function displayOverdueBooks($mid){ $sql = 'SELECT * FROM member WHERE mid=' . $mid; $rs = executeSqlQuery($sql); $rMember = mysql_fetch_assoc($rs); $sql = sprintf("SELECT l.*, c.*, b.* FROM " . "(loan l LEFT JOIN copy c ON l.copy=c.cid) LEFT JOIN book b ON c.bid=b.bid WHERE l.returned=0 AND l.date_due < '%s' AND l.member=%d", date("Y-m-d G:i:s"), $rMember['mid']); $rsBooks = executeSqlQuery($sql); $noBooks = mysql_num_rows($rsBooks); $str1 = '<table>' . '<tr>' . '<td colspan=3><strong>' . $rMember['title'] . ' ' . $rMember['firstnames'] . ' ' . $rMember['surname'] . '</strong></td>' . '</tr>'; $str2 = ''; while($rBook = mysql_fetch_assoc($rsBooks)){ $str2 = $str2 . '<tr>' . '<td>' . '[' . $rBook['access_no'] . ']' . '</td>' . '<td>' . '(' . date("y-m-d", strtotime($rBook['date_loaned'])) . ' » ' . date("y-m-d", strtotime($rBook['date_due'])) . ')' . '</td>' . '<td>' . "<a href='book_view.php?ID=" . $rBook['bid'] . "'>" . $rBook['title'] . '</a>' . '</td>' . '</tr>'; } $str3 = '</table>'; return $str1 . $str2 . $str3; }
function getPastLoansByMember($member){ if(is_null($member)){ trigger_error('getPastLoansByMember: The member is not valid', E_USER_ERROR); exit(); } $sql = sprintf("select l.lid, l.member mid, l.copy cid, l.date_loaned, l.date_due, l.date_returned, " . "l.loaned_by, c.access_no, b.bid, b.title, b.authors " . "FROM ( (loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) " . "WHERE (l.returned=1 AND l.member=%d)", $member['mid']); $rs = executeSqlQuery($sql); return $rs; }
function login($usr,$pwd){ //[Verify that the inputs are good] ------------------------------ if($usr == ''){ $msg = 'Username is blank.<br>Please enter a valid username'; $title = 'Username is Blank'; $backlink = 'index.php'; displayMsg($msg, $title, $backlink); } if($pwd == ''){ $msg = 'Password is blank.<br>Please enter a valid password'; $title = 'Password is Blank'; $backlink = 'index.php'; displayMsg($msg, $title, $backlink); } //[Get the user entry] ------------------------------ $sql = "SELECT * FROM member WHERE username = '******'"; $rs = executeSqlQuery($sql); $rowcount = mysql_num_rows($rs); if ($rowcount==1){ $row = mysql_fetch_assoc($rs); if($row["password"]==md5($pwd)){ // Passwords match $_SESSION['CurrentUser'] = $row; // logEvent('LOGIN',$row['mid'],$row['mid'], addslashes($row['title'] . ' ' . $row['firstnames'] . ' ' . $row['surname'])); if (isset($_SESSION['BackLink']) && ($_SESSION['BackLink']!="")){ header("Location: " . $_SESSION['BackLink']); exit(); } else { header("Location: index.php"); exit(); } } else { // Password doesn't match $msg = "Password for the user <strong>$usr</strong> is incorrect.<br>Please try again."; $title = 'Incorrect Password'; $backlink = 'index.php'; displayMsg($msg, $title, $backlink); } } elseif($rowcount==0) { // The user was not found $msg = "The user <strong>$usr</strong> was not found.<br>Please try again."; $title = 'User not Found'; $backlink = 'index.php'; displayMsg($msg, $title, $backlink); } else { trigger_error("DATA INTEGRITY ERROR: while accessing user: <strong>$usr</strong><br>The admin was notified.", E_USER_ERROR); exit(); } }
<?php /** * @author * @copyright 2010 */ include "connection.php"; if (isset($_GET['appid'])) { $sqlstr = "select signname,signtype,signsize,signcontent from uploadfile where appid ='" . Remove_SQLi(htmlspecialchars(trim($_GET['appid']))) . "'"; $application = executeSqlQuery($sqlstr); $row = mysql_fetch_array($application); header("Content-length: " . $row["signsize"]); header("Content-type: " . $row["signtype"]); header("Content-Disposition: attachment; filename=" . $row["signname"]); echo $row["signcontent"]; exit; } else { echo "<script type=\"text/javascript\">alert(\"ERROR:: Registration No. is not entered properly. Pls Check\")</script>"; }
// Check availability $sqlLoans = sprintf("SELECT * FROM loan WHERE copy=%d AND returned=0",$cid); $recordsetLoans = executeSqlQuery($sqlLoans); $NoOfLoans = mysql_num_rows($recordsetLoans); if($NoOfLoans == 0) { $CopiesString = $CopiesString . "(available)"; } else if ($NoOfLoans == 1 ){ $rowLoan = mysql_fetch_assoc($recordsetLoans); $mid = $rowLoan['member']; $due = $rowLoan['date_due']; // Get member info $sqlMember = sprintf("SELECT * FROM member WHERE mid=%d",$mid); $recordsetMembers = executeSqlQuery($sqlMember); $rowMember = mysql_fetch_assoc($recordsetMembers); if($rowMember) { $MemberName = $rowMember['title'] . " " . $rowMember['firstnames'] . " " . $rowMember['surname']; $CopiesString = $CopiesString . "(with " . $MemberName . ")"; } mysql_free_result($recordsetMembers); } else if ($NoOfLoans > 1 ){ $CopiesString = $CopiesString . "(<strong>Data Error</strong>)"; } mysql_free_result($recordsetLoans); } mysql_free_result($recordsetCopies); ?> <br> <?php echo $CopiesString; ?>
function IsReserved($bid){ // returns a bool $sql = sprintf("SELECT * FROM reservation WHERE (status='Active' OR status='Available') AND bid=%d", $bid); $rs = executeSqlQuery($sql); $cnt = mysql_num_rows($rs); if($cnt>0){ return true; } else{ return false; } }
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Pusthaka. If not, see <http://www.gnu.org/licenses/>. */ $allow = "ADMIN;LIBSTAFF;PATRON"; $PageTitle = " My Loans"; include('../inc/init.php'); $sql = sprintf("select l.lid, l.member mid, l.copy cid, l.date_loaned, l.date_due, " . "l.loaned_by, c.access_no, b.* " . "FROM ( (loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) " . "WHERE (l.returned=0 AND l.member=%d)", $_SESSION['CurrentUser']['mid']); $rsL = executeSqlQuery($sql); $rowcountL = mysql_num_rows($rsL); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Pusthaka: <?php echo $PageTitle; ?></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="css/styles.css" rel="stylesheet" type="text/css"> <script language="JavaScript" src="js/gen_validatorv2.js" type="text/javascript"></script> </head> <body> <?php include("../inc/top.php"); ?> <table width="100%" border="0" cellspacing="0" cellpadding="0">
<td colspan="5"><select name="type" id="type"> <option value="<?php echo $row['type']; ?>" selected><?php echo $row['type']; ?></option> <?php $sqlType = sprintf("SELECT DISTINCT type FROM member ORDER BY type"); $rsType = executeSqlQuery($sqlType); while($rowType = mysql_fetch_array($rsType)){ echo "<option value='" . $rowType[0] . "'>" . $rowType[0] . "</option>"; } ?> </select> Lending Category <select name="category" id="category"> <option value="<?php echo $row['category']; ?>" selected><?php echo $row['category']; ?></option> <?php $sqlT = sprintf("SELECT DISTINCT member_type FROM lending_settings ORDER BY member_type"); $rsT = executeSqlQuery($sqlT); while($rowT = mysql_fetch_array($rsT)){ echo "<option value='" . $rowT[0] . "'>" . $rowT[0] . "</option>"; } ?> </select> Login Type <select name="login_type" id="login_type"> <option value="<?php echo $row['login_type']; ?>" selected><?php echo $row['login_type']; ?></option> <option value='ADMIN'>ADMIN</option> <option value='LIBSTAFF'>LIBSTAFF</option> <option value='PATRON'>PATRON</option> </select> Status <select name="expired" id="expired"> <option value="<?php echo $row['expired']; ?>" selected><?php if($row['expired']==0)echo 'Valid'; else echo 'Expired' ?></option>
* Pusthaka is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Pusthaka. If not, see <http://www.gnu.org/licenses/>. */ $allow = "ALL"; $PageTitle = "Purchase Requests"; include('../inc/init.php'); // Retrieve records $sql = "SELECT * FROM prequests ORDER BY title, dt"; $recordset = executeSqlQuery($sql); $rowcount = mysql_num_rows($recordset); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Pusthaka: <?php echo $PageTitle; ?></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="css/styles.css" rel="stylesheet" type="text/css"> </head> <body> <?php include("../inc/top.php"); ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr>
* Pusthaka is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Pusthaka. If not, see <http://www.gnu.org/licenses/>. */ $allow = "ADMIN;LIBSTAFF"; $PageTitle = "Loans"; include('../inc/init.php'); $sql = sprintf("SELECT l.*, m.*, c.*, b.* FROM " . "((loan l LEFT JOIN member m ON l.member=m.mid) LEFT JOIN copy c ON l.copy=c.cid) LEFT JOIN book b ON c.bid=b.bid WHERE returned=0"); $rsBooks = executeSqlQuery($sql); $noOnLoan = mysql_num_rows($rsBooks); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Pusthaka: <?php echo $PageTitle; ?></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="css/styles.css" rel="stylesheet" type="text/css"> <script language="JavaScript" src="js/gen_validatorv2.js" type="text/javascript"></script> </head> <body>
function changeBarcode($copy, $barcode) { $sql = sprintf("SELECT * FROM copy WHERE barcode='%s'", $barcode); $rs = executeSqlQuery($sql); $cnt = mysql_num_rows($rs); if ($cnt > 0) { //Specified barcode already exist $msg = "The barcode <strong>$barcode</strong> already exists!<br>Barcode was not changed<hr>" . $this->toStringCopy($copy) . '<hr>' . "<a href='book_copy_edit.php?ID=$cid'>Edit This Copy Again</a> | <a href='book_edit.php?ID=$bid'>Edit the Associated Book</a> | <a href='book_search.php'>Browse Books</a>"; $title = 'No Changes Made'; displayMsg($msg, $title); } $sql = sprintf("update copy set barcode='%s' WHERE cid=%d", $barcode, $copy['cid']); $a = executeSqlNonQuery($sql); $rows_affected = $a['rows']; $bid = $copy['bid']; $cid = $copy['cid']; if ($rows_affected == 1) { //[Log Event]--------------------------- $des = '[' . $copy['barcode'] . "] ==> [$barcode]"; logEvent('BOOK_BARCODE', $_SESSION['CurrentUser']['mid'], 0, addslashes($des)); //[Display message] ------------------------------ $msg = "Barcode Changed to: $barcode<br>Copy Details before the change are:<hr>" . $this->toStringCopy($copy) . '<hr>' . "<a href='book_copy_edit.php?ID=$cid'>Edit This Copy Again</a> | <a href='book_edit.php?ID=$bid'>Edit the Associated Book</a> | <a href='book_search.php'>Browse Books</a>"; $title = 'Copy Updated'; displayMsg($msg, $title); } elseif ($rows_affected == 0) { $msg = 'Barcode was not changed, because you had specified the old barcode as the new one.<hr>' . $this->toStringCopy($copy) . '<hr>' . "<a href='book_copy_edit.php?ID=$cid'>Edit This Copy Again</a> | <a href='book_edit.php?ID=$bid'>Edit the Associated Book</a> | <a href='book_search.php'>Browse Books</a>"; $title = 'No Changes Made'; displayMsg($msg, $title); } }
<?php include "connection.php"; if (isset($_GET["appid"]) && isset($_GET["pin"])) { $appid = trim($_GET["appid"]); $pin = trim($_GET["pin"]); $folder = "photo/"; $trans = array("/" => "_"); $filename = strtr($appid, $trans); $filename2 = $filename . "_" . "1" . ".jpg"; $filename3 = $filename . "_" . "2" . ".jpg"; $sqlstr = "SELECT a.appid,a.post,c.Desc as category,a.aname,a.nationality,a.father,a.dob,a.age_yr,a.mobile,a.pre_address,\r\nb1.block_muni_nm as block1,\r\nsd1.subdiv as subdiv1,a.pre_dist,a.pre_pin,a.pre_state,a.perm_address,b2.block_muni_nm as block2,sd2.subdiv as subdiv2,\r\na.perm_dist,a.perm_pin,a.perm_state,a.m_inst,a.m_year,a.m_total,a.m_marks,a.m_percent,a.m_grade,a.h_inst,a.h_year,a.h_total,\r\na.h_marks,a.h_percent,a.h_grade,a.g_inst,a.g_year,a.g_total,a.g_marks,a.g_percent,a.g_grade,a.p_inst,a.p_year,a.p_total,a.p_marks,a.p_percent,a.p_grade,a.oth_inst,a.oth_year,a.oth_total,a.oth_marks,a.oth_percent,a.oth_grade,\r\na.cert_inst,a.cert_year,a.cert_total,a.cert_marks,a.cert_percent,a.cert_grade,a.email,a.exprience,s1.StateName As State1,s2.StateName As State2,g.Gender,p.PostName as Postname from ((((((((( applicant as a inner join sex as g on a.sex=g.Code) inner join post as p on a.post = p.PostCode) inner join state as s1 on a.pre_state=s1.Code) inner join state as s2 on a.perm_state=s2.Code)inner join block_muni as b1 on a.pre_block=b1.block_municd)\r\ninner join block_muni as b2 on a.perm_block=b2.block_municd)inner join subdivision as sd1 on a.pre_subdiv=sd1.sdiv_cd)inner join subdivision as sd2 on a.perm_subdiv=sd2.sdiv_cd)inner join cast as c on a.category=c.Code)where a.appid = '" . $appid . "' and md5(md5(`pin`)+111111)='" . $pin . "'"; $result = executeSqlQuery($sqlstr); if ($row = mysql_fetch_array($result)) { } else { header("Location: Add_image.php"); exit; } } else { header("Location: Application_Reprint.php"); exit; } ?> <html> <head> <title>Application Print</title> <style type="text/css"> body { bgcolor:white; color:black; font-family : verdana;
* You should have received a copy of the GNU General Public License * along with Pusthaka. If not, see <http://www.gnu.org/licenses/>. */ // $allow = "ADMIN;LIBSTAFF"; $allow = "ADMIN"; $PageTitle = "Edit Book"; include('../inc/init.php'); $bks = new Books; /** Update 200701 inventory correctness check */ $iBID = isset($_REQUEST['ID'])?$_REQUEST['ID']:$_REQUEST['bid']; // check the status of this book $sql3 = "SELECT * FROM book_check WHERE name='200701' AND bid=" . $iBID; $rs3 = executeSqlQuery($sql3); $rowcount3 = mysql_num_rows($rs3); if($rowcount3>0){ // already checked-in $already_checked = true; $checkRow = mysql_fetch_assoc($rs3); } else { $already_checked = false; } // set this book as checked if(isset($_POST['BtnCheckBook'])){ $current_time = date("Y-m-d G:i:s"); $sql4 = sprintf("INSERT into book_check (name, datetime, bid, checked, mid, comments) VALUES ('200701','%s',%d,1,%d,'')", $current_time, $iBID, $_SESSION['CurrentUser']['mid']); $a = executeSqlNonQuery($sql4); $rowsUpdated = $a['rows'];
function CalcDateDue($rowCopy, $rowMember, $date_loaned){ // Retrieve from DB the number of days allowed on loan for this book's lending type to this member category $sql = sprintf("select * from lending_settings where book_type='%s' AND member_type='%s'", $rowCopy['lending_type'], $rowMember['category']); $rs = executeSqlQuery($sql); $cnt = mysql_num_rows($rs); if ($cnt==0){ // No entry $_SESSION['msg'] = "The lending settings for this (member category <--> book lending type) is not defined.<br>" . "Member Category = " . $rowMember['category'] . ", Book Lending Type = " . $rowCopy['lending_type'] . "<br>" . "Please ask the SYS ADMIN to define these settings."; $_SESSION['msgIcon'] = 'ERROR'; header("Location: " . $_SERVER['PHP_SELF']); exit(); } elseif ($cnt==1){ //There is an entry $sr = mysql_fetch_assoc($rs); // (Lending) Settings Row } elseif($cnt>1){ // Duplicate entry $_SESSION['msg'] = "ERROR: The lending_settings table contains a duplicate entry for:<br>" . "Member Category = " . $rowMember['category'] . ", Book Lending Type = " . $rowCopy['lending_type'] . "<br>" . "Please ask the SYS ADMIN to fix this error"; $_SESSION['msgIcon'] = 'ERROR'; return false; } else { // Just in case $_SESSION['msgFR'] = "An un-identified error occurred."; $_SESSION['msgFRIcon'] = 'ERROR'; return false; } $days_allowed = $sr['days_allowed']; $dt = strtotime($date_loaned); $y = date("Y",$dt); $m = date("m",$dt); $d = date("d",$dt); $dueDateTS = mktime(0,0,0,$m,$d+$days_allowed,$y); $dueDate = date("Y-m-d G:i:s",$dueDateTS); return $dueDate; }
function check_appid($appid, &$pin) { $email = ""; $sqlstr = "select * from applicant where appid = '" . Remove_SQLi($appid) . "'"; $rec = executeSqlQuery($sqlstr); if ($row = mysql_fetch_array($rec)) { $email = $row["email"]; $pin = $row["pin"]; } else { $email = ""; $pin = ""; } return $email; }
function changeBarcode($member, $barcode){ $sql = sprintf("SELECT * FROM member WHERE barcode='%s'", $barcode); $rs = executeSqlQuery($sql); $cnt = mysql_num_rows($rs); if($cnt>0){ //Specified barcode already exist $midT = $member['mid']; $msg = "The barcode <strong>$barcode</strong> already exists!<br>Barcode was not changed<hr>" . $this->toString($member) . '<hr>' . "<a href='member_edit.php?ID=$midT'>Edit Again</a> | <a href='member_view.php?ID=$midT'>View Full Details</a> | <a href='member_browse.php'>Browse Members</a>"; $title = 'No Changes Made'; displayMsg($msg,$title); } $sql = sprintf("update member set barcode='%s' WHERE mid=%d", $barcode, $member['mid']); $a = executeSqlNonQuery($sql); $rows_affected = $a['rows']; $midT = $member['mid']; if ($rows_affected == 1) { //[Log Event]--------------------------- $des = '[' . $member['barcode'] . "] ==> [$barcode]"; logEvent('MEMBER_BARCODE', $_SESSION['CurrentUser']['mid'], $member['mid'], addslashes($des)); //[Display message] ------------------------------ $msg = "Barcode Changed to: <strong>$barcode</strong><br>Member Details before the change are:<hr>" . $this->toString($member) . '<hr>' . "<a href='member_edit.php?ID=$midT'>Edit Again</a> | <a href='member_view.php?ID=$midT'>View Full Details</a> | <a href='member_browse.php'>Browse Members</a>"; $title = 'Member Barcode Changed'; displayMsg($msg,$title); } elseif ($rows_affected == 0) { $msg = 'Barcode was not changed, because you had specified the old barcode as the new one.<hr>' . $this->toString($member) . '<hr>' . "<a href='member_edit.php?ID=$midT'>Edit Again</a> | <a href='member_view.php?ID=$midT'>View Full Details</a> | <a href='member_browse.php'>Browse Members</a>"; $title = 'No Changes Made'; displayMsg($msg, $title); } }
$sql = sprintf("select l.lid, l.member mid, l.copy cid, l.date_loaned, l.date_due, " . "l.loaned_by, c.*, b.bid, b.title, b.authors " . "FROM ( (loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) " . "WHERE (l.returned=0 AND l.member=%d)", $mid); $rsL = executeSqlQuery($sql); $rowcountL = mysql_num_rows($rsL); // ------------------------------------------------------------------------------------ // Get outstanding payments into $rsOP $sql = 'SELECT * FROM payable WHERE mid=' . $mid; $rsOP = executeSqlQuery($sql); $outstandingPayments = 0; while($r = mysql_fetch_assoc($rsOP)){ $outstandingPayments += $r['amount']; } $rsOP = executeSqlQuery($sql); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Pusthaka: <?php echo $PageTitle; ?></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="css/styles.css" rel="stylesheet" type="text/css"> <link href="css/ir2.css" rel="stylesheet" type="text/css"> </head> <body <?php if(!isset($_SESSION['Confirm'])) { echo "onload='ir2.Number.focus();'"; } else {echo "onload='ir2.BtnConfirmYes.focus();'";}?> > <?php include("../inc/top.php"); ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td class="margin"><table width="100%" border="0">
function appid_exists($appid) { $retval = false; $sqlstr = "select * from uploadfile where appid = '" . Remove_SQLi($appid) . "'"; $rec = executeSqlQuery($sqlstr); if ($row = mysql_fetch_array($rec)) { $retval = true; } else { $retval = false; } return $retval; }
<?php $sdid = $_GET["sdid"]; include "connection.php"; $sqlQList = "Select * from block_muni where sdiv_cd='" . $sdid . "'"; $QList1 = executeSqlQuery($sqlQList); while ($row1 = mysql_fetch_array($QList1)) { ?> <option value="<?php echo $row1["block_muni_nm"]; ?> "><?php echo $row1["block_muni_nm"]; ?> </option> <?php }
$rowNo = $_GET["rowNo"]; include "connection.php"; ?> <tr> <td height="48" bgcolor="#FFFFFF"> <div align="center"> <select class="listMenu" name="ed00<?php echo $rowNo + 1; ?> " id="ed00<?php echo $rowNo + 1; ?> "> <?php $sqlquali = "select * from qualification"; $exam = executeSqlQuery($sqlquali); echo "<option value=\"0\">--Select Examination Passed--</>"; while ($row = mysql_fetch_array($exam)) { ?> <option value="<?php echo $row["desc"]; ?> "><?php echo $row["desc"]; ?> </option> <?php } ?> </select> </div>
function GetappId($post) { $slno = ""; $sqlstr = "select * from post where PostCode = '" . Remove_SQLi($post) . "'"; $maxno = executeSqlQuery($sqlstr); if ($row = mysql_fetch_array($maxno)) { $slno = $row["abbr"] . "/" . $row["SlNo"]; $str = "update post set SlNo = SlNo + 1 where PostCode = '" . Remove_SQLi($post) . "'"; executeSqlQuery($str); } else { echo "<script type=\"text/javascript\">alert(\"ERROR :: Registration No not Set in Database. Please call admin\")</script>"; } return $slno; }
function check_pin_appid($pin, $appid) { $retval = false; $sqlstr = "select * from applicant where appid = '" . Remove_SQLi($appid) . "' and pin = '" . Remove_SQLi($pin) . "'"; $rec = executeSqlQuery($sqlstr); if ($row = mysql_fetch_array($rec)) { $retval = true; } else { $retval = false; } return $retval; }
<strong> <font color="#003399" size="1" face="Arial, Helvetica, sans-serif">Institute</font> </strong> </div> </div> </td> <td width="18%"> <div align="center"><strong><font color="#003399" size="1" face="Arial, Helvetica, sans-serif">Course Duration (in Month)</font></strong></div> </td> </tr> <?php $sqlcomp = "select * from compknowledge where appid='" . $appid . "' order by id asc"; $compList = executeSqlQuery($sqlcomp); while ($compRow = mysql_fetch_array($compList)) { ?> <tr> <td height="22"> <div align="center"> <font size="1" face="Arial, Helvetica, sans-serif"> <strong> <?php if ($compRow["course"] != "") { echo $compRow["course"]; } else { echo "------"; } ?> </strong>
$date_end = $y . '-' . $m . '-' . $d . " 23:59:59"; } if($_REQUEST['IR']=='Issues'){ $sql = sprintf("select l.lid, l.copy cid, l.date_loaned, l.date_due, l.date_returned, " . "l.loaned_by, c.access_no, b.*, m.mid, concat(m.title, ' ', m.firstnames, ' ', m.surname) AS member_name " . "FROM ( ((loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) LEFT JOIN member m ON m.mid =l.member ) " . "WHERE (l.date_loaned > '%s' AND l.date_loaned < '%s') ORDER BY date_loaned DESC", $date_start, $date_end); $rs1 = executeSqlQuery($sql); $rs1count = mysql_num_rows($rs1); } elseif($_REQUEST['IR']=='Returns'){ $sql = sprintf("select l.lid, l.copy cid, l.date_loaned, l.date_due, l.date_returned, " . "l.loaned_by, c.access_no, b.*, m.mid, concat(m.title, ' ', m.firstnames, ' ', m.surname) AS member_name " . "FROM ( ((loan l LEFT JOIN copy c ON l.copy = c.cid) LEFT JOIN book b ON c.bid=b.bid) LEFT JOIN member m ON m.mid =l.member ) " . "WHERE (l.date_returned > '%s' AND l.date_returned < '%s') ORDER BY date_returned DESC", $date_start, $date_end); $rs2 = executeSqlQuery($sql); $rs2count = mysql_num_rows($rs2); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Pusthaka: <?php echo $PageTitle; ?></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="css/styles.css" rel="stylesheet" type="text/css"> <script language="JavaScript" src="js/gen_validatorv2.js" type="text/javascript"></script> </head> <body>
$img = new Securimage(); $valid = $img->check($_POST['code']); $sqlstr = "SELECT * FROM user where userid ='" . Remove_SQLi(htmlspecialchars($_POST['user'])) . "' AND md5(concat(md5(`pass`),md5('" . $_POST['LoginToken'] . "')))='" . Remove_SQLi(htmlspecialchars($_POST['passWD'])) . "'"; $result = executeSqlQuery($sqlstr); $row = mysql_fetch_array($result); if ($row != NULL && $valid) { session_regenerate_id(); $_SESSION['userid'] = $row['userid']; $_SESSION['ID'] = session_id(); $action = "JustLoggedIn"; $Qry = "INSERT INTO audit_trail (`SessionID`,`IP`,`Referrer`,`UserAgent`,`UserID`,`URL`,`Action`,`Method`,`URI`) values" . "('" . $_SESSION['ID'] . "','" . $_SERVER['REMOTE_ADDR'] . "','" . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . "','" . $_SERVER['HTTP_USER_AGENT'] . "','" . $_SESSION['userid'] . "','" . mysql_real_escape_string($_SERVER['PHP_SELF']) . "','Login: Success','" . mysql_real_escape_string($_SERVER['REQUEST_METHOD']) . "','" . mysql_real_escape_string($_SERVER['REQUEST_URI'] . $_SERVER['QUERY_STRING']) . "')"; executeSqlQuery($Qry); } else { $action = "NoAccess"; $Qry = "INSERT INTO audit_trail (`SessionID`,`IP`,`Referrer`,`UserAgent`,`UserID`,`URL`,`Action`,`Method`,`URI`) values" . "('" . $_SESSION['ID'] . "','" . $_SERVER['REMOTE_ADDR'] . "','" . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . "','" . $_SERVER['HTTP_USER_AGENT'] . "','" . $_POST['user'] . "','" . mysql_real_escape_string($_SERVER['PHP_SELF']) . "','Login: Failed','" . mysql_real_escape_string($_SERVER['REQUEST_METHOD']) . "','" . mysql_real_escape_string($_SERVER['REQUEST_URI'] . $_SERVER['QUERY_STRING']) . "')"; executeSqlQuery($Qry); } } } } ?> <html><head><title></title> </head> <body> <?php switch ($action) { case "LogOut": echo "<h2 align=\"center\">Thank You! You Have Successfully Logged Out!</h2>"; echo "<br><h2 align=\"center\"><a href=\"index.php\">Login</a></h2>"; break; case "JustLoggedIn":