function add_homecell()
{
global $info, $errors, $messages;
$data = json_decode(file_get_contents("php://input"));
$hc_name = $data->hc_name;
$desc = $data->description;
//VALIDATE
$lastname = $hc_name == "" ? $errors['homecell_name'] .= "Enter Homecell name<br />" : validateText($hc_name, 'Homecell Name');
$desc = validateMix($desc, 'Description');
if (!empty($errors)) {
$messages['success'] = false;
$messages['errors'] = $errors;
# code...
} else {
try {
global $db_vars, $errors;
$conn = new PDO("mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME, DB_USER, DB_PASS, array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
$str = "INSERT INTO cmishomecell (hcName, hcDescription) VALUES (?, ?)";
$query = $conn->prepare($str);
$query->execute($db_vars);
//echo $query->rowCount();
} catch (PDOexception $e) {
$errors['db'] = $e->getMessage();
}
// if there are no errors, return a message
$messages['success'] = true;
$messages['message'] = 'Homecell has been successfully added!';
}
// return all our data to an AJAX call
echo json_encode($messages);
}
function validateDOB(&$errors, $fieldList, $fieldName, $required = false)
{
if (validateText($errors, $fieldList, $fieldName)) {
$date = DateTime::createFromFormat('Y-m-d', $fieldList[$fieldName]);
if ($date && $date->format('Y-m-d') == $fieldList[$fieldName]) {
return true;
} else {
$errors[$fieldName] = $date->format['Y-m-d'] . ' from ' . $fieldList[$fieldName] . ' is an invalid date of birth';
return false;
}
} else {
if ($required == false) {
unset($errors[$fieldName]);
return true;
} else {
return false;
}
}
}
}
}
# Checks whether the User is logged in and prevents further operations if he/she is not
include "function/modules/mod.login.php";
# Otherwise user-specific settings are loaded
include userdir . "/" . $_SESSION["user"] . "/settings.php";
# If User already has downloaded his/her PIM-Resources, they are stored in a file
# in the User-Dir referenced by the constant "restree"
if (file_exists(restree)) {
include restree;
}
# This code-snippet offers the possibility to view the full tree of resources
# for development purposes
if ($_GET["print_restree"]) {
die(str_replace("\n", "<br />", str_replace(" ", " ", print_r($GLOBALS["restree"], true))));
}
# The called module should be given by POST or GET
# If no module is given, the standard module is taken (see config.php)
define("inc_main", RetrieveVar("module", "0110") != "" ? RetrieveVar("module", "0110") : defaultmodule);
# If this is an ajax-call just start the mainpage without embracing index.html
if (ajax) {
$GLOBALS["stdOUT"] = "~mainpage~" . inc_main . "~/mainpage~";
} else {
$GLOBALS["stdOUT"] = file_get_contents(designroot . "/display/index.html");
}
# Analyse Output for template-Commands
$GLOBALS["stdOUT"] = sourceAnalyze($GLOBALS["stdOUT"], true);
# Validate output (at least better than nothing)
$GLOBALS["stdOUT"] = validateText($GLOBALS["stdOUT"]);
# Flush the results
echo $GLOBALS["stdOUT"];
$db = new Database($host, $userName, $password, $database);
if (!empty($_POST)) {
// CSRF token protection
if ($_POST['token'] === $_SESSION['token']) {
$db = new Database($host, $userName, $password, $database);
$user = str_replace(' ', '_', sanitize($_POST['tfb_name']));
$userPassword = sanitize($_POST['tfb_password']);
if (empty($user) || empty($userPassword)) {
$error = true;
header("Location: ../index.php?login_error=empty");
} else {
if (!validateText($user, 2, 20)) {
$error = true;
header("Location: ../index.php?login_error=user");
} else {
if (!validateText($userPassword, 10, 50)) {
$error = true;
header("Location: ../index.php?login_error=pw");
} else {
if (!$db->userExists($user)) {
$error = true;
header("Location: ../index.php?login_error=nonexistent");
} else {
if (!$db->checkPassword($user, $userPassword)) {
$error = true;
header("Location: ../index.php?login_error=wrongpw");
}
}
}
}
}
?>
</td></tr>
<tr><td></td><td><div align="right"><button class="btn btn-sm btn-primary" type="submit" value=" Send" id="submit" >Save</button></div> <br><?php
ctrl_submit('Save');
?>
</td></tr>
</tbody>
</table>
</form>
<?php
if (isset($_POST['submit'])) {
require 'includes/functions/validate.php';
validateText($errors, $_POST, 'address');
if (!$errors) {
// echo "The number of rooms is *". $_POST['description'].'*';
db_addProperty($_POST['numOfRooms'], $_POST['numberofBaths'], $_POST['numberOfCarParks'], $_POST['defaultRent'], $_POST['defaultPeriod'], $_POST['buyingPrice'], $_POST['address'], $_POST['description'], $_POST['suburb'], $_POST['state'], $_POST['postcode'], $_FILES['userfile']);
header("location: http://{$_SERVER['HTTP_HOST']}/property-Management-application/searchProperties.php");
exit;
}
}
?>
</div>
</div>
</div></div>
</body>
</html>
... tag1=[tagid] ... tag filter 1
... tag2=[tagid] ... tag filter 2
... tag12=0/1 ... tag1-tag2 OR=0, AND=1
Manage terms
***************************************************************/
require_once 'settings.inc.php';
require_once 'connect.inc.php';
require_once 'dbutils.inc.php';
require_once 'utilities.inc.php';
require_once 'simterms.inc.php';
$currentlang = validateLang(processDBParam("filterlang", 'currentlanguage', '', 0));
$currentsort = processDBParam("sort", 'currentwordsort', '1', 1);
$currentpage = processSessParam("page", "currentwordpage", '1', 1);
$currentquery = processSessParam("query", "currentwordquery", '', 0);
$currentstatus = processSessParam("status", "currentwordstatus", '', 0);
$currenttext = validateText(processSessParam("text", "currentwordtext", '', 0));
$currenttag1 = validateTag(processSessParam("tag1", "currentwordtag1", '', 0), $currentlang);
$currenttag2 = validateTag(processSessParam("tag2", "currentwordtag2", '', 0), $currentlang);
$currenttag12 = processSessParam("tag12", "currentwordtag12", '', 0);
$wh_lang = $currentlang != '' ? ' and WoLgID=' . $currentlang : '';
$wh_stat = $currentstatus != '' ? ' and ' . makeStatusCondition('WoStatus', $currentstatus) : '';
$wh_query = convert_string_to_sqlsyntax(str_replace("*", "%", mb_strtolower($currentquery, 'UTF-8')));
$wh_query = $currentquery != '' ? ' and (WoText like ' . $wh_query . ' or WoRomanization like ' . $wh_query . ' or WoTranslation like ' . $wh_query . ')' : '';
if ($currenttag1 == '' && $currenttag2 == '') {
$wh_tag = '';
} else {
if ($currenttag1 != '') {
if ($currenttag1 == -1) {
$wh_tag1 = "group_concat(WtTgID) IS NULL";
} else {
$wh_tag1 = "concat('/',group_concat(WtTgID separator '/'),'/') like '%/" . $currenttag1 . "/%'";
<?php
include 'includes/functions/db.php';
include 'includes/functions/formControls.php';
include 'includes/accountSessions.php';
$errors = array();
$loginId = $_SESSION['idLogin'];
if (isset($_POST['submit'])) {
require 'includes/functions/validate.php';
validateEmail($errors, $_POST, 'email');
validateText($errors, $_POST, 'firstName');
validateText($errors, $_POST, 'lastName');
validateDOB($errors, $_POST, 'DOB');
validateText($errors, $_POST, 'password');
if (!$errors) {
$isMale = NULL;
if (isset($_POST['gender']) && $_POST['gender'] == 'male') {
$isMale = 1;
} else {
$isMale = 0;
}
db_updateOwner($loginId, $_POST['email'], $_POST['password'], $_POST['firstName'], $_POST['lastName'], $_POST['DOB'], $isMale);
header("location: http://{$_SERVER['HTTP_HOST']}/property-Management-application/ownerProfile.php");
exit;
}
}
?>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
function getSetting($key)
{
global $tbpref;
$val = get_first_value('select StValue as value from ' . $tbpref . 'settings where StKey = ' . convert_string_to_sqlsyntax($key));
if (isset($val)) {
$val = trim($val);
if ($key == 'currentlanguage') {
$val = validateLang($val);
}
if ($key == 'currenttext') {
$val = validateText($val);
}
return $val;
} else {
return '';
}
}
$picturePath = saveImageFile("topArticlePicture", "picture/");
//新的置顶图片上传,删除原来图片
if ($currentArticle['type'] == 1) {
deleteFile($currentArticle['picturePath']);
}
}
} else {
//这不是置顶文章,或者这被改为不是置顶文章
//需要删除原先的置顶图片
if ($currentArticle['type'] == 1) {
deleteFile($currentArticle['picturePath']);
}
}
$title = validateText(htmlspecialchars($_POST["title"]));
$author = validateText(htmlspecialchars($_POST["author"]));
$content = validateText($_POST["content"]);
$db->start();
//先删除文件和数据库,然后保存到服务器,避免新上传的同名文件被删除
if (!empty($_FILES['attachmentName']['name'][0])) {
echo "附件有改动" . "<br>";
$aWhere = array('articleId =' => $articleId);
$currentArticleAttachments = $db->select('attachment', '', $aWhere)->results();
// print_r($currentArticleAttachments);
foreach ($currentArticleAttachments as $currentArticleAttachment) {
deleteFile($currentArticleAttachment['path']);
}
$aWhere = array('articleId' => $articleId);
if ($db->delete('attachment', $aWhere)->affectedRows() > 0) {
echo '删除原来附件成功';
}
}
function getEnchantmentDesc($enchantment)
{
if ($enc = getEnchantment($enchantment)) {
return "<a href=?enchant={$enchantment}>" . validateText($enc['description']) . "</a>";
}
return "Enchant {$enchantment}";
}
$posMap = $point['target_map'];
$posX = $point['target_position_x'];
$posY = $point['target_position_y'];
$posZ = $point['target_position_z'];
transformWorldCoordinates($posMap, $posX, $posY, $posZ);
if ($mapId == $posMap and $areaY1 >= $posY and $areaY2 <= $posY and $areaX1 >= $posX and $areaX2 <= $posX) {
$x = ($posX - $areaX1) / ($areaX2 - $areaX1) * 100;
$y = ($posY - $areaY1) / ($areaY2 - $areaY1) * 100;
$mapdata['points'][$i]['id'] = $point['id'];
$mapdata['points'][$i]['x'] = $y;
$mapdata['points'][$i]['y'] = $x;
$mapdata['points'][$i]['image'] = "images/map_points/binder_icon.gif";
$mapdata['points'][$i]['icenterx'] = 8;
$mapdata['points'][$i]['icentery'] = 8;
$mapdata['points'][$i]['href'] = '';
$mapdata['points'][$i]['tooltip'] = validateText($point['name']);
$i++;
}
}
}
// Выбираем лучший масштаб
if ($mapdata['imageX']) {
$bestScale = 768 / $mapdata['imageX'];
if ($bestScale > 0.0 && $bestScale < 0.4) {
$bestScale = 0.25;
} else {
if ($bestScale > 0.4 && $bestScale < 0.62) {
$bestScale = 0.5;
} else {
if ($bestScale > 0.62 && $bestScale < 0.87) {
$bestScale = 0.75;
private function edit()
{
if (empty($_GET['id'])) {
$this->show_all();
} else {
if (empty($_POST)) {
$id_employee = $_GET['id'];
$employee = $this->model->get($id_employee);
if ($employee) {
$section = file_get_contents('Views/Employee/edit.html');
$dicc = array('{id}' => $employee['id_employee'], '{nombre}' => $employee['emp_name'], '{apellido}' => $employee['emp_last_name'], '{RFC}' => $employee['RFC'], '{email}' => $employee['emp_email'], '{telefono}' => $employee['emp_phone'], '{celular}' => $employee['emp_cellpone'], '{direcccion}' => $employee['address'], '{colonia}' => $employee['colony']);
$section = strtr($section, $dicc);
$this->template($section);
} else {
echo 'no existe ese empleado para editarlo';
}
} else {
$id_employee = $_GET['id'];
require_once "Controllers/Validaciones.php";
$name = validateName($_POST['name']);
$last_name = validateName($_POST['last_name']);
$RFC = validateRFC($_POST['RFC']);
$email = validateEmail($_POST['email']);
$phone = $_POST['phone'];
$cellphone = $_POST['cellphone'];
$address = $_POST['address'];
$colony = validateText($_POST['colony']);
$city = $_POST['city'];
$employee = new Employee($name, $last_name, $RFC, $email, $phone, $cellphone, $address, $colony, $city);
$result = $this->model->edit($employee, $id_employee);
if ($result) {
$this->show_message("success", "El empleado se edito correctamente");
} else {
$this->show_message("danger", "No se edito no puede haber duplicados en el correo o el RFC");
}
}
}
}
function validate_contest_submission($post_arr)
{
$errors = array();
if (false == validateText($post_arr['name'])) {
$errors['name'] = 'Please enter a valid name.';
}
if (false == validateEmail($post_arr['email'])) {
$errors['email'] = 'Please enter a valid email.';
}
if (false == validateText($post_arr['entry-textarea'])) {
$errors['entry-textarea'] = 'Please enter a valid reason.';
}
if (false == isset($post_arr['student']) || false == validateStudent($post_arr['student'])) {
$errors['student'] = 'Please choose yes or no.';
}
if ($post_arr['student'] == 'yes' && false == validateText($post_arr['student-id'])) {
$errors['student-id'] = 'Please enter a valid student id.';
}
if (false == isset($post_arr['confirmation'])) {
$errors['confirmation'] = 'Please confirm.';
}
return count($errors) == 0 ? true : $errors;
}
echo "<br/>";*/ $firstame = $_REQUEST['firstname'] == "" ? $errors['firstname'] .= "Enter Firstname<br />" : validateText($_REQUEST['firstname'], 'Firstname'); //$middlename = ($_REQUEST['middlename'] == "") ? "" : validateText($_REQUEST['middlename'], 'Middlename'); $middlename = validateText($_REQUEST['middlename'], 'Middlename'); $lastname = $_REQUEST['lastname'] == "" ? $errors['lastname'] .= "Enter Lastname<br />" : validateText($_REQUEST['lastname'], 'Lastname'); $dob = $_REQUEST['dob'] == "" ? $errors['dob'] .= "Select date of birth<br />" : validateDate($_REQUEST['dob'], 'dob'); $gender = validateSelectOption($_REQUEST['gender'], 'gender'); $marital_status = validateSelectOption($_REQUEST['marital_status'], 'marital status'); //$dob = ($_REQUEST['dob'] == "") ? $errors['dob'] .= "Select date of birth<br />" : validateDate($_REQUEST['dob'], 'dob'); //$age = ($_REQUEST['age'] == "") ? $errors['age'] .= "Enter age<br />" : validateNumber($_REQUEST['age'], 'Age'); $address = $_REQUEST['address'] == "" ? $errors['adress'] .= "Enter adress<br />" : validateMix($_REQUEST['address'], 'Address'); $district = $_REQUEST['district'] == "" ? $errors['district'] .= "Enter district<br />" : validateText($_REQUEST['district'], 'District'); //$phone = validatePhone($_REQUEST['cellphone'], 'cellphone'); array_push($db_vars, $_REQUEST['cellphone']); $email = validateEmail($_REQUEST['email'], 'email'); $occupation = validateText($_REQUEST['occupation'], 'occupation'); // the second column is the label to be displayed on error $homecell = validateSelectOption($_REQUEST['homecell'], 'homecell'); $membership = validateSelectOption($_REQUEST['membership'], 'membership'); $locations = validateSelectOption($_REQUEST['locations'], 'location'); $baptism = validateSelectOption($_REQUEST['baptism'], 'baptism'); $baptism_date = $_REQUEST['baptism_date'] == "" ? $errors['baptism_date'] .= "Select baptism date<br />" : validateDate($_REQUEST['baptism_date'], 'baptism date'); $sunday_class = validateSelectOption($_REQUEST['sunday_class'], 'sunday class'); $channel = validateSelectOption($_REQUEST['channel'], 'channel'); $ministry = validateSelectOption($_REQUEST['ministry'], 'ministry'); // //print_r($db_vars); // } include 'db.php'; // return a response =========================================================== // response if there are errors
private function edit()
{
if (empty($_GET['id'])) {
$this->show_all();
} else {
if (empty($_POST)) {
$id_piece = $_GET['id'];
$piece = $this->model->get($id_piece);
if ($piece) {
$section = file_get_contents('Views/Piece/edit.html');
$dicc = array('{id}' => $piece['id_piece'], '{nombre}' => $piece['piece_name']);
$section = strtr($section, $dicc);
$this->template($section);
} else {
echo 'no existe esa pieza';
}
} else {
$id_piece = $_GET['id'];
require_once "Controllers/Validaciones.php";
$name = validateText($_POST['name']);
$result = $this->model->edit($name, $id_piece);
if ($result) {
$this->show_message("success", "La pieza se edito exitosamente");
} else {
$this->show_message("danger", "No se edito, no puede haber duplicados en el nombre");
}
}
}
}
$user = str_replace(' ', '_', sanitize($_POST['tfb_name']));
$tfbpass1 = sanitize($_POST['tfb_password1']);
$tfbpass2 = sanitize($_POST['tfb_password2']);
$tfbemail1 = sanitize($_POST['tfb_email1']);
$tfbemail2 = sanitize($_POST['tfb_email2']);
$address = sanitize($_POST['address']);
if (empty($user) || empty($tfbpass1) || empty($tfbpass2) || empty($tfbemail1) || empty($tfbemail2) || empty($address)) {
$feedback = "All fields must be filled.";
} else {
if (!validateText($user, 2, 20)) {
$feedback = "The username must be a string of 2-20 characters.";
}
if (!validateText($address, 2, 50)) {
$feedback = "The address must be a string of 2-50 characters.";
}
if (!validateText($tfbemail1, 6, 50)) {
$feedback = "The email must be a string of 6-50 characters.";
}
if (!$feedback) {
if ($tfbemail1 != $tfbemail2) {
$feedback = "The email was not correctly repeated.";
} else {
$pattern = '/^(?=.*\\d)(?=.*?[a-zA-Z])(?=.*?[\\W_]).{10,}$/';
if (preg_match($pattern, $tfbpass1) != 1) {
$feedback = "The password does not meet the requirements.";
} else {
if ($tfbpass1 != $tfbpass2) {
$feedback = "The password was not correctly repeated.";
} else {
$password = password_hash($tfbpass1, PASSWORD_DEFAULT);
$db->createUser($user, $password, $address, $tfbemail1);
