<?php // Check mandatory values are set if (isset($_GET['fname']) && $_GET['fname'] != '' && (isset($_GET['lname']) && $_GET['lname'] != '') && (isset($_GET['position']) && $_GET['position'] != '') && (isset($_GET['business']) && $_GET['business'] != '')) { require dirname(__FILE__) . '/../../pdo.inc'; $fname = $_GET['fname']; $lname = $_GET['lname']; $position = $_GET['position']; $business = $_GET['business']; $link = $_GET['link']; // Statement to insert staff row into database $stmt = 'INSERT INTO hierarchy (fName,lName,position,business,link) VALUES (?,?,?,?,?);'; // Insert staff row prepare_and_execute($stmt, array($fname, $lname, $position, $business, $link)); echo '1'; }
$errors['property'] = "Property isn't selected"; } if ($_POST['staff'] == '') { // Staff member not selected $errors['staff'] = "Staff member isn't selected"; } if (!isset($errors['property']) && !isset($errors['staff'])) { $property = intval($_POST['property']); $staff = $_POST['staff']; // Check if allocation already exists $query = 'SELECT * FROM allocation WHERE property = ? AND staff = ?'; $result = select($query, array($property, $staff), false); if ($result == false) { // Insert allocation row in table $stmt = "INSERT INTO allocation VALUES (?,?);"; prepare_and_execute($stmt, array($property, $staff)); echo "<label>{$staff} is allocated to <a href='http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$property}'>Property {$property}</a></label><br><br>"; } else { echo '<label>Staff member is already allocated to this property</label>'; } include $relative . 'data/php/staff/allocate.inc'; } else { include $relative . 'data/php/staff/allocate.inc'; } } else { include $relative . 'data/php/staff/allocate.inc'; } } else { // User isn't admin echo "User must be logged into an administrator account to set allocate staff to properties"; }
} else { $_POST['furnished'] = 0; } $params = array($_POST['rent'], intval($_POST['bed']), $_POST['furnished'], intval($_POST['type']), $_POST['description'], $rules); // Statement to update property row into database $updateStmt = "UPDATE property SET rent = ?, bedrooms = ?, furnished = ?, propertyType = ?, description = ?, rules = ?"; if (isset($_POST['bath']) && $_POST['bath'] != '') { $updateStmt = $updateStmt . ', bathrooms = ?'; array_push($params, intval($_POST['bath'])); } else { $updateStmt = $updateStmt . ', bathrooms = NULL'; } $updateStmt = $updateStmt . ' WHERE id = ?;'; array_push($params, intval($_GET['id'])); // Update property prepare_and_execute($updateStmt, $params); // Notify tenants that the property's details have been changed // Get tenant's email $tenantQuery = 'SELECT tenant.email FROM property INNER JOIN tenant ON property.id = tenant.property WHERE tenant.property = ?;'; $tenant = select($tenantQuery, array(intval($_GET['id'])), false); if ($tenant != false) { // Property has a tenant $tenant = $tenant[0]; // Get tenant's email require $relative . 'data/php/email/email.inc'; // Redirect to property's page header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$_GET['id']}"); notifyDetails($tenant, $_GET['id']); } else { // Redirect to property's page header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$_GET['id']}");
prepare_and_execute($stmt, array($business, $title)); // Get new survey's id $surveyIdQuery = 'SELECT MAX(id) FROM survey;'; $surveyId = select($surveyIdQuery, array(), false); if ($surveyId != false) { // Insert survey question rows $questionStmt = 'INSERT INTO surveyquestion (survey,question) VALUES '; $questionStmtParams = array(); foreach ($questions as $question) { $questionStmt = $questionStmt . '(?,?),'; array_push($questionStmtParams, $surveyId[0]); array_push($questionStmtParams, $question); } $questionStmt = rtrim($questionStmt, ',') . ';'; // Removes last comma from statement and adds semicolon to close statement prepare_and_execute($questionStmt, $questionStmtParams); // Get name of creator for activity $businessNameQuery = 'SELECT name FROM business WHERE userEmail = ?'; $nameFound = false; while (!$nameFound) { $name = select($businessNameQuery, array($business), false); if ($name != false) { // Found name $businessName = $name[0]; $nameFound = true; } } create_activity($business, 'survey', json_encode(array($businessName . ' has created a new survey', $surveyId[0]))); echo '1'; } }
$requestQuery = 'SELECT requester, requestee, ignored FROM alliancerequest WHERE (requester = ? AND requestee = ?) OR (requester = ? AND requestee = ?);'; $requestInfo = select($requestQuery, array($_GET['user'], $_GET['email'], $_GET['email'], $_GET['user']), false); if ($requestInfo != false) { // Alliance has been requested, determine which user made request $businessObj['allyRequested'] = true; if ($requestInfo[0] == $_GET['user']) { $businessObj['userRequested'] = true; } else { $businessObj['userRequested'] = false; if ($requestInfo[2] == 1) { $businessObj['requestIgnored'] = true; } else { $businessObj['requestIgnored'] = false; } } } else { $businessObj['allyRequested'] = false; } } $endorsementCntQuery = 'SELECT endorser FROM endorsement WHERE endorser = ?'; $endorsements = prepare_and_execute($endorsementCntQuery, array($_GET['email'])); $businessObj['endorsementCnt'] = $endorsements->rowCount(); $endorserCntQuery = 'SELECT endorser FROM endorsement WHERE endorsee = ?'; $endorsers = prepare_and_execute($endorserCntQuery, array($_GET['email'])); $businessObj['endorserCnt'] = $endorsers->rowCount(); $allianceCntQuery = 'SELECT user2 FROM alliance WHERE user1 = ? UNION SELECT user1 FROM alliance WHERE user2 = ?;'; $alliances = prepare_and_execute($allianceCntQuery, array($_GET['email'], $_GET['email'])); $businessObj['allianceCnt'] = $alliances->rowCount(); echo json_encode($businessObj); } }
<?php // Check if parameters are set if (isset($_GET['email']) && $_GET['email'] != '' && (isset($_GET['oldPass']) && $_GET['oldPass'] != '') && (isset($_GET['newPass']) && $_GET['newPass'] != '')) { // Check if old password is correct require dirname(__FILE__) . '/../../pdo.inc'; $salt = uniqid(); $email = $_GET['email']; $oldPassword = $_GET['oldPass']; $newPassword = $_GET['newPass']; // query to check if email exists and password matches $query = 'SELECT email FROM user WHERE email = ? AND password = SHA2(CONCAT(?, salt), 0)'; // Execute query and get results $result = select($query, array($email, $oldPassword), false); if ($result != false) { // Email exists in database and password matches, change password $stmt = 'UPDATE user SET salt = ?, password = SHA2(CONCAT(?, ?), 0) WHERE email = ?;'; prepare_and_execute($stmt, array($salt, $newPassword, $salt, $email)); echo '1'; } else { echo '-1'; } }
$canEdit = false; if ($_SESSION['type'] == 3) { // User had admin privileges $canEdit = true; } else { if ($_SESSION['type'] == 1) { // User is an owner, check if they own the property $canEdit = isOwner(intval($_GET['id']), $_SESSION['user']); } } if ($canEdit) { // Check that user can edit this property // Statement to update onMarket field for property row in database $stmt = "UPDATE property SET onMarket = 0 WHERE id = ?;"; // Update property prepare_and_execute($stmt, array($_GET['id'])); // Redirect to property's page header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$_GET['id']}"); } else { echo '<label>User cannot take this property off the market</label>'; } } else { echo '<label>Property ID parameter must be set</label>'; } } else { header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}user/login.php"); } ?>
<?php // Check values are set if (isset($_GET['email']) && $_GET['email'] != '' && (isset($_GET['pass']) && $_GET['pass'] != '') && (isset($_GET['name']) && $_GET['name'] != '') && isset($_GET['summary'])) { $salt = uniqid(); // Check if email exists in user table require dirname(__FILE__) . '/../../pdo.inc'; $email = $_GET['email']; $pass = $_GET['pass']; $name = $_GET['name']; $summary = $_GET['summary']; // query $query = 'SELECT email FROM user WHERE email = ?;'; // Execute query and get results $result = select($query, array($email), false); if ($result == false) { // Email doesn't exist in database // Statement to insert user row into database $stmt = 'INSERT INTO user (email, salt, password, usertype) VALUES (?,?,SHA2(CONCAT(?,?),0),1);'; // Insert user row prepare_and_execute($stmt, array($email, $salt, $pass, $salt)); // Statement to insert business row into database $stmt = 'INSERT INTO business (userEmail, name, summary) VALUES (?, ?, ?);'; // Insert business row prepare_and_execute($stmt, array($email, $name, $summary)); echo '1'; } else { // Email doesn't exist in database echo '0'; } }
while (!$nameFound) { $name = select($businessNameQuery, array($business), false); if ($name != false) { // Found name $businessName = $name[0]; $nameFound = true; } } // Push notification to requestee push_notification($business, 'New endorser', $userName . ' endorses you', 'BusinessPage', json_encode($parameters), $user); // Create activity for new endorsement create_activity($user, 'endorsement', json_encode(array($userName . ' has endorsed ' . $businessName, $business))); // Check if user earned new badge // Get updated number of endorsements $endorsementCntQuery = 'SELECT endorser FROM endorsement WHERE endorsee = ?'; $endorsements = prepare_and_execute($endorsementCntQuery, array($business)); $newEndorseCnt = $endorsements->rowCount(); $newBadge = false; if ($curEndorseCnt < 5 && $newEndorseCnt >= 5) { // Business moved from no badge to bronze badge $newBadge = 'bronze'; } else { if ($curEndorseCnt < 10 && $newEndorseCnt >= 10) { // Business moved from bronze badge to silver badge $newBadge = 'silver'; } else { if ($curEndorseCnt < 20 && $newEndorseCnt >= 20) { // Business moved from silver badge to gold badge $newBadge = 'gold'; } else { if ($curEndorseCnt < 40 && $newEndorseCnt >= 40) {
// Check mandatory values are set if (isset($_GET['business']) && $_GET['business'] != '' && (isset($_GET['title']) && $_GET['title'] != '') && (isset($_GET['content']) && $_GET['content'] != '')) { require dirname(__FILE__) . '/../../../pdo.inc'; $business = $_GET['business']; if (!isset($_GET['category']) || $_GET['category'] == '') { $category = null; } else { $category = intval($_GET['category']); } $title = $_GET['title']; $content = $_GET['content']; // Statement to insert forum post row into database $stmt = 'INSERT INTO forumpost (parentId,postBusiness,category,title,content,groupId,closed) VALUES (NULL,?,?,?,?,NULL,0);'; // Insert forum post row prepare_and_execute($stmt, array($business, $category, $title, $content)); // Get new post's id $postIdQuery = 'SELECT MAX(id) FROM forumpost;'; $postId = select($postIdQuery, array(), false); if ($postId != false) { // Get name of creator for activity $businessNameQuery = 'SELECT name FROM business WHERE userEmail = ?'; $nameFound = false; while (!$nameFound) { $name = select($businessNameQuery, array($business), false); if ($name != false) { // Found name $businessName = $name[0]; $nameFound = true; } }
<?php // Check mandatory values are set if (isset($_GET['postId']) && $_GET['postId'] != '' && (isset($_GET['business']) && $_GET['business'] != '') && (isset($_GET['reply']) && $_GET['reply'] != '')) { require dirname(__FILE__) . '/../../../pdo.inc'; $id = intval($_GET['postId']); $replier = $_GET['business']; $reply = $_GET['reply']; // Statement to insert post reply row into database $stmt = 'INSERT INTO postreply (postId,postEmail,reply) VALUES (?,?,?);'; // Insert post reply row prepare_and_execute($stmt, array($id, $replier, $reply)); // Get name of requester for notification $userNameQuery = 'SELECT name FROM business WHERE userEmail = ?'; $nameFound = false; while (!$nameFound) { $name = select($userNameQuery, array($replier), false); if ($name != false) { // Found name $userName = $name[0]; $nameFound = true; } } // Get email of post owner and title of post $postDetailsQuery = 'SELECT title, postBusiness FROM forumpost WHERE id = ?;'; $detailsFound = false; while (!$detailsFound) { $details = select($postDetailsQuery, array($id), false); if ($details != false) { $postTitle = $details[0]; $business = $details[1];
<?php if (isset($_GET['send']) && $_GET['send'] != '' && (isset($_GET['receive']) && $_GET['receive'] != '') && (isset($_GET['time']) && $_GET['time'] != '')) { require dirname(__FILE__) . '/../../pdo.inc'; // Statement to delete message row from database $deleteStmt = 'DELETE FROM message WHERE send = ? AND receive = ? AND time = ?;'; // Delete message prepare_and_execute($deleteStmt, array($_GET['send'], $_GET['receive'], $_GET['time'])); echo '1'; } else { echo '0'; }
$user = select($query, array($_SESSION['user'], $_POST['pass']), false); if ($user != false) { // Old password is correct // Check new password isn't the same if ($_POST['pass'] == $_POST['newPass']) { $errors['newPass'] = '******'; include $relative . 'data/php/user/change/password.inc'; } else { // Change password // Update new password for user's row in user table $pass = $_POST['newPass']; $salt = uniqid(); $email = $_SESSION['user']; // query to update details $stmt = "UPDATE user SET salt = ?, password = SHA2(CONCAT(?,?),0) WHERE email = ?"; prepare_and_execute($stmt, array($salt, $pass, $salt, $email)); echo '<label><b>Password changed</b></label>'; include $relative . 'data/php/user/change/password.inc'; } } else { $errors['pass'] = '******'; include $relative . 'data/php/user/change/password.inc'; } } else { // form is invalid include $relative . 'data/php/user/change/password.inc'; } } else { include $relative . 'data/php/user/change/password.inc'; } } else {
<?php if (isset($_GET['user']) && $_GET['user'] != '' && (isset($_GET['business']) && $_GET['business'] != '')) { require dirname(__FILE__) . '/../../pdo.inc'; // Statement to delete all message rows from database $deleteStmt = 'DELETE FROM message WHERE (send = ? AND receive = ?) OR (receive = ? AND send = ?);'; // Delete message prepare_and_execute($deleteStmt, array($_GET['user'], $_GET['business'], $_GET['user'], $_GET['business'])); echo '1'; } else { echo '0'; }
<?php // Check mandatory values are set if (isset($_GET['survey']) && $_GET['survey'] != '' && (isset($_GET['user']) && $_GET['user'] != '') && (isset($_GET['answers']) && $_GET['answers'] != '')) { require dirname(__FILE__) . '/../../pdo.inc'; $answerer = $_GET['user']; $survey = intval($_GET['survey']); $answers = json_decode($_GET['answers']); // Insert survey question answer rows $answersStmt = 'INSERT INTO surveyanswer (question,answer) VALUES '; $answersStmtParams = array(); foreach ($answers as $answer) { $answersStmt = $answersStmt . '(?,?),'; array_push($answersStmtParams, intval($answer[0])); array_push($answersStmtParams, intval($answer[1])); } $answersStmt = rtrim($answersStmt, ',') . ';'; // Removes last comma from statement and adds semicolon to close statement prepare_and_execute($answersStmt, $answersStmtParams); // Insert row into surveyAnswerer table to indicate user answered survey $insert = 'INSERT INTO surveyanswerer (survey,answerer) VALUES (?,?);'; prepare_and_execute($insert, array($survey, $answerer)); echo '1'; }
<?php // Check mandatory values are set if (isset($_GET['business']) && $_GET['business'] != '' && (isset($_GET['user']) && $_GET['user'] != '')) { require dirname(__FILE__) . '/../../pdo.inc'; $business = $_GET['business']; $user = $_GET['user']; // Statement to delete endorsement row into database $deleteStmt = 'DELETE FROM endorsement WHERE endorser = ? AND endorsee = ?;'; prepare_and_execute($deleteStmt, array($user, $business)); echo '1'; }
<?php if (isset($_GET['email']) && $_GET['email'] != '') { require dirname(__FILE__) . '/../../pdo.inc'; $email = $_GET['email']; $stmt = 'DELETE FROM business WHERE userEmail = ?;'; // Delete business row prepare_and_execute($stmt, array($email)); $stmt = 'DELETE FROM user WHERE email = ?;'; // Delete user row prepare_and_execute($stmt, array($email)); echo '1'; }
} validate_name($errors, $_POST["lname"], 'lname', 'a valid last name'); validate_phone($errors, $_POST["phone"]); validate_email($errors, $_POST['email']); if (!isset($errors['fname']) && !isset($errors['mnames']) && !isset($errors['lname']) && !isset($errors['phone']) && !isset($errors['email'])) { // No errors, form is valid require $relative . 'data/php/database/pdo.inc'; $fname = trim($_POST['fname']); $mnames = trim($_POST['mnames']); $lname = trim($_POST['lname']); $phone = trim($_POST['phone']); $email = trim($_POST["email"]); // Statement to insert tenant row into database $stmt = 'INSERT INTO tenant (fName, mNames, lName, phoneNo, email) VALUES (?,?,?,?,?);'; // Insert tenant prepare_and_execute($stmt, array($fname, $mnames, $lname, $phone, $email)); echo '<label>Tenant created</label>'; include $relative . 'data/php/property/create-tenant.inc'; } else { // form is invalid include $relative . 'data/php/property/create-tenant.inc'; } } else { include $relative . 'data/php/property/create-tenant.inc'; } } else { echo '<label>User does not have permission to create tenants</label>'; } } else { header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}user/login.php"); }
<?php // Check mandatory value is set if (isset($_GET['user']) && $_GET['user'] != '') { require dirname(__FILE__) . '/../pdo.inc'; $user = $_GET['user']; // DELETE PROMPTS OLDER THAN 10 DAYS TO REDUCE SIZE OF TABLE $stmt = 'DELETE FROM prompt WHERE datediff(now(), prompt.time) > 10 AND user = ?'; prepare_and_execute($stmt, array($user)); // Get latest prompts $query = 'SELECT title, message, page, param, time, sender FROM prompt WHERE user = ? ORDER BY time DESC;'; $prompts = select($query, array($user), true); $promptsArr = array(); if ($prompts != false) { // Prompts returned foreach ($prompts as $prompt) { $promptArr = array(); $promptArr['Sender'] = $prompt['sender']; $promptArr['Title'] = $prompt['title']; $promptArr['Message'] = $prompt['message']; $promptArr['Page'] = $prompt['page']; $promptArr['Parameters'] = $prompt['param']; $promptArr['Time'] = $prompt['time']; array_push($promptsArr, $promptArr); } } echo json_encode($promptsArr); }
<?php // Check mandatory values are set if (isset($_GET['id']) && $_GET['id'] != '' && (isset($_GET['title']) && $_GET['title'] != '')) { require dirname(__FILE__) . '/../../pdo.inc'; $title = $_GET['title']; if ($_GET['cost'] == '') { $cost = null; } else { $cost = $_GET['cost']; } $description = $_GET['description']; $id = intval($_GET['id']); $link = $_GET['link']; // Statement to update service row in database $stmt = 'UPDATE service SET service = ?, description = ?, price = ?, link = ? WHERE id = ?;'; // Update service row prepare_and_execute($stmt, array($title, $description, $cost, $link, $id)); echo '1'; }
$phone = trim($_POST['phone']); $type = intval($_POST['type']); // query $query = "SELECT * FROM user WHERE email = ?"; // Execute query and get results $result = select($query, array($email), false); if ($result != false) { // Email already exists in database $errors['email'] = 'Email is already taken'; include $relative . 'data/php/user/create.inc'; } else { // Email doesn't exist in database // Statement to insert user row into database $query = "INSERT INTO user (email, salt, password, fName, mNames, lName, phoneNo, userType) VALUES (?,?,SHA2(CONCAT(?,?),0),?,?,?,?,?);"; // Insert account prepare_and_execute($query, array($email, $salt, $password, $salt, $fname, $mnames, $lname, $phone, $type)); echo '<label>User created</label>'; include $relative . 'data/php/user/create.inc'; } } else { // form is invalid include $relative . 'data/php/user/create.inc'; } } else { include $relative . 'data/php/user/create.inc'; } } else { echo '<label>User does not have permission to create other users</label>'; } } else { header("Location: http://{$_SERVER['HTTP_HOST']}/user/login.php");
} else { $day1 = intval($_POST['day1']); $time1 = $_POST['time1'] . ':00'; } if ($_POST['day2'] == '') { $day2 = null; $time2 = null; } else { $day2 = intval($_POST['day2']); $time2 = $_POST['time2'] . ':00'; } } // Statement to update property row into database $updateStmt = 'UPDATE property SET inspection1Day = ?, inspection1Time = ?, inspection2Day = ?, inspection2Time = ? WHERE id = ?;'; // Update property's inspection times prepare_and_execute($updateStmt, array($day1, $time1, $day2, $time2, intval($_GET['id']))); // Redirect to property's page header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$_GET['id']}"); } else { include $relative . 'data/php/property/inspections.inc'; } } else { include $relative . 'data/php/property/inspections.inc'; } } else { echo '<label>User cannot set inspection time for this property</label>'; } } else { echo '<label>Property ID parameter must be set</label>'; } } else {
<?php if (isset($_GET['id'])) { require dirname(__FILE__) . '/../../pdo.inc'; // Statement to delete staff row from database $deleteStmt = 'DELETE FROM hierarchy WHERE id = ?;'; // Delete staff prepare_and_execute($deleteStmt, array($_GET['id'])); echo '1'; } else { echo '0'; }
<?php // Check mandatory values are set if (isset($_GET['id']) && $_GET['id'] != '') { require dirname(__FILE__) . '/../../../pdo.inc'; $id = intval($_GET['id']); // Statement to update closed field in the forum post row into database $stmt = 'UPDATE forumpost SET closed = 1 WHERE id = ?;'; // Update forum post row prepare_and_execute($stmt, array($id)); echo '1'; }
<?php // Check mandatory values are set if (isset($_GET['business']) && $_GET['business'] != '' && (isset($_GET['id']) && $_GET['id'] != '')) { require dirname(__FILE__) . '/../../../pdo.inc'; $business = $_GET['business']; $id = intval($_GET['id']); // Statement to update photo id field for profile picture in business row in database $stmt = 'UPDATE business SET logo = ? WHERE userEmail = ?;'; // Set profile picture id prepare_and_execute($stmt, array($id, $business)); echo '1'; }
$insertStmt = "INSERT INTO property (owner, buildingNo, streetName, suburb, city, state, postcode, rent, bedrooms, furnished, propertyType, description, rules, bathrooms, apartmentNo, onMarket) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?"; if (isset($_POST['bath']) && $_POST['bath'] != '') { $insertStmt = $insertStmt . ', ?'; array_push($params, intval($_POST['bath'])); } else { $insertStmt = $insertStmt . ', NULL'; } if (isset($_POST['apartmentNo']) && $_POST['apartmentNo'] != '') { $insertStmt = $insertStmt . ', ?'; array_push($params, intval($_POST['apartmentNo'])); } else { $insertStmt = $insertStmt . ', NULL'; } $insertStmt = $insertStmt . ', 1);'; // Insert property prepare_and_execute($insertStmt, $params); // Get latest property id $idQuery = 'SELECT id FROM property ORDER BY id DESC LIMIT 1'; $prprtyId = select($idQuery, array(), false); $newId = $prprtyId['id']; header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$newId}"); } else { include $relative . 'data/php/property/add.inc'; } } else { include $relative . 'data/php/property/add.inc'; } } else { echo '<label>User cannot add a property</label>'; } } else {
<?php // Check if parameters are set if (isset($_GET['oldEmail']) && $_GET['oldEmail'] != '' && (isset($_GET['newEmail']) && $_GET['newEmail'] != '')) { // Check if new email exists require dirname(__FILE__) . '/../../pdo.inc'; $oldEmail = $_GET['oldEmail']; $newEmail = $_GET['newEmail']; // query to check if new email exists $query = 'SELECT email FROM user WHERE email = ?;'; // Execute query and get results $result = select($query, array($newEmail), false); if ($result == false) { // Email doesn't exist in database, change email $stmt = 'UPDATE user SET email = ? WHERE email = ?;'; prepare_and_execute($stmt, array($newEmail, $oldEmail)); echo '1'; } else { echo '-1'; } }
<?php // Check mandatory values are set if (isset($_GET['title']) && $_GET['title'] != '' && (isset($_GET['business']) && $_GET['business'] != '')) { require dirname(__FILE__) . '/../../pdo.inc'; $title = $_GET['title']; if ($_GET['cost'] == '') { $cost = null; } else { $cost = $_GET['cost']; } $description = $_GET['description']; $business = $_GET['business']; $link = $_GET['link']; // Statement to insert service row into database $stmt = 'INSERT INTO service (business,service,description,price,link) VALUES (?,?,?,?,?);'; // Insert service row prepare_and_execute($stmt, array($business, $title, $description, $cost, $link)); echo '1'; }
if ($_GET['buildingNo'] == '') { $buildingNo = null; } else { $buildingNo = intval($_GET['buildingNo']); } if ($_GET['streetName'] == '') { $streetName = null; } else { $streetName = $_GET['streetName']; } if ($_GET['city'] == '') { $city = null; } else { $city = $_GET['city']; } if ($_GET['state'] == '') { $state = null; } else { $state = $_GET['state']; } if ($_GET['postcode'] == '') { $postcode = null; } else { $postcode = $_GET['postcode']; } // Statement to update business row in database $stmt = 'UPDATE business SET apartmentNo = ?, buildingNo = ?, streetName = ?, city = ?, state = ?, postcode = ? WHERE userEmail = ?;'; // Update business row with new address details prepare_and_execute($stmt, array($apartmentNo, $buildingNo, $streetName, $city, $state, $postcode, $business)); echo '1'; }
// Create inspection require $relative . 'data/php/database/pdo.inc'; $fname = trim($_POST["fname"]); $lname = trim($_POST["lname"]); $email = trim($_POST["email"]); $phone = trim($_POST['phone']); $date = $_POST['date']; $property = intval($_GET['property']); // Check if inspection already exists $query = 'SELECT * FROM inspection WHERE fName = ? AND lName = ? AND date = ? AND property = ?;'; $result = select($query, array($fname, $lname, $date, $property), false); if ($result == false) { // Statement to insert inspection row into database $stmt = "INSERT INTO inspection (fName, lName, phoneNo, email, date, property) VALUES (?,?,?,?,?,?);"; // Insert inspection row prepare_and_execute($stmt, array($fname, $lname, $phone, $email, $date, $property)); echo '<label>Inspection arranged</label>'; include $relative . 'data/php/email/email.inc'; // Email user their inspection details sendInspectionDetails($email, $property, $date); } else { echo '<label>Inspection is already arranged</label>'; } echo '<p>Your inspection is: ' . date("d/m/Y", strtotime($date)) . ' at ' . date("g:i a", strtotime($date)) . ' <br> Please write this down and remember to attend the inspection</p>'; echo "<a href='http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$property}'>Back To Property Page</a>"; } else { // form is invalid include $relative . 'data/php/property/arrange-inspection.inc'; } } else {