<?php
// Check mandatory values are set
if (isset($_GET['fname']) && $_GET['fname'] != '' && (isset($_GET['lname']) && $_GET['lname'] != '') && (isset($_GET['position']) && $_GET['position'] != '') && (isset($_GET['business']) && $_GET['business'] != '')) {
require dirname(__FILE__) . '/../../pdo.inc';
$fname = $_GET['fname'];
$lname = $_GET['lname'];
$position = $_GET['position'];
$business = $_GET['business'];
$link = $_GET['link'];
// Statement to insert staff row into database
$stmt = 'INSERT INTO hierarchy (fName,lName,position,business,link) VALUES (?,?,?,?,?);';
// Insert staff row
prepare_and_execute($stmt, array($fname, $lname, $position, $business, $link));
echo '1';
}
$errors['property'] = "Property isn't selected";
}
if ($_POST['staff'] == '') {
// Staff member not selected
$errors['staff'] = "Staff member isn't selected";
}
if (!isset($errors['property']) && !isset($errors['staff'])) {
$property = intval($_POST['property']);
$staff = $_POST['staff'];
// Check if allocation already exists
$query = 'SELECT * FROM allocation WHERE property = ? AND staff = ?';
$result = select($query, array($property, $staff), false);
if ($result == false) {
// Insert allocation row in table
$stmt = "INSERT INTO allocation VALUES (?,?);";
prepare_and_execute($stmt, array($property, $staff));
echo "<label>{$staff} is allocated to <a href='http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$property}'>Property {$property}</a></label><br><br>";
} else {
echo '<label>Staff member is already allocated to this property</label>';
}
include $relative . 'data/php/staff/allocate.inc';
} else {
include $relative . 'data/php/staff/allocate.inc';
}
} else {
include $relative . 'data/php/staff/allocate.inc';
}
} else {
// User isn't admin
echo "User must be logged into an administrator account to set allocate staff to properties";
}
} else {
$_POST['furnished'] = 0;
}
$params = array($_POST['rent'], intval($_POST['bed']), $_POST['furnished'], intval($_POST['type']), $_POST['description'], $rules);
// Statement to update property row into database
$updateStmt = "UPDATE property SET rent = ?, bedrooms = ?, furnished = ?, propertyType = ?, description = ?, rules = ?";
if (isset($_POST['bath']) && $_POST['bath'] != '') {
$updateStmt = $updateStmt . ', bathrooms = ?';
array_push($params, intval($_POST['bath']));
} else {
$updateStmt = $updateStmt . ', bathrooms = NULL';
}
$updateStmt = $updateStmt . ' WHERE id = ?;';
array_push($params, intval($_GET['id']));
// Update property
prepare_and_execute($updateStmt, $params);
// Notify tenants that the property's details have been changed
// Get tenant's email
$tenantQuery = 'SELECT tenant.email FROM property INNER JOIN tenant ON property.id = tenant.property WHERE tenant.property = ?;';
$tenant = select($tenantQuery, array(intval($_GET['id'])), false);
if ($tenant != false) {
// Property has a tenant
$tenant = $tenant[0];
// Get tenant's email
require $relative . 'data/php/email/email.inc';
// Redirect to property's page
header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$_GET['id']}");
notifyDetails($tenant, $_GET['id']);
} else {
// Redirect to property's page
header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$_GET['id']}");
prepare_and_execute($stmt, array($business, $title));
// Get new survey's id
$surveyIdQuery = 'SELECT MAX(id) FROM survey;';
$surveyId = select($surveyIdQuery, array(), false);
if ($surveyId != false) {
// Insert survey question rows
$questionStmt = 'INSERT INTO surveyquestion (survey,question) VALUES ';
$questionStmtParams = array();
foreach ($questions as $question) {
$questionStmt = $questionStmt . '(?,?),';
array_push($questionStmtParams, $surveyId[0]);
array_push($questionStmtParams, $question);
}
$questionStmt = rtrim($questionStmt, ',') . ';';
// Removes last comma from statement and adds semicolon to close statement
prepare_and_execute($questionStmt, $questionStmtParams);
// Get name of creator for activity
$businessNameQuery = 'SELECT name FROM business WHERE userEmail = ?';
$nameFound = false;
while (!$nameFound) {
$name = select($businessNameQuery, array($business), false);
if ($name != false) {
// Found name
$businessName = $name[0];
$nameFound = true;
}
}
create_activity($business, 'survey', json_encode(array($businessName . ' has created a new survey', $surveyId[0])));
echo '1';
}
}
$requestQuery = 'SELECT requester, requestee, ignored FROM alliancerequest WHERE (requester = ? AND requestee = ?) OR (requester = ? AND requestee = ?);';
$requestInfo = select($requestQuery, array($_GET['user'], $_GET['email'], $_GET['email'], $_GET['user']), false);
if ($requestInfo != false) {
// Alliance has been requested, determine which user made request
$businessObj['allyRequested'] = true;
if ($requestInfo[0] == $_GET['user']) {
$businessObj['userRequested'] = true;
} else {
$businessObj['userRequested'] = false;
if ($requestInfo[2] == 1) {
$businessObj['requestIgnored'] = true;
} else {
$businessObj['requestIgnored'] = false;
}
}
} else {
$businessObj['allyRequested'] = false;
}
}
$endorsementCntQuery = 'SELECT endorser FROM endorsement WHERE endorser = ?';
$endorsements = prepare_and_execute($endorsementCntQuery, array($_GET['email']));
$businessObj['endorsementCnt'] = $endorsements->rowCount();
$endorserCntQuery = 'SELECT endorser FROM endorsement WHERE endorsee = ?';
$endorsers = prepare_and_execute($endorserCntQuery, array($_GET['email']));
$businessObj['endorserCnt'] = $endorsers->rowCount();
$allianceCntQuery = 'SELECT user2 FROM alliance WHERE user1 = ? UNION SELECT user1 FROM alliance WHERE user2 = ?;';
$alliances = prepare_and_execute($allianceCntQuery, array($_GET['email'], $_GET['email']));
$businessObj['allianceCnt'] = $alliances->rowCount();
echo json_encode($businessObj);
}
}
<?php
// Check if parameters are set
if (isset($_GET['email']) && $_GET['email'] != '' && (isset($_GET['oldPass']) && $_GET['oldPass'] != '') && (isset($_GET['newPass']) && $_GET['newPass'] != '')) {
// Check if old password is correct
require dirname(__FILE__) . '/../../pdo.inc';
$salt = uniqid();
$email = $_GET['email'];
$oldPassword = $_GET['oldPass'];
$newPassword = $_GET['newPass'];
// query to check if email exists and password matches
$query = 'SELECT email FROM user WHERE email = ? AND password = SHA2(CONCAT(?, salt), 0)';
// Execute query and get results
$result = select($query, array($email, $oldPassword), false);
if ($result != false) {
// Email exists in database and password matches, change password
$stmt = 'UPDATE user SET salt = ?, password = SHA2(CONCAT(?, ?), 0) WHERE email = ?;';
prepare_and_execute($stmt, array($salt, $newPassword, $salt, $email));
echo '1';
} else {
echo '-1';
}
}
$canEdit = false;
if ($_SESSION['type'] == 3) {
// User had admin privileges
$canEdit = true;
} else {
if ($_SESSION['type'] == 1) {
// User is an owner, check if they own the property
$canEdit = isOwner(intval($_GET['id']), $_SESSION['user']);
}
}
if ($canEdit) {
// Check that user can edit this property
// Statement to update onMarket field for property row in database
$stmt = "UPDATE property SET onMarket = 0 WHERE id = ?;";
// Update property
prepare_and_execute($stmt, array($_GET['id']));
// Redirect to property's page
header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$_GET['id']}");
} else {
echo '<label>User cannot take this property off the market</label>';
}
} else {
echo '<label>Property ID parameter must be set</label>';
}
} else {
header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}user/login.php");
}
?>
<?php
// Check values are set
if (isset($_GET['email']) && $_GET['email'] != '' && (isset($_GET['pass']) && $_GET['pass'] != '') && (isset($_GET['name']) && $_GET['name'] != '') && isset($_GET['summary'])) {
$salt = uniqid();
// Check if email exists in user table
require dirname(__FILE__) . '/../../pdo.inc';
$email = $_GET['email'];
$pass = $_GET['pass'];
$name = $_GET['name'];
$summary = $_GET['summary'];
// query
$query = 'SELECT email FROM user WHERE email = ?;';
// Execute query and get results
$result = select($query, array($email), false);
if ($result == false) {
// Email doesn't exist in database
// Statement to insert user row into database
$stmt = 'INSERT INTO user (email, salt, password, usertype) VALUES (?,?,SHA2(CONCAT(?,?),0),1);';
// Insert user row
prepare_and_execute($stmt, array($email, $salt, $pass, $salt));
// Statement to insert business row into database
$stmt = 'INSERT INTO business (userEmail, name, summary) VALUES (?, ?, ?);';
// Insert business row
prepare_and_execute($stmt, array($email, $name, $summary));
echo '1';
} else {
// Email doesn't exist in database
echo '0';
}
}
while (!$nameFound) {
$name = select($businessNameQuery, array($business), false);
if ($name != false) {
// Found name
$businessName = $name[0];
$nameFound = true;
}
}
// Push notification to requestee
push_notification($business, 'New endorser', $userName . ' endorses you', 'BusinessPage', json_encode($parameters), $user);
// Create activity for new endorsement
create_activity($user, 'endorsement', json_encode(array($userName . ' has endorsed ' . $businessName, $business)));
// Check if user earned new badge
// Get updated number of endorsements
$endorsementCntQuery = 'SELECT endorser FROM endorsement WHERE endorsee = ?';
$endorsements = prepare_and_execute($endorsementCntQuery, array($business));
$newEndorseCnt = $endorsements->rowCount();
$newBadge = false;
if ($curEndorseCnt < 5 && $newEndorseCnt >= 5) {
// Business moved from no badge to bronze badge
$newBadge = 'bronze';
} else {
if ($curEndorseCnt < 10 && $newEndorseCnt >= 10) {
// Business moved from bronze badge to silver badge
$newBadge = 'silver';
} else {
if ($curEndorseCnt < 20 && $newEndorseCnt >= 20) {
// Business moved from silver badge to gold badge
$newBadge = 'gold';
} else {
if ($curEndorseCnt < 40 && $newEndorseCnt >= 40) {
// Check mandatory values are set
if (isset($_GET['business']) && $_GET['business'] != '' && (isset($_GET['title']) && $_GET['title'] != '') && (isset($_GET['content']) && $_GET['content'] != '')) {
require dirname(__FILE__) . '/../../../pdo.inc';
$business = $_GET['business'];
if (!isset($_GET['category']) || $_GET['category'] == '') {
$category = null;
} else {
$category = intval($_GET['category']);
}
$title = $_GET['title'];
$content = $_GET['content'];
// Statement to insert forum post row into database
$stmt = 'INSERT INTO forumpost (parentId,postBusiness,category,title,content,groupId,closed) VALUES (NULL,?,?,?,?,NULL,0);';
// Insert forum post row
prepare_and_execute($stmt, array($business, $category, $title, $content));
// Get new post's id
$postIdQuery = 'SELECT MAX(id) FROM forumpost;';
$postId = select($postIdQuery, array(), false);
if ($postId != false) {
// Get name of creator for activity
$businessNameQuery = 'SELECT name FROM business WHERE userEmail = ?';
$nameFound = false;
while (!$nameFound) {
$name = select($businessNameQuery, array($business), false);
if ($name != false) {
// Found name
$businessName = $name[0];
$nameFound = true;
}
}
<?php
// Check mandatory values are set
if (isset($_GET['postId']) && $_GET['postId'] != '' && (isset($_GET['business']) && $_GET['business'] != '') && (isset($_GET['reply']) && $_GET['reply'] != '')) {
require dirname(__FILE__) . '/../../../pdo.inc';
$id = intval($_GET['postId']);
$replier = $_GET['business'];
$reply = $_GET['reply'];
// Statement to insert post reply row into database
$stmt = 'INSERT INTO postreply (postId,postEmail,reply) VALUES (?,?,?);';
// Insert post reply row
prepare_and_execute($stmt, array($id, $replier, $reply));
// Get name of requester for notification
$userNameQuery = 'SELECT name FROM business WHERE userEmail = ?';
$nameFound = false;
while (!$nameFound) {
$name = select($userNameQuery, array($replier), false);
if ($name != false) {
// Found name
$userName = $name[0];
$nameFound = true;
}
}
// Get email of post owner and title of post
$postDetailsQuery = 'SELECT title, postBusiness FROM forumpost WHERE id = ?;';
$detailsFound = false;
while (!$detailsFound) {
$details = select($postDetailsQuery, array($id), false);
if ($details != false) {
$postTitle = $details[0];
$business = $details[1];
<?php
if (isset($_GET['send']) && $_GET['send'] != '' && (isset($_GET['receive']) && $_GET['receive'] != '') && (isset($_GET['time']) && $_GET['time'] != '')) {
require dirname(__FILE__) . '/../../pdo.inc';
// Statement to delete message row from database
$deleteStmt = 'DELETE FROM message WHERE send = ? AND receive = ? AND time = ?;';
// Delete message
prepare_and_execute($deleteStmt, array($_GET['send'], $_GET['receive'], $_GET['time']));
echo '1';
} else {
echo '0';
}
$user = select($query, array($_SESSION['user'], $_POST['pass']), false);
if ($user != false) {
// Old password is correct
// Check new password isn't the same
if ($_POST['pass'] == $_POST['newPass']) {
$errors['newPass'] = '******';
include $relative . 'data/php/user/change/password.inc';
} else {
// Change password
// Update new password for user's row in user table
$pass = $_POST['newPass'];
$salt = uniqid();
$email = $_SESSION['user'];
// query to update details
$stmt = "UPDATE user SET salt = ?, password = SHA2(CONCAT(?,?),0) WHERE email = ?";
prepare_and_execute($stmt, array($salt, $pass, $salt, $email));
echo '<label><b>Password changed</b></label>';
include $relative . 'data/php/user/change/password.inc';
}
} else {
$errors['pass'] = '******';
include $relative . 'data/php/user/change/password.inc';
}
} else {
// form is invalid
include $relative . 'data/php/user/change/password.inc';
}
} else {
include $relative . 'data/php/user/change/password.inc';
}
} else {
<?php
if (isset($_GET['user']) && $_GET['user'] != '' && (isset($_GET['business']) && $_GET['business'] != '')) {
require dirname(__FILE__) . '/../../pdo.inc';
// Statement to delete all message rows from database
$deleteStmt = 'DELETE FROM message WHERE (send = ? AND receive = ?) OR (receive = ? AND send = ?);';
// Delete message
prepare_and_execute($deleteStmt, array($_GET['user'], $_GET['business'], $_GET['user'], $_GET['business']));
echo '1';
} else {
echo '0';
}
<?php
// Check mandatory values are set
if (isset($_GET['survey']) && $_GET['survey'] != '' && (isset($_GET['user']) && $_GET['user'] != '') && (isset($_GET['answers']) && $_GET['answers'] != '')) {
require dirname(__FILE__) . '/../../pdo.inc';
$answerer = $_GET['user'];
$survey = intval($_GET['survey']);
$answers = json_decode($_GET['answers']);
// Insert survey question answer rows
$answersStmt = 'INSERT INTO surveyanswer (question,answer) VALUES ';
$answersStmtParams = array();
foreach ($answers as $answer) {
$answersStmt = $answersStmt . '(?,?),';
array_push($answersStmtParams, intval($answer[0]));
array_push($answersStmtParams, intval($answer[1]));
}
$answersStmt = rtrim($answersStmt, ',') . ';';
// Removes last comma from statement and adds semicolon to close statement
prepare_and_execute($answersStmt, $answersStmtParams);
// Insert row into surveyAnswerer table to indicate user answered survey
$insert = 'INSERT INTO surveyanswerer (survey,answerer) VALUES (?,?);';
prepare_and_execute($insert, array($survey, $answerer));
echo '1';
}
<?php
// Check mandatory values are set
if (isset($_GET['business']) && $_GET['business'] != '' && (isset($_GET['user']) && $_GET['user'] != '')) {
require dirname(__FILE__) . '/../../pdo.inc';
$business = $_GET['business'];
$user = $_GET['user'];
// Statement to delete endorsement row into database
$deleteStmt = 'DELETE FROM endorsement WHERE endorser = ? AND endorsee = ?;';
prepare_and_execute($deleteStmt, array($user, $business));
echo '1';
}
<?php
if (isset($_GET['email']) && $_GET['email'] != '') {
require dirname(__FILE__) . '/../../pdo.inc';
$email = $_GET['email'];
$stmt = 'DELETE FROM business WHERE userEmail = ?;';
// Delete business row
prepare_and_execute($stmt, array($email));
$stmt = 'DELETE FROM user WHERE email = ?;';
// Delete user row
prepare_and_execute($stmt, array($email));
echo '1';
}
}
validate_name($errors, $_POST["lname"], 'lname', 'a valid last name');
validate_phone($errors, $_POST["phone"]);
validate_email($errors, $_POST['email']);
if (!isset($errors['fname']) && !isset($errors['mnames']) && !isset($errors['lname']) && !isset($errors['phone']) && !isset($errors['email'])) {
// No errors, form is valid
require $relative . 'data/php/database/pdo.inc';
$fname = trim($_POST['fname']);
$mnames = trim($_POST['mnames']);
$lname = trim($_POST['lname']);
$phone = trim($_POST['phone']);
$email = trim($_POST["email"]);
// Statement to insert tenant row into database
$stmt = 'INSERT INTO tenant (fName, mNames, lName, phoneNo, email) VALUES (?,?,?,?,?);';
// Insert tenant
prepare_and_execute($stmt, array($fname, $mnames, $lname, $phone, $email));
echo '<label>Tenant created</label>';
include $relative . 'data/php/property/create-tenant.inc';
} else {
// form is invalid
include $relative . 'data/php/property/create-tenant.inc';
}
} else {
include $relative . 'data/php/property/create-tenant.inc';
}
} else {
echo '<label>User does not have permission to create tenants</label>';
}
} else {
header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}user/login.php");
}
<?php
// Check mandatory value is set
if (isset($_GET['user']) && $_GET['user'] != '') {
require dirname(__FILE__) . '/../pdo.inc';
$user = $_GET['user'];
// DELETE PROMPTS OLDER THAN 10 DAYS TO REDUCE SIZE OF TABLE
$stmt = 'DELETE FROM prompt WHERE datediff(now(), prompt.time) > 10 AND user = ?';
prepare_and_execute($stmt, array($user));
// Get latest prompts
$query = 'SELECT title, message, page, param, time, sender FROM prompt WHERE user = ? ORDER BY time DESC;';
$prompts = select($query, array($user), true);
$promptsArr = array();
if ($prompts != false) {
// Prompts returned
foreach ($prompts as $prompt) {
$promptArr = array();
$promptArr['Sender'] = $prompt['sender'];
$promptArr['Title'] = $prompt['title'];
$promptArr['Message'] = $prompt['message'];
$promptArr['Page'] = $prompt['page'];
$promptArr['Parameters'] = $prompt['param'];
$promptArr['Time'] = $prompt['time'];
array_push($promptsArr, $promptArr);
}
}
echo json_encode($promptsArr);
}
<?php
// Check mandatory values are set
if (isset($_GET['id']) && $_GET['id'] != '' && (isset($_GET['title']) && $_GET['title'] != '')) {
require dirname(__FILE__) . '/../../pdo.inc';
$title = $_GET['title'];
if ($_GET['cost'] == '') {
$cost = null;
} else {
$cost = $_GET['cost'];
}
$description = $_GET['description'];
$id = intval($_GET['id']);
$link = $_GET['link'];
// Statement to update service row in database
$stmt = 'UPDATE service SET service = ?, description = ?, price = ?, link = ? WHERE id = ?;';
// Update service row
prepare_and_execute($stmt, array($title, $description, $cost, $link, $id));
echo '1';
}
$phone = trim($_POST['phone']);
$type = intval($_POST['type']);
// query
$query = "SELECT * FROM user WHERE email = ?";
// Execute query and get results
$result = select($query, array($email), false);
if ($result != false) {
// Email already exists in database
$errors['email'] = 'Email is already taken';
include $relative . 'data/php/user/create.inc';
} else {
// Email doesn't exist in database
// Statement to insert user row into database
$query = "INSERT INTO user (email, salt, password, fName, mNames, lName, phoneNo, userType) VALUES (?,?,SHA2(CONCAT(?,?),0),?,?,?,?,?);";
// Insert account
prepare_and_execute($query, array($email, $salt, $password, $salt, $fname, $mnames, $lname, $phone, $type));
echo '<label>User created</label>';
include $relative . 'data/php/user/create.inc';
}
} else {
// form is invalid
include $relative . 'data/php/user/create.inc';
}
} else {
include $relative . 'data/php/user/create.inc';
}
} else {
echo '<label>User does not have permission to create other users</label>';
}
} else {
header("Location: http://{$_SERVER['HTTP_HOST']}/user/login.php");
} else {
$day1 = intval($_POST['day1']);
$time1 = $_POST['time1'] . ':00';
}
if ($_POST['day2'] == '') {
$day2 = null;
$time2 = null;
} else {
$day2 = intval($_POST['day2']);
$time2 = $_POST['time2'] . ':00';
}
}
// Statement to update property row into database
$updateStmt = 'UPDATE property SET inspection1Day = ?, inspection1Time = ?, inspection2Day = ?, inspection2Time = ? WHERE id = ?;';
// Update property's inspection times
prepare_and_execute($updateStmt, array($day1, $time1, $day2, $time2, intval($_GET['id'])));
// Redirect to property's page
header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$_GET['id']}");
} else {
include $relative . 'data/php/property/inspections.inc';
}
} else {
include $relative . 'data/php/property/inspections.inc';
}
} else {
echo '<label>User cannot set inspection time for this property</label>';
}
} else {
echo '<label>Property ID parameter must be set</label>';
}
} else {
<?php
if (isset($_GET['id'])) {
require dirname(__FILE__) . '/../../pdo.inc';
// Statement to delete staff row from database
$deleteStmt = 'DELETE FROM hierarchy WHERE id = ?;';
// Delete staff
prepare_and_execute($deleteStmt, array($_GET['id']));
echo '1';
} else {
echo '0';
}
<?php
// Check mandatory values are set
if (isset($_GET['id']) && $_GET['id'] != '') {
require dirname(__FILE__) . '/../../../pdo.inc';
$id = intval($_GET['id']);
// Statement to update closed field in the forum post row into database
$stmt = 'UPDATE forumpost SET closed = 1 WHERE id = ?;';
// Update forum post row
prepare_and_execute($stmt, array($id));
echo '1';
}
<?php
// Check mandatory values are set
if (isset($_GET['business']) && $_GET['business'] != '' && (isset($_GET['id']) && $_GET['id'] != '')) {
require dirname(__FILE__) . '/../../../pdo.inc';
$business = $_GET['business'];
$id = intval($_GET['id']);
// Statement to update photo id field for profile picture in business row in database
$stmt = 'UPDATE business SET logo = ? WHERE userEmail = ?;';
// Set profile picture id
prepare_and_execute($stmt, array($id, $business));
echo '1';
}
$insertStmt = "INSERT INTO property (owner, buildingNo, streetName, suburb, city, state, postcode, rent, bedrooms, furnished, propertyType, description, rules, bathrooms, apartmentNo, onMarket) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?";
if (isset($_POST['bath']) && $_POST['bath'] != '') {
$insertStmt = $insertStmt . ', ?';
array_push($params, intval($_POST['bath']));
} else {
$insertStmt = $insertStmt . ', NULL';
}
if (isset($_POST['apartmentNo']) && $_POST['apartmentNo'] != '') {
$insertStmt = $insertStmt . ', ?';
array_push($params, intval($_POST['apartmentNo']));
} else {
$insertStmt = $insertStmt . ', NULL';
}
$insertStmt = $insertStmt . ', 1);';
// Insert property
prepare_and_execute($insertStmt, $params);
// Get latest property id
$idQuery = 'SELECT id FROM property ORDER BY id DESC LIMIT 1';
$prprtyId = select($idQuery, array(), false);
$newId = $prprtyId['id'];
header("Location: http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$newId}");
} else {
include $relative . 'data/php/property/add.inc';
}
} else {
include $relative . 'data/php/property/add.inc';
}
} else {
echo '<label>User cannot add a property</label>';
}
} else {
<?php
// Check if parameters are set
if (isset($_GET['oldEmail']) && $_GET['oldEmail'] != '' && (isset($_GET['newEmail']) && $_GET['newEmail'] != '')) {
// Check if new email exists
require dirname(__FILE__) . '/../../pdo.inc';
$oldEmail = $_GET['oldEmail'];
$newEmail = $_GET['newEmail'];
// query to check if new email exists
$query = 'SELECT email FROM user WHERE email = ?;';
// Execute query and get results
$result = select($query, array($newEmail), false);
if ($result == false) {
// Email doesn't exist in database, change email
$stmt = 'UPDATE user SET email = ? WHERE email = ?;';
prepare_and_execute($stmt, array($newEmail, $oldEmail));
echo '1';
} else {
echo '-1';
}
}
<?php
// Check mandatory values are set
if (isset($_GET['title']) && $_GET['title'] != '' && (isset($_GET['business']) && $_GET['business'] != '')) {
require dirname(__FILE__) . '/../../pdo.inc';
$title = $_GET['title'];
if ($_GET['cost'] == '') {
$cost = null;
} else {
$cost = $_GET['cost'];
}
$description = $_GET['description'];
$business = $_GET['business'];
$link = $_GET['link'];
// Statement to insert service row into database
$stmt = 'INSERT INTO service (business,service,description,price,link) VALUES (?,?,?,?,?);';
// Insert service row
prepare_and_execute($stmt, array($business, $title, $description, $cost, $link));
echo '1';
}
if ($_GET['buildingNo'] == '') {
$buildingNo = null;
} else {
$buildingNo = intval($_GET['buildingNo']);
}
if ($_GET['streetName'] == '') {
$streetName = null;
} else {
$streetName = $_GET['streetName'];
}
if ($_GET['city'] == '') {
$city = null;
} else {
$city = $_GET['city'];
}
if ($_GET['state'] == '') {
$state = null;
} else {
$state = $_GET['state'];
}
if ($_GET['postcode'] == '') {
$postcode = null;
} else {
$postcode = $_GET['postcode'];
}
// Statement to update business row in database
$stmt = 'UPDATE business SET apartmentNo = ?, buildingNo = ?, streetName = ?, city = ?, state = ?, postcode = ? WHERE userEmail = ?;';
// Update business row with new address details
prepare_and_execute($stmt, array($apartmentNo, $buildingNo, $streetName, $city, $state, $postcode, $business));
echo '1';
}
// Create inspection
require $relative . 'data/php/database/pdo.inc';
$fname = trim($_POST["fname"]);
$lname = trim($_POST["lname"]);
$email = trim($_POST["email"]);
$phone = trim($_POST['phone']);
$date = $_POST['date'];
$property = intval($_GET['property']);
// Check if inspection already exists
$query = 'SELECT * FROM inspection WHERE fName = ? AND lName = ? AND date = ? AND property = ?;';
$result = select($query, array($fname, $lname, $date, $property), false);
if ($result == false) {
// Statement to insert inspection row into database
$stmt = "INSERT INTO inspection (fName, lName, phoneNo, email, date, property) VALUES (?,?,?,?,?,?);";
// Insert inspection row
prepare_and_execute($stmt, array($fname, $lname, $phone, $email, $date, $property));
echo '<label>Inspection arranged</label>';
include $relative . 'data/php/email/email.inc';
// Email user their inspection details
sendInspectionDetails($email, $property, $date);
} else {
echo '<label>Inspection is already arranged</label>';
}
echo '<p>Your inspection is: ' . date("d/m/Y", strtotime($date)) . ' at ' . date("g:i a", strtotime($date)) . ' <br>
Please write this down and remember to attend the inspection</p>';
echo "<a href='http://{$_SERVER['HTTP_HOST']}/{$topDir}property.php?id={$property}'>Back To Property Page</a>";
} else {
// form is invalid
include $relative . 'data/php/property/arrange-inspection.inc';
}
} else {
