} } } echo constructAdminSearchTablesRow($data['name'], $data['id'], $data['leaders'], $data['advisor'], $data['status'], $linkContents); } } else { echo "<tr><td>Could Not Find Any Data for the Selected Category</td></tr>"; } } else { if ($action == 'namesearch') { if (isset($_GET['v'])) { $username = ""; if (isset($_SESSION['user'])) { $username = sanatizeInput($_SESSION['user']); } $value = sanatizeInput($_GET['v']); $query = "SELECT c.id as id, c.name as name, c.mission_statement as mission, CONCAT_WS(', ', GROUP_CONCAT(DISTINCT leader.preferred_name, ' ', leader.last_name SEPARATOR ', ')) as leader_name, advisor.preferred_name as advisor_first, advisor.last_name as advisor_last\n FROM taftclubs.club as c\n INNER JOIN sgstudents.seniors_data as advisor\n ON c.advisor = advisor.id\n INNER JOIN taftclubs.clubjoiners as j\n ON c.id = j.clubId\n INNER JOIN sgstudents.seniors_data as leader\n ON leader.id = j.userId\n INNER JOIN taftclubs.clubcategories as category\n ON c.category = category.id\n WHERE j.hasLeft = 0 AND j.isLeader = 1 AND c.approved = 1 AND c.status = 5"; $result = ""; if ($value == 'All') { $result = $conn->query($query . $endOfQuery); } else { $result = $conn->query($query . " AND c.name LIKE '%{$value}%'" . $endOfQuery); } if ($result->num_rows > 0) { while ($item = $result->fetch_assoc()) { echo constructCatSearchWidgetString($item['name'], $item['id'], $item['leader_name'], $item['advisor_first'], $item['advisor_last'], $item['mission'], isPartOfClub($username, $item['id'], $conn)); } } else { echo "Oops, There doesn't seem to be anything here yet! Try creating a club with this name!"; } } else {
<?php /* Method: GET Parameters: [field] = field authenticating for [value1] = input value 1 [value2] = input value 2 */ require 'SQLUtils.php'; $field = $value1 = $value2 = ""; if (isset($_GET['field'])) { $field = sanatizeInput($_GET['field']); $conn = getSQLConnectionFromConfig(); if ($field == 'add_leader') { if (isset($_GET['value1']) && isset($_GET['value2'])) { $ret = array('answer' => 0); $value1 = sanatizeInput($_GET['value1']); $value2 = sanatizeInput($_GET['value2']); $result = $conn->query("SELECT EXISTS(SELECT preferred_name, last_name\n\t\t\t FROM sgstudents.seniors_data\n WHERE (preferred_name = '{$value1}' OR first_name = '{$value1}') AND last_name = '{$value2}') as answer"); $data = $result->fetch_assoc(); $ret['answer'] = $data['answer']; echo json_encode($ret); } } $conn->close(); }
<?php if (!isset($_GET['clubId'])) { exit; } require 'scripts/SQLUtils.php'; require 'scripts/club_utils.php'; $clubId = sanatizeInput($_GET['clubId']); $conn = getSQLConnectionFromConfig(); $posts = getClubFeedPosts($clubId, $conn); ?> <h2>Posts: </h2> <ul class="posts"> <?php foreach ($posts as $post) { $poster = $post['poster']; $datePosted = $post['dateCreated']; $content = $post['content']; ?> <li> <div>Posted By: <?php echo $poster; ?> </div> <div>On: <?php echo $datePosted; ?> </div> <div><?php echo $content; ?>
<?php session_start(); require 'scripts/SQLUtils.php'; require 'scripts/index_utils.php'; $action = ""; if (isset($_REQUEST['action'])) { $action = sanatizeInput($_REQUEST['action']); } $conn = getSQLConnectionFromConfig(); ?> <!DOCTYPE> <html> <head> <title>Taft Clubs</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" type="text/css" href="style/common.css"> <link rel="stylesheet" type="text/css" href="index.css"> <script src="js/jquery-2.1.4.min.js"></script> <script type="text/javascript"> var loadMyClubs = false; <?php if ($action == "myclubs") { echo "loadMyClubs = true;"; } ?> </script> </head> <body> <div class="popOut">
$SCHOOL_YEAR = 2016; session_start(); //Must be authenticated to get to this page if (!isset($_SESSION['user'])) { echo "NO USER"; exit; } require 'SQLUtils.php'; require 'category_utils.php'; require 'club_utils.php'; require 'index_utils.php'; $json = file_get_contents("php://input"); $_POST = json_decode($json, true); $request_type = ""; if (isset($_POST['request_type'])) { $request_type = sanatizeInput($_POST['request_type']); $conn = getSQLConnectionFromConfig(); if ($request_type == "savedraft") { $name = $_POST['title']; $advisor = explode(" ", $_POST['faculty_advisor']); $mission_statement = $_POST['mission_statement']; $status = $_POST['club_status']; $category = $_POST['category']; $catId = categoryToId($category, $conn); $query = "INSERT INTO taftclubs.club (name, advisor, mission_statement, sticky, status, approved, startDate, category, isJoinable, schoolYear)\n VALUES('{$name}', (SELECT id FROM sgstudents.seniors_data WHERE last_name = '{$advisor[1]}' AND (preferred_name = '{$advisor[0]}' OR first_name = '{$advisor[0]}')),\n '{$mission_statement}', 0, 1, 0, NOW(), {$catId}, 1, {$SCHOOL_YEAR})"; $conn->query($query); $clubid = $conn->insert_id; insertLeaders($_POST['leaders'], $clubid, $conn); foreach ($_POST['events'] as $event) { $eventStuff = explode(", ", $event); insertNewEvent($eventStuff[0], $eventStuff[1], $eventStuff[2], $eventStuff[3], $clubid, 1, $conn);