echo htmlspecialchars($event['Description']); ?> </textarea> </div> <div class="form-group"> <label for="Location">Location</label> <input class="form-control" id="Location" type='text' name='Location' placeholder='Where is the event' value="<?php echo htmlspecialchars($event['Location']); ?> "> </div> <div class="form-group"> <label for="Atendees">Group members to invite:</label> <br> <?php foreach ($Members as $attendees) { if ($attendees['email'] != get_user($db, get_logged_in_user_id())['email']) { echo '<input id="Atendees" type="checkbox" name="Attending[]" value="' . htmlspecialchars($attendees['email']) . '">' . htmlspecialchars($attendees['name']) . '</option><br>'; } } ?> <?php echo "<input type='hidden' value='" . urlencode($_GET['group_id']) . "' name='group_id'>"; ?> <input type='submit' value='Create' class='btn btn-default'> </div> </form> </body> </html>
<?php require_once 'includes/all.php'; if (!is_logged_in()) { header("Location: signin.php"); exit(0); } $db = connect_db(); $user_courses = get_user_courses($db, get_logged_in_user_id()); ?> <!DOCTYPE html> <html> <head> <title> Search Groups | Study Group Finder </title> <?php include 'includes/_head.html'; ?> </head> <body> <?php include 'includes/_nav.php'; ?> <div class="breadcrumbs"> <a href="index.php">Home</a> » Search </div> <div class='row'> <div class='col-md-6'>
<?php require_once 'includes/all.php'; if (!is_logged_in()) { header("Status: 403"); exit; } if ($_SERVER['REQUEST_METHOD'] != 'POST') { header("Status: 405"); // method not allowed exit; } $db = connect_db(); $group = get_group($db, $_POST['group_id']); $course = get_course($db, $group['course_id']); $user = get_user($db, get_logged_in_user_id()); function user_is_in_group($db, $user, $group_id) { $stmt = $db->prepare("SELECT EXISTS (SELECT 1 FROM group_members WHERE group_id = :group_id AND user_id = :user_id)"); $stmt->bindValue(":user_id", $user['id']); $stmt->bindValue(":group_id", $group_id); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_NUM); return !!$row[0]; } function json_die($status, $msg) { header("Status: 400"); header("Content-Type: application/json"); echo json_encode(array("error" => $msg)); exit;
// create the group // TODO(ae): transation if ($action !== 'add_user' && !count($errors)) { $stmt = $db->prepare("INSERT INTO groups (course_id, name, day, time, place, campus) VALUES (:course_id, :name, :day, :time, :place, :campus)"); $stmt->bindValue(":course_id", $form['course']); $stmt->bindValue(":name", $form['name']); $stmt->bindValue(":day", $form['day']); $stmt->bindValue(":time", $form['time']); $stmt->bindValue(":place", $form['place']); $stmt->bindValue(":campus", $form['campus']); $stmt->execute(); $group_id = $db->lastInsertId(); $stmt = $db->prepare("INSERT INTO group_members (group_id, user_id) VALUES (:group_id, :user_id)"); // Add current user to the group $stmt->bindValue(":group_id", $group_id, PDO::PARAM_INT); $stmt->bindValue(":user_id", get_logged_in_user_id(), PDO::PARAM_INT); $stmt->execute(); // Add any other members // TODO(ae): send invites instead foreach ($form['members'] as $user_id) { $stmt->bindValue(":user_id", $user_id, PDO::PARAM_INT); $stmt->execute(); } $url = "group.php?id=" . urlencode($group_id); header("Location: " . $url); exit(0); } } // Returns 'has-error' if the key exists in $errors. function has_error($key) {
} $db = connect_db(); $user = get_user($db, $_GET['id']); if (!$user) { header('Status: 404'); die('no such user'); } $courses = get_user_courses($db, $user['id']); $college = null; if ($user['college_id']) { $q = $db->prepare("SELECT * FROM colleges WHERE id=?"); $q->bindValue(1, $user['college_id']); $q->execute(); $college = $q->fetch(); } $is_myself = $user['id'] == get_logged_in_user_id(); $id = $_GET['id']; ?> <!DOCTYPE html> <html> <head> <title><?php echo htmlspecialchars($user['name']); ?> </title> <?php include 'includes/_head.html'; ?> </head> <body>
echo '<a class="btn btn-danger" href="logout.php" role="button">Sign out</a>'; } else { echo '<a class="btn btn-success" href="signin.php" role="button">Sign in</a>'; } ?> </div> </div> </div> </nav> <div class="container"> <?php if (is_logged_in()) { ?> <div class="masthead"> <nav> <ul class="nav nav-justified"> <li><a href="index.php">Home</a></li> <li><a href="profile.php?id=<?php echo get_logged_in_user_id(); ?> ">Your Profile</a></li> <li><a href="group.php">Your Groups</a></li> <li><a href="newgroup.php">Create a Group</a></li> <li><a href="form.php">Search</a></li> </ul> </nav> </div> <?php }
require_once 'includes/all.php'; if (!is_logged_in()) { header("Location: signin.php"); exit(0); } if (!isset($_GET['id'])) { // um header('Status: 404'); die('missing id'); } $db = connect_db(); if (!is_member($db, get_logged_in_user_id(), $_REQUEST['id'])) { header("Status: 403 Forbidden"); exit("403 Forbidden"); } $user_groups = get_user_groups($db, get_logged_in_user_id()); $group = get_group($db, $_GET['id']); $members = get_group_members($db, $_GET['id']); ?> <!DOCTYPE html> <html> <head> <title> Members Editing | Study Group Finder </title> <script src="js/jquery-1.12.1.min.js" type="text/javascript"></script> <script> function reload(id){ self.location="members_edit.php?id="+id; } </script> <?php
<?php require_once 'includes/all.php'; if (!is_logged_in()) { header("Location: signin.php"); exit(0); } if ($_SERVER['REQUEST_METHOD'] != 'POST') { header('Status: 405'); // 405 Method Not Allowed } $db = connect_db(); $user_id = get_logged_in_user_id(); $pic = $_FILES["fileupload"]["name"]; $tmp = $_FILES["fileupload"]["tmp_name"]; $size = $_FILES["fileupload"]["size"]; $errors = array(); $maxsize = 1048756; if ($size > $maxsize) { $errors[] = "Upload failed: file size {$size} exceeds maximum size of {$maxsize}"; } if (count($errors)) { $_SESSION['flash_errors'] = $errors; header("Location: profile_edit.php"); exit(0); } $info = @getimagesize($tmp); if ($info === false) { $errors[] = "Upload failed: not an image"; } else { $type = $info[2];
<?php require_once 'includes/all.php'; if (!is_logged_in()) { header("Location: signin.php"); exit(0); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $db = connect_db(); $user = get_user($db, get_logged_in_user_id()); if (!password_verify($_POST["oldPassword"], $user["password_hash"])) { $_SESSION["flash_errors"] = array('Old password did not match current password'); } else { $stmt = $db->prepare("UPDATE users SET password_hash = :password_hash WHERE users.id = :usrId"); $stmt->bindValue("password_hash", password_hash($_POST["newPassword"], PASSWORD_BCRYPT)); $stmt->bindValue("usrId", get_logged_in_user_id()); $stmt->execute(); } } header("Location: profile_edit.php");