<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
$email = sqlEscape($_POST['email']);
$the_password = sqlEscape($_POST['password_confirm']);
if (strlen($the_password) > 5 && strlen($the_password) < 25 && filter_var($email, FILTER_VALIDATE_EMAIL)) {
$password = sqlSelect("SELECT password FROM users WHERE user_id = {$_SESSION['user']['id']};");
if (password_verify($the_password, $password[0]['password'])) {
if (sqlAction("UPDATE users SET email = '{$email}' WHERE user_id = {$_SESSION['user']['id']};")) {
echo json_encode(array('success' => true));
die;
}
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
session_start();
if (isset($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && isset($_GET['service_id'])) {
if (is_numeric($_SESSION['company']['id']) && is_numeric($_SESSION['me']['id']) && is_numeric($_GET['service_id'])) {
require '../../mysql/query.php';
if (sqlAction("INSERT INTO companies_employers_services (employer_id, service_id) VALUES ({$_SESSION['me']['id']}, {$_GET['service_id']});")) {
header('Location: ../../company?show=services');
die;
}
}
}
}
$update .= "name = CASE id {$update_description_text} END, ";
}
if ($update_price) {
$update .= "price = CASE id {$update_price_text} END, ";
}
if ($update_time) {
$update .= "time = CASE id {$update_time_text} END, ";
}
if ($update_category) {
$update .= "category_id = CASE id {$update_category_text} END, ";
}
$update = rtrim($update, ', ');
$rowsToUpdate = rtrim($rowsToUpdate, ',');
$update .= " WHERE id IN ({$rowsToUpdate});";
// echo $update;
// die;
if (sqlAction($update)) {
$success = true;
}
}
}
if (empty($newServiceFirstKey["'category'"])) {
$noNewServices = true;
}
if (!$update_description && !$update_price && !$update_time && !$update_category) {
$noChangesToExistingServices = true;
}
if ($success || $noNewServices && $noChangesToExistingServices) {
header('Location: ../../company?show=services');
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
if (isset($_GET['story']) && is_numeric($_GET['story'])) {
session_start();
require '../../../mysql/query.php';
$story = $_GET['story'];
$info = sqlSelect("SELECT COUNT(story_writers.user_id) AS num_of_writers, started_by_user FROM story_writers INNER JOIN story ON story_writers.story_id = story.story_id WHERE story_writers.story_id = {$story};");
if ($info[0]['num_of_writers'] > 2 && $info[0]['started_by_user'] == $_SESSION['me']['id']) {
if (sqlAction("UPDATE story SET status = 1 WHERE story_id = {$story};")) {
echo 1;
die;
}
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
session_start();
require '../../../mysql/query.php';
require '../../../lang/config.php';
if (isset($_SESSION['user']) && isset($_GET['id']) && is_numeric($_GET['id']) && isset($_GET['friend']) && is_numeric($_GET['friend'])) {
if (sqlAction("DELETE FROM friends WHERE friend_request_id = {$_GET['id']} AND user_id = {$_GET['friend']} AND friend_user_id = {$_SESSION['user']['id']} AND status = 0 AND sender != {$_SESSION['user']['id']};")) {
require '../../../lib/Firebase/url.php';
getFirebase($require = true);
$firebase = new Firebase\FirebaseLib($url, $token);
$firebaseArray = array('from' => array('user_id' => $_SESSION['user']['id'], 'user_name' => "{$_SESSION['user']['name']}"), 'group' => 'false', 'story' => 'false', 'time' => time(), 'type' => 'rejected_friend_request', 'unread' => 'true');
$firebase->push(usersNewsFeed($_GET['friend']), $firebaseArray);
if (isset($_GET['return_to_profile'])) {
header("Location: ../../../profile?view={$_GET['friend']}");
}
header('Location: ../../../profile?view=friends');
}
}
}
}
if (sqlAction($joinStory)) {
$num_of_writers = $writers[0]['num_of_writers'] + 1;
$story_writers = sqlSelect("SELECT user_id FROM `story_writers` WHERE story_id = {$story} AND user_id != {$_SESSION['me']['id']};");
$clients = array();
if ($writers[0]['max_writers'] == $num_of_writers) {
if (sqlAction("UPDATE story SET status = 1 WHERE story_id = {$story};")) {
if ($story_writers) {
$news_feed = "INSERT INTO users_news_feed (user_id, type_id, story_id, group_id, writer_id, have_read, date) VALUES";
foreach ($story_writers as $writer) {
$news_feed .= " ({$writer['user_id']}, 2, {$story}, null, null, 0, now()), ";
array_push($clients, 'private-' . $writer['user_id']);
}
$news_feed = rtrim($news_feed, ', ');
$news_feed .= ';';
if (sqlAction($news_feed)) {
$pusher->trigger($clients, 'news', json_encode(array('type' => 'story_began', 'value' => $story)));
echo 2;
die;
}
}
}
} else {
foreach ($story_writers as $writer) {
array_push($clients, 'private-' . $writer['user_id']);
}
$pusher->trigger($clients, 'writer_joined_story', json_encode(array('story_id' => $story, 'num_of_writers' => $num_of_writers, 'writer' => $_SESSION['me'])));
$pusher->trigger('main_channel', 'writer_joined_story', json_encode(array('story_id' => $story, 'num_of_writers' => $num_of_writers)));
echo 1;
die;
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
session_start();
if (isset($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && isset($_GET['service_id'])) {
if (is_numeric($_SESSION['company']['id']) && is_numeric($_SESSION['me']['id']) && is_numeric($_GET['service_id'])) {
require '../../mysql/query.php';
if (sqlAction("DELETE FROM companies_employers_services WHERE employer_id = {$_SESSION['me']['id']} AND service_id = {$_GET['service_id']};")) {
header('Location: ../../company?show=services');
die;
}
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
if (!is_numeric($_POST['news_id'])) {
die;
}
$news_id = $_POST['news_id'];
if (sqlAction("UPDATE users_news_feed SET have_read = 1 WHERE id = {$news_id} AND user_id = {$_SESSION['me']['id']};")) {
echo 'have_read';
die;
}
}
}
if ($friend['status'] == 0 && $friend['sender'] != $_SESSION['user']['id']) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"><a href=\"profile?view={$friend['user_id']}\">{$friend['username']}</a> har redan skickat vänförfrågan till dig");
}
}
}
}
}
if ($_SESSION['errors']) {
header('Location: ../../../profile?view=friends');
}
if (!$_SESSION['errors']) {
require '../../../lib/Firebase/url.php';
getFirebase($require = true);
$firebase = new Firebase\FirebaseLib($url, $token);
$firebaseArray = array('from' => array('user_id' => $_SESSION['user']['id'], 'user_name' => "{$_SESSION['user']['name']}"), 'group' => 'false', 'story' => 'false', 'time' => time(), 'type' => 'friend_request', 'unread' => 'true');
$friend_request = "INSERT INTO friends (user_id, friend_user_id, status, sender, date) VALUES ";
foreach ($users as $friend) {
$friend_request .= "({$_SESSION['user']['id']}, {$friend['user_id']}, 0, {$_SESSION['user']['id']}, now()), ";
}
$friend_request = rtrim($friend_request, ', ');
$friend_request .= ';';
foreach ($users as $new_friend) {
$firebase->push(usersNewsFeed($new_friend['user_id']), $firebaseArray);
}
if (sqlAction($friend_request)) {
$_SESSION['noty_message'] = array('text' => $translate['noty_message']['friend_request_sent']['text'], 'type' => $translate['noty_message']['friend_request_sent']['type'], 'dismissQueue' => $translate['noty_message']['friend_request_sent']['dismissQueue'], 'layout' => $translate['noty_message']['friend_request_sent']['layout'], 'theme' => $translate['noty_message']['friend_request_sent']['theme'], 'timeout' => $translate['noty_message']['friend_request_sent']['timeout']);
header('Location: ../../../profile?view=friends');
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
$old = sqlEscape($_POST['password']);
$new = sqlEscape($_POST['new_password']);
$new_repeat = sqlEscape($_POST['password_confirm']);
if (strlen($old) > 5 && strlen($old) < 25 && strlen($new) > 5 && strlen($new) < 25 && strlen($new_repeat) > 5 && strlen($new_repeat) < 25 && $new === $new_repeat) {
$password = sqlSelect("SELECT password FROM users WHERE user_id = {$_SESSION['user']['id']};");
if (password_verify($old, $password[0]['password'])) {
$pass = password_hash($new, PASSWORD_DEFAULT);
if (sqlAction("UPDATE users SET password = '******' WHERE user_id = {$_SESSION['user']['id']};")) {
echo json_encode(array('success' => true));
die;
}
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && is_numeric($_SESSION['me']['id']) && is_numeric($_POST['id'])) {
require '../../mysql/query.php';
$start = sqlEscape($_POST['start']);
if (sqlAction("DELETE FROM bookings WHERE id = {$_POST['id']} AND start = '{$start}';")) {
echo 1;
die;
} else {
echo 0;
die;
}
// $times = sqlSelect("SELECT id, booked_at, start, end, invoice, webpay, in_place FROM `bookings` WHERE DATE(`start`) = '{$day}' AND company_id = {$_SESSION['company']['id']} AND employer_id = {$_SESSION['me']['id']};");
// if ($times)
// echo json_encode($times);
// else
// echo 0;
// die;
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
if (strlen($_POST['new_password']) < 6) {
echo json_encode(array('password_too_short' => true));
die;
}
if (strlen($_POST['new_password']) > 25) {
echo json_encode(array('password_too_long' => true));
die;
}
$password = sqlEscape($_POST['new_password']);
$email = sqlEscape($_POST['email']);
$token = sqlEscape($_POST['token']);
$getUser = sqlSelect("SELECT user_id FROM users WHERE email = '{$email}' AND reset_password_key = '{$token}';");
if ($getUser) {
$newPassword = password_hash($password, PASSWORD_DEFAULT);
if (sqlAction("UPDATE users SET password = '******', reset_password_key = null WHERE user_id = {$getUser[0]['user_id']} AND email = '{$email}' AND reset_password_key = '{$token}';")) {
echo json_encode(array('success' => true));
die;
}
}
}
$_SESSION['group']['description'] = $description;
}
header('Location: ../../../groups/new');
} else {
$group_id = sqlAction("INSERT INTO groups (name, secret, open, chat_is_public, description, created) VALUES ('{$name}', {$secret}, {$open}, {$chat}, '{$description}', now());", $getLastId = true);
$group = sqlSelect("SELECT id, name FROM groups WHERE id = {$group_id};");
if ($group_id) {
$group_m = "INSERT INTO group_members (group_id, user_id, admin, joined) VALUES ({$group_id}, {$_SESSION['user']['id']}, 1, now());";
// $group_activity_history = "INSERT INTO groups_activity_history (user_id, group_id) VALUES ({$_SESSION['user']['id']}, {$group_id});";
sqlAction($group_m);
// sqlAction($group_activity_history);
$group_news_feed = "INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ({$group_id}, {$_SESSION['user']['id']}, 'group_created', 'null', now()), ";
if (!empty($group_members)) {
$group_invites = "INSERT INTO group_members (group_id, user_id, status, admin, joined) VALUES ";
foreach ($users_exists as $user) {
$group_invites .= "({$group_id}, {$user['user_id']}, 2, 0, 'null'), ";
$group_news_feed .= "({$group_id}, {$_SESSION['user']['id']}, 'invited', '{\"id\":{$user['user_id']}, \"username\":\"{$user['username']}\"}', now()), ";
}
$group_invites = rtrim($group_invites, ', ');
$group_invites .= ';';
sqlAction($group_invites);
}
$group_news_feed = rtrim($group_news_feed, ', ');
$group_news_feed .= ';';
sqlAction($group_news_feed);
$_SESSION['noty_message'] = array('text' => $translate['noty_message']['group_created']['text'], 'type' => $translate['noty_message']['group_created']['type'], 'dismissQueue' => $translate['noty_message']['group_created']['dismissQueue'], 'layout' => $translate['noty_message']['group_created']['layout'], 'theme' => $translate['noty_message']['group_created']['theme'], 'timeout' => $translate['noty_message']['group_created']['timeout']);
// header('Location: ../../../groups?view=new');
header('Location: ../../../groups/' . $group_id . '/news');
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../mysql/query.php';
if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_POST['id']) && is_numeric($_POST['id']) && !empty($_POST['timestamp'])) {
$timestamp = sqlEscape($_POST['timestamp']);
$schedule = sqlSelect("SELECT schedule.id, timestamp, booked, customers.first_name, customers.last_name, customers.mail FROM `schedule` LEFT JOIN customers ON schedule.customer_id = customers.id WHERE schedule.id = {$_POST['id']} AND timestamp = '{$timestamp}' AND company_id = {$_SESSION['company']['id']};");
if ($schedule) {
if (sqlAction("DELETE FROM schedule WHERE id = {$_POST['id']} AND timestamp = '{$timestamp}' AND company_id = {$_SESSION['company']['id']};")) {
if ($schedule[0]['booked'] == 1) {
} else {
echo 1;
}
}
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
if (isset($_GET['story']) && is_numeric($_GET['story'])) {
session_start();
require '../../../mysql/query.php';
$story = $_GET['story'];
if (sqlAction("DELETE FROM story_writers WHERE story_id = {$story};") && sqlAction("DELETE FROM row WHERE story_id = {$story};")) {
if (sqlAction("DELETE FROM story WHERE story_id = {$story};")) {
echo 1;
die;
}
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../mysql/query.php';
$data = json_decode($_POST['service']);
if (count($data) > 0) {
$response = array();
$category_id = 0;
if ((int) $data->service_id > 0) {
$category_id = (int) $data->service_id;
} else {
$category_id = sqlAction("INSERT INTO category (name) VALUES ('{$data->service_id}');", true);
}
if (sqlAction("UPDATE services SET name = '{$data->category}', price = {$data->price}, time = {$data->time}, category_id = {$category_id} WHERE id = {$data->id} AND company_id = {$_SESSION['company']['id']};")) {
echo json_encode(array(1, null));
die;
}
}
}
}
}
// Check if next round
// $next_round = sqlSelect("SELECT id FROM `story_writers` WHERE story_id = {$story} AND on_turn = 0 AND `id` IN (SELECT SUM(id + 1) FROM (SELECT id FROM `story_writers` WHERE story_id = {$story} AND on_turn = 1) AS next);");
$nextId = $my_turn[0]['id'] + 1;
$next_round = sqlSelect("SELECT id FROM `story_writers` WHERE story_id = {$story} AND on_turn = 0 AND `id` = {$nextId};");
$updateOnTurn = '';
if (!$next_round) {
$updateOnTurn = "UPDATE `story_writers` SET `on_turn` = 1, `date` = now() WHERE story_id = {$story} ORDER BY id LIMIT 1;";
} else {
// $updateOnTurn = "UPDATE story_writers SET on_turn = 1, date = now() WHERE story_id = {$_POST['story']} AND id = {$my_turn[0]['id']}+1 ORDER BY id DESC;";
$updateOnTurn = "UPDATE story_writers SET on_turn = 1, date = now() WHERE story_id = {$story} AND id = {$my_turn[0]['id']}+1;";
}
if (sqlAction($updateOnTurn)) {
$on_turn = sqlSelect("SELECT users.user_id, username, type FROM `users` INNER JOIN story_writers ON users.user_id = story_writers.user_id WHERE story_id = {$story} AND on_turn = 1;");
if (sqlAction("INSERT INTO users_news_feed (user_id, type_id, story_id, group_id, writer_id, have_read, date) VALUES ({$on_turn[0]['user_id']}, 1, {$story}, null, null, 0, now());")) {
$story_writers = sqlSelect("SELECT user_id FROM `story_writers` WHERE story_id = {$story} AND user_id != {$_SESSION['me']['id']} AND on_turn = 0;");
$clients = array();
foreach ($story_writers as $writer) {
if ($writer['user_id'] != $on_turn[0]['user_id']) {
array_push($clients, 'private-' . $writer['user_id']);
}
}
$pusher->trigger('private-' . $on_turn[0]['user_id'], 'news', json_encode(array('type' => 'my_turn', 'value' => array('story_id' => $story, 'previous_writer' => $_SESSION['me'], 'words' => $words))));
$pusher->trigger($clients, 'news', json_encode(array('type' => 'next_writer', 'value' => array('story_id' => $story, 'next_writer' => $on_turn))));
echo json_encode(array('success' => true, 'on_turn' => $on_turn, 'story' => $story));
die;
}
}
}
}
$text = sqlEscape($_POST['text']);
$rounds = sqlEscape($_POST['rounds']);
$current_round = 1;
$max_writers = 'null';
$nonsensmode = 1;
$public = 'null';
$with_group = $groupId;
$story = sqlAction("INSERT INTO story (title, rounds, current_round, max_writers, nonsens_mode, join_public, with_group, status, started_by_user, views) VALUES ('{$title}', {$rounds}, {$current_round}, {$max_writers}, {$nonsensmode}, {$public}, {$with_group}, 1, {$_SESSION['me']['id']}, 0);", $getLastId = true);
if ($story) {
if (sqlAction("INSERT INTO row (user_id, words, story_id, date) VALUES ({$_SESSION['me']['id']}, '{$text}', {$story}, now());")) {
$story_writers = "INSERT INTO story_writers (story_id, user_id, on_turn, round, date) VALUES ({$story}, {$_SESSION['me']['id']}, 0, 2, now()), ";
$writers = sqlSelect("SELECT user_id FROM group_members WHERE group_id = {$groupId} AND user_id != {$_SESSION['me']['id']};");
$i = 0;
foreach ($writers as $writer) {
if ($i == 0) {
$on_turn = 1;
} else {
$on_turn = 0;
}
$story_writers .= "({$story}, {$writer['user_id']}, {$on_turn}, {$current_round}, now()), ";
$i++;
}
$story_writers = rtrim($story_writers, ', ');
$story_writers .= ';';
if (sqlAction($story_writers)) {
$_SESSION['noty_message'] = array('text' => $translate['noty_message']['new_story_created']['text'], 'type' => $translate['noty_message']['new_story_created']['type'], 'dismissQueue' => $translate['noty_message']['new_story_created']['dismissQueue'], 'layout' => $translate['noty_message']['new_story_created']['layout'], 'theme' => $translate['noty_message']['new_story_created']['theme'], 'timeout' => $translate['noty_message']['new_story_created']['timeout']);
header("Location: ../../../write?story={$story}");
}
}
}
}
$end = $end->modify('+1 minute');
echo json_encode(array('timeBooked' => $timeAlreadyBooked, 'start' => $start->format('H:i'), 'end' => $end->format('H:i')));
die;
} else {
$customer_id = 0;
if ($data->customer_id > 0) {
// $customer = sqlSelect("SELECT customers.id AS customer_id, person_nr, services.id AS service_id FROM `customers` INNER JOIN services WHERE customers.id = {$data->customer_id} AND customers.person_nr = '{$data->personnr}' AND services.id = {$data->service};");
$customer = sqlSelect("SELECT id FROM `customers` WHERE id = {$data->customer_id} AND person_nr = '{$data->personnr}';");
$customer_id = $customer[0]['id'];
} else {
$customer_id = sqlAction("INSERT INTO customers (person_nr, first_name, last_name, mail, tel) VALUES ('{$data->personnr}', '{$data->fname}', '{$data->lname}', '{$data->mail}', '{$data->tel}');", true);
}
if ($customer_id) {
$start = $start->modify('-1 minute');
$end = $end->modify('+1 minute');
if (sqlAction("INSERT INTO bookings (booked_at, start, end, invoice, webpay, in_place, company_id, employer_id, service_id, customer_id) VALUES (now(), '{$start->format('Y-m-d H:i:s')}', '{$end->format('Y-m-d H:i:s')}', 0, 0, 0, {$_SESSION['company']['id']}, {$_SESSION['me']['id']}, {$data->service}, {$customer_id});")) {
echo 1;
die;
}
}
}
// echo $end->format('Y-m-d H:i');
// die;
// $test = 1;
// echo is_float($test);
// die;
// echo $numOfHours[0]['time'];
// die;
// echo json_encode($start);
// die;
// echo json_encode($data);
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
session_start();
require '../../../mysql/query.php';
require '../../../lang/config.php';
if (isset($_SESSION['user']) && isset($_GET['friend']) && is_numeric($_GET['friend'])) {
if (sqlAction("INSERT INTO friends (user_id, friend_user_id, status, sender, date) VALUES ({$_SESSION['user']['id']}, {$_GET['friend']}, 0, {$_SESSION['user']['id']}, now());")) {
require '../../../lib/Firebase/url.php';
getFirebase($require = true);
$firebase = new Firebase\FirebaseLib($url, $token);
$firebaseArray = array('from' => array('user_id' => $_SESSION['user']['id'], 'user_name' => "{$_SESSION['user']['name']}"), 'group' => 'false', 'story' => 'false', 'time' => time(), 'type' => 'friend_request', 'unread' => 'true');
$firebase->push(usersNewsFeed($_GET['friend']), $firebaseArray);
if (isset($_GET['return_to_profile'])) {
header("Location: ../../../profile?view={$_GET['friend']}");
}
header('Location: ../../../profile?view=friends');
}
}
}
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> {$member['username']} är redan inbjuden");
}
if ($member['status'] == 3) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> {$member['username']} önskar redan om att få gå med i gruppen");
}
}
header("Location: ../../../groups/{$group_id}/invite");
}
}
}
if (!$_SESSION['errors']) {
// $group_invites = "INSERT INTO group_invites (group_id, user_id, sent_by, status, sent) VALUES ";
$group_news_feed = "INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ";
$invite = "INSERT INTO group_members (group_id, user_id, status, admin, joined) VALUES ";
foreach ($users_exists as $user) {
// $group_invites .= "({$group_id}, {$user['user_id']}, '{\"id\":{$_SESSION['user']['id']}, \"username\":\"{$_SESSION['user']['name']}\"}', 0, now()), ";
$group_news_feed .= "({$group_id}, {$_SESSION['user']['id']}, 'invited', '{\"id\":{$user['user_id']}, \"username\":\"{$user['username']}\"}', now()), ";
$invite .= "({$group_id}, {$user['user_id']}, 2, 0, null), ";
}
// $group_invites = rtrim($group_invites, ', ');
$group_news_feed = rtrim($group_news_feed, ', ');
$invite = rtrim($invite, ', ');
// $group_invites .= ';';
$group_news_feed .= ';';
$invite .= ';';
if (sqlAction($group_news_feed) && sqlAction($invite)) {
$_SESSION['noty_message'] = array('text' => $translate['noty_message']['invite_sent']['text'], 'type' => $translate['noty_message']['invite_sent']['type'], 'dismissQueue' => $translate['noty_message']['invite_sent']['dismissQueue'], 'layout' => $translate['noty_message']['invite_sent']['layout'], 'theme' => $translate['noty_message']['invite_sent']['theme'], 'timeout' => $translate['noty_message']['invite_sent']['timeout']);
header("Location: ../../../groups/{$group_id}/invite");
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
if (!isset($_SESSION['user']) && !is_numeric($_POST['group']) && !is_numeric($_POST['memberId'])) {
die;
}
$group_id = $_POST['group'];
$memberId = $_POST['memberId'];
$group_info = sqlSelect("SELECT admin FROM `group_members` WHERE group_id = {$group_id} AND user_id = {$_SESSION['user']['id']};");
if ($group_info[0]['admin'] != 1) {
die;
}
$member = sqlSelect("SELECT admin FROM group_members WHERE group_id = {$group_id} AND user_id = {$memberId};");
if ($member[0]['admin'] == 1) {
$admin = 0;
$check = false;
}
if ($member[0]['admin'] == 0) {
$admin = 1;
$check = true;
}
if (sqlAction("UPDATE group_members SET admin = {$admin} WHERE group_id = {$group_id} AND user_id = {$memberId};")) {
echo json_encode(array('success' => true, 'check' => $check));
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
if (isset($_GET['story']) && is_numeric($_GET['story'])) {
session_start();
require '../../../mysql/query.php';
$story = $_GET['story'];
if (sqlAction("DELETE FROM story_writers WHERE story_id = {$story} AND user_id = {$_SESSION['me']['id']};")) {
echo 1;
die;
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
if (isset($_POST['description'])) {
$text = sqlEscape($_POST['description']);
if (sqlAction("UPDATE users SET personal_text = '{$text}' WHERE user_id = {$_SESSION['user']['id']};")) {
echo json_encode(array('success' => true));
die;
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
if (strlen($_POST['user']) < 3) {
die;
}
$user = $_POST['user'];
$getUser = sqlSelect("SELECT email, username FROM users WHERE username = '******' OR email = '{$user}';");
if ($getUser) {
$token = crypt(md5(time()));
$token = str_replace('/', '.', $token);
if (sqlAction("UPDATE users SET reset_password_key = '{$token}' WHERE username = '******'username']}';")) {
require '../../class.phpmailer.php';
$to = $getUser[0]['email'];
$text = '<h1>Lösenord återställning</h1><br /><div>Fortsätt genom att klicka på den <a href="https://greatnonsens.com/login/' . $getUser[0]['email'] . '/' . $token . '">här länken</a>.</div>';
$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->setFrom('*****@*****.**', 'Great nonsens');
$mail->addAddress($to, $getUser[0]['username']);
$mail->Subject = 'Glömt lösenord';
$mail->Body = $text;
$mail->IsHTML(true);
if (!$mail->send()) {
// echo "Mailer Error: " . $mail->ErrorInfo . '<br />';
// echo '<pre>'.print_r(error_get_last(), true).'</pre>';
} else {
echo json_encode(array('success' => true, 'users_mail' => $getUser[0]['email']));
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
require '../../../lang/config.php';
$group_id = sqlEscape($_POST['group_id']);
$group_name = sqlEscape($_POST['group_name']);
$group_description = sqlEscape($_POST['group_description']);
if (sqlAction("UPDATE groups SET description = '{$group_description}' WHERE id = {$group_id};") && sqlAction("INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ({$group_id}, {$_SESSION['user']['id']}, 'edited_description', 'null', now());")) {
// require '../../group_members.php';
// $members = getGroupMembers($group_id);
header("Location: ../../../groups/{$group_id}/description");
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
session_start();
require '../../../mysql/query.php';
if (isset($_SESSION['user'])) {
if (isset($_GET['page']) && isset($_GET['id'])) {
$groupId = $_GET['id'];
$status = $_GET['request'];
if ($status != 1 && $status != 3) {
die;
}
if ($status == 1) {
$type = 'joined_group';
} else {
if ($status == 3) {
$type = 'group_invite_request';
}
}
if (is_numeric($_GET['id'])) {
if (sqlAction("INSERT INTO group_members (group_id, user_id, status, admin, joined) VALUES ({$groupId}, {$_SESSION['user']['id']}, {$status}, 0, now());") && sqlAction("INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ({$groupId}, {$_SESSION['user']['id']}, '{$type}', null, now());")) {
header("Location: ../../../groups/{$groupId}/members");
}
}
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../mysql/query.php';
if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_POST['timestamp'])) {
$timestamp = sqlEscape($_POST['timestamp']);
$insert = sqlAction("INSERT INTO schedule (timestamp, booked, company_id, employer_id) VALUES ('{$timestamp}', 0, {$_SESSION['company']['id']}, {$_SESSION['me']['id']});", true);
if (is_numeric($insert)) {
echo $insert;
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
session_start();
require '../../../mysql/query.php';
require '../../../lang/config.php';
if (isset($_SESSION['user'])) {
if (isset($_GET['view']) && isset($_GET['admin'])) {
if (is_numeric($_GET['view']) && is_numeric($_GET['admin'])) {
$group_info = sqlSelect("SELECT admin FROM `group_members` WHERE group_id = {$_GET['view']} AND user_id = {$_SESSION['user']['id']};");
if ($group_info[0]['admin'] == 1) {
if (sqlAction("UPDATE group_members SET admin = 1 WHERE id = {$_GET['admin']};")) {
$member = sqlSelect("SELECT users.user_id, users.username, groups.id, groups.name FROM users INNER JOIN `group_members` INNER JOIN groups ON users.user_id = group_members.user_id AND groups.id = group_members.group_id WHERE group_members.id = {$_GET['admin']};");
if (sqlAction("INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ({$_GET['view']}, {$_SESSION['user']['id']}, 'made_admin', '{\"id\":{$member[0]['user_id']}, \"username\":\"{$member[0]['username']}\"}', now());")) {
header("Location: ../../../groups/{$_GET['view']}/members");
}
}
}
}
}
}
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../mysql/query.php';
$data = json_decode($_POST['services']);
if (count($data) > 0) {
$insert = "INSERT INTO services (name, price, time, category_id, company_id) VALUES ";
foreach ($data as $service) {
if ((int) $service->category > 0) {
$category_id = $service->category;
} else {
$category_id = sqlAction("INSERT INTO category (name) VALUES ('{$service->category}');", true);
}
$insert .= "('{$service->description}', {$service->price}, {$service->time}, {$category_id}, {$_SESSION['company']['id']}), ";
}
$insert = rtrim($insert, ', ');
$insert .= ';';
if (sqlAction($insert)) {
echo json_encode(array(1, null));
} else {
echo json_encode(array(0, null));
}
die;
}
}
