<?php
if (!isset($_SESSION)) {
session_start();
}
if ($content == null) {
echo "To Be coded";
die;
}
if (isset($_SESSION['userID'])) {
$results = DBAccess::getUserByUserID($_SESSION['userID']);
$stuff = "<span style=\"clear:both; float:right\">Welcome, " . $results[0]['FirstName'] . "<a class=\"link\" href=\"../logout.php\">(Logout)</a>";
$stuff .= "</span>";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>SEQAS - <?php
echo $title;
?>
</title>
<link rel="stylesheet" href="../styles/jquery-ui.css" />
<link rel="Stylesheet" type="text/css" href="../styles/mainstyle.css" />
<link rel="Stylesheet" type="text/css" href="../styles/individual.css" />
<script src="../scripts/jquery-1.8.3.js" type="text/javascript"></script>
<script src="../scripts/jquery-ui.js" type="text/javascript"></script>
<script>
$(function() {
<?php
include_once '../scripts/DBAccess.php';
$pictureResult2 = DBAccess::getPictureRange('2012-01-01', '2014-06-01', TRUE);
$rows2 = count($pictureResult2, 0);
if ($rows2 > 6) {
$rows2 = 6;
}
for ($i = 0; $i < $rows2; $i++) {
$member = DBAccess::getUserByUserID($pictureResult2[$i]['UserID']);
echo "<a href=\"/viewImage/" . $pictureResult2[$i]['PictureID'] . "\"><div class=\"pictureBox\">\n\t\t" . $pictureResult2[$i]['PictureName'] . " by " . $member[0]['FirstName'] . " " . $member[0]['LastName'] . "<br />\n\t\t<img src=\"/Images/" . $pictureResult2[$i]['PictureIcon'] . "\" width=144 alt=\"" . $pictureResult2[$i]['PictureName'] . "\"/> <br />\n\t\n\t\t</div></a>\n\t\t";
}
<?php
session_start();
include_once '../scripts/Reports.php';
require './security.php';
include_once '../scripts/DBAccess.php';
include_once '../scripts/simpleimage.php';
include_once '../scripts/GlobalActions.php';
$targetUserID = $_GET['userID'];
$result = DBAccess::getUserByUserID($targetUserID);
$loginResult = DBAccess::getLoginRecordByUserID($targetUserID);
$title = "User Details";
$head = "";
$rows = count($loginResult, 0);
$content = "\n\n\n<div class=\"container2\" style=\" float:left;\">\n<h2>Basic Information</h2>\n<label class=\"formLabel\">First Name</label><label class=\"formField\">" . $result[0]['FirstName'] . "</label>\n<label class=\"formLabel\">Last Name</label><label class=\"formField\">" . $result[0]['LastName'] . "</label>\n<label class=\"formLabel\">User Name</label><label class=\"formField\">" . $result[0]['LoginName'] . "</label>\n<label class=\"formLabel\">Date Joined</label><label class=\"formField\">" . $result[0]['DateAdded'] . "</label>\n<label class=\"formLabel\">Email Address</label><label class=\"formField\">" . $result[0]['EmailAddress'] . "</label>\n<label class=\"formLabel\">Account Active</label><label class=\"formField\">";
if (ord($result[0]['Active']) == 1) {
$content .= "Y";
} else {
$content .= "N";
}
$content .= "</label>\n\n<label class=\"formLabel\">Account Type</label><label class=\"formField\">";
if ($result[0]['Position'] == 1) {
$content .= "Administrator";
} else {
$content .= "User";
}
$content .= "</label>\n\n<button style=\"float:left;clear:left;\" type=\"button\" onclick=\"window.location = './editUser.php?userID=" . $result[0]['UserID'] . "'\">Edit User</button>\n\n\n</div><!--End info div -->\n\n\n\n<div class=\"container2\" >\n<h2 style=\"float:left;clear:left\">Last Logged In</h2>\n<label class=\"formLabel\">Date</label><label class=\"formField\">" . $loginResult[0]['Date'] . "</label>\n<label class=\"formLabel\">Time</label><label class=\"formField\">" . $loginResult[0]['Time'] . "</label>\n<label class=\"formLabel\">IP</label><label class=\"formField\">" . $loginResult[0]['IP'] . "</label>\n<label class=\"formLabel\">Browser</label><label class=\"formField\">" . $loginResult[0]['Browser'] . "</label>\n<label class=\"formLabel\">Times Logged In</label><label class=\"formField\">" . $rows . "</label>\n\n<h2 style=\"float:left;clear:left\">Login History</h2>\n\n<br />\n<table class=\"loginTable\">\n<tr>\n<th>Date</th>\n<th>Time</th>\n<th>IP</th>\n<th>Browser</th>\n</tr>\n";
for ($i = 0; $i < $rows; $i++) {
$content .= "<tr>";
$content .= "<td>" . $loginResult[$i]['Date'] . "</td>";
$content .= "<td>" . $loginResult[$i]['Time'] . "</td>";
$errorTextConfirm = "";
$current = "";
$new = "";
$confirm = "";
$error = false;
$userID = $_SESSION['userID'];
/*
* Checking by the page itself to make submitted values are valid
*/
if ($_POST['Submitted'] != null) {
$current = $_POST['current'];
$new = $_POST['new'];
$confirm = $_POST['confirm'];
$IP = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$details = DBAccess::getUserByUserID($userID);
$response = DBAccess::verifyUser($details[0]['LoginName'], $current, $IP, $browser);
if (strlen($current) == 0) {
$errorTextCurrent = "Please enter your current password";
$errorStyleCurrent = "background-color:#F99;";
$error = true;
} elseif ($response <= 0) {
$error = true;
$errorTextCurrent = "Invalid Password";
$errorStyleCurrent = "background-color:#F99;";
}
if (strlen($new) == 0) {
$errorTextNew = "Please enter a new password";
$errorStyleNew = "background-color:#F99;";
$error = true;
} else {
<?php
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
include_once $root . '/scripts/DBAccess.php';
$page = $_GET['page'];
$title = 'Gallery';
$head = '';
$cutdown = false;
$content = "\n\n\n<h1 class=\"heading\">SEQAS Gallery</h1>";
$classResult = DBAccess::getClassTypes();
$classRows = count($classResult, 0);
for ($i = 0; $i < $classRows; $i++) {
$cutdown = false;
$pictureClassResult = DBAccess::getPictureByClassID($classResult[$i]['ClassID'], FALSE);
$rowsClass = count($pictureClassResult, 0);
for ($j = 0; $j < $rowsClass; $j++) {
$member = DBAccess::getUserByUserID($pictureClassResult[$j]['UserID']);
$content = $content . "<a href=\"/viewImage/" . $pictureClassResult[$j]['PictureID'] . "/\"><div class=\"pictureBox\">\n\t\t" . $pictureClassResult[$j]['PictureName'] . " by " . $member[0]['FirstName'] . " " . $member[0]['LastName'] . "<br />\n\t\t<img src=\"/Images/" . $pictureClassResult[$j]['PictureIcon'] . "\" width=134 alt=\"" . $pictureClassResult[$j]['PictureName'] . "\"/> <br />\t</div></a>\n\t\t";
}
}
require $root . '/template/userTemplate.php';
<?php
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
include_once $root . '/scripts/DBAccess.php';
$imageID = $_GET['imageID'];
if (!is_numeric($imageID)) {
$title = "Images: ";
$content = " ";
require $root . '/template/userTemplate.php';
die;
}
$result = DBAccess::getPictureByPictureID($imageID, TRUE);
$member = NULL;
if ($result[0]['UserID'] != NULL) {
$member = DBAccess::getUserByUserID($result[0]['UserID']);
}
$title = '' . $result[0]['PictureName'];
$head = '<meta name="description" content="' . $result[0]['PictureDescription'] . '">';
$content = "\n\t<h1 class=\"heading\">" . $result[0]['PictureName'] . "</h1>\n\t<div class=\"container2\">";
if ($member != NULL) {
$content .= "<label class=\"formLabel\">Member:</label><label class=\"formField\">" . $member[0]['FirstName'] . " " . $member[0]['LastName'] . "</label>";
}
$content .= "<label class=\"formLabel\">Name:</label><label class=\"formField\">" . $result[0]['PictureName'] . "</label>\n\t<label class=\"formLabel\">Description:</label><label class=\"formField\">" . $result[0]['PictureDescription'] . "</label>\n\t<label class=\"formLabel\">Date:</label><label class=\"formField\">" . date('F, Y', strtotime($result[0]['PictureDate'])) . "</label>\n\n\t<img style=\"padding:50px 0px;display: block;margin-left: auto;margin-right: auto \" src=\"/Images/" . $result[0]['PictureImage'] . "\" alt=\"" . $result[0]['PictureName'] . "\" width=\"800\" />\n\t</div>\n\t\t";
require $root . '/template/userTemplate.php';
?>
if (strlen($password) == 0) {
$errorTextPassword = "******";
$errorStylePassword = "******";
$error = true;
}
/*
* Verify Details
*/
$IP = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$response = DBAccess::verifyUser($userName, $password, $IP, $browser);
if ($response == -1) {
$feedBack = "YOUR ACCOUNT HAS BEEN DISABLED";
} else {
if ($response > 0) {
$details = DBAccess::getUserByUserID($response);
// store session data
$_SESSION['userID'] = $response;
$IP = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
//record login
DBAccess::recordLogin($response, $IP, $browser);
//redirect based on permission
if ($details[0]['Position'] == 1) {
header('Location: /admin/');
} elseif ($details[0]['Position'] == 2) {
header('Location: /');
} else {
header('Location: /index.php');
}
} else {
