function getPostInput()
{
$guessedCode = testInput($_POST["letter0"]);
while (strlen($guessedCode) < 4) {
$guessedCode = $guessedCode . "?";
}
$guessedCode = substr($guessedCode, 0, 4);
$guessedCode = strtoupper($guessedCode);
return $guessedCode;
}
function validate($postItem, $fName, $regex, $message)
{
var_dump($_POST);
if (empty($_POST[$postItem]) || $_POST[$postItem] == " ") {
$validationPassed = false;
return $fName . " is required";
// If so, error
} else {
$data = testInput($_POST[$postItem]);
if (!preg_match($regex, $data)) {
$validationPassed = false;
return $message;
}
preg_replace("/\\s{2,}/", " ", $_POST[$postItem]);
//replace multiple spaces with a single space
return $data;
}
}
function processCheckIn($rfid)
{
$errors = 0;
$processCheckInMessage = "";
$rfid = testInput($rfid);
$date = date('Y-m-d H:i:s');
if (getMemberInfoByRFID($rfid, 'k.serial')["serial"] != null) {
if (getMemberInfoByRFID($rfid, "c.active")["active"] == 0) {
// check if user is active
if (!createLog(getMemberInfoByRFID($rfid, "c.cid")["cid"], $date)) {
// create a log with the current date
$errors = 1;
$processCheckInMessage .= 'Could not create a new log in the database!';
die;
} else {
if (!updateContactCheckinStatus($date, getMemberInfoByRFID($rfid, "c.cid")["cid"], 1)) {
// update user table, set active to 1 and insert last checkin time
$errors = 1;
$processCheckInMessage .= 'Could not update member status when checking in!';
die;
} else {
$processCheckInMessage .= "Checkin successful!";
}
}
} else {
if (!updateContactCheckinStatus($date, getMemberInfoByRFID($rfid, "c.cid")["cid"], 0)) {
// update user table, set active to 0 and insert last checkout time
$errors = 1;
$processCheckInMessage .= 'Could not update member status when checking out!';
die;
} else {
if (!updateLog(getMemberInfoByRFID($rfid, "c.cid")["cid"], $date, getMemberInfoByRFID($rfid, "c.last_checkin_time")["last_checkin_time"])) {
// close log, insert checkout time (current date time)
$errors = 1;
$processCheckInMessage .= 'Could not close the log for user check out!';
die;
} else {
$processCheckInMessage .= "Checkout successful!";
}
}
}
} else {
$errors = 1;
$processCheckInMessage .= "RFID key not found in the database!";
}
if ($errors == 1) {
$processCheckInMessage = 'ERROR: ' . $processCheckInMessage;
// in case there are errors, add 'ERROR: ' at the beginning of a status message.
$response['hasErrors'] = $errors;
$response['message'] = $processCheckInMessage;
} else {
$response['hasErrors'] = $errors;
$response['message'] = $processCheckInMessage;
$response['firstName'] = getMemberInfoByRFID($rfid, 'c.firstName')["firstName"];
$response['lastName'] = getMemberInfoByRFID($rfid, 'c.lastName')["lastName"];
$response['lastCheckInTime'] = getMemberInfoByRFID($rfid, 'c.last_checkin_time')["last_checkin_time"];
$response['lastCheckOutTime'] = getMemberInfoByRFID($rfid, 'c.last_checkout_time')["last_checkout_time"];
}
return $response;
}
$new_target_file = $target_dir . $new_file_name;
// Check if image file is a actual image or fake image
if (isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if ($check !== false) {
// echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
// echo "File is not an image.";
$uploadOk = 0;
}
}
// define variables and set to empty values
$product_id = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$product_id = testInput($_POST["product_id"]);
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
// echo "Sorry, your file was not uploaded.";
header("Location: admin_product_view.php?id={$product_id}&success=false&command=upload&reason=0");
die;
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $new_target_file)) {
// echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
// echo "Sorry, there was an error uploading your file.";
header("Location: admin_product_view.php?id={$product_id}&success=false&command=upload&reason=1");
die;
}
<?php
require "functions/config.php";
$column = testInput($_GET['column']);
if (!empty($_SESSION)) {
switch ($column) {
case 'explore':
$pageTitle = "发现 - 探索";
$pageRequired = "explore.php";
break;
case 'setting':
$pageTitle = "设置 - 探索";
$pageRequired = "setting.php";
break;
case 'hotaeras':
$pageTitle = "热门地区 - 探索";
$pageRequired = "hotaeras.php";
break;
case 'notifications':
$pageTitle = "消息通知 - 探索";
$pageRequired = "notifications.php";
break;
default:
$pageTitle = "探索";
header("Location:index.php");
break;
}
} else {
header("Location:index.php");
}
require "includes/header.php";
if (empty($_POST["email"])) {
$emailErr = "Email is required";
$validationPassed = false;
} else {
$email = testInput($_POST["email"]);
// check if e-email address syntax is valid
if (!preg_match("/([\\w\\-]+\\@[\\w\\-]+\\.[\\w\\-]+)/", $email)) {
$emailErr = "Invalid email format";
$validationPassed = false;
}
}
if (empty($_POST["password"])) {
$passwordErr = "Password is required";
$validationPassed = false;
} else {
$password = testInput($_POST["password"]);
}
/*if ($validationPassed == true)
{
echo "validation passed :)";
}
else
{
echo "validation didn't pass :(";
}*/
}
include "colourapply.php";
function testInput($data)
{
$data = trim($data);
$data = stripslashes($data);
if (strlen($_POST['location']) < 1) {
$locationError = "Please enter your current location";
} else {
$locationError = "";
$location = testInput($_POST['location']);
}
//Destination error check
if (strlen($_POST['destination']) < 1) {
$destinationError = "Please enter where you want to go";
} else {
$destinationError = "";
$destination = testInput($_POST['destination']);
}
//Comments error check
$commentsError = "";
$comments = testInput($_POST['comments']);
//If errors are clear, send data to the database
if ($eidError == "" & $commentsError == "" & $numInPartyError == "" & $locationError == "" & $destinationError == "" & $phoneNumberError == "") {
date_default_timezone_set("America/Detroit");
$timeStamp = date("Y-m-d H:i:s");
$sql = "INSERT INTO escorts (DateTimeSubmitted, EID, NumberInParty, Location, Destination, Comments, PhoneNumber) \n VALUES ('" . $timeStamp . "', '" . $_SESSION['eid'] . "', '" . $numInParty . "', '" . $location . "', '" . $destination . "', '" . $comments . "', '" . $phoneNumber . "')";
//$sql = "INSERT INTO escorts (EID, FirstName, LastName, NumberInParty, Location, Destination, Comments, PhoneNumber, DateTimeSubmitted)
//VALUES ('$_POST[eid]', '$_POST[firstName]', '$_POST[lastName]', '$_POST[numberInParty]', '$_POST[location]', '$_POST[destination]', '$_POST[comments]', '$_POST[phoneNumber]', '$timeStamp')";
$con->query($sql);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Welcome to SEEUS</title>
// If so, error
$validationPassed = false;
} else {
$itemDescription = testInput($itemDescription);
if (!preg_match($stringRegex, $itemDescription)) {
$itemDescriptionErr = "Only text, whitespace and quotes!";
$validationPassed = false;
}
preg_replace("/\\s{2,}/", " ", $itemDescription);
}
if (empty($itemPrice) || $itemPrice == " ") {
$itemPriceErr = "Item price is required";
// If so, error
$validationPassed = false;
} else {
$itemPrice = testInput($itemPrice);
if (!preg_match($decimalNumberRegex, $itemPrice)) {
$itemPriceErr = "Incorrect format!";
$validationPassed = false;
}
preg_replace("/\\s{2,}/", " ", $itemPrice);
}
if ($validationPassed == true) {
$connection = mysql_connect("exampleDBaddress", "exampleDBusername", "exampleDBpassword");
mysql_select_db("newport_takeaway") or die("cannot select DB");
$result = mysql_query("UPDATE items SET itemName='" . $itemName . "',itemDescription='" . $itemDescription . "',itemPrice='" . $itemPrice . "' WHERE itemID='" . $itemID . "';");
mysql_close($connection);
$done = true;
}
} else {
if (isset($_GET['ID'])) {
<?php
include "include/include_pre.php";
requireSignin(TRUE);
requireLevel(0);
$conn = connect_db($db_server, $db_username, $db_password, $db_dbname);
// define variables and set to empty values
$photo_id = $product_id = $photo_name = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
$photo_id = testInput($_GET["photo_id"]);
$product_id = testInput($_GET["product_id"]);
$photo_name = testInput($_GET["photo_name"]);
}
unlink("photos/" . $photo_name);
// die();
$sql = "DELETE FROM product_photos\n WHERE id={$photo_id};";
// echo $sql;
if ($conn->query($sql) === TRUE) {
header("Location: admin_product_view.php?id={$product_id}&success=true&command=delete");
die;
} else {
// echo "Error: " . $sql . "<br>" . $conn->error;
if (strrpos($conn->error, "Duplicate") !== false) {
echo "Duplicate";
} else {
echo $conn->error;
}
}
<?php
require '..\\functions\\config.php';
//getSharing.php?uid=15
$uid = testInput($_GET['uid']);
$flag = 0;
if (strlen($uid) == 0) {
echo 'the value of uid can not be NULL';
$flag = $flag - 1;
}
if ($flag >= 0) {
if (!$pdo) {
echo '-1';
//链接数据库失败
} elseif (empty($_SESSION)) {
echo '-2';
//用户没有登录
} else {
$getSha = new sharingCls($pdo);
$sharingList = $getSha->loadSharing($uid);
$getUser = new userProfile($pdo);
$userlist = $getUser->loadProfile($_SESSION['userid']);
arsort($sharingList);
foreach ($sharingList as $key => $value) {
$jsonData = $jsonData . '{"face":"' . $userlist->getFace() . '","name":"' . $userlist->getName() . '","uid":"' . $value->getUid() . '","time":"' . $value->getTime() . '","sharingType":"' . $value->getSharingType() . '","img":"' . $value->getImg() . '","content":"' . $value->getContent() . '","commentNum":"' . $value->getCommentAmount() . '","likeNum":"' . $value->getLikeAmount() . '","dislikeNum":"' . $value->getDislikeAmount() . '"},';
}
$jsonData = substr_replace($jsonData, "", -1, 1);
echo "{sharing:[" . $jsonData . "]}";
}
}
session_write_close();
$name = testInput($_POST["name"]);
}
if (!empty($_POST["description"])) {
$description = testInput($_POST["description"]);
}
if (!empty($_POST["price"])) {
$price = testInput($_POST["price"]);
}
if (!empty($_POST["image"])) {
$image = testInput($_POST["image"]);
}
if (!empty($_POST["is_active"])) {
$is_active = testInput($_POST["is_active"]);
}
if (!empty($_POST["vendor"])) {
$vendor = testInput($_POST["vendor"]);
}
}
if ($user['role']) {
echo "<h2>admin: " . $_SESSION['user_id'] . "</h2>";
} else {
echo "<h2>user: "******"</h2>";
}
?>
<link rel="stylesheet" href="style.css">
<a class="logout" href="/logout.php">Log out</a>
<?php
if ($user['role']) {
?>
<form class="add" action="<?php
echo htmlspecialchars($_SERVER["PHP_SELF"]);
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
return $data;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_SESSION['loggedInUserID'])) {
$UID = $_SESSION['loggedInUserID'];
$connection = mysql_connect("exampleDBaddress", "exampleDBusername", "exampleDBpassword");
mysql_select_db("newport_takeaway") or die("cannot select DB");
$result = mysql_query("SELECT Admin FROM users WHERE UserID = '{$UID}'");
$isAdmin = mysql_fetch_assoc($result);
}
if (!empty($_POST["searchBox"])) {
$searchTerm = testInput($_POST["searchBox"]);
// Use the testInput function below to strip any unwanted characters
$connection = mysql_connect("exampleDBaddress", "exampleDBusername", "exampleDBpassword");
mysql_select_db("newport_takeaway") or die("cannot select DB");
$result = mysql_query("SELECT * FROM `items` WHERE itemName LIKE '%{$searchTerm}%' OR itemDescription LIKE '%{$searchTerm}%' ORDER BY itemName ASC;");
$searchResults = "<table id=\"basicTable\" style=\"margin:0 auto;width:800px;\" >";
$searchResults .= "<tr>";
$searchResults .= "<th>Name</th>";
$searchResults .= "<th>Description</th>";
$searchResults .= "<th>Price</th>";
if (isset($_SESSION['loggedInUserID'])) {
$searchResults .= "<th>Add</th>";
if (isset($isAdmin['Admin']) && $isAdmin['Admin'] == 1) {
$searchResults .= "<th>Edit</th>";
$searchResults .= "<th>Delete</th>";
}
<?php
include "include/include_pre.php";
requireSignin(TRUE);
requireLevel(0);
$conn = connect_db($db_server, $db_username, $db_password, $db_dbname);
// define variables and set to empty values
$inputName = $inputType = $inputPrice = $inputType = $optionsActive = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$inputName = testInput($_POST["inputName"]);
$inputType = testInput($_POST["inputType"]);
$inputPrice = testInput($_POST["inputPrice"]);
$inputUnit = testInput($_POST["inputUnit"]);
$optionsActive = testInput($_POST["optionsActive"]);
$barcode = "P" . date("YmdHis");
}
$sql = "INSERT INTO products (name, price, unit, type, is_active, barcode, created_at, updated_at)\n VALUES ('{$inputName}', {$inputPrice}, '{$inputUnit}', '{$inputType}', {$optionsActive}, '{$barcode}', now(), now() )";
// echo $sql;
if ($conn->query($sql) === TRUE) {
header("Location: admin_products_view.php?success=true&command=add");
die;
} else {
// echo "Error: " . $sql . "<br>" . $conn->error;
if (strrpos($conn->error, "Duplicate") !== false) {
// echo "Duplicate";
header("Location: admin_products_view.php?success=false&command=add&reason=duplicate");
die;
} else {
echo $conn->error;
}
}
<?php
require "functions/config.php";
$userAccount = testInput($_GET['people']);
//初始化个人信息
$user = new userProfile($pdo);
$usercls = $user->loadProfile($userID);
if ($userID = $user->userIsExist($userAccount)) {
//初始化关注/粉丝数据信息
$focls = new followCls($pdo);
//初始化个人分享
$shacls = new sharingCls($pdo);
$shalist = $shacls->loadSharing($userID[0]);
if (!empty($_SESSION)) {
$pageTitle = "{$userAccount} - 探索";
} else {
header("Location:index.php");
}
require "includes/header.php";
?>
<div class="people-user-background-detail">
<div class="people-user-heading">
<div class="people-user-heading-left">
<img src="user/ivydom/background-blur.jpg" alt="i<?php
echo $usercls->getName();
?>
" width="260" height="265">
<div class="people-user-heading-left-detail">
<div class="people-user-photo">
<img src="<?php
static function insertProposal($props, $project_id)
{
if (!$props) {
drupal_set_message(t('Insert requested with empty (filtered) data set'), 'error');
return false;
}
global $user;
$txn = db_transaction();
try {
$uid = $user->uid;
if (!Users::isOfType(_STUDENT_TYPE, $uid)) {
drupal_set_message(t('You must be a student to submit a proposal'), 'error');
return false;
}
$project = Project::getProjectById($project_id);
$student_details = Users::getStudentDetails($uid);
$props['owner_id'] = $uid;
$props['org_id'] = $project['org_id'];
$props['inst_id'] = $student_details->inst_id;
$props['supervisor_id'] = altSubValue($props, 'supervisor_id', 0) ?: $student_details->supervisor_id;
$props['pid'] = $project['pid'];
if (!isset($props['state'])) {
$props['state'] = 'draft';
}
if (!testInput($props, array('owner_id', 'org_id', 'inst_id', 'supervisor_id', 'pid', 'title'))) {
return FALSE;
}
try {
// inserts where the field length is exceeded fails silently here
// i.e. the date strinf is too long for the mysql field type
$id = db_insert(tableName(_PROPOSAL_OBJ))->fields($props)->execute();
} catch (Exception $e) {
drupal_set_message($e->getMessage(), 'error');
}
if ($id) {
//TODO: notify mentor???
drupal_set_message(t('Note that you have only saved your proposal: you can continue editing it later.'));
return $id;
} else {
drupal_set_message(t('We could not add your proposal. ') . (_DEBUG ? '<br/>' . getDrupalMessages() : ""), 'error');
}
return $result;
} catch (Exception $ex) {
$txn->rollback();
drupal_set_message(t('We could not add your proposal.') . (_DEBUG ? $ex->__toString() : ''), 'error');
}
return FALSE;
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
$validationPassed = false;
} else {
$email = testInput($_POST["email"]);
// check if e-email address syntax is valid
if (!preg_match("/([\\w\\-]+\\@[\\w\\-]+\\.[\\w\\-]+)/", $email)) {
$emailErr = "Invalid email format";
$validationPassed = false;
}
}
if (empty($_POST["enquiry"])) {
$enquiryErr = "Enquiry is required";
$validationPassed = false;
} else {
$enquiry = testInput($_POST["enquiry"]);
}
/*
mail(
'*****@*****.**',
'Works!',
'An email has been generated from your localhost, congratulations!');*/
if ($validationPassed == true) {
require_once 'PHPMailer-master/class.phpmailer.php';
$mail = new PHPMailer();
// create a new object
$mail->IsSMTP();
// enable SMTP
$mail->SMTPDebug = 0;
// debugging: 1 = errors and messages, 2 = messages only
$mail->SMTPAuth = true;
$newEmail = testInput($_POST['newEmail']);
if (strlen($newEmail) == 0) {
echo '邮箱不能为空';
} else {
if (!$logUser->changeEmail($_SESSION['userid'], $newEmail)) {
echo '修改失败';
} else {
echo '修改成功';
}
}
}
//修改密码
if ($_POST['alterPw'] == 'alterPw') {
$oldPw = testInput($_POST['originalPw']);
$newPw = testInput($_POST['newPw']);
$pwConfirmed = testInput($_POST['pwConfirmed']);
if (strlen($oldPw) == 0 || strlen($newPw) == 0 || strlen($pwConfirmed) == 0) {
echo '请认真填写所需信息';
} else {
if (!$logUser->checkPassword($_SESSION['userid'], $oldPw)) {
echo $_SESSION['userid'];
echo '旧密码不符合';
} elseif (!($newPw == $pwConfirmed)) {
echo '两次输入密码不一致';
} else {
if (!$logUser->changePassword($_SESSION['userid'], $newPw)) {
echo '更改失败';
} else {
//成功
}
}
<?php
include "include/include_pre.php";
requireSignin(TRUE);
requireLevel(0);
$conn = connect_db($db_server, $db_username, $db_password, $db_dbname);
// define variables and set to empty values
$inputFirstname = $inputLastname = $inputTel = $inputLine = $inputEmail = $inputAddress = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$inputFirstname = testInput($_POST["inputFirstname"]);
$inputLastname = testInput($_POST["inputLastname"]);
$inputTel = testInput($_POST["inputTel"]);
$inputLine = testInput($_POST["inputLine"]);
$inputEmail = testInput($_POST["inputEmail"]);
$inputAddress = testInput($_POST["inputAddress"]);
$source = testInput($_POST["source"]);
$inputFirstname = $conn->real_escape_string($inputFirstname);
$inputLastname = $conn->real_escape_string($inputLastname);
$inputTel = $conn->real_escape_string($inputTel);
$inputLine = $conn->real_escape_string($inputLine);
$inputEmail = $conn->real_escape_string($inputEmail);
$inputAddress = $conn->real_escape_string($inputAddress);
$source = $conn->real_escape_string($source);
}
$sql = "INSERT INTO customers (firstname, lastname, tel, line_id, email, address, created_at, updated_at)\n VALUES ('{$inputFirstname}', '{$inputLastname}', '{$inputTel}', '{$inputLine}', '{$inputEmail}', '{$inputAddress}', now(), now() )";
// echo $sql;
if ($conn->query($sql) === TRUE) {
header("Location: {$source}?success=true&command=add");
die;
} else {
// echo "Error: " . $sql . "<br>" . $conn->error;
if (empty($_POST['eid'])) {
$eidError = "Your EID is required";
} elseif (strlen($_POST['eid']) != 8 | !is_numeric($_POST['eid'])) {
$eidError = "Invalid EID";
} elseif ($con->query("SELECT EID from users WHERE EID = '" . $_POST['eid'] . "' LIMIT 1")->num_rows == 1) {
$eidError = "This EID is already registered.";
} else {
$eidError = "";
$eid = testInput($_POST['eid']);
}
//Phone number error check
if (!is_numeric($_POST['phoneNumber']) & !empty($_POST['phoneNumber']) | !empty($_POST['phoneNumber']) & strlen($_POST['phoneNumber']) != 10) {
$phoneNumberError = "Invalid phone number";
} else {
$phoneNumberError = "";
$phoneNumber = testInput($_POST['phoneNumber']);
}
//If errors are clear, send data to the database
if ($emailError == "" & $passwordError == "" & $firstNameError == "" & $lastNameError == "" & $eidError == "" & $phoneNumberError == "") {
date_default_timezone_set("America/Detroit");
$timeStamp = date("Y-m-d H:i:s");
$sql = "INSERT INTO users (EID, email, Password, FirstName, LastName, PhoneNumber, DateTimeCreated) \n VALUES ('" . $eid . "', '" . $email . "', '" . $password . "', '" . $firstName . "', '" . $lastName . "', '" . $phoneNumber . "', '" . $timeStamp . "')";
$con->query($sql);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Welcome to SEEUS</title>
<?php
include "include/include_pre.php";
requireSignin(TRUE);
requireLevel(0);
$conn = connect_db($db_server, $db_username, $db_password, $db_dbname);
// define variables and set to empty values
$inputId = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
$inputId = testInput($_GET["id"]);
}
// die();
$sql = "DELETE FROM users\n WHERE id={$inputId};";
// echo $sql;
if ($conn->query($sql) === TRUE) {
header("Location: admin_users_view.php?success=true&command=delete");
die;
} else {
// echo "Error: " . $sql . "<br>" . $conn->error;
if (strrpos($conn->error, "Duplicate") !== false) {
echo "Duplicate";
} else {
echo $conn->error;
}
}
} else {
$logUser = $accEx->loginIn($email, $password);
if (!$logUser) {
echo '登录失败';
} else {
$_SESSION['username'] = $name;
$_SESSION['useremail'] = $email;
$_SESSION['userid'] = $logUser->getUid();
header('Location:index.php');
}
}
}
if ($_POST['eReg'] == 'eReg') {
$email = testInput($_POST['eEmail']);
$name = testInput($_POST['eName']);
$password = testInput($_POST['ePassword']);
if (strlen($email) == 0 || strlen($name) == 0 || strlen($password) == 0) {
echo '邮箱,名字或密码不能为空';
} else {
$regResult = $accEx->regExplore($email, $name, $password);
if (!$regResult) {
echo '注册失败';
} elseif ($regResult === -1) {
echo '名字重复';
} elseif ($regResult === -2) {
echo '邮箱重复';
} else {
//配置SESSION,用户登录记录
$_SESSION['username'] = $name;
$_SESSION['useremail'] = $email;
$_SESSION['userid'] = $pdo->lastInsertId() + 4;
<?php
include "include/include_pre.php";
requireSignin(TRUE);
requireLevel(0);
$conn = connect_db($db_server, $db_username, $db_password, $db_dbname);
// define variables and set to empty values
$inputName = $inputEmail = $inputPassword = $optionsPermission = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$inputName = testInput($_POST["inputName"]);
$inputEmail = testInput($_POST["inputEmail"]);
$inputPassword = testInput($_POST["inputPassword"]);
$optionsPermission = testInput($_POST["optionsPermission"]);
}
$sql = "INSERT INTO users (name, email, password, level, created_at, updated_at)\n VALUES ('{$inputName}', '{$inputEmail}', '{$inputPassword}', {$optionsPermission}, now(), now() )";
// echo $sql;
if ($conn->query($sql) === TRUE) {
header("Location: admin_users_view.php?success=true&command=add");
die;
} else {
// echo "Error: " . $sql . "<br>" . $conn->error;
if (strrpos($conn->error, "Duplicate") !== false) {
// echo "Duplicate";
header("Location: admin_users_view.php?success=false&command=add&reason=duplicate");
die;
} else {
echo $conn->error;
}
}
<?php
require '..\\functions\\config.php';
//newSharing.php?method=new&uid=15&content=2333333&type=public&img=0&sharingID=0
$method = testInput($_GET['method']);
//delete||new
$uid = testInput($_GET['uid']);
$content = testInput($_GET['content']);
$type = testInput($_GET['type']);
//public||private
$img = testInput($_GET['img']);
//没有写0
$sharingID = testInput($_GET['sharingID']);
$requestQueue = array('method' => $method, 'uid' => $uid, 'content' => $content, 'type' => $type, 'img' => $img, 'sharingID' => $sharingID);
$flag = 0;
foreach ($requestQueue as $key => $value) {
if (strlen($value) == 0) {
echo "the value of {$key} can not be NULL<br>";
$flag = $flag - 1;
}
}
if ($flag >= 0) {
if (!$pdo) {
echo '-1';
//链接数据库失败
} elseif (empty($_SESSION)) {
echo '-2';
//用户没有登录
} else {
$newSha = new sharingCls($pdo);
switch ($method) {
