function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_options = array())
{
global $mysql_set_mode;
if (!empty($db_options['persist'])) {
$connection = @mysql_pconnect($db_server, $db_user, $db_passwd);
} else {
$connection = @mysql_connect($db_server, $db_user, $db_passwd);
}
// Something's wrong, show an error if its fatal (which we assume it is)
if (!$connection) {
if (!empty($db_options['non_fatal'])) {
return null;
} else {
db_fatal_error();
}
}
// Select the database, unless told not to
if (empty($db_options['dont_select_db']) && !@mysql_select_db($db_name, $connection) && empty($db_options['non_fatal'])) {
db_fatal_error();
}
// This makes it possible to have SMF automatically change the sql_mode and autocommit if needed.
if (isset($mysql_set_mode) && $mysql_set_mode === true) {
smf_db_query('SET sql_mode = \'\', AUTOCOMMIT = 1', array(), false);
}
return $connection;
}
function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, $db_options = array())
{
global $smcFunc, $mysql_set_mode;
// Map some database specific functions, only do this once.
if (!isset($smcFunc['db_fetch_assoc']) || $smcFunc['db_fetch_assoc'] != 'mysql_fetch_assoc') {
$smcFunc += array('db_query' => 'smf_db_query', 'db_quote' => 'smf_db_quote', 'db_fetch_assoc' => 'mysql_fetch_assoc', 'db_fetch_row' => 'mysql_fetch_row', 'db_free_result' => 'mysql_free_result', 'db_insert' => 'smf_db_insert', 'db_insert_id' => 'smf_db_insert_id', 'db_num_rows' => 'mysql_num_rows', 'db_data_seek' => 'mysql_data_seek', 'db_num_fields' => 'mysql_num_fields', 'db_escape_string' => 'addslashes', 'db_unescape_string' => 'stripslashes', 'db_server_info' => 'mysql_get_server_info', 'db_affected_rows' => 'smf_db_affected_rows', 'db_transaction' => 'smf_db_transaction', 'db_error' => 'mysql_error', 'db_select_db' => 'mysql_select_db', 'db_title' => 'MySQL', 'db_sybase' => false, 'db_case_sensitive' => false, 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string');
}
if (!empty($db_options['persist'])) {
$connection = @mysql_pconnect($db_server, $db_user, $db_passwd);
} else {
$connection = @mysql_connect($db_server, $db_user, $db_passwd);
}
// Something's wrong, show an error if its fatal (which we assume it is)
if (!$connection) {
if (!empty($db_options['non_fatal'])) {
return null;
} else {
db_fatal_error();
}
}
// Select the database, unless told not to
if (empty($db_options['dont_select_db']) && !@mysql_select_db($db_name, $connection) && empty($db_options['non_fatal'])) {
db_fatal_error();
}
// This makes it possible to have SMF automatically change the sql_mode and autocommit if needed.
if (isset($mysql_set_mode) && $mysql_set_mode === true) {
$smcFunc['db_query']('', 'SET sql_mode = \'\', AUTOCOMMIT = 1', array(), false);
}
return $connection;
}
function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, &$db_prefix, $db_options = array())
{
global $smcFunc, $mysql_set_mode;
// Map some database specific functions, only do this once.
if (!isset($smcFunc['db_fetch_assoc']) || $smcFunc['db_fetch_assoc'] != 'postg_fetch_assoc') {
$smcFunc += array('db_query' => 'smf_db_query', 'db_quote' => 'smf_db_quote', 'db_insert' => 'smf_db_insert', 'db_insert_id' => 'smf_db_insert_id', 'db_fetch_assoc' => 'smf_db_fetch_assoc', 'db_fetch_row' => 'smf_db_fetch_row', 'db_free_result' => 'pg_free_result', 'db_num_rows' => 'pg_num_rows', 'db_data_seek' => 'smf_db_data_seek', 'db_num_fields' => 'pg_num_fields', 'db_escape_string' => 'pg_escape_string', 'db_unescape_string' => 'smf_db_unescape_string', 'db_server_info' => 'smf_db_version', 'db_affected_rows' => 'smf_db_affected_rows', 'db_transaction' => 'smf_db_transaction', 'db_error' => 'pg_last_error', 'db_select_db' => 'smf_db_select_db', 'db_title' => 'PostgreSQL', 'db_sybase' => true, 'db_case_sensitive' => true, 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string');
}
if (!empty($db_options['persist'])) {
$connection = @pg_pconnect('host=' . $db_server . ' dbname=' . $db_name . ' user=\'' . $db_user . '\' password=\'' . $db_passwd . '\'');
} else {
$connection = @pg_connect('host=' . $db_server . ' dbname=' . $db_name . ' user=\'' . $db_user . '\' password=\'' . $db_passwd . '\'');
}
// Something's wrong, show an error if its fatal (which we assume it is)
if (!$connection) {
if (!empty($db_options['non_fatal'])) {
return null;
} else {
db_fatal_error();
}
}
return $connection;
}
function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, $db_options = array())
{
global $smcFunc, $mysql_set_mode, $db_in_transact, $sqlite_error;
// Map some database specific functions, only do this once.
if (!isset($smcFunc['db_fetch_assoc']) || $smcFunc['db_fetch_assoc'] != 'sqlite_fetch_array') {
$smcFunc += array('db_query' => 'smf_db_query', 'db_quote' => 'smf_db_quote', 'db_fetch_assoc' => 'sqlite_fetch_array', 'db_fetch_row' => 'smf_db_fetch_row', 'db_free_result' => 'smf_db_free_result', 'db_insert' => 'smf_db_insert', 'db_insert_id' => 'smf_db_insert_id', 'db_num_rows' => 'sqlite_num_rows', 'db_data_seek' => 'sqlite_seek', 'db_num_fields' => 'sqlite_num_fields', 'db_escape_string' => 'sqlite_escape_string', 'db_unescape_string' => 'smf_db_unescape_string', 'db_server_info' => 'smf_db_libversion', 'db_affected_rows' => 'smf_db_affected_rows', 'db_transaction' => 'smf_db_transaction', 'db_error' => 'smf_db_last_error', 'db_select_db' => '', 'db_title' => 'SQLite', 'db_sybase' => true, 'db_case_sensitive' => true, 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string');
}
if (substr($db_name, -3) != '.db') {
$db_name .= '.db';
}
if (!empty($db_options['persist'])) {
$connection = @sqlite_popen($db_name, 0666, $sqlite_error);
} else {
$connection = @sqlite_open($db_name, 0666, $sqlite_error);
}
// Something's wrong, show an error if its fatal (which we assume it is)
if (!$connection) {
if (!empty($db_options['non_fatal'])) {
return null;
} else {
db_fatal_error();
}
}
$db_in_transact = false;
// This is frankly stupid - stop SQLite returning alias names!
@sqlite_query('PRAGMA short_column_names = 1', $connection);
// Make some user defined functions!
sqlite_create_function($connection, 'unix_timestamp', 'smf_udf_unix_timestamp', 0);
sqlite_create_function($connection, 'inet_aton', 'smf_udf_inet_aton', 1);
sqlite_create_function($connection, 'inet_ntoa', 'smf_udf_inet_ntoa', 1);
sqlite_create_function($connection, 'find_in_set', 'smf_udf_find_in_set', 2);
sqlite_create_function($connection, 'year', 'smf_udf_year', 1);
sqlite_create_function($connection, 'month', 'smf_udf_month', 1);
sqlite_create_function($connection, 'dayofmonth', 'smf_udf_dayofmonth', 1);
sqlite_create_function($connection, 'concat', 'smf_udf_concat');
sqlite_create_function($connection, 'locate', 'smf_udf_locate', 2);
sqlite_create_function($connection, 'regexp', 'smf_udf_regexp', 2);
return $connection;
}
<?php
//Perform a SQL call that to get a list of all faculty who have set appointments in tbl_facAppts.
//The select <option value="uniqname">Full Name</option> is structured here (on the server side)
// and appended to the <select> statement object on the calling client page.
require_once $_SERVER["DOCUMENT_ROOT"] . "/../Support/configStudentVisit.php";
$facLstSQL = <<<SQL
\t\tSELECT *
\t\tFROM vw_facwithappts
\t\tORDER BY lname
SQL;
$facList = $db->query($facLstSQL);
if (!$facList) {
db_fatal_error("facListing query issue", $db->error);
}
while ($items = $facList->fetch_assoc()) {
echo "<option class='facSelect' value='" . $items['uniqname'] . "'>" . $items['fname'] . " " . $items['lname'] . "</option>";
}
$db->close();
echo "{$deptLngName}";
?>
Reference Letter Request Admin Management interface</h1>
<p>These are the current individuals who are permitted to manage the <?php
echo "{$deptLngName}";
?>
Reference Letter Requests Application</p>
</div><!-- #instructions -->
<div id="adminList">
<span id="currAdmins">
<?php
$queryRecord = 'SELECT * FROM SRL_tbl_Admin ORDER BY AdminUniqname ASC';
if (!($result = $db->query($queryRecord))) {
db_fatal_error('data select issue', $db->error, $queryRecord);
exit($user_err_message);
}
while ($row = $result->fetch_array(MYSQLI_ASSOC)) {
$fullname = ldapGleaner($row['AdminUniqname']);
echo '<div class="record" id="record-', $row['id'], '">
<a href="?delete=', $row['id'], '" class="delete"><span style=color:red;font-weight:bold;>X</span></a>
<strong>', $row['AdminUniqname'], '</strong> -- ', $fullname[0], " ", $fullname[1], '</div>';
}
?>
</span>
</div><!-- testing delete -->
<br />
<div id="myAdminForm"><!-- add Admin -->
If you would like to register another Administrator please enter their <b>uniqname</b> here
<input type="text" name="name" />
// output headers so that the file is downloaded rather than displayed
header('Content-Type: text/csv; charset=utf-8');
header('Content-Disposition: attachment; filename="EnglishKudos.csv"');
// create a file pointer connected to the output stream
$output = fopen('php://output', 'w');
// output the column headings
fputcsv($output, array('RecordID', 'Uniqname', 'First Name', 'Last Name', 'Title', 'Type of Kudo', 'Edited By', 'Deleted'));
if ($login_name === "janej" || $login_name === "janesull" || $login_name === "rsmoke" || $login_name === "dporter") {
$sqlSelect = <<<SQL
SELECT
id,
uniqname,
userFname,
userLname,
kudoTitle,
kudoDesc,
kudoType,
edited,
selectedDelete
FROM tbl_kudos
ORDER BY userLname ASC
SQL;
}
if (!($result = $db->query($sqlSelect))) {
db_fatal_error("data select issue", $db->error);
exit;
}
// loop over the rows, outputting them
while ($row = $result->fetch_assoc()) {
fputcsv($output, $row);
}
function loadDatabase()
{
global $db_persist, $db_connection, $db_server, $db_user, $db_passwd;
global $db_type, $db_name, $ssi_db_user, $ssi_db_passwd, $sourcedir, $db_prefix;
// Figure out what type of database we are using.
$db_type = 'mysql';
// Load the file for the database.
require_once $sourcedir . '/lib/Subs-Db-' . $db_type . '.php';
// If we are in SSI try them first, but don't worry if it doesn't work, we have the normal username and password we can use.
if (SMF == 'SSI' && !empty($ssi_db_user) && !empty($ssi_db_passwd)) {
$db_connection = smf_db_initiate($db_server, $db_name, $ssi_db_user, $ssi_db_passwd, array('persist' => $db_persist, 'non_fatal' => true, 'dont_select_db' => true));
}
// Either we aren't in SSI mode, or it failed.
if (empty($db_connection)) {
$db_connection = smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, array('persist' => $db_persist, 'dont_select_db' => SMF == 'SSI'));
}
// Safe guard here, if there isn't a valid connection lets put a stop to it.
if (!$db_connection) {
db_fatal_error();
}
// If in SSI mode fix up the prefix.
if (SMF == 'SSI') {
db_fix_prefix($db_prefix, $db_name);
}
}
function loadArcadeSettings()
{
global $arcSettings, $modSettings, $smcFunc;
if (($arcSettings = cache_get_data('arcSettings', 90)) == null) {
$request = $smcFunc['db_query']('', '
SELECT variable, value
FROM {db_prefix}arcade_settings', array());
$arcSettings = array();
if (!$request) {
db_fatal_error();
}
while ($row = $smcFunc['db_fetch_row']($request)) {
$arcSettings[$row[0]] = $row[1];
}
$smcFunc['db_free_result']($request);
if (!empty($modSettings['cache_enable'])) {
cache_put_data('arcSettings', $arcSettings, 90);
}
}
}
//insert data into database
try {
$sql = "INSERT INTO `tbl_kudos` (`userFname`, `userLname`, `uniqname`, `kudoType`, `kudoTitle`, `kudoDesc`) VALUES ('{$userFname}', '{$userLname}', '{$uniqname}', '{$kudoType}', '{$kudoTitle}', '{$kudoDesc}')";
if ($db->query($sql) === true) {
$_SESSION['userEntry'] = $db->insert_id;
//echo "New record created successfully";
$userFname = "";
$userLname = "";
$kudoType = "";
$kudoTitle = "";
$kudoDesc = "";
unset($_POST["submit"]);
redirect_to("confirm.php");
exit;
} else {
die(db_fatal_error("Database query failed. "));
}
$db->close();
} catch (Exception $e) {
$result[] = $e->getMessage();
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>LSA-<?php
echo "{$pageTitle}";
?>
</title>
<?php
require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/configEnglishContest.php';
require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/basicLib.php';
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$idSent = htmlspecialchars($_POST['delid']);
if ($_SESSION['isAdmin']) {
if ($idSent != 1) {
$sqlDelete = <<<_SQL
DELETE FROM tbl_contestadmin
WHERE id = {$idSent};
_SQL;
if (!($result = $db->query($sqlDelete))) {
db_fatal_error("data delete issue", $db->error, $sqlDelete, $login_name);
exit;
}
echo "Deleted admin ID: " . $idSent;
} else {
echo "nothin doin";
}
} else {
echo "unauthorized";
}
if (isset($_POST["confirmEntry"])) {
//do check related stuff
header("Location: " . "https://webapps.lsa.umich.edu/english/secure/userservices/profile.asp");
exit;
} elseif (isset($_POST["deleteentry"])) {
//preserve entry but mark a cancelled"
$cancelquery = "UPDATE tbl_kudos SET ";
$cancelquery .= "selectedDelete = 'deleted' ";
$cancelquery .= "WHERE id = {$recordID}";
if ($result = $db->query($cancelquery)) {
$db->close();
//sending user to an address outside of this webapp
header("Location: " . "https://webapps.lsa.umich.edu/english/secure/userservices/profile.asp");
exit;
} else {
die(db_fatal_error("Database query failed for cancel. "));
}
} else {
$message = "Please review your information";
$sql = "SELECT * ";
$sql .= "FROM tbl_kudos ";
$sql .= "WHERE id={$recordID}";
$result = $db->query($sql);
if ($result && $result->num_rows > 0) {
// 3. Use returned data (if any)
while ($subject = mysqli_fetch_assoc($result)) {
// output data from each row
?>
<!DOCTYPE html>
<html lang="en">
<head>
}
if (!$stmt->bind_param('issss', $contestsID, $contestOpen, $contestClose, $contestNotes, $login_name)) {
db_fatal_error("Bind parameters failed", "( " . $stmt->errno . " )" . $stmt->error, "EMPTY", $login_name);
exit($user_err_message);
}
if (isset($_POST['insertContest'])) {
$contestsID = $db->real_escape_string(htmlspecialchars($_POST['contestID']));
$contestNotes = $db->real_escape_string(htmlspecialchars($_POST['notes']));
$contestOpen = date("Y-m-d H:i:s", strtotime($_POST['openDate']));
$contestClose = date("Y-m-d H:i:s", strtotime($_POST['closeDate']));
if ($stmt->execute()) {
$_SESSION['flashMessage'] = "Successfully added new contest";
$_POST['insertContest'] = false;
safeRedirect('contestAdmin.php');
} else {
db_fatal_error("Execute failed", "( " . $stmt->errno . " )" . $stmt->error, "EMPTY", $login_name);
exit($user_err_message);
}
} else {
$contestsID = $contestNotes = $contestOpen = $contestClose = null;
$_SESSION['flashMessage'] = "";
$_POST['insertContest'] = false;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>LSA-<?php
echo "{$contestTitle}";
?>
<div id="instructions">
<p>These are the current individuals who are permitted to manage the <?php
echo "{$contestTitle}";
?>
Application</p>
</div><!-- #instructions -->
<div id="adminList">
<span id="currAdmins">
<?php
$sqlAdmSel = <<<SQL
SELECT *
FROM tbl_contestadmin
ORDER BY uniqname
SQL;
if (!($resADM = $db->query($sqlAdmSel))) {
db_fatal_error("data read issue", $db->error, $sqlAdmSel, $login_name);
exit;
}
while ($row = $resADM->fetch_assoc()) {
$fullname = ldapGleaner($row['uniqname']);
echo '<div class="record">
<button type="button" class="btn btn-xs btn-danger btnDelADM" data-delid="' . $row['id'] . '"><span class="glyphicon glyphicon-remove"></span></button>
<strong>' . $row['uniqname'] . '</strong> -- ' . $fullname[0] . " " . $fullname[1] . '</div>';
}
?>
</span>
</div>
<br />
<div id="myAdminForm"><!-- add Admin -->
To add an Administrator please enter their <b>uniqname</b> below:<br>
<input class="form_control" type="text" name="name" /><br>
$_SESSION['stuLname'] = NULL;
$_SESSION['stuID'] = NULL;
unset($_POST['logout']);
$showChkList = false;
redirect_to("index.php");
}
} elseif (isset($_POST['logon'])) {
// form was submitted
$stuVisUsername = htmlentities($_POST['stuVisUsername']);
$umid = htmlentities($_POST['umid']);
$userSQL = "SELECT Fname, Lname, id ";
$userSQL .= "FROM tbl_user ";
$userSQL .= "WHERE password = '******' AND email = '{$stuVisUsername}' ";
$userSQL .= "LIMIT 1";
if (!($resStuDetails = $db->query($userSQL))) {
db_fatal_error("login issue", $db->error);
} else {
if ($resStuDetails->num_rows == 1) {
// successful login
$_SESSION['stuVisUsername'] = $stuVisUsername;
$_SESSION['umid'] = $umid;
while ($items = $resStuDetails->fetch_assoc()) {
$_SESSION['stuFname'] = $items['Fname'];
$_SESSION['stuLname'] = $items['Lname'];
$_SESSION['stuID'] = $items['id'];
}
$resStuDetails->close();
$db->close();
unset($_POST['logon']);
$message = NULL;
redirect_to("php/stuVisChklst.php");
function smf_db_replacement__callback($matches)
{
global $db_callback, $user_info, $db_prefix;
list($values, $connection) = $db_callback;
if (!is_resource($connection)) {
db_fatal_error();
}
if ($matches[1] === 'db_prefix') {
return $db_prefix;
}
if ($matches[1] === 'query_see_board') {
return $user_info['query_see_board'];
}
if ($matches[1] === 'query_wanna_see_board') {
return $user_info['query_wanna_see_board'];
}
if (!isset($matches[2])) {
smf_db_error_backtrace('Invalid value inserted or no type specified.', '', E_USER_ERROR, __FILE__, __LINE__);
}
if (!isset($values[$matches[2]])) {
smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), '', E_USER_ERROR, __FILE__, __LINE__);
}
$replacement = $values[$matches[2]];
switch ($matches[1]) {
case 'int':
if (!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) {
smf_db_error_backtrace('Wrong value type sent to the database. Integer expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
return (string) (int) $replacement;
break;
case 'string':
case 'text':
return sprintf('\'%1$s\'', mysql_real_escape_string($replacement, $connection));
break;
case 'array_int':
if (is_array($replacement)) {
if (empty($replacement)) {
smf_db_error_backtrace('Database error, given array of integer values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
foreach ($replacement as $key => $value) {
if (!is_numeric($value) || (string) $value !== (string) (int) $value) {
smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
$replacement[$key] = (string) (int) $value;
}
return implode(', ', $replacement);
} else {
smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
break;
case 'array_string':
if (is_array($replacement)) {
if (empty($replacement)) {
smf_db_error_backtrace('Database error, given array of string values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
foreach ($replacement as $key => $value) {
$replacement[$key] = sprintf('\'%1$s\'', mysql_real_escape_string($value, $connection));
}
return implode(', ', $replacement);
} else {
smf_db_error_backtrace('Wrong value type sent to the database. Array of strings expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
break;
case 'date':
if (preg_match('~^(\\d{4})-([0-1]?\\d)-([0-3]?\\d)$~', $replacement, $date_matches) === 1) {
return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]);
} else {
smf_db_error_backtrace('Wrong value type sent to the database. Date expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
break;
case 'float':
if (!is_numeric($replacement)) {
smf_db_error_backtrace('Wrong value type sent to the database. Floating point number expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
return (string) (double) $replacement;
break;
case 'identifier':
// Backticks inside identifiers are supported as of MySQL 4.1. We don't need them for SMF.
return '`' . strtr($replacement, array('`' => '', '.' => '')) . '`';
break;
case 'raw':
return $replacement;
break;
default:
smf_db_error_backtrace('Undefined type used in the database query. (' . $matches[1] . ':' . $matches[2] . ')', '', false, __FILE__, __LINE__);
break;
}
}
$cachedir = $boarddir . '/cache';
}
// And important includes.
require_once $sourcedir . '/QueryString.php';
require_once $sourcedir . '/Subs.php';
require_once $sourcedir . '/Errors.php';
require_once $sourcedir . '/Load.php';
require_once $sourcedir . '/Security.php';
require_once $sourcedir . '/Subs-Portal.php';
// Using an pre-PHP 5.1 version?
if (@version_compare(PHP_VERSION, '5.1') == -1) {
require_once $sourcedir . '/Subs-Compat.php';
}
// If $maintenance is set specifically to 2, then we're upgrading or something.
if (!empty($maintenance) && $maintenance == 2) {
db_fatal_error();
}
// Create a variable to store some SMF specific functions in.
$smcFunc = array();
// Initate the database connection and define some database functions to use.
loadDatabase();
// Load the settings from the settings table, and perform operations like optimizing.
reloadSettings();
// Clean the request variables, add slashes, etc.
cleanRequest();
$context = array();
// Seed the random generator.
if (empty($modSettings['rand_seed']) || mt_rand(1, 250) == 69) {
smf_seed_generator();
}
// Before we get carried away, are we doing a scheduled task? If so save CPU cycles by jumping out!
require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/configEnglishContestAdmin.php';
require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/basicLib.php';
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$isAdmin = false;
$_SESSION['isAdmin'] = false;
$sqlSelect = <<<_SQL
SELECT *
FROM tbl_contestadmin
WHERE uniqname = '{$login_name}'
ORDER BY uniqname
_SQL;
if (!($resAdmin = $db->query($sqlSelect))) {
db_fatal_error("data insert issue", $db->error, $sqlSelect, $login_name);
exit;
}
if ($resAdmin->num_rows > 0) {
$isAdmin = true;
$_SESSION['isAdmin'] = true;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>LSA-<?php
echo "{$contestTitle}";
?>
Writing Contests</title>
<?php
$query = "SELECT *\n\t\t\t\t FROM SRL_tbl_refLetter AS Letter\n\t\t\t\t WHERE Letter.refLetter_FKstudent_uniqname = '{$login_name}'";
$return = array();
if (!($ret = $db->query($query))) {
db_fatal_error("data select issue", $db->error, $query);
exit($user_err_message);
}
echo "<table id='userSub'>";
echo '<tr><th>ID</th><th>Institution</th><th>Requested</th><th>Title</th><th align="center">Delete</th></tr>';
while ($letters = mysqli_fetch_assoc($ret)) {
echo '<tr><td><a href= "php/SRL_View.php?id=', $letters["refLetter_id"], '"target="_blank">', $letters["refLetter_id"], '</a></td><td>', $letters["refLetter_institute_name"], '</td><td>', $letters["refLetter_requestDate"], '</td><td>', $letters["refLetter_positionTitle"], '</td><td align="center"><a href= "php/delete_page.php?delid=', $letters["refLetter_id"], '"><span style="color:red;font-weight:bold">X</span></a></td></tr>';
}
echo '</table>';
$db->close();
require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/configEnglishContestAdmin.php';
require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/basicLib.php';
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
//$_SESSION['flashMessage'] = "FLASHER";
$isAdmin = false;
$_SESSION['isAdmin'] = false;
$sqlSelect = <<<_SQL
SELECT *
FROM tbl_contestadmin
WHERE uniqname = '{$login_name}'
ORDER BY uniqname
_SQL;
if (!($resAdmin = $db->query($sqlSelect))) {
db_fatal_error("data read issue", $db->error, $sqlSelect, $login_name);
exit;
}
if ($resAdmin->num_rows > 0) {
$isAdmin = true;
$_SESSION['isAdmin'] = true;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>LSA-<?php
echo "{$contestTitle}";
?>
Writing Contests</title>
function reloadSettings()
{
global $modSettings, $db_prefix, $boarddir, $func, $txt, $db_character_set;
global $mysql_set_mode, $context;
// This makes it possible to have SMF automatically change the sql_mode and autocommit if needed.
if (isset($mysql_set_mode) && $mysql_set_mode === true) {
db_query("SET sql_mode='', AUTOCOMMIT=1", false, false);
}
// Most database systems have not set UTF-8 as their default input charset.
if (isset($db_character_set) && preg_match('~^\\w+$~', $db_character_set) === 1) {
db_query("\n\t\t\tSET NAMES {$db_character_set}", __FILE__, __LINE__);
}
// Try to load it from the cache first; it'll never get cached if the setting is off.
if (($modSettings = cache_get_data('modSettings', 90)) == null) {
$request = db_query("\n\t\t\tSELECT variable, value\n\t\t\tFROM {$db_prefix}settings", false, false);
$modSettings = array();
if (!$request) {
db_fatal_error();
}
while ($row = mysql_fetch_row($request)) {
$modSettings[$row[0]] = $row[1];
}
mysql_free_result($request);
// Do a few things to protect against missing settings or settings with invalid values...
if (empty($modSettings['defaultMaxTopics']) || $modSettings['defaultMaxTopics'] <= 0 || $modSettings['defaultMaxTopics'] > 999) {
$modSettings['defaultMaxTopics'] = 20;
}
if (empty($modSettings['defaultMaxMessages']) || $modSettings['defaultMaxMessages'] <= 0 || $modSettings['defaultMaxMessages'] > 999) {
$modSettings['defaultMaxMessages'] = 15;
}
if (empty($modSettings['defaultMaxMembers']) || $modSettings['defaultMaxMembers'] <= 0 || $modSettings['defaultMaxMembers'] > 999) {
$modSettings['defaultMaxMembers'] = 30;
}
if (!empty($modSettings['cache_enable'])) {
cache_put_data('modSettings', $modSettings, 90);
}
}
// UTF-8 in regular expressions is unsupported on PHP(win) versions < 4.2.3.
$utf8 = (empty($modSettings['global_character_set']) ? $txt['lang_character_set'] : $modSettings['global_character_set']) === 'UTF-8' && (strpos(strtolower(PHP_OS), 'win') === false || @version_compare(PHP_VERSION, '4.2.3') != -1);
// Set a list of common functions.
$ent_list = empty($modSettings['disableEntityCheck']) ? '&(#\\d{1,7}|quot|amp|lt|gt|nbsp);' : '&(#021|quot|amp|lt|gt|nbsp);';
$ent_check = empty($modSettings['disableEntityCheck']) ? array('preg_replace(\'~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~e\', \'$func[\\\'entity_fix\\\'](\\\'\\2\\\')\', ', ')') : array('', '');
// Preg_replace can handle complex characters only for higher PHP versions.
$space_chars = $utf8 ? @version_compare(PHP_VERSION, '4.3.3') != -1 ? '\\x{A0}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}' : pack('C*', 0xc2, 0xa0, 0xe2, 0x80, 0x80) . '-' . pack('C*', 0xe2, 0x80, 0x8f, 0xe2, 0x80, 0x9f, 0xe2, 0x80, 0xaf, 0xe2, 0x80, 0x9f, 0xe3, 0x80, 0x80, 0xef, 0xbb, 0xbf) : '\\xA0';
$func = array('entity_fix' => create_function('$string', '
$num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string;
return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) ? \'\' : \'&#\' . $num . \';\';'), 'substr' => create_function('$string, $start, $length = null', '
global $func;
$ent_arr = preg_split(\'~(&#' . (empty($modSettings['disableEntityCheck']) ? '\\d{1,7}' : '021') . ';|"|&|<|>| |.)~' . ($utf8 ? 'u' : '') . '\', ' . implode('$string', $ent_check) . ', -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
return $length === null ? implode(\'\', array_slice($ent_arr, $start)) : implode(\'\', array_slice($ent_arr, $start, $length));'), 'strlen' => create_function('$string', '
global $func;
return strlen(preg_replace(\'~' . $ent_list . ($utf8 ? '|.~u' : '~') . '\', \'_\', ' . implode('$string', $ent_check) . '));'), 'strpos' => create_function('$haystack, $needle, $offset = 0', '
global $func;
$haystack_arr = preg_split(\'~(&#' . (empty($modSettings['disableEntityCheck']) ? '\\d{1,7}' : '021') . ';|"|&|<|>| |.)~' . ($utf8 ? 'u' : '') . '\', ' . implode('$haystack', $ent_check) . ', -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
$haystack_size = count($haystack_arr);
if (strlen($needle) === 1)
{
$result = array_search($needle, array_slice($haystack_arr, $offset));
return is_int($result) ? $result + $offset : false;
}
else
{
$needle_arr = preg_split(\'~(&#' . (empty($modSettings['disableEntityCheck']) ? '\\d{1,7}' : '021') . ';|"|&|<|>| |.)~' . ($utf8 ? 'u' : '') . '\', ' . implode('$needle', $ent_check) . ', -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
$needle_size = count($needle_arr);
$result = array_search($needle_arr[0], array_slice($haystack_arr, $offset));
while (is_int($result))
{
$offset += $result;
if (array_slice($haystack_arr, $offset, $needle_size) === $needle_arr)
return $offset;
$result = array_search($needle_arr[0], array_slice($haystack_arr, ++$offset));
}
return false;
}'), 'htmlspecialchars' => create_function('$string, $quote_style = ENT_COMPAT, $charset = \'ISO-8859-1\'', '
global $func;
return ' . strtr($ent_check[0], array('&' => '&')) . 'htmlspecialchars($string, $quote_style, ' . ($utf8 ? '\'UTF-8\'' : '$charset') . ')' . $ent_check[1] . ';'), 'htmltrim' => create_function('$string', '
global $func;
return preg_replace(\'~^([ \\t\\n\\r\\x0B\\x00' . $space_chars . ']| )+|([ \\t\\n\\r\\x0B\\x00' . $space_chars . ']| )+$~' . ($utf8 ? 'u' : '') . '\', \'\', ' . implode('$string', $ent_check) . ');'), 'truncate' => create_function('$string, $length', (empty($modSettings['disableEntityCheck']) ? '
global $func;
$string = ' . implode('$string', $ent_check) . ';' : '') . '
preg_match(\'~^(' . $ent_list . '|.){\' . $func[\'strlen\'](substr($string, 0, $length)) . \'}~' . ($utf8 ? 'u' : '') . '\', $string, $matches);
$string = $matches[0];
while (strlen($string) > $length)
$string = preg_replace(\'~(' . $ent_list . '|.)$~' . ($utf8 ? 'u' : '') . '\', \'\', $string);
return $string;'), 'strtolower' => $utf8 ? function_exists('mb_strtolower') ? create_function('$string', '
return mb_strtolower($string, \'UTF-8\');') : create_function('$string', '
global $sourcedir;
require_once($sourcedir . \'/Subs-Charset.php\');
return utf8_strtolower($string);') : 'strtolower', 'strtoupper' => $utf8 ? function_exists('mb_strtoupper') ? create_function('$string', '
return mb_strtoupper($string, \'UTF-8\');') : create_function('$string', '
global $sourcedir;
require_once($sourcedir . \'/Subs-Charset.php\');
return utf8_strtoupper($string);') : 'strtoupper', 'ucfirst' => $utf8 ? create_function('$string', '
global $func;
return $func[\'strtoupper\']($func[\'substr\']($string, 0, 1)) . $func[\'substr\']($string, 1);') : 'ucfirst', 'ucwords' => $utf8 ? function_exists('mb_convert_case') ? create_function('$string', '
return mb_convert_case($string, MB_CASE_TITLE, \'UTF-8\');') : create_function('$string', '
global $func;
$words = preg_split(\'~([\\s\\r\\n\\t]+)~\', $string, -1, PREG_SPLIT_DELIM_CAPTURE);
for ($i = 0, $n = count($words); $i < $n; $i += 2)
$words[$i] = $func[\'ucfirst\']($words[$i]);
return implode(\'\', $words);') : 'ucwords');
// Setting the timezone is a requirement for some functions in PHP >= 5.1.
if (isset($modSettings['default_timezone']) && function_exists('date_default_timezone_set')) {
date_default_timezone_set($modSettings['default_timezone']);
}
// Check the load averages?
if (!empty($modSettings['loadavg_enable'])) {
if (($modSettings['load_average'] = cache_get_data('loadavg', 90)) == null) {
$modSettings['load_average'] = @file_get_contents('/proc/loadavg');
if (!empty($modSettings['load_average']) && preg_match('~^([^ ]+?) ([^ ]+?) ([^ ]+)~', $modSettings['load_average'], $matches) != 0) {
$modSettings['load_average'] = (double) $matches[1];
} elseif (($modSettings['load_average'] = @`uptime`) != null && preg_match('~load average[s]?: (\\d+\\.\\d+), (\\d+\\.\\d+), (\\d+\\.\\d+)~i', $modSettings['load_average'], $matches) != 0) {
$modSettings['load_average'] = (double) $matches[1];
} else {
unset($modSettings['load_average']);
}
if (!empty($modSettings['load_average'])) {
cache_put_data('loadavg', $modSettings['load_average'], 90);
}
}
if (!empty($modSettings['loadavg_forum']) && !empty($modSettings['load_average']) && $modSettings['load_average'] >= $modSettings['loadavg_forum']) {
db_fatal_error(true);
}
}
// Integration is cool.
if (defined('SMF_INTEGRATION_SETTINGS')) {
$modSettings = unserialize(SMF_INTEGRATION_SETTINGS) + $modSettings;
}
if (isset($modSettings['integrate_pre_include']) && file_exists(strtr($modSettings['integrate_pre_include'], array('$boarddir' => $boarddir)))) {
require_once strtr($modSettings['integrate_pre_include'], array('$boarddir' => $boarddir));
}
if (isset($modSettings['integrate_pre_load']) && function_exists($modSettings['integrate_pre_load'])) {
call_user_func($modSettings['integrate_pre_load']);
}
// Is it time again to optimize the database?
if (empty($modSettings['autoOptDatabase']) || $modSettings['autoOptLastOpt'] + $modSettings['autoOptDatabase'] * 3600 * 24 >= time() || SMF == 'SSI') {
return;
}
if (!empty($modSettings['load_average']) && !empty($modSettings['loadavg_auto_opt']) && $modSettings['load_average'] >= $modSettings['loadavg_auto_opt']) {
return;
}
if (!empty($modSettings['autoOptMaxOnline'])) {
$request = db_query("\n\t\t\tSELECT COUNT(*)\n\t\t\tFROM {$db_prefix}log_online", __FILE__, __LINE__);
list($dont_do_it) = mysql_fetch_row($request);
mysql_free_result($request);
if ($dont_do_it > $modSettings['autoOptMaxOnline']) {
return;
}
}
// Handle if things are prefixed with a database name.
if (preg_match('~^`(.+?)`\\.(.+?)$~', $db_prefix, $match) != 0) {
$request = db_query("\n\t\t\tSHOW TABLES\n\t\t\tFROM `" . strtr($match[1], array('`' => '')) . "`\n\t\t\tLIKE '" . str_replace('_', '\\_', $match[2]) . "%'", __FILE__, __LINE__);
} else {
$request = db_query("\n\t\t\tSHOW TABLES\n\t\t\tLIKE '" . str_replace('_', '\\_', $db_prefix) . "%'", __FILE__, __LINE__);
}
$tables = array();
while ($row = mysql_fetch_row($request)) {
$tables[] = $row[0];
}
mysql_free_result($request);
updateSettings(array('autoOptLastOpt' => time()));
// Don't bail if the user does.
ignore_user_abort(true);
// Do them one at a time for locking reasons...
foreach ($tables as $table) {
db_query("\n\t\t\tOPTIMIZE TABLE `{$table}`", __FILE__, __LINE__);
}
}
$stmt = $db->stmt_init();
if (!$stmt->prepare($sql)) {
$error = $stmt->error;
db_fatal_error('stmt prepare error', $error, $sql);
exit($user_err_message);
} else {
$stmt->bind_param('is', $id, $login_name);
// set parameters and execute
$id = (int) trim($_GET['delid']);
$stmt->execute();
?>
<html>
<body>
<div style="width:280px;margin:50px;padding:10px;border-style:ridge;border-width:5px">
You have deleted your request successfully <br />
<a style="color:sienna;margin-left:60px" href='../index.php'>Return to main page</a>
</div><!-- infoBanner -->
</body>
</html>
<?php
}
} catch (Exception $e) {
$error = $e->getMessage();
db_fatal_error('admin delete issue', $error, $sql);
exit($user_err_message);
}
}
if (isset($db)) {
$db->close();
}