$ticketCodequery = $ticketdb->PREPARE("SELECT uid, redeemed, classID FROM Tickets WHERE ticketCode = '{$ticketCode}';"); $ticketCodequery->execute(); $ticketCoderesult = $ticketCodequery->fetch(); $ticketCodecount = $ticketCodequery->rowCount(); if ($ticketCodecount != '0') { // Good Ticket Code now we check to see if it has been used $redeemed = $ticketCoderesult['redeemed']; $classID = $ticketCoderesult['classID']; if ($redeemed == 'yes') { // Ticket has been used echo "<p>Ticket has been redeemed before.</p>"; } else { // Ticket has not been used $eventquery = $eventdb->PREPARE("SELECT title FROM Event WHERE uid = '{$classID}';"); $eventquery->execute(); $eventresult = $eventquery->fetch(); $title = $eventresult['title']; echo "<p>Good Ticket for " . $title . "</p>"; // Mark ticket as been used $ticketUpdatesql = "UPDATE Tickets SET redeemed= ? WHERE ticketCode = '" . $ticketCode . "'"; $ticketUpdatequery = $useticketdb->PREPARE($ticketUpdatesql); $ticketUpdatequery->execute(array('yes')); } } else { // Can't find a record of provided ticket code echo "<p>No Such Ticket</p>"; } } else { // No ticket provided through URL echo "<p>No Ticket Code specified!</p>"; }
<?php include "config.php"; $title = $_POST["eventName"]; $startTime = $_POST["startDate"]; $endTime = $_POST["endDate"]; $location = $_POST["where"]; $description = $_POST["description"]; $agenda = $_POST["agenda"]; $aboutTeacher = $_POST["aboutYou"]; if ($sqlTicketservertype = 'mysql') { $db = new PDO('mysql:host=' . $sqlTicketserver . ';dbname=' . $sqlTicketdbname, $sqlTicketusername, $sqlTicketpassword); } $query = $db->PREPARE("INSERT INTO Event ( title, startTime, endTime, location, description, agenda, aboutTeacher, isActive ) VALUES ( '{$title}' , '{$startTime}', '{$endTime}', '{$location}', '{$description}', '{$agenda}', '{$aboutTeacher}', 1 )"); $query->execute(); header('Location: index.php?action=admin');
<center><table width="75%" > <tr> <th>Event</th> <th>Attendees</th> </tr> <?php if ($sqlTicketservertype = 'mysql') { $db = new PDO('mysql:host=' . $sqlTicketserver . ';dbname=' . $sqlTicketdbname, $sqlTicketusername, $sqlTicketpassword); } $query = $db->PREPARE("SELECT title,attendeeCount,uid FROM Event WHERE isActive = '1';"); $query->execute(); $query->setFetchMode(PDO::FETCH_ASSOC); while ($row = $query->fetch()) { echo "<tr><td><a href=index.php?action=editevent&id=" . $row['uid'] . ">" . $row['title'] . "</a></td><td>" . $row['attendeeCount'] . "</td></tr>"; } ?> <tr><td colspan="2"> </td></tr> <tr><td colspan="2"><a href="index.php?action=addEvent">Add event</a><br/></td></tr> </table></center>
include 'ipnlistener.php'; include "config.php"; if ($sqlTicketservertype = 'mysql') { $db = new PDO('mysql:host=' . $sqlTicketserver . ';dbname=' . $sqlTicketdbname, $sqlTicketusername, $sqlTicketpassword); } // tell PHP to log errors to ipn_errors.log in this directory ini_set('log_errors', true); ini_set('error_log', dirname(__FILE__) . '/ipn_errors.log'); $listener = new IpnListener(); $listener->use_sandbox = true; try { $verified = $listener->processIpn(); } catch (Exception $e) { // fatal error trying to process IPN. error_log($e->getMessage()); exit(0); } if ($verified) { // IPN response was "VERIFIED" $email = $_POST['payer_email']; $txn = $_POST['txn_id']; $firstName = $_POST['first_name']; $lastName = $_POST['last_name']; $paymentDate = $_POST['payment_date']; $query = $db->PREPARE("INSERT INTO Tickets ( email, txn, firstName, lastName, paymentDate ) VALUES ( '{$email}', '{$txn}', '{$firstName}', '{$lastName}', '{$paymentDate}' )"); $query->execute(); mail('*****@*****.**', 'Valid IPN', $listener->getTextReport()); } else { // IPN response was "INVALID" mail('*****@*****.**', 'Invalid IPN', $listener->getTextReport()); }
<?php if (isset($_GET['id'])) { $id = $_GET['id']; } if ($sqlTicketservertype = 'mysql') { $db = new PDO('mysql:host=' . $sqlTicketserver . ';dbname=' . $sqlTicketdbname, $sqlTicketusername, $sqlTicketpassword); } $query = $db->PREPARE("SELECT title,startTime,endTime,location,description,agenda,aboutTeacher FROM Event WHERE uid = '{$id}';"); $query->execute(); $query->setFetchMode(PDO::FETCH_ASSOC); while ($row = $query->fetch()) { $classTitle = $row['title']; echo "<h2>" . $row['title'] . "</h2>"; echo "<p><b>Description:</b> " . $row['description'] . "</p>"; echo "<p>Class will be held on " . $row['startTime'] . " until " . $row['endTime'] . " at " . $row['location'] . "</p>"; echo "<p><b>Agenda:</b> " . $row['agenda'] . "</p>"; echo "<p><b>About the Teacher: " . $row['aboutTeacher'] . "</p>"; } ?> <form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="*****@*****.**"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="item_name" value="<?php echo $classTitle; ?> "> <input type="hidden" name="item_number" value="Class"> <input type="hidden" name="custom" value="<?php
<?php include "config.php"; $id = $_POST["id"]; $title = $_POST["eventName"]; $startTime = $_POST["startDate"]; $endTime = $_POST["endDate"]; $location = $_POST["where"]; $description = $_POST["description"]; $agenda = $_POST["agenda"]; $aboutYou = $_POST["aboutYou"]; if ($sqlTicketservertype = 'mysql') { $db = new PDO('mysql:host=' . $sqlTicketserver . ';dbname=' . $sqlTicketdbname, $sqlTicketusername, $sqlTicketpassword); } $sql = "UPDATE Event SET title = ?, startTime = ?, endTime = ?, location = ?, description = ?, agenda = ?, aboutTeacher= ? WHERE uid = '" . $id . "'"; $query = $db->PREPARE($sql); $query->execute(array($title, $startTime, $endTime, $location, $description, $agenda, $aboutYou)); header('Location: index.php?action=admin'); ?>
<?php include "config.php"; include "loggedin.php"; require_once 'PasswordHash.php'; // include the PHPass framework $hasher = new PasswordHash(8, TRUE); // initialize the PHPass class if ($sqlServerType = 'mysql') { $db = new PDO('mysql:host=' . $sqlServer . ';dbname=' . $sqlDBname, $sqlUsername, $sqlPassword); } $username = $_POST["loginName"]; $password = $_POST["loginPassword"]; if ($username && $password) { global $hasher; $query = $db->PREPARE("SELECT password FROM users WHERE username = '******';"); $query->execute(); $result = $query->fetch(); $numRows = $query->rowCount(); if ($numRows < 1) { header('Location: index.php?error=1'); //user does not exist die; } if (!$hasher->CheckPassword($password, $result['password'])) { header('Location: index.php?error=1'); //password does not match die; } else { $query = $db->PREPARE("SELECT id, username, admin FROM users WHERE username = '******';"); $query->execute();