<?php require_once dirname(__FILE__) . "/library/DB.php"; require_once dirname(__FILE__) . "/config/config.php"; session_start(); $db = new DB(); $db->db_connect(); if (isset($_SESSION["user"])) { header("Location: list.php"); } if (isset($_POST["eid"])) { $sql = "SELECT * FROM user WHERE (user_eid = '" . $db->db_escape_string($_POST["eid"]) . "' OR LOWER(user_nick_name) = LOWER('" . $db->db_escape_string($_POST["eid"]) . "')) AND active = 1"; $rs = $db->db_query($sql); $user = $db->fetch_array($rs); if (!$user) { $errors = "EID not exist"; } else { $_SESSION["user"] = $user; header("Location: list.php"); } } ?> <!DOCTYPE html> <html> <head> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"/> <!-- Compiled and minified CSS --> <link rel="stylesheet" href="/bower_components/Materialize/dist/css/materialize.min.css"> <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet"> <!--Let browser know website is optimized for mobile--> </head>
<?php require_once dirname(__FILE__) . "/../library/DB.php"; require_once dirname(__FILE__) . "/../config/config.php"; session_start(); if (!isset($_SESSION["admin"])) { header("Location: index.php"); } $db = new DB(); $db->db_connect(); if (!isset($_GET["uid"])) { header("Location: user.php"); } else { $sql = "SELECT * FROM user WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'"; $rs = $db->db_query($sql); $user = $db->fetch_array($rs); if ($user) { $sql = "UPDATE user\r\n\t\t\t\t\t\tSET active='0'\r\n\t\t\t\t\t\tWHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'"; $db->db_query($sql); } header("Location: user.php"); }
session_start(); $db = new DB(); $db->db_connect(); if (isset($_SESSION["admin"])) { header("Location: user.php"); } if (isset($_POST["login_id"])) { $errors = array(); if ($_POST["login_id"] == "") { $errors[] = "please enter login id"; } if ($_POST["password"] == "") { $errors[] = "please enter password"; } $pw = md5($_POST["password"]); $sql = "SELECT * FROM admin WHERE admin_login = '******' AND admin_password = '******'"; $rs = $db->db_query($sql); $admin = $db->fetch_array($rs); print_r($admin); if (!$admin) { $errors[] = "login id or password is incorrect!"; } else { $_SESSION["admin"] = $admin; header("Location: user.php"); } } ?> <!DOCTYPE html> <html> <body>
$db->db_connect(); //Select from DB if (isset($_GET["uid"])) { $sql = "SELECT * FROM user WHERE user_id = " . $_GET["uid"]; $rs = $db->db_query($sql); $users = $db->fetchAll($rs); foreach ($users as $user) { $id = $user['user_id']; $eid = $user['user_eid']; $name = $user['user_nick_name']; $gwid = $user['user_gwid']; } } //Update user information if (isset($_POST["id"])) { $p_id = $db->db_escape_string($_POST["id"]); $p_eid = $db->db_escape_string($_POST["eid"]); $p_nickname = $db->db_escape_string($_POST["name"]); $p_gwid = $db->db_escape_string($_POST["gwid"]); if ($_FILES["user_image"]["tmp_name"]) { $extention_file = preg_match("/\\.([a-z])+\$/", $_FILES["user_image"]["name"], $match); $file_name = $_FILES["user_image"]["name"] . $user_eid . $match[0]; move_uploaded_file($_FILES["user_image"]["tmp_name"], "../images/" . $file_name); $file_name = ", user_img = '{$file_name}'"; } else { $file_name = ""; } print_r($file_name); $sql = "UPDATE user SET user_eid = '{$p_eid}', user_nick_name = '{$p_nickname}', user_gwid = '{$p_gwid}' {$file_name} WHERE user_id=" . $p_id; $db->db_query($sql); header("Location: ../admin/user.php");
<?php require_once dirname(__FILE__) . "/../library/DB.php"; require_once dirname(__FILE__) . "/../config/config.php"; session_start(); if (!isset($_SESSION["admin"])) { header("Location: index.php"); } $db = new DB(); $db->db_connect(); $fday = ""; $sort = ""; if ($_GET["year"]) { $year = $db->db_escape_string($_GET["year"]); } if (isset($_GET["sort"])) { switch ($_GET['sort']) { case '1': $sort .= "ORDER BY thanks ASC"; break; case '2': $sort .= "ORDER BY thanks DESC"; break; default: $sort .= "ORDER BY thanks DESC"; break; } } else { $sort .= "ORDER BY thanks DESC"; } $sql = "SELECT *, (SELECT COUNT(*) FROM comment WHERE comment.comment_who_thank = user.user_eid";
$sort .= "ORDER BY user_eid DESC"; break; case '3': $sort .= "ORDER BY user_nick_name ASC"; break; case '4': $sort .= "ORDER BY user_nick_name DESC"; break; default: $sort .= "ORDER BY user_eid DESC"; break; } } $filter = ""; if (isset($_GET["keyword"])) { $filter .= "AND (user.user_nick_name LIKE '%" . $db->db_escape_string($_GET["keyword"]) . "%' OR user.user_eid LIKE '%" . $db->db_escape_string($_GET["keyword"]) . "%') "; } $sql = "SELECT *, (SELECT COUNT(*) FROM comment \r\n\t\t\t\t\tWHERE user.user_id = comment.user_id \r\n\t\t\t\t\t\tGROUP BY user_id) AS thanks , \r\n\t\t\t\t (SELECT COUNT(*) FROM comment \r\n\t\t\t\t\tWHERE user.user_id = comment.user_id AND comment_reg_datetime BETWEEN DATE_FORMAT(NOW() ,'%Y-%m-01') AND NOW() \r\n\t\t\t\t\t\tGROUP BY user_id) AS thank_in_month ,\r\n\t\t\t\t (SELECT comment_content FROM comment\r\n\t\t\t\t \tWHERE user.user_id = comment.user_id\r\n\t\t\t\t \t\tORDER BY comment_reg_datetime DESC LIMIT 1) AS last_comment\r\n\t\t\t\t\t\t\tFROM user WHERE active = '1' " . $filter . $sort; $rs = $db->db_query($sql); $users = $db->fetchAll($rs); $content = file_get_contents("content.htm"); $regex = "/\\/user\\/detail\\?id=([0-9]+)\">([^<]*?)</"; preg_match_all($regex, $content, $matches); ?> <!DOCTYPE html> <html> <head> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"/> <!-- Compiled and minified CSS --> <link rel="stylesheet" href="/bower_components/Materialize/dist/css/materialize.min.css"> <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<?php require_once dirname(__FILE__) . "/../library/DB.php"; require_once dirname(__FILE__) . "/../config/config.php"; session_start(); if (!isset($_SESSION["admin"])) { header("Location: index.php"); } $db = new DB(); $db->db_connect(); if (isset($_POST["user_eid"])) { try { $user_eid = $db->db_escape_string($_POST["user_eid"]); if ($_FILES["user_image"]["tmp_name"]) { $extention_file = preg_match("/\\.([a-z])+\$/", $_FILES["user_image"]["name"], $match); $file_name = $user_eid . $match[0]; move_uploaded_file($_FILES["user_image"]["tmp_name"], "../images/" . $file_name); } else { $file_name = ""; } $user_nick_name = $db->db_escape_string($_POST["user_nick_name"]); $user_gwid = $db->db_escape_string($_POST["user_gwid"]); $sql = "INSERT INTO user (user_eid, user_nick_name, user_reg_datetime, user_gwid,user_img) VALUES ('{$user_eid}', '{$user_nick_name}', NOW(), '{$user_gwid}','{$file_name}')"; $db->db_query($sql); } catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), "\n"; die; } header("Location: user.php"); } ?>
<?php require_once dirname(__FILE__) . "/../library/DB.php"; require_once dirname(__FILE__) . "/../config/config.php"; session_start(); if (!isset($_SESSION["admin"])) { header("Location: index.php"); } $db = new DB(); $db->db_connect(); $fday = ""; $sort = ""; if ($_GET["startdate"]) { $startdate = $db->db_escape_string($_GET["startdate"]); } if ($_GET["enddate"]) { $enddate = $db->db_escape_string($_GET["enddate"]); } if ($_GET["year"]) { $year = $db->db_escape_string($_GET["year"]); } if (strtotime($enddate) < strtotime($startdate)) { $error = "date is not valid!"; } $param = $_GET; $uri = ""; foreach ($param as $key => $value) { if ($uri !== "") { $uri .= "&"; } $uri .= $key . "=" . $value;
<?php require_once dirname(__FILE__) . "/library/DB.php"; require_once dirname(__FILE__) . "/config/config.php"; require_once dirname(__FILE__) . "/library/emotion.php"; session_start(); if (!isset($_SESSION["user"])) { header("Location: index.php"); } $db = new DB(); $db->db_connect(); if (isset($_POST["user_id"])) { $uid = $db->db_escape_string($_POST["user_id"]); $comment = $db->db_escape_string($_POST["content"]); $who = $_SESSION["user"]["user_eid"]; $sql = "INSERT INTO comment (user_id, comment_content, comment_who_thank, comment_reg_datetime) VALUES ('{$uid}', '{$comment}', '{$who}',NOW())"; $db->db_query($sql); header("Location: list.php"); } elseif (!isset($_GET["uid"])) { header("Location: list.php"); } else { $sql = "SELECT * FROM user WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "' AND active = '1'"; $rs = $db->db_query($sql); $user = $db->fetch_array($rs); $sql = "SELECT * FROM comment WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'" . " AND comment_reg_datetime >= '" . date("Y-01-01 00:00:00") . "'" . " ORDER BY comment_reg_datetime DESC"; $rs = $db->db_query($sql); $comments = $db->fetchAll($rs); if (!$user) { header("Location: list.php"); } if (isset($_GET["img"])) {
<?php require_once dirname(__FILE__) . "/../library/DB.php"; require_once dirname(__FILE__) . "/../config/config.php"; session_start(); if (!isset($_SESSION["admin"])) { header("Location: index.php"); } $db = new DB(); $db->db_connect(); if (!isset($_GET["uid"])) { header("Location: user.php"); } else { $sql = "SELECT * FROM user WHERE user_id = '" . $db->db_escape_string($_GET["uid"]) . "'"; $rs = $db->db_query($sql); $user = $db->fetch_array($rs); if (isset($_GET["startdate"])) { $startdate = $db->db_escape_string($_GET["startdate"]); } if (isset($_GET["enddate"])) { $enddate = $db->db_escape_string($_GET["enddate"]); } $sql = "SELECT comment.*, user.user_nick_name AS who_thank \r\n\t\t\t\t\t\t\tFROM comment LEFT JOIN user \r\n\t\t\t\t\t\t\tON comment.comment_who_thank = user.user_eid \r\n\t\t\t\t\t\t\t\tWHERE comment.user_id = '" . $db->db_escape_string($_GET["uid"]) . "'"; if ($startdate) { $sql .= " AND comment_reg_datetime >= '" . $startdate . "'"; } if ($enddate) { $sql .= " AND comment_reg_datetime <= '" . $enddate . "'"; } $sql .= " AND comment_reg_datetime >= '" . date("Y-01-01 00:00:00") . "'"; $rs = $db->db_query($sql);