function submit()
{
$opt = make_safe($_POST["week"]);
$monday = get_monday(get_week($opt));
$method = make_safe($_POST['method']);
$Name = $_SESSION['Name'];
$team = make_safe($_POST["team"]);
sql_con();
$query = "select sum(percent) as Total from week_report where user = '******' and Week='" . $monday . "' and team='" . $team . "'";
$result = mysql_query($query) or die(mysql_error());
$result_arr = mysql_fetch_array($result);
$total = $result_arr['Total'];
if ($total == 100) {
print "Submitting report notification to your manager";
print '<hr><a href="?method=' . $method . '">Back</a>';
email($team);
mysql_close($_SESSION['con']);
exit;
} else {
$_SESSION['err'] = "Sum total of percentage is not 100%";
$_SESSION['total'] = $total;
$method = 1;
}
}
</nav>
</div>
</div>
<div class="inner cover">
<h1 class="cover-heading">Üye Girişi</h1>
<?php
if ($_POST) {
if (isset($_POST["name"])) {
$name = make_safe($_POST["name"]);
}
if (isset($_POST["email"])) {
$email = make_safe($_POST["email"]);
}
if (isset($_POST["password"])) {
$password = make_safe($_POST["password"]);
}
$query = $db->prepare("INSERT INTO uye SET name = ?, email = ?, password = ?");
$insert = $query->execute(array($name, $email, $password));
if ($insert) {
$last_id = $db->lastInsertId();
print '
<div class="alert alert-info alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">
×
</button>
<h4>
Başarılı!
</h4> <strong>İşlem Başarılı!</strong> Buradan <a href="uye-girisi.php">giriş</a> yapabilirsiniz.
</div>';
} else {
else echo "Image Format not accepted!!";
*/
if ($securimage->check($_POST['captcha_code']) == true) {
function make_safe($variable)
{
// function to prevent user from running sql code into form.
$variable = mysql_real_escape_string(trim($variable));
return $variable;
}
$name = make_safe($_POST['name']);
$email = make_safe($_POST['email']);
$phone = make_safe($_POST['phone']);
$date = make_safe($_POST['dob']);
$photoPath = make_safe($photoPath);
$password = rand_string(8);
$_SESSION['Sname'] = $name;
$_SESSION['Semail'] = $email;
$_SESSION['Sphone'] = $phone;
$_SESSION['Sdate'] = $date;
$_SESSION['SphotoPath'] = $photoPath;
$_SESSION['Spassword'] = $password;
$uniqueResult = mysqli_query($con, "SELECT * FROM user_details WHERE email='{$email}'") or die(mysqli_error($con));
if (mysqli_num_rows($uniqueResult) == 0) {
//photo check///////////////////////////////////////
move_uploaded_file($_FILES['uploadPhoto']['name'], "" . $_FILES['uploadPhoto']['tmp_name']);
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["uploadPhoto"]["name"]);
$extension = end($temp);
if (($_FILES["uploadPhoto"]["type"] == "image/gif" || $_FILES["uploadPhoto"]["type"] == "image/jpeg" || $_FILES["uploadPhoto"]["type"] == "image/jpg" || $_FILES["uploadPhoto"]["type"] == "image/png") && in_array($extension, $allowedExts)) {
<li class="active"><a href="new.php">Yeni Oluştur</a></li>
<li><a href="uye-cikis.php">Çıkış Yap</a></li>
</ul>
</nav>
</div>
</div>
<div class="inner cover">
<h1 class="cover-heading">New Todo</h1>
<?php
if ($_POST) {
if (isset($_POST["title"])) {
$title = make_safe($_POST["title"]);
}
if (isset($_POST["content"])) {
$content = make_safe($_POST["content"]);
}
$query = $db->prepare("INSERT INTO list SET title = ?, content = ?, uye_id = ?");
$insert = $query->execute(array($title, $content, $_SESSION["uid"]));
if ($insert) {
$last_id = $db->lastInsertId();
print '
<div class="alert alert-info alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">
×
</button>
<h4>
Başarılı!
</h4> <strong>İşlem Başarılı!</strong> Veritabanına kayıt işlemi gerçekleştirildi.
</div>';
} else {
if (isset($_POST['updateDescription'])) {
$newDescription = make_safe($con, $_POST['newDescription']);
$oldescription = make_safe($con, $_POST['oldDescription']);
if (!empty($newDescription) && $newDescription != '') {
$updateDescriptionFile = "update image set description = '" . $newDescription . "' where id = " . $id . ";";
$result_updateDescription = mysqli_query($con, $updateDescriptionFile);
}
}
if (isset($_POST['loginName']) && isset($_POST['loginPwd'])) {
if (!empty($_POST['loginName']) && $_POST['loginName'] != '' && !empty($_POST['loginPwd']) && $_POST['loginPwd'] != '') {
$check_admin = "select * from admin where admin_id = '" . make_safe($con, $_POST['loginName']) . "' AND password = '******'loginPwd']) . "';";
$result_checkAdmin = mysqli_query($con, $check_admin);
$response = array();
if (mysqli_num_rows($result_checkAdmin) > 0) {
header('Content-type: json/application');
$_SESSION["login"] = make_safe($con, $_POST['loginName']);
$response['url'] = './admin.php';
$response['status'] = 0;
echo json_encode($response);
exit;
} else {
header('Content-type: json/application');
$response['url'] = './login.php';
$response['status'] = 1;
$response['message'] = 'Invalid login or password.';
echo json_encode($response);
exit;
}
}
}
if (isset($_POST['disconnect'])) {
$viewerss = $streams->getElementsByTagName("channel_count");
$viewers[$idREF] = $viewerss->item(0)->nodeValue;
$online[$idREF] = 1;
}
}
unset($streamxml, $streamss, $games, $viewerss, $titles);
sleep(10);
sleep(2);
//dump all the contents into the livestream table
foreach ($sids as $x) {
echo $online[$x];
$m;
mysql_select_db("omgyydatabase", $m);
echo '<br />';
$query = "SELECT * FROM `omgyydatabase`.`livestreams` WHERE id=" . $x . "";
//run the query
$rs = mysql_query($query, $m) or die(mysql_error());
$title[$x] = make_safe($title[$x]);
$game[$x] = make_safe($game[$x]);
//now either insert or update depending on how many rows were returned in $rs
if (mysql_num_rows($rs) == 1) {
//member exists, update.
$query = "UPDATE `omgyydatabase`.`livestreams` SET name='" . $lsname[$x] . "',game='" . $game[$x] . "', online='" . $online[$x] . "', caption='" . $title[$x] . "', viewers='" . $viewers[$x] . "' WHERE id=" . $x . "";
echo $query;
} else {
//member doesn't exist
$query = "INSERT INTO `omgyydatabase`.`livestreams` (id,name,game,online,caption,viewers) VALUES ('" . $x . "','" . $lsname[$x] . "','" . $game[$x] . "','" . $online[$x] . "','" . $title[$x] . "','" . $viewers[$x] . "')";
}
$rs = mysql_query($query, $m);
}
mysql_close($m);
echo 'Email does not exist! Please enter correct email!';
echo "<a href=index.html>Try Again</a>";
}
} else {
if (isset($_POST['user_id']) && isset($_POST['user_name'])) {
function make_safe($variable)
{
// function to prevent user from running sql code into form.
$variable = mysql_real_escape_string(trim($variable));
return $variable;
}
echo $u_id = make_safe($_POST['user_id']);
echo $u_name = make_safe($_POST['user_name']);
echo $u_email = make_safe($_POST['user_email']);
echo $u_pic_url = make_safe($_POST['pic_url']);
echo $u_dob = make_safe($_POST['user_dob']);
$queryFB = "CALL InsertFBValues('{$u_id}','{$u_name}','{$u_email}','{$u_dob}','{$u_pic_url}')";
$resFB = mysqli_query($con, $queryFB) or die(mysqli_error($con));
if ($resFB) {
//connecting again
$con = mysqli_connect('localhost', 'root') or die("cannot connect");
mysqli_select_db($con, 'user_db') or die("cannot select!");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//connection code ends
$displayQuery = "SELECT * FROM user_details WHERE email='{$email}'";
$displayResult = mysqli_query($con, $displayQuery) or die(mysqli_error($con));
$displayArray = mysqli_fetch_array($displayResult);
mysqli_free_result($displayResult);
echo "<header><h1> Your Profile </h1></header> ";
