Пример #1
0
function save_xml_tutorial(&$file)
{
    global $username;
    debug_msg("File type is XML");
    $tmpfile = $file["tmp_name"];
    $filename = $file["name"];
    $filepath = "users/{$username}";
    debug_msg("Path: {$filepath}");
    $pathname = "{$filepath}/{$filename}";
    debug_msg("File will be saved as ../{$pathname}");
    // Check if file exists and if not, write the data
    if (file_exists("../{$pathname}")) {
        debug_msg("File exists - temporary storage");
        if (!is_dir("../{$filepath}/temp/")) {
            mkdir("../{$filepath}/temp/");
        }
        move_uploaded_file($tmpfile, "../{$filepath}/temp/{$filename}");
        $result = false;
    } else {
        move_uploaded_file($tmpfile, "../{$pathname}");
        debug_msg("Move succeeded");
        // update database
        $filenoext = stripextension($filename);
        open_db();
        $date = date("Y-m-d");
        $sql = "INSERT INTO file (file_date, file_author, file_path, file_name)" . " VALUES ('{$date}','{$username}','{$filepath}','{$filenoext}')" . " ON DUPLICATE KEY UPDATE file_date='{$date}';";
        query_db($sql);
        $result = $filenoext;
    }
    return $result;
}
Пример #2
0
function is_damaged($isbn, $copy)
{
    include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/db.inc.php';
    $select = 'SELECT is_damaged';
    $from = ' FROM book_copies';
    $where = ' WHERE isbn LIKE "' . $isbn . '" AND copy_num LIKE "' . $copy . '"';
    $result = query_db($link, $select . $from . $where);
    $book = mysqli_fetch_array($result);
    if ($book['is_damaged']) {
        return true;
    }
    return false;
}
Пример #3
0
function resetPasswordByToken($token)
{
    $row = get_row_null(sprintf("SELECT * FROM reset_password_tokens LEFT JOIN user_info ON reset_password_tokens.uid = user_info.uid WHERE reset_password_tokens.token='%s';", mysql_real_escape_string($token)));
    if (!$row) {
        return FALSE;
    }
    // check for token expiry
    $now = time();
    $tokentime = strtotime($row["timestamp"]);
    if ($now - $tokentime > 24 * 60 * 60) {
        return FALSE;
    }
    resetPassword($row, NULL);
    query_db(sprintf("DELETE FROM reset_password_tokens WHERE token='%s';", mysql_real_escape_string($token)));
    return TRUE;
}
Пример #4
0
<?php

# This file is part of MachDB.  For license info, read LICENSE
include 'include/config.php';
include 'include/common.php';
include 'include/smarty.php';
# connect to DB
$db = connect_db($mysqlserver, $mysqluser, $mysqlpassword, $mysqldatabase);
$queryhostid = $_GET['id'];
# query pkgs
$pkg_query = query_db("SELECT pkg.name,pkg.version,pkg.release,pkg.arch,host_pkg.timestamp,host_pkg.id AS host_pkg_id,pkg.id FROM pkg,host_pkg WHERE host_pkg.host_id = '{$queryhostid}' AND pkg.id = host_pkg.pkg_id ORDER BY timestamp,name");
while ($_row = mysql_fetch_assoc($pkg_query)) {
    $pkg[] = $_row;
}
$smarty->assign('pkg', $pkg);
$smarty->assign('hostid', $queryhostid);
$smarty->display('pkg.tpl');
close_db($db);
?>




	
Пример #5
0
<?php

require_once "connect.php";
// Gives us $con
require_once "thermo_functions.php";
require_once "constants.php";
$qry_str = 'SELECT  `value` FROM `status` WHERE `id` 
	IN (' . CURRENT_SETPOINT_ID . ', ' . CURRENT_TEMP_ID . ', ' . MODE_ID . ',
			' . OCCUPIED_ID . ', ' . HEAT_STATUS_ID . ', ' . COOL_STATUS_ID . ',
			' . FAN_STATUS_ID . ') ORDER BY `id` ASC;';
$result = query_db($con, $qry_str);
# 1
$entry = fetch_array_db($result);
$return['current_temp'] = $entry['value'];
# 2
$entry = fetch_array_db($result);
$return['current_setpoint'] = $entry['value'];
# 3
$entry = fetch_array_db($result);
$return['mode'] = $entry['value'];
# 18
$entry = fetch_array_db($result);
$return['occupied'] = $entry['value'];
# 19
$entry = fetch_array_db($result);
$return['heat_status'] = $entry['value'];
# 20
$entry = fetch_array_db($result);
$return['cool_status'] = $entry['value'];
# 21
$entry = fetch_array_db($result);
Пример #6
0
    query_db($link, $insert . $values);
    $update = 'UPDATE book_copies';
    $set = ' SET is_on_hold = 1';
    $where = ' WHERE isbn LIKE "' . $book['isbn'] . '" AND copy_num LIKE "' . $book['copy'] . '"';
    query_db($link, $update . $set . $where);
}
if (isset($_GET['futurehold'])) {
    session_start();
    include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/db.inc.php';
    $isbn = mysqli_real_escape_string($link, $_POST['isbn']);
    $user = mysqli_real_escape_string($link, $_SESSION['user']);
    $select = 'SELECT isbn, copy_num, MAX(return_date) as exp_date';
    $from = ' FROM issues NATURAL JOIN book_copies';
    $where = ' WHERE isbn LIKE "' . $isbn . '" AND ' . 'is_checked_out=1 AND is_on_hold=0 AND is_returned=0 AND is_damaged=0';
    $result = query_db($link, $select . $from . $where);
    if (mysqli_num_rows($result) > 0) {
        $book = mysqli_fetch_array($result);
        $update = 'UPDATE book_copies';
        $set = ' SET is_on_hold=1, future_requester="' . $user . '"';
        $where = ' WHERE isbn LIKE "' . $book['isbn'] . '" AND copy_num LIKE "' . $book['copy_num'] . '"';
        echo $update . $set . $where;
        query_db($link, $update . $set . $where);
        $insert = 'INSERT INTO issues (username, isbn, copy_num, issue_date, return_date)';
        $values = ' VALUES ("' . $user . '", "' . $book['isbn'] . '", "' . $book['copy_num'] . '", "' . $book['exp_date'] . '", DATE_ADD("' . $book['exp_date'] . '", INTERVAL 17 DAY))';
        echo $insert . $values;
        query_db($link, $insert . $values);
    } else {
        $error = 'Book is on hold';
    }
}
include 'search.html.php';
Пример #7
0
function has_result($query)
{
    $result = query_db($query);
    return mysql_num_rows($result) > 0;
}
Пример #8
0
function outputPlugins()
{
    connect_db();
    $ordervar = @$_GET["order"] ? quote_db(@$_GET["order"]) : "moddate";
    $asc_desc = @$_GET["sort"] ? quote_db(@$_GET["sort"]) : "DESC";
    $result = query_db("SELECT * FROM plugins ORDER BY {$ordervar} {$asc_desc}");
    $now = time();
    $i = 0;
    while ($row = mysql_fetch_array($result)) {
        $moddate_unix = strtotime($row['moddate']);
        $odd = $i % 2 == 1;
        $image_file = file_exists($row['image']) ? $row['image'] : "images/noicon.png";
        echo '<div class="box name' . ($odd ? ' odd' : '') . '" >';
        echo '  <img src="' . $image_file . '" alt="plugin icon" />';
        echo '  <a href="http://qsapp.com/plugins/plugins/' . $row['fullpath'] . '">' . $row['name'] . '</a>';
        if ($now - $moddate_unix <= 5184000) {
            echo '  <sup><span style="color:#ff0000;" >new!</span></sup>';
        }
        echo '</div>';
        echo '<div class="box version' . ($odd ? ' odd' : '') . '" >' . $row['version'] . ' </div>';
        echo '<div class="box updated' . ($odd ? ' odd' : '') . '" >' . $row['moddate'] . ' </div>';
        //	<div class="box" id="dl"><a href="'.$row['fullpath'].'"><img src="images/download.gif" /></a></div>';
        $i++;
    }
    echo '<p>&nbsp;</p>';
    close_db();
}
Пример #9
0
    fwrite($file, $data);
    fclose($file);
    debug_msg("File written");
    // select database
    open_db();
    // Is there a file in the DB with this name & path?
    $sql = "SELECT file_id FROM file WHERE file_name='{$filename}' AND file_path='{$filepath}';";
    $date = date("Y-m-d");
    $reply = "File {$filename} ";
    if ($key = query_one_item($sql)) {
        $sql = "UPDATE file SET file_date='" . $date . "' WHERE file_id = " . $key . ";";
        $reply .= "updated.";
    } else {
        $sql = "INSERT INTO file (file_date, file_author, file_path, file_name) " . "VALUES ('" . $date . "','" . $username . "','" . $filepath . "','" . $filename . "')";
        $reply .= "created.";
    }
    query_db($sql);
    // if a temp save exists, delete it
    $pathname = "../run/users/{$username}/temp/{$filename}.xml";
    if (file_exists($pathname)) {
        unlink($pathname);
        debug_msg("Temp save removed");
    }
    echo $reply . "\n";
    echo "../users/{$username}/{$filename}.xml";
} else {
    // file does not exist despite fopen
    header("HTTP/1.1 500 Internal Server Error");
    echo "\nFile could not be created";
}
exit;
Пример #10
0
query_db("ALTER TABLE `disk` CHANGE `size` `size` bigint UNSIGNED NOT NULL;");
print "ALTER TABLE `filesystem` CHANGE `size` `size` bigint UNSIGNED NOT NULL;\n";
query_db("ALTER TABLE `filesystem` CHANGE `size` `size` bigint UNSIGNED NOT NULL;");
print "ALTER TABLE `archive_filesystem` CHANGE `size` `size` bigint UNSIGNED NOT NULL;\n";
query_db("ALTER TABLE `archive_filesystem` CHANGE `size` `size` bigint UNSIGNED NOT NULL;");
# OS name can be over 30 characters, change to 100
print "ALTER TABLE `os` CHANGE `name` `name` varchar(100) NOT NULL DEFAULT '' ;\n";
query_db("ALTER TABLE `os` CHANGE `name` `name` varchar(100) NOT NULL DEFAULT '' ;");
# cpu gets unified_cache filed
print "ALTER TABLE `cpu` ADD `unified_cache` int(1) DEFAULT NULL  AFTER `cache`;\n";
query_db("ALTER TABLE `cpu` ADD `unified_cache` int(1) DEFAULT NULL  AFTER `cache`;");
# packages add 'release'
print "ALTER TABLE `pkg` ADD `release` varchar(30) DEFAULT NULL AFTER `version`;\n";
query_db("ALTER TABLE `pkg` ADD `release` varchar(30) DEFAULT NULL AFTER `version`;");
print "ALTER TABLE `pkg` ADD INDEX  (`release`);\n";
query_db("ALTER TABLE `pkg` ADD INDEX  (`release`);");
// If you want to use the 'release' field, uncomment the following block.
/*
# put all the pkg from db in an array
$result = query_db("SELECT * FROM `pkg` where `release` is NULL");
while ($pkg = mysql_fetch_array($result, MYSQL_ASSOC)) {
        $id = $pkg["id"];
        $name = $pkg["name"];
        $db_version = $pkg["version"];
        list($version,$release) = split("-", $db_version);
	query_db("UPDATE `pkg` SET `version` = '$version', `release` = '$release' WHERE `id` = '$id'");
	#print("UPDATE `pkg` SET `version` = '$version', `release` = '$release' WHERE `id` = '$id'\n");
	print("$name: $version  - $release\n");
}
*/
close_db($db);
Пример #11
0
 $location = $_POST['location'];
 // array. first item - lowest boundary, second - highest
 $range = explode('-', $_POST['price_range']);
 // range string for sql
 if ($range[0] == 0) {
     // if option any is selected,
     $range_sql = "";
 } else {
     if ($range[0] == 500000) {
         $range_sql = " AND price > '500000'";
     } else {
         $range_sql = " AND (price > '" . escape($db, $range[0]) . "' AND price < '" . escape($db, $range[1]) . "' )";
     }
 }
 $search_qry = "SELECT id, street, bedrooms, " . "bathrooms, squarefeet,  description, photo, price " . "FROM properties " . "WHERE city='" . $db->real_escape_string($location) . "'" . $range_sql;
 $search_result = query_db($db, $search_qry);
 // HTML generation
 session_start();
 echo "<p style=\"float: right;\">Welcome, " . $_SESSION['name'];
 // HTML generation
 echo "<p class=\"red_italics\">There are the properties that matched your search criteria in {$location}</p>";
 echo "<table border=\"1px black solid\">";
 echo "<tr><td>Street</td>" . "<td>Bedrooms</td>" . "<td>Bathrooms</td>" . "<td>Squarefeet</td>" . "<td>Description</td>" . "<td>Photo</td><td>Price</td></tr>";
 foreach ($search_result as $item) {
     echo "<tr>";
     foreach ($item as $key => $subitem) {
         if ($key == 'id') {
             continue;
         }
         // skip id part
         if ($key == 'photo') {
Пример #12
0
}
$query = query_db("SELECT DISTINCT arch FROM os ORDER BY arch");
while ($_row = mysql_fetch_assoc($query)) {
    $os_arch[] = $_row;
}
$query = query_db("SELECT DISTINCT vendor FROM os ORDER BY vendor");
while ($_row = mysql_fetch_assoc($query)) {
    $os_vendor[] = $_row;
}
$query = query_db("SELECT DISTINCT name FROM pkg ORDER BY name");
while ($_row = mysql_fetch_assoc($query)) {
    $pkg_name[] = $_row;
    $pkg_name_index_word = $_row['name'];
    $pkg_name_index[] = substr($pkg_name_index_word, 0, 1);
}
$query = query_db("SELECT DISTINCT arch FROM pkg ORDER BY arch");
while ($_row = mysql_fetch_assoc($query)) {
    $pkg_arch[] = $_row;
}
$smarty->assign('os', $os);
$smarty->assign('kernel', $kernel);
$smarty->assign('os_arch', $os_arch);
$smarty->assign('os_vendor', $os_vendor);
$smarty->assign('pkg_name_index', $pkg_name_index);
$smarty->assign('pkg_name', $pkg_name);
$smarty->assign('pkg_arch', $pkg_name);
$smarty->assign('date', $date);
$smarty->assign('pagetitle', $pagetitle);
$smarty->assign('querystring', $querystring);
$smarty->display('software.tpl');
close_db($db);
Пример #13
0
<?php

require_once 'mysql_login.php';
$bbc_total = query_db("SELECT SUM(bbc) FROM tblUsers");
$bbc_total = mysql_fetch_array($bbc_total)[0];
$guardian_total = query_db("SELECT SUM(guardian) FROM tblUsers");
$guardian_total = mysql_fetch_array($guardian_total)[0];
$telegraph_total = query_db("SELECT SUM(telegraph) FROM tblUsers");
$telegraph_total = mysql_fetch_array($telegraph_total)[0];
$dailymail_total = query_db("SELECT SUM(dailymail) FROM tblUsers");
$dailymail_total = mysql_fetch_array($dailymail_total)[0];
$times_total = query_db("SELECT SUM(times) FROM tblUsers");
$times_total = mysql_fetch_array($times_total)[0];
$sun_total = query_db("SELECT SUM(sun) FROM tblUsers");
$sun_total = mysql_fetch_array($sun_total)[0];
$total = $bbc_total + $guardian_total + $telegraph_total + $dailymail_total + $times_total + $sun_total;
$np = $_GET['np'];
$np_total = query_db("SELECT SUM({$np}) FROM tblUsers");
$np_total = mysql_fetch_array($np_total)[0];
$np_percent = $np_total / $total * 100;
echo $np_percent;
Пример #14
0
</head>

<body>

<?php 
    $file_id = $_GET["file"];
    // Make the query
    // select database
    open_db();
    $sql = "SELECT *, count(load_id) AS popularity FROM file";
    $sql .= " LEFT JOIN file_use ON (file.file_id = file_use.file_id)";
    $sql .= " WHERE (file.file_id={$file_id}) AND (file_author='{$username}') GROUP BY file.file_id";
    $result = query_db($sql);
    if ($record = mysqli_fetch_array($result)) {
        $sql2 = "select tag from file_tag WHERE file_id=" . $file_id;
        $tags = query_db($sql2);
        if ($tag = mysqli_fetch_array($tags)) {
            $tagcell = $tag["tag"];
            while ($tag = mysqli_fetch_array($tags)) {
                $tagcell = $tagcell . "; " . $tag["tag"];
            }
        } else {
            $tagcell = "";
        }
        ?>
      <form name="filedetails" action="file_manager.php"
            onSubmit="opener.focus();" onCancel="opener.focus();" method="post" >
  <b>File details</b> <br />
         <input type="hidden" name="key" value="<?php 
        echo $file_id;
        ?>
Пример #15
0
$db = connect_db($mysqlserver, $mysqluser, $mysqlpassword, $mysqldatabase);
$query = $_GET;
$archive = $_GET[archive];
# loop thru the variables in the query
foreach ($query as $key => $variable) {
    $querystring[] = " {$key}={$variable}";
    $variable = str_replace("*", "%", $variable);
    # host search
    if ($key == "hostname") {
        $hostname_query = query_db("SELECT hostname,id,timestamp FROM host WHERE {$key} LIKE '%{$variable}%' ORDER BY hostname");
        while ($_row = mysql_fetch_array($hostname_query)) {
            $hostname[] = $_row;
        }
        # if 'archive' is clicked
        if ($archive == "on") {
            $hostname_query = query_db("SELECT hostname,id,timestamp FROM archive_host WHERE {$key} LIKE '%{$variable}%' ORDER BY hostname");
            while ($_row = mysql_fetch_array($hostname_query)) {
                $hostname[] = $_row;
            }
        }
        $smarty->assign('hostname', $hostname);
    } else {
        $smarty->assign('noquery', $_GET);
    }
}
$smarty->assign('date', $date);
$smarty->assign('pagetitle', $pagetitle);
$smarty->assign('querystring', $querystring);
$smarty->display('search.tpl');
close_db($db);
?>
Пример #16
0
        $smarty->assign('host', $host);
    } elseif ($key == "host_disk_id") {
        $disk_query = query_db("SELECT disk.id AS disk_id,disk.*,host_disk.*,host_disk.id AS host_disk_id,host.hostname FROM disk,host_disk,host WHERE disk_id = disk.id AND host_disk.host_id = host.id AND host_disk.id = '{$variable}';");
        while ($_row = mysql_fetch_array($disk_query)) {
            $disk[] = $_row;
        }
        $disk_query = query_db("SELECT disk.id AS disk_id,disk.*,archive_host_disk.*,archive_host_disk.id AS host_disk_id,host.hostname FROM disk,archive_host_disk,host WHERE disk_id = disk.id AND archive_host_disk.host_id = host.id AND archive_host_disk.id = '{$variable}' ORDER BY archive_host_disk.timestamp DESC;");
        while ($_row = mysql_fetch_array($disk_query)) {
            $disk[] = $_row;
        }
        $smarty->assign('disk', $disk);
    } elseif ($key == "fs_id") {
        if ($key == "fs_id") {
            $key = "filesystem.id";
        }
        $disk_query = query_db("SELECT = '{$variable}'");
        while ($_row = mysql_fetch_array($disk_query)) {
            $fs[] = $_row;
        }
        $smarty->assign('fs', $fs);
    } else {
    }
}
$smarty->assign('date', $date);
$smarty->assign('pagetitle', $pagetitle);
$smarty->assign('querystring', $querystring);
$smarty->display('history.tpl');
close_db($db);
?>

Пример #17
0
function display_sql_query()
{
    $default = "";
    if (isset($_POST['query'])) {
        $default = secure_display($_POST["query"]);
    }
    echo '<h1>SQL QUERY</h1>
	NB: read-only access.<br />
	<form method="POST" action="' . $_SERVER['PHP_SELF'] . '?sql_query">
		<textarea name="query" cols="120" rows="5">' . $default . '</textarea>' . gen_csrf() . '<br />
		<input type="submit" name="RUN" value="RUN" />
	</form>';
    if (isset($_POST["query"])) {
        $ret = query_db($_POST["query"]);
        if ($ret) {
            echo '<h1>QUERY RESULTS</h1>
			<table>';
            $header_displayed = FALSE;
            while ($result = $ret->fetchArray(SQLITE3_ASSOC)) {
                if (!$header_displayed) {
                    echo '<tr>';
                    foreach ($result as $field => $value) {
                        echo '<th class="std">' . secure_display($field) . '</th>';
                    }
                    echo '</tr>';
                    $header_displayed = TRUE;
                }
                echo '<tr>';
                foreach ($result as $field => $value) {
                    echo '<td>' . secure_display($value) . '</td>';
                }
                echo '</tr>';
            }
            echo '</table>';
        }
    }
}
Пример #18
0
function getrssurl()
{
    $result = query_db("SELECT url FROM tblNewspapers ORDER BY RAND() LIMIT 0,1");
    return mysql_fetch_array($result)[0];
}
Пример #19
0
function query_one_row($sql)
{
    $result = query_db($sql)->fetch_array();
    if (!$result) {
        debug_msg("No result found.");
        return false;
    } else {
        debug_msg("Result found.");
        return $result;
    }
}
Пример #20
0
function displayTestingSummary()
{
    $sql = sprintf("SELECT uid, pid from test_queue");
    $result = get_rows($sql);
    if (!$result) {
        echo "<span class='emptylist'>No puzzles in test queue</span>";
        return;
    }
    echo '<style type="text/css">';
    echo '.testingtable, .testingtable a { color: #999999; }';
    echo '.testingtable .name, .testingtable .current, .testingtable .past { color: #000000; font-weight: bold; }';
    $currqueue = array();
    foreach ($result as $r) {
        $currclass = NULL;
        $uid = $r['uid'];
        $pid = $r['pid'];
        if (isset($currqueue[$uid])) {
            $currqueue[$uid] .= "{$pid} ";
        } else {
            $currqueue[$uid] = "{$pid} ";
        }
        $currclass = ".a{$uid}-{$pid}";
        echo ".testingtable {$currclass}, .testingtable {$currclass} a {color: #000000; }\n";
    }
    echo "</style>\n";
    $sql = sprintf("SELECT user_info.uid, user_info.username, comments.id, type, timestamp, pid FROM comments\n        LEFT JOIN user_info on comments.uid = user_info.uid WHERE comments.type = 5\n        ORDER BY user_info.username, comments.pid");
    $result = query_db($sql);
    $r = mysql_fetch_assoc($result);
    $arr = array();
    while ($r) {
        $uid = $r['uid'];
        $pid = $r['pid'];
        $id = $r['id'];
        $timestamp = $r['timestamp'];
        $name = getUserName($uid);
        $arr[$uid] = "<tr><td class='name'>{$name}</td><td>";
        if (!isset($currqueue[$uid])) {
            $currqueue[$uid] = "";
        }
        $arr[$uid] .= '<span class="current">Current queue: ' . print_r($currqueue[$uid], true) . '</span><br />';
        $arr[$uid] .= '<span class="past">Past comments: </span><br />';
        $arr[$uid] .= "<span class='a{$uid}-{$pid}'>";
        $puzzlink = URL . "/puzzle.php?pid={$pid}";
        $arr[$uid] .= "<a href='{$puzzlink}'>{$pid}</a>: ";
        $arr[$uid] .= "<a href='{$puzzlink}#comm{$id}'>{$timestamp}</a> &nbsp; ";
        $r = mysql_fetch_assoc($result);
        while ($r) {
            if ($uid != $r['uid']) {
                $arr[$uid] .= "</td></tr>";
                break;
            }
            if ($pid != $r['pid']) {
                $pid = $r['pid'];
                $arr[$uid] .= "</span><br />\n" . "<span class=\"a" . $r['uid'] . "-" . $pid . "\">";
                $puzzlink = URL . "/puzzle.php?pid=" . $pid;
                $arr[$uid] .= "<a href=\"" . $puzzlink . "\">" . $pid . "</a>: ";
            }
            $arr[$uid] .= "<a href=\"" . $puzzlink . "#comm" . $r['id'] . "\">" . $r['timestamp'] . "</a> &nbsp; ";
            $r = mysql_fetch_assoc($result);
        }
    }
    if (!$arr) {
        echo "<div class='emptylist'>No comments</div>";
    }
    echo "<table class=\"testingtable\">\n";
    foreach ($arr as $key => $value) {
        echo $value . "\n";
    }
    echo "</table>\n\n";
}
Пример #21
0
            $users2[] = array('username' => $row['username'], 'check_num' => $row['check_num']);
        }
    }
    include 'freq_users.html.php';
    exit;
}
if (isset($_GET['report']) and $_GET['report'] == 'pop_subj') {
    include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/db.inc.php';
    $month1 = mysqli_real_escape_string($link, $_GET['month1']);
    $month2 = mysqli_real_escape_string($link, $_GET['month2']);
    $select = 'SELECT subject, COUNT(issueID) check_num';
    $from = ' FROM issues NATURAL JOIN books';
    $where = ' WHERE EXTRACT(MONTH from issue_date) = "';
    $groupby = ' GROUP BY subject';
    $orderby = ' ORDER BY check_num DESC LIMIT 3';
    if ($month1 != "") {
        $result = query_db($link, $select . $from . $where . $month1 . '"' . $groupby . $orderby);
        while ($row = mysqli_fetch_array($result)) {
            $subjects1[] = array('name' => $row['subject'], 'check_num' => $row['check_num']);
        }
    }
    if ($month2 != "") {
        $result = query_db($link, $select . $from . $where . $month2 . '"' . $groupby . $orderby);
        while ($row = mysqli_fetch_array($result)) {
            $subjects2[] = array('name' => $row['subject'], 'check_num' => $row['check_num']);
        }
    }
    include 'pop_subjects.html.php';
    exit;
}
header('Location: /project/search');
Пример #22
0
function update_filesystem_value($value, $key, $filesystem_id)
{
    query_db("UPDATE filesystem SET {$key} = '{$value}',timestamp = NOW() WHERE id = '{$filesystem_id}'");
    #echo "updated $key : $value \n";
}
Пример #23
0
<?php

// includes
include "helpers.php";
include "settings.php";
if (isset($_POST['submit_login'])) {
    $username = escape($db, $_POST['username']);
    $password = escape($db, $_POST['pswd']);
    $login_sql = "SELECT username, password " . "FROM agents WHERE username='******' AND password='******'";
    $login_result = query_db($db, $login_sql);
    if (empty($login_result)) {
        echo "<p class=\"red_italics\">Failure to login. <a href=\"/WebApps/DBExercise/login.php\">Try again</a>";
    } else {
        session_start();
        $_SESSION['name'] = $username;
        redirect("home.php");
    }
}
Пример #24
0
<img src="/WebApps/DBExercise/images//logo.png" width="600px" />
<?php 
// includes
include "helpers.php";
include "settings.php";
session_start();
echo "<p style=\"float: right;\">Welcome, " . $_SESSION['name'];
echo "<form action=\"logout.php\"><input type=\"submit\" name=\"logout\" value=\"Logout\" /></form>";
echo "<form action=\"home.php\"><input type=\"submit\" value=\"Home\" /></form>";
$prop_id = $_GET['propID'];
// sql to get property details
$prop_details_sql = "SELECT * FROM properties WHERE id={$prop_id}";
// query the database
$prop_details = query_db($db, $prop_details_sql)[0];
// sql to get agent details
$agent_details_sql = "SELECT agents.name, agents.phone, agents.fax, agents.email" . "           FROM agents JOIN properties ON agents.agentID=properties.agentId WHERE properties.id={$prop_id}";
// get agetnt details
$agent_details = query_db($db, $agent_details_sql)[0];
echo "<div>";
echo "<image src=\"images/full/" . $prop_details['photo'] . "\" style=\"float: right; margin-right: 28em;\"/>";
echo "<p class=\"italics\">Street: " . $prop_details['street'] . "</p>";
echo "<p class=\"italics\">Bedrooms: " . $prop_details['bedrooms'] . "</p>";
echo "<p class=\"italics\">Bathrooms: " . $prop_details['bathrooms'] . "</p>";
echo "<p class=\"italics\">Squarefeet: " . $prop_details['squarefeet'] . "</p>";
echo "<p class=\"italics\">Price: " . $prop_details['price'] . "</p>";
echo "</div>";
echo "<p>" . $prop_details['description'] . "</p>";
echo "<p>Contact: " . $agent_details['name'] . ". Email: " . $agent_details['email'] . ". Tel: " . $agent_details['phone'] . ". Fax: " . $agent_details['fax'] . "</p>";
// set cookie
set_property_cookie($prop_details['street']);
Пример #25
0
        $disk_query = query_db("select disk.*,host_disk.*,host.hostname,host_disk.id AS host_disk_id from disk,host_disk,host where disk_id = disk.id and host_disk.host_id = host.id and {$key} = '{$variable}'");
        while ($_row = mysql_fetch_array($disk_query)) {
            $disk[] = $_row;
        }
        $smarty->assign('disk', $disk);
    } elseif ($key == "pkg_id" || $key == "pkg_arch" || $key == "pkg_name") {
        if ($key == "pkg_id") {
            $key = "pkg.id";
        }
        if ($key == "pkg_arch") {
            $key = "arch";
        }
        if ($key == "pkg_name") {
            $key = "pkg.name";
        }
        $pkg_query = query_db("SELECT   pkg.id,pkg.name,pkg.arch,pkg.version,pkg.release,\n\t\t\t\t\t\thost_pkg.host_id,host_pkg.timestamp,\n\t\t\t\t\t\thost.hostname,\n\t\t\t\t\t\thost_pkg.id AS host_pkg_id\n\t\t\t\t\t\tFROM pkg,host_pkg,host\n\t\t\t\t\t\tWHERE host_pkg.pkg_id = pkg.id\n\t\t\t\t\t\tAND host_pkg.host_id = host.id\n\t\t\t\t\t\tAND {$key} = '{$variable}'");
        while ($_row = mysql_fetch_array($pkg_query)) {
            $pkg[] = $_row;
        }
        $smarty->assign('pkg', $pkg);
    } else {
    }
}
$smarty->assign('date', $date);
$smarty->assign('pagetitle', $pagetitle);
$smarty->assign('querystring', $querystring);
$smarty->display('browse.tpl');
close_db($db);
?>

Пример #26
0
function get_task_analyses($task_id)
{
    global $db_handler;
    $task_id_s = secure_sql($task_id);
    if (!is_numeric($task_id)) {
        error("[get_task_analyses] Task ID not int: " . $task_id_s, "SECURITY");
        return NULL;
    }
    $results = query_db("SELECT a.analysis_id,kernel_analysis,SUM(s.score) AS 'total_score',state FROM analysis a,(SELECT signature_id,analysis_id,score FROM signature UNION SELECT 0,analysis_id,0 FROM analysis) s WHERE task_id = '" . $task_id_s . "' AND s.analysis_id = a.analysis_id GROUP BY a.analysis_id ORDER BY a.analysis_id ASC");
    return $results;
}
Пример #27
0
                    } else {
                        // success
                        $image_name = $filename . $type;
                    }
                }
            }
        }
    }
    // end of: if no file upload errors
} else {
    ## retrieve user photo from file system
    if (isset($_GET['id']) && !empty($_GET['id'])) {
        $user_id = $_GET['id'];
        $sql = "SELECT filename, type FROM user_photo WHERE ";
        $sql .= "user_id = {$user_id}";
        $result = query_db($sql);
        if (mysqli_num_rows($result) != 0) {
            $res_array = fetch_array($result);
            $filename = $res_array['filename'];
            $type = str_replace('image/', '', $res_array['type']);
            $image_dir = SITE_ROOT . DS . "uploaded_images" . DS;
            if (!file_exists($image_dir . $filename . $type)) {
                // $photo_errors[] = 'We don\'t have a profile picture in our systems of you. You should upload one.';
                $image_name = "";
            } else {
                $image_name = $filename . $type;
            }
        } else {
            $image_name = "";
            // here you could assign a standard image prompting upload of a profile pic
        }
Пример #28
0
function markUnseen($uid, $pid)
{
    $sql = sprintf("INSERT INTO last_visit (pid, uid, date) VALUES ('%s', '%s', 'NULL')\n        ON DUPLICATE KEY UPDATE date='NULL'", mysql_real_escape_string($pid), mysql_real_escape_string($uid));
    query_db($sql);
}
Пример #29
0
<?php

include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/helpers.inc.php';
if (isset($_GET['track'])) {
    include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/db.inc.php';
    $isbn = mysqli_real_escape_string($link, $_POST['isbn']);
    $title = mysqli_real_escape_string($link, $_POST['title']);
    $select = 'SELECT isbn, title, shelf_num, aisle_num, floor_num';
    $from = ' FROM locations NATURAL JOIN books';
    $where = ' WHERE TRUE';
    if ($isbn != '') {
        $where .= ' AND isbn LIKE "' . $isbn . '"';
    } elseif ($title != '') {
        $where .= ' AND title LIKE "%' . $title . '%"';
    }
    $result = query_db($link, $select . $from . $where);
    while ($row = mysqli_fetch_array($result)) {
        $locations[] = array('isbn' => $row['isbn'], 'title' => $row['title'], 'shelf' => $row['shelf_num'], 'aisle' => $row['aisle_num'], 'floor' => $row['floor_num']);
    }
    include 'results.html.php';
    exit;
}
include 'track.html.php';
Пример #30
0
<?php

require_once "connect.php";
// Gives us $con
require_once "thermo_functions.php";
require_once "constants.php";
// Sanitize Input
$val = $con->real_escape_string($_POST['value']);
$id = $con->real_escape_string($_POST['id']);
// Update DB
$qry_str = 'UPDATE `thermostat`.`status` SET `value` ="' . $val . '" WHERE `status`.`id` =' . $id . ';';
$entry = query_db($con, $qry_str);
echo json_encode($entry);