public static function find_by_id($id = 0)
{
global $session;
global $database;
// check that the id is an int
if (!is_numeric($id)) {
$session->message("There is an error with the page you were trying to access.");
redirect_head(ROOT_URL);
}
$sql = "SELECT `" . static::$table_name . "`.* FROM `" . static::$table_name . "` WHERE `" . static::primary_key_field() . "`={$id} LIMIT 1;";
$result_array = static::find_by_sql($sql);
if ($result_array != null) {
return array_shift($result_array);
} else {
return false;
}
}
public function move_file()
{
global $session;
//pre-append the key to the beggining, followed by an underscore
//this ensures image uniqueness and no overrides
$this->filename = $this->image_wk . "_" . basename($this->filename);
//die($this->temp_path."<br />".BASE."uploads/".$this->filename); //debug
if (!move_uploaded_file($this->temp_path, BASE . "uploads/" . $this->filename)) {
//remove the record from the database
$this->delete();
$session->message("There was an issue uploading the image, please try again.");
redirect_head(current_url());
}
$this->save();
//if we're here, success
return true;
}
if (empty($session->message)) {
$user->email_address = $email_address;
//only change the password if it's not empty
if (!empty($_POST['password'])) {
$user->hashed_password = $hashed_password;
}
$user->first_name = $first_name;
$user->last_name = $last_name;
$user->phone_number = $phone_number;
$user->is_notifications_enabled = $is_notifications_enabled;
if ($user->save()) {
$session->message("Your account was updated successfully!");
} else {
$session->message("Your account was not updated.");
}
redirect_head(ROOT_URL . "user/update_user.php");
die;
}
}
//header template
require_once "../requires/template/header.php";
?>
<!-- update user form -->
<section id="registration" class="container"><form class="center" role="form" id="update_user" action="<?php
echo file_name_with_get();
?>
" method="post" ><fieldset class="registration-form">
<h2>Update User</h2>
email address: <br><div class="form-group"><input type="text" name="email_address" class="form-control" value="<?php
echo $user->email_address;
public function logout($bypass_redirect = false)
{
unset($_SESSION['user_wk']);
$this->is_logged_in = false;
unset($this->user_wk);
if ($bypass_redirect == false) {
$this->message("You were successfully logged out.");
redirect_head(ROOT_URL . "index.php");
}
}
//if we're here, then the password do match
//we can successfully update the user's e-mail address
//set the new password
$the_key->user_wk->hashed_password = $password;
if (!$the_key->user_wk->save()) {
//there was an error
$session->message("There was an error in your request, please try again.");
redirect_head(ROOT_URL . file_name_with_get());
} else {
//success
//so now we need to set this reset password request to complete
$the_key->is_reset = 1;
$the_key->save();
//redirect
$session->message("Your password was successfully reset!");
redirect_head(ROOT_URL . "login.php");
}
}
// header
require_once "requires/template/header.php";
?>
<!-- form -->
<section id="registration" class="container"><form class="center" role="form" action="<?php
echo file_name_with_get();
?>
" method="post"><fieldset class="registration-form">
<p>Your username is: <strong><?php
echo $the_key->user_wk->username;
?>
</strong></p>
<br /><p>Please enter and confirm your new password.</p>
//save it
$new_value->save();
}
} else {
//the value we're processing is not an array
$new_value->value = $value;
//save it
$new_value->save();
}
}
}
}
//at this point, everything is in the database
//escape
$session->message("Your new watch list was created successfully!");
redirect_head(ROOT_URL . "user/manage_watch_lists.php");
}
//header template
require_once "../requires/template/header.php";
?>
<section id="registration" class="container"><form class="center" role="form" action="<?php
echo file_name_without_get();
?>
" method="post"><fieldset class="registration-form">
<h3>Create New Watch List</h3><br>
<p><em>Please enter your new list criteria.</em></p>
Watch List Name <br><div class="form-group"><input type="text" class="form-control" name="name" /></div><br>
Pet Type <br><div class="form-group text-left"><?php
//we need to display all available items
//do a concatenation of the pet type and the breed
$new_status->name = $_POST['new_status'];
//try to save
if ($new_status->save()) {
$changes[] = "<strong>" . $new_status->name . "</strong> was created successfully!";
} else {
$changes[] = "<strong>" . $new_status->name . "</strong> was not created successfully!";
}
$changes[] = $database->last_error;
}
//at this point, we're done with all changes
//check to see if there are any changes, if so, make them into messages
if (count($changes) != 0) {
$session->message(implode("<br />", $changes));
}
//lastly, redirect back to itself
redirect_head(current_url());
}
//header template
require_once "../requires/template/header.php";
?>
<section id="registration" class="container"><form class="center" role="form" action="<?php
echo file_name_with_get();
?>
" method="post" ><fieldset class="registration-form">
<?php
//loop through all statuses, display them to the UI
for ($i = 0; $i < count($all_statuses); $i++) {
echo "<div class=\"form-group\">";
echo "<input type=\"text\" class=\"form-control\" name=\"" . $all_statuses[$i]->status_wk . "\" value=\"" . $all_statuses[$i]->name . "\">";
echo "<a href=\"" . file_name_with_get() . "?delete_pet_status_wk=" . $all_statuses[$i]->status_wk . "\">Delete</a>";
echo "</div>";
if (Color::find_by_name("{$_POST["new_color"]}")) {
$session->message($session->message . "The color " . $_POST["new_color"] . " already exists and was not added. ");
} else {
// add new color
$new_color = new Color();
$new_color->name = $_POST["new_color"];
if ($new_color->save()) {
$session->message($session->message . "The color " . $_POST["new_color"] . " was successfully added! ");
redirect_head(ROOT_URL . "admin/manage_colors.php");
} else {
$session->message($session->message . "The color " . $_POST["new_color"] . " cannot be added at this time. ");
}
}
}
// redirect for colors(s) were updated but no new color added
redirect_head(ROOT_URL . "admin/manage_colors.php");
}
//header template
require_once "../requires/template/header.php";
?>
<section id="registration" class="container"><form class="center" role="form" action="<?php
echo file_name_with_get();
?>
" method="post" ><fieldset class="registration-form">
<?php
$colors_array = Color::find_all();
$count = count($colors_array);
for ($i = 0; $i < $count; $i++) {
echo "<div class=\"form-group\"><input type=\"text\" class=\"form-control\" name=\"" . $i . "\" value=\"" . $colors_array[$i]->name . "\">";
echo "<a href=\"manage_colors.php?delete_color_wk=" . $colors_array[$i]->color_wk . "\">Delete</a> </div>";
public static function login($username = "", $password = "")
{
//will retrieve user credentials if username and password are a match
//if a match, it will spit out 1 user object
//if not a match, it will return false
global $database;
global $session;
global $page_file_name_with_get;
$username = $database->escape_value($username);
$password = sha1($database->escape_value($password));
$sql = "SELECT * FROM `" . self::$table_name . "` ";
$sql .= "WHERE username = '******' ";
$sql .= "AND hashed_password = '******' ";
$sql .= "LIMIT 1;";
$result_array = self::find_by_sql($sql);
//if soft deleted, display error message
if (!empty($result_array)) {
$user = array_shift($result_array);
if ($user->is_deleted == 1) {
//account was found, but is disabled
$session->message($user->username . ", your account has been disabled. If you feel this is an error please contact the administrator.");
redirect_head(ROOT_URL . "login.php?username="******"Successfully logged in!");
$session->login($user);
//this will determine where we redirect to
//depending on whether or not there is a $_GET['url'] superglobal set
if (isset($_GET['url'])) {
redirect_head($_GET['url']);
} else {
redirect_head(ROOT_URL);
}
}
}
//the username password combination does not exist
//so now, we need to do a couple of checks for the lockout security
//1. We need to see if the username exists.
//If it does, we ned to make a note that this username was incorrectly
//logged into X number of times
//Also - if the number of times this account has been logged into is 5 attempts
//then we need to disable the account and display a relevant error message
//If it does not exist, then do nothing
$try_to_find_user = User::find_by_name($username, "username");
if ($try_to_find_user) {
//the username does exist
//so now we need to determine the # of login attemps, and the account
if (isset($session->login_attempt)) {
$login_attempt = $session->login_attempt;
//depending on whether or not the username is the same
//we can either increment the login attempt number, or
//we set the default
if ($login_attempt['username'] == $username) {
$login_attempt['number']++;
$session->set_variable('login_attempt', $login_attempt);
} else {
//there is no previous login attempt
//set the default
$login_attempt = array();
$login_attempt['username'] = $username;
$login_attempt['number'] = 1;
//save it
$session->set_variable('login_attempt', $login_attempt);
}
//if the # of logins = 5, lockout the user account
if ($login_attempt['number'] == 5) {
$try_to_find_user->is_deleted = 1;
$try_to_find_user->deleted_dt = current_timestamp();
$try_to_find_user->save();
$session->message("You have had 5 incorrect login attempets, your account has been locked.</br>Please contact the administrator.");
$redirect = ROOT_URL . "login.php";
$redirect .= isset($_GET['url']) ? "?url=" . $_GET['url'] : '';
redirect_head($redirect);
}
} else {
//there is no previous login attempt
//set the default
$login_attempt = array();
$login_attempt['username'] = $username;
$login_attempt['number'] = 1;
//save it
$session->set_variable('login_attempt', $login_attempt);
}
} else {
//the username does not exist
$session->unset_variable('login_attempt');
}
$session->message("The username and password combination does not exist.");
$redirect = ROOT_URL . "login.php?username="******"&url=" . $_GET['url'] : '';
redirect_head($redirect);
return false;
}
$the_user->role_wk = $role_wk;
//only change the password if it's not empty
if (!empty($_POST['password'])) {
$the_user->hashed_password = $hashed_password;
}
$the_user->first_name = $first_name;
$the_user->last_name = $last_name;
$the_user->phone_number = $phone_number;
$the_user->is_notifications_enabled = $is_notifications_enabled;
$the_user->is_deleted = $is_deleted;
if ($the_user->save()) {
$session->message("The user was updated successfully!");
} else {
$session->message("The user was not updated.");
}
redirect_head(ROOT_URL . "admin/" . file_name_with_get());
die;
}
}
//header template
require_once "../requires/template/header.php";
?>
<!-- update user form -->
<section id="registration" class="container"><form class="center" role="form" id="update_user" action="<?php
echo file_name_with_get();
?>
" method="post" ><fieldset class="registration-form">
Email address: <br><div class="form-group"><input type="text" class="form-control" name="email_address" value="<?php
echo $the_user->email_address;
?>
<?php
//require the framework
require_once "../requires/initialize.php";
$page = new Page();
$page->name = "Add a New Page";
$page->is_admin_only = true;
// create the page if the form is submitted
if (isset($_POST["submit"])) {
$new_page = new Page();
$new_page->name = $_POST["page_name"];
$new_page->body = $_POST["page_content"];
// if the page is successfully created, go to the page
if ($new_page->save()) {
$session->message("Your new page was created successfully!");
redirect_head(ROOT_URL . "view_page.php?page_wk=" . $database->insert_id());
} else {
$session->message("There was an issue with your request. " . $database->last_error);
}
}
//header template
require_once "../requires/template/header.php";
?>
<!-- Create a page form -->
<section id="registration" class="container"><form class="center" role="form" id="create_page" action="<?php
echo file_name_without_get();
?>
" method="post" ><fieldset class="registration-form">
Page Name: <br><div class="form-group"><input type="text" class="form-control" name="page_name" value="<?php
echo isset($new_page) ? $new_page->name : '';
}
}
//update all form fields
$update_pet->name = $_POST["name"];
$update_pet->breed_wk = $_POST["breed"];
$update_pet->color_wk = $_POST["color"];
$update_pet->status_wk = $_POST["status"];
$update_pet->age = $_POST["age"];
$update_pet->weight = $_POST["weight"];
$update_pet->create_dt = date("Y-m-d H:i:s", strtotime($_POST["create_dt"]));
$update_pet->is_rescued = $_POST["rescued"];
// if the object successfully updates, go to view it
if ($update_pet->save()) {
initiate_watch_list($update_pet->pet_wk, "updated");
$session->message("The pet was updated successfully!");
redirect_head(ROOT_URL . "view_pet.php?pet_wk=" . $update_pet->pet_wk);
} else {
$session->message("The pet was not updated. " . $database->last_error);
}
}
//header template
require_once "../requires/template/header.php";
?>
<!-- form -->
<section id="registration" class="container"><form class="center" role="form" action="<?php
echo file_name_with_get();
?>
" enctype="multipart/form-data" method="post" ><fieldset class="registration-form">
Name: <br><div class="form-group"><input type="text" class="form-control" name="name" value="<?php
echo $update_pet->name;
//make sure we're not deleting the home page or about us page
if ($page_found == '1' || $page_found == '2') {
$session->message("You cannot delete the following page: " . $page_found->name . ".");
redirect_head(ROOT_URL . "view_page.php?page_wk=" . $page_found);
}
// if the user confirmd we're deleting the page
if (isset($_POST["confirm"])) {
// delete the page
$page_found->delete();
$session->message("The page was successfully deleted!");
redirect_head(ROOT_URL . "index.php");
} else {
if (isset($_POST["deny"])) {
//do not delete the page
$session->message("The page was not deleted.");
redirect_head(ROOT_URL . "view_page.php?page_wk={$page_found}");
}
}
//header template
require_once "../requires/template/header.php";
?>
<section class="container"><form class="center" role="form" id="confirm_delete" action="<?php
echo file_name_with_get();
?>
" method="post" ><fieldset class="registration-form">
<label>Are you sure you want to delete the <strong><?php
echo $page_found->name;
?>
</strong> page?</label> <br />
<input type="submit" value="No, this was a mistake!" class="btn btn-success btn-md btn-block" name="deny" />
<?php
//require the framework
require_once "requires/initialize.php";
//just in case there is a message, copy it over
if (!empty($session->message)) {
$session->message($session->message);
}
//redirect to view home page
redirect_head(ROOT_URL . "view_page.php?page_wk=1");
//close connection
$database->close_connection();
function page_security()
{
global $page;
global $user;
global $session;
if (($page->is_user_only || $page->is_admin_only) && !$session->is_logged_in) {
$session->message("You must be logged in to view that page.");
redirect_head(ROOT_URL . "login.php?url=" . str_replace(ROOT_URL, '', current_url()));
}
if ($page->is_admin_only && ($user->role_wk != "2" && $user->role_wk != "3")) {
$session->message("You must be an administrator to view that page.");
redirect_head(ROOT_URL);
}
}
$comment_to_flag = Comment::find_by_id($_GET['flag_comment_wk']);
if (!$comment_to_flag) {
//if the item does not exist in the database
$session->message("You must've clicked on a bad URL; please try again.");
redirect_head(ROOT_URL . file_name_without_get() . "?pet_wk=" . $_GET['pet_wk']);
}
//now we make sure the comment is not already flagged
if ($comment_to_flag->is_flagged == '1') {
$session->message("That comment is already flagged.");
redirect_head(ROOT_URL . file_name_without_get() . "?pet_wk=" . $_GET['pet_wk']);
}
//if we're here, go ahead and flag the comment
$comment_to_flag->is_flagged = 1;
if ($comment_to_flag->save()) {
$session->message("The comment was successfully flagged.");
redirect_head(ROOT_URL . file_name_without_get() . "?pet_wk=" . $_GET['pet_wk']);
}
}
//since we're here - we're good to resume heavy processing
//get all the vaccinations for the pet
$pet->get_my_vaccinations();
//get all the comments for the pet
$pet->get_my_comments();
require_once "requires/template/header.php";
?>
<section id="blog" class="container">
<div class="blog">
<div class="blog-item">
<img class="img-responsive img-blog" width="100%" src="uploads/<?php
echo $pet->image_wk->filename;
?>
}
// grab the page so it's content can be pre-loaded into the form
$update_page = Page::find_by_id($_GET["page_wk"]);
// check that the page_wk exists
if (!$update_page) {
$session->message("There is an error with the page you were trying to access.");
redirect_head(ROOT_URL);
}
// update the page if the form is submitted
if (isset($_POST["submit"])) {
$update_page->name = $_POST["page_name"];
$update_page->body = $_POST["page_content"];
// if the page successfully updates, go to the page
if ($update_page->save()) {
$session->message("Your page was updated successfully!");
redirect_head(ROOT_URL . "view_page.php?page_wk=" . $update_page->page_wk);
} else {
$session->message("The page was not updated. " . $database->last_error);
}
}
//header template
require_once "../requires/template/header.php";
?>
<!-- form -->
<section id="registration" class="container"><form class="center" role="form" id="update_page" action="<?php
echo file_name_with_get();
?>
" method="post" ><fieldset class="registration-form">
Page Name: <br><div class="form-group"><input type="text" name="page_name" class="form-control" value="<?php
echo $update_page->name;
?>
// check if the pet is deleted
if ($pet_found->is_deleted == "1") {
$session->message("The pet you are trying to delete has already been deleted.");
redirect_head(ROOT_URL);
}
// if the user confirmd we're deleting the pet
if (isset($_POST["confirm"])) {
// delete the pet
$pet_found->delete();
$session->message("The pet was successfully deleted!");
redirect_head(ROOT_URL . "search_pets.php");
} else {
if (isset($_POST["deny"])) {
//do not delete the pet
$session->message("The pet was not deleted.");
redirect_head(ROOT_URL . "view_pet.php?pet_wk={$pet_found}");
}
}
//header template
require_once "../requires/template/header.php";
?>
<section class="container"><form class="center" role="form" id="confirm_delete" id="confirm_delete" action="<?php
echo file_name_with_get();
?>
" method="post" ><fieldset class="registration-form">
<label>Are you sure you want to delete the <strong><?php
echo $pet_found->name;
?>
//now we need to determine the column sort order
if ($_GET['toggle'] == $current_sort['column']) {
//the values are equivalent, simply switch from ASC to DESC and vice-versa
if ($current_sort['order'] == 'ASC') {
$new_sort['order'] = 'DESC';
} else {
$new_sort['order'] = 'ASC';
}
} else {
//the values are not equivalent, force set to ASC
$new_sort['order'] = 'ASC';
}
//set the new sort mechanism
$session->set_variable('user_order_by', $new_sort);
//redirect back
redirect_head(file_name_without_get());
}
//grab the set of users to display
$sql = "SELECT `u`.* FROM `user` AS `u` ";
$sql .= "INNER JOIN `role` AS `r` ON `r`.`role_wk` = `u`.`role_wk` ";
$sql .= "WHERE 1=1 ";
$sql .= generate_user_where() . " ";
$sql .= generate_user_order_by() . " ";
$sql .= ";";
$users = User::find_by_sql($sql);
//display filters
$page->body = "<p><a href=\"" . file_name_without_get() . "?type=all\">All</a> | <a href=\"" . file_name_without_get() . "?type=users\">Active Users</a> | <a href=\"" . file_name_without_get() . "?type=staff\">Active Staff</a> | <a href=\"" . file_name_without_get() . "?type=admin\">Active Admin</a> | <a href=\"" . file_name_without_get() . "?type=is_deleted\">Disabled</a></p>";
//only display the table with results if
//there are more than 0 users
if (count($users) > 0) {
//there are users to display
<?php
//require the framework
require_once "requires/initialize.php";
// check if page_wk is set
if (!isset($_GET["page_wk"])) {
$session->message("There is an error with the page you were trying to access.");
redirect_head(ROOT_URL);
}
$page_wk = $_GET["page_wk"];
$page = Page::find_by_id($page_wk);
// check that the page_wk exists
if (!$page) {
$session->message("There is an error with the page you were trying to access.");
redirect_head(ROOT_URL);
}
require_once "requires/template/header.php";
//if homepage, show slider else show intended body
if ($page_wk == 1) {
require_once "requires/template/slider.php";
require_once "requires/template/pet_slider.php";
if (isset($website_settings['address']) && isset($website_settings['city']) && isset($website_settings['state'])) {
$unescapedAddress = $website_settings['address'];
$unescapedAddress = preg_replace('!\\s+!', ' ', $unescapedAddress);
$escapedAddress = str_replace(' ', "+", $unescapedAddress);
echo "<iframe width=\"100%\" height=\"450px\" frameborder=\"0\" style=\"border:0; margin:0px; padding:0px;\" src=\"https://www.google.com/maps/embed/v1/place?key=AIzaSyC1TqkP5WgrQc76w6jM-SiOuo5ZNns4dmU&q=" . $escapedAddress . "," . $website_settings['city'] . "," . $website_settings['state'] . "\" allowfullscreen></iframe>";
}
} else {
echo "<section id=\"blog\"><div class=\"container\"><div class=\"row\"><div class=\"col-md-12\"><div class=\"blog\"><div class=\"blog-item\"><div class=\"blog-content\">";
echo $page->body;
echo "</div></div></div></div></div></div></section>";
// add appropriate vaccinations to the pet
$sql = "INSERT INTO `pet_to_vaccination` (`pet_to_vaccination_wk`, `pet_wk`, `vaccination_wk`, `create_dt`) VALUES ";
$vacs = "";
foreach ($_POST["vaccination"] as $vac) {
$vacs["{$vac}"] = "(NULL, '" . $new_pet_wk . "', '" . $vac . "', CURRENT_TIMESTAMP)";
}
$all_vacs = implode(",", $vacs);
$sql .= $all_vacs . ";";
//if there is an issue updating, immediately redirect
if (!$database->query($sql)) {
$session->message("There was an issue adding the pet; please try again.");
redirect_head(ROOT_URL . "admin/" . file_name_with_get());
}
}
//redirect to see new animal
redirect_head(ROOT_URL . "view_pet.php?pet_wk={$new_pet_wk}");
}
// header
require_once "../requires/template/header.php";
?>
<section id="registration" class="container"><form class="center" role="form" action="<?php
echo file_name_with_get();
?>
" enctype="multipart/form-data" method="post" ><fieldset class="registration-form">
Name: <br><div class="form-group"><input type="text" class="form-control" name="name" value="" required/></div>
<!-- default value needed for form -->
<input type="hidden" class="form-control" name="MAX_FILE_SIZE" value="10000000" />
Image: <br><div class="form-group"><input type="file" class="btn btn-default btn-file btn-md" name="file_upload" /></div>
//only if we're not in a local environment
if (!$am_i_local) {
$to = $found_user->email_address;
$subject = "Password Reset Request";
$message = "\n\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<title>" . $subject . "</title>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body>\n\t\t\t\t\t\t<p>Your username is: <strong>" . $found_user->username . "</strong></p>\n\t\t\t\t\t\t<p>Please the link below to reset your password. The link will be acive for 24 hours.</p>\n\t\t\t\t\t\t<p><a href=\"" . ROOT_URL . "reset_my_password.php?reset_key=" . $new_request->random_key . "\">" . ROOT_URL . "reset_my_password.php?reset_key=" . $new_request->random_key . "</a></p>\n\t\t\t\t\t</body>\n\t\t\t\t</html>\n\t\t\t\t";
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// More headers
$headers .= 'From: <support@pet_adoption.com>' . "\r\n";
//send out the email
mail($to, $subject, $message, $headers);
}
//redirect
$session->message("Success! Please check your e-mail for instructions on how to reset your password.");
redirect_head(ROOT_URL . "forgot_my_password.php");
}
}
// header
require_once "requires/template/header.php";
?>
<!-- form -->
<section id="registration" class="container"><form class="center" role="form" action="<?php
echo file_name_with_get();
?>
" method="post"><fieldset class="registration-form">
<p>Please enter the Email Address associated with your account.</p>
<div class="form-group"><input type="text" name="email_address" class="form-control" value="<?php
if (isset($_POST['submit'])) {
echo $_POST['email_address'];