function login2($user, $pass)
{
$con = new db();
$conc = $con->c();
$kcook = intval($_POST["remember"]);
$q = mysqli_query($conc, "SELECT `id`,`user`,`name`,`email`,`img1`,`img2`,`img3`,`bgcolor` FROM `users` WHERE (`user` = '{$user}' OR `email` ='{$user}') AND pass = '******'");
if (mysqli_num_rows($q) == 1) {
$r = mysqli_fetch_array($q);
setcookie("u", $r[1], time() + 52 * 60 * 60 * 24 * 7, "/");
$_SESSION["uid"] = $r[0];
$_SESSION["user"] = $r[1];
$_SESSION["name"] = $r[2];
$_SESSION["email"] = $r[3];
$_SESSION["p"] = $pass;
$_SESSION["color"] = $r[7];
$_SESSION["img1"] = $r[4];
$_SESSION["img2"] = $r[5];
$_SESSION["img3"] = $r[6];
$_SESSION["ula"] = md5("{$r['1']} {$pass} {$r['0']}");
$con->close_db_con($conc);
if (!valid_name($_SESSION["user"])) {
$_SESSION["set_user"] = "******";
header("location: ./?settings");
} else {
if ($kcook == 1) {
setcookie("um", $r[1], time() + 52 * 60 * 60 * 24 * 7, "/");
setcookie("pm", $pass, time() + 52 * 60 * 60 * 24 * 7, "/");
}
return true;
}
} else {
return false;
}
}
} else {
$q = mysqli_query($conc, "UPDATE users SET name= '{$name}', web = '{$web}', bio = '{$bio}', loc = '{$loc}',edu='{$edu}',work='{$work}',status ='{$status}',status_ = '{$status2}',bday='{$bday}',sex='{$sex}' WHERE id = {$uid}");
if ($q) {
echo "<div {$style} >Your profile has been successfully updated</div>";
} else {
echo "<div {$style} >Ooppss, something went wrong. Please try again.</div>";
}
}
$con->close_db_con($conc);
exit;
}
if (isset($_POST["account"])) {
$q = NULL;
$email = $_POST["email"];
$usern = $_POST["usern"];
if (!valid_name($usern)) {
echo "<div {$style}>'<b>{$usern}</b>' contains unsupported characters or spaces, and should be less than 20 chars. Please try again.</div>";
exit;
}
$q = mysqli_query($conc, "SELECT id FROM users WHERE user = '******'");
if (mysqli_num_rows($q) != 0 && $_SESSION["user"] != $usern) {
echo "<div {$style}>Sorry that username is already taken</div>";
$con->close_db_con($conc);
exit;
}
$lang = $_POST["lang"];
$protect = $_POST["protect"] == "on" ? 1 : 0;
$tz = $_POST["tz"];
if ($usern != $_SESSION["user"]) {
$_SESSION["user"] = $usern;
$red = "<script>setTimeout(function (){window.open('{$pth}/?settings','_parent');},200);</script><br/><div></div>";
?>
<?php
if (isset($_POST['submit_edits'])) {
$firstname = $_POST['textbox_FirstName'];
$lastname = $_POST['textbox_LastName'];
$address = $_POST['textbox_Address'];
$gender = $_POST['gender'];
$mobile = $_POST['textbox_Mobile'];
$firstname = htmlspecialchars($firstname);
$lastname = htmlspecialchars($lastname);
$address = htmlspecialchars($address);
if (!valid_name($firstname)) {
echo "Invalid First name<br/>";
} else {
if (!valid_name($lastname)) {
echo "Invalid Last name<br/>";
} else {
if (!valid_address($address)) {
echo "Invalid Address name<br/>";
} else {
if (!ctype_digit($mobile)) {
echo "Invalid Mobile Number<br/>";
} else {
update_user($user_id, 'FirstName', $firstname);
update_user($user_id, 'LastName', $lastname);
update_user($user_id, 'Address', $address);
update_user($user_id, 'Gender', $gender);
update_user($user_id, 'Mobile', $mobile);
}
}
}
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['dialog'] == 'contact') {
$errors = array();
$from = trim($_POST['email']);
$message = trim($_POST['msg']);
$contactquery = 'SELECT owner, finder, status FROM stuff
WHERE stuff.id = ' . $_POST['id'];
$results = mysqli_query($dbc, $contactquery);
check_results($results);
# Validate email and message
if (!valid_name($from)) {
$errors[] = 'Email';
}
if (!valid_name($message)) {
$errors[] = 'Message';
}
if (!empty($errors)) {
foreach ($errors as $field) {
echo '<span style="color: red; font-style: italic;"> - ' . $field . '</span>';
}
} else {
# echo "<p>Successfully added $fname $lname into Dead Presidents.</p>" ;
if ($results) {
$row = mysqli_fetch_array($results, MYSQLI_ASSOC);
switch ($row['status']) {
case 'found':
send_email($row['finder'], $from, "You found my item!", $message);
break;
case 'lost':
}
mysql_query("UPDATE user SET `pass`= '{$passNew}' WHERE `name`= '{$name}';");
$usr->pass = $passNew;
if (isset($_COOKIE['userName'])) {
setCookie("userName", $usr->name, time() + 3600000);
setCookie("userPass", $usr->pass, time() + 3600000);
}
echo "ok";
break;
case 'addtown':
if (!isset($_POST['name'])) {
echo __("Game error!");
exit;
}
$newName = mysql_real_escape_string($_POST['name']);
if (!valid_name($newName, false)) {
echo __("Invalid name!");
exit;
}
if (!($usr = initUser())) {
echo __("You cannot access this page!");
}
if ($usr->numTown > MAXTOWN) {
echo __("You have too many towns!");
exit;
}
$newTownID = addTown($newName);
mysql_query("UPDATE user SET `townID` = CONCAT(`townID`, ',{$newTownID}') WHERE `id`= '{$usr->id}';");
echo "ok";
break;
case 'deleteTown':
}
// Extra Large Pictures for full screen view.
if ($ftype == "longblob") {
$wtype = "lblob";
$fsize = "2000000";
$sqlbits = 32;
}
// Extra Large Pictures for full screen view.
if (!strcmp($fextra, "auto_increment")) {
$wtype = "hidden";
}
if ($fname == 'id' and $j == 0) {
$wtype = "hidden";
}
$sqlsize = $md["len"];
$fvname = valid_name($fname);
if (strcmp($PrevWtype, "hidden")) {
$fvals .= ",";
}
if ($j > 0) {
$fglob .= ",";
}
if (strcmp($PrevWtype, "hidden")) {
$fnams .= ",";
}
if (strcmp($wtype, "hidden")) {
$fnams .= $database->quote_identifier($fname);
}
$fglob .= "\$" . $fvname;
// Output some diags to web page
echo "<PRE>\nField: " . $fname . "\nType: " . $ftype . "\nSize: " . $fsize . "\nKey:\t " . $fkey . "\nNull: " . $fnull . "\nDefault: " . $fdefault . "\nExtra: " . $fextra . "\nComments: " . $fcomment . "\nWebType: " . $wtype . "\n</PRE>";
require 'includes/helpers.php';
# If user requests item (clicks quick link) make the appropriate GET request from quick links
# Otherwise, user submitted the form, so let's validate
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = array();
$desc = trim($_POST['desc']);
$location = $_POST['location'];
$owner = '';
$finder = trim($_POST['finder']);
$image_url = trim($_POST['img_url']);
# Validate description
if (!valid_name($desc)) {
$errors[] = 'description';
}
# Validate owner/finder email address
if (!valid_name($finder)) {
$errors[] = 'finder email address';
#echo '<p style="color:red; font-size:16px;">Please provide a first name.</p>' ;
}
if (!empty($errors)) {
echo '<span style="color: red">Error! Please enter</span>';
foreach ($errors as $field) {
echo '<span style="color: red; font-style: italic;"> - ' . $field . '</span>';
}
} else {
$result = insert_record($dbc, $desc, $location, $owner, $finder, 'found', $image_url);
echo "<p>Successfully added {$desc} into Stuff.</p>";
}
}
# Store current page in variable, call show_links and show_records functions using cur_page variable
$cur_page = $_SERVER['PHP_SELF'];
}
echo $usr->towns[$_SESSION['town']]->getAvailBld();
break;
case 'bld':
if (!isset($_GET['x'], $_GET['y'], $_GET['id'], $_SESSION['town'])) {
echo __("Game error!");
exit;
}
echo $usr->towns[$_SESSION['town']]->build($_GET['x'], $_GET['y'], intval($_GET['id']));
break;
case 'renametown':
if (!isset($_GET['new'])) {
echo __("Game error!");
exit;
}
if (!valid_name($_GET['new'])) {
echo __("Invalid name!");
exit;
}
echo $usr->towns[$_SESSION['town']]->rename(mysql_real_escape_string($_GET['new']));
break;
case 'getachiev':
echo $usr->getAchiev();
break;
case 'getquest':
if (!isset($_GET['id'])) {
echo __("Error!");
exit;
}
echo $quests[$_GET['id']]->toHTML($usr->towns[$_SESSION['town']]);
break;
<?php
session_start();
require_once "./scripts/db.php";
$str = $_SERVER['REQUEST_URI'];
$st = preg_split('-/-', $str);
$owner = $_GET[i];
//$st[count($st) - 1];
if (!valid_name($owner) || strstr($owner, "?")) {
$owner = false;
}
if (!$_SESSION["user"]) {
$_SESSION["uid"] = 0;
$_SESSION["user"] = "******";
$_SESSION["name"] = "Guest";
$_SESSION["img1"] = "/img/d70.jpg";
$_SESSION["img2"] = "/img/d150.jpg";
$_SESSION["img3"] = "/img/d500.jpg";
if (!$owner) {
header("location: ./?logout");
}
}
$_SESSION["mobile"] = 2;
$user = $_SESSION["user"];
$uid = $_SESSION["uid"];
$img = $_SESSION["img1"];
if ($uid == 0 && !$owner && !isset($_GET["mediaID"])) {
header("location: ./?logout");
}
$img2 = $_SESSION["img2"];
$img3 = $_SESSION["img3"];
# Includes these helper functions
require 'includes/helpers.php';
# Otherwise, user submitted the form, so let's validate
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = array();
$desc = trim($_POST['desc']);
$location = $_POST['location'];
$owner = trim($_POST['owner']);
$finder = '';
$image_url = trim($_POST['img_url']);
# Validate description
if (!valid_name($desc)) {
$errors[] = 'description';
}
# Validate owner/finder email address
if (!valid_name($owner)) {
$errors[] = 'owner email address';
#echo '<p style="color:red; font-size:16px;">Please provide a first name.</p>' ;
}
if (!empty($errors)) {
echo '<span style="color: red">Error! Please enter</span>';
foreach ($errors as $field) {
echo '<span style="color: red; font-style: italic;"> - ' . $field . '</span>';
}
} else {
$result = insert_record($dbc, $desc, $location, $owner, $finder, 'lost', $image_url);
echo "<p>Successfully added {$desc} into Stuff.</p>";
}
}
# Store current page in variable, call show_links and show_records functions using cur_page variable
$cur_page = $_SERVER['PHP_SELF'];
<?php
include "../controller/headers.php";
$conn = db_connect(_DB_SERVER_, _DB_USER_, _DB_PASSWD_, _DB_NAME_);
if (isset($_SESSION['id_customer']) && isset($_POST["mail"]) && valid_mail($_POST["mail"]) && isset($_POST["phone"]) && valid_phone($_POST["phone"]) && isset($_POST["address"]) && valid_address($_POST["address"]) && isset($_POST["delivery_address"]) && valid_address($_POST["delivery_address"]) && isset($_POST["shipping_address"]) && valid_address($_POST["shipping_address"]) && isset($_POST["postal"]) && valid_postal($_POST["postal"]) && isset($_POST["city"]) && valid_name($_POST["city"]) && isset($_POST["shipping_postal"]) && valid_postal($_POST["shipping_postal"]) && isset($_POST["shipping_city"]) && valid_name($_POST["shipping_city"]) && isset($_POST["delivery_postal"]) && valid_postal($_POST["delivery_postal"]) && isset($_POST["delivery_city"]) && valid_name($_POST["delivery_city"])) {
$stmt = $conn->prepare("UPDATE gc_customers SET mail=:r_mail, phone=:r_phone, address=:r_address, \n\t\tdelivery_address=:r_delivery_address, shipping_address=:r_shipping_address, postal_code=:r_postal_code, city=:r_city, \n\t\tdelivery_postal_code=:r_delivery_postal_code, delivery_city=:r_delivery_city, \n\t\tshipping_postal_code=:r_shipping_postal_code, shipping_city=:r_shipping_city WHERE id_customer=:r_customer");
$stmt->execute(array('r_mail' => $_POST['mail'], 'r_phone' => $_POST['phone'], 'r_address' => $_POST['address'], 'r_delivery_address' => $_POST['delivery_address'], 'r_shipping_address' => $_POST['shipping_address'], 'r_postal_code' => $_POST['postal'], 'r_city' => $_POST['city'], 'r_delivery_postal_code' => $_POST['delivery_postal'], 'r_delivery_city' => $_POST['delivery_city'], 'r_shipping_postal_code' => $_POST['shipping_postal'], 'r_shipping_city' => $_POST['shipping_city'], 'r_customer' => $_SESSION['id_customer']));
$stmt->closeCursor();
}
if (isset($_SESSION['id_customer']) && isset($_POST["firstname"]) && isset($_POST["lastname"]) && isset($_POST["card_type"]) && isset($_POST["card_number"]) && isset($_POST["cryptogram"]) && isset($_POST["expiring_date"])) {
$stmt = $conn->prepare("UPDATE gc_cards SET firstname_customer=:r_firstname_card, lastname_customer=:r_lastname_card, \n\t\tcard_type=:r_card_type, card_number=:r_card_number, cryptogram=:r_cryptogram, expiring_date=:r_expiring_date\n\t\tWHERE id_customer=:r_customer");
$stmt->execute(array('r_firstname_card' => ucfirst(strtolower($_POST['firstname'])), 'r_lastname_card' => ucfirst(strtolower($_POST['lastname'])), 'r_card_type' => $_POST['card_type'], 'r_card_number' => $_POST['card_number'], 'r_cryptogram' => $_POST['cryptogram'], 'r_expiring_date' => $_POST['expiring_date'], 'r_customer' => $_SESSION['id_customer']));
$stmt->closeCursor();
}
header('Location: ../view/account.php');
<?php
include "../controller/headers.php";
$conn = db_connect(_DB_SERVER_, _DB_USER_, _DB_PASSWD_, _DB_NAME_);
if (is_Not_Null($_POST["lastname"]) && valid_name($_POST["lastname"]) && is_Not_Null($_POST["firstname"]) && valid_name($_POST["firstname"]) && is_Not_Null($_POST["birthday"]) && valid_birthday($_POST["birthday"]) && is_Not_Null($_POST["phone"]) && valid_phone($_POST["phone"]) && is_Not_Null($_POST["address"]) && valid_address($_POST["address"]) && is_Not_Null($_POST["postal"]) && valid_postal($_POST["postal"]) && is_Not_Null($_POST["city"]) && valid_name($_POST["city"]) && is_Not_Null($_POST["email"]) && valid_mail($_POST["email"]) && is_Not_Null($_POST["pwd"]) && is_Not_Null($_POST["pwd2"]) && valid_pwd($_POST["pwd"], $_POST["pwd2"])) {
$stmt3 = $conn->prepare("SELECT mail FROM gc_customers WHERE mail = :r_mail");
$stmt3->execute(array('r_mail' => $_POST['email']));
if ($stmt3->fetch() == false) {
$stmt = $conn->prepare("INSERT INTO gc_customers (firstname_customer, lastname_customer, birthday, mail, \n\t\t\tphone, pwd, address ,delivery_address, shipping_address, postal_code, city, delivery_postal_code, delivery_city, shipping_postal_code, \n\t\t\tshipping_city) VALUES(:r_firstname, :r_lastname, :r_birthday, :r_mail, :r_phone, :r_pwd, :r_address, :r_address, :r_address, :r_postal, \n\t\t\t:r_city, :r_postal, :r_city, :r_postal, :r_city)");
$stmt->execute(array('r_lastname' => ucfirst(strtolower($_POST["lastname"])), 'r_firstname' => ucfirst(strtolower($_POST["firstname"])), 'r_birthday' => $_POST["birthday"], 'r_phone' => $_POST["phone"], 'r_address' => $_POST["address"], 'r_postal' => $_POST["postal"], 'r_city' => $_POST["city"], 'r_mail' => $_POST['email'], 'r_pwd' => md5($_POST['pwd'])));
$stmt->closeCursor();
$stmt = $conn->prepare("SELECT id_customer, firstname_customer FROM gc_customers WHERE mail = :r_mail");
$stmt->execute(array('r_mail' => $_POST['email']));
$res = $stmt->fetch();
$stmt2 = $conn->prepare("INSERT INTO gc_cards (firstname_customer, lastname_customer, card_type, id_customer) \n\t\t\t\t\tVALUES('','','',:r_customer)");
$stmt2->execute(array('r_customer' => $res['id_customer']));
$_SESSION['id_customer'] = $res['id_customer'];
$_SESSION['firstname_customer'] = $res['firstname_customer'];
header('Location: ../view/index.php');
$stmt2->closeCursor();
$stmt->closeCursor();
} else {
echo '<script>alert("' . utf8_decode("Ce compte existe déja!") . '")</script>';
header('Refresh: 0; URL=../view/login.php');
}
} else {
header('Location: ../view/login.php');
}