header("Cache-Control: post-check=0, pre-check=0", false);
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Pragma: no-cache"); // HTTP/1.0
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");*/
@($fw = new scaleDB(SQL_HOST, SQL_USER, SQL_PASS, SQL_DB));
@($ismobi = new IsMobile());
if ($fw->isLoggedIn($_SESSION) && $fw->isValidUser($_SESSION)) {
$techname = $_SESSION['USER']['fullname'];
$username = $_SESSION['USER']['username'];
$oldpass = $fw->clean_input($_POST['oldPass']);
$newpass1 = $fw->clean_input($_POST['newPass1']);
$newpass2 = $fw->clean_input($_POST['newPass2']);
$date = $fw->getDate();
#Check if the scale still exists in the database
$query_user = "******" . $username . "'";
$result_user = $fw->query($query_user);
if ($query_user) {
while ($row = $result_user->fetch_assoc()) {
$db_pass = $row['password'];
$db_name = $row['fullname'];
$db_user = $row['username'];
}
if ($db_pass == sha1($oldpass)) {
if ($db_name == $_SESSION['USER']['fullname'] && $db_user == $_SESSION['USER']['username']) {
if ($newpass1 == $newpass2 && $newpass1 != $oldpass) {
$final_pass = sha1($newpass1);
$query_db = "update users set password = '******' where username = '******'";
$result_db = $fw->query($query_db);
if ($result_db) {
$query = "select * from users where username = '******'";
$result = $fw->query($query);
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Pragma: no-cache"); // HTTP/1.0
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");*/
@($fw = new scaleDB(SQL_HOST, SQL_USER, SQL_PASS, SQL_DB));
@($ismobi = new IsMobile());
if ($fw->isLoggedIn($_SESSION) && $fw->isValidUser($_SESSION)) {
header("Location: index.php");
die("<p>You are logged in and do not need to login again!</p>");
} else {
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (isset($_POST['submit'])) {
if ($_POST['submit'] == "Login") {
$username = isset($_POST['username']) ? strtolower($fw->clean_input($_POST['username'])) : NULL;
$password = $_POST['password'];
$query = "select * from users where username = '******'";
$result = $fw->query($query);
if ($result) {
while ($row = $result->fetch_assoc()) {
$db_id = $row['id'];
$db_username = $row['username'];
$db_pass = $row['password'];
$db_fullname = $row['fullname'];
$db_email = $row['email'];
$db_user = $row['is_user'];
$db_admin = $row['is_admin'];
$db_superadmin = $row['is_superadmin'];
}
if (sha1($password) == @$db_pass && @$db_user == 1) {
$digest = md5($db_id . $db_username . $db_fullname . $db_pass . $db_email . $db_user . $db_admin . $db_superadmin);
$_SESSION['USER'] = array('userid' => $db_id, 'username' => $db_username, 'fullname' => $db_fullname, 'digest' => $digest, 'is_user' => $db_user, 'is_admin' => $db_admin, 'is_superadmin' => $db_superadmin);
$date = $fw->getDate();
<meta name="viewport" content="width=device-width, initial-scale=0.62">
</head>
<body>
<?php
include 'header.php';
?>
<h2>Registered Users</h2>
<?php
if ($fw->isAdmin($_SESSION) || $fw->isSuperAdmin($_SESSION)) {
$query = "select * from users";
} else {
die;
}
$result = $fw->query($query);
if ($result) {
$num_results = $result->num_rows;
echo "<p>Number of matches found: " . $num_results . "</p>";
if ($num_results > 0) {
$output = "\n\n\t\t<table class=\"table-striped table-style table-hover search-results\">\n" . "\t\t\t<thead>\n" . "\t\t\t\t<tr>\n" . "\t\t\t\t\t<th>ID</th>\n" . "\t\t\t\t\t<th>Username</th>\n" . "\t\t\t\t\t<th>Full Name</th>\n" . "\t\t\t\t\t<th>Email</th>\n" . "\t\t\t\t\t<th>is_user</th>\n" . "\t\t\t\t\t<th>is_admin</th>\n" . "\t\t\t\t\t<th>is_super</th>\n" . "\t\t\t\t</tr>\n" . "\t\t\t</thead>\n" . "\t\t\t<tbody>\n";
for ($i = 0; $i < $num_results; $i++) {
$row = $result->fetch_assoc();
$output .= "\t\t\t\t<tr>\n" . "\t\t\t\t\t<td>" . $fw->clean_output($row['id']) . "</td>\n" . "\t\t\t\t\t<td>" . $fw->clean_output($row['username']) . "</td>\n" . "\t\t\t\t\t<td>" . $fw->clean_output($row['fullname']) . "</td>\n" . "\t\t\t\t\t<td>" . $fw->clean_output($row['email']) . "</td>\n" . "\t\t\t\t\t<td>" . $fw->clean_output($row['is_user']) . "</td>\n" . "\t\t\t\t\t<td>" . $fw->clean_output($row['is_admin']) . "</td>\n" . "\t\t\t\t\t<td>" . $fw->clean_output($row['is_superadmin']) . "</td>\n" . "\t\t\t\t</tr>\n";
}
$output .= "\t\t\t</tbody>\n" . "\t\t</table>\n";
echo $output;
$result->free();
}
} else {
echo "An error occured while trying to perform your search. Please try again.";
$scale_divisions = $fw->clean_input($_POST['scale_divisions']);
$units = $fw->clean_input($_POST['units']);
$date = date('m/d/Y') . " @ " . date('h:i:s A');
$comments = $fw->clean_input($_POST['comments']);
$status = "Pending";
if ($state == "NULL") {
$state == "IN";
} else {
$state = strtoupper($state);
}
$digest = md5($_SESSION['USER']['fullname'] . $_POST['companyname'] . $_POST['street'] . $_POST['city'] . $_POST['state'] . $_POST['indicator_manu'] . $_POST['indicator_model'] . $_POST['indicator_serial'] . $_POST['scale_manu'] . $_POST['scale_model'] . $_POST['scale_serial'] . $_POST['scale_capacity'] . $_POST['scale_divisions']);
$sessionDigest = isset($_SESSION['digest']) ? $_SESSION['digest'] : '';
if ($digest != $sessionDigest) {
#First database query to insert the user submitted data into the scales table
$query1 = "insert into scales values\r\n" . "('NULL', " . "'" . $status . "', " . "'" . $date . "', " . "'" . $date . "', " . "'" . $techname . "', " . "'" . $companyname . "', " . "'" . $street . "', " . "'" . $city . "', " . "'" . $state . "', " . "'" . $zipcode . "', " . "'" . $indicator_tag . "', " . "'" . $indicator_manu . "', " . "'" . $indicator_model . "', " . "'" . $indicator_serial . "', " . "'" . $scale_manu . "', " . "'" . $scale_model . "', " . "'" . $scale_serial . "', " . "'" . $scale_capacity . "', " . "'" . $scale_divisions . "', " . "'" . $units . "'); ";
$result = $fw->query($query1);
#END first query
#Second Database query to get the new scale ID that was just set
$query2 = "select id from scales where date like '" . $date . "'";
$result2 = $fw->query($query2);
$ID = 0;
while ($row = $result2->fetch_assoc()) {
$ID = $row['id'];
}
#END second query
#Third database query to set the comments into its own table
$query3 = "insert into events values\r\n" . "('NULL', " . "'" . $date . "', " . "'" . $ID . "', " . "'" . $techname . "', " . "'Created the scale entry', " . "'" . NULL . "', " . "'" . $comments . "'); ";
$result3 = $fw->query($query3);
#END third query
if ($result) {
$_SESSION['digest'] = $digest;
<?php
session_start();
include 'framework.php';
@($fw = new scaleDB('localhost', 'root', '', 'brechbuhler_test'));
if ($fw->isLoggedIn($_SESSION) && $fw->isValidUser($_SESSION) && $fw->isSuperAdmin($_SESSION)) {
if (isset($_GET['id'])) {
$scale_id = $fw->clean_input($_GET['id']);
} else {
die("No scale was defined in the delete request.");
}
#$fullname = $_SESSION['user_validation']['fullname'];
#$username = $_SESSION['user_validation']['username'];
echo $scale_id . "<br />";
$query_scales = "delete from scales where id = '" . $scale_id . "'";
echo $query_scales . "<br />";
$result_scales = $fw->query($query_scales);
if (!$result_scales) {
die("Something happened. The scale could not be removed from the database at this time. Please try again later.");
}
$query_events = "delete from events where scale_id = '" . $scale_id . "'";
$result_events = $fw->query($query_events);
if (!$result_events) {
die("Something happened. The events could not be removed from the database at this time. Please notify an admin.");
}
header('Location: index.php?result=31');
die("The scale was successfully removed from the database.");
} else {
header("Location: login.php");
die("You must be logged in to view this page.");
}
if (isset($_POST['submit'])) {
if ($_POST['submit'] == "Submit") {
$id;
if (isset($_GET['id'])) {
$scale_id = $_GET['id'];
$tech = $fw->clean_input($_SESSION['USER']['fullname']);
#$status = $fw->clean_input( $_POST['status'] );
$timespent = isset($_POST['timespent']) ? $fw->clean_input($_POST['timespent']) : 0;
$stage = $fw->clean_input($_POST['stage']);
$date = $fw->getDate();
$comments = $fw->clean_input($_POST['comments']);
$digest = md5($stage . $comments);
$sessionDigest = isset($_SESSION['digest']) ? $_SESSION['digest'] : '';
if ($digest != $sessionDigest) {
$query = "insert into events values\r\n" . "(NULL, " . "'" . $date . "', " . "'" . $scale_id . "', " . "'" . $tech . "', " . "'" . $stage . "', " . "'" . $timespent . "', " . "'" . $comments . "'); ";
$result = $fw->query($query);
if ($stage != "Added Additional Notes") {
$query_two = "update scales set status ='" . $stage . "', updated = '" . $date . "' where id='" . $scale_id . "';";
$result_two = $fw->query($query_two);
if ($result && $result_two) {
$_SESSION['viewScale']['result'] = "The ticket was successfully updated!";
$_SESSION['digest'] = $digest;
header("Location: viewScale.php?id={$scale_id}");
} elseif ($result || $result_two) {
$_SESSION['viewScale']['error'] = "Only part of your data was submitted. An error must have occured when communicating with the database.";
header("Location: viewScale.php?id={$scale_id}");
} else {
$_SESSION['viewScale']['error'] = "Something went wrong when submitting your ticket to the database. Please try again.";
header("Location: viewScale.php?id={$scale_id}");
}
} elseif ($stage == "Added Additional Notes" && $result) {
<?php
session_start();
include 'framework.php';
@($fw = new scaleDB('localhost', 'root', '', 'brechbuhler_test'));
if ($fw->isLoggedIn($_SESSION) && $fw->isValidUser($_SESSION)) {
$scale_id = $fw->clean_input($_POST['scale_id']);
$tech = $fw->clean_input($_POST['tech']);
$status = $fw->clean_input($_POST['status']);
$stage = $fw->clean_input($_POST['stage']);
$date = $fw->getDate();
$comments = $fw->clean_input($_POST['comments']);
$event = $stage;
$query = "insert into events values\r\n" . "('NULL', " . "'" . $date . "', " . "'" . $scale_id . "', " . "'" . $tech . "', " . "'" . $event . "', " . "'" . $comments . "'); ";
$result = $fw->query($query);
if ($stage != "Added Additional Notes") {
$query_two = "update scales set status='" . $stage . "' where id='" . $scale_id . "';";
$result_two = $fw->query($query_two);
if ($result && $result_two) {
//$result->free();
header("Location: index.php?result=5");
die;
} elseif ($result || $result_two) {
header("Location: index.php?result=4");
} else {
header("Location: index.php?result=2");
//echo $query;
die;
}
} elseif ($stage == "Additional Notes" && $result) {
header("Location: index.php?result=5");
