Exemplo n.º 1
0
<?php

require 'includes/constant/config.inc.php';
require_once 'includes/swift/lib/swift_required.php';
return_meta("Thank You!");
//Process a submission on quote_form.php
if ($_POST) {
    //validate if required fields are filled
    //http://www.w3schools.com/php/php_form_required.asp
    //if a required field is empty, return an error message
    if (empty($_POST["club"]) || empty($_POST["shaft"]) || empty($_POST["quantity"]) || empty($_POST["customer"]) || empty($_POST["email"])) {
        $err = "Please fill all of the required field.<br><br>";
        $err .= "Use browser's back button to go back to the form and type in again.";
    } elseif (!check_email($_POST['email'])) {
        //validate the email address
        $err = "Entered email address does not seem to be an valid email address.<br><br>";
        $err .= "Use browser's back button to go back to the form and type it again.";
    } else {
        //if all of required fields are NOT empty, sanitize the post data
        $club = filter($_POST["club"]);
        $shaft = filter($_POST["shaft"]);
        $quantity = preg_replace('#[^0-9]#', '', $_POST['quantity']);
        //get rid of letters except numbers
        $customer_email = filter($_POST['email']);
        $customer_name = filter($_POST['customer']);
        $comment = filter($_POST['comment']);
        //Check if subscribe check box is left checked or unchecked
        //http://www.webdeveloper.com/forum/showthread.php?209721-Posting-an-UNCHECKED-check-box
        if (!empty($_POST['subscribe'])) {
            $subscribe = 'yes';
        } else {
Exemplo n.º 2
0
<?php

require 'includes/constant/config.inc.php';
require_once 'includes/swift/lib/swift_required.php';
return_meta();
//Process a submission on quote_form.php and insert the data into the inquiry table.
if ($_POST) {
    //Assign variables and sanitize POST data
    $club = mysql_real_escape_string($_POST['club']);
    $shaft = mysql_real_escape_string($_POST['shaft']);
    $quantity = preg_replace('#[^0-9]#', '', $_POST['quantity']);
    //get rid of letters except numbers
    $customer_name = mysql_real_escape_string($_POST['customer']);
    $customer_email = mysql_real_escape_string($_POST['email']);
    $comment = mysql_real_escape_string($_POST['comment']);
    $subscribe = $_POST['subscribe'];
    //The value is 'yes' or 'no' only
    //Build a query statement for insertion
    $query = "INSERT INTO " . TABLE_INQUIRIES . "(customer, email, club, shaft, quantity, subscribe, comment, time) VALUES ('" . $customer_name . "', '" . $customer_email . "', '" . $club . "', '" . $shaft . "', '" . $quantity . "', '" . $subscribe . "', '" . $comment . "', now());";
    mysql_query($query) or die(mysql_error());
}
//Swift
$username = "******";
$email_password = "";
$email_from = "*****@*****.**";
$from_name = "Umi Neko";
//Compute prices for quote
//Fetch price for single club from the product table
$query_club_pcice = "SELECT `price` FROM `" . TABLE_PRODUCTS . "` WHERE `club` = '" . $club . "' limit 1";
$result_club_price = mysql_query($query_club_pcice) or die("Failed to retrieve rows: " . mysql_error());
//Fetch price for single shaft from the shaft table
Exemplo n.º 3
0
<?php

/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Write your blog " . $_SESSION['fullname'] . "!");
$blogtitle = NULL;
$blogentry = NULL;
$userid = $_SESSION['user_id'];
$msg = NULL;
$err = array();
if (isset($_POST['postblog'])) {
    //filter is defined config.inc.php, line 258
    $blogtitle = filter($_POST['blogtitle']);
    $blogentry = filter($_POST['blogentry']);
    $date = date('Y-m-d H:i:s');
    $err = array();
    if (empty($blogtitle) || strlen($blogentry) < 2) {
        $err[] = "You must enter blog title";
    }
    if (empty($blogentry) || strlen($blogentry) < 4) {
        $err[] = "You must enter blog entry";
    }
    $q2 = mysql_query("INSERT INTO " . USER_BLOG . " (id, blog_title, blog_entry, time_submitted) VALUES ('{$userid}', '{$blogtitle}', '{$blogentry}', '{$date}')", $link) or die("Unable to insert data");
    //if there are no errors, set $msg to "post successful!" - later on, it is displayed on the page
    if (count($err) == 0) {
        $msg = "Blog Post Successful!";
        $meta_title = "Blog Post Successful!";
    }
}
?>
Exemplo n.º 4
0
<?php

include 'includes/constant/config.inc.php';
return_meta("User Blog");
/*
//Listing of existing images in directory

	$media = get_images($file_location); //calls dir_tree function in constant.inc.php file
	
	print_r($media);
	
	$media_count = 0;

	if(!empty($media))
	{
		foreach($media as $media_disp)
		{
			$media_loc = htmlspecialchars($media_disp);
			list($width, $height, $type, $attr)= getimagesize($media_loc);

			$media_count++;
		}
	}
	else
	{
	}
*/
?>
</head>
<body>
<div id="container">
Exemplo n.º 5
0
<?php

/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Golf Club Entries");
include '../includes/constant/nav.inc.php';
?>

<h1>Golf Clubs</h1>

<?php 
$query_for_table = mysql_query("SELECT * FROM " . TABLE_PRODUCTS . " ORDER BY club ASC;") or die(mysql_error());
//constant/config.inc.php line 393
generate_html_table();
include '../includes/constant/footer.inc.php';
Exemplo n.º 6
0
<?php

require 'includes/constant/config.inc.php';
return_meta("Get A Quote Now!");
?>
	
<script>
	//Function which gets executed when the document is loaded
	$(function()
	{

		/*** JQUERY UI AUTO-COMPLETION ***/

		//define an array to hold club string
		var availableClubs = [ ];
		
		$.ajax(
			{
				type: "POST",
				url: "includes/constant/generate_club.php", 
				data: "",
				success: function(response)
				{
					
					/* use JSON's function to parse the response */
					var parsed_response = JSON.parse(response);
					
					/* retrieve the club array that is part of the response. */
					availableClubs = parsed_response.club;
					
					/* select the HTML element with id="club" and call the autocomplete() function from the jquery UI library */
Exemplo n.º 7
0
<?php

/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Edit your blog " . $_SESSION['fullname'] . "!");
$msg = NULL;
$date = date('Y-m-d H:i:s');
if (isset($_POST['update'])) {
    $update = mysql_query("UPDATE " . USER_BLOG . " SET blog_title = '" . filter($_POST['blogtitle']) . "', blog_entry = '" . filter($_POST['blogentry']) . "', time_submitted = '" . $date . "' WHERE blog_id = '" . $_POST['blogid'] . "';") or die(mysql_error());
    echo $update;
    if ($update) {
        $msg = "Blog updated successfully!";
    }
}
?>
<script>
</script>
</head>
<body>
<div id="container">

	<?php 
include '../includes/constant/nav.inc.php';
?>

	<h1>Hey <?php 
echo $_SESSION['fullname'];
?>
!  Edit your blog!</h1>
Exemplo n.º 8
0
<?php

require '../includes/constant/config.inc.php';
return_meta("Activate your account");
$err = array();
$msg = array();
$user = NULL;
$activ = NULL;
$user_email = NULL;
/******** EMAIL ACTIVATION LINK**********************/
if (isset($_GET['user']) && !empty($_GET['activ_code']) and !empty($_GET['user']) && is_numeric($_GET['activ_code'])) {
    $user = filter($_GET['user']);
    $activ = filter($_GET['activ_code']);
    //check if activ code and user is valid
    $rs_check = mysql_query("SELECT id FROM " . USERS . " WHERE md5_id='{$user}' AND activation_code='{$activ}'") or die(mysql_error());
    $num = mysql_num_rows($rs_check);
    // Match row found with more than 1 results  - the user is authenticated.
    if ($num <= 0) {
        $err[] = "Unable to verify account";
    }
    if (empty($err)) {
        // set the approved field to 1 to activate the account
        $rs_activ = mysql_query("UPDATE " . USERS . " SET approved='1' WHERE\n\t\tmd5_id='{$user}' AND activation_code = '{$activ}' ") or die(mysql_error());
        $msg[] = "Account activated successfully!  You may now <a href=\"" . SITE_BASE . "/login.php\">login</a>.";
    }
}
/******************* ACTIVATION BY FORM**************************/
if (isset($_POST['activate'])) {
    $user_email = filter($_POST['user_email']);
    $activ = filter($_POST['activ_code']);
    //check if activ code and user is valid as precaution
Exemplo n.º 9
0
<?php

/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Edit " . $_SESSION['fullname'] . "'s Profile");
$msg = NULL;
if (isset($_POST['update'])) {
    $update = "UPDATE " . USERS . " SET full_name = '" . filter($_POST['fullname']) . "', user_name = '" . filter($_POST['username']) . "', usr_email = AES_ENCRYPT('" . filter($_POST['email']) . "', '{$salt}')";
    if (!empty($_POST['newpass'])) {
        $update .= ", usr_pwd = '" . hash_pass(filter($_POST['newpass'])) . "'";
    }
    $update .= " WHERE id = '" . $_SESSION['user_id'] . "'";
    $run_update = mysql_query($update) or die(mysql_error());
    if ($run_update) {
        $msg = "Profile updated successfully!";
    }
}
?>

<?php 
include '../includes/constant/nav.inc.php';
?>

<h1>Edit My Profile</h1>

<?php 
if (isset($msg)) {
    echo '<div class="success">' . $msg . '</div>';
}
$in = mysql_query("SELECT *, AES_DECRYPT(usr_email, '{$salt}') AS email FROM " . USERS . " WHERE id = '" . $_SESSION['user_id'] . "'") or die("Unable to get your info!");
Exemplo n.º 10
0
 <?php 
/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Import CSV Files");
//http://www.johnboy.com/blog/tutorial-import-a-csv-file-using-php-and-mysql
//http://www.johnboy.com/scripts/import-csv-file-with-php-mysql/import.phps
if (isset($_POST['submit_club'])) {
    if ($_FILES['csv1']['size'] > 0) {
        //get the csv file
        $file = $_FILES['csv1']['tmp_name'];
        $handle = fopen($file, "r");
        //loop through the csv file and insert into database
        do {
            if ($data[1]) {
                mysql_query("INSERT INTO " . TABLE_PRODUCTS . " (product_id, club, brand, category, price, cost, status, details, time) VALUES\n\t\t\t\t\t(\n\t\t\t\t\t\t'" . addslashes($data[0]) . "',\n\t\t\t\t\t\t'" . addslashes($data[1]) . "',\n\t\t\t\t\t\t'" . addslashes($data[2]) . "',\n\t\t\t\t\t\t'" . addslashes($data[3]) . "',\n\t\t\t\t\t\t'" . addslashes($data[4]) . "',\n\t\t\t\t\t\t'" . addslashes($data[5]) . "',\n\t\t\t\t\t\t'" . addslashes($data[6]) . "',\n\t\t\t\t\t\t'" . addslashes($data[7]) . "'\n\t\t\t\t\t)\n\t\t\t\t");
            }
        } while ($data = fgetcsv($handle, 1000, ",", "'"));
        //redirect
        header('Location: import.php?success=1');
        die;
    }
    fclose($handle);
}
//Insert data to the SHAFT table
if (isset($_POST['submit_shaft'])) {
    if ($_FILES['csv2']['size'] > 0) {
        //get the csv file
        $file = $_FILES['csv2']['tmp_name'];
        $handle = fopen($file, "r");
        //loop through the csv file and insert into database
Exemplo n.º 11
0
<?php

/*ADMIN index.php - secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Welcome to the secured user area " . $_SESSION['fullname'] . "!");
/****CHART****/
//Retrieve data (all column) from the inquiry table
$query = "SELECT * FROM " . TABLE_INQUIRIES . " ORDER BY club DESC;";
//$query = "SELECT club, COUNT(*) AS CLUBCOUNT FROM " . TABLE_INQUIRIES . " GROUP BY club ORDER BY CLUBCOUNT DESC;";
//execute it
$result = mysql_query($query) or die("Failed to retrieve rows: " . mysql_error());
//array to store the rows
$table_rows = array();
while ($row = mysql_fetch_array($result)) {
    $table_rows[] = $row;
    //add the next row to the list of rows stored in $table_rows
}
//print_r($table_rows); echo "<br><br>";
//CHART 1: BAR CHART: Number of inquiries per club
//step 1: extract all categories
$club = array();
foreach ($table_rows as $current_row) {
    //if the product category of the current row is not in the list, add it
    if (!in_array($current_row['club'], $club)) {
        $club[] = $current_row['club'];
    }
}
//print_r($club); echo "<br><br>";
//step 2-1: compute the order counts for each club
$counts_per_club = array();
Exemplo n.º 12
0
<?php

/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
if (!is_admin()) {
    header("Location: " . SITE_BASE . "/login.php");
}
return_meta("Administrator User listing");
$msg = array();
$err = array();
/*Update user account
===================================================*/
if (isset($_POST['update'])) {
    $update = "UPDATE " . USERS . " SET full_name = '" . filter($_POST['fullname']) . "', user_name = '" . filter($_POST['username']) . "', usr_email = AES_ENCRYPT('" . filter($_POST['email']) . "', '{$salt}'), user_level = '" . filter($_POST['user_level']) . "'";
    if (!empty($_POST['newpass'])) {
        $update .= ", usr_pwd = '" . hash_pass(filter($_POST['newpass'])) . "'";
    }
    $update .= " WHERE id = '" . filter($_POST['user_id']) . "'";
    $run_update = mysql_query($update) or die(mysql_error());
    if ($run_update) {
        $msg[] = stripslashes(ucfirst($_POST['fullname'])) . "'s Profile updated successfully!";
    }
}
/*Delete user
===================================================*/
if (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) {
    $dq = mysql_query("DELETE FROM " . USERS . " WHERE id = '" . filter($_GET['id']) . "' LIMIT 1") or die(mysql_error());
    if ($dq) {
        $msg[] = "Successfully deleted user.";
    } else {
Exemplo n.º 13
0
    $fullname = filter($_POST['fullname']);
    $username = filter($_POST['username']);
    $password = filter($_POST['password']);
    $email = filter($_POST['email']);
    $date = date('Y-m-d');
    $user_ip = $_SERVER['REMOTE_ADDR'];
    $activation_code = rand(1000, 9999);
    //define in config.inc.php, line 39
    $err = add_user($fullname, $username, $password, $email, $date, $user_ip, $activation_code);
    //if there are no errors, set $msg to "Registration Successfull" - later on, it is displayed on the page
    if (count($err) == 0) {
        $msg = "Registration successful!";
        $meta_title = "Registration successful!";
    }
}
return_meta($meta_title);
?>

<?php 
include '../includes/constant/nav.inc.php';
?>

<h1>Add Admin Users</h1>

<?php 
//Show message if isset
if (isset($msg)) {
    echo '<div class="success">' . $msg . '</div>';
}
//Show error message if isset
if (!empty($err)) {
Exemplo n.º 14
0
<?php

/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Shaft Entries");
include '../includes/constant/nav.inc.php';
?>

<h1>Shafts</h1>

<?php 
$query_for_table = mysql_query("SELECT * FROM " . TABLE_SHAFTS . " ORDER BY shaft ASC;") or die(mysql_error());
//constant/config.inc.php line 393
generate_html_table();
include '../includes/constant/footer.inc.php';
Exemplo n.º 15
0
<?php

/*Secured user only page*/
include '../includes/constant/config.inc.php';
secure_page();
return_meta("Customer Inquiries");
include '../includes/constant/nav.inc.php';
?>

<h1>Inquiries</h1>

<?php 
//get all fields from the inquiry table and sort by date, newer comes to the top
$query_for_table = mysql_query("SELECT * FROM " . TABLE_INQUIRIES . " ORDER BY time DESC;") or die(mysql_error());
//constant/config.inc.php line 393
generate_html_table();
include '../includes/constant/footer.inc.php';
Exemplo n.º 16
0
                $msg = "Logged in successfully!";
                //redirect to a new location
                header("Location: " . SITE_BASE . "/admin");
            } else {
                //Passwords don't match, issue an error
                $err[] = "Invalid User or Password";
            }
        } else {
            //No rows found in DB matching username or email, issue error
            $err[] = "This user was not found in the database.";
        }
    }
    //end if no error
}
//end form posted
return_meta("Administrator Login");
?>

<?php 
include 'includes/constant/nav.inc.php';
?>

	<?php 
//Show message if isset
if (isset($msg) || !empty($_GET['msg'])) {
    if (!empty($_GET['msg'])) {
        $msg = $_GET['msg'];
    }
    echo '<div class="success">' . $msg . '</div>';
}
//Show error message if isset