM Log WHERE log_user_id = '{$id}'"; if ($db->query($sql) === TRUE) { //successfully deleted logs } else { echo "Error deleting record: " . $db->error; $db->close(); } //Now we can delete the user from Authentication table without foreign key constraint problems $sql = "DELETE FROM Authentication WHERE user_id = '{$id}'"; if ($db->query($sql) === TRUE) { //successfully deleted user $db->close(); header("Location: ../../users.php"); } else { echo "Error deleting record: " . $db->error; $db->close(); }
$force_build = (bool) $_GET['buildalways']; } //echo $force_build; //Check if vtid and version were provided //echo $vtid . $version; if ($vtid != '' and $version != '') { //echo $host . $port . $dbname . $vtid . $version; $filename = md5($host . '_' . $dbname . '_' . $port . '_' . $vtid . '_' . $version); $filename = 'workflows/' . $filename . ".pdf"; $fullpath = $PATH_TO_GRAPHS . $filename; $cached = file_exists($fullpath); if ($USE_LOCAL_VISTRAILS_SERVER or (!$cached or strcasecmp($force_build, 'True') == 0)) { $request = xmlrpc_encode_request('get_wf_graph_pdf', array($host, $port, $dbname, $vtid, $version, $USE_LOCAL_VISTRAILS_SERVER)); //echo $request; $response = do_call($VT_HOST, $VT_PORT, $request); $path = clean_up($response, $filename); } else { $path = $filename; } echo "{$URL_TO_GRAPHS}{$path}"; } else { echo "ERROR: Vistrails id or version not provided.\n"; } function get_version_from_response($xmlstring) { try { $node = @new SimpleXMLElement($xmlstring); return $node->params[0]->param[0]->value[0]->array[0]->data[0]->value[0]->int[0]; } catch (Exception $e) { echo "bad xml"; }
<?php require '../init.php'; $pass_one = clean_up($_POST['password']); $pass_two = clean_up($_POST['password-match']); $pass_three = clean_up($_POST['current-password']); if (isset($_SESSION['id'])) { $id = clean_up($_SESSION['id']); if ($result = mysql_db_query("rowanprep", "SELECT * FROM users WHERE user_key LIKE '{$id}'")) { $row = mysql_fetch_assoc($result); } var_dump($row); } else { header("Location: ../../index.php"); } if (!($pass_one === $pass_two)) { header("Location: ../../change-password.php?missmatch=1"); } if (!($pass_three === $row['password'])) { header("Location: ../../change-password.php?missmatch=0"); } $sql = "UPDATE users SET password = '******' WHERE user_key = '{$id}'"; $link = connectDB(); $result = mysql_db_query("rowanprep", $sql); if (!$result) { echo 'Password change failed<br>'; echo mysql_errno($link) . ": " . mysql_error($link) . "\n"; } else { header("Location: ../../index.php"); }
<?php require '../init.php'; $addnew = true; if (isset($_GET['teacher'])) { $teacher = clean_up($_GET['teacher']); if ($result = mysql_db_query("rowanprep", "SELECT * FROM teachers WHERE teacher_key LIKE '{$teacher}'")) { $row = mysql_fetch_assoc($result); if (mysql_num_rows($result) !== 0) { $addnew = false; } } } //var_dump($_POST); $first_name = $_POST["first_name"]; $last_name = $_POST["last_name"]; $street_address = $_POST["street_address"]; $city = $_POST["city"]; $state = $_POST["state"]; $zip_code = $_POST["zip_code"]; $email = $_POST["email"]; $banner_id = $_POST["banner_id"]; $home_phone = store_phone($_POST["home_phone"]); $mobile_phone = store_phone($_POST["mobile_phone"]); $alternate_email = $_POST["alternate_email"]; $faculty_status = $_POST["faculty_status"]; $instrument = $_POST["instrument"]; $background_check = $_POST["background_check"]; /* Prepared statement, stage 1: prepare */ if ($addnew) { $sql = "INSERT INTO teachers (last_name, first_name, banner_id, home_phone, mobile_phone, email, alternate_email, street_address, city, state, zip_code, faculty_status, instrument, background_check) VALUES ('{$last_name}', '{$first_name}','{$banner_id}','{$home_phone}','{$mobile_phone}','{$email}','{$alternate_email}','{$street_address}','{$city}','{$state}','{$zip_code}','{$faculty_status}','{$instrument}','{$background_check}')";
<?php require '../init.php'; global $db; // Get info from post $username = clean_up($_POST['user_name']); $full_name = clean_up($_POST['full_name']); $password = clean_up($_POST['password']); $user_role = clean_up($_POST['user_role']); if (user_exists($username)) { header("Location: ../../add-user.php?userexists=0"); } $sql = "INSERT INTO Authentication (username, name, password, user_role, created, last_modified) VALUES (?,?,?,?,now(), now())"; //prepare if (!($stmt = $db->prepare($sql))) { echo "Prepare failed: (" . $db->errno . ") " . $db->error; } //bind if (!$stmt->bind_param("ssss", $username, $full_name, $password, $user_role)) { echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error; } //execute if ($stmt->execute()) { if ($addnew) { $patient = $db->insert_id; // get the id, if insert, to pass in the redirect url } header("Location:../../users.php"); } else { echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error; }
<?php if (isset($_GET['class'])) { $class = clean_up($_GET['class']); } else { } $link = connectDB(); $result = mysql_db_query("rowanprep", "SELECT * FROM classes WHERE class_id LIKE '{$class}'"); $num_rows = mysql_num_rows($result); if ($num_rows === 0) { } else { $row = mysql_fetch_assoc($result); } ?> <form action="core/database/add-student-to-class.php?class=<?php echo $row['class_id']; ?> " class="form-horizontal" method="post" onsubmit="validate()"> <fieldset> <legend><div class="row text-center">Add Student to <?php echo $row['class_name']; ?> </div></legend> <form class="form-horizontal"> <fieldset> <!-- Select Basic --> <div class="form-group">
<?php require 'core/init.php'; if (!logged_in()) { header("Location: index.php"); } if (!isAdmin()) { header("Location: index.php"); } include 'templates/header.php'; if (!isset($_GET['tab'])) { header('Location: admin.php?tab=users'); } else { $tab = clean_up($_GET['tab']); } include 'templates/navbar-logged-in.php'; include 'templates/admin-content.php'; include 'templates/footer.php';
<?php if (isset($_GET['class'])) { $class_id = clean_up($_GET['class']); } else { } $addnew = false; $link = connectDB(); $result = mysql_db_query("rowanprep", "SELECT * FROM classes WHERE class_id LIKE '{$class_id}'"); $num_rows = mysql_num_rows($result); if ($num_rows === 0) { $addnew = true; } $row = mysql_fetch_assoc($result); ?> <form action="core/database/add-edit-lessons.php?lesson=<?php echo $row['lesson_key']; ?> " class="form-horizontal" method="post" onsubmit="validate()"> <fieldset> <!-- Form Name --> <legend><h3 class="text-center"><?php echo $addnew ? "Add" : "Edit"; ?> Class</h3> </legend> <form class="form-horizontal">
function printVistrailTag($input, $params) { global $PATH_TO_IMAGES, $WEB_PATH_TO_IMAGES, $URL_TO_GRAPHS, $PATH_TO_GRAPHS, $VT_HOST, $VT_PORT, $USE_LOCAL_VISTRAILS_SERVER, $USE_VISTRAILS_XML_RPC_SERVER, $PATH_TO_VISTRAILS, $URL_TO_DOWNLOAD, $DB_HOST, $DB_NAME, $DB_PORT; $host = $DB_HOST; $dbname = $DB_NAME; $username = "******"; $vtid = ""; $version = ""; $port = $DB_PORT; $version_tag = ""; $execute = "False"; $showspreadsheetonly = "False"; $force_build = 'False'; $embedWorkflow = 'False'; $includeFullTree = 'False'; $forceDB = 'False'; $showTree = 'False'; $showWorkflow = 'False'; foreach ($params as $key => $value) { if ($key == "vtid") { $vtid = $value; } if ($key == "version") { $version = $value; } if ($key == "host") { $host = $value; } if ($key == "db") { $dbname = $value; } if ($key == "port") { $port = $value; } if ($key == "tag") { $version_tag = $value; if ($version_tag != '') { $request = xmlrpc_encode_request('get_tag_version', array($host, $port, $dbname, $vtid, $version_tag)); $response = do_call($VT_HOST, $VT_PORT, $request); $version = get_version_from_response($response); //echo $version; } } if ($key == "execute") { $execute = $value; } if ($key == "showspreadsheetonly") { $showspreadsheetonly = $value; } if ($key == "buildalways") { $force_build = $value; } if ($key == 'embedworkflow') { $embedWorkflow = $value; } if ($key == 'includefulltree') { $includeFullTree = $value; } if ($key == 'forcedb') { $forceDB = $value; } if ($key == 'showworkflow') { $showWorkflow = $value; } if ($key == 'showtree') { $showTree = $value; } } $linkParams = "getvt=" . $vtid . "&version=" . $version . "&db=" . $dbname . "&host=" . $host . "&port=" . $port . "&tag=" . $version_tag . "&execute=" . $execute . "&showspreadsheetonly=" . $showspreadsheetonly . "&embedWorkflow=" . $embedWorkflow . "&includeFullTree=" . $includeFullTree . "&forceDB=" . $forceDB; if (strcasecmp($showTree, 'True') == 0) { $filename = md5($host . '_' . $dbname . '_' . $port . '_' . $vtid); $filename = 'vistrails/' . $filename . ".png"; //this request is cached only on the server side $request = xmlrpc_encode_request("get_vt_graph_png", array($host, $port, $dbname, $vtid, $USE_LOCAL_VISTRAILS_SERVER)); $response = do_call($VT_HOST, $VT_PORT, $request); $result = clean_up($response, $filename); list($width, $height, $type, $attr) = getimagesize($PATH_TO_GRAPHS . $result); if ($width > 400) { $width = 400; } $res = '<a href="' . $URL_TO_DOWNLOAD . '?' . $linkParams . '">'; $res = $res . '<img src="' . $URL_TO_GRAPHS . $result . "\" alt=\"vt_id:{$vtid}\" width=\"{$width}\"/>"; $res = $res . '</a>'; return $res; } elseif (strcasecmp($showWorkflow, 'True') == 0) { $filename = md5($host . '_' . $dbname . '_' . $port . '_' . $vtid . '_' . $version); $filename = 'workflows/' . $filename . ".png"; $fullpath = $PATH_TO_GRAPHS . $filename; $cached = file_exists($fullpath); if ($USE_LOCAL_VISTRAILS_SERVER or (!$cached or strcasecmp($force_build, 'True') == 0)) { $request = xmlrpc_encode_request("get_wf_graph_png", array($host, $port, $dbname, $vtid, $version, $USE_LOCAL_VISTRAILS_SERVER)); $response = do_call($VT_HOST, $VT_PORT, $request); $result = clean_up($response, $filename); } else { $result = $filename; } list($width, $height, $type, $attr) = getimagesize($PATH_TO_GRAPHS . $result); if ($width > 400) { $width = 400; } $res = '<a href="' . $URL_TO_DOWNLOAD . '?' . $linkParams . '">'; $res = $res . '<img src="' . $URL_TO_GRAPHS . $result . "\" alt=\"vt_id:{$vtid} version:{$version}\" width=\"{$width}\"/>"; $res = $res . '</a>'; return $res; } else { $result = ''; $destdir = $PATH_TO_IMAGES; $destversion = $host . '_' . $dbname . '_' . $port . '_' . $vtid . '_' . $version; $destversion = md5($destversion); $destdir = $destdir . $destversion; $build_always_bool = False; if (strcasecmp($force_build, 'True') == 0) { $build_always_bool = True; } if (!path_exists_and_not_empty($destdir) or strcasecmp($force_build, 'True') == 0) { if (!file_exists($destdir)) { mkdir($destdir, 0770); chmod($destdir, 0770); } if (!$USE_VISTRAILS_XML_RPC_SERVER) { chdir($PATH_TO_VISTRAILS); $setVariables = 'export PATH=$PATH:/usr/bin/X11;export HOME=/var/lib/wwwrun; export TEMP=/tmp; export DISPLAY=localhost:1.0; export LD_LIBRARY_PATH=/usr/local/lib;'; $mainCommand = 'python vistrails/run.py -b -e ' . $destdir . ' -t ' . host . ' -r ' . $port . ' -f ' . $dbname . ' -u ' . username . ' "' . $vtid . ':' . $version . '"'; $result = exec($setVariables . $mainCommand . ' 2>&1', $output, $result); } else { $request = xmlrpc_encode_request('run_from_db', array($host, $port, $dbname, $vtid, $destdir, $version, False, '', $build_always_bool, '', $USE_LOCAL_VISTRAILS_SERVER)); $response = do_call($VT_HOST, $VT_PORT, $request); $result = multiple_clean_up($response, $destdir); } } } $files = scandir($destdir); $n = sizeof($files); if ($n > 2) { $res = '<a href="' . $URL_TO_DOWNLOAD . '?' . $linkParams . '">'; foreach ($files as $filename) { if ($filename != '.' and $filename != '..') { list($width, $height, $type, $attr) = getimagesize($destdir . '/' . $filename); if ($width > 350) { $width = 350; } $res = $res . '<img src="' . $WEB_PATH_TO_IMAGES . $destversion . '/' . $filename . "\" alt=\"vt_id:{$vtid} version:{$version}\" width=\"{$width}\"/>"; } } $res = $res . '</a>'; } else { $res = "ERROR: Vistrails didn't produce any image.\n" . "This is the output: \n" . $result; } return $res; }
if ($result = mysql_db_query("rowanprep", "SELECT * FROM lessons WHERE lesson_key LIKE '{$lesson}'")) { $row = mysql_fetch_assoc($result); if (mysql_num_rows($result) !== 0) { $addnew = false; } } } $student = clean_up($_POST["student"]); $teacher = clean_up($_POST["teacher"]); $teacher_type = clean_up($_POST["teacher_type"]); $duration = clean_up($_POST["duration"]); $day = clean_up($_POST["day"]); $semester = clean_up($_POST["semester"]); $year = clean_up($_POST["year"]); $instrument = clean_up($_POST["instrument"]); $tuition_due = clean_up($_POST["tuition_due"]); $total_lessons = clean_up($_POST["total_lessons"]); $pay_rate = clean_up($_POST["pay_rate"]); if ($addnew) { $sql = "INSERT INTO lessons (student, teacher, teacher_type, duration, day, semester, year, instrument, tuition_due, total_lessons, pay_rate) VALUES ('{$student}', '{$teacher}', '{$teacher_type}', '{$duration}', '{$day}', '{$semester}', '{$year}', '{$instrument}', '{$tuition_due}', '{$total_lessons}', '{$pay_rate}')"; } else { $sql = "UPDATE lessons SET student='{$student}', teacher='{$teacher}', teacher_type='{$teacher_type}', duration='{$duration}', day='{$day}', semester='{$semester}', year='{$year}', instrument='{$instrument}', tuition_due='{$tuition_due}', total_lessons='{$total_lessons}', pay_rate='{$pay_rate}' WHERE lesson_key = '{$lesson}'"; } $link = connectDB(); $results = mysql_db_query("rowanprep", $sql); if (!$results) { echo 'Input failed...<br>'; echo mysql_errno($link) . ": " . mysql_error($link) . "\n"; } else { header("Location:../../reports.php?tab=lessons"); }
<?php if (isset($_GET['userexists'])) { $ue = clean_up($_GET['userexists']); } else { $ue = 0; } ?> <div class="container"> <div style="margin-top:10px;" class="mainbox col-md-12 text-center"> <form action="core/database/add-user.php" class="form-horizontal" method="post" onsubmit="validate()"> <fieldset> <legend><div class="row text-center">Create a New User <?php if ($ue != 0) { echo '<br><h5>USER NAME ALREADY EXISTS!</h5>'; echo '<h5>Please choose a different username!</h5>'; } ?> </div></legend> <form class="form-horizontal"> <fieldset> <div class="form-group"> <label class="col-md-3 control-label" for="textinput"></label> <div class="col-md-6"> <input id="textinput" name="user_name" type="text" placeholder="User Name" class="form-control input-md" required=""> </div>
function add_directory_listing($dir, $disabled, $makediff, $stats, &$list) { global $diffpath; $handle = opendir($dir); while (($entry = readdir($handle)) !== false) { if ($entry != '.' && $entry != '..') { $type = filetype($dir . $entry); if ($type == 'file') { $file = $dir . $entry; $hash = get_file_hash($file); $parsed = array('file' => $file, 'hash' => $hash); $parsed['state'] = 'New'; $parsed['staged'] = 'N'; if ($makediff) { $command = $diffpath; $args = array('-u', '/dev/null', $parsed['file']); $h = start_command($command, $args); close_stdin($h); $diff = htmlentities(get_all_data($h)); clean_up($h); } else { $diff = false; } list($str, $prefix) = html_file($file, $parsed['state'], $parsed['staged'], $parsed['hash'], $diff, $disabled); echo $str; $parsed['prefix'] = $prefix; $list[] = $parsed; } elseif ($type == 'dir') { add_directory_listing($dir . $entry . '/', $disabled, $makediff, $stats, $list); } else { interpret_not_supported($dir . $entry, __FILE__, __LINE__); } } } return $list; }
<?php require 'connect.php'; $username = clean_up($_POST["username"]); $firstname = clean_up($_POST["firstname"]); $lastname = clean_up($_POST["lastname"]); $password = clean_up($_POST["password"]); $email = clean_up($_POST["email"]); if ($insert = $db->query("INSERT INTO users (username, password, first_name, last_name, email)\n\t\t\t\t\t\t\t VALUES ('{$username}', '{$password}', '{$firstname}', '{$lastname}', '{$email}')")) { header("Location: ../../registration-successful.php"); die; } else { echo "insert failed."; header("Location: ../../register.php"); } $db->close();
<?php require '../init.php'; if (!isAdmin($_SESSION['id'])) { header("../../index.php"); } $username = clean_up($_POST["username"]); $email = clean_up($_POST["email"]); $admin = clean_up($_POST["admin"]); $password = random_password(10); /* Prepared statement, stage 1: prepare */ $link = connectDB(); if ($result = mysql_db_query("rowanprep", "INSERT INTO users (username, password, email, admin) VALUES ('{$username}', '{$password}', '{$email}', '{$admin}')")) { $msg = "An account has been registered with this email address at elvis.rowan.edu/rowanprep."; $msg .= "\nPlease sign in using your username.\nAuto-generated password: "******"\n\n\nContact Anna at Rowan Prep if you have troubles signing in. Thanks,\nRowan Prep"; $subj = "Rowan Prep User Information - DO NOT REPLY"; mail($email, $subj, $msg, "From: Rowan Prep"); header("Location: ../../admin.php"); die; } else { echo "insert failed." . $db->error; } ?>
require '../init.php'; $addnew = true; if (isset($_GET['class'])) { $class_id = clean_up($_GET['class']); if ($result = mysql_db_query("rowanprep", "SELECT * FROM classes WHERE class_id_key LIKE '{$class_id}'")) { $row = mysql_fetch_assoc($result); if (mysql_num_rows($result) !== 0) { $addnew = false; } } } $class_name = clean_up($_POST["class_name"]); $teacher = clean_up($_POST["teacher"]); $pay_rate = clean_up($_POST["pay_rate"]); $day = clean_up($_POST["day"]); $semester = clean_up($_POST["semester"]); $year = clean_up($_POST["year"]); $total_number = clean_up($_POST["total_number"]); if ($addnew) { $sql = "INSERT INTO classes (class_name, teacher, pay_rate, day, semester, year, total_number) VALUES ('{$class_name}', '{$teacher}', '{$pay_rate}', '{$day}', '{$semester}', '{$year}', '{$total_number}')"; } else { $sql = "UPDATE classes SET class_name='{$class_name}', teacher='{$teacher}', pay_rate='{$pay_rate}', day='{$day}', semester='{$semester}', year='{$year}', total_number='{$total_number}' WHERE class_id = '{$class_id}'"; } $link = connectDB(); $results = mysql_db_query("rowanprep", $sql); if (!$results) { echo 'Input failed...<br>'; echo mysql_errno($link) . ": " . mysql_error($link) . "\n"; } else { header("Location:../../reports.php?tab=classes"); }