Пример #1
0
function checkEmailKey($key, $userID)
{
    $curDate = date("Y-m-d H:i:s");
    $sql = "SELECT `UserID` FROM `recoveryemails` WHERE `Key` = ? AND `UserID` = ? AND `expDate` >= ?";
    $data = my_query('sis', array(&$key, &$userID, &$curDate), $sql);
    $numRows = getNumRows('sis', array(&$key, &$userID, &$curDate), $sql);
    if ($numRows > 0 && $data['UserID'] != '') {
        return array('status' => true, 'userID' => $data['UserID']);
    }
    return false;
}
Пример #2
0
            $name = $dataInfo['keyword'];
            $linkUrl = $dataInfo['linkUrl'];
            $linkImage = $dataInfo['linkImage'];
            include "keywords_add.inc.php";
        } else {
            $error_message = $strNoExits;
            include "error_web.php";
        }
    } else {
        //查找和浏览
        $title = "{$strKeywordsTitle}";
        if ($order == "") {
            $order = "id";
        }
        //Find condition
        $find = "";
        if ($seekname != "") {
            $find .= " and (name like '%{$seekname}%')";
        }
        if ($find != "") {
            $find = substr($find, 5);
            $sql = "select * from " . $DBPrefix . "keywords where {$find} order by {$order}";
            $nums_sql = "select count(id) as numRows from " . $DBPrefix . "keywords where {$find}";
        } else {
            $sql = "select * from " . $DBPrefix . "keywords order by {$order}";
            $nums_sql = "select count(id) as numRows from " . $DBPrefix . "keywords";
        }
        $total_num = getNumRows($nums_sql);
        include "keywords_list.inc.php";
    }
}
Пример #3
0
        }
        if (null == $id) {
            header("Location: index");
        }
        if (!empty($_POST)) {
            // keep track validation errors
            $nameError = null;
            // keep track post values
            $name = $_POST['name'];
            // validate input
            $valid = true;
            if (empty($name)) {
                $nameError = 'Please enter name';
                $valid = false;
            }
            $numRows = getNumRows('s', array(&$name), "SELECT name FROM organization WHERE id=?");
            $db_result = my_query('i', array(&$id), "SELECT name FROM organization where ID=?");
            if ($valid) {
                $params = array(&$name, &$id);
                $sql = "UPDATE organization set name = ? where id = ?";
                my_update('si', $params, $sql);
                $_SESSION['crud_update_success'] = true;
            }
        }
        ?>


<!DOCTYPE html>
<html lang="en">
<head>
      <meta charset="utf-8">
Пример #4
0
	<head>
		<title>dStory Viewer</title>
		<link rel="stylesheet" type="text/css" href="dstory.css" media="screen" />
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	</head>
	<body>
		<div id="wrapper">
			<div class="main">


<?php 
//$search="WHERE (MATCH(title,description) AGAINST ('school education parent grade' IN BOOLEAN MODE))";
//$search="WHERE (MATCH(title,description) AGAINST ('theory' IN BOOLEAN MODE))";
$search = "";
// get rows
$num_rows = getNumRows($search);
$pages = new Paginator();
$pages->items_total = $num_rows;
$pages->mid_range = 9;
echo "<div class=\"paginate\">";
$pages->paginate();
echo $pages->display_pages();
echo "<span style=\"margin-left:25px\"> " . $pages->display_jump_menu() . $pages->display_items_per_page() . "</span>";
echo "</div>\n";
// print the stories
printStoriesPaginator($pages, $search);
echo "<div class=\"paginate\">" . $pages->display_pages() . "</div>";
echo "<p>Page {$pages->current_page} of {$pages->num_pages} </p>";
include 'closedb.php';
?>
Пример #5
0
 $valid = true;
 if (empty($name)) {
     $nameError = 'Please enter Username';
     $valid = false;
 }
 if (empty($email)) {
     $emailError = 'Please enter Email Address';
     $valid = false;
 } else {
     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
         $emailError = 'Please enter a valid Email Address';
         $valid = false;
     }
 }
 $numRows = getNumRows('s', array(&$name), "SELECT Username FROM user WHERE username=?");
 $numRows1 = getNumRows('s', array(&$email), "SELECT Username FROM user WHERE email=?");
 $db_result = my_query('i', array(&$id), "SELECT Username, Email FROM user where ID=?");
 if ($valid) {
     // Username is free
     if ($numRows == 0 && $numRows1 == 0 || strcmp($name, $db_result['Username']) == 0 && strcmp($email, $db_result['Email']) == 0) {
         if (isset($_POST['password'])) {
             $h_password = password_hash($password, PASSWORD_BCRYPT, $options);
         }
         if ($_SESSION['admin'] == 1) {
             $params = array(&$name, &$email, &$h_password, &$level, &$id);
             $sql = "UPDATE user set Username = ?, Email = ?, Password = ?, admin = ? WHERE ID = ?";
             my_update('sssii', $params, $sql);
         } else {
             $params = array(&$name, &$email, &$h_password, &$id);
             $sql = "UPDATE user set Username = ?, Email = ?, Password = ? WHERE ID = ?";
             my_update('sssi', $params, $sql);
function pageController()
{
    // Login information for db_connect.php.
    require '../park_login.php';
    // How we call to connect to the db via an outside file.
    require '../db_connect.php';
    // Calling file of functions for Input aka $_GET.
    require '../Input.php';
    // "&& is_numeric" prevents letter inputs into browser query string.
    // "round(abs())" prevents decimals and negative numbers as input to browser query string.
    $page = Input::has('page') && is_numeric(Input::get('page')) ? round(abs(Input::get('page'))) : 1;
    // Prevents page numbers less than 1. 0 causes problems by making a negative $offset.
    if ($page < 1) {
        $page = 1;
    }
    // Prevents changes to browser query string for limit value. 'newlimit' is tied to the Change Rows button.
    $limit = Input::has('newlimit') && is_numeric(Input::get('newlimit')) ? abs(intval(Input::get('newlimit'))) : 3;
    $offset = $page * $limit - $limit;
    // Gets the total number of rows of data.
    function getNumRows($dbc)
    {
        $stmt = $dbc->prepare('SELECT * FROM national_parks');
        $stmt->execute();
        $rowTotal = $stmt->rowCount();
        return $rowTotal;
    }
    $rowTotal = getNumRows($dbc);
    // Dividing $rowTotal by $limit gives us the number of pages to hold the data.
    $numOfPages = ceil($rowTotal / $limit);
    // Prevents page numbers more than the total number of pages.
    if ($page > $numOfPages) {
        $page = $numOfPages;
        $offset = $page * $limit - $limit;
    }
    // Uses variables of $limit and $offset to run the SELECT query in a scalable way.
    function getAllParks($dbc, $limit, $offset)
    {
        $stmt = $dbc->prepare('SELECT * FROM national_parks ORDER BY name LIMIT :limit OFFSET :offset');
        $stmt->bindValue(':limit', $limit, PDO::PARAM_INT);
        $stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
        $stmt->execute();
        $parksArray = $stmt->fetchAll(PDO::FETCH_ASSOC);
        return $parksArray;
    }
    function getAllAllParks($dbc)
    {
        $stmt = $dbc->prepare('SELECT * FROM national_parks ORDER BY name');
        $stmt->execute();
        $parksAllArray = $stmt->fetchAll(PDO::FETCH_ASSOC);
        return $parksAllArray;
    }
    $parksArray = getAllParks($dbc, $limit, $offset);
    $parksAllArray = getAllAllParks($dbc);
    // Uses the 'Submit A National Park' form to insert new values to the table and database.
    function insertParks($dbc)
    {
        // Now calls on the Input class's getString and getDate methods with try catches.
        // Try catch create an array of errors for passing to the user in the HTML.
        $errorArray = [];
        try {
            $name = Input::getString('name', 0, 50);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errName'] = $error;
        }
        try {
            $location = Input::getString('location', 0, 50);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errLoc'] = $error;
        }
        try {
            $date_established = Input::getDate('date_established', '1776-07-04', 'next month');
            $date_established = $date_established->format('Y-m-d');
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errDate'] = $error;
        }
        try {
            $area_in_acres = Input::getNumber('area_in_acres', 0, 375000000);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errArea'] = $error;
        }
        try {
            $description = Input::getString('description', 0, 500);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errDes'] = $error;
        }
        // If the $errorArray is not empty, this will return out of the method before binding values and executing below. The $errorArray returns with an array of strings.
        if (!empty($errorArray)) {
            return $errorArray;
        }
        $stmt = $dbc->prepare('INSERT INTO national_parks (name, location, date_established, area_in_acres, description) VALUES (:name, :location, :date_established, :area_in_acres, :description)');
        $stmt->bindValue(':name', $name, PDO::PARAM_STR);
        $stmt->bindValue(':location', $location, PDO::PARAM_STR);
        $stmt->bindValue(':date_established', $date_established, PDO::PARAM_STR);
        $stmt->bindValue(':area_in_acres', $area_in_acres, PDO::PARAM_STR);
        $stmt->bindValue(':description', $description, PDO::PARAM_STR);
        $stmt->execute();
    }
    // Uses the 'Delete A Park' form to delete a row of data from the table and database.
    function deletePark($dbc)
    {
        $park_to_delete = Input::get('park_to_delete');
        $stmt = $dbc->prepare('DELETE FROM national_parks WHERE id = :park_to_delete');
        $stmt->bindValue(':park_to_delete', $park_to_delete, PDO::PARAM_INT);
        $stmt->execute();
    }
    // Logic that checks for $_POST values and empty string before running the functions to insert or delete.
    // Additionally, saves a different $noteToUser variable and $errorArray to show the user in the HTML.
    $noteToUser = '';
    $errorArray = [''];
    $formName = '';
    $formLoc = '';
    $formDate = '';
    $formArea = '';
    $formDes = '';
    if (!empty($_POST)) {
        if (Input::notEmpty('name') && Input::notEmpty('location') && Input::notEmpty('date_established') && Input::notEmpty('area_in_acres') && Input::notEmpty('description')) {
            // If insertsParks() throws exceptions, it returns an array of strings. If no exceptions thrown, null.
            $errorArray = insertParks($dbc);
            $parksArray = getAllParks($dbc, $limit, $offset);
            $parksAllArray = getAllAllParks($dbc);
            $rowTotal = getNumRows($dbc);
            // This if checks the $errorArray, if empty insertParks() did not throw exception and it worked.
            if ($errorArray == []) {
                $noteToUser = '******';
                $errorArray = [''];
            } else {
                $formName = Input::get('name');
                $formLoc = Input::get('location');
                $formDate = Input::get('date_established');
                $formArea = Input::get('area_in_acres');
                $formDes = Input::get('description');
            }
        } elseif (Input::notEmpty('park_to_delete')) {
            deletePark($dbc);
            $parksArray = getAllParks($dbc, $limit, $offset);
            $parksAllArray = getAllAllParks($dbc);
            $rowTotal = getNumRows($dbc);
            $noteToUser = '******';
        } else {
            $noteToUser = '******';
        }
    }
    return array('parksArray' => $parksArray, 'parksAllArray' => $parksAllArray, 'page' => $page, 'limit' => $limit, 'offset' => $offset, 'rowTotal' => $rowTotal, 'numOfPages' => $numOfPages, 'noteToUser' => $noteToUser, 'errorArray' => $errorArray, 'formName' => $formName, 'formLoc' => $formLoc, 'formDate' => $formDate, 'formArea' => $formArea, 'formDes' => $formDes);
}
session_start();
require_once '../../lib/dbcon.php';
require_once '../../lib/func.php';
require_once '../../lib/pagination_class.php';
require_once '../../lib/tglindo.php';
$mnu = 'setbiaya';
$tb = 'psb_' . $mnu;
if (!isset($_POST['aksi'])) {
    $out = json_encode(array('status' => 'invalid_no_post'));
} else {
    switch ($_POST['aksi']) {
        // -----------------------------------------------------------------
        case 'tampil':
            $kelompok = isset($_POST['kelompokS']) ? $_POST['kelompokS'] : '';
            $nGol = getNumRows('golongan');
            $nTing = getNumRows2('tingkat');
            checkSetBiaya($kelompok);
            $sql = 'SELECT
							k.tingkat,
							k.replid,
							(
								SELECT
									count(*)
								FROM
									psb_golongan
							) jumgol
						FROM
							aka_tingkat k';
            // print_r($sql);exit();
            if (isset($_POST['starting'])) {
Пример #8
0
	require_once '../../lib/func.php';
	require_once '../../lib/pagination_class.php';
	require_once '../../lib/tglindo.php';
	$mnu = 'setbiaya';
	$tb  = 'psb_'.$mnu;

	if(!isset($_POST['aksi'])){
		$out=json_encode(array('status'=>'invalid_no_post'));		
		// $out=['status'=>'invalid_no_post'];		
	}else{
		switch ($_POST['aksi']) {
			// -----------------------------------------------------------------
			case 'tampil':
				$kelompok  = isset($_POST['kelompokS'])?filter(trim($_POST['kelompokS'])):'';
				$nGol     = getNumRows('golongan');
				$nKrit    = getNumRows('kriteria');

				checkSetBiaya($kelompok);
				$sql ='SELECT 
							k.kriteria,
							k.replid,(
								SELECT count(*)
								FROM psb_golongan
							) jumgol
						FROM 
							psb_kriteria k';
				// print_r($sql);exit();
				if(isset($_POST['starting'])){
					$starting=$_POST['starting'];
				}else{
					$starting=0;
    if (trim($_POST['user']) == '') {
        warn('Indique el usuario');
        header('Location: login.php');
        exit;
    }
    if (trim($_POST['password']) == '') {
        warn('Indique la contraseña');
        header('Location: login.php');
        exit;
    }
    $host = $cfg['db_corporativo']['host'];
    $user = $cfg['db_corporativo']['user'];
    $pass = $cfg['db_corporativo']['password'];
    $database = $cfg['db_corporativo']['database'];
    $linkCorporativo = createLink($host, $user, $pass, $database);
    $user = strtoupper($_POST['user']);
    $pass = $_POST['password'];
    $result = doQuery(sqlUsuario($user, $pass, $linkCorporativo), $linkCorporativo, $err);
    if (getNumRows($result) == 0) {
        err('Datos incorrectos, verifique');
        header('Location: login.php');
        exit;
    } else {
        $usuario = getDict($result);
        $_SESSION['clave_usuario'] = $usuario['clave_usuario'];
        $_SESSION['autentificado'] = true;
        $_SESSION['last_activity'] = $_SERVER['REQUEST_TIME'];
        header('Location: index.php');
    }
    doClose($linkCorporativo);
}
Пример #10
0
     }
     if (empty($email)) {
         $emailError = 'Please enter Email Address';
         $valid = false;
     } else {
         if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
             $emailError = 'Please enter a valid Email Address';
             $valid = false;
         }
     }
     if (empty($password)) {
         $passwordError = 'Please enter Password';
         $valid = false;
     }
     $sql = "SELECT Username FROM user WHERE username=? OR email=?";
     $numRows = getNumRows('ss', array(&$name, &$email), $sql);
     if ($valid) {
         // Username is free
         if ($numRows == 0) {
             $h_password = password_hash($password, PASSWORD_BCRYPT, $options);
             $param = array(&$name, &$email, &$h_password, &$orgID);
             $sql = "INSERT INTO user (username, email, password, orgID) VALUES (?, ?, ?, ?)";
             my_update('sssi', $param, $sql);
             header("Location: index");
         } else {
             //username is taken
             $_SESSION['crud_already_username'] = true;
         }
     }
     my_disconnect();
 }