Пример #1
0
 function ping($params)
 {
     global $dbc;
     if (!isset($_SESSION['server_id'])) {
         redirect('/');
     }
     $q = 'UPDATE servers SET last_used=NOW() WHERE id=' . (int) $_SESSION['server_id'] . ' AND session_id=\'' . escape_data(session_id()) . '\'';
     $r = mysqli_query($dbc, $q);
     if (mysqli_affected_rows($dbc) == 1) {
         return ajax_response('Success');
     } else {
         $_SESSION['server_id'] = -1;
         return ajax_response('Failure', TRUE);
     }
 }
Пример #2
0
 if (!empty($_POST['title'])) {
     $t = escape_data($_POST['title']);
 } else {
     $t = FALSE;
     echo "<p class=\"error\">Please enter a title.</p>";
 }
 // Check the number
 if (is_numeric($_POST['articlenumber'])) {
     $n = escape_data($_POST['articlenumber']);
 } else {
     $n = FALSE;
     echo "<p class=\"error\">Please number this article correctly. (e.g. 80)</p>";
 }
 // Clean the recommendation data
 if (!empty($_POST['recommendation'])) {
     $r = escape_data($_POST['recommendation']);
 }
 // Set the date
 $d = $_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day'];
 // Check if we've got everything
 if ($a && $t && $n) {
     // Let's go!
     // Handle the file upload
     $filename = "upload";
     if (isset($_FILES[$filename]) && $_FILES[$filename]['error'] != 4) {
         // Add the record to the database
         $query = "INSERT INTO uploads (file_name, file_size, file_type) VALUES ('{$_FILES[$filename]['name']}', '{$_FILES[$filename]['size']}', '{$_FILES[$filename]['type']}')";
         $result = mysqli_query($dbc, $query);
         if ($result) {
             // Return the upload id from the database
             $upload_id = mysqli_insert_id($dbc);
Пример #3
0
require './includes/config.inc.php';
// The config file also starts the session.
// Require the database connection:
require MYSQL;
// Include the header file:
$page_title = 'Forgot Your Password?';
include './includes/header.html';
// For storing errors:
$pass_errors = array();
// If it's a POST request, handle the form submission:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Validate the email address:
    if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
        $email = $_POST['email'];
        // Check for the existence of that email address...
        $q = 'SELECT id FROM users WHERE email="' . escape_data($email, $dbc) . '"';
        $r = mysqli_query($dbc, $q);
        if (mysqli_num_rows($r) === 1) {
            // Retrieve the user ID:
            list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
        } else {
            // No database match made.
            $pass_errors['email'] = 'The submitted email address does not match those on file!';
        }
    } else {
        // No valid address submitted.
        $pass_errors['email'] = 'Please enter a valid email address!';
    }
    // End of $_POST['email'] IF.
    if (empty($pass_errors)) {
        // If everything's OK.
Пример #4
0
<?php

//Connect to the database
require_once '../mysqli_connect.php';
require_once 'User.php';
require_once 'Cart.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    //Check Email
    if (preg_match('%^[A-Za-z0-9._\\%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) {
        $email = escape_data($_POST['email']);
    } else {
        $email = FALSE;
        echo '<p><font color="red" size="+1">Please enter a valid email address!</font></p>';
    }
    if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['password'])))) {
        $password = escape_data($_POST['password']);
    } else {
        $password = FALSE;
        echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
    }
    // Load User
    $newUser = User::loadUser($dbc, $email, $password);
    //Load Cart
    $cart = $newUser->loadCart($dbc);
    //Save em to session
    session_start();
    $_SESSION["user"] = serialize($newUser);
    $_SESSION["cart"] = serialize($cart);
    header('Location: WelcomePage.php');
    mysqli_close($dbc);
}
Пример #5
0
    if (ini_get('magic_quotes_grc')) {
        $data = stripslashes($data);
    }
    if (!is_numeric($data)) {
        $data = mysql_real_escape_string($data);
    }
    return $data;
}
$id = $_GET['id'];
$cat_array = array('Appetizers', 'Salads', 'Sandwiches', 'Entrees', 'Sides', 'Desserts');
echo "<section id='edit-dish'><h2>Edit Dish</h2>";
if ($_GET['confirm'] == 'yes') {
    $name = escape_data($_POST['name']);
    $price = escape_data($_POST['price']);
    $desc = escape_data($_POST['desc']);
    $category = escape_data($_POST['category']);
    $sql = "UPDATE `scargo cafe menu` SET name='{$name}', `desc`='{$desc}', category='{$category}', price='{$price}' WHERE id='{$id}' LIMIT 1";
    $result = mysql_query($sql);
    if ($result) {
        ?>
	<div class="notification">
		<p>Item successfully updated</p>
	</div>
<?php 
    } else {
        ?>
	<div class="notification">
		<p>Unable to update item</p>
		<p>Error: <?php 
        echo mysql_error();
        ?>
Пример #6
0
 $message = NULL;
 // Create an empty new variable.
 // Check for an existing password.
 if (empty($_POST['password'])) {
     $p = FALSE;
     $message .= '<br>You forgot to enter your existing password!</br>';
 } else {
     $p = escape_data($_POST['password']);
 }
 // Check for a password and match against the confirmed password.
 if (empty($_POST['password1'])) {
     $np = FALSE;
     $message .= '<br>You forgot to enter your new password!</br>';
 } else {
     if ($_POST['password1'] == $_POST['password2']) {
         $np = escape_data($_POST['password1']);
     } else {
         $np = FALSE;
         $message .= '<br>Your new password did not match the confirmed new password!</br>';
     }
 }
 if ($p && $np) {
     // If everything's OK.
     $query = "SELECT username FROM users WHERE (username='******' AND password=PASSWORD('{$p}') )";
     $result = @mysql_query($query);
     $num = mysql_num_rows($result);
     if ($num == 1) {
         $row = mysql_fetch_array($result, MYSQL_NUM);
         // Make the query.
         $query = "UPDATE users SET password=PASSWORD('{$np}') WHERE username='******'0']}'";
         $result = @mysql_query($query);
Пример #7
0
 if (!empty($_POST['firstname'])) {
     $f = escape_data($_POST['firstname']);
 } else {
     $f = FALSE;
     echo '<p><font color="red">Please enter a first name.</font></p>';
 }
 // Check the second name
 if (!empty($_POST['lastname'])) {
     $l = escape_data($_POST['lastname']);
 } else {
     $l = FALSE;
     echo '<p><font color="red">Please enter a last name.</font></p>';
 }
 // Check the email address
 if (!empty($_POST['email'])) {
     $e = escape_data($_POST['email']);
     // Check there is an @ sign and at least one dot
     if (strpos($e, "@") === FALSE || strpos($e, ".") === FALSE || strpos($e, " ") != FALSE || strpos($e, "@") > strrpos($e, ".")) {
         $e = FALSE;
         echo "<p class=\"error\">Email address was invalid and disregarded.</p>";
     }
 } else {
     $e = FALSE;
 }
 // Check if we've got everything
 if ($f && $l) {
     // Let's go!
     // Add to the authors table
     $query = "INSERT INTO authors (firstname, lastname, email) VALUES ('{$f}', '{$l}', '{$e}')";
     // Create the query
     $result = mysqli_query($dbc, $query);
Пример #8
0
 }
 // Check for a last name:
 if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['last_name'])) {
     $ln = escape_data($_POST['last_name'], $dbc);
 } else {
     $reg_errors['last_name'] = 'Please enter your last name!';
 }
 // Check for a username:
 if (preg_match('/^[A-Z0-9]{2,45}$/i', $_POST['username'])) {
     $u = escape_data($_POST['username'], $dbc);
 } else {
     $reg_errors['username'] = '******';
 }
 // Check for an email address:
 if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === $_POST['email']) {
     $e = escape_data($_POST['email'], $dbc);
 } else {
     $reg_errors['email'] = 'Please enter a valid email address!';
 }
 // Check for a password and match against the confirmed password:
 if (preg_match('/^(\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*){6,}$/', $_POST['pass1'])) {
     if ($_POST['pass1'] === $_POST['pass2']) {
         $p = $_POST['pass1'];
     } else {
         $reg_errors['pass2'] = 'Your password did not match the confirmed password!';
     }
 } else {
     $reg_errors['pass1'] = 'Please enter a valid password!';
 }
 if (empty($reg_errors)) {
     // If everything's OK...
Пример #9
0
        if (getFleetStat($str, $sid, $d) != 0) {
            $go = false;
            break;
        }
    }
    if ($go) {
        $query = "DELETE FROM fleet{$sid} WHERE id={$d}";
        $result = @mysql_query($query);
        echo 'Your fleet has been deleted.<br><br>';
    } else {
        echo 'The fleet must be empty to delete it.<br><br>';
    }
}
//reset the probes
if (isset($_GET[p])) {
    $p = (int) escape_data($_GET[p]);
    //Check if you own the fleet
    if (getFleetStat(ownerid, $sid, $p) != $id) {
        echo 'err';
        exit;
    }
    setFleetStat(probes, 0, $sid, $p);
    setFleetStat(probetime, 0, $sid, $p);
    setFleetStat(report, " ", $id, $p);
}
/***********
JAVASCRIPT AND MENU
**********/
echo '
<script language="Javascript">
var change = function(x){
Пример #10
0
<?php

/**/
include './header.php';
if (isset($_GET['id'])) {
    $oid = (int) escape_data($_GET['id']);
    if (isset($_GET['type'])) {
        $type = (int) escape_data($_GET['type']);
        if ($type != 1 && $type != 2) {
            $type = 1;
        }
    } else {
        $type = 1;
    }
} else {
    echo 'err';
    exit;
}
/***********
TYPES
1 = Building
2 = Ship
***********/
echo '<table align="center" cellspacing=10>';
if ($type == 1) {
    echo '<tr>
			<td><b>Name</b></td>
			<td><b>Civs Cost</b></td>
			<td><b>Elinarium Cost</b></td>
			<td><b>Cylite Cost</b></td>
			<td><b>Plexi Cost</b></td>
<?php

require_once 'configmsgbrd.php';
$u = escape_data($_POST["user_id"]);
$tid = escape_data($_POST["topic_id"]);
$mt = escape_data($_POST["comment"]);
$pid = escape_data($_POST["parent_id"]);
$mb = escape_data($_POST["mess_block"]);
$token = escape_data($_POST["token_id"]);
$query1 = "SELECT user_id, tokenid FROM users WHERE (user_id='{$u}') AND (tokenid='{$token}')";
$result2 = mysql_query($query1) or trigger_error("An Error Occurred");
if (mysql_affected_rows() == 1) {
    $query2 = "INSERT INTO message (user_id, topic_id, message_txt, date, parent_id, mess_block) VALUES ('{$u}', '{$tid}', '{$mt}', NOW(), '{$pid}', '{$mb}')";
    $result2 = mysql_query($query2) or trigger_error("An Error Occurred");
    echo "Comment Has Been Submitted";
    exit;
    mysql_close();
} else {
    echo "Comment Has Been Declined";
    exit;
    mysql_close();
}
Пример #12
0
function destroy_session($sid)
{
    global $dbc;
    // Delete from the database.
    $q = sprintf('DELETE FROM sessions WHERE id="%s"', escape_data($sid));
    $r = mysqli_query($dbc, $q);
    // Clear the $_SESSION array:
    $_SESSION = array();
    return mysqli_affected_rows($dbc);
}
Пример #13
0
<?php

/**/
include './header.php';
//Check to see if you are already logged into a server
if (isset($sid)) {
    echo 'Error';
    exit;
}
//Check to see if the user is trying to join a server or enter a server
if (isset($_GET['s'])) {
    $sid = escape_data($_GET['s']);
    if (isOnServer($sid, $id)) {
        //Log into server
        $_SESSION['sid'] = $sid;
        changePage('./galaxy.php');
    } else {
        //Enter the server
        if (getServerStat(users, $sid) < getServerStat(maxusers, $sid)) {
            $users = getServerStat(users, $sid);
            $users++;
            $query = "UPDATE serverlist SET users={$users} WHERE id={$sid}";
            $result = @mysql_query($query);
            if ($result) {
                $bool = false;
                for ($x = 1; $x < 3; $x++) {
                    $string = "s" . $x;
                    $serverid = getUserStat($string, $id);
                    if ($serverid == 0) {
                        $query = "UPDATE users SET {$string}={$sid} WHERE id={$id}";
                        $result = @mysql_query($query);
Пример #14
0
		}
}

$action = $_GET['action'];
if($action == 'changepass'){
	include("functions/escape_data.php");
	$HostAccount = $_GET['HostAccount'];
	$cPW1 = $HTTP_POST_VARS[ "password1" ];
	$cPW2 = $HTTP_POST_VARS[ "password2" ];

	if(empty($_POST['password1'])) {
		$HostPassword = FALSE;
		$message2 .= '<br>You forgot to enter a password';
	} else {
	if($_POST['password1'] == $_POST['password2']) {
		$HostPassword = escape_data($_POST['password1']);
			if(strlen($HostPassword) < 6){
				   $message2 .= "<br>Your password $HostPassword  must be 6 characters";
				   $HostPassword = FALSE;
				} else {
					if (!preg_match("/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/", $HostPassword)) {
					  $message2 .= "<br>Your password does not meet complexity requirements";
					  $HostPassword = FALSE;
					}
				}
	} else {
		$HostPassword = FALSE;
		$message2 .= '<br>Your passwords do not match';
		}

	if($HostPassword){
Пример #15
0
require '../dbconnect.php';
function escape_data($data)
{
    if (ini_get('magic_quotes_gpc')) {
        $data = stripslashes($data);
    }
    if (!is_numeric($data)) {
        $data = mysql_real_escape_string($data);
    }
    return $data;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    //run all of the form data through the escape_data function
    $name = escape_data($_POST['name']);
    $review = escape_data($_POST['review']);
    $rating = escape_data($_POST['rating']);
    $cat_id = $_POST['cat_id'];
    $returnMsg = array();
    $returnMsg['submittedData'] = "<p>Name: {$name} rating: {$rating} email: {$email} review: {$review}</p>";
    //this code asses a new review to the reviews table
    $sql = "INSERT INTO reviews (id, name, review, rating, cat_id, date)\n\t\tVALUES ('', '{$name}', '{$review}', '{$rating}', '{$cat_id}', NOW() )";
    $result = mysql_query($sql);
    $returnmsg['insertReviewInfo'] = "<p>Info:" . mysql_info() . "</p>";
    $returnmsg['insertReviewError'] = "<p>Error:" . mysql_error() . "</p>";
    //set up SQL query to get all of the reviews for this product.
    $sql = "SELECT * FROM reviews WHERE cat_id = '{$cat_id}'";
    $result = mysql_query($sql);
    //Count and average all the ratings taken from all reviews of this product.
    $count = 0;
    $average_rating = 0;
    $total_rating = 0;
Пример #16
0
    if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['password'])))) {
        $test_password = escape_data($_POST['password']);
        if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['confirmPassword'])))) {
            $confirmationPassword = escape_data($_POST['confirmPassword']);
            if (passwordChecker($test_password, $confirmationPassword)) {
                $user->password = escape_data($_POST['password']);
            }
        }
    }
    //Check Postal Code
    if (preg_match('%^[A-Za-z][0-9][A-Za-z]" "[0-9][A-Za-z][0-9]$%', stripslashes(trim($_POST['postalCode'])))) {
        $user->postalCode = escape_data($_POST['postalCode']);
    }
    //Check Dat of Birth
    if (preg_match('%^[0-9]{6}$%', stripslashes(trim($_POST['DOB'])))) {
        $user->DOB = escape_data($_POST['DOB']);
    }
    $user->gender = $_POST['Gender'];
    $query = "UPDATE users SET firstName=?, lastName=?, email=?, password=?, streetAddress=?, postalCode=?, DOB =?, gender=? WHERE id=?";
    $stmt = mysqli_prepare($dbc, $query);
    if (!$stmt) {
        die('mysqli error: ' . mysqli_error($dbc));
    }
    mysqli_stmt_bind_param($stmt, "ssssssdsd", $user->firstName, $user->lastName, $user->email, $user->streetAddress, $user->password, $user->postalCode, $user->DOB, $user->gender, $user->id);
    if (!mysqli_execute($stmt)) {
        die('stmt error: ' . mysqli_stmt_error($stmt));
    }
    $_SESSION['user'] = serialize($user);
    echo "<p>ACCOUNT UPDATED</p>";
}
?>
Пример #17
0
include 'functions.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $meetsRequirements = TRUE;
    if (preg_match('%^[A-Za-z\\.\' \\-]{2,15}$%', stripslashes(trim($_POST['fn'])))) {
        $firstname = escape_data($_POST['fn']);
    } else {
        $meetsRequirements = FALSE;
    }
    if (preg_match('%^[A-Za-z\\.\' \\-]{2,15}$%', stripslashes(trim($_POST['ln'])))) {
        $lastname = escape_data($_POST['ln']);
    } else {
        $meetsRequirements = FALSE;
    }
    if (preg_match('%^[A-Za-z0-9._\\%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) {
        $email = escape_data($_POST['email']);
    } else {
        $meetsRequirements = FALSE;
    }
    if (preg_match('%^([0-9]( |-)?)?(\\(?[0-9]{3}\\)?|[0-9]{3})( |-)?([0-9]{3}( |-)?[0-9]{4}|[a-zA-Z0-9]{7})$%', stripslashes(trim($_POST['work_phone'])))) {
        $phone = escape_data($_POST['work_phone']);
    } else {
        $meetsRequirements = FALSE;
    }
    if (!$meetsRequirements) {
        die;
    }
    $_SESSION["firstname"] = $firstname;
    $_SESSION["lastname"] = $lastname;
    $_SESSION["email"] = $email;
    $_SESSION["phone"] = $phone;
}
Пример #18
0
 if (filter_var($_POST['category'], FILTER_VALIDATE_INT, array('min_range' => 1))) {
     $cat = $_POST['category'];
 } else {
     // No category selected.
     $add_page_errors['category'] = 'Please select a category!';
 }
 // Check for a description:
 if (!empty($_POST['description'])) {
     $d = escape_data(strip_tags($_POST['description']), $dbc);
 } else {
     $add_page_errors['description'] = 'Please enter the description!';
 }
 // Check for the content:
 if (!empty($_POST['content'])) {
     $allowed = '<div><p><span><br><a><img><h1><h2><h3><h4><ul><ol><li><blockquote>';
     $c = escape_data(strip_tags($_POST['content'], $allowed), $dbc);
 } else {
     $add_page_errors['content'] = 'Please enter the content!';
 }
 if (empty($add_page_errors)) {
     // If everything's OK.
     // Add the page to the database:
     $q = "INSERT INTO pages (categories_id, title, description, content) VALUES ({$cat}, '{$t}', '{$d}', '{$c}')";
     $r = mysqli_query($dbc, $q);
     if (mysqli_affected_rows($dbc) === 1) {
         // If it ran OK.
         // Print a message:
         echo '<div class="alert alert-success"><h3>The page has been added!</h3></div>';
         // Clear $_POST:
         $_POST = array();
         // Send an email to the administrator to let them know new content was added?
Пример #19
0
     $country = escape_data($_POST['country']);
 }
 if (empty($_POST['countrycode'])) {
     $countrycode = FALSE;
     $message .= '<br>The country code field is required to continue</br>';
 } else {
     $countrycode = escape_data($_POST['countrycode']);
 }
 if (empty($_POST['phone'])) {
     $phone = FALSE;
     $message .= '<br>A valid phone number is required</br>';
 } else {
     $phone = escape_data($_POST['phone']);
 }
 if (isset($_POST['fax'])) {
     $fax = escape_data($_POST['fax']);
 }
 if ($reguName && $password && $lpquestion && $lpanswer && $fname && $lname & $email && $add1 && $city && $zip && $country && $countrycode && $phone) {
     $query = "SELECT username FROM users WHERE username='******'";
     $result = @mysql_query($query);
     if (mysql_num_rows($result) == 0) {
         $query = "INSERT INTO users (username, password, lpquestion, lpanswer, fname, lname, email,  second_email, add1, add2, city, state, province, rspchoice, zip, country, countrycode, phone, fax, date, signup_date, isadmin)\n\t\tVALUES ('{$reguName}', PASSWORD('{$password}'), '{$lpquestion}', '{$lpanswer}', '{$fname}', '{$lname}', '{$email}', '{$second_email}', '{$add1}', '{$add2}', '{$city}', '{$state}', '{$province}', '{$rspchoice}', '{$zip}', '{$country}', '{$countrycode}', '{$phone}', '{$fax}', NOW(), NOW(), 1)";
         $result = @mysql_query($query);
         if ($result) {
             $StepNumber = 5;
             $_SESSION['StepNumber'] = 5;
             header("Location: install5.php");
             exit;
         } else {
             $message .= "There was an error writing the user to the database.<br>{$query}<br>";
         }
Пример #20
0
    } else {
        $_SESSION['cycle'] = (int) $_REQUEST['period'];
    }
    echo '{ "success" : "true" }';
} else {
    // New bill add-on...
    $errors = array();
    $testDate = explode('-', $_POST["date"]);
    if (isset($testDate[0]) && isset($testDate[1]) && isset($testDate[2]) && checkdate($testDate[1], $testDate[2], $testDate[0])) {
        $date = $_POST["date"];
    } else {
        $errors[] = "The date you entered is not valid, please try again.";
        $date = NULL;
    }
    if (isset($_POST['descrip']) && !empty($_POST['descrip'])) {
        $description = escape_data($_POST['descrip']);
    } else {
        $description = NULL;
        $errors[] = "You left the description blank, please fill it in and try again.";
    }
    if (isset($_POST['amt']) && is_numeric($_POST['amt']) && $_POST['amt'] > 0) {
        $amount = (double) $_POST['amt'];
    } else {
        $amount = NULL;
        $errors[] = "The amount has to be a non-negative number.";
    }
    if (isset($_POST['payer']) && is_numeric($_POST['payer']) && $_POST['payer'] > 0) {
        $payer = (int) $_POST['payer'];
    } else {
        $payer = NULL;
        $errors[] = "Seriously, what are you doing?";
Пример #21
0
    if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['password'])))) {
        $test_password = escape_data($_POST['password']);
        if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['confirmPassword'])))) {
            $confirmationPassword = escape_data($_POST['confirmPassword']);
            if (passwordChecker($test_password, $confirmationPassword)) {
                $_SESSION['password'] = escape_data($_POST['password']);
            }
        }
    }
    //Check Postal Code
    if (preg_match('%^[A-Za-z][0-9][A-Za-z]" "[0-9][A-Za-z][0-9]$%', stripslashes(trim($_POST['postalCode'])))) {
        $_SESSION['postalCode'] = escape_data($_POST['postalCode']);
    }
    //Check Dat of Birth
    if (preg_match('%^[0-9]{6}$%', stripslashes(trim($_POST['DOB'])))) {
        $_SESSION['DOB'] = escape_data($_POST['DOB']);
    }
    $_SESSION['gender'] = $_POST['Gender'];
    $query = "UPDATE users SET firstName=?, lastName=?, email=?, password=?, streetAddress=?, postalCode=?, DOB =?, gender=? WHERE id=?";
    $stmt = mysqli_prepare($dbc, $query);
    if (!$stmt) {
        die('mysqli error: ' . mysqli_error($dbc));
    }
    mysqli_stmt_bind_param($stmt, "ssssssdsd", $_SESSION['firstName'], $_SESSION['lastName'], $_SESSION['email'], $_SESSION['password'], $_SESSION['streetAddress'], $_SESSION['postalCode'], $_SESSION['DOB'], $_SESSION['gender'], $_SESSION['id']);
    if (!mysqli_execute($stmt)) {
        die('stmt error: ' . mysqli_stmt_error($stmt));
    }
    echo "<p>ACCOUNT UPDATED</p>";
}
?>
Пример #22
0
     }
     if ($_POST['ps_charge_ok'] == 'on' && ($_POST['ps_staff'] == 0 || 3 || 4 || 6)) {
         $errors[] = 'Non-staff members cannot house charge.';
     } else {
         if ($_POST['ps_charge_ok'] == 'on') {
             $pscharge = 1;
         } else {
             $pscharge = 0;
         }
     }
     if ($_POST['ps_discount'] > 25) {
         $errors[] = 'You entered a discount greater than the maximum.';
     } elseif ($_POST['ps_discount'] != 0 && $_POST['ps_staff'] == 0) {
         $errors[] = 'Member-owners may not rcv. a discount.  Please adjust Member Type below.';
     } else {
         $psd = escape_data($_POST['ps_discount']);
         // Store the discount.
     }
     $psmemtype = $_POST['ps_memtype'];
     $psstaff = $_POST['ps_staff'];
     if ($psstaff == 6) {
         $psType = 'reg';
     } else {
         $psType = 'pc';
     }
     if ($pscharge == 1) {
         $pslimit = 9999;
     } else {
         $pslimit = 0;
     }
 }
Пример #23
0
         $sm .= " AND daytrans_no = '{$dtn}'";
     }
     if (!empty($_GET['reg_no'])) {
         $rn = escape_data($_GET['reg_no']);
         $sm .= " AND register_no = {$rn}";
     }
     if (!empty($_GET['card_no'])) {
         $cn = escape_data($_GET['card_no']);
         $sm .= " AND card_no = {$cn}";
     }
     if (!empty($_GET['cashier'])) {
         $em = escape_data($_GET['cashier']);
         $sm .= " AND emp_no = {$em}";
     }
     if (!empty($_GET['total'])) {
         $tt = escape_data($_GET['total']);
         $sm .= " AND emp_no = {$tt}";
     }
     //	else {$sm = $_GET['sm'];}
 }
 if (empty($errors)) {
     $sm = stripslashes($sm);
     $query = "SELECT * FROM " . DB_LOGNAME . ".{$transtable} WHERE trans_type = 'C' AND " . $sm;
     // echo "$query";
     $result = @mysql_query($query);
     if (mysql_num_rows($result) == 0) {
         // No results
         echo '<div id="alert"><p class="error">Your search yielded no results.</p></div>';
     } else {
         // Results!
         $query = "SELECT COUNT(*) FROM " . DB_LOGNAME . ".{$transtable} WHERE trans_type = 'C' AND {$sm}";
Пример #24
0
            $num += $ship[$x];
            setFleetStat($str, $num, $sid, $fleetSelected);
            //Take away ships
            $num = getFleetStat($str, $sid, $fid);
            $num -= $ship[$x];
            setFleetStat($str, $num, $sid, $fid);
        }
        echo 'You have moved the ships successfully<br>';
    }
}
if (isset($_GET['fa'])) {
    $fleetSelected = $_POST['fleet'];
    $counter;
    $str;
    for ($z = 0; $z < count($fleetSelected); $z++) {
        $fleetSelected[$z] = escape_data($fleetSelected[$z]);
        for ($i = 1; $i < 4; $i++) {
            $str = "ship" . $i;
            $counter[$i] += getFleetStat($str, $sid, $fleetSelected[$z]);
        }
        $thisPid = getFleetStat(loc, $sid, $fleetSelected[$z]);
        $ownerId = getFleetStat(ownerid, $sid, $fleetSelected[$z]);
        if ($id != $ownerId) {
            echo 'err1';
            exit;
        }
        if ($thisPid != $pid) {
            echo 'err';
            exit;
        }
    }
Пример #25
0
        <td><input type="submit" name="submit3" value="Submit"></td>
      </tr></table></form>
            ';
}
echo '</div>';
/********
PERKS PAGE
*********/
echo '<div id="6" style="display:none">';
$query = "SELECT id FROM masterperks";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
}
//Change the page to send mail if reply is set
if (isset($_GET[r])) {
    $r = escape_data($_GET[r]);
    $query = "SELECT username FROM users WHERE id={$r}";
    $result = mysql_query($query);
    if ($row = mysql_fetch_array($result)) {
        $r = $row[0];
    } else {
        $r = "User Not Found";
    }
    echo '<script>change(2);
    document.forms[0].to.value="' . $r . '"</script>';
}
if (isset($_GET['d'])) {
    echo '<script>change(7)</script>';
}
echo '</div>';
include './footer.php';
Пример #26
0
<?php 
if (isset($_POST['submitted'])) {
    // Check if the form has been submitted.
    // Security check for a valid username
    if (preg_match('%^[A-Za-z0-9]\\S{8,20}$%', stripslashes(trim($_POST['userid'])))) {
        // Scrub username with function in header.php
        $u = escape_data($_POST['userid']);
    } else {
        $u = FALSE;
        echo '<p><font color="red" size="+1">Please enter a valid User ID!</font></p>';
    }
    // Security check for a valid password
    if (preg_match('%^[A-Za-z0-9]\\S{8,20}$%', stripslashes(trim($_POST['pass'])))) {
        // Scrub password with function in header.php
        $p = escape_data($_POST['pass']);
    } else {
        $p = FALSE;
        echo '<p><font color="red" size="+1">Please enter a valid Password!</font></p>';
    }
    // PHP Code for the CAPTCHA System
    $captchchk = 1;
    $privatekey = "6LfXR8ASAAAAAKpztg_bZb27P7KwUwFZYPi0pvOA";
    $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
    if (!$resp->is_valid) {
        // What happens when the CAPTCHA was entered incorrectly
        echo '<p><font color="red" size="+1">The CAPTCHA Code wasn\'t entered correctly!</font></p>';
        $captchchk = 0;
    }
    // Query the database. Verify the username, password and captcha
    if ($u && $p && $captchchk) {
Пример #27
0
         $password = FALSE;
         echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
     }
 } else {
     $password = FALSE;
     echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
 }
 //Check Postal Code'
 if (preg_match('%^[A-Za-z][0-9][A-Za-z]" "[0-9][A-Za-z][0-9]$%', stripslashes(trim($_POST['postalCode'])))) {
     $postalCode = escape_data($_POST['postalCode']);
 } else {
     $postalCode = "";
 }
 //Check Dat of Birth
 if (preg_match('%^[0-9]{6}$%', stripslashes(trim($_POST['DOB'])))) {
     $DOB = escape_data($_POST['DOB']);
 } else {
     $DOB = "00000000";
 }
 $gender = $_POST['Gender'];
 //Insert info into the database
 $query = "INSERT INTO users(firstName,lastName,email, password, streetAddress, postalCode, DOB, gender) VALUES (?,?,?,?,?,?,?,?)";
 //Prepare mysqli statement
 $stmt = mysqli_prepare($dbc, $query);
 if (!$stmt) {
     die('mysqli error: ' . mysqli_error($dbc));
 }
 //Bind parameters
 mysqli_stmt_bind_param($stmt, "ssssssds", $firstName, $lastName, $email, $password, $streetAddress, $postalCode, $DOB, $gender);
 if (!mysqli_execute($stmt)) {
     die('stmt error: ' . mysqli_stmt_error($stmt));
Пример #28
0
<?php

# messages.php - This will let your average user modify the greeting, farewell, and receipt footers for all lanes.
$page_title = 'Fannie - Admin Module';
$header = 'Message Manager';
include '../src/header.html';
if (isset($_POST['submitted'])) {
    // new line for fwrite "\n"
    require_once '../src/mysql_connect.php';
    foreach ($_POST['id'] as $id => $msg) {
        $query = "UPDATE messages SET message = '" . escape_data($msg) . "' WHERE id='{$id}'";
        $result = mysql_query($query);
    }
}
require_once '../src/mysql_connect.php';
echo '<form action="messages.php" method="POST">';
$query = "SELECT * FROM messages ORDER BY id ASC";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
    if ($row['id'] == 'receiptFooter1') {
        echo "<p><b>Receipt Footer:</b></p>\n";
    } elseif ($row['id'] == 'farewellMsg1') {
        echo "<p><b>Farewell Message:</b></p>\n";
    } elseif ($row['id'] == 'welcomeMsg1') {
        echo "<p><b>Welcome Message:</b></p>\n";
    }
    echo "<input type=\"text\" name=\"id[{$row['id']}]\" value=\"{$row['message']}\" size=\"50\" maxlength=\"50\" /><br />\n";
}
echo '<br /><button name="submit" type="submit">Save</button>
<input type="hidden" name="submitted" value="TRUE" />
</form>';
Пример #29
0
function researchImage($rid)
{
    return '<A href="./research.php?id=' . $rid . '" onMouseOver="showObject(event,\'' . $rid . 'go\');" onMouseOut="hideObject(\'' . $rid . 'go\');"><img src="http://www.playconquest.com/woc/items/33.png"></a>';
}
function rph($sid, $id)
{
    $return = 0;
    $query = "SELECT researchmod FROM planets{$sid} WHERE ownerid={$id}";
    $result = mysql_query($query);
    while ($row = mysql_fetch_array($result)) {
        $return += $row[researchmod];
    }
    return $return;
}
if (isset($_GET['id'])) {
    $rid = escape_data($_GET['id']);
    $sub = getResearchStat(sub, $rid);
    $pass = false;
    if ($sub == 0) {
        $pass = true;
    }
    //check to see if you have already researcheed it
    $query = "SELECT id FROM tech{$sid} WHERE ownerid={$id} AND techid={$rid}";
    $result = mysql_query($query);
    if ($row = mysql_fetch_array($result)) {
        echo ' You have already researched this.<br><br>';
    } else {
        //check you have requirements
        $query = "SELECT id FROM tech{$sid} WHERE techid={$sub} AND ownerid={$id}";
        $result = mysql_query($query);
        if ($row = mysql_fetch_array($result) || $pass) {
Пример #30
0
<?php

/**/
include './db_connect.php';
if (isset($_GET[id])) {
    $id = (int) escape_data($_GET[id]);
    $vote = getUserStat(votes, $id);
    $vote++;
    $query = "UPDATE users SET votes={$vote} WHERE id={$id}";
    $result = @mysql_query($query);
}