<?php require_once "../includes/db_connect.php"; require_once "../includes/functions.php"; require_once "../includes/session.php"; require_once "utils/question.php"; require_once "utils/user.php"; confirm_logged_in(); if (isset($_POST["submit"])) { $db = new DB_CONNECT(); // get username from the session $username = get_username(); if (check_is_set($_POST)) { if (check_empty($_POST)) { $test_name = $db->mysql_prep($_POST["test_name"]); $start_time = make_sql_date_time($_POST["start_time"], "/"); $end_time = make_sql_date_time($_POST["end_time"], "/"); $event_date = $db->mysql_prep($_POST["event_date"]); $duration = $db->mysql_prep($_POST["duration"]); $query = "UPDATE test SET test_name='{$test_name}', username='******',start_time='{$start_time}',\n end_time='{$end_time}',event_date='{$event_date}',duration='{$duration}' WHERE test_name='{$test_name}' "; $result = $db->query_database($query); if (is_null($result)) { // query failed echo "query failed"; } else { redirect_to("question_list.php?test_name=" . get_test_name()); } } else { echo "empty fields"; } } else {
<?php require_once "/includes/session.php"; require_once "/includes/db_connect.php"; require_once "/includes/functions.php"; $db = new DB_CONNECT(); $message = ""; // check and submit the user request for the access of the page if (isset($_POST["submit"])) { $user_id = trim($db->mysql_prep($_POST["username"])); $password = trim($db->mysql_prep($_POST["password"])); $hashed_password = sha1($password); // for the hashing of the password $queryString = "SELECT * FROM adminUser WHERE username='******' && password='******' "; $result = $db->query_db($queryString); if ($db->number_of_rows($result) > 0) { $_SESSION["username"] = $user_id; redirect_to("firstpage.php"); } else { $message = "Passowrd and Username combination is wrong"; } } ?> <html lang="en" class="no-js"> <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta charset="UTF-8"> <title>DISASTER SAFETY</title> <link rel="stylesheet" type="text/css" href="stylesheets/demo.css"> <link rel="stylesheet" type="text/css" href="stylesheets/style.css"> <link rel="stylesheet" type="text/css" href="stylesheets/animate-custom.css"> </head>
<?php // including the some files require_once "includes/db_connect.php"; require_once "includes/functions.php"; // making the object of DB // response array for the JSON $response = array(); $db = new DB_CONNECT(); if (isset($_POST["member_id"]) && isset($_POST["famliy_id"])) { // removing extra space and sql injections $member_id = trim($db->mysql_prep($_POST["member_id"])); $family_id = trim($db->mysql_prep($_POST["family_id"])); if (is_present($family_id)) { $query_string = "INSERT INTO people (member_id , family_id) VAlUES('{$member_id}' , '{$family_id}')"; $result = $db->query_db($query_string); if ($result) { $response["success"] = 1; $response["message"] = "The family member is added in the list."; } else { $response["success"] = 0; $response["message"] = "The family member is not added in the database "; } } else { $response["success"] = 0; $response["message"] = "The family member is not registered..."; } } else { $response["success"] = 0; $response["message"] = "The contact number and the name is not set"; }
<?php require_once "/includes/session.php"; require_once "/includes/db_connect.php"; require_once "/includes/functions.php"; confirm_logged_in(); $db = new DB_CONNECT(); if (isset($_POST["calamity"]) && isset($_POST["before_cal"]) && isset($_POST["after_cal"]) && isset($_POST["during_cal"])) { $calamity = trim($db->mysql_prep($_POST["calamity"])); $before_cal = trim($db->mysql_prep($_POST["before_cal"])); $after_cal = trim($db->mysql_prep($_POST["after_cal"])); $during_cal = trim($db->mysql_prep($_POST["during_cal"])); if (strlen($calamity) != 0 && strlen($before_cal) && strlen($after_cal) && strlen($during_cal)) { $queryString = "INSERT INTO guidelines ( calamity , during_cal, after_cal , before_cal ) VALUES( '{$calamity}','{$during_cal}','{$after_cal}' ,'{$before_cal}') "; echo $queryString; $result = $db->query_db($queryString); if ($result) { //$_POST["message"] = "Inserted to the database"; redirect_to("guidelines.php?message=Inserted to the database"); } else { echo "Cannot be inserted"; } } else { redirect_to("guidelines.php?message=Cannot be inserted. Some Values are Missing"); } } else { echo "Problem in the post request"; }
<?php require_once "/includes/db_connect.php"; require_once "/includes/functions.php"; require_once "/includes/session.php"; confirm_logged_in(); $db = new DB_CONNECT(); if (isset($_POST["info"]) && isset($_POST["notification"]) && isset($_POST["date"])) { $info = trim($db->mysql_prep($_POST["info"])); $notification = trim($db->mysql_prep($_POST["notification"])); $date = trim($db->mysql_prep($_POST["info"])); $queryString = "INSERT INTO news ( info , date , notification ) VALUES( '{$info}','{$date}' , '{$notification}') "; $result = $db->query_db($queryString); if ($result) { //$_POST["message"] = "Inserted to the database"; redirect_to("newsupdate.php?message=Inserted to the database"); } else { echo "Cannot be inserted"; } } else { echo "Problem in the post request"; }
<?php // including the some files require_once "includes/db_connect.php"; require_once "GCM.php"; // making the object of DB // response array for the JSON $response = array(); $db = new DB_CONNECT(); $gcm = new GCM(); if (isset($_POST["id"]) && isset($_POST["name"]) && isset($_POST["regId"])) { // removing the sql injections and extra space after the text $id = trim($db->mysql_prep($_POST["id"])); $name = trim($db->mysql_prep($_POST["name"])); $regId = trim($db->mysql_prep($_POST["regId"])); // Check if the contact is already there or not // We can reduce two queries to DB but to make it simple i have used 2 queries $query_string = "SELECT * from login where id='{$id}'"; $result = $db->query_db($query_string); if (!($db->number_of_rows($result) > 0)) { // insertion is successfully $query_string = "INSERT INTO login (id,name,gcm_regId) VALUES('{$id}','{$name}','{$regId}')"; $result = $db->query_db($query_string); $response["success"] = 1; $response["message"] = "The user is successfully registered"; $response["status"] = 1; // now do the work of the GCM /*$registatoin_ids = array($regId); $message = array("message" => "You are registered with Disaster Saftey app"); $result = $gcm->send_notification($registatoin_ids, $message);*/ //echo json_encode($response);
<?php require_once "../includes/db_connect.php"; require_once "../includes/functions.php"; require_once "../includes/session.php"; confirm_logged_in(); //var_dump(get_test_name()); if (isset($_GET["message"])) { $message = "The question has been added"; } if (isset($_POST["submit"])) { $db = new DB_CONNECT(); $keys = array("question", "option1", "option2", "option3", "option4", "radio", "marks", "negative_marks"); if (!array_diff($keys, array_keys($_POST)) && check_is_set($_POST)) { $question = $db->mysql_prep($_POST["question"]); $option1 = $db->mysql_prep($_POST["option1"]); $option2 = $db->mysql_prep($_POST["option2"]); $option3 = $db->mysql_prep($_POST["option3"]); $option4 = $db->mysql_prep($_POST["option4"]); $correct_ans = $db->mysql_prep($_POST["radio"]); $marks = $db->mysql_prep($_POST["marks"]); $negative_marks = $db->mysql_prep($_POST["negative_marks"]); $table_name = get_test_name() . "_questions"; $query = "Insert into " . $table_name . " (`question`, `option1`, `option2`, `option3`, `option4`, `correct_ans`, `marks`, `negative_marks`) \n VALUES('{$question}','{$option1}','{$option2}', '{$option3}', '{$option4}', '{$correct_ans}', '{$marks}', '{$negative_marks}')"; if (!is_null($db->query_database($query))) { redirect_to("add_question.php?message=true"); } else { echo "Question cannot be added"; } } else { $message = "Someting was not set";
<?php require_once "/includes/session.php"; require_once "/includes/db_connect.php"; require_once "/includes/functions.php"; confirm_logged_in(); $db = new DB_CONNECT(); if (isset($_POST["latitude"]) && isset($_POST["longitude"]) && isset($_POST["type_of_help"])) { $latitude = trim($db->mysql_prep($_POST["latitude"])); $longitude = trim($db->mysql_prep($_POST["longitude"])); $type_of_help = trim($db->mysql_prep($_POST["type_of_help"])); $queryString = "INSERT INTO help ( longitude , latitude , type_of_help ) VALUES( '{$longitude}','{$latitude}' , '{$type_of_help}') "; $result = $db->query_db($queryString); if ($result) { //$_POST["message"] = "Inserted to the database"; redirect_to("addcoordinates.php?message=Inserted to the database"); } else { echo "Cannot be inserted .Query Failed"; } } else { echo "Problem in the post request"; }
<?php require_once "../includes/db_connect.php"; require_once "../includes/functions.php"; require_once "../includes/session.php"; require_once "utils/question.php"; require_once "utils/user.php"; confirm_logged_in(); if (isset($_POST["submit"])) { $db = new DB_CONNECT(); var_dump($_POST); // get username from the session $username = get_username(); if (check_is_set($_POST)) { if (check_empty($_POST)) { $test_name = $db->mysql_prep($_POST["test_name"]); $start_time = make_sql_date_time($_POST["start_time"], "/"); $end_time = make_sql_date_time($_POST["end_time"], "/"); $event_date = $_POST["event_date"]; $duration = $db->mysql_prep($_POST["duration"]); $query = "Insert into " . TESTS_TABLE . " (username, test_name, start_time, end_time, event_date, duration) " . "values('{$username}', '{$test_name}', '{$start_time}', '{$end_time}','{$event_date}','{$duration}')"; $result = $db->query_database($query); if (is_null($result)) { // query failed echo "query failed"; } else { if (!is_null(Question::create_table($test_name))) { if (!is_null(User::create_table($test_name))) { // create the test folder if (!mkdir("../tests/" . $test_name)) { echo "Unable to create the directory";