<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; $email = sqlEscape($_POST['email']); $the_password = sqlEscape($_POST['password_confirm']); if (strlen($the_password) > 5 && strlen($the_password) < 25 && filter_var($email, FILTER_VALIDATE_EMAIL)) { $password = sqlSelect("SELECT password FROM users WHERE user_id = {$_SESSION['user']['id']};"); if (password_verify($the_password, $password[0]['password'])) { if (sqlAction("UPDATE users SET email = '{$email}' WHERE user_id = {$_SESSION['user']['id']};")) { echo json_encode(array('success' => true)); die; } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { session_start(); if (isset($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && isset($_GET['service_id'])) { if (is_numeric($_SESSION['company']['id']) && is_numeric($_SESSION['me']['id']) && is_numeric($_GET['service_id'])) { require '../../mysql/query.php'; if (sqlAction("INSERT INTO companies_employers_services (employer_id, service_id) VALUES ({$_SESSION['me']['id']}, {$_GET['service_id']});")) { header('Location: ../../company?show=services'); die; } } } }
$update .= "name = CASE id {$update_description_text} END, "; } if ($update_price) { $update .= "price = CASE id {$update_price_text} END, "; } if ($update_time) { $update .= "time = CASE id {$update_time_text} END, "; } if ($update_category) { $update .= "category_id = CASE id {$update_category_text} END, "; } $update = rtrim($update, ', '); $rowsToUpdate = rtrim($rowsToUpdate, ','); $update .= " WHERE id IN ({$rowsToUpdate});"; // echo $update; // die; if (sqlAction($update)) { $success = true; } } } if (empty($newServiceFirstKey["'category'"])) { $noNewServices = true; } if (!$update_description && !$update_price && !$update_time && !$update_category) { $noChangesToExistingServices = true; } if ($success || $noNewServices && $noChangesToExistingServices) { header('Location: ../../company?show=services'); } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (isset($_GET['story']) && is_numeric($_GET['story'])) { session_start(); require '../../../mysql/query.php'; $story = $_GET['story']; $info = sqlSelect("SELECT COUNT(story_writers.user_id) AS num_of_writers, started_by_user FROM story_writers INNER JOIN story ON story_writers.story_id = story.story_id WHERE story_writers.story_id = {$story};"); if ($info[0]['num_of_writers'] > 2 && $info[0]['started_by_user'] == $_SESSION['me']['id']) { if (sqlAction("UPDATE story SET status = 1 WHERE story_id = {$story};")) { echo 1; die; } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { session_start(); require '../../../mysql/query.php'; require '../../../lang/config.php'; if (isset($_SESSION['user']) && isset($_GET['id']) && is_numeric($_GET['id']) && isset($_GET['friend']) && is_numeric($_GET['friend'])) { if (sqlAction("DELETE FROM friends WHERE friend_request_id = {$_GET['id']} AND user_id = {$_GET['friend']} AND friend_user_id = {$_SESSION['user']['id']} AND status = 0 AND sender != {$_SESSION['user']['id']};")) { require '../../../lib/Firebase/url.php'; getFirebase($require = true); $firebase = new Firebase\FirebaseLib($url, $token); $firebaseArray = array('from' => array('user_id' => $_SESSION['user']['id'], 'user_name' => "{$_SESSION['user']['name']}"), 'group' => 'false', 'story' => 'false', 'time' => time(), 'type' => 'rejected_friend_request', 'unread' => 'true'); $firebase->push(usersNewsFeed($_GET['friend']), $firebaseArray); if (isset($_GET['return_to_profile'])) { header("Location: ../../../profile?view={$_GET['friend']}"); } header('Location: ../../../profile?view=friends'); } } }
} if (sqlAction($joinStory)) { $num_of_writers = $writers[0]['num_of_writers'] + 1; $story_writers = sqlSelect("SELECT user_id FROM `story_writers` WHERE story_id = {$story} AND user_id != {$_SESSION['me']['id']};"); $clients = array(); if ($writers[0]['max_writers'] == $num_of_writers) { if (sqlAction("UPDATE story SET status = 1 WHERE story_id = {$story};")) { if ($story_writers) { $news_feed = "INSERT INTO users_news_feed (user_id, type_id, story_id, group_id, writer_id, have_read, date) VALUES"; foreach ($story_writers as $writer) { $news_feed .= " ({$writer['user_id']}, 2, {$story}, null, null, 0, now()), "; array_push($clients, 'private-' . $writer['user_id']); } $news_feed = rtrim($news_feed, ', '); $news_feed .= ';'; if (sqlAction($news_feed)) { $pusher->trigger($clients, 'news', json_encode(array('type' => 'story_began', 'value' => $story))); echo 2; die; } } } } else { foreach ($story_writers as $writer) { array_push($clients, 'private-' . $writer['user_id']); } $pusher->trigger($clients, 'writer_joined_story', json_encode(array('story_id' => $story, 'num_of_writers' => $num_of_writers, 'writer' => $_SESSION['me']))); $pusher->trigger('main_channel', 'writer_joined_story', json_encode(array('story_id' => $story, 'num_of_writers' => $num_of_writers))); echo 1; die; }
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { session_start(); if (isset($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && isset($_GET['service_id'])) { if (is_numeric($_SESSION['company']['id']) && is_numeric($_SESSION['me']['id']) && is_numeric($_GET['service_id'])) { require '../../mysql/query.php'; if (sqlAction("DELETE FROM companies_employers_services WHERE employer_id = {$_SESSION['me']['id']} AND service_id = {$_GET['service_id']};")) { header('Location: ../../company?show=services'); die; } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; if (!is_numeric($_POST['news_id'])) { die; } $news_id = $_POST['news_id']; if (sqlAction("UPDATE users_news_feed SET have_read = 1 WHERE id = {$news_id} AND user_id = {$_SESSION['me']['id']};")) { echo 'have_read'; die; } }
} if ($friend['status'] == 0 && $friend['sender'] != $_SESSION['user']['id']) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"><a href=\"profile?view={$friend['user_id']}\">{$friend['username']}</a> har redan skickat vänförfrågan till dig"); } } } } } if ($_SESSION['errors']) { header('Location: ../../../profile?view=friends'); } if (!$_SESSION['errors']) { require '../../../lib/Firebase/url.php'; getFirebase($require = true); $firebase = new Firebase\FirebaseLib($url, $token); $firebaseArray = array('from' => array('user_id' => $_SESSION['user']['id'], 'user_name' => "{$_SESSION['user']['name']}"), 'group' => 'false', 'story' => 'false', 'time' => time(), 'type' => 'friend_request', 'unread' => 'true'); $friend_request = "INSERT INTO friends (user_id, friend_user_id, status, sender, date) VALUES "; foreach ($users as $friend) { $friend_request .= "({$_SESSION['user']['id']}, {$friend['user_id']}, 0, {$_SESSION['user']['id']}, now()), "; } $friend_request = rtrim($friend_request, ', '); $friend_request .= ';'; foreach ($users as $new_friend) { $firebase->push(usersNewsFeed($new_friend['user_id']), $firebaseArray); } if (sqlAction($friend_request)) { $_SESSION['noty_message'] = array('text' => $translate['noty_message']['friend_request_sent']['text'], 'type' => $translate['noty_message']['friend_request_sent']['type'], 'dismissQueue' => $translate['noty_message']['friend_request_sent']['dismissQueue'], 'layout' => $translate['noty_message']['friend_request_sent']['layout'], 'theme' => $translate['noty_message']['friend_request_sent']['theme'], 'timeout' => $translate['noty_message']['friend_request_sent']['timeout']); header('Location: ../../../profile?view=friends'); } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; $old = sqlEscape($_POST['password']); $new = sqlEscape($_POST['new_password']); $new_repeat = sqlEscape($_POST['password_confirm']); if (strlen($old) > 5 && strlen($old) < 25 && strlen($new) > 5 && strlen($new) < 25 && strlen($new_repeat) > 5 && strlen($new_repeat) < 25 && $new === $new_repeat) { $password = sqlSelect("SELECT password FROM users WHERE user_id = {$_SESSION['user']['id']};"); if (password_verify($old, $password[0]['password'])) { $pass = password_hash($new, PASSWORD_DEFAULT); if (sqlAction("UPDATE users SET password = '******' WHERE user_id = {$_SESSION['user']['id']};")) { echo json_encode(array('success' => true)); die; } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && is_numeric($_SESSION['me']['id']) && is_numeric($_POST['id'])) { require '../../mysql/query.php'; $start = sqlEscape($_POST['start']); if (sqlAction("DELETE FROM bookings WHERE id = {$_POST['id']} AND start = '{$start}';")) { echo 1; die; } else { echo 0; die; } // $times = sqlSelect("SELECT id, booked_at, start, end, invoice, webpay, in_place FROM `bookings` WHERE DATE(`start`) = '{$day}' AND company_id = {$_SESSION['company']['id']} AND employer_id = {$_SESSION['me']['id']};"); // if ($times) // echo json_encode($times); // else // echo 0; // die; } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; if (strlen($_POST['new_password']) < 6) { echo json_encode(array('password_too_short' => true)); die; } if (strlen($_POST['new_password']) > 25) { echo json_encode(array('password_too_long' => true)); die; } $password = sqlEscape($_POST['new_password']); $email = sqlEscape($_POST['email']); $token = sqlEscape($_POST['token']); $getUser = sqlSelect("SELECT user_id FROM users WHERE email = '{$email}' AND reset_password_key = '{$token}';"); if ($getUser) { $newPassword = password_hash($password, PASSWORD_DEFAULT); if (sqlAction("UPDATE users SET password = '******', reset_password_key = null WHERE user_id = {$getUser[0]['user_id']} AND email = '{$email}' AND reset_password_key = '{$token}';")) { echo json_encode(array('success' => true)); die; } } }
$_SESSION['group']['description'] = $description; } header('Location: ../../../groups/new'); } else { $group_id = sqlAction("INSERT INTO groups (name, secret, open, chat_is_public, description, created) VALUES ('{$name}', {$secret}, {$open}, {$chat}, '{$description}', now());", $getLastId = true); $group = sqlSelect("SELECT id, name FROM groups WHERE id = {$group_id};"); if ($group_id) { $group_m = "INSERT INTO group_members (group_id, user_id, admin, joined) VALUES ({$group_id}, {$_SESSION['user']['id']}, 1, now());"; // $group_activity_history = "INSERT INTO groups_activity_history (user_id, group_id) VALUES ({$_SESSION['user']['id']}, {$group_id});"; sqlAction($group_m); // sqlAction($group_activity_history); $group_news_feed = "INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ({$group_id}, {$_SESSION['user']['id']}, 'group_created', 'null', now()), "; if (!empty($group_members)) { $group_invites = "INSERT INTO group_members (group_id, user_id, status, admin, joined) VALUES "; foreach ($users_exists as $user) { $group_invites .= "({$group_id}, {$user['user_id']}, 2, 0, 'null'), "; $group_news_feed .= "({$group_id}, {$_SESSION['user']['id']}, 'invited', '{\"id\":{$user['user_id']}, \"username\":\"{$user['username']}\"}', now()), "; } $group_invites = rtrim($group_invites, ', '); $group_invites .= ';'; sqlAction($group_invites); } $group_news_feed = rtrim($group_news_feed, ', '); $group_news_feed .= ';'; sqlAction($group_news_feed); $_SESSION['noty_message'] = array('text' => $translate['noty_message']['group_created']['text'], 'type' => $translate['noty_message']['group_created']['type'], 'dismissQueue' => $translate['noty_message']['group_created']['dismissQueue'], 'layout' => $translate['noty_message']['group_created']['layout'], 'theme' => $translate['noty_message']['group_created']['theme'], 'timeout' => $translate['noty_message']['group_created']['timeout']); // header('Location: ../../../groups?view=new'); header('Location: ../../../groups/' . $group_id . '/news'); } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../mysql/query.php'; if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_POST['id']) && is_numeric($_POST['id']) && !empty($_POST['timestamp'])) { $timestamp = sqlEscape($_POST['timestamp']); $schedule = sqlSelect("SELECT schedule.id, timestamp, booked, customers.first_name, customers.last_name, customers.mail FROM `schedule` LEFT JOIN customers ON schedule.customer_id = customers.id WHERE schedule.id = {$_POST['id']} AND timestamp = '{$timestamp}' AND company_id = {$_SESSION['company']['id']};"); if ($schedule) { if (sqlAction("DELETE FROM schedule WHERE id = {$_POST['id']} AND timestamp = '{$timestamp}' AND company_id = {$_SESSION['company']['id']};")) { if ($schedule[0]['booked'] == 1) { } else { echo 1; } } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (isset($_GET['story']) && is_numeric($_GET['story'])) { session_start(); require '../../../mysql/query.php'; $story = $_GET['story']; if (sqlAction("DELETE FROM story_writers WHERE story_id = {$story};") && sqlAction("DELETE FROM row WHERE story_id = {$story};")) { if (sqlAction("DELETE FROM story WHERE story_id = {$story};")) { echo 1; die; } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../mysql/query.php'; $data = json_decode($_POST['service']); if (count($data) > 0) { $response = array(); $category_id = 0; if ((int) $data->service_id > 0) { $category_id = (int) $data->service_id; } else { $category_id = sqlAction("INSERT INTO category (name) VALUES ('{$data->service_id}');", true); } if (sqlAction("UPDATE services SET name = '{$data->category}', price = {$data->price}, time = {$data->time}, category_id = {$category_id} WHERE id = {$data->id} AND company_id = {$_SESSION['company']['id']};")) { echo json_encode(array(1, null)); die; } } }
} } // Check if next round // $next_round = sqlSelect("SELECT id FROM `story_writers` WHERE story_id = {$story} AND on_turn = 0 AND `id` IN (SELECT SUM(id + 1) FROM (SELECT id FROM `story_writers` WHERE story_id = {$story} AND on_turn = 1) AS next);"); $nextId = $my_turn[0]['id'] + 1; $next_round = sqlSelect("SELECT id FROM `story_writers` WHERE story_id = {$story} AND on_turn = 0 AND `id` = {$nextId};"); $updateOnTurn = ''; if (!$next_round) { $updateOnTurn = "UPDATE `story_writers` SET `on_turn` = 1, `date` = now() WHERE story_id = {$story} ORDER BY id LIMIT 1;"; } else { // $updateOnTurn = "UPDATE story_writers SET on_turn = 1, date = now() WHERE story_id = {$_POST['story']} AND id = {$my_turn[0]['id']}+1 ORDER BY id DESC;"; $updateOnTurn = "UPDATE story_writers SET on_turn = 1, date = now() WHERE story_id = {$story} AND id = {$my_turn[0]['id']}+1;"; } if (sqlAction($updateOnTurn)) { $on_turn = sqlSelect("SELECT users.user_id, username, type FROM `users` INNER JOIN story_writers ON users.user_id = story_writers.user_id WHERE story_id = {$story} AND on_turn = 1;"); if (sqlAction("INSERT INTO users_news_feed (user_id, type_id, story_id, group_id, writer_id, have_read, date) VALUES ({$on_turn[0]['user_id']}, 1, {$story}, null, null, 0, now());")) { $story_writers = sqlSelect("SELECT user_id FROM `story_writers` WHERE story_id = {$story} AND user_id != {$_SESSION['me']['id']} AND on_turn = 0;"); $clients = array(); foreach ($story_writers as $writer) { if ($writer['user_id'] != $on_turn[0]['user_id']) { array_push($clients, 'private-' . $writer['user_id']); } } $pusher->trigger('private-' . $on_turn[0]['user_id'], 'news', json_encode(array('type' => 'my_turn', 'value' => array('story_id' => $story, 'previous_writer' => $_SESSION['me'], 'words' => $words)))); $pusher->trigger($clients, 'news', json_encode(array('type' => 'next_writer', 'value' => array('story_id' => $story, 'next_writer' => $on_turn)))); echo json_encode(array('success' => true, 'on_turn' => $on_turn, 'story' => $story)); die; } } } }
$text = sqlEscape($_POST['text']); $rounds = sqlEscape($_POST['rounds']); $current_round = 1; $max_writers = 'null'; $nonsensmode = 1; $public = 'null'; $with_group = $groupId; $story = sqlAction("INSERT INTO story (title, rounds, current_round, max_writers, nonsens_mode, join_public, with_group, status, started_by_user, views) VALUES ('{$title}', {$rounds}, {$current_round}, {$max_writers}, {$nonsensmode}, {$public}, {$with_group}, 1, {$_SESSION['me']['id']}, 0);", $getLastId = true); if ($story) { if (sqlAction("INSERT INTO row (user_id, words, story_id, date) VALUES ({$_SESSION['me']['id']}, '{$text}', {$story}, now());")) { $story_writers = "INSERT INTO story_writers (story_id, user_id, on_turn, round, date) VALUES ({$story}, {$_SESSION['me']['id']}, 0, 2, now()), "; $writers = sqlSelect("SELECT user_id FROM group_members WHERE group_id = {$groupId} AND user_id != {$_SESSION['me']['id']};"); $i = 0; foreach ($writers as $writer) { if ($i == 0) { $on_turn = 1; } else { $on_turn = 0; } $story_writers .= "({$story}, {$writer['user_id']}, {$on_turn}, {$current_round}, now()), "; $i++; } $story_writers = rtrim($story_writers, ', '); $story_writers .= ';'; if (sqlAction($story_writers)) { $_SESSION['noty_message'] = array('text' => $translate['noty_message']['new_story_created']['text'], 'type' => $translate['noty_message']['new_story_created']['type'], 'dismissQueue' => $translate['noty_message']['new_story_created']['dismissQueue'], 'layout' => $translate['noty_message']['new_story_created']['layout'], 'theme' => $translate['noty_message']['new_story_created']['theme'], 'timeout' => $translate['noty_message']['new_story_created']['timeout']); header("Location: ../../../write?story={$story}"); } } } }
$end = $end->modify('+1 minute'); echo json_encode(array('timeBooked' => $timeAlreadyBooked, 'start' => $start->format('H:i'), 'end' => $end->format('H:i'))); die; } else { $customer_id = 0; if ($data->customer_id > 0) { // $customer = sqlSelect("SELECT customers.id AS customer_id, person_nr, services.id AS service_id FROM `customers` INNER JOIN services WHERE customers.id = {$data->customer_id} AND customers.person_nr = '{$data->personnr}' AND services.id = {$data->service};"); $customer = sqlSelect("SELECT id FROM `customers` WHERE id = {$data->customer_id} AND person_nr = '{$data->personnr}';"); $customer_id = $customer[0]['id']; } else { $customer_id = sqlAction("INSERT INTO customers (person_nr, first_name, last_name, mail, tel) VALUES ('{$data->personnr}', '{$data->fname}', '{$data->lname}', '{$data->mail}', '{$data->tel}');", true); } if ($customer_id) { $start = $start->modify('-1 minute'); $end = $end->modify('+1 minute'); if (sqlAction("INSERT INTO bookings (booked_at, start, end, invoice, webpay, in_place, company_id, employer_id, service_id, customer_id) VALUES (now(), '{$start->format('Y-m-d H:i:s')}', '{$end->format('Y-m-d H:i:s')}', 0, 0, 0, {$_SESSION['company']['id']}, {$_SESSION['me']['id']}, {$data->service}, {$customer_id});")) { echo 1; die; } } } // echo $end->format('Y-m-d H:i'); // die; // $test = 1; // echo is_float($test); // die; // echo $numOfHours[0]['time']; // die; // echo json_encode($start); // die; // echo json_encode($data);
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { session_start(); require '../../../mysql/query.php'; require '../../../lang/config.php'; if (isset($_SESSION['user']) && isset($_GET['friend']) && is_numeric($_GET['friend'])) { if (sqlAction("INSERT INTO friends (user_id, friend_user_id, status, sender, date) VALUES ({$_SESSION['user']['id']}, {$_GET['friend']}, 0, {$_SESSION['user']['id']}, now());")) { require '../../../lib/Firebase/url.php'; getFirebase($require = true); $firebase = new Firebase\FirebaseLib($url, $token); $firebaseArray = array('from' => array('user_id' => $_SESSION['user']['id'], 'user_name' => "{$_SESSION['user']['name']}"), 'group' => 'false', 'story' => 'false', 'time' => time(), 'type' => 'friend_request', 'unread' => 'true'); $firebase->push(usersNewsFeed($_GET['friend']), $firebaseArray); if (isset($_GET['return_to_profile'])) { header("Location: ../../../profile?view={$_GET['friend']}"); } header('Location: ../../../profile?view=friends'); } } }
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> {$member['username']} är redan inbjuden"); } if ($member['status'] == 3) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> {$member['username']} önskar redan om att få gå med i gruppen"); } } header("Location: ../../../groups/{$group_id}/invite"); } } } if (!$_SESSION['errors']) { // $group_invites = "INSERT INTO group_invites (group_id, user_id, sent_by, status, sent) VALUES "; $group_news_feed = "INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES "; $invite = "INSERT INTO group_members (group_id, user_id, status, admin, joined) VALUES "; foreach ($users_exists as $user) { // $group_invites .= "({$group_id}, {$user['user_id']}, '{\"id\":{$_SESSION['user']['id']}, \"username\":\"{$_SESSION['user']['name']}\"}', 0, now()), "; $group_news_feed .= "({$group_id}, {$_SESSION['user']['id']}, 'invited', '{\"id\":{$user['user_id']}, \"username\":\"{$user['username']}\"}', now()), "; $invite .= "({$group_id}, {$user['user_id']}, 2, 0, null), "; } // $group_invites = rtrim($group_invites, ', '); $group_news_feed = rtrim($group_news_feed, ', '); $invite = rtrim($invite, ', '); // $group_invites .= ';'; $group_news_feed .= ';'; $invite .= ';'; if (sqlAction($group_news_feed) && sqlAction($invite)) { $_SESSION['noty_message'] = array('text' => $translate['noty_message']['invite_sent']['text'], 'type' => $translate['noty_message']['invite_sent']['type'], 'dismissQueue' => $translate['noty_message']['invite_sent']['dismissQueue'], 'layout' => $translate['noty_message']['invite_sent']['layout'], 'theme' => $translate['noty_message']['invite_sent']['theme'], 'timeout' => $translate['noty_message']['invite_sent']['timeout']); header("Location: ../../../groups/{$group_id}/invite"); } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; if (!isset($_SESSION['user']) && !is_numeric($_POST['group']) && !is_numeric($_POST['memberId'])) { die; } $group_id = $_POST['group']; $memberId = $_POST['memberId']; $group_info = sqlSelect("SELECT admin FROM `group_members` WHERE group_id = {$group_id} AND user_id = {$_SESSION['user']['id']};"); if ($group_info[0]['admin'] != 1) { die; } $member = sqlSelect("SELECT admin FROM group_members WHERE group_id = {$group_id} AND user_id = {$memberId};"); if ($member[0]['admin'] == 1) { $admin = 0; $check = false; } if ($member[0]['admin'] == 0) { $admin = 1; $check = true; } if (sqlAction("UPDATE group_members SET admin = {$admin} WHERE group_id = {$group_id} AND user_id = {$memberId};")) { echo json_encode(array('success' => true, 'check' => $check)); } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (isset($_GET['story']) && is_numeric($_GET['story'])) { session_start(); require '../../../mysql/query.php'; $story = $_GET['story']; if (sqlAction("DELETE FROM story_writers WHERE story_id = {$story} AND user_id = {$_SESSION['me']['id']};")) { echo 1; die; } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; if (isset($_POST['description'])) { $text = sqlEscape($_POST['description']); if (sqlAction("UPDATE users SET personal_text = '{$text}' WHERE user_id = {$_SESSION['user']['id']};")) { echo json_encode(array('success' => true)); die; } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; if (strlen($_POST['user']) < 3) { die; } $user = $_POST['user']; $getUser = sqlSelect("SELECT email, username FROM users WHERE username = '******' OR email = '{$user}';"); if ($getUser) { $token = crypt(md5(time())); $token = str_replace('/', '.', $token); if (sqlAction("UPDATE users SET reset_password_key = '{$token}' WHERE username = '******'username']}';")) { require '../../class.phpmailer.php'; $to = $getUser[0]['email']; $text = '<h1>Lösenord återställning</h1><br /><div>Fortsätt genom att klicka på den <a href="https://greatnonsens.com/login/' . $getUser[0]['email'] . '/' . $token . '">här länken</a>.</div>'; $mail = new PHPMailer(); $mail->CharSet = 'UTF-8'; $mail->setFrom('*****@*****.**', 'Great nonsens'); $mail->addAddress($to, $getUser[0]['username']); $mail->Subject = 'Glömt lösenord'; $mail->Body = $text; $mail->IsHTML(true); if (!$mail->send()) { // echo "Mailer Error: " . $mail->ErrorInfo . '<br />'; // echo '<pre>'.print_r(error_get_last(), true).'</pre>'; } else { echo json_encode(array('success' => true, 'users_mail' => $getUser[0]['email'])); } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; require '../../../lang/config.php'; $group_id = sqlEscape($_POST['group_id']); $group_name = sqlEscape($_POST['group_name']); $group_description = sqlEscape($_POST['group_description']); if (sqlAction("UPDATE groups SET description = '{$group_description}' WHERE id = {$group_id};") && sqlAction("INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ({$group_id}, {$_SESSION['user']['id']}, 'edited_description', 'null', now());")) { // require '../../group_members.php'; // $members = getGroupMembers($group_id); header("Location: ../../../groups/{$group_id}/description"); } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { session_start(); require '../../../mysql/query.php'; if (isset($_SESSION['user'])) { if (isset($_GET['page']) && isset($_GET['id'])) { $groupId = $_GET['id']; $status = $_GET['request']; if ($status != 1 && $status != 3) { die; } if ($status == 1) { $type = 'joined_group'; } else { if ($status == 3) { $type = 'group_invite_request'; } } if (is_numeric($_GET['id'])) { if (sqlAction("INSERT INTO group_members (group_id, user_id, status, admin, joined) VALUES ({$groupId}, {$_SESSION['user']['id']}, {$status}, 0, now());") && sqlAction("INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ({$groupId}, {$_SESSION['user']['id']}, '{$type}', null, now());")) { header("Location: ../../../groups/{$groupId}/members"); } } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../mysql/query.php'; if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_POST['timestamp'])) { $timestamp = sqlEscape($_POST['timestamp']); $insert = sqlAction("INSERT INTO schedule (timestamp, booked, company_id, employer_id) VALUES ('{$timestamp}', 0, {$_SESSION['company']['id']}, {$_SESSION['me']['id']});", true); if (is_numeric($insert)) { echo $insert; } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { session_start(); require '../../../mysql/query.php'; require '../../../lang/config.php'; if (isset($_SESSION['user'])) { if (isset($_GET['view']) && isset($_GET['admin'])) { if (is_numeric($_GET['view']) && is_numeric($_GET['admin'])) { $group_info = sqlSelect("SELECT admin FROM `group_members` WHERE group_id = {$_GET['view']} AND user_id = {$_SESSION['user']['id']};"); if ($group_info[0]['admin'] == 1) { if (sqlAction("UPDATE group_members SET admin = 1 WHERE id = {$_GET['admin']};")) { $member = sqlSelect("SELECT users.user_id, users.username, groups.id, groups.name FROM users INNER JOIN `group_members` INNER JOIN groups ON users.user_id = group_members.user_id AND groups.id = group_members.group_id WHERE group_members.id = {$_GET['admin']};"); if (sqlAction("INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ({$_GET['view']}, {$_SESSION['user']['id']}, 'made_admin', '{\"id\":{$member[0]['user_id']}, \"username\":\"{$member[0]['username']}\"}', now());")) { header("Location: ../../../groups/{$_GET['view']}/members"); } } } } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../mysql/query.php'; $data = json_decode($_POST['services']); if (count($data) > 0) { $insert = "INSERT INTO services (name, price, time, category_id, company_id) VALUES "; foreach ($data as $service) { if ((int) $service->category > 0) { $category_id = $service->category; } else { $category_id = sqlAction("INSERT INTO category (name) VALUES ('{$service->category}');", true); } $insert .= "('{$service->description}', {$service->price}, {$service->time}, {$category_id}, {$_SESSION['company']['id']}), "; } $insert = rtrim($insert, ', '); $insert .= ';'; if (sqlAction($insert)) { echo json_encode(array(1, null)); } else { echo json_encode(array(0, null)); } die; } }