/** * returns $number news items from class $type */ function get_news($type, $number) { $news = "SELECT `ID`, `timestamp`, `subject`, `body` FROM `news` WHERE `class`='{$type}' ORDER BY `ID` DESC LIMIT {$number}"; connect_sql(); $news = @query($news) or die("Error getting the news."); // see if we don't have any news if (num_rows($news) == 0) { return "No news."; } else { $to_return = ""; while ($row = result($news)) { $id = $row->ID; $timestamp = $row->timestamp; $subject = stripslashes($row->subject); $body = $row->body; // convert line breaks to <br />'s $body = str_replace("\\r\\n", "<br />", $body); // for windows and IP protocols $body = str_replace("\\n", "<br />", $body); // for nix $body = str_replace("\\r", "<br />", $body); // for mac $body = stripslashes($body); $to_return .= $id . "::::" . $timestamp . "::::" . $subject . "::::" . $body . "_____"; } return $to_return; } disconnect_sql(); }
/** * sees if the user has any new mail */ function check_mail() { $user_id = $_SESSION['id']; connect_sql(); $query = @query("SELECT * FROM `mail` WHERE `read`='0' AND `deleted`='0' AND `to`='{$user_id}'") or die("Error checking the database."); $number = num_rows($query); disconnect_sql(); return $number; }
/** * returns a password for things like the RSS feeds * * gets the password for $id from the database and makes it 8 chars long */ function gen_rss_pass($id) { connect_sql(); $pass = "******"; $pass = @query($pass) or die("Error getting information from the database."); $result = result($pass); $pass = $result->password; $pass = substr($pass, 0, 6); // replace the characters with numbers $pass = str_replace(array("a", "b", "c"), "1", $pass); $pass = str_replace(array("d", "e", "f"), "2", $pass); return $pass; disconnect_sql(); }
<table class="table table-bordered table-hover table-striped"> <thead> <tr> <th class="text-center">ID</th> <th class="text-center">Name</th> <th class="text-center">Content</th> <th class="text-center">IP</th> <th class="text-center" width="140px">Created</th> </tr> </thead> <tbody> <?php require 'includes/function.php'; ?> <?php connect_sql("whocalledchecker"); show("comments"); ?> </tbody> </table> </div> </div> </div> </div> <script> $(document).ready(function(e) { $("#select").change(function() { $("#form").submit(); $("#id").val("$_GET['select']");
<?php /** * used to test out the various sql commands * * Useful to test various DBMSs * * \author Kevin Richardson <*****@*****.**> * \version $Id: sqltest.php,v 1.3 2006/07/19 19:54:52 borismalcov Exp $ */ include "lib/main.php"; connect_sql(); $info = query("SELECT * FROM `users`") or die("Error."); while ($row = result($info, 0)) { print $row->ID . ":" . $row->username . ":" . $row->firstname . " " . $row->surname . "<br />\n"; } disconnect_sql();
<br/> <table border = 0> <caption align = "center"> </caption> <tr> <?php show_navi(); function show_navi() { echo " <p> <a href='index.php'>主页</a> /管理员登陆 </p>"; } if (isset($_POST['pass'])) { if (connect_sql()) { $result = mysql_query("SELECT * FROM nmb_set WHERE item='admin_pass'"); if ($result) { $row1 = mysql_fetch_array($result); $set_pass = $row1['value']; if ($set_pass == $_POST['pass']) { $_SESSION['admin_logged_in'] = 1; } else { echo '密码错误'; } } } } if (isset($_SESSION['admin_logged_in'])) { if ($_SESSION['admin_logged_in'] == 1) { echo "<script>location.href='admin.php';</script>";
function generate($id) { if (connect_sql()) { $result = mysql_query("SELECT * FROM nmb_id WHERE id ={$id}"); if ($result) { $row2 = mysql_fetch_array($result); if (!$row2['id'] == $id) { return $id; } else { $id = $id * 10 + 1; return generate($id); } } } }
/** * displays the content for a user, depending upon what type of user he * or she is */ function display_content() { if (user_type() == "user") { // print his or her latest grades, etc print "<div class=\"grades\"><p class=\"big\">Latest Grades <a href=\"classes.php?xml&u={$_SESSION['id']}&p=" . gen_rss_pass($_SESSION['id']) . "\" title=\"latest grades feed\"><img src=\"images/xml.gif\" alt=\"latest grades via rss\" /></a></p>"; // get their (5) latest grades display_latest_grades($_SESSION['id'], 5, "all"); print "<p class=\"big\">Latest News <a href=\"news.php?xml&u={$_SESSION['id']}&p=" . gen_rss_pass($_SESSION['id']) . "\" title=\"latest news feed\"><img src=\"images/xml.gif\" alt=\"latest news via rss\" /></a></p>"; // get the user's class's latest news post display_latest_news($_SESSION['id'], 1); print "</div>"; print "<p class=\"big\">Classes</p>"; print_students_classes($_SESSION['id']); } elseif (user_type() == "teacher") { // eventually figure out what should go here. suggestions? print "Use the menu above."; } elseif (user_type() == "admin") { // eventually figure out what should go here. suggestions? print "Use the menu above to administer as you will."; } elseif (user_type() == "parent") { connect_sql(); $parentID = $_SESSION['id']; // see which students the parent is a parent of, and print info about their grades. // the following will eventually be turned into a function $students = @query("SELECT `students` FROM `parents` WHERE `parent_ID`='{$parentID}'") or die("Error checking the database."); while ($row = result($students)) { $student = explode(",", $row->students); $i = 0; foreach ($student as $the_student) { // get his or her name $student_name = @query("SELECT `firstname`, `surname` FROM `users` WHERE `ID`='{$the_student}' LIMIT 1") or die("Error checking the database."); while ($row2 = result($student_name)) { $students_name = stripslashes($row2->firstname) . " " . stripslashes($row2->surname); } print "<p class=\"title\">{$students_name}</p>"; // print his or her latest grades, etc print "<div class=\"grades\"><p class=\"big\">Latest Grades <a href=\"classes.php?xml&u={$the_student}&p=" . gen_rss_pass($the_student) . "\" title=\"latest grades feed\"><img src=\"images/xml.gif\" alt=\"latest grades via rss\" /></a></p>"; // get their (5) latest grades display_latest_grades($the_student, 5, "all"); print "<p class=\"big\">Latest News <a href=\"news.php?xml&u={$the_student}&p=" . gen_rss_pass($the_student) . "\" title=\"latest news feed\"><img src=\"images/xml.gif\" alt=\"latest news via rss\" /></a></p>"; // get the user's class's latest news post display_latest_news($the_student, 1); print "</div>"; print "<p class=\"big\">Classes</p>"; print_students_classes($the_student); $i++; // if we have more users to print, print a line if (isset($student[$i])) { print "<hr />"; } } } disconnect_sql(); } }
/** * returns a list of the student's classes, each class separated by a comma * * (returns the first semester's classes first, then the second semester, etc..) */ function parse_class_list($student_id) { connect_sql(); $classes = query("SELECT `classes` FROM `students` WHERE `id`='{$student_id}' LIMIT 1") or die("Error fetching class list."); $result = result($classes); $class_list = $result->classes; $regex = "/[1-" . number_of_semesters . "]\\{(...\\["; for ($j = 1; $j <= number_of_periods; $j++) { $regex .= "[\\d]*"; if ($j != number_of_periods) { $regex .= ","; } } $regex .= "\\])*\\}/"; // break the entire string down into semester strings preg_match_all($regex, $class_list, $semester_class_list, PREG_PATTERN_ORDER); $return = ""; for ($i = 0; $i < number_of_semesters; $i++) { // break it down into invididual days... for ($j = 1; $j <= 5; $j++) { switch ($j) { case 1: $day = "Mon"; break; case 2: $day = "Tue"; break; case 3: $day = "Wed"; break; case 4: $day = "Thu"; break; case 5: $day = "Fri"; break; } $regex = "/" . $day . "\\["; for ($k = 1; $k <= number_of_periods; $k++) { $regex .= "([\\d]*)"; if ($k != number_of_periods) { $regex .= ","; } } $regex .= "\\]/"; // use the regex here preg_match($regex, $semester_class_list[0][$i], $classes); /** * <ul> * <li>$classes[0] is the entire string</li> * <li>$classes[1] is the first class</li> * <li>$classes[2] is the second class</li> * <li>...etc</li> * </ul> */ for ($m = 1; $m <= number_of_periods; $m++) { $return .= $classes[$m] . ","; } } } return $return; disconnect_sql(); }
function insert_event_data($blCalendar) { $dbc = connect_sql(); $qsu = "SELECT pkUserid FROM tblusers WHERE txEmail = ?"; //Use again to grab pkUserid from inserted user $qiu = "INSERT INTO tblusers (txEmail, txHash) VALUES (?,?)"; $qsc = "SELECT fkUserid, fkEventid FROM tblcalendars WHERE fkUserid = ? AND fkEventid = ?"; $quc = "UPDATE tblcalendars SET blCalendar = ? WHERE fkUserid = ? AND fkEventid = ?"; $qic = "INSERT INTO tblcalendars (fkUserid, fkEventid, blCalendar) VALUES (?,?,?)"; $qit = "INSERT INTO tbltokens (txEmail, txTokenid) VALUES (?,?)"; $txEmail = strtolower($_SESSION['sql_attendee_email']); if ($stmt = $dbc->prepare($qsu)) { $stmt->bind_param("s", $txEmail); $stmt->execute(); $stmt->store_result(); $rows = $stmt->num_rows; $stmt->bind_result($pkUserid); $stmt->fetch(); $stmt->free_result(); $stmt->close(); } if ($rows <= 0) { //Generate user if doesn't exist $hash = hash("sha256", time()); if ($stmt = $dbc->prepare($qit)) { $stmt->bind_param("ss", $txEmail, $hash); $stmt->execute(); $affected_rows = $stmt->affected_rows; $stmt->free_result(); $stmt->close(); if ($affected_rows > 0) { if ($stmt = $dbc->prepare($qiu)) { $stmt->bind_param("ss", $txEmail, $hash); $stmt->execute(); $stmt->free_result(); $stmt->close(); } } else { redirect_local(ERROR_PATH . "/?e=sql_insertion"); //Not it } } } if ($stmt = $dbc->prepare($qsu)) { $stmt->bind_param("s", $txEmail); $stmt->execute(); $stmt->bind_result($pkUserid); $stmt->fetch(); $stmt->free_result(); $stmt->close(); } if ($stmt = $dbc->prepare($qsc)) { $stmt->bind_param("ii", $pkUserid, $_SESSION["event_id"]); $stmt->execute(); $stmt->store_result(); $found_rows = $stmt->num_rows; $stmt->bind_result($fkUserid, $fkEventid); $stmt->fetch(); $stmt->free_result(); $stmt->close(); if ($found_rows > 0) { if ($stmt = $dbc->prepare($quc)) { $stmt->bind_param("sii", $blCalendar, $pkUserid, $_SESSION["event_id"]); $stmt->execute(); preg_match_all('/(\\S[^:]+): (\\d+)/', $dbc->info, $matches); $info = array_combine($matches[1], $matches[2]); $affected_rows = $info['Rows matched']; $stmt->free_result(); $stmt->close(); } } else { if ($stmt = $dbc->prepare($qic)) { $stmt->bind_param("iis", $pkUserid, $_SESSION["event_id"], $blCalendar); $stmt->execute(); $affected_rows = $stmt->affected_rows; $stmt->free_result(); $stmt->close(); } } if ($affected_rows > 0) { //affected_rows will not work here if calendar data is the same revoke_token($dbc); indicate_attendee_response($dbc); } else { redirect_local(ERROR_PATH . "/?e=sql_insertion"); } } $dbc->close(); }