function isinp($info = array("prompt" => "this is a prompt", "q" => array(array("bounce", "jump", "hop"), array("walk", "stroll", "ambulate")), "outcome" => array(0 => "fail", 1 => "success A", 2 => "success B")))
{
$option = 0;
$failure = $info["outcome"][$option];
$output = $info["outcome"][$option];
while ($output == $failure) {
sleep(2);
echo $info["prompt"] . "\n";
$inpstring = inp();
//retrieve user input and put it in variable
foreach ($info["q"] as $key => $action) {
foreach ($action as $word) {
if (stristr($inpstring, $word)) {
sleep(2);
//$option = $action + 1;
$output = $info["outcome"][$key + 1];
// . "\n";
break 1;
}
}
}
if ($output == $failure) {
sleep(1);
echo $output . "\n";
}
}
sleep(1);
echo $output . "\n";
//print_r($info["q"]);
}
function icocss_menu($p, $o, $rid)
{
$ret .= inp('inp', $p) . ' ';
$ret .= lj('', $rid . '_plug__2_icocss_icocss*j___inp', picto('reload')) . ' ';
$ret .= lj('', $rid . '_plug__2_icocss_icocss*build', picto('save')) . ' ';
return $ret;
}
public function index()
{
session_start();
$id0 = $_SESSION['customerid'];
$un0 = $_SESSION['username'];
$pw0 = $_SESSION['password'];
$t0 = $_SESSION['accesstime'];
$data['id0'] = $id0;
$data['un0'] = $un0;
$data['pw0'] = $pw0;
$data['t0'] = $t0;
$nowtime = time();
// echo $un0;
// echo $t0;
if ($nowtime - $t0 > 1440) {
session_destroy();
// echo $nowtime." | ";
// $tmp=$nowtime-$t0;
// echo $tmp;
header('Location:' . site_url('Login'));
exit;
}
$this->load->model("login_model");
$res0 = $this->login_model->validateprofile($un0);
$tmp = 0;
foreach ($res0 as $row0) {
$tmp = $tmp + 1;
}
// if(!($row0 = mysql_fetch_assoc($res0)))
if ($tmp == 0) {
//echo 111;
header('Location:' . site_url('Login'));
exit;
}
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//get search option
$this->load->model("search_model");
$search_res = $this->search_model->getcategory();
$data['search_res'] = $search_res;
//get the input
$productcategoryid = inp($_POST['productcategoryid']);
$productid = inp($_POST['productid']);
$this->load->model("search_model");
$product_res = $this->search_model->getproduct($productcategoryid, $productid);
$data['product_res'] = $product_res;
$data['productid_res'] = $productid;
//the search option
//save the search option
// $searchopt=
//echo $product_res;
//output
$this->load->view('search.php', $data);
}
function model_menu($p, $o, $rid)
{
$ret = select_j('inp', 'pfunc', '', 'model/model_r', '', '2');
//$ret.=togbub('plug','model_model*r',btn('popbt','select...'));
$ret .= inp('inp', $p) . ' ';
$ret .= lj('', $rid . '_plug__2_model_model*j___inp', picto('reload')) . ' ';
return $ret;
}
static function menu($p, $o, $rid)
{
$ret = inp('inp', $p) . ' ';
$ret .= lj('', $rid . '_app__2_model_build___inp', picto('reload')) . ' ';
//$cols='ib,val,to';//create table, name cols
//$ret.=lj('','popup_plupin___msqedit_model*1_'.$cols,picto('edit'));
return $ret;
}
function del_com($p, $o)
{
$rid = 'plg' . randid();
$id = 'del' . $o;
$ret .= inp('inp' . $o, $p ? $p : $o, atz(44)) . ' ';
$ret .= lj('popsav', $rid . '_plug___del_delj_' . $o . '__inp' . $o, 'delete') . ' ';
$ret .= btd($rid, '') . br();
return $ret;
}
public function index()
{
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$this->load->model("search_model");
$search_res = $this->search_model->getcategory();
$data['search_res'] = $search_res;
// echo "here ".$search_res;
if ($_POST['succeed'] == 'succeed') {
//php validate ([A-Z][a-z]*( |$))+
if (preg_match("/[^a-zA-Z0-9\\s]/", inp($_POST['customername']), $par1) || preg_match("/[^a-zA-Z0-9\\s]/", inp($_POST['customeraddress']), $par2) || preg_match("/[^0-9]/", inp($_POST['creditcard']), $par3) || !preg_match("/^\\d\\d\\d\$/", inp($_POST['securitycode']), $par4) || !preg_match("/^(([1-9])|(0[1-9])|(1[0-2]))\\/\\d\\d\$/", inp($_POST['expirationdate']), $par5) || preg_match("/[^a-zA-Z0-9]/", inp($_POST['username']), $par6) || preg_match("/[^a-zA-Z0-9]/", inp($_POST['password0']), $par7)) {
$errormsg = 'Sign up failed, please check all the input requirements';
$data['errormsg'] = $errormsg;
$this->load->view('signup.php', $data);
// $this->load->view('postlogin.html');
return;
}
$this->load->model("signup_model");
$res = $this->signup_model->insertcustomer(inp($_POST['customername']), inp($_POST['customeraddress']), inp($_POST['creditcard']), inp($_POST['securitycode']), inp($_POST['expirationdate']), inp($_POST['username']), inp($_POST['password0']));
//
// echo gothere;
$this->load->model("signup_model");
$res7 = $this->signup_model->getlastid();
$row7 = mysql_fetch_assoc($res7);
$lastid = $row7['LAST_INSERT_ID()'];
// echo $lastid;
// echo $lastid;
//build session
$_SESSION['username'] = inp($_POST['username']);
$_SESSION['password'] = inp($_POST['password0']);
//when to destroy? need a log out? how to set the timeout?
$_SESSION['customerid'] = $lastid;
$_SESSION['accesstime'] = time();
//echo $_SESSION['username'];
//echo $_SESSION['password'];
//echo $_SESSION['customerid'];
//echo $_SESSION['accesstime'];
//add some php validate
// header("Location: search.php");
//jump to that page
// $this->load->view('search.php',$data);
header('Location:' . site_url('Search'));
} else {
// $row2 = mysql_fetch_assoc($search_res);
// echo "got ".$row2['productcategoryid'];
$this->load->view('signup.php', $data);
}
// $this->load->view('welcome_message');
}
static function menu($p, $o, $rid)
{
$ret = inp('inp', $p ? $p : 1) . ' ';
$ret .= lj('', $rid . '_app___slides_j__' . $rid . '_inp', picto('reload')) . ' ';
if (auth(6)) {
$ret .= lj('', 'popup_plupin___msqedit_slides*' . $p . '_val', picto('edit')) . ' ';
$j = 'popup_msqledit___users_' . ajx(ses('nodslid')) . '_';
$ret .= lj('', $j . $p . '_1', picto('editxt')) . ' ';
$ret .= lj('', 'popup_plup___msqedit_msqdt*add_slides*' . $p . '_val', picto('add')) . ' ';
}
return divc('', $ret);
}
function plug_umglyphes($p, $o)
{
if ($o == '1') {
return ug_build($p);
}
$ret .= lj('', 'umglph___4', picto('del')) . ' ';
$ret .= inp('umglph', $p, atz('44')) . ' ';
$ret .= lj('popsav', 'umgl_plug___umglyphes_ug*build_' . ajx($p) . '__umglph', 'ok') . ' ';
$ret .= divd('umgl', ug_build($p)) . br();
$ret .= msqlink('', 'ummo_umvoc_1', '') . ' ';
$ret .= lkt('', '/plug/umvoc', picto('link'));
return $ret;
}
public function index()
{
session_start();
$id0 = $_SESSION['customerid'];
$un0 = $_SESSION['username'];
$pw0 = $_SESSION['password'];
$t0 = $_SESSION['accesstime'];
$data['id'] = $id0;
$data['un'] = $un0;
$data['pw'] = $pw0;
$data['t0'] = $t0;
$nowtime = time();
if ($nowtime - $t0 > 1440) {
session_destroy();
header('Location:' . site_url('Login'));
exit;
}
$this->load->model("login_model");
$res0 = $this->login_model->validateprofile($un0);
if (!($row0 = mysql_fetch_assoc($res0))) {
// echo lll;
header('Location:' . site_url('Login'));
exit;
}
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$errormsg = "";
if ($_POST['succeed'] == 'succeed') {
$this->load->model("accountinfo_model");
$res0 = $this->accountinfo_model->updatecustomer(inp($_POST['username']), inp($_POST['password0']), inp($_POST['customername']), inp($_POST['customeraddress']), inp($_POST['creditcard']), inp($_POST['securitycode']), inp($_POST['expirationdate']), $id0);
$errormsg = "Your infomation has been successfully saved.";
}
$data['errormsg'] = $errormsg;
$this->load->model("accountinfo_model");
$res3 = $this->accountinfo_model->showcustomer($id0);
$data['res3'] = $res3;
//get search option
$this->load->model("search_model");
$search_res = $this->search_model->getcategory();
$data['search_res'] = $search_res;
//output
$this->load->view('accountinfo.php', $data);
}
function f($idcolumn, $arrayOFchisla, $n, $loe, $key)
{
//надо переделать
$poscenter = Math . round($n / 2) + 1;
$a = inp($idcolumn, $arrayOFchisla, $n);
$inparr = $a[1];
$b = xor2($key[3], $inparr[0], $loe);
$b = for2(1, $poscenter, $b, $inparr, $loe);
//
$b = xor2($key[2], $b, $loe);
$b = for2($poscenter + 1, $a[0] - 3, $b, $inparr, $loe);
//
$b = xor2($key[1], $b, $loe);
$b = xor2($inparr[$a[0] - 2], $b, $loe);
$b = xor2($inparr[$a[0] - 1], $b, $loe);
return $b;
}
public function index()
{
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$this->load->model("search_model");
$search_res = $this->search_model->getcategory();
$data['search_res'] = $search_res;
// echo "here ".$search_res;
if ($_POST['succeed'] == 'succeed') {
$this->load->model("signup_model");
$res = $this->signup_model->insertcustomer(inp($_POST['customername']), inp($_POST['customeraddress']), inp($_POST['creditcard']), inp($_POST['securitycode']), inp($_POST['expirationdate']), inp($_POST['username']), inp($_POST['password0']));
//
$this->load->model("signup_model");
$res7 = $this->signup_model->getlastid();
$row7 = mysql_fetch_assoc($res7);
$lastid = $row7['LAST_INSERT_ID()'];
// echo $lastid;
//build session
$_SESSION['username'] = inp($_POST['username']);
$_SESSION['password'] = inp($_POST['password0']);
//when to destroy? need a log out? how to set the timeout?
$_SESSION['customerid'] = $lastid;
$_SESSION['accesstime'] = time();
//echo $_SESSION['username'];
//echo $_SESSION['password'];
//echo $_SESSION['customerid'];
//echo $_SESSION['accesstime'];
//add some php validate
// header("Location: search.php");
//jump to that page
// $this->load->view('search.php',$data);
header('Location:' . site_url('Search'));
} else {
// $row2 = mysql_fetch_assoc($search_res);
// echo "got ".$row2['productcategoryid'];
$this->load->view('signup.php', $data);
}
// $this->load->view('welcome_message');
}
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//usertype
if ($ut != 'manager') {
//require 'login.php';
// die;//?
header("Location: login.php");
// echo $ut." ".$un;
exit;
}
// echo $ut;
$lowlimit = inp($_POST['lowlimit']);
$highlimit = inp($_POST['highlimit']);
$usertype = inp($_POST['usertype']);
echo "asd " . $usertype . " dasd";
//delete is handled in the same page
if (strlen($lowlimit) == 0) {
$lowlimit = 0;
}
if (strlen($highlimit) == 0) {
$highlimit = 99999999;
//this is not a good way
}
if ($usertype == 'undefined') {
$usertype = "%";
}
$sql = "select * from users, employees where users.userindex = employees.userindex and employees.salary < " . $highlimit . " and employees.salary > " . $lowlimit . " and users.usertype like '" . $usertype . "'";
echo "seccessful: " . $sql;
?>
$data = htmlspecialchars($data);
return $data;
}
//usertype
if ($ut != 'manager') {
//require 'login.php';
// die;//?
header("Location: login.php");
// echo $ut." ".$un;
exit;
}
// echo $ut;
$lowlimit = inp($_POST['lowlimit']);
$highlimit = inp($_POST['highlimit']);
$productid = inp($_POST['productname']);
$category = inp($_POST['category']);
echo "asd " . $category . " dasd";
//delete is handled in the same page
if (strlen($lowlimit) == 0) {
$lowlimit = 0;
}
if ($productid == 'undefined') {
$productid = "%";
}
if (strlen($highlimit) == 0) {
$highlimit = 99999999;
//this is not a good way
}
if ($category == 'undefined') {
$category = "%";
}
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($_POST['succeed'] == 'succeed') {
$sql = "insert into customer (customername,customeraddress,creditcard,securitycode,expirationdate,username,password) values ('" . inp($_POST['customername']) . "','" . inp($_POST['customeraddress']) . "','" . inp($_POST['creditcard']) . "','" . inp($_POST['securitycode']) . "','" . inp($_POST['expirationdate']) . "','" . inp($_POST['username']) . "',password('" . inp($_POST['password0']) . "'))";
$res = mysql_query($sql, $con);
//
$sql7 = "SELECT LAST_INSERT_ID()";
$res7 = mysql_query($sql7, $con);
$row7 = mysql_fetch_assoc($res7);
$lastid = $row7['LAST_INSERT_ID()'];
//build session
$_SESSION['username'] = inp($_POST['username']);
$_SESSION['password'] = inp($_POST['password0']);
//when to destroy? need a log out? how to set the timeout?
$_SESSION['customerid'] = $lastid;
$_SESSION['accesstime'] = time();
//add some php validate
header("Location: search.php");
exit;
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CS571 Assignment 3</title>
<link rel="stylesheet" type="text/css" href="style.css" />
<script type="text/javascript" src="jsfile.js"></script>
</head>
<?php
$sql2 = "select * from productcategory";
$res2 = mysql_query($sql2, $con);
while ($row2 = mysql_fetch_assoc($res2)) {
echo '<option value="';
echo $row2['productcategoryid'] . '">';
echo $row2['productcategoryname'] . '</option>';
}
?>
</select>
</div>
<div style="width: auto; height: auto; float: left; display: inline">
<input class="input" id="productid" name="productid" type="text" size="40px" value=<?php
echo "'" . inp($_POST['productid']) . "'";
?>
style="border:1px; height:30px; font-size:20px"/>
</div>
<div style="width: auto; height: auto; float: left; display: inline">
<button id="searchbutton" class="searchbutton" style="width: 100px; height: 30px;border-radius:3px;" >Search</button>
</div>
</form>
</div>
</div>
<div style="display:inline-block;height:40px;width:auto;float:right;padding:5px;position:relative;top:35px;">
<FORM METHOD=POST ACTION="search.php">
<input type="hidden" name="operation" value="logout">
<button class="rightbutton">Logout</button>
public function index()
{
session_start();
$id = $_SESSION['customerid'];
$un = $_SESSION['username'];
$pw = $_SESSION['password'];
$t0 = $_SESSION['accesstime'];
$data['id'] = $id;
$data['un'] = $un;
$data['pw'] = $pw;
$data['t0'] = $t0;
$nowtime = time();
if ($nowtime - $t0 > 1440) {
session_destroy();
header('Location:' . site_url('Login'));
exit;
}
$this->load->model("login_model");
$res0 = $this->login_model->validateprofile($un);
if (!($row0 = mysql_fetch_assoc($res0))) {
// echo lll;
header('Location:' . site_url('Login'));
exit;
}
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//get search option
$productid = $this->uri->segment(3);
$this->load->model("search_model");
$search_res = $this->search_model->getcategory();
$data['search_res'] = $search_res;
//handle checkout
if ($_POST['succeed'] == 'succeed') {
//update customer!! insert into orderitems &orderhis, delete from orders!!!!!
$this->load->model("ordersucc_model");
$res4 = $this->ordersucc_model->updatecustomer(inp($_POST['username']), inp($_POST['customername']), inp($_POST['customeraddress']), inp($_POST['creditcard']), inp($_POST['securitycode']), inp($_POST['expirationdate']), inp($id));
//insert into orderhis
date_default_timezone_set("UTC");
$nowtime = date("Y-m-d h:i:sa");
$this->load->model("ordersucc_model");
$res6 = $this->ordersucc_model->insertorderhis($nowtime, inp($_POST['customeraddress']), inp($_POST['creditcard']), inp($id));
//get orderid
$this->load->model("ordersucc_model");
$res7 = $this->ordersucc_model->getlastid();
$row7 = mysql_fetch_assoc($res7);
$lastid = $row7['LAST_INSERT_ID()'];
//echo $row7['LAST_INSERT_ID()'];
//echo $id;
//get all orders need to be placed
$this->load->model("ordersucc_model");
$res8 = $this->ordersucc_model->getorders($id);
while ($row8 = mysql_fetch_assoc($res8)) {
//$row8['productid'] $row8['quantity']
//need to handle for specialsales
$this->load->model("ordersucc_model");
$res9 = $this->ordersucc_model->getproduct($row8['productid']);
$row9 = mysql_fetch_assoc($res9);
//specialsales
$this->load->model("ordersucc_model");
$res18 = $this->ordersucc_model->getspecialsales($row8['productid']);
if ($row18 = mysql_fetch_assoc($res18)) {
date_default_timezone_set("UTC");
// $nowtime=date("Y-m-d");
$nowyear = date("Y");
$nowmonth = date("m");
$nowday = date("d");
$nowstr = $nowyear . $nowmonth . $nowday;
//echo $nowstr;
$startstr = substr($row18['startdate'], 0, 4) . substr($row18['startdate'], 5, 2) . substr($row18['startdate'], 8, 2);
$endstr = substr($row18['enddate'], 0, 4) . substr($row18['enddate'], 5, 2) . substr($row18['enddate'], 8, 2);
if ($startstr <= $nowstr && $endstr >= $nowstr) {
//echo specialsales
$value4 = 0.7 * $row9['productprice'];
} else {
//if date not OK just normal price
$value4 = $row9['productprice'];
}
} else {
//no special sale exist, just normal price
$value4 = $row9['productprice'];
}
$this->load->model("ordersucc_model");
$res10 = $this->ordersucc_model->insertitems($lastid, $row8['productid'], $row8['quantity'], $value4);
}
$this->load->model("ordersucc_model");
$res11 = $this->ordersucc_model->deleteorders($id);
// $sql11="delete from orders where customerid='".$id."'";
// $res11=mysql_query($sql11);
//add some php validate
// header("Location: search.php");
// exit;
}
//output
$this->load->view('ordersucc.php', $data);
}
//
}
mysql_select_db('assignment2', $con2);
$res2 = mysql_query($sql2, $con2);
header("Location: employeepage.php");
exit;
// }
// echo "here is the productid: ".$_POST['product'];
}
}
//set the default value of change
if ($_POST['operation'] == "change") {
$value1 = "";
$value2 = "";
$value3 = "";
$sql = "select * from specialsales where specialsalesid='" . inp($_POST['product']) . "'";
$con = mysql_connect(':/home/scf-27/chentian/mysql.sock', 'root', '1992');
//when to close?????
if (!$con) {
die;
//
}
mysql_select_db('assignment2', $con);
$res = mysql_query($sql, $con);
if ($row = mysql_fetch_assoc($res)) {
date_default_timezone_set("UTC");
$value1 = $row['productid'];
// $sql10="SELECT FROM_UNIXTIME(".$row['startdate'].", '%Y-%m-%d')";
// $res10=mysql_query($sql10,$con);
// $row10 = mysql_fetch_assoc($res10);
$value2 = date('Y-m-d', $row['startdate']);
}
mysql_select_db('assignment3', $con2);
$res2 = mysql_query($sql2, $con2);
header("Location: employeepage.php");
exit;
// }
// echo "here is the productid: ".$_POST['product'];
}
}
//set the default value of change
if ($_POST['operation'] == "change") {
$value1 = "";
$value2 = "";
$value3 = "";
$value4 = "";
$sql = "select * from product where productid='" . inp($_POST['product']) . "'";
$con = mysql_connect(':/home/scf-27/chentian/mysql.sock', 'root', '1992');
//when to close?????
if (!$con) {
die;
//
}
mysql_select_db('assignment3', $con);
$res = mysql_query($sql, $con);
if ($row = mysql_fetch_assoc($res)) {
$value1 = $row['productcategoryid'];
$value2 = $row['productname'];
$value3 = $row['productdesc'];
$value4 = $row['productprice'];
}
}
function fav_com_form($p, $o)
{
return txarea('comv', $p, 44, 4, atb('placeholder', 'Api Command') . atz('44')) . br() . inp('comn', $o, atb('placeholder', 'name'));
}
public function index()
{
session_start();
if ($_POST['operation'] == "logout") {
session_destroy();
}
//timeout
$id0 = $_SESSION['customerid'];
$un0 = $_SESSION['username'];
$pw0 = $_SESSION['password'];
$t0 = $_SESSION['accesstime'];
// echo "username ".$un0;
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//get search option
$this->load->model("search_model");
$search_res = $this->search_model->getcategory();
$data['search_res'] = $search_res;
//get the input
$un = inp($_POST['username']);
$pw = inp($_POST['password']);
if (preg_match("/[^a-zA-Z0-9]/", $un, $par1) || preg_match("/[^a-zA-Z0-9]/", $pw, $par2)) {
$errmsg = 'Invalid login';
$data['errmsg'] = $errmsg;
$this->load->view('prelogin.html', $data);
$this->load->view('postlogin.html');
// exit;
} else {
$errmsg = "";
if (strlen($un) == 0) {
$errmsg = 'Invalid login';
}
if (strlen($pw) == 0) {
$errmsg = 'Invalid login';
}
if (strlen($un) == 0 && strlen($pw) == 0) {
$errmsg = "";
}
if (strlen($un) > 0 && strlen($pw) > 0) {
$this->load->model("login_model");
$res = $this->login_model->getprofile($un, $pw);
if (!($row = mysql_fetch_assoc($res))) {
$errmsg = 'Invalid login';
}
// echo "got ".$row['customerid'];
// var_dump $profile['userindex'];
}
if (strlen($errmsg) > 0) {
// $data['search_res']=$search_res;
$data['errmsg'] = $errmsg;
$this->load->view('prelogin.html', $data);
// echo "<p style='color:red'>".$errmsg."</p>";
$this->load->view('postlogin.html');
} else {
if (!$res) {
$data['errmsg'] = $errmsg;
// $data['search_res']=$search_res;
$this->load->view('prelogin.html', $data);
$this->load->view('postlogin.html');
} else {
session_start();
//default timeout is 20min
//$session.Timeout=30;
$_SESSION['username'] = $un;
$_SESSION['password'] = $pw;
//when to destroy? need a log out? how to set the timeout?
$_SESSION['customerid'] = $row['customerid'];
$_SESSION['accesstime'] = time();
header('Location:' . site_url('Search'));
// $this->load->view('search.php',$data);
}
}
}
}
}
//usertype
if ($ut != 'manager') {
//require 'login.php';
// die;//?
header("Location: login.php");
// echo $ut." ".$un;
exit;
}
// echo $ut;
$lowlimit = inp($_POST['lowlimit']);
$highlimit = inp($_POST['highlimit']);
$productid = inp($_POST['productname']);
$category = inp($_POST['category']);
$start = inp($_POST['start']);
$end = inp($_POST['end']);
echo "asd " . $category . " dasd";
//delete is handled in the same page
if (strlen($lowlimit) == 0) {
$lowlimit = 0;
} else {
$lowlimit = $lowlimit / 0.7;
echo $lowlimit;
}
if ($productid == 'undefined') {
$productid = "%";
} else {
$highlimit = $highlimit / 0.7;
echo $highlimit;
}
if (strlen($highlimit) == 0) {
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//handle checkout
if ($_POST['succeed'] == 'succeed') {
//update customer!! insert into orderitems &orderhis, delete from orders!!!!!
$sql4 = "update customer set username='******'username']) . "',customername='" . inp($_POST['customername']) . "',customeraddress='" . inp($_POST['customeraddress']) . "',creditcard='" . inp($_POST['creditcard']) . "',securitycode='" . inp($_POST['securitycode']) . "',expirationdate='" . inp($_POST['expirationdate']) . "' where customerid='" . inp($id) . "'";
$res4 = mysql_query($sql4, $con);
//insert into orderhis
date_default_timezone_set("UTC");
$nowtime = date("Y-m-d h:i:sa");
$sql6 = "insert into orderhis (orderdate,customeraddress,creditcard,customerid) values ('" . $nowtime . "','" . inp($_POST['customeraddress']) . "','" . inp($_POST['creditcard']) . "','" . inp($id) . "')";
$res6 = mysql_query($sql6, $con);
//get orderid
$sql7 = "SELECT LAST_INSERT_ID()";
$res7 = mysql_query($sql7, $con);
$row7 = mysql_fetch_assoc($res7);
$lastid = $row7['LAST_INSERT_ID()'];
//echo $row7['LAST_INSERT_ID()'];
//echo $id;
//get all orders need to be placed
$sql8 = "select * from orders where customerid='" . $id . "'";
$res8 = mysql_query($sql8, $con);
while ($row8 = mysql_fetch_assoc($res8)) {
//$row8['productid'] $row8['quantity']
//need to handle for specialsales
$sql9 = "select * from product where productid='" . $row8['productid'] . "'";
function icod()
{
echo "<form action=\"" . $php . "\" method=\"post\">\n<div align =\"center\"><b>Upload File";
are('code', 'Post your code here', '50', '20', '<br>');
inp('text', '40', 'upf', path, 'File Name');
echo "<br>";
sub('upff', 'upload', '<br>');
echo "<a href=\"javascript: history.go(-1)\">Back</a></div>";
}
public function index()
{
session_start();
$id0 = $_SESSION['customerid'];
$un0 = $_SESSION['username'];
$pw0 = $_SESSION['password'];
$t0 = $_SESSION['accesstime'];
$data['id'] = $id0;
$data['un'] = $un0;
$data['pw'] = $pw0;
$data['t0'] = $t0;
$nowtime = time();
if ($nowtime - $t0 > 1440) {
session_destroy();
header('Location:' . site_url('Login'));
exit;
}
$this->load->model("login_model");
$res0 = $this->login_model->validateprofile($un0);
$tmp = 0;
foreach ($res0 as $row0) {
// echo "got".$row0['username'];
$tmp = $tmp + 1;
}
// if(!($row0 = mysql_fetch_assoc($res0)))
if ($tmp == 0) {
//echo 111;
header('Location:' . site_url('Login'));
exit;
}
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$errormsg = "";
if ($_POST['succeed'] == 'succeed') {
//php validate
if (preg_match("/[^a-zA-Z0-9\\s]/", inp($_POST['customername']), $par1) || preg_match("/[^a-zA-Z0-9\\s]/", inp($_POST['customeraddress']), $par2) || preg_match("/[^0-9]/", inp($_POST['creditcard']), $par3) || !preg_match("/^\\d\\d\\d\$/", inp($_POST['securitycode']), $par4) || !preg_match("/^(([1-9])|(0[1-9])|(1[0-2]))\\/\\d\\d\$/", inp($_POST['expirationdate']), $par5) || preg_match("/[^a-zA-Z0-9]/", inp($_POST['username']), $par6) || preg_match("/[^a-zA-Z0-9]/", inp($_POST['password0']), $par7)) {
$errormsg = 'Account information failed to save, please check all the input requirements';
$data['errormsg'] = $errormsg;
$this->load->model("accountinfo_model");
$res3 = $this->accountinfo_model->showcustomer($id0);
$data['res3'] = $res3;
$this->load->view('accountinfo.php', $data);
// $this->load->view('postlogin.html');
return;
}
$this->load->model("accountinfo_model");
$res4 = $this->accountinfo_model->updatecustomer(inp($_POST['username']), inp($_POST['password0']), inp($_POST['customername']), inp($_POST['customeraddress']), inp($_POST['creditcard']), inp($_POST['securitycode']), inp($_POST['expirationdate']), $id0);
$errormsg = "Your infomation has been successfully saved.";
}
$data['errormsg'] = $errormsg;
$this->load->model("accountinfo_model");
$res3 = $this->accountinfo_model->showcustomer($id0);
$data['res3'] = $res3;
//get search option
$this->load->model("search_model");
$search_res = $this->search_model->getcategory();
$data['search_res'] = $search_res;
//output
$this->load->view('accountinfo.php', $data);
}
$sql1 = "select * from product where productid=" . $productid . "";
$res1 = mysql_query($sql1, $con);
if ($row1 = mysql_fetch_assoc($res1)) {
$value1 = $row1['productcategoryid'];
$value2 = $row1['productname'];
$value3 = $row1['productdesc'];
$value4 = $row1['productprice'];
$value5 = $row1['productimage'];
}
$sql2 = "select * from productcategory where productcategoryid='" . $value1 . "'";
$res2 = mysql_query($sql2, $con);
if ($row2 = mysql_fetch_assoc($res2)) {
$value6 = $row2['productcategorydesc'];
$value7 = $row2['productcategoryname'];
}
if (inp($_GET['addtocart']) == 'addtocart') {
// echo "got here?";
// echo "productid: ".$productid;
// echo "customerid: ".$id;
$sql5 = "select * from orders where productid='" . $productid . "' and customerid='" . $id . "'";
$res5 = mysql_query($sql5, $con);
if ($row5 = mysql_fetch_assoc($res5)) {
$tmp = $row5['quantity'] + 1;
$sql6 = "update orders set quantity='" . $tmp . "' where productid='" . $productid . "' and customerid='" . $id . "'";
$res6 = mysql_query($sql6, $con);
} else {
$sql4 = "insert into orders (productid,quantity,customerid) VALUES ('" . $productid . "','1','" . $id . "')";
$res4 = mysql_query($sql4, $con);
}
}
?>
public function index()
{
session_start();
$id = $_SESSION['customerid'];
$un = $_SESSION['username'];
$pw = $_SESSION['password'];
$t0 = $_SESSION['accesstime'];
$data['id'] = $id;
$data['un'] = $un;
$data['pw'] = $pw;
$data['t0'] = $t0;
$nowtime = time();
if ($nowtime - $t0 > 1440) {
session_destroy();
header('Location:' . site_url('Login'));
exit;
}
$this->load->model("login_model");
$res0 = $this->login_model->validateprofile($un);
$tmp = 0;
foreach ($res0 as $row0) {
// echo "got".$row0['username'];
$tmp = $tmp + 1;
}
// if(!($row0 = mysql_fetch_assoc($res0)))
if ($tmp == 0) {
//echo 111;
header('Location:' . site_url('Login'));
exit;
}
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//get search option
$productid = inp($this->uri->segment(3));
$this->load->model("search_model");
$search_res = $this->search_model->getcategory();
$data['search_res'] = $search_res;
if (inp($this->uri->segment(4)) == 'addtocart') {
$this->load->model("showP_model");
$res5 = $this->showP_model->getorders($productid, $id);
if ($row5 = mysql_fetch_assoc($res5)) {
$tmp = $row5['quantity'] + 1;
$this->load->model("showP_model");
$res5 = $this->showP_model->updateorders($tmp, $productid, $id);
} else {
$this->load->model("showP_model");
$res5 = $this->showP_model->insertorders($productid, $id);
}
}
if ($_POST['delete'] != '' && $_POST['delete'] != null) {
$this->load->model("orders_model");
$res1 = $this->orders_model->deleteitems($id, $_POST['delete']);
}
if ($_POST['deleteall'] == 'deleteall') {
$this->load->model("orders_model");
$res1 = $this->orders_model->deleteall($id);
}
//show product
$this->load->model("orders_model");
$res3 = $this->orders_model->showorders($id);
$data['res3'] = $res3;
//output
$this->load->view('orders.php', $data);
}
$sql0 = "select * from customer where username='******'";
$res0 = mysql_query($sql0, $con);
if (!($row0 = mysql_fetch_assoc($res0))) {
header("Location: login.php");
exit;
}
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//handle checkout
if ($_POST['succeed'] == 'succeed') {
$sql4 = "update customer set username='******'username']) . "',password=password('" . inp($_POST['password0']) . "'),customername='" . inp($_POST['customername']) . "',customeraddress='" . inp($_POST['customeraddress']) . "',creditcard='" . inp($_POST['creditcard']) . "',securitycode='" . inp($_POST['securitycode']) . "',expirationdate='" . inp($_POST['expirationdate']) . "' where customerid='" . $id . "'";
$res4 = mysql_query($sql4, $con);
$errormsg = "Your infomation has been successfully saved.";
}
//show info
$sql3 = "select * from customer where customerid='" . $id . "'";
$res3 = mysql_query($sql3, $con);
$row3 = mysql_fetch_assoc($res3);
//
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CS571 Assignment 3</title>
<link rel="stylesheet" type="text/css" href="style.css" />
<script type="text/javascript" src="jsfile.js"></script>
public function index()
{
session_start();
$id = $_SESSION['customerid'];
$un = $_SESSION['username'];
$pw = $_SESSION['password'];
$t0 = $_SESSION['accesstime'];
$data['id'] = $id;
$data['un'] = $un;
$data['pw'] = $pw;
$data['t0'] = $t0;
$nowtime = time();
if ($nowtime - $t0 > 1440) {
session_destroy();
header('Location:' . site_url('Login'));
exit;
}
$this->load->model("login_model");
$res0 = $this->login_model->validateprofile($un);
$tmp = 0;
foreach ($res0 as $row0) {
// echo "got".$row0['username'];
$tmp = $tmp + 1;
}
// if(!($row0 = mysql_fetch_assoc($res0)))
if ($tmp == 0) {
//echo 111;
header('Location:' . site_url('Login'));
exit;
}
function inp($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//get search option
// $productid=$this->uri->segment(3);
$this->load->model("search_model");
$search_res = $this->search_model->getcategory();
$data['search_res'] = $search_res;
//get order
$orderid = inp($this->uri->segment(3));
if (preg_match("/[^0-9]/", $orderid, $par1)) {
session_destroy();
header('Location:' . site_url('Login'));
exit;
}
// $sql3="select * from orderhis where customerid='".$id."' and orderid='".$orderid."'";
// $res3=mysql_query($sql3);
$this->load->model("showo_model");
$res3 = $this->showo_model->getorderhis($id, $orderid);
$data['res3'] = $res3;
//show orderitems
$this->load->model("showo_model");
$res4 = $this->showo_model->getorderitems($orderid);
$data['res4'] = $res4;
//output
$this->load->view('showO.php', $data);
}
header("Location: adminpage.php");
exit;
// }
// echo "here is the productid: ".$_POST['product'];
}
}
//set the default value of change
if ($_POST['operation'] == "change") {
$value1 = "";
$value2 = "";
$value3 = "";
$value4 = "";
$value5 = "";
$value6 = "";
$value7 = "";
$sql3_1 = "select * from employees where employeeid='" . inp($_POST['employees']) . "'";
$con3 = mysql_connect(':/home/scf-27/chentian/mysql.sock', 'root', '1992');
//when to close?????
if (!$con3) {
die;
//
}
mysql_select_db('assignment2', $con3);
$res3_1 = mysql_query($sql3_1, $con3);
if ($row = mysql_fetch_assoc($res3_1)) {
$index = $row['userindex'];
$value4 = $row['employeefname'];
$value5 = $row['employeelname'];
$value6 = $row['age'];
$value7 = $row['salary'];
}