function deleteGroup($id) {
$database = connectDatabase();
if ($database == false) {
return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>";
}
@ $result = $database->query("select id
from groups
where id='$id'");
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
}
if (!$result->num_rows) {
return "<p>Grupa o podanym id nie istnieje.</p>";
}
@ $result = $database->query("delete
from groups
where id='$id'");
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
}
return "<p>Grupa została poprawnie usunięta</p>";
}
function addGroup($group) {
// wywołanie funkcji łączącej się z bazą
$database = connectDatabase();
// zwrócenie błędu jeśli nie dostano zasobu bazy
if ($database == false) {
return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>";
}
@ $result = $database->query("select name
from groups
where name='$group'");
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
}
if ($result->num_rows > 0) {
return "<p>Grupa o takiej nazwie już istnieje.</p>";
}
// zapytanie bazy danych o użytkownika
@ $result = $database->query("insert into groups (name) values ('$group')");
// jeśli nie udało się wykonać zapytania
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
} else {
return "<p>Grupa została dodana</p>";
}
$database->close();
}
function setLogin($login) {
$database = connectDatabase();
$indeks = $_SESSION['userIndeks'];
// zwrócenie błędu jeśli nie dostano zasobu bazy
if ($database == false) {
return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>";
}
@ $result = $database->query("select *
from users
where login = '******'");
// jeśli nie udało się wykonać zapytania
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
}
// jeśli nie otrzymano żadnego rezultatu
if ($result->num_rows > 0) {
return "<p>Podany login jest już zarejestrowany. Musisz wybrać inny.</p>";
}
@ $result = $database->query("update users
set login = '******'
where indeks = '$indeks'");
// jeśli nie udało się wykonać zapytania
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
} else {
$_SESSION['userLogin'] = $login;
return "<p>Login został ustawiony poprawnie.</p>";
}
}
/**
* @param $login_form
* @return false | User ログイン失敗時にfalseを返し、成功の場合はUserを返す。
*/
public function login($login_form)
{
$dbh = connectDatabase();
$sql = "select * from users where name = :name and email = :email";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(":name", $login_form['name']);
$stmt->bindParam(":email", $login_form['email']);
$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_CLASS | PDO::FETCH_PROPS_LATE, 'User', array('id', 'name', 'email', 'image_type', 'image', 'created_at', 'login_count'));
return $stmt->fetch();
}
function registerFormSubmitted()
{
require 'include/configGlobals.php';
connectDatabase();
slashAllInputs();
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['email'] | !$_POST['firstName'] | !$_POST['lastName']) {
die('You did not complete all of the required fields');
}
if (!isUsernameValid($_POST['username'])) {
die('Sorry, that username is invalid. Please go back and try again.');
}
// checks if the username is in use
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '******'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username ' . $_POST['username'] . ' is already in use. Please go back and try again.');
}
$emailcheck = $_POST['email'];
$check = mysql_query("SELECT email FROM users WHERE email = '{$emailcheck}'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the email exists it gives an error
if ($check2 != 0) {
die('Sorry, the email ' . $_POST['email'] . ' has already been registered. Please go back and try again.');
}
$tempPassword = rand_string(16);
// here we encrypt the password and add slashes if needed
$hashPassword = md5($tempPassword);
$hashUsername = md5($_POST['username']);
$hash256Password = bin2hex(mhash(MHASH_SHA256, $tempPassword));
$hash256Username = bin2hex(mhash(MHASH_SHA256, $_POST['username']));
$creationDate = date('Y-m-d');
// now we insert it into the database
$insert = "INSERT INTO users (username, pass, sha256_user, sha256_pass, fname, lname, addr1, addr2, city, state, zip, hphone, cphone, email, econtact, econtact_phone, econtact_rel, creation) VALUES (\n '" . $_POST['username'] . "',\n '" . $hashPassword . "',\n\t\t '" . $hash256Username . "',\n\t\t '" . $hash256Password . "',\n '" . $_POST['firstName'] . "',\n '" . $_POST['lastName'] . "',\n '" . $_POST['address1'] . "',\n '" . $_POST['address2'] . "',\n '" . $_POST['city'] . "',\n '" . $_POST['state'] . "',\n '" . $_POST['zipCode'] . "',\n '" . $_POST['homePhone'] . "',\n '" . $_POST['cellPhone'] . "',\n '" . $_POST['email'] . "',\n '" . $_POST['econtact'] . "',\n '" . $_POST['econtactPhone'] . "',\n '" . $_POST['econtactRel'] . "',\n '" . $creationDate . "'\n )";
$add_member = mysql_query($insert);
$to = $_POST['email'];
$from = $email_Administrator;
$subject = 'Registered on ' . $club_Abbr . ' Online Registration Site';
$message = "--{$mime_boundary}\n";
$message .= "Content-Type: text/plain; charset=UTF-8\r\n";
$message .= "Content-Transfer-Encoding: 8bit\r\n";
$message .= 'Thank you for registering on the ' . $club_Abbr . ' Online Registration site.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n";
$message .= "--{$mime_boundary}--\n\n";
if (sendEmail($to, $from, $subject, $message) != false) {
echo "<h1>Registered</h1>\n";
echo "Thank you, you have registered. An email has been sent to " . $to . " \n";
echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n";
echo "When you receive your temporary password you may <a href=\"index.php\">login</a> to continue.\n";
} else {
echo "<h1>Internal Email Error. Please contact administrator at " . $email_Administrator . "</h1>\n";
}
}
/**
* すでに登録されているユーザネームか判定する
* @param $name 判定対象のユーザネーム
* @return bool 登録されているユーザネームの場合、trueを返す
*/
function is_registered($name)
{
$dbh = connectDatabase();
$sql = "SELECT name FROM users WHERE name = :name";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':name', $name);
$stmt->execute();
if ($stmt->fetch()) {
return true;
} else {
return false;
}
}
function changePassword($email, $pass)
{
$hash = hashPassword($pass);
$con = connectDatabase();
while (1) {
$stmt = $con->prepare("CALL changePassword(?,?)");
$stmt->bind_param("ss", $email, $hash);
$stmt->execute();
$stmt->close();
break;
}
$con->close();
}
function updateUserField($email, $value, $procName, &$errMsg = "")
{
$returnVal = true;
$conn = connectDatabase();
$stmt = $conn->prepare("Call {$procName}(?,?)");
$stmt->bind_param("ss", $email, $value);
$stmt->execute();
if ($stmt->errno !== 0) {
$returnVal = false;
}
$errMsg = $stmt->error;
$stmt->close();
closeDatabase($conn);
return $returnVal;
}
function forgotFormSubmitted()
{
require 'include/configGlobals.php';
// Connects to your Database
connectDatabase();
slashAllInputs();
//This makes sure they did not leave any fields blank
if (!$_POST['email']) {
die('You did not complete all of the required fields');
}
// checks if the email is in use
$emailcheck = $_POST['email'];
$check = mysql_query("SELECT username FROM users WHERE email = '{$emailcheck}'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the email doesn't exists it gives an error
if ($check2 == 0) {
die('Sorry, no user with email ' . $emailcheck . ' is registered in the database. Please try again.');
}
while ($info = mysql_fetch_array($check)) {
$usercheck = $info['username'];
}
$tempPassword = rand_string(16);
// here we encrypt the password
$sha256_pass = bin2hex(mhash(MHASH_SHA256, $tempPassword));
// now we insert it into the database
$update_member = mysql_query("UPDATE users SET sha256_pass='******' WHERE username='******'");
$sha256_pass = rand_string(128);
// clear md5 hash
$update_member = mysql_query("UPDATE users SET pass='' WHERE username='******'");
$to = $emailcheck;
$from = $email_Administrator;
$subject = 'Reset Info for ' . $club_Abbr . ' Online Registration Site';
$message = "--{$mime_boundary}\n";
$message .= "Content-Type: text/plain; charset=UTF-8\r\n";
$message .= "Content-Transfer-Encoding: 8bit\r\n";
$message .= 'Your password has been reset on the ' . $club_Abbr . ' Online Registration site at your request.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n";
$message .= "--{$mime_boundary}--\n\n";
sendEmail($to, $from, $subject, $message);
$tempPassword = rand_string(16);
// clear variable data
echoMainHeader();
echo "<h1>Email Sent.</h1>\n";
echo "Thank you, you have registered. An email has been sent to " . $_POST['email'] . " \n";
echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n";
echo "When you receive your temporary password you may <a href=\"" . $http_Logout . "\">login</a> to continue.\n";
echoMainFooter();
}
function logoutUser()
{
header("Content-Type: text/html; charset=utf-8");
logLogout(getCookie('ID'));
if (getCookie('ID')) {
connectDatabase();
slashArray($_COOKIE);
// reset session id
$sessionId = rand_string(32);
$update = "UPDATE users SET session_id='{$sessionId}' WHERE sha256_user='******'ID') . "'";
$result = mysql_query($update);
$sessionId = rand_string(32);
}
//this deletes the cookies
clearCookies();
header("Location: index.php");
}
function getAllRelations()
{
$conn = connectDatabase();
$pEmail = "";
$cEmail = "";
$resultArray = [];
$resultArray['pEmails'] = [];
$resultArray['cEmails'] = [];
$stmt = $conn->prepare("CALL getRelations()");
$stmt->execute();
$stmt->bind_result($pEmail, $cEmail);
while ($stmt->fetch()) {
array_push($resultArray['pEmails'], $pEmail);
array_push($resultArray['cEmails'], $cEmail);
}
return $resultArray;
}
function iduResults($statement)
{
$output = "";
$outputArray = array();
$db = connectDatabase();
if ($db) {
$result = mysql_query($statement);
if (!$result) {
$output .= "ERROR";
$output .= "<br /><font color=red>MySQL No: " . mysql_errno();
$output .= "<br />MySQL Error: " . mysql_error();
$output .= "<br />SQL Statement: " . $statement;
$output .= "<br />MySQL Affected Rows: " . mysql_affected_rows() . "</font><br />";
} else {
$output = mysql_affected_rows();
}
} else {
$output = 'ERROR-No DB Connection';
}
return $output;
}
function changePassword($oldPassword, $newPassword) {
// wywołanie funkcji łączącej się z bazą
$database = connectDatabase();
$email = $_SESSION['userMail'];
// zwrócenie błędu jeśli nie dostano zasobu bazy
if ($database == false) {
return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>";
}
@ $result = $database->query("select mail
from users
where pass = sha1('$oldPassword')");
// jeśli nie udało się wykonać zapytania
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
}
// jeśli nie otrzymano żadnego rezultatu
if ($result->num_rows == 0) {
return "<p>Podane hasło jest błędne.</p>";
}
// zapytanie bazy danych o użytkownika
@ $result = $database->query("update users
set pass = sha1('$newPassword')
where mail = '$email'
and pass=sha1('$oldPassword')");
// jeśli nie udało się wykonać zapytania
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
} else {
return "<p>Hasło zostało poprawnie zmienione.</p>";
}
$database->close();
}
function insertComment()
{
session_start();
$story_id = $_SESSION['story_id'];
$comment_to = htmlspecialchars($_POST["replyCommentTo"]);
$comment_creator = $_SESSION['user_name'];
$comment_content = htmlspecialchars($_POST["commentContent"]);
$connectComment = connectDatabase();
$insertComment = $connectComment->prepare("insert into comment (story_id,comment_creator,comment_to,comment_content) values ( ?, ?, ?, ?)");
if (!$insertComment) {
printf("insert failed: %s\n", $connectComment->connect_errno);
}
$insertComment->bind_param('isss', $story_id, $comment_creator, $comment_to, $comment_content);
$insertComment->execute();
$insertComment->close;
///////new message
$comment_id;
$connect = connectDatabase();
$queryComment = $connect->prepare("select id from comment order by comment_time DESC LIMIT 1");
if (!$queryComment) {
printf("query failed: %s\n", $connect->connect_errno);
}
$queryComment->execute();
$queryComment->bind_result($commentId);
if ($queryComment->fetch()) {
$comment_id = $commentId;
}
$queryComment->close;
//////insert new message
$user_id = $_POST["user_name"];
$connectUnread = connectDatabase();
$insertUnread = $connectUnread->prepare("insert into unread_comment (user_id,comment_id) values (?, ?)");
if (!$insertUnread) {
printf("insert failed: %s\n", $connectUnread->connect_errno);
}
$insertUnread->bind_param('si', $comment_to, $comment_id);
$insertUnread->execute();
$insertUnread->close;
}
<?php
session_start();
include '../functions.php';
$connect = connectDatabase();
//Getting form elements
if (isset($_SESSION['currentCity'])) {
if (isset($_SESSION['userId'])) {
$city = $_SESSION['currentCity'];
// $movie = $_SESSION['movie'];
$theatre = $_SESSION['theatre'];
$numberOfTickets = $_POST['ticketsCount'];
$showId = $_POST['selectedShow'];
$userId = $_SESSION['userId'];
//Procedure call to DB
$query = "CALL insertBookings(?, ?, ?, @booking_id)";
$stmt = $connect->prepare($query);
$stmt->bind_param('iii', $userId, $showId, $numberOfTickets);
$stmt->execute();
$result = $stmt->get_result();
$select = $connect->query('SELECT @booking_id');
$fetched = $select->fetch_assoc();
$id = $fetched['@booking_id'];
header("Location: ../bookinStatus.php");
exit;
} else {
$_SESSION['loginAlert'] = "Please login to book tickets";
header("Location: ../book.php");
exit;
}
}
<h1>Moje rozwiązania</h1>
<?php
$database = connectDatabase();
if (!$database)
{ include('php/database_fail.php'); }
else if (!isset($_SESSION['userId']))
{ loginForm($category, $authStatus); }
else
{
$limitSize = 100;
$result = $database->query("SELECT COUNT(id) AS 'pages' FROM solutions;");
$row = $result->fetch_assoc();
$page_count = intval($row['pages'] / $limitSize);
if ($row['pages'] % $limitSize)
{ $page_count = $page_count + 1; }
if (!empty($_GET["page"]) && is_numeric($_GET["page"]) && $_GET["page"] > 0 && $_GET["page"] <= $page_count)
{
$page = ' LIMIT '.$limitSize.' OFFSET '.(($_GET["page"]-1)*$limitSize);
$actual_page = $_GET["page"];
}
else
{
$page = ' LIMIT '.$limitSize.' OFFSET 0';
$actual_page = 1;
}
$result = $database->query("SELECT solutions.id, solutions.task_id, solutions.make_date, solutions.lang_id,
solutions.points, solutions.error, solutions.error_str, taskList.title AS 'task_title',
languages.language_name AS 'lang_name', languages.compiler_system_name AS 'compiler'
FROM solutions LEFT JOIN taskList ON solutions.task_id = taskList.id
function validateLogon()
{
$userid = $_POST['userid'];
$password = $_POST['password'];
//check if user ID and password are recieved
/*
print "<p>user ID: ".$userid."</p>";
print "<p>password: "******"</p>";
*/
//connect to MySQL database and set $db
$db = connectDatabase();
//check if MySQL connection established
if (!$db) {
print "<p>Unable to Connect to MySQL</p>";
} else {
print "<p>Connected to MySQL</p>";
}
//compile select statement
$sql_statement = "SELECT firstname, lastname, email ";
$sql_statement .= "FROM patron ";
$sql_statement .= "WHERE userid = '" . $userid . "' ";
$sql_statement .= "AND password = '******' ";
//prints out select statement
//print "<p>select statement: ".$sql_statement."</p>";
//run select statement
$result = mysqli_query($db, $sql_statement);
$outputDisplay = "";
$myrowcount = 0;
if (!$result) {
//to be removed
print "<p>SQL statement to check user id and password not run</p>";
$outputDisplay .= "<p style='color: red;'>MySQL No: " . mysqli_errno($db) . "<br>";
$outputDisplay .= "MySQL Error: " . mysqli_error($db) . "<br>";
$outputDisplay .= "<br>SQL: " . $statement . "<br>";
$outputDisplay .= "<br>MySQL Affected Rows: " . mysqli_affected_rows($db) . "</p>";
} else {
//to be removed
print "<p>SQL statement to check user id and password run</p>";
$numresults = mysqli_num_rows($result);
if ($numresults == 0) {
$outputDisplay = "<p>The username and/or password you have entered is invalid<br/>";
$outputDisplay .= "System cannot log you onto the system.</p>";
$outputDisplay .= "<p>GO BACK and try again</p>";
} else {
//gets a single row from resulting table
$row = mysqli_fetch_array($result);
$email = $row['email'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$outputDisplay = "<p>Successful Logon for Patron:</p>";
$outputDisplay .= "<p>Name: " . $firstname . " " . $lastname . "<br/>";
$outputDisplay .= "Email: " . $email . "</p>";
}
}
print $outputDisplay;
}
<?php
error_reporting(E_ALL);
ini_set('display_errors', 'on');
require_once "libPreferences.php";
$pr = new Preferences();
$DBHost = $pr->get('DBHost');
$DBUser = $pr->get('DBUser');
$DBPass = $pr->get('DBPass');
$DBName = $pr->get('DBName');
$prefix = $pr->get('DBPrefix');
$db = connectDatabase($DBHost, $DBUser, $DBPass, $DBName);
$html = "";
for ($i = $_GET['start']; $i < $_GET['end']; $i++) {
$html .= "<h2>Precommit Info for TimeSlot {$i}</h2>\n<br />\n";
$html .= getPrecommitInfoInTimeSlotAsTable($db, $i, $DBName, $prefix);
}
echo $html;
function connectDatabase($DBHost, $DBUser, $DBPass, $DBName)
{
//new connection using mysqli
$db = new mysqli($DBHost, $DBUser, $DBPass, $DBName);
//connection successfull?
if ($db->connect_errno) {
die('Couldnt connect: ' . $db->connect_error);
}
return $db;
}
function queryDatabase($db, $query)
{
//submit query and store result
require_once "includes/twitteroauth/twitteroauth.php";
require_once "includes/config.php";
require_once "includes/bibliohelper.php";
require_once "includes/dbhelper.php";
//Miramos que estén todos los parámetros
if (!empty($_GET['oauth_verifier']) && !empty($_SESSION['oauth_token']) && !empty($_SESSION['oauth_token_secret'])) {
//Hacemos que la conexión sea permanente
$twitteroauth = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
$access_token = $twitteroauth->getAccessToken($_GET['oauth_verifier']);
$user_info = $twitteroauth->get('account/verify_credentials');
if (isset($user_info->error)) {
//Se ha producido un error
header('Location: logout.php');
} else {
//Nos conectamos a la BDD
$db = connectDatabase();
//Miramos si el usuario existe
//Ojo, que no estamos teniendo en cuenta ataques por SQL Injection
$query = mysql_query("SELECT * \n FROM usuario \n WHERE usu_oauth_provider = 'twitter' \n AND usu_oauth_uid = " . $user_info->id, $db);
$result = mysql_fetch_array($query);
if (!$result) {
//Si no existe el usuario, lo insertamos y recuperamos nuestro ID
//No usamos el mysql_insert_id por si acaso
$query = mysql_query("INSERT INTO usuario (usu_oauth_provider, usu_oauth_uid, usu_oauth_nick, usu_oauth_token, usu_oauth_secret,usu_oauth_timestamp) \n VALUES ('twitter', {$user_info->id}, '{$user_info->screen_name}', '{$access_token['oauth_token']}', '{$access_token['oauth_token_secret']}',now())", $db);
$query = mysql_query("SELECT * \n \t\t\t\t\t FROM usuario \n \t\t\t\t\t WHERE usu_oauth_provider = 'twitter'\n \t\t\t\t\t\t AND usu_oauth_uid = " . $user_info->id, $db);
$result = mysql_fetch_array($query);
} else {
//El usuario existe. Hacemos un update de los tokens y de la fecha de login.
//Hemos leído por ahí que los tokens no cambian, así que no sabemos porqué se hace eso.
$query = mysql_query("UPDATE usuario \n \t\t\t\t\t\t SET usu_oauth_token = '{$access_token['oauth_token']}', \n \t\t\t\t\t\t usu_oauth_secret = '{$access_token['oauth_token_secret']}',\n \t\t\t\t\t\t usu_oauth_timestamp = now(),\n \t\t\t\t\t\t usu_oauth_nick = '{$user_info->screen_name}'\n \t\t\t\t\t WHERE usu_id = {$result['usu_id']}", $db);
}
function executeInsert($sql)
{
connectDatabase();
$rows = mysql_query($sql) or die(mysql_error() . printError($sql));
return mysql_insert_id();
}
}
echo "{";
if ($_GET["action"] == "update") {
connectDatabase("usagedata");
getData();
echo ", ";
getMeta();
} else {
if ($_GET["action"] == "headers") {
connectDatabase("usagedata");
getHeaders();
} else {
if ($_GET["action"] == "locations") {
connectDatabase("usagedata");
getLocations();
} else {
if ($_GET["action"] == "delete") {
connectDatabase("usagedata");
deleteRecord();
} else {
connectDatabase("usagedata");
getHeaders();
echo ", ";
getData();
echo ", ";
getMeta();
}
}
}
}
echo "}";
function validateSession()
{
// 3/6/2010 Current Server does not allow for Server side detection. Now using forceSSL() in functions.js
// see function isSSL() above.
if (!isSSL()) {
header("Location: logout.php");
}
slashAllInputs();
connectDatabase();
validateUser();
// if they are not valid, they don't come back from here.
}
function showComment()
{
session_start();
$story_id = $_SESSION['story_id'];
$user_name = $_SESSION['user_name'];
$connectComment = connectDatabase();
$queryComment = $connectComment->prepare("SELECT count(*) FROM comment where story_id=?");
if (!$queryComment) {
printf("Query all story list failed: %s\n", $connectComment->connect_errno);
exit;
}
$queryComment->bind_param('i', $story_id);
$queryComment->execute();
$queryComment->bind_result($num);
$queryComment->fetch();
$queryComment->close();
if ($num != 0) {
$connectComment = connectDatabase();
$queryComment = $connectComment->prepare("SELECT id, comment_to, comment_creator, comment_content, comment_time FROM comment where story_id=?");
if (!$queryComment) {
printf("Query all story list failed: %s\n", $connectComment->connect_errno);
exit;
}
$queryComment->bind_param('i', $story_id);
$queryComment->execute();
$queryComment->bind_result($comment_id, $comment_to, $comment_creator, $comment_content, $comment_time);
echo $story_title;
echo "<table>\n";
while ($queryComment->fetch()) {
echo "<tr>";
printf("<td colspan = 3 ><h4> %s </h4></td>", htmlspecialchars($comment_content));
echo "<tr>";
printf("<td>%s to %s</td> <td>%s</td>", htmlspecialchars($comment_creator), htmlspecialchars($comment_to), htmlspecialchars($comment_time));
echo "<td>";
if (htmlspecialchars($comment_creator) == $user_name) {
echo "<form action = \"editComment.php\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"token\" value=" . htmlspecialchars($_SESSION['token']) . ">";
echo "<input type=\"hidden\" name=\"comment_id\" value = " . htmlspecialchars($comment_id) . ">";
echo "<input type=\"submit\" name=\"editCommentButton\" value=\"Edit\">";
echo "</form>";
echo "<form action = \"deleteComment.php\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"token\" value=" . htmlspecialchars($_SESSION['token']) . ">";
echo "<input type=\"hidden\" name=\"comment_id\" value = " . htmlspecialchars($comment_id) . ">";
echo "<input type=\"submit\" name=\"deleteCommentButton\" value=\"Delete\">";
echo "</form>";
} else {
echo "<form action = \"showStory.php\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"token\" value=" . htmlspecialchars($_SESSION['token']) . ">";
echo "<input type=\"hidden\" name=\"replyCommentTo\" value = " . htmlspecialchars($comment_creator) . ">";
echo "<input type=\"submit\" name=\"replyCommentButton\" value=\"Reply\">";
echo "</form>";
}
echo "</td>";
echo "</tr>";
}
echo "</table>\n";
echo "<p></p>";
}
}
}
} else {
echo "ファイル未選択";
}
$dbh = connectDatabase();
$sql = "insert into image (name, title, file_name, created_at, updated_at) values (:name, :title, :file_name, now(), now())";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(":name", $name);
$stmt->bindParam(":title", $title);
$stmt->bindParam(":file_name", $img_name);
$stmt->execute();
header('Location: index.php');
exit;
}
}
$dbh = connectDatabase();
$sql = "select * from image order by updated_at desc";
$stmt = $dbh->prepare($sql);
$stmt->execute();
$posts = $stmt->fetchAll(PDO::FETCH_ASSOC);
// var_dump($posts);
?>
<!DOCTYPEhtml>
<html>
<head>
<meta charset="utf-8">
<title>会員制掲示板</title>
</head>
<body>
<h1><?php
/**
* @return User
*/
public function createUser()
{
$user_mapper = new UserMapper(connectDatabase());
$user = ["name" => $this->name, "email" => $this->email, "image_type" => $this->image_type, "image_file" => $this->image_file];
return $user_mapper->create($user);
}
function addUser($name, $surname, $email, $acctype, $indeks) {
// wywołanie funkcji łączącej się z bazą
$database = connectDatabase();
$login;
// zwrócenie błędu jeśli nie dostano zasobu bazy
if ($database == false) {
return "<p>Nie udało się połączyć z bazą danych. Spróbuj później.</p>";
}
if ($acctype == "admin") {
$login = $indeks;
@ $result = $database->query("select login
from users
where login='******'");
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
}
if ($result->num_rows > 0) {
return "<p>Podany login jest już zarejestrowany</p>";
}
@ $result = $database->query("select min(indeks)
from users");
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
}
$row = $result->fetch_row();
$indeks = $row[0] - 1;
} else {
@ $result = $database->query("select indeks
from users
where indeks='$indeks'");
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
}
if ($result->num_rows > 0) {
return "<p>Numer indeksu jest już zarejestrowany.</p>";
}
}
@ $result = $database->query("select mail
from users
where mail='$email'");
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
}
if ($result->num_rows > 0) {
return "<p>Adres email jest już zarejestrowany</p>";
}
//$password = $name . $surname;
$zestaw_znakow = 'qwertyuiopasdfghjklzxcvbnm0123456789';
$password = '';
$dlugosc_zestawu = strlen($zestaw_znakow)-1;
for ( $i = 0; $i <= 7; $i++ )
{
$losowy = rand(0, $dlugosc_zestawu);
$password .= $zestaw_znakow{$losowy};
}
//echo $password;
if ($acctype == "admin") {
@ $result = $database->query("insert into users (name, surname, login, pass, mail, indeks) values ('$name', '$surname', '$login', sha1('$password'), '$email', '$indeks')");
} else {
@ $result = $database->query("insert into users (name, surname, pass, mail, indeks) values ('$name', '$surname', sha1('$password'), '$email', '$indeks')");
}
// jeśli nie udało się wykonać zapytania
if ($result == false) {
return "<p>Nie udało się wykonać zapytania. Spróbuj później.</p>";
} else {
$mess1 = "Twoje konto na serwisie spoj-clone jest już aktywne. Dane do pierwszego logowania:\n\nLogin: "******" (numer twojego indeksu)\nHasło: ";
$mess3 = "\n\nNie zapomnij o stworzeniu własnego loginu po pierwszym logowaniu.\n\n--------------------\n".
"Życzymi miłego rozwiązywania\nspoj-clone development team\n";
$headers = 'From: Spoj-Clone_admin@213.184.8.82'."\r\n".'Reply-To: Spoj-Clone_admin@213.184.8.82'."\r\n";
mail($email, 'Witamy na spoj-clone [Dominatrix 2000]!!!', wordwrap($mess1.$login.$mess2.$password.$mess3, 70), $headers);
return "<p>Użytkownik został dodany</p>";
}
$database->close();
}
<?php
include 'qFunctions.php';
$ClientiP = getIP();
$date = getDateYMDHIS();
$conn = connectDatabase("localhost", "root", "password29", "questionnaire");
$numberColumns = getNumberColumn("questionnaire", "general_information", $conn);
registerInTable("general_information", $_POST, $date, $ClientiP, $numberColumns, $conn);
$conn = connectDatabase("localhost", "root", "password29", "questionnaire");
registerInTable("mechanicalpen", $_POST, $date, $ClientiP, $numberColumns, $conn);
disconnectDatabase($conn);
if (!isset($_POST['cpword']) || $_POST['cpword'] == "") {
$nameErr = "Password is required";
} else {
if (!preg_match("/^[a-zA-Z ]*\$/", $_POST['first_name']) || !preg_match("/^[a-zA-Z ]*\$/", $_POST['last_name'])) {
$nameErr = "Only letters and white space allowed";
} else {
$first_name = $_POST["first_name"];
$last_name = $_POST["last_name"];
$email = $_POST["email"];
$phone = $_POST["phone"];
$pword = $_POST["pword"];
$cpword = $_POST["cpword"];
if ($pword != $cpword) {
echo '<font color = "red">Passwords do not match</font><br>';
}
$link = connectDatabase();
$check = checkNewUser($email, $link);
if (FALSE == $check) {
$flag = addNewUser($first_name, $last_name, $email, $phone, $pword, $link);
if (FALSE == $flag) {
echo '<font color = "red">Oops techie issues !!</font><br>';
} else {
echo "<script type='text/javascript'>alert('User " . $email . " was created successfully.');</script>";
closeConn($link);
}
} else {
echo "<script type='text/javascript'>alert('User " . $email . " already registered.');</script>";
}
}
}
}
機能を使用することができます。
勤怠情報とカレンダー部分はPDF,EXCEL出力することが可能です。
作成者 : 鈴木一紘
作成日 : 2015/8/27
=====================================================================================
*/
//セッション使用開始
session_start();
//インクルード
require_once '../lib/mysql.inc';
require_once '../lib/db.inc';
require_once '../lib/util.inc';
require_once 'settingRestTime_model.inc';
//データベース接続
if (!connectDatabase($db)) {
$errmsg = "DB接続エラーが発生しました。";
//エラー画面へ遷移
callErrorPage($errMsg, "logout");
exit;
}
//セッションチェック
if (!isset($_SESSION['userinfo'])) {
//セッション切れの場合、エラー画面に遷移
callErrorPage("セッション切れのためメインメニュー画面を表示できませんでした。再度ログインしてください。", "logout");
exit;
}
//クラスをインスタンス化
$model = new settingRestTime_model();
//画面項目取得
$model->getForm();
function searchFor($procFunc, $keyword, $sort, $by)
{
$email = "";
$firstName = "";
$lastName = "";
$result = [];
$resultArray = array();
$conn = connectDatabase();
$stmt = $conn->prepare($procFunc);
$stmt->bind_param("sss", $keyword, $sort, $by);
$stmt->execute();
$stmt->bind_result($email, $firstName, $lastName);
while ($stmt->fetch()) {
$result['email'] = $email;
$result['firstName'] = $firstName;
$result['lastName'] = $lastName;
array_push($resultArray, $result);
}
closeDatabase($conn);
return $resultArray;
}
