/**
* Constructor for survey class
*
* Loads data from survey table
*
* @param in $id number of current survey
* @return void
* @todo none
*/
public function __construct($id)
{
$id = (int) $id;
#cast to integer
$sql = "select Title, Description from sp15_surveys where SurveyID={$id}";
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#there are records - present data
while ($row = mysqli_fetch_assoc($result)) {
# pull data from associative array
$this->Title = dbOut($row['Title']);
$this->Description = dbOut($row['Description']);
$this->SurveyID = $id;
$this->isValid = true;
}
# Endwhile
}
# Endif
@mysqli_free_result($result);
}
function showCustomers()
{
//Select Customer
global $config;
get_header();
echo '<h3 align="center">' . smartTitle() . '</h3>';
$sql = "select CustomerID,FirstName,LastName,Email from test_Customers";
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
//show results
echo '<table align="center" border="1" style="border-collapse:collapse" cellpadding="3" cellspacing="3">';
echo '<tr>
<th>CustomerID</th>
<th>First Name</th>
<th>Last Name</th>
<th>Email</th>
</tr>
';
while ($row = mysqli_fetch_assoc($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
echo '<tr>
<td>' . (int) $row['CustomerID'] . '</td>
<td>' . dbOut($row['FirstName']) . '</td>
<td>' . dbOut($row['LastName']) . '</td>
<td>' . dbOut($row['Email']) . '</td>
</tr>
';
}
echo '</table>';
} else {
//no records
echo '<div align="center"><h3>Currently No Customers in Database.</h3></div>';
}
echo '<div align="center"><a href="' . THIS_PAGE . '?act=add">ADD CUSTOMER</a></div>';
@mysqli_free_result($result);
//free resources
get_footer();
}
function responseList($id)
{
$myReturn = '';
$sql = "select DateAdded, ResponseID from sm15_responses where SurveyID = {$id}";
#reference images for pager
$prev = '<img src="' . VIRTUAL_PATH . 'images/arrow_prev.gif" border="0" />';
$next = '<img src="' . VIRTUAL_PATH . 'images/arrow_next.gif" border="0" />';
# Create instance of new 'pager' class
$myPager = new Pager(10, '', $prev, $next, '');
$sql = $myPager->loadSQL($sql);
#load SQL, add offset
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#records exist - process
if ($myPager->showTotal() == 1) {
$itemz = "response";
} else {
$itemz = "responses";
}
//deal with plural
$myReturn .= '<div align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</div>';
while ($row = mysqli_fetch_assoc($result)) {
# process each row
$myReturn .= '<div align="center"><a href="' . VIRTUAL_PATH . 'surveys/response_view.php?id=' . (int) $row['ResponseID'] . '">' . dbOut($row['DateAdded']) . '</a>';
$myReturn .= '</div>';
}
$myReturn .= $myPager->showNAV();
# show paging nav, only if enough records
} else {
#no records
$myReturn .= "<div align=center>There are currently no surveys</div>";
}
@mysqli_free_result($result);
//$myReturn .= $id;
return $myReturn;
}
# Will change to true, if record found!
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
echo "<h3 style='text-align: center'>News Feeds Available</h3>";
if (mysqli_num_rows($result) > 0) {
#records exist - process
$foundRecord = TRUE;
/**
*
* COLUMNS
*
*/
echo "<ul id='feedlist'>";
while ($row = mysqli_fetch_assoc($result)) {
$Title = dbOut($row['FeedName']);
$Link = dbOut($row['FeedURL']);
if ($foundRecord) {
#records exist - show muffin!
?>
<li style="text-align: center"><a href="news_feed.php?url=<?php
echo $Link;
?>
"<h3><?php
echo $Title;
?>
</h3></a></li>
<hr>
<?php
} else {
//no such muffin!
echo '<div align="center">No Items Match Category.</div>';
/**
* Constructor for Response class.
*
* @param integer $id ID number of Response
* @return void
* @todo none
*/
function __construct($id)
{
$this->ResponseID = (int) $id;
if ($this->ResponseID == 0) {
return FALSE;
}
# invalid response id - abort
$iConn = \IDB::conn();
# uses a singleton DB class to create a mysqli improved connection
$sql = sprintf("select SurveyID, DateAdded from " . PREFIX . "responses where ResponseID =%d", $this->ResponseID);
$result = mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
# returned a response!
while ($row = mysqli_fetch_array($result)) {
# load singular response object properties
$this->SurveyID = (int) $row['SurveyID'];
$this->DateTaken = dbOut($row['DateAdded']);
}
} else {
return FALSE;
#no responses - abort
}
mysqli_free_result($result);
parent::__construct($this->SurveyID);
# access parent class to build Question & Answers
# attempt to load choice array of Answer objects
if ($this->TotalQuestions > 0) {
# Questions must exist for this survey, if we are to proceed
$sql = sprintf("select AnswerID, QuestionID, RQID from " . PREFIX . "responses_answers where ResponseID=%d order by QuestionID asc", $this->ResponseID);
$result = mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
# must be choices
while ($row = mysqli_fetch_array($result)) {
# load data into array of choices
$this->aChoice[] = new Choice((int) $row['AnswerID'], (int) $row['QuestionID'], (int) $row['RQID']);
}
@mysqli_free_result($result);
}
}
}
$itemz = "muffins";
}
echo '<div align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</div>';
$tdWidth = number_format(100 / COLS, 0);
# Here we determine the number of columns we'll be using
$pos = 0;
#init position variable
echo '<table align="center" border="0" width="90%" style="border-collapse:collapse" cellpadding="10" cellspacing="10"><tr>';
while ($row = mysqli_fetch_assoc($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
$pos++;
//echo '<td class="myborder" width="' . $tdWidth . '%">'; #we can't place the class on the <td> in all browers
echo '<td width="' . $tdWidth . '%"><div class="myborder" align="center">';
echo '<img src="' . VIRTUAL_PATH . 'upload/m' . dbOut($row['MuffinID']) . '_thumb.jpg" hspace="5" vspace="5" align="middle" />';
echo ' <a href="' . VIRTUAL_PATH . 'demo/demo_view_curvy.php?id=' . dbOut($row['MuffinID']) . '">' . dbOut($row['MuffinName']) . '</a>';
echo '<br /><i>only</i> <font color="red">$' . money_format("%(#10n", dbOut($row['Price'])) . '</font>';
echo '</div></td>';
if ($pos % COLS === 0 && is_array($row)) {
echo '</tr><tr>';
}
}
while ($pos % COLS) {
#loop to fill in final row
echo '<td> </td>';
$pos++;
}
echo "</tr></table>";
echo $myPager->showNAV();
//show paging nav, only if enough records
} else {
#no records
function editDisplay()
{
global $config;
if ($_SESSION["Privilege"] == "admin") {
#use session data if logged in as admin only
$myID = (int) $_SESSION['AdminID'];
} else {
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$myID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "error");
myRedirect($config->adminReset);
}
}
$privileges = getENUM(PREFIX . 'Admin', 'Privilege');
#grab all possible 'Privileges' from ENUM
$myConn = conn('', FALSE);
$sql = sprintf("select FirstName,LastName,Email,Privilege from " . PREFIX . "Admin WHERE AdminID=%d", $myID);
$result = @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
if (mysql_num_rows($result) > 0) {
//show results
while ($row = mysql_fetch_array($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
$FirstName = dbOut($row['FirstName']);
$LastName = dbOut($row['LastName']);
$Email = dbOut($row['Email']);
$Privilege = dbOut($row['Privilege']);
}
} else {
//no records
//put links on page to reset form, exit
echo '
<div align="center"><h3>No such administrator.</h3></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
}
$config->loadhead = '
<script type="text/javascript" src="<?php echo VIRTUAL_PATH; ?>include/util.js"></script>
<script type="text/javascript">
function checkForm(thisForm)
{//check form data for valid info
if(empty(thisForm.FirstName,"Please enter first name.")){return false;}
if(empty(thisForm.LastName,"Please enter last name.")){return false;}
if(!isEmail(thisForm.Email,"Please enter a valid Email Address")){return false;}
return true;//if all is passed, submit!
}
</script>
';
get_header();
echo '
<h3 align="center">Edit Administrator</h3>
<form action="' . $config->adminEdit . '" method="post" onsubmit="return checkForm(this);">
<table align="center">
<tr>
<td align="right">First Name</td>
<td>
<input type="text" name="FirstName" value="' . $FirstName . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Last Name</td>
<td>
<input type="text" name="LastName" value="' . $LastName . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Email</td>
<td>
<input type="text" name="Email" value="' . $Email . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
';
if ($_SESSION["Privilege"] == "developer" || $_SESSION["Privilege"] == "superadmin") {
# uses createSelect() function to preload the select option
echo '
<tr>
<td align="right">Privilege</td>
<td>
';
# createSelect(element-type,element-name,values-array,db-array,labels-array,concatentator) - creates preloaded radio, select, checkbox set
createSelect("select", "Privilege", $privileges, $Privilege, $privileges, ",");
#privileges is from ENUM
echo '
</td>
</tr>';
} else {
echo '<input type="hidden" name="Privilege" value="' . $_SESSION["Privilege"] . '" />';
}
echo '
<input type="hidden" name="AdminID" value="', $myID . '" />
<input type="hidden" name="act" value="update" />
<tr>
<td align="center" colspan="2">
<input type="submit" value="Update Admin" />
<em>(<font color="red"><b>*</b> required field</font>)</em>
</td>
</tr>
</table>
</form>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
@mysql_free_result($result);
//free resources
get_footer();
}
$foundRecord = FALSE; # Will change to true, if record found!
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(),$sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if(mysqli_num_rows($result) > 0)
{#records exist - process
$foundRecord = TRUE;
while ($row = mysqli_fetch_assoc($result))
{
$MuffinName = dbOut($row['MuffinName']);
$Description = dbOut($row['Description']);
$Price = (float)$row['Price'];
$MetaDescription = dbOut($row['MetaDescription']);
$MetaKeywords = dbOut($row['MetaKeywords']);
}
}
@mysqli_free_result($result); # We're done with the data!
if($foundRecord)
{#only load data if record found
$config->titleTag = $MuffinName . " muffins made with PHP & love!"; #overwrite PageTitle with Muffin info!
#Fills <meta> tags. Currently we're adding to the existing meta tags in config_inc.php
$config->metaDescription = $MetaDescription . ' Seattle Central\'s ITC280 Class Muffins are made with pure PHP! ' . $config->metaDescription;
$config->metaKeywords = $MetaKeywords . ',Muffins,PHP,Fun,Bran,Regular,Regular Expressions,'. $config->metaKeywords;
}
/*
$config->metaDescription = 'Web Database ITC281 class website.'; #Fills <meta> tags.
$config->metaKeywords = 'SCCC,Seattle Central,ITC281,database,mysql,php';
echo '<table align="center" border="1" style="border-collapse:collapse" cellpadding="3" cellspacing="3">';
echo '<tr>
<th>SurveyID</th>
<th>DateAdded</th>
<th>Title</th>
<th>Description</th>
<th>AdminName</th>
</tr>
<tr>
<td>
<a href="' . VIRTUAL_PATH . 'surveys/survey_view.php?id=' . (int) $row['SurveyID'] . '">' . dbOut($row['SurveyID']) . '</a>
</td>
<td>' . dbOut($row['DateAdded']) . '</td>
<td>' . dbOut($row['Title']) . '</td>
<td>' . dbOut($row['Description']) . '</td>
<td>' . dbOut($row['AdminName']) . '</td>
</tr>
';
//. (int)$row['SurveyID'] .
}
echo '</table>';
echo $myPager->showNAV();
# show paging nav, only if enough records
} else {
#no records
echo "<div align=center>I'm sorry, there are currently no surveys.</div>";
}
@mysqli_free_result($result);
get_footer();
#defaults to theme footer or footer_inc.php
$next = '<img src="' . VIRTUAL_PATH . 'images/arrow_next.gif" border="0" />';
#Create a connection
# connection comes first in mysqli (improved) function
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
# Create instance of new 'pager' class
$myPager = new Pager(5, '', $prev, $next, '');
$sql = $myPager->loadSQL($sql, $iConn);
#load SQL, pass in existing connection, add offset
$result = mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
if (mysqli_num_rows($result) > 0) {
#records exist - process
if ($myPager->showTotal() == 1) {
$itemz = "beer";
} else {
$itemz = "beers";
}
//deal with plural
echo '<div align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</div>';
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<div align="center"><a href="' . VIRTUAL_PATH . 'beers_view.php?id=' . (int) $row['BeerID'] . '">' . dbOut($row['Beer']) . '</a>';
echo ' <i>Alcohol Content:</i> <font color="red">$' . number_format((double) $row['AlcoholContent'], 2) . '%</font></div>';
}
echo $myPager->showNAV();
# show paging nav, only if enough records
} else {
#no records
echo "<div align=center>What! No beers? There must be a mistake!!</div>";
}
@mysqli_free_result($result);
include 'include/footer.php';
function showFavorites()
{
//Select Favorites
global $config;
get_header();
echo '<h3 align="center">' . smartTitle() . '</h3>';
//$sql = "select CustomerID,FirstName,LastName,Email from test_Customers";
$sql = "select `FavoriteID`, `LastName`, `FirstName`, `Email`, `Title`, `URL`, `Description`, `Category`, `DateAdded` from sp15_Favorites";
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
//show results
echo '<table align="center" border="1" style="border-collapse:collapse" cellpadding="3" cellspacing="3">';
echo '<tr>
<th>FavoriteID</th>
<th>LastName</th>
<th>FirstName</th>
<th>Email</th>
<th>Title</th>
<th>URL</th>
<th>Description</th>
<th>Category</th>
<th>DateAdded</th>
</tr>
';
while ($row = mysqli_fetch_assoc($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
echo '<tr>
<td>' . (int) $row['FavoriteID'] . '</td>
<td>' . dbOut($row['FirstName']) . '</td>
<td>' . dbOut($row['LastName']) . '</td>
<td>' . dbOut($row['Email']) . '</td>
<td>' . dbOut($row['Title']) . '</td>
<td>' . dbOut($row['URL']) . '</td>
<td>' . dbOut($row['Description']) . '</td>
<td>' . dbOut($row['Category']) . '</td>
<td>' . dbOut($row['DateAdded']) . '</td>
</tr>
';
}
echo '</table>';
} else {
//no records
echo '<div align="center"><h3>Currently No Favorites in Database.</h3></div>';
}
echo '<div align="center"><a href="' . THIS_PAGE . '?act=add">ADD FAVORITES</a></div>';
@mysqli_free_result($result);
//free resources
get_footer();
}
function editDisplay()
{
global $config;
if ($_SESSION["Privilege"] == "admin") {
#use session data if logged in as admin only
$myID = (int) $_SESSION['AdminID'];
} else {
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$myID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "error");
myRedirect($config->adminReset);
}
}
$config->loadhead = '
<script type="text/javascript" src="' . VIRTUAL_PATH . 'include/util.js"></script>
<script type="text/javascript">
function checkForm(thisForm)
{//check form data for valid info
if(!isAlphanumeric(thisForm.PWord1,"Only alphanumeric characters are allowed for passwords.")){thisForm.PWord2.value="";return false;}
if(!correctLength(thisForm.PWord1,6,20,"Password does not meet the following requirements:")){thisForm.PWord2.value="";return false;}
if(thisForm.PWord1.value != thisForm.PWord2.value)
{//match password fields
alert("Password fields do not match.");
thisForm.PWord1.value = "";
thisForm.PWord2.value = "";
thisForm.PWord1.focus();
return false;
}
return true;//if all is passed, submit!
}
</script>
';
get_header();
$myConn = conn('', FALSE);
$sql = sprintf("select AdminID,FirstName,LastName,Email,Privilege from " . PREFIX . "Admin WHERE AdminID=%d", $myID);
$result = @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
if (mysql_num_rows($result) > 0) {
//show results
while ($row = mysql_fetch_array($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
$Name = dbOut($row['FirstName']) . ' ' . dbOut($row['LastName']);
$Email = dbOut($row['Email']);
$Privilege = dbOut($row['Privilege']);
}
} else {
//no records
//put links on page to reset form, exit
echo '
<div align="center"><h3>No such administrator.</h3></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
}
echo '
<h3 align="center">Reset Administrator Password</h3>
<p align="center">
Admin: <font color="red"><b>' . $Name . '</b></font>
Email: <font color="red"><b>' . $Email . '</b></font>
Privilege: <font color="red"><b>' . $Privilege . '</b></font>
</p>
<p align="center">Be sure to write down password!!</p>
<form action="' . $config->adminReset . '" method="post" onsubmit="return checkForm(this);">
<table align="center">
<tr>
<td align="right">Password</td>
<td>
<input type="password" name="PWord1" />
<font color="red"><b>*</b></font> <em>(6-20 alphanumeric chars)</em>
</td>
</tr>
<tr>
<td align="right">Re-enter Password</td>
<td>
<input type="password" name="PWord2" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="center" colspan="2">
<input type="hidden" name="AdminID" value="' . $myID . '" />
<input type="hidden" name="act" value="update" />
<input type="submit" value="Reset Password!" />
<em>(<font color="red"><b>*</b> required field</font>)</em>
</td>
</tr>
</table>
</form>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
@mysql_free_result($result);
#free resources
get_footer();
}
$next = '<img src="' . VIRTUAL_PATH . 'images/arrow_next.gif" border="0" />';
# Create instance of new 'pager' class
$myPager = new Pager(10, '', $prev, $next, '');
$sql = $myPager->loadSQL($sql);
#load SQL, add offset
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#records exist - process
if ($myPager->showTotal() == 1) {
$itemz = "survey";
} else {
$itemz = "surveys";
}
//deal with plural
echo '<div align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</div>';
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<div align="center"><a href="' . (int) $row['SurveyID'] . '" class="ajax">' . dbOut($row['Title']) . '</a>';
echo '</div>';
echo '<div class="survey" align="center" id="d' . (int) $row['SurveyID'] . '"> </div>';
}
echo $myPager->showNAV();
# show paging nav, only if enough records
} else {
#no records
echo "<div align=center>What! No surveys? There must be a mistake!!</div>";
}
@mysqli_free_result($result);
get_footer();
#defaults to theme footer or footer_inc.php
function editDisplay($nav1 = '')
{
if ($_SESSION["Privilege"] == "admin") {
#use session data if logged in as admin only
$myID = (int) $_SESSION['AdminID'];
} else {
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$myID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
}
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$sql = sprintf("select FirstName,LastName,Email,Privilege from " . PREFIX . "Admin WHERE AdminID=%d", $myID);
$result = @mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
if (mysqli_num_rows($result) > 0) {
//show results
while ($row = mysqli_fetch_array($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
$FirstName = dbOut($row['FirstName']);
$LastName = dbOut($row['LastName']);
$Email = dbOut($row['Email']);
$Privilege = dbOut($row['Privilege']);
}
} else {
//no records
//put links on page to reset form, exit
echo '
<p align="center"><h3>No such administrator.</h3></p>
<p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p>
';
}
$loadhead = '
<script type="text/javascript" src="' . VIRTUAL_PATH . 'include/util.js"></script>
<script type="text/javascript">
function checkForm(thisForm)
{//check form data for valid info
if(empty(thisForm.FirstName,"Please enter first name.")){return false;}
if(empty(thisForm.LastName,"Please enter last name.")){return false;}
if(!isEmail(thisForm.Email,"Please enter a valid Email Address")){return false;}
return true;//if all is passed, submit!
}
</script>
';
include INCLUDE_PATH . 'header.php';
echo '
<h1>Edit Administrator</h1>
<form action="' . ADMIN_PATH . THIS_PAGE . '" method="post" onsubmit="return checkForm(this);">
<table align="center">
<tr>
<td align="right">First Name</td>
<td>
<input type="text" autofocus required name="FirstName" value="' . $FirstName . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Last Name</td>
<td>
<input type="text" required name="LastName" value="' . $LastName . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Email</td>
<td>
<input type="email" required name="Email" value="' . $Email . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
';
if ($_SESSION["Privilege"] == "developer" || $_SESSION["Privilege"] == "superadmin") {
# uses returnSelect() function to preload the select option
echo '
<tr>
<td align="right">Privilege</td>
<td>
';
#creates preloaded radio, select, checkbox set
$privileges = getENUM(PREFIX . 'Admin', 'Privilege', $iConn);
#grab all possible 'Privileges' from ENUM
echo returnSelect("select", "Privilege", $privileges, "", $privileges, ",");
echo '
</td>
</tr>';
} else {
echo '<input type="hidden" name="Privilege" value="' . $_SESSION["Privilege"] . '" />';
}
echo '
<input type="hidden" name="AdminID" value="', $myID . '" />
<input type="hidden" name="act" value="update" />
<tr>
<td align="center" colspan="2">
<input type="submit" value="Update Admin" />
<em>(<font color="red"><b>*</b> required field</font>)</em>
</td>
</tr>
</table>
</form>
<p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p>
';
@mysqli_free_result($result);
@mysqli_close($iConn);
include INCLUDE_PATH . 'footer.php';
}
<p>This page shows the list of news categories that we offer!</p>
<p>Click any category to show news feeds available in that category.</p>
<!--<p>This page, along with <b>demo_view.php</b>, demonstrate a List/View web application.</p>
<p>It was built on the mysql shared web application page, <b>demo_shared.php</b></p>
<p>This page is the entry point of the application, meaning this page gets a link on your web site. Since the current subject is muffins, we could name the link something clever like <a href="<?php
echo VIRTUAL_PATH;
?>
demo_list.php">Muffins</a></p>
<p>Use <b>demo_list.php</b> and <b>demo_view.php</b> as a starting point for building your own List/View web application!</p>-->
<?php
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
/**
*
* RESULTS HERE
*
*/
if (mysqli_num_rows($result) > 0) {
#records exist - process
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<div align="center"><a href="' . VIRTUAL_PATH . 'feed/news_view.php?id=' . (int) $row['CategoryID'] . '">' . dbOut($row['CategoryName']) . '</a>';
}
} else {
#no records
echo "<div align=center>No Records Found.</div>";
}
@mysqli_free_result($result);
get_footer();
#defaults to theme footer or footer_inc.php
$sql = $myPager->loadSQL($sql, $iConn);
#load SQL, pass in existing connection, add offset
$result = mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
if (mysqli_num_rows($result) > 0) {
#records exist - process
if ($myPager->showTotal() == 1) {
$itemz = "workout";
} else {
$itemz = "workouts";
}
//deal with plural
echo '<p align="center"><b>We have ' . $myPager->showTotal() . ' ' . $itemz . '!</b></p>';
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<p align="center">';
echo 'Workout Name: <b>' . $row['WorkoutName'] . '</b> ';
echo 'Workout Type: <b>' . $row['WorkoutType'] . '</b> ';
echo '<a href="' . VIRTUAL_PATH . 'workout_view.php?id=' . (int) $row['WorkoutID'] . '">' . dbOut($row['WorkoutName']) . '</a>';
echo '</p>';
}
//the showNAV() method defaults to a div, which blows up in our design
//echo $myPager->showNAV();//show pager if enough records
//the version below adds the optional bookends to remove the div design problem
echo $myPager->showNAV('<p align="center">', '</p>');
} else {
#no records
echo "<p align=center>Currently no workouts available</p>";
}
@mysqli_free_result($result);
@mysqli_close($iConn);
include 'includes/footer.php';
$myPager = new Pager(2, '', $prev, $next, '');
# Create instance of new 'pager' class
$sql = $myPager->loadSQL($sql);
#load SQL, add offset
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#records exist - process
if ($myPager->showTotal() == 1) {
$itemz = "muffin";
} else {
$itemz = "muffins";
}
//deal with plural
echo '<div align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</div>';
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<div align="center">';
echo '<img src="' . VIRTUAL_PATH . 'upload/m' . dbOut($row['MuffinID']) . '_thumb.jpg" />';
echo '<a href="' . VIRTUAL_PATH . 'demo/demo_view_upload.php?id=' . dbOut($row['MuffinID']) . '">' . dbOut($row['MuffinName']) . '</a>';
echo ' <i>only</i> <font color="red">$' . dbOut($row['Price']) . '</font></div>';
}
echo $myPager->showNAV();
# show paging nav, only if enough records
} else {
#no records
echo "<div align=center>What! No muffins? There must be a mistake!!</div>";
}
@mysqli_free_result($result);
get_footer();
#defaults to theme footer or footer_inc.php
/**
* Constructor for survey class
*
* Loads data from survey table
*
* @param in $id number of current survey
* @return void
* @todo none
*/
public function __construct($id)
{
$id = (int) $id;
#cast to integer
if ($id < 1) {
return false;
}
// Don't hit the db if zero
$sql = "select Title, Description from sp15_surveys where SurveyID={$id}";
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#there are records - present data
while ($row = mysqli_fetch_assoc($result)) {
# pull data from associative array
$this->Title = dbOut($row['Title']);
$this->Description = dbOut($row['Description']);
$this->SurveyID = $id;
$this->isValid = true;
}
# Endwhile
}
# Endif
@mysqli_free_result($result);
$sql = "select q.QuestionID, q.Question, q.Description from sp15_questions q inner join sp15_surveys s on s.SurveyID = q.SurveyID where s.SurveyID = {$id}";
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#there are records - present data
while ($row = mysqli_fetch_assoc($result)) {
# pull data from associative array
$this->aQuestions[] = new Question(dbOut($row['QuestionID']), dbOut($row['Question']), dbOut($row['Description']));
/* $this->Title = dbOut($row['Title']);
$this->Description = dbOut($row['Description']);
$this->SurveyID = $id;
$this->isValid = true; */
}
# Endwhile
}
# Endif
@mysqli_free_result($result);
}
$myPager = new Pager(2, '', $prev, $next, '');
$sql = $myPager->loadSQL($sql, $iConn);
#load SQL, pass in existing connection, add offset
$result = mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
if (mysqli_num_rows($result) > 0) {
#records exist - process
if ($myPager->showTotal() == 1) {
$itemz = "customer";
} else {
$itemz = "customers";
}
//deal with plural
echo '<p align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</p>';
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<p align="center">
<a href="' . VIRTUAL_PATH . 'customer_view.php?id=' . (int) $row['CustomerID'] . '">' . dbOut($row['FirstName']) . '</a>
</p>';
}
//the showNAV() method defaults to a div, which blows up in our design
echo $myPager->showNAV();
//show pager if enough records
//the version below adds the optional bookends to remove the div design problem
//echo $myPager->showNAV('<p align="center">','</p>');
} else {
#no records
echo "<p align=center>What! No Customers? There must be a mistake!!</p>";
}
@mysqli_free_result($result);
@mysqli_close($iConn);
include 'includes/footer.php';
# Will change to true, if record found!
# connection comes first in mysqli (improved) function
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$result = mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
if (mysqli_num_rows($result) > 0) {
#records exist - process
$foundRecord = TRUE;
while ($row = mysqli_fetch_assoc($result)) {
$Beer = dbOut($row['Beer']);
$Category = dbOut($row['Category']);
$Style = dbOut($row['Style']);
$Brewer = dbOut($row['Brewer']);
$Appearance = dbOut($row['Appearance']);
$Description = dbOut($row['Description']);
$AlcoholContent = (double) $row['AlcoholContent'];
$Calories = dbOut($row['Calories']);
}
}
@mysqli_free_result($result);
# We're done with the data!
if ($foundRecord) {
#only load data if record found
$title = $Beer . "A Selection of Top-Rated Beers";
#overwrite title with info!
}
# END CONFIG AREA ----------------------------------------------------------
include 'include/header.php';
#header must appear before any HTML is printed by PHP
?>
<h3 align="center"><?php
echo THIS_PAGE;
$sql = "select BeerID, Beer, AlcoholContent from Beers";
#Fills <title> tag
$title = 'A Selection of Top-Rated Beers';
# END CONFIG AREA ----------------------------------------------------------
include 'include/header.php';
#header must appear before any HTML is printed by PHP
?>
<h3 align="center"><?php
echo THIS_PAGE;
?>
</h3>
<p>This page, along with <b>beers_view.php</b>, demonstrate a List/View web application.</p>
<?php
# connection comes first in mysqli (improved) function
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$result = mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
if (mysqli_num_rows($result) > 0) {
#records exist - process
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<div align="center"><b><a href="beers_view.php?id=' . (int) $row['BeerID'] . '">' . dbOut($row['Beer']) . '</b></a>';
echo ' <i>Alcohol By Volume:</i> <font color="red">' . number_format((double) $row['AlcoholContent'], 2) . '%</font></div>';
}
} else {
#no records
echo "<div align=center>What! No beers? There must be a mistake!!</div>";
}
@mysqli_free_result($result);
include 'include/footer.php';
}
echo '<div align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</div>';
$tdWidth = number_format(100 / COLS, 0);
# Here we determine the number of columns we'll be using
$pos = 0;
echo '<table align="center" border="0" width="90%" style="border-collapse:collapse" cellpadding="2" cellspacing="2"><tr>';
while ($row = mysqli_fetch_assoc($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
$pos++;
#creates a meaningful image prefix out of table name and name of item
$imagePrefix = createImagePrefix('muffins', dbOut($row['MuffinName']));
echo '<td width="' . $tdWidth . '%"><div class="myborder">';
echo '<img src="' . VIRTUAL_PATH . 'upload/' . $imagePrefix . dbOut($row['MuffinID']) . '_thumb.jpg" hspace="5" vspace="5" align="middle" />';
echo '<a href="' . VIRTUAL_PATH . 'demo/demo_view_meaningful.php?id=' . dbOut($row['MuffinID']) . '">' . dbOut($row['MuffinName']) . '</a>';
echo ' <i>only</i> <font color="red">$' . money_format("%(#10n", dbOut($row['Price'])) . '</font><br />';
echo dbOut($row['Description']) . '</div></td>';
if ($pos % COLS === 0 && is_array($row)) {
echo '</tr><tr>';
}
}
while ($pos % COLS) {
//loop to fill in final row
echo '<td> </td>';
$pos++;
}
echo "</tr></table>";
echo $myPager->showNAV();
//show paging nav, only if enough records
} else {
#no records
echo "<div align=center>What! No muffins? There must be a mistake!!</div>";
function editDisplay()
{
# shows details from a single customer, and preloads their first name in a form.
global $config;
if (!is_numeric($_POST['CustomerID'])) {
//data must be alphanumeric only
feedback("id passed was not a number. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect(THIS_PAGE);
}
$myID = (int) $_POST['CustomerID'];
//forcibly convert to integer
$sql = sprintf("select CustomerID,FirstName,LastName,Email from test_Customers WHERE CustomerID=%d", $myID);
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
//show results
while ($row = mysqli_fetch_array($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
$Name = dbOut($row['FirstName']) . ' ' . dbOut($row['LastName']);
$First = dbOut($row['FirstName']);
$Last = dbOut($row['LastName']);
$Email = dbOut($row['Email']);
}
} else {
//no records
//feedback issue to user/developer
feedback("No such customer. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect(THIS_PAGE);
}
$config->loadhead .= '
<script type="text/javascript" src="' . VIRTUAL_PATH . 'include/util.js"></script>
<script type="text/javascript">
function checkForm(thisForm)
{//check form data for valid info
if(empty(thisForm.FirstName,"Please Enter Customer\'s First Name")){return false;}
if(empty(thisForm.LastName,"Please Enter Customer\'s Last Name")){return false;}
if(!isEmail(thisForm.Email,"Please Enter a Valid Email")){return false;}
return true;//if all is passed, submit!
}
</script>';
get_header();
echo '<h3 align="center">' . smartTitle() . '</h3>
<h4 align="center">Update Customer\'s Name</h4>
<p align="center">Customer: <font color="red"><b>' . $Name . '</b>
Email: <font color="red"><b>' . $Email . '</b></font>
<form action="' . THIS_PAGE . '" method="post" onsubmit="return checkForm(this);">
<table align="center">
<tr><td align="right">First Name</td>
<td>
<input type="text" name="FirstName" value="' . $First . '">
<font color="red"><b>*</b></font> <em>(alphanumerics & punctuation)</em>
</td>
</tr>
<tr><td align="right">Last Name</td>
<td>
<input type="text" name="LastName" value="' . $Last . '">
<font color="red"><b>*</b></font> <em>(alphanumerics & punctuation)</em>
</td>
</tr>
<tr><td align="right">Email</td>
<td>
<input type="text" name="Email" value="' . $Email . '">
<font color="red"><b>*</b></font> <em>(valid email only)</em>
</td>
</tr>
<input type="hidden" name="CustomerID" value="' . $myID . '" />
<input type="hidden" name="act" value="update" />
<tr>
<td align="center" colspan="2">
<input type="submit" value="Update Info!"><em>(<font color="red"><b>*</b> required field</font>)</em>
</td>
</tr>
</table>
</form>
<div align="center"><a href="' . THIS_PAGE . '">Exit Without Update</a></div>
';
@mysqli_free_result($result);
//free resources
get_footer();
}
trigger_error($ex->getMessage(), E_USER_ERROR);
}
$result = $stmt->fetchAll();
if (count($result) > 0) {
#there are records - present data
startSession();
#wrapper for session_start()
foreach ($result as $row) {
# pull data from associative array
$AdminID = (int) $row["AdminID"];
# use (int) cast to for conversion to integer
$_SESSION["AdminID"] = $AdminID;
# create session variables to identify admin
$_SESSION["FirstName"] = dbOut($row["FirstName"]);
#use dbOut() to clean strings, replace escaped quotes
$_SESSION["Privilege"] = dbOut($row["Privilege"]);
$NumLogins = (int) $row["NumLogins"];
$NumLogins += 1;
# increment number of logins, then prepare to update record!
}
//update number of logins, last login
$sql = "UPDATE " . PREFIX . "Admin set NumLogins=?, LastLogin=NOW() WHERE AdminID=?";
$stmt = $db->prepare($sql);
$stmt->bindValue(1, $NumLogins, PDO::PARAM_INT);
$stmt->bindValue(2, $AdminID, PDO::PARAM_INT);
try {
$stmt->execute();
} catch (PDOException $ex) {
trigger_error($ex->getMessage(), E_USER_ERROR);
}
feedback("Login Successful!", "notice");
$prev = '<img src="' . VIRTUAL_PATH . 'images/arrow_prev.gif" border="0" />';
$next = '<img src="' . VIRTUAL_PATH . 'images/arrow_next.gif" border="0" />';
# Create instance of new 'pager' class
$myPager = new Pager(10, '', $prev, $next, '');
$sql = $myPager->loadSQL($sql);
#load SQL, add offset
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#records exist - process
if ($myPager->showTotal() == 1) {
$itemz = "survey";
} else {
$itemz = "surveys";
}
//deal with plural
echo '<div align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</div>';
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<div align="center"><a href="' . VIRTUAL_PATH . 'surveys/survey_view.php?id=' . (int) $row['SurveyID'] . '">' . dbOut($row['Title']) . '</a>';
echo '</div>';
}
echo $myPager->showNAV();
# show paging nav, only if enough records
} else {
#no records
echo "<div align=center>There are currently no Surveys. Would you like to create a survey?</div>";
}
@mysqli_free_result($result);
get_footer();
#defaults to theme footer or footer_inc.php
$prev = '<img src="' . VIRTUAL_PATH . 'images/arrow_prev.gif" border="0" />';
$next = '<img src="' . VIRTUAL_PATH . 'images/arrow_next.gif" border="0" />';
# Create instance of new 'pager' class
$myPager = new Pager(2, '', $prev, $next, '');
$sql = $myPager->loadSQL($sql);
#load SQL, add offset
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#records exist - process
if ($myPager->showTotal() == 1) {
$itemz = "muffin";
} else {
$itemz = "muffins";
}
//deal with plural
echo '<div align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</div>';
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<div align="center"><a href="' . VIRTUAL_PATH . 'demo/demo_view_pager.php?id=' . (int) $row['MuffinID'] . '">' . dbOut($row['MuffinName']) . '</a>';
echo ' <i>only</i> <font color="red">$' . number_format((double) $row['Price'], 2) . '</font></div>';
}
echo $myPager->showNAV();
# show paging nav, only if enough records
} else {
#no records
echo "<div align=center>What! No muffins? There must be a mistake!!</div>";
}
@mysqli_free_result($result);
get_footer();
#defaults to theme footer or footer_inc.php
/**
* Constructor for Survey class.
*
* @param integer $id The unique ID number of the Survey
* @return void
* @todo none
*/
function __construct($id)
{
#constructor sets stage by adding data to an instance of the object
$this->SurveyID = (int) $id;
if ($this->SurveyID == 0) {
return FALSE;
}
#get Survey data from DB
$sql = sprintf("select Title, Description from " . PREFIX . "surveys Where SurveyID =%d", $this->SurveyID);
#in mysqli, connection and query are reversed! connection comes first
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#Must be a valid survey!
$this->isValid = TRUE;
while ($row = mysqli_fetch_assoc($result)) {
#dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
$this->Title = dbOut($row['Title']);
$this->Description = dbOut($row['Description']);
}
}
@mysqli_free_result($result);
#free resources
if (!$this->isValid) {
return;
}
#exit, as Survey is not valid
#attempt to create question objects
$sql = sprintf("select QuestionID, Question, Description from " . PREFIX . "questions where SurveyID =%d", $this->SurveyID);
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#show results
while ($row = mysqli_fetch_assoc($result)) {
#create question, and push onto stack!
$this->aQuestion[] = new Question(dbOut($row['QuestionID']), dbOut($row['Question']), dbOut($row['Description']));
}
}
$this->TotalQuestions = count($this->aQuestion);
//the count of the aQuestion array is the total number of questions
@mysqli_free_result($result);
#free resources
#attempt to load all Answer objects into cooresponding Question objects
$sql = "select a.AnswerID, a.Answer, a.Description, a.QuestionID from \n\t\t" . PREFIX . "surveys s inner join " . PREFIX . "questions q on q.SurveyID=s.SurveyID \n\t\tinner join " . PREFIX . "answers a on a.QuestionID=q.QuestionID \n\t\twhere s.SurveyID = %d \n\t\torder by a.AnswerID asc";
$sql = sprintf($sql, $this->SurveyID);
#process SQL
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#at least one answer!
while ($row = mysqli_fetch_assoc($result)) {
#match answers to questions
$QuestionID = (int) $row['QuestionID'];
#process db var
foreach ($this->aQuestion as $question) {
#Check db questionID against Question Object ID
if ($question->QuestionID == $QuestionID) {
$question->TotalAnswers += 1;
#increment total number of answers
#create answer, and push onto stack!
$question->aAnswer[] = new Answer((int) $row['AnswerID'], dbOut($row['Answer']), dbOut($row['Description']));
break;
}
}
}
}
}
$myPager = new Pager(10, '', $prev, $next, '');
$sql = $myPager->loadSQL($sql, $iConn);
#load SQL, pass in existing connection, add offset
$result = mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
if (mysqli_num_rows($result) > 0) {
#records exist - process
if ($myPager->showTotal() == 1) {
$itemz = "record";
} else {
$itemz = "records";
}
//deal with plural
echo '<p align="center">We have ' . $myPager->showTotal() . ' ' . $itemz . '!</p>';
while ($row = mysqli_fetch_assoc($result)) {
# process each row
echo '<p align="center">
<a href="' . VIRTUAL_PATH . 'record_view.php?id=' . (int) $row['RecordID'] . '">' . dbOut($row['Album']) . '</a>
</p>';
}
//the showNAV() method defaults to a div, which blows up in our design
echo $myPager->showNAV();
//show pager if enough records
//the version below adds the optional bookends to remove the div design problem
//echo $myPager->showNAV('<p align="center">','</p>');
} else {
#no records
echo "<p align=center>What! No Records? There must be a mistake!!</p>";
}
@mysqli_free_result($result);
@mysqli_close($iConn);
include 'includes/footer.php';
