Пример #1
0
function process_data($values, $db)
{
    //	global $db;
    $sql = "INSERT INTO stories(cat_id, poster_id, dateposted, subject, body) VALUES(" . $values['cat_id'] . ", " . $_SESSION['SESS_USERID'] . ", NOW()" . ", '" . pf_fix_slashes($values['subject']) . "'" . ", '" . pf_fix_slashes($values['body']) . "');";
    $result = $db->query($sql);
    //	$result = mysql_query($sql);
}
Пример #2
0
function process_data($values)
{
    require "db.php";
    if ($values['cat_id'] == 0) {
        $sql = "INSERT INTO categories(category, parent)\nVALUES('" . pf_fix_slashes($values['category']) . "', 1);";
        $result = mysql_query($sql);
    } else {
        $sql = "INSERT INTO categories(category, parent)\nVALUES('" . pf_fix_slashes($values['category']) . "', 0);";
        $result = mysql_query($sql);
        $insertid = mysql_insert_id();
        $relatesql = "INSERT INTO cat_relate(parent_id, child_id)\nVALUES(" . $values['cat_id'] . ", " . $insertid . ");";
        $relateresult = mysql_query($relatesql);
    }
}
Пример #3
0
<?php

session_start();
require "config.php";
require "db.php";
require "functions.php";
if ($_SESSION['SESS_USERNAME']) {
    header("Location: " . $config_basedir . "userhome.php");
}
if ($_POST['submit']) {
    $sql = "SELECT * FROM users WHERE username = '******'username']) . "' AND password = '******'password'])) . "'";
    //	$result = mysql_query($sql);
    //	$numrows = mysql_num_rows($result);
    $result = $db->query($sql);
    $numrows = $result->rowCount();
    if ($numrows == 1) {
        //		$row = mysql_fetch_assoc($result);
        $row = $result->fetchAll(PDO::FETCH_ASSOC);
        //		session_register("SESS_USERNAME");
        //		session_register("SESS_USERID");
        //		session_register("SESS_USERLEVEL");
        $_SESSION['SESS_USERNAME'] = $row[0]['username'];
        $_SESSION['SESS_USERID'] = $row[0]['id'];
        $_SESSION['SESS_USERLEVEL'] = $row[0]['level'];
        header("Location: " . $config_basedir);
    } else {
        header("Location: " . $config_basedir . "/userlogin.php?error=1");
    }
} else {
    require "header.php";
    echo "<h1>Login</h1>";
Пример #4
0
    header("Location: " . $config_basedir . "login.php");
}
if ($_POST['submit']) {
    $authsql = "SELECT * FROM subjects WHERE id = " . $validsubject . " AND owner_id = " . $_SESSION['SESS_USERID'] . ";";
    //	$authresult = mysql_query($authsql);
    //	$authnumrows = mysql_num_rows($authresult);
    $authresult = $db->query($authsql);
    $authnumrows = $authresult->rowCount();
    if ($authnumrows == 1) {
        $qsql = "INSERT INTO questions(topic_id, question, answer, addedby_id, dateadded, active) VALUES(" . $_POST['topic'] . ", '" . pf_fix_slashes($_POST['question']) . "', '" . pf_fix_slashes($_POST['answer']) . "', " . $_SESSION['SESS_USERID'] . ", NOW()" . ", 1);";
        //$qresult = mysql_query($qsql);
        $qresult = $db->query($qsql);
        header("Location: " . $config_basedir . "answer.php?id=" . mysql_insert_id());
        header("Location: " . $config_basedir . "answer.php?id=" . $db->lastInsertId());
    } else {
        $qsql = "INSERT INTO questions(topic_id, question, answer, addedby_id, dateadded, active) VALUES(" . $_POST['topic'] . ", '" . pf_fix_slashes($_POST['question']) . "', '" . pf_fix_slashes($_POST['answer']) . "', " . $_SESSION['SESS_USERID'] . ", NOW()" . ", 0);";
        //		$qresult = mysql_query($qsql);
        $qresult = $db->query($qsql);
        require "header.php";
        echo "<h1>Awaiting moderation</h1>";
        echo "Your question requires moderator approval before it is posted.";
    }
} else {
    require "header.php";
    $subsql = "SELECT * FROM subjects WHERE id = " . $validsubject . ";";
    //	$subq = mysql_query($subsql);
    //	$subrow = mysql_fetch_assoc($subq);
    $subq = $db->query($subsql);
    $subrow = $subq->fetchAll(PDO::FETCH_ASSOC);
    $toplistsql = "SELECT * FROM topics WHERE subject_id = " . $validsubject . " ORDER BY name ASC;";
    //	$toplistresult = mysql_query($toplistsql);
Пример #5
0
<?php

require_once "../project_functions.php";
pf_protect_admin_page();
if ($_POST['submit']) {
    $inssql = "INSERT INTO homeproject_projects(name, about, pathname) VALUES(" . "'" . pf_fix_slashes($_POST['name']) . "', '" . pf_fix_slashes($_POST['about']) . "', '" . pf_fix_slashes($_POST['pathname']) . "');";
    //		mysql_query($inssql);
    $db->query($inssql);
    header("Location: " . $config_projectadminbasedir . basename($_SERVER['SCRIPT_NAME']));
} else {
    ?>
		<h1>New Project</h1>
		<form action="<?php 
    echo $_SERVER['SCRIPT_NAME'];
    ?>
?func=newproject" method="POST">
		<table>
		<tr>
			<td>Project Name</td>
			<td><input type="text" name="name" value="<?php 
    echo $row['name'];
    ?>
"></td>
		</tr>
		<tr>
			<td>Path Name</td>
			<td><input type="text" name="pathname" value="<?php 
    echo $row['pathname'];
    ?>
"></td>
		</tr>
Пример #6
0
session_start();
require "config.php";
require "functions.php";
if (pf_check_number($_GET['subject']) == TRUE) {
    $validsubject = $_GET['subject'];
} else {
    header("Location: " . $config_basedir);
}
require "header.php";
if ($_POST['submit']) {
    $appsql = "SELECT * FROM mod_subowner WHERE sub_id = " . $validsubject . " AND user_id = '" . $_SESSION['SESS_USERID'] . "';";
    //	$appresult = mysql_query($appsql);
    $appresult = $db->query($appsql);
    //	if(mysql_num_rows($appresult) == 0) {
    if ($appresult->rowCount() == 0) {
        $inssql = "INSERT INTO mod_subowner(sub_id, user_id, reasons) VALUES(" . $_GET['subject'] . "," . $_SESSION['SESS_USERID'] . ",'" . pf_fix_slashes($_POST['reasons']) . "');";
        //		mysql_query($inssql);
        $db->query($inssql);
        echo "<h1>Application Submitted</h1>";
        echo "Your application has been submitted. You will be emailed with the decision.";
    } else {
        echo "<h1>Already Applied</h1>";
        echo "<p>You have already made an application for this subject.</p>";
    }
} else {
    $subsql = "SELECT subject FROM subjects WHERE id = " . $validsubject . ";";
    //	$subresult = mysql_query($subsql);
    //	$subrow = mysql_fetch_assoc($subresult);
    $subresult = $db->query($subsql);
    $subrow = $subresult->fetchAll(PDO::FETCH_ASSOC);
    ?>
Пример #7
0
<?php

require_once "../project_functions.php";
pf_protect_admin_page();
$sql = "SELECT * FROM homeproject_projects WHERE id = " . $_SESSION['SESS_PROJECTID'] . ";";
//	$result = mysql_query($sql);
//	$row = mysql_fetch_assoc($result);
$result = $db->query($sql);
$row = $result->fetchAll(PDO::FETCH_ASSOC);
if ($_POST['submit']) {
    $updsql = "UPDATE homeproject_projects SET" . " name = '" . pf_fix_slashes($_POST['name']) . "'" . ", about = '" . pf_fix_slashes($_POST['about']) . "'" . ", pathname = '" . pf_fix_slashes($_POST['pathname']) . "'" . " WHERE id =" . $_SESSION['SESS_PROJECTID'] . ";";
    //		mysql_query($updsql);
    $db->query($updsql);
    echo "<h1>Updated</h1>";
    echo "Project settings have been updated.";
} else {
    ?>
		<h1>Project Information</h1>
		<form action="<?php 
    echo $_SERVER['SCRIPT_NAME'];
    ?>
?func=general" method="POST">
		<table>
		<tr>
			<td>Project Name</td>
			<td><input type="text" name="name" value="<?php 
    echo $row[0]['name'];
    ?>
"></td>
		</tr>
		<tr>
Пример #8
0
<?php

session_start();
require "db.php";
require "functions.php";
if (isset($_SESSION['SESS_ADMINUSER']) == FALSE) {
    header("Location: " . $config_basedir . "adminlogin.php");
}
if ($_POST['submit']) {
    $subsql = "INSERT INTO subjects(subject, blurb, owner_id) VALUES(" . "'" . pf_fix_slashes($_POST['subject']) . "', '" . pf_fix_slashes($_POST['blurb']) . "'," . $_POST['owner'] . ");";
    //	mysql_query($subsql);
    $db->query($subsql);
    header("Location: " . $config_basedir);
} else {
    require "header.php";
    ?>
	<h1>Add a new subject</h1>
	
	<form action="<?php 
    echo $_SERVER['SCRIPT_NAME'];
    ?>
" method="post">
	<table cellpadding="5">
	<tr>
		<td>Subject</td>
		<td><input type="text" name="subject"></td>
	</tr>
	<tr>
		<td>Owner</td>
		<td>
		<select name="owner">
Пример #9
0
}
if (isset($_SESSION['SESS_USERNAME']) == TRUE) {
    $authsql = "SELECT * FROM subjects WHERE owner_id = " . $_SESSION['SESS_USERID'] . " ORDER BY subject ASC;";
    //	$authresult = mysql_query($authsql);
    //	$authnumrows = mysql_num_rows($authresult);
    $authresult = $db->query($authsql);
    $authnumrows = $authresult->rowCount();
    if ($authnumrows >= 1) {
        $auth = 1;
    }
}
if ($auth != 1) {
    header("Location: " . $config_basedir);
}
if ($_POST['submit']) {
    $sql = "INSERT INTO topics(subject_id, name) VALUES(" . "'" . $_POST['subject'] . "', '" . pf_fix_slashes($_POST['name']) . "');";
    //	mysql_query($sql);
    $db->query($sql);
    header("Location: " . $config_basedir . "index.php?subject=" . $_POST['subject']);
} else {
    require "header.php";
    ?>
	<h1>Add a new topic</h1>
	
	<form action="<?php 
    echo $_SERVER['SCRIPT_NAME'];
    ?>
" method="post">
	<table cellpadding="5">
	<tr>
		<td>Subject</td>
Пример #10
0
<?php

session_start();
require "db.php";
require "functions.php";
if (pf_check_number($_GET['id']) == TRUE) {
    $validid = $_GET['id'];
} else {
    header("Location: " . $config_basedir);
}
if ($_POST['submit']) {
    $qsql = "INSERT INTO comments(question_id, title, comment, user_id) VALUES('" . $validid . "','" . pf_fix_slashes($_POST['titleBox']) . "','" . pf_fix_slashes($_POST['commentBox']) . "', '" . $SESS_USERID . "')";
    //mysql_query($qsql);
    $db->query($qsql);
    header("Location: " . $config_basedir . "answer.php?id=" . $validid);
} else {
    require "header.php";
    $qsql = "SELECT questions.question, questions.dateadded, questions.answer, users.username  FROM questions, users WHERE addedby_id = users.id AND questions.id = " . $_GET['id'] . " AND active = 1;";
    //	$qresult = mysql_query($qsql);
    //	$qrow = mysql_fetch_assoc($qresult);
    $qresult = $db->query($qsql);
    $qrow = $qresult->fetchAll(PDO::FETCH_ASSOC);
    //if(mysql_num_rows($qresult) == 0) {
    if ($qresult->rowCount() == 0) {
        echo "No Questions";
    } else {
        echo "<h1>" . $qrow[0]['question'] . "</h1>";
        echo "Added by <strong>" . $qrow[0]['username'] . "</strong> on " . date("D jS F Y g.iA", strtotime($qrow[0]['dateadded']));
        echo "<p>";
        echo $qrow[0]['answer'];
        echo "</p>";