/**
* @param \Printer $printer
*/
function createCounter(Printer $printer)
{
$this->printerID = $printer->id;
$this->oldCounter = $printer->currentCount;
$this->pageCost = $printer->pageCost;
if ($this->newCounter < $this->oldCounter) {
echo "Этот счетчик меньше уже введенного для этого принтера. Проверяйте внимательно<br><br>";
require_once "footer.php";
die;
}
if (!isset($this->connection)) {
$this->getConnection();
}
$result = queryMysql("SELECT * FROM ig_printers WHERE PRINTER_PCOUNT='{$this->newCounter}'");
if ($result->num_rows) {
echo "Этот счетчик уже введен для этого принтера. Проверяйте внимательно<br><br>";
require_once "footer.php";
die;
} else {
$query = "INSERT INTO ig_counters (PRINTER_ID, DATE_UPDATE, OLD_COUNTER, NEW_COUNTER, PAGE_COST) VALUES ('{$this->printerID}','{$this->date}','{$this->oldCounter}','{$this->newCounter}','{$this->pageCost}')";
$result = $this->connection->query($query);
if (!$result) {
die($this->connection->error);
} else {
$query = "UPDATE ig_printers SET PRINTER_PCOUNT='{$this->newCounter}',DATE_PRINTER_LAST_EDIT='{$this->date}' WHERE PRINTER_NUMBER= '{$this->printerID}'";
$result = $this->connection->query($query);
if (!$result) {
die($this->connection->error);
}
}
}
}
function showProfile($user)
{
if (file_exists("pics/cover/{$user}.jpg") == null && file_exists("pics/profile/{$user}.jpg") == null) {
echo "<br/><br/><div align='left' style='background-image:url(bg2.png) ;border:thick ridge rgba(78, 154, 163, 0.7);margin-right:40%;width:75%;height:480px;'";
echo "<p><h2 style='margin-left:12%;margin-top:50px;color:white;font-family:segoe print;'>Upload Your's & a Cover Photo To give a look to Your Profile ";
echo "<br/><br/>Access to Your <a class='button grey' href='rnprofile.php'>Profile Page</a> And Edit Your Info....!!</h2></p><br/><br/><br/> ";
echo " <img src='pics/p-photo.png' style='margin-left:20%;margin-top:55px;width:180px;height:200px;border:thin ridge;'/></div><br/>";
} elseif (file_exists("pics/cover/{$user}.jpg") == null || file_exists("pics/profile/{$user}.jpg") == null) {
if (file_exists("pics/cover/{$user}.jpg") == null) {
echo "<br/><br/><div align='left' style='background-image:url(bg2.png) ;border:thick ridge rgba(78, 154, 163, 0.7);margin-right:40%;width:75%;'";
echo "<p><h2 style='margin-left:12%;margin-top:50px;color:white;font-family:segoe print;'>Upload a Cover Photo To give a look to Your Profile ";
echo " <br/><br/>Access to Your <a class='button grey' href='rnprofile.php'>Profile Page</a> And Edit Your Info....!!</h2></p>";
echo "<img src='pics/profile/{$user}.jpg' style='margin-left:20%;margin-top:120px;width:180;height:228;border:thin ridge;'/> ";
echo " </div><br/>";
} elseif (file_exists("pics/profile/{$user}.jpg") == null) {
echo "<br/><br/><div align='left' style='background-image:url(pics/cover/{$user}.jpg) ;border:thick ridge rgba(78, 154, 163, 0.7);margin-right:40%;width:75%;'";
echo "<p><h2 style='margin-left:12%;margin-top:50px;color:white;font-family:segoe print;'>Upload Your Photo To give a look to Your Profile ";
echo "<br/><br/>Access to Your <a class='button grey' href='rnprofile.php'>Profile Page</a> And Edit Your Info....!!</h2></p><br/><br/><br/> ";
echo " <img src='pics/p-photo.png' style='margin-left:20%;margin-top:120px;width:180;height:228;border:thin ridge;'/></div><br/>";
}
} else {
echo "<div align='left' ><img align='left' src='pics/cover/{$user}.jpg' style='width:900;height:500;border:thick ridge rgba(78, 154, 163, 0.7);'/> ";
echo "<img src='pics/profile/{$user}.jpg' align='left' style='margin-left:20%;margin-top:-217px;width:190;height:210;border:thin ridge;'/> ";
echo " </div><hr style='margin-top: 0.5px;margin-left:0px;width:75%;'/><br/> ";
}
echo "<fieldset class='outer' style='background-image:url(son.png);'><em style='margin-left:1%;'><b class='button black'> ";
echo ucwords(" {$user} </b></em><b class='ud3btn'>Said : </b><font style='font-size:28px;color:rgb(66, 123, 140);'><b style='font-size:24px;height:40px;' class='button black'>");
$result = queryMysql("SELECT * FROM rnprofiles WHERE user='******'");
if (mysql_num_rows($result)) {
$row = mysql_fetch_row($result);
echo stripslashes($row[1]) . "</b></font></fieldset><br clear=left /><br/><hr />";
}
}
function showProfile($username)
{
$result = queryMysql("SELECT * FROM Users where username='******'");
if ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_ASSOC);
echo $row['username'];
}
}
/**
* @param $user
*/
function showProfile($user)
{
$result = queryMysql("SELECT * FROM ig_users WHERE username='******'");
if ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_ASSOC);
echo stripslashes($row['text']) . "<br style='clear:left;'><br>";
}
}
function getUsers()
{
$query = "SELECT username FROM USERS ORDER BY username ASC";
$result = queryMysql($query);
$output = '';
while ($row = $result->fetch_assoc()) {
$output = $output . '<tr> <td>' . $row['username'] . '</td>' . '<td> <form name="Remove ' . $row['username'] . '" class="form-horizontal" method="POST" action="./remove_user.php">' . '<input type="button" value="Remove ' . $row['username'] . '" class="btn btn-primary btn-xs btn-block" id="remove_user"> </td>' . '<input type="hidden" class="form-control" name="username" value="' . $row['username'] . '" id="username">' . '</form>' . '</tr>';
}
return $output;
}
function showProfile($user)
{
if (file_exists("{$user}.jpg")) {
echo "<img src='{$user}.jpg' style='float:left;'>";
}
$result = queryMysql("SELECT * FROM profiles WHERE user='******'");
if ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_ASSOC);
echo stripslashes($row['text']) . "<br style='clear:left;'><br>";
}
}
function showUserStory($conn, $view)
{
$query = "SELECT text FROM profiles WHERE user='******'";
$result = queryMysql($conn, $query);
if ($result->num_rows) {
$text = $result->fetch_array(MYSQLI_ASSOC)['text'];
} else {
$text = '';
}
return $text;
}
function showProfile($user)
{
// if (file_exists("user_images/$user.jpg"))
// echo "<img src = 'user_images/$user.jpg' alt='profile pic' class='profilePic' />";
$result = queryMysql("SELECT * FROM profiles WHERE user='******'");
if ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_ASSOC);
echo "<div class = 'mainText'> <p>";
echo stripslashes($row['text']);
}
}
function check_user($field)
{
//check whether input username exists
$result = queryMysql("SELECT username FROM members WHERE username='******'");
if ($result->num_rows) {
return "This username is taken";
} else {
return "";
}
$result->close();
}
function showProfile($user)
{
if (file_exists("{$user}.jpg")) {
echo "<img src='{$user}.jpg' border='1' align='left'/>";
}
$result = queryMysql("SELECT * FROM rnprofiles WHERE user='******'");
if (mysql_num_rows($result)) {
$row = mysql_fetch_row($result);
echo stripslashes($row[1]) . "<br clear=left /><br />";
}
}
function turtle_portfolio_value($portfolioID)
{
$my_sql = "select sum(a.shares * b.last_price) from turtle_portfolio a, detail_quote b where a.portfolio_id = " . $portfolioID . " and a.symbol = b.symbol and a.symbol != 'CASH' ";
$my_sql .= "union ";
$my_sql .= "select shares from turtle_portfolio where symbol = 'CASH' and portfolio_id = " . $portfolioID;
//print "my sql: $my_sql \n";
$result = queryMysql($my_sql);
while ($data = mysql_fetch_row($result)) {
$value += $data[0] * 1 / 1;
}
return $value;
}
function showProfile($user)
{
if (file_exists("{$user}.jpg")) {
echo "<img src='{$user}.jpg' align='center' />";
}
$result = queryMysql("SELECT * FROM user WHERE username='******'");
if (mysql_num_rows($result)) {
$row = mysql_fetch_row($result);
echo "<br><h3>";
echo stripslashes($row[1]) . " " . stripslashes($row[2]) . "<br clear=left /><br/></h3>";
}
}
function getComments($id)
{
$query = "SELECT TIME_STAMP, COMMENT_TEXT, USER FROM COMMENTS WHERE POST_ID='{$id}'";
$output = "";
$result = queryMysql($query);
if ($result->num_rows) {
while ($row = $result->fetch_assoc()) {
$comment_text = $row['COMMENT_TEXT'];
$output = $output . '<hr><h4><strong>' . $row['USER'] . '</strong> said, </h4>' . '<p>"' . unescapeSpecialCharacters($comment_text) . '"</p>' . getRelTime($row['TIME_STAMP']);
}
}
return $output;
}
function showProfile($user)
{
global $home_url;
$pic_url = $home_url . "/uploads/{$user}.jpg";
$pic_path = __DIR__ . "/uploads/{$user}.jpg";
if (file_exists($pic_path)) {
echo "<img src='{$pic_url}' style='float:left;'>";
}
$result = queryMysql("SELECT * FROM profiles WHERE user='******'");
if ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_ASSOC);
echo stripslashes($row['text']) . "<br style='clear:left;'><br>";
}
}
private function dologinWithPostData()
{
//check login form contents
if (empty($_POST['user']) || $_POST['pass']) {
$this->errors[] = "Not all fields were entered";
} elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
$query = "SELECT user,pass FROM members\n WHERE user='******' AND pass='******'";
//if this user exists
if (mysql_num_rows(queryMysql($query)) == 1) {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
}
}
}
function adminGetUploadedImages()
{
$error = "";
$result;
$query = "SELECT username, textdescription, title, imagename, time_stamp, imagefilter FROM WALL ORDER BY time_stamp DESC";
if (!($result = queryMysql($query))) {
$error = "An unknown error occured. Please try again later.";
header("Location: ../index.php");
} else {
$output = "";
$filter;
while ($row = $result->fetch_assoc()) {
$output = $output . '<div class="container" width="800px" height="700px"><div>"' . $row['title'] . '"posted by ' . $row['username'] . '</div><div class="thumb"><img class="' . $row['imagefilter'] . ' thumbnail" src="userphotos/' . $row['imagename'] . '" width="1000px" height="700px"><a id="deletelink" class="deletelink" href="deletepost.php?imagename=' . $row['imagename'] . '"><button id="deletebutton" class="deletebutton">Delete</button></a>' . $row['textdescription'] . '</div></div>';
}
}
return $output;
}
function handleText($conn, $user)
{
$query = "SELECT * FROM profiles WHERE user='******'";
$result = queryMysql($conn, $query);
if (isset($_POST['text'])) {
$text = $_POST['text'];
$text = $conn->real_escape_string($text);
if ($result->num_rows) {
$query = "UPDATE profiles SET text='{$text}' WHERE user='******'";
} else {
$query = "INSERT INTO profiles VALUES('{$user}', '{$text}')";
}
queryMysql($conn, $query);
} else {
if ($result->num_rows) {
$text = $result->fetch_array(MYSQLI_ASSOC)['text'];
} else {
$text = '';
}
}
$text = stripslashes($text);
return $text;
}
$remove = sanitizeString($_GET['remove']);
queryMysql("DELETE FROM friends WHERE user='******' AND friend='{$user}'");
}
$result = queryMysql("SELECT user FROM members ORDER BY user");
$num = $result->num_rows;
echo "<h3>Other Members</h3><ul>";
for ($j = 0; $j < $num; ++$j) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if ($row['user'] == $user) {
continue;
}
echo "<li><a href='members.php?view=" . $row['user'] . "'>" . $row['user'] . "</a>";
$follow = "follow";
$result1 = queryMysql("SELECT * FROM friends WHERE\nuser='******'user'] . "' AND friend='{$user}'");
$t1 = $result1->num_rows;
$result1 = queryMysql("SELECT * FROM friends WHERE\nuser='******' AND friend='" . $row['user'] . "'");
$t2 = $result1->num_rows;
if ($t1 + $t2 > 1) {
echo " ↔ is a mutual friend";
} elseif ($t1) {
echo " ← you are following";
} elseif ($t2) {
echo " → is following you";
$follow = "recip";
}
if (!$t1) {
echo " [<a href='members.php?add=" . $row['user'] . "'>{$follow}</a>]";
} else {
echo " [<a href='members.php?remove=" . $row['user'] . "'>drop</a>]";
}
}
<?php
//results.php
require_once 'functions.php';
require_once 'header.php';
database_connect($dbhost, $dbuser, $dbpass, $dbname);
$query = 'SELECT * FROM nyitevents WHERE Event="' . sanitizeString($_GET['category']) . '"';
$result = queryMysql($query);
if (!$result) {
die('Database access failed: ' . mysql_error());
}
$rows = mysql_num_rows($result);
echo "<div class='container-fluid table-responsive'>";
echo "<table class='table table-striped table-hover table-bordered'>";
echo "<tr><th>Name</th><th>Description</th><th>Date</th><th>Time</th><th>Location</th></tr>";
for ($j = 0; $j < $rows; ++$j) {
$row = mysql_fetch_row($result);
echo "<tr>";
echo "<td>" . $row[0] . "</td>";
echo "<td>" . $row[1] . "</td>";
echo "<td>" . $row[2] . "</td>";
echo "<td>" . $row[3] . "</td>";
echo "<td>" . $row[4] . "</td></tr>";
}
if ($rows == 0) {
echo "<tr><td colspan='5'><img src='img/noFlexZone.png' />\n <h2>It ha no events dawg</h2></td></tr>";
}
echo "</table></div>";
mysql_close(mysql_connect($dbhost, $dbuser, $dbpass));
?>
function getStockPrice($trade_date, $symbol, $time)
{
$adj_close = true;
if ($adj_close) {
$query = "select {$time} * (adj_close / close) from quotes_memory where symbol = '{$symbol}' and trade_date = '{$trade_date}' ";
} else {
$query = "select {$time} from quotes_memory where symbol = '{$symbol}' and trade_date = '{$trade_date}' ";
}
try {
$query = stripslashes($query);
$result = queryMysql($query);
while ($tmp_data = mysql_fetch_row($result)) {
$price = $tmp_data[0];
}
## if price is not available, get the last available closing price
if (!$price) {
if ($adj_close) {
$query = "select close * (adj_close / close) from quotes_memory where symbol = '{$symbol}' and trade_date = (select max(trade_date) from quotes_memory where symbol = '{$symbol}') ";
} else {
$query = "select close from quotes_memory where symbol = '{$symbol}' and trade_date = (select max(trade_date) from quotes_memory where symbol = '{$symbol}') ";
}
try {
$query = stripslashes($query);
$result = queryMysql($query);
while ($tmp_data = mysql_fetch_row($result)) {
$price = $tmp_data[0];
}
} catch (Exception $e) {
echo "query: {$query} \n";
echo 'Caught exception: ', $e->getMessage(), "\n";
}
}
} catch (Exception $e) {
echo "query: {$query} \n";
echo 'Caught exception: ', $e->getMessage(), "\n";
}
return $price;
}
$error = $user = $pass = "";
if (isset($_SESSION['user'])) {
destroySession();
}
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br /><br />";
} else {
$query = "SELECT * FROM rnmembers WHERE user = '******'";
if (mysql_num_rows($queryMysql($query))) {
$error = "That username already exists<br /><br />";
} else {
$query = "INSERT INTO rnmembers VALUES<'{$user}','{$pass}')";
queryMysql($query);
}
die("<h4>Account created</h4>Please Log in.");
}
}
echo <<<_END
<form method='post' action='rnsignup.php'>{$error}
Username <input type='text' maxlength='16' name='user' vallue='{$user}'
onBlur='checkUser(this)'/><span id='info'></span><br />
Password <input type='text' maxlength='16' name='pass'
value='{$pass}' /><br />
<input type='submit' value='Signup' />
</form>
_END
;
} elseif (isset($_GET['remove'])) {
$remove = sanitizeString($_GET['remove']);
queryMysql("DELETE FROM friends WHERE user='******' AND friend='{$user}'");
}
$result = queryMysql("SELECT user FROM members ORDER BY user");
$num = mysqli_num_rows($result);
echo "<h3>Other Members</h3><ul>";
for ($j = 0; $j < $num; ++$j) {
$row = mysqli_fetch_row($result);
if ($row[0] == $user) {
continue;
}
echo "<li><a href='members.php?view={$row['0']}'>{$row['0']}</a>";
$follow = "follow";
$t1 = mysqli_num_rows(queryMysql("SELECT * FROM friends\n\t\tWHERE user='******'0']}' AND friend='{$user}'"));
$t2 = mysqli_num_rows(queryMysql("SELECT * FROM friends\n\t\tWHERE user='******' AND friend='{$row['0']}'"));
if ($t1 + $t2 > 1) {
echo " {$harr}; is a mutual friend";
} elseif ($t1) {
echo " ← you are following";
} elseif ($t2) {
echo " → is following you";
$follow = "recip";
}
if (!$t1) {
echo " [<a href='members.php?add=" . $row[0] . "'>{$follow}</a>]";
} else {
echo " [<a href='members.php?remove=" . $row[0] . "'>drop</a>]";
}
}
?>
<?php
require_once 'functions.php';
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$result = queryMysql("SELECT * FROM members WHERE user='******'");
if ($result->num_rows) {
echo "<span class='taken'> ✘ " . "This username is taken</span>";
} else {
echo "<span class='available'> ✔ " . "This username is available</span>";
}
}
$group_title = $_SESSION['groupTitle'];
$resultB = queryMysql("SELECT * FROM individual_group WHERE title='{$group_title}' AND user='******'");
if ($resultB->num_rows) {
$message = "Already in group";
$inGroup = True;
} else {
queryMysql("INSERT INTO individual_group VALUES('0', '{$group_title}', '{$user}')");
$inGroup = True;
}
}
addPointsToUser($user);
} elseif (isset($_GET['leave'])) {
$group_title = $_SESSION['groupTitle'];
$resultB = queryMysql("SELECT * FROM individual_group WHERE title='{$group_title}' AND user='******'");
if ($resultB->num_rows) {
queryMysql("DELETE FROM individual_group WHERE title='{$group_title}' AND user='******'");
$inGroup = False;
}
decreasePointsToUser($user);
}
if (!$loggedin) {
die("\n<!DOCTYPE html>\n<html>\n <head>\n <title>View Watching list</title>\n <link type='text/css' rel='stylesheet' href='findMembers.css'/> \n <link rel='stylesheet' href='jquery-ui.min.css'>\n <link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet'>\n <link href='http://s3.amazonaws.com/codecademy-content/courses/ltp2/css/bootstrap.min.css' rel='stylesheet'>\n <link rel='alternate' type='application/rss+xml' title='RSS' href='http://www.csszengarden.com/zengarden.xml'>\n <script src='//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script type='text/javascript' src='jquery.js'></script>\n <script src='menu.js'></script>\n <script src='filter.js'></script>\n <script src='https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script src='insideFilter.js'></script>\n </head>\n <body class='overbody'>\n <div class='topbar'>\n <div class='container'>\n\n <ul class='menu'>\n <li><a href='index.php'>Home</a></li>\n <li><a href='activity.php'>Activity</a></li>\n <li><a href='allChatRooms.php'>Chat</a></li>\n <li class='dropdown'>\n <a href='#' class='dropdown-toggle'>Me<b class='caret'></b></a>\n <ul class='dropdown-menu'>\n <li><a href='profile.php'>Profile</a></li>\n <li><a href='photos.php'>My Photos</a></li>\n <li><a href='viewwatching.php'>Watching</a></li>\n <li><a href='viewwatchers.php'>My Watchers</a></li>\n <li><a href='messages.php'>Messages</a></li> \n <li><a href='logout.php'>Log out</a></li>\n </ul>\n </li>\n </ul>\n \n </div>\n </div>\n <div class='inputEverything'>\n <div class='members'>\n <div id='response'>Your are not logged in <br>\n <br> Please <a href='login.php'>Click Here</a> to log in <br>\n <br> Or Please <a href='signup.php'>Click Here</a> to sign up\n </div>\n </div>\n </div>\n </body>\n</html>\n ");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Group Page</title>
<link type='text/css' rel='stylesheet' href='group.css'/>
<link rel='stylesheet' href='jquery-ui.min.css'>
// When form is submitted, sanitize inputs and check for validity.
if (isset($_POST['user'])) {
$user = sanitizeString($db, $_POST['user']);
$pass = sanitizeString($db, $_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br>";
} else {
$result = queryMysql("SELECT * FROM USERS WHERE userid='{$user}'");
if ($result->num_rows) {
$error = "That username already exists<br>";
} else {
// Salt and hash passwords before adding to database.
$salt1 = "2Qs0r@";
$salt2 = "J0n@\$";
$token = hash('ripemd128', "{$salt1}{$pass}{$salt2}");
queryMysql("INSERT INTO USERS VALUES('{$user}', '{$token}')");
// Clear forms and present sign in link.
echo "<script>\$(\"#primaryForm\").remove();</script>";
die("<h4>Account created</h4>Please <a href='signin.php'>sign in.</a><br>");
}
}
}
// Remove top sign up button, present sign up form.
// The Ajax script is called when a character is typed into the username field.
echo <<<_END
<script>
\$("#signUpBtn").remove();
</script>
<form class='form-signin' method='post' action='signup.php'>
<div class='main'><h3>Please enter your details to sign up</h3>
<input class="wideInput" type='text' maxlength='16' name='user' value='{$user}' placeholder='Username' required autofocus onkeyup='checkUser(this)'>
</head>
<body background="green.jpg">
<?php
// Example 21-7: login.php
include_once 'header.php';
echo "<div class='main'><h3>Please enter your details to log in</h3>";
$error = $user = $pass = "";
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br />";
} else {
$query = "SELECT user,password FROM members\n WHERE user='******' AND password='******'";
if (mysql_num_rows(queryMysql($query)) == 0) {
$error = "<span class='error'>Username/Password\n invalid</span><br /><br />";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='members.php?view={$user}'>" . "click here</a> to continue.<br /><br />");
}
}
}
echo <<<_END
<table width="65%" height="258" align="center">
<br>
<table width="300" border="1" cellpadding="4" cellspacing="0" align="center" bgcolor="#FFFFFF" class="table">
<form method='post' action='login.php'>{$error}
<tr>
<td>
// profile.php
include_once 'header.php';
if (!$loggedin) {
die;
}
echo "<div class='main'><h3>Your Profile</h3>";
if (isset($_POST['text'])) {
$text = sanitizeString($conn, $_POST['text']);
$text = preg_replace('/\\s\\s+/', ' ', $text);
if (queryMysql($conn, "SELECT * FROM `profiles` WHERE `user`='{$user}'")->num_rows) {
queryMysql($conn, "UPDATE `profiles` SET `text`='{$text}' where `user`='{$user}'");
} else {
queryMysql($conn, "INSERT INTO `profiles` VALUES(NULL,'{$user}', '{$text}')");
}
} else {
$result = queryMysql($conn, "SELECT * FROM `profiles` WHERE `user`='{$user}'");
if ($result->num_rows) {
$row = mysqli_fetch_row($result);
$text = stripslashes($row[1]);
} else {
$text = "";
}
}
$text = stripslashes(preg_replace('/\\s\\s+/', ' ', $text));
if (isset($_FILES['image']['name'])) {
$saveto = "{$user}.jpg";
move_uploaded_file($_FILES['image']['tmp_name'], $saveto);
$typeok = TRUE;
switch ($_FILES['image']['type']) {
case "image/gif":
$src = imagecreatefromgif($saveto);
_END;
$error = $user = $pass = "";
if (isset($_SESSION['user'])) {
destroySession();
}
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br><br>";
} else {
$result = queryMysql("SELECT * FROM members WHERE user='******'");
if ($result->num_rows) {
$error = "That username already exists<br><br>";
} else {
queryMysql("INSERT INTO members VALUES('{$user}', '{$pass}')");
die("<h4>Account created</h4>Please Log in.<br><br>");
}
}
}
echo <<<_END
<form method='post' action='signup.php'>{$error}
<span class='fieldname'>Username</span>
<input type='text' maxlength='16' name='user' value='{$user}'
onBlur='checkUser(this)'><span id='info'></span><br>
<span class='fieldname'>Password</span>
<input type='text' maxlength='16' name='pass'
value='{$pass}'><br>
_END;
?>
function getStockPrice($trade_date, $symbol, $time)
{
#$query = "select trade_date from price_history where symbol = 'AAPL' and trade_date_id = ";
#$query .= "(select trade_date_id - 1 from price_history where symbol = 'AAPL' and trade_date = '".$trade_date."') ";
$adj_close = true;
if ($adj_close) {
$query = "select {$time} * (adj_close / close) from quotes where symbol = '{$symbol}' and trade_date = '{$trade_date}' ";
} else {
$query = "select {$time} from quotes where symbol = '{$symbol}' and trade_date = '{$trade_date}' ";
}
try {
$query = stripslashes($query);
$result = queryMysql($query);
while ($tmp_data = mysql_fetch_row($result)) {
$price = $tmp_data[0];
#print "query: $query price: $price \n";
}
} catch (Exception $e) {
echo "query: {$query} \n";
echo 'Caught exception: ', $e->getMessage(), "\n";
}
return $price;
}
<?php
require_once 'online.php';
require_once 'requirefn.php';
if (isset($_GET['view'])) {
$view = sanitizeString($_GET['view']);
//$id=sanitizeString($_GET['id']);
$qry = queryMysql("SELECT `id` FROM `rnmessages` WHERE((`recip`='{$user}' OR `auth`='{$user}') AND (`auth`='{$view}' OR `recip`='{$view}')) ORDER BY `id` DESC");
$num = mysql_num_rows($qry);
for ($i = 0; $i < $num; $i++) {
$rslt = mysql_fetch_row($qry);
$var .= $rslt[0] . " ";
}
echo $var;
}
if (isset($_GET['status'])) {
$view = sanitizeString($_GET['status']);
$qry = queryMysql("SELECT `read` FROM `rnmessages` WHERE `auth`='{$user}' AND `recip`='{$view}' ORDER BY `id` DESC");
// $num=mysql_num_rows($qry);
//for($i =0 ;$i<$num ;$i++){
$rslt = mysql_fetch_row($qry);
$var .= $rslt[0] . " ";
// }
echo $var;
}