<?php
require 'init.php';
if (getVar('category')) {
$articlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE articles.category_id = :category AND articles.private = 0 OR articles.private = :private ORDER BY articles.id DESC LIMIT :start,4 ");
$articlesQuery->execute(array('category' => getVar('category'), 'start' => getVar('page') * 4, 'private' => isGuest()));
$articles = $articlesQuery->fetchAll();
$allArticlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE articles.category_id = :category AND articles.private = 0 OR articles.private = :private");
$allArticlesQuery->execute(array('category' => getVar('category'), 'private' => isGuest()));
} else {
$articlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE articles.private = 0 OR articles.private = :private ORDER BY articles.id DESC LIMIT :start,4 ");
$articlesQuery->execute(array('start' => getVar('page') * 4, 'private' => isGuest()));
$articles = $articlesQuery->fetchAll();
$allArticlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE articles.private = 0 OR articles.private = :private");
$allArticlesQuery->execute(array('private' => isGuest()));
}
$maxPages = round($allArticlesQuery->rowCount() / 4);
$categoriesQuery = $dbh->prepare("SELECT id, name FROM categories ");
$categoriesQuery->execute();
$categories = $categoriesQuery->fetchAll();
$page = getVar('page') ? getVar('page') : 1;
render('index', array('articles' => $articles, 'categories' => $categories, 'url' => 'index.php', 'npage' => $page, 'maxPages' => $maxPages));
<?php
require 'init.php';
if (getVar('title')) {
$addGallery = $dbh->prepare("INSERT INTO galleries (title, description, private) VALUES (:title, :description, :private)");
$addGallery->execute(array(':title' => getVar('title'), ':description' => getVar('description'), ':private', getVar('privacy')));
$galleryId = $dbh->lastInsertId();
mkdir('images/galleries/' . $galleryId);
render('addpictures', array('galleryId' => $galleryId));
} else {
if (getVar('gallery_id')) {
$galleriesQuery = $dbh->prepare("SELECT id, title, description FROM galleries WHERE private = 0 OR private = :private");
$galleriesQuery->execute(array('private' => isGuest()));
$galleries = $galleriesQuery->fetchAll();
render('pictures', array('galleries' => $galleries));
} else {
render('addgallery');
}
}
die('Error : (' . $dbcon->errno . ') ' . $dbcon->error);
}
$stmt->close();
unset($_SESSION['useraddress']);
}
header("Location: " . SITE_URL . "index.php?orders");
exit;
}
//when new order is being created set the order status as new.
//new order to be created if there was no orderid in the session
if ($sess_orderID == -1) {
//order status could be new, shippingInfo, review, confirmed, cancelled, shipped, delivered, completed
$_SESSION['orderStatus'] = $sess_orderStatus = "new";
}
//in all above scenarios, the rest of the page needs to be executed
$currUserEmail = isGuest() ? "" : getCurrentUserEmail();
$currUsertype = "2";
$curr_user = ['userid' => '', 'firstname' => '', 'lastname' => '', 'email' => '', 'phone' => '', 'gender' => '', 'address1' => '', 'address2' => '', 'city' => '', 'state' => '', 'postalcode' => ''];
$order_add = ['email' => '', 'email' => '', 'ship_add1' => '', 'ship_add2' => '', 'ship_city' => '', 'ship_state' => '', 'ship_postal' => '', 'bill_add1' => '', 'bill_add2' => '', 'bill_city' => '', 'bill_state' => '', 'bill_postal' => '', 'paymenttype' => 'COD', 'phone' => ''];
//if the user is not a guest, get the current user details to prefill the order form
if (isset($_SESSION['userid'])) {
$user_id = $_SESSION['userid'];
$curr_user = [];
$qry = "SELECT userid, firstname, lastname, email, phone, gender, address1, address2, city, state, postalcode, usertype from user WHERE userid={$user_id}";
if (!($stmt = $dbcon->prepare($qry))) {
die('Prepare Error 1 : (' . $dbcon->errno . ') ' . $dbcon->error);
}
if (!$stmt->execute()) {
die('Error : (' . $dbcon->errno . ') ' . $dbcon->error);
}
$stmt->store_result();
<?php
require 'init.php';
$galleryQuery = $dbh->prepare("SELECT id, private, title, description FROM galleries WHERE id = :id");
$galleryQuery->execute(array(':id' => getVar('id')));
$gallery = $galleryQuery->fetch();
$picturesQuery = $dbh->prepare("SELECT id, number, gallery_id, name FROM pictures WHERE gallery_id = :id");
$picturesQuery->execute(array(':id' => getVar('id')));
$pictures = $picturesQuery->fetchAll();
if ($gallery['private'] && !isGuest()) {
render('403');
} else {
render('gallery', array('gallery' => $gallery, 'pictures' => $pictures));
}
<?php
require 'init.php';
$articlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE (articles.title LIKE CONCAT('%', :searchTitle ,'%') OR articles.description LIKE CONCAT('%', :searchDescription ,'%') OR articles.content LIKE CONCAT('%', :searchContent ,'%')) AND articles.private = 0 OR articles.private = :private LIMIT :start,4 ");
$articlesQuery->execute(array(':start' => getVar('page') * 4, ':private' => isGuest(), ':searchTitle' => getVar('search'), ':searchDescription' => getVar('search'), ':searchContent' => getVar('search')));
$articles = $articlesQuery->fetchAll();
$allArticlesQuery = $dbh->prepare("SELECT articles.id, articles.title, articles.description, categories.name AS category, articles.date FROM articles JOIN categories ON articles.category_id = categories.id WHERE (articles.title LIKE CONCAT('%', :searchTitle ,'%') OR articles.description LIKE CONCAT('%', :searchDescription ,'%') OR articles.content LIKE CONCAT('%', :searchContent ,'%')) AND articles.private = 0 OR articles.private = :private");
$allArticlesQuery->execute(array('private' => isGuest(), ':searchTitle' => getVar('search'), ':searchDescription' => getVar('search'), ':searchContent' => getVar('search')));
$maxPages = round($allArticlesQuery->rowCount() / 4);
$categoriesQuery = $dbh->prepare("SELECT id, name FROM categories ");
$categoriesQuery->execute();
$categories = $categoriesQuery->fetchAll();
$page = getVar('page') ? getVar('page') : 1;
render('index', array('articles' => $articles, 'categories' => $categories, 'url' => 'search.php', 'npage' => $page, 'maxPages' => $maxPages));
function tampilMenu()
{
if (cekSessiKunjung()) {
$menu = array('Home' => '?act=HomeKunjung', 'Data Komentar' => '?act=DataKomentar', 'Sign Out' => 'logout.php');
} elseif (cekSessiAdmin()) {
$menu = array('Informasi' => '?act=Home', 'About Program' => '?act=HomeAdmin', 'Sign Out' => 'logout.php');
} elseif (cekSessiKelas()) {
$menu = array('About Program' => '?act=HomeAdmin', 'Set Tahun & Bulan' => '?act=InputTahun&action=TAMBAH', 'Sign Out' => 'logout.php');
} else {
$menu = array('Informasi' => 'index.php?act=Home', 'About Program' => 'index.php?act=Kontak');
}
echo "<ul id=\"navlist\">";
$i = 0;
foreach ($menu as $key => $val) {
$i++;
if ($key == 'Sign Out') {
$klik = "onclick=\"return confirm('Yakinkah anda akan logout.?');\"";
}
if (isGuest()) {
if ($i == 1) {
$last = "class='current_page_item'";
}
} else {
if ($i == 1) {
$last = "class='current_page_item'";
}
}
echo "<li title='{$key}'><a href='{$val}' >{$key}</a></li>";
}
echo "</ul>";
}
$prod_price = $_POST["product_price"];
$customized = 1;
$prd_qry = "insert into products (price, mainimg, customized) VALUES (?, ?, ?)";
$ins_stmt = $dbcon->prepare($prd_qry);
if (!$ins_stmt) {
die('Prepare Error : (' . $dbcon->errno . ') ' . $dbcon->error);
}
$ins_stmt->bind_param('dsi', $prod_price, $customImgName, $customized);
if ($ins_stmt->execute()) {
$prodid = $ins_stmt->insert_id;
} else {
die('Insert Error : (' . $dbcon->errno . ') ' . $dbcon->error);
}
$ins_stmt->close();
$currUserEmail = isGuest() ? "guest" : getCurrentUserEmail();
$currUsertype = isGuest() ? "2" : "1";
$elem_qry = "INSERT into customdesign (`productid`, `elementid`,`leftPos`, `topPos`, `selectedImage`, `addedBy`, `addedByType` ) VALUES (?,?,?,?,?,?,?)";
$ins_stmt1 = $dbcon->prepare($elem_qry);
if (!$ins_stmt1) {
die('Prepare Error : (' . $dbcon->errno . ') ' . $dbcon->error);
}
foreach ($elements as $elem) {
$ins_stmt1->bind_param('iiiisss', $prodid, $elem['id'], $elem['leftPos'], $elem['topPos'], $elem['selectedImage'], $currUserEmail, $currUsertype);
if (!$ins_stmt1->execute()) {
die('Custom Insert Error : (' . $dbcon->errno . ') ' . $dbcon->error);
}
}
$ins_stmt1->close();
$result = "SUCCESS";
$earObj = array("pid" => $prodid, "imgName" => $customImgName, "price" => $prod_price);
$custEarrings[] = $earObj;
function section_sendmessage()
{
require_once 'lib/common.php';
$vars = array('pid', 'tid', 'f_ok_x', 'toteam', 'reply', 'f_subject', 'f_msg', 'replying', 'repid', 'mid', 'link', 'dup');
$s_playerid = $_SESSION['playerid'];
foreach ($vars as $var) {
${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
}
if (isGuest()) {
return errorPage('Not Authorized');
}
if ($dup) {
echo '<BR><CENTER>Duplicate mail not sent (refresh or back button detected)<BR>';
return;
}
if (isset($pid)) {
if ($toteam == 'yes' && isset($_POST['reply_team'])) {
$team = mysql_fetch_object(mysql_query("select l_team.id, name from l_team, l_player where l_player.id={$pid} and l_team.id=team"));
$tid = $team->id;
} else {
$toteam = 'no';
$player = mysql_fetch_object(mysql_query("select callsign from l_player where id={$pid}"));
}
}
if (isset($tid)) {
$team = mysql_fetch_object(mysql_query("select name from l_team where id={$tid}"));
}
$error = 1;
if ($f_ok_x) {
$error = 0;
$f_msg = stripslashes($f_msg);
if ($f_msg == '') {
$error = 1;
echo "<div class=error>You must write something to send a message</div>";
}
}
if ($error) {
if (isset($toteam)) {
if ($toteam == 'yes') {
$rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>';
} else {
$rcpt = '<a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>';
}
} else {
if (isset($tid)) {
$rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>';
} else {
$rcpt = 'player <a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>';
}
}
if (isset($reply)) {
$msg = mysql_fetch_object(mysql_query($sql = "select * from l_message where msgid={$mid}"));
$message = $msg->msg;
$f_subject = $msg->subject;
if (substr($f_subject, 0, 3) != 'Re:') {
$f_subject = 'Re: ' . $f_subject;
}
// Strip subject if it's too long
if (strlen($f_subject) > 80) {
$f_subject = substr($f_subject, 0, 80);
}
echo "<table border=0 align=center cellspacing=0 cellpadding=1>\n <tr class=tablehead><td>Original message:</td></tr>\n <tr class=msgquote><td>";
echo stripslashes(nl2br($message)) . '</td></tr></table><br>';
// Quote initial message
$f_msg = ereg_replace("\n", ">", ereg_replace("^", ">", $message));
$f_msg = $f_msg . "\n>\n";
$action = "Replying to ";
} else {
$action = "Sending a message to ";
}
echo '<center><form method=post>' . SID_FORM . $action . $rcpt . '.<br><br>
Enter your message below:<br>
Subject:<input type=text maxlength=80 size=60 name=f_subject value="' . $f_subject . '"><BR>
<textarea cols=50 rows=15 name=f_msg>' . stripslashes($f_msg) . '</textarea>
<hr><center>
<input type=hidden name=link value=' . $link . '>';
snFormInit();
echo '<TABLE><TR><TD>' . htmlFormButton('SEND', 'f_ok_x') . '</td><TD width=10></td><TD>';
if (isset($pid)) {
echo htmlURLbutton('Cancel', 'playerinfo', "id={$pid}", CLRBUT);
} else {
echo htmlURLbutton('Cancel', 'teaminfo', "id={$tid}", CLRBUT);
}
echo '</td></tr></table><input type=hidden name=link value=' . $link . '>';
if (isset($reply)) {
// Flag that we are replying to a message
echo '<input type=hidden name=replying value=1>';
echo '<input type=hidden name=repid value=' . $mid . '>';
}
if (isset($tid)) {
echo '<input type=hidden name=tid value=' . $tid . '>';
} else {
echo '<input type=hidden name=pid value=' . $pid . '>';
}
echo '</center></form></center>';
} else {
// Do send the message
echo "<center>Message sent, thank you!</center>";
snCheck('sendmessage', 'dup=1');
// If replying we mark the original message as replied
if (isset($replying)) {
mysql_query("update l_message set status='replied' where msgid={$repid}");
}
if (isset($pid)) {
if ($toteam == 'yes') {
// Send to a team
sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes');
} else {
// Send to one player
sendBzMail($s_playerid, $pid, $f_subject, $f_msg);
}
} else {
// Send to a team
sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes');
}
}
}
">News(CRUD)</a></li>
<li><a href="<?php
echo WEB . 'comments/crud';
?>
">Comments(CRUD)</a></li>
</ul>
</li>
<li class="authorized" id="li-logout" style="display: <?php
echo isAuthorized($isUserLoggedIn);
?>
"><a href="<?php
echo WEB . 'logout';
?>
">Logout</a></li>
<li class="guest" id="li-login" style="display: <?php
echo isGuest($isUserLoggedIn);
?>
"><a href="#">Login</a></li>
<li class="guest" id="li-form" style="display: none">
<form id="form-login" class="navbar-form form-signin" role="form" method="post" action="<?php
echo WEB . 'login';
?>
">
<div class="form-group">
<input type="text" class="form-control" id="_username" name="_username" placeholder="Username" maxlength="15" required autofocus>
</div>
<div class="form-group">
<input type="password" class="form-control" id="_password" name="_password" placeholder="Password" maxlength="20" required>
</div>
<div class="form-group">
<button type="submit" class="btn btn-default">
<nav class="nav-collapse collapse pull-right tales-nav">
<ul class="nav nav-pills">
<li>
<a href="index.php">Blog</a>
</li>
<li>
<a href="pictures.php">Pictures</a>
</li>
<li>
<a href="private.php<?php
if ((isGuest() || $private_access) && !$_GET['deco']) {
echo '?deco=true';
}
?>
"><?php
echo (isGuest() || $private_access) && !$_GET['deco'] ? 'Logout' : 'Login';
?>
</a>
</li>
<li>
<a href="about.php">Who are we?</a>
</li>
</ul>
</nav>
</div>
</div>
<div class="widewrapper subheader">
<div class="container">
<div class="tales-breadcrumb">
<a href="#"><?php
echo BLOG_DESCRIPTION;
