include 'logincheck.php';
$room = '';
//***** Errors loading config *****
$result = '';
$queryString = '';
include 'config.php';
include 'string.php';
//contains functions for string manipulation
include 'sql.php';
//contains all the sql functions
if (isset($_POST['roomID']) && !empty($_POST['roomID']) && isset($_POST['itemName']) && !empty($_POST['itemName'])) {
$roomID = $_POST['roomID'];
$itemName = $_POST['itemName'];
//check to ensure no sql injection attachs
$itemName = stringChecker($itemName);
//Uppercase the item name
$itemName = ucfirst($itemName);
$queryString = "insert into items (roomID,itemName) values ({$roomID},'{$itemName}');";
$result = insert($queryString, $itemName);
}
?>
<html>
<head>
<title>Checklist</title>
<?php
include 'head.txt';
?>
</head>
<body>
$roomID = $_POST['roomID'];
if ($_POST['aquired'] = 'on') {
$aquired = 1;
} else {
$aquired = 0;
}
if (empty($_POST['itemPrice'])) {
$price = null;
} else {
$price = stringChecker($_POST['itemPrice']);
}
if (empty($_POST['itemSize'])) {
$size = 'null';
} else {
//check for sql injection attacks
$size = stringChecker($_POST['itemSize']);
//wrap in quotes
$size = "'" . $size . "'";
}
//build query
$queryString = "update items set roomid={$roomID}, aquired={$aquired}, price={$price}, size={$size} where id={$id};";
//execute Query
$result = update($queryString);
if ($result = 'Updated') {
header('refresh:3;url=display.php');
}
}
//****** all below is for display purposes *******
//fills in drop down box with available rooms
$connection = mysql_connect($serverName, $dbUsername, $dbPassword);
// Selecting Database
<?php
include 'logincheck.php';
$room = '';
$result = '';
if (isset($_POST['room']) && !empty($_POST['room'])) {
//include config
include 'config.php';
include 'functions/string.php';
//contains functions for string manipulation
$room = stringChecker($room);
$room = $_POST['room'];
//fill in room
$room = ucfirst($room);
//upper case the first word
$connection = mysql_connect($serverName, $dbUsername, $dbPassword);
// Selecting Database
$db = mysql_select_db($dbName, $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("insert into rooms (roomName) Values('{$room}');", $connection);
if ($query == 1) {
$result = "{$room} added";
} else {
$result = 'Error';
}
mysql_close($connection);
// Closing Connection
}
?>
<html>
$result = '';
if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])) {
include 'config.php';
include 'functions/string.php';
//contains functions for string manipulation
//Declare Variables
// Define $username and $password
$username = $_POST['username'];
$passwd = $_POST['password'];
//Encrypt the password
$passwd = passwdEncrypt($passwd);
//ensure username is lowercase
$username = strtolower($username);
//check to ensure no sql injection attachs
$username = stringChecker($username);
$passwd = stringChecker($passwd);
//******To do, check the uname session exists otherwise return to login with error message
$connection = mysql_connect($serverName, $dbUsername, $dbPassword);
// Selecting Database
$db = mysql_select_db($dbName, $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("insert into users (username,passwd) Values('{$username}','{$passwd}');", $connection);
if ($query == 1) {
$result = "{$username} added";
} else {
$result = 'Error';
}
mysql_close($connection);
// Closing Connection
}
?>
//include config
include 'config.php';
include 'string.php';
//contains functions for string manipulation
//used to check login information
//Declare Variables
// Define $username and $password
$username = $_POST['username'];
$passwd = $_POST['password'];
//encrypt the password
$passwd = passwdEncrypt($passwd);
//ensure username is lowercase
$username = strtolower($username);
// To protect MySQL injection for Security purpose
$passwd = stringChecker($passwd);
$username = stringChecker($username);
$error = '';
// Variable To Store Error Message
$connection = mysql_connect($serverName, $dbUsername, $dbPassword);
//$username = stripslashes($username);
//$passwd = stripslashes($passwd);
//$username = mysql_real_escape_string($username);
//$passwd = mysql_real_escape_string($passwd);
// Selecting Database
$db = mysql_select_db($dbName, $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("SELECT id, username, passwd FROM users where passwd='{$passwd}' AND username='******'", $connection);
$rows = mysql_num_rows($query);
$resultRow = mysql_fetch_row($query);
if ($rows == 1) {
//session_start(); // Starting Session