<?php
require_once "../includes/db_connect.php";
require_once "../includes/functions.php";
require_once "../includes/session.php";
require_once "utils/question.php";
require_once "utils/user.php";
confirm_logged_in();
if (isset($_POST["submit"])) {
$db = new DB_CONNECT();
// get username from the session
$username = get_username();
if (check_is_set($_POST)) {
if (check_empty($_POST)) {
$test_name = $db->mysql_prep($_POST["test_name"]);
$start_time = make_sql_date_time($_POST["start_time"], "/");
$end_time = make_sql_date_time($_POST["end_time"], "/");
$event_date = $db->mysql_prep($_POST["event_date"]);
$duration = $db->mysql_prep($_POST["duration"]);
$query = "UPDATE test SET test_name='{$test_name}', username='******',start_time='{$start_time}',\n end_time='{$end_time}',event_date='{$event_date}',duration='{$duration}' WHERE test_name='{$test_name}' ";
$result = $db->query_database($query);
if (is_null($result)) {
// query failed
echo "query failed";
} else {
redirect_to("question_list.php?test_name=" . get_test_name());
}
} else {
echo "empty fields";
}
} else {
<?php
require_once "/includes/session.php";
require_once "/includes/db_connect.php";
require_once "/includes/functions.php";
$db = new DB_CONNECT();
$message = "";
// check and submit the user request for the access of the page
if (isset($_POST["submit"])) {
$user_id = trim($db->mysql_prep($_POST["username"]));
$password = trim($db->mysql_prep($_POST["password"]));
$hashed_password = sha1($password);
// for the hashing of the password
$queryString = "SELECT * FROM adminUser WHERE username='******' && password='******' ";
$result = $db->query_db($queryString);
if ($db->number_of_rows($result) > 0) {
$_SESSION["username"] = $user_id;
redirect_to("firstpage.php");
} else {
$message = "Passowrd and Username combination is wrong";
}
}
?>
<html lang="en" class="no-js">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="UTF-8">
<title>DISASTER SAFETY</title>
<link rel="stylesheet" type="text/css" href="stylesheets/demo.css">
<link rel="stylesheet" type="text/css" href="stylesheets/style.css">
<link rel="stylesheet" type="text/css" href="stylesheets/animate-custom.css">
</head>
<?php
// including the some files
require_once "includes/db_connect.php";
require_once "includes/functions.php";
// making the object of DB
// response array for the JSON
$response = array();
$db = new DB_CONNECT();
if (isset($_POST["member_id"]) && isset($_POST["famliy_id"])) {
// removing extra space and sql injections
$member_id = trim($db->mysql_prep($_POST["member_id"]));
$family_id = trim($db->mysql_prep($_POST["family_id"]));
if (is_present($family_id)) {
$query_string = "INSERT INTO people (member_id , family_id) VAlUES('{$member_id}' , '{$family_id}')";
$result = $db->query_db($query_string);
if ($result) {
$response["success"] = 1;
$response["message"] = "The family member is added in the list.";
} else {
$response["success"] = 0;
$response["message"] = "The family member is not added in the database ";
}
} else {
$response["success"] = 0;
$response["message"] = "The family member is not registered...";
}
} else {
$response["success"] = 0;
$response["message"] = "The contact number and the name is not set";
}
<?php
require_once "/includes/session.php";
require_once "/includes/db_connect.php";
require_once "/includes/functions.php";
confirm_logged_in();
$db = new DB_CONNECT();
if (isset($_POST["calamity"]) && isset($_POST["before_cal"]) && isset($_POST["after_cal"]) && isset($_POST["during_cal"])) {
$calamity = trim($db->mysql_prep($_POST["calamity"]));
$before_cal = trim($db->mysql_prep($_POST["before_cal"]));
$after_cal = trim($db->mysql_prep($_POST["after_cal"]));
$during_cal = trim($db->mysql_prep($_POST["during_cal"]));
if (strlen($calamity) != 0 && strlen($before_cal) && strlen($after_cal) && strlen($during_cal)) {
$queryString = "INSERT INTO guidelines ( calamity , during_cal, after_cal , before_cal ) VALUES( '{$calamity}','{$during_cal}','{$after_cal}' ,'{$before_cal}') ";
echo $queryString;
$result = $db->query_db($queryString);
if ($result) {
//$_POST["message"] = "Inserted to the database";
redirect_to("guidelines.php?message=Inserted to the database");
} else {
echo "Cannot be inserted";
}
} else {
redirect_to("guidelines.php?message=Cannot be inserted. Some Values are Missing");
}
} else {
echo "Problem in the post request";
}
<?php
require_once "/includes/db_connect.php";
require_once "/includes/functions.php";
require_once "/includes/session.php";
confirm_logged_in();
$db = new DB_CONNECT();
if (isset($_POST["info"]) && isset($_POST["notification"]) && isset($_POST["date"])) {
$info = trim($db->mysql_prep($_POST["info"]));
$notification = trim($db->mysql_prep($_POST["notification"]));
$date = trim($db->mysql_prep($_POST["info"]));
$queryString = "INSERT INTO news ( info , date , notification ) VALUES( '{$info}','{$date}' , '{$notification}') ";
$result = $db->query_db($queryString);
if ($result) {
//$_POST["message"] = "Inserted to the database";
redirect_to("newsupdate.php?message=Inserted to the database");
} else {
echo "Cannot be inserted";
}
} else {
echo "Problem in the post request";
}
<?php
// including the some files
require_once "includes/db_connect.php";
require_once "GCM.php";
// making the object of DB
// response array for the JSON
$response = array();
$db = new DB_CONNECT();
$gcm = new GCM();
if (isset($_POST["id"]) && isset($_POST["name"]) && isset($_POST["regId"])) {
// removing the sql injections and extra space after the text
$id = trim($db->mysql_prep($_POST["id"]));
$name = trim($db->mysql_prep($_POST["name"]));
$regId = trim($db->mysql_prep($_POST["regId"]));
// Check if the contact is already there or not
// We can reduce two queries to DB but to make it simple i have used 2 queries
$query_string = "SELECT * from login where id='{$id}'";
$result = $db->query_db($query_string);
if (!($db->number_of_rows($result) > 0)) {
// insertion is successfully
$query_string = "INSERT INTO login (id,name,gcm_regId) VALUES('{$id}','{$name}','{$regId}')";
$result = $db->query_db($query_string);
$response["success"] = 1;
$response["message"] = "The user is successfully registered";
$response["status"] = 1;
// now do the work of the GCM
/*$registatoin_ids = array($regId);
$message = array("message" => "You are registered with Disaster Saftey app");
$result = $gcm->send_notification($registatoin_ids, $message);*/
//echo json_encode($response);
<?php
require_once "../includes/db_connect.php";
require_once "../includes/functions.php";
require_once "../includes/session.php";
confirm_logged_in();
//var_dump(get_test_name());
if (isset($_GET["message"])) {
$message = "The question has been added";
}
if (isset($_POST["submit"])) {
$db = new DB_CONNECT();
$keys = array("question", "option1", "option2", "option3", "option4", "radio", "marks", "negative_marks");
if (!array_diff($keys, array_keys($_POST)) && check_is_set($_POST)) {
$question = $db->mysql_prep($_POST["question"]);
$option1 = $db->mysql_prep($_POST["option1"]);
$option2 = $db->mysql_prep($_POST["option2"]);
$option3 = $db->mysql_prep($_POST["option3"]);
$option4 = $db->mysql_prep($_POST["option4"]);
$correct_ans = $db->mysql_prep($_POST["radio"]);
$marks = $db->mysql_prep($_POST["marks"]);
$negative_marks = $db->mysql_prep($_POST["negative_marks"]);
$table_name = get_test_name() . "_questions";
$query = "Insert into " . $table_name . " (`question`, `option1`, `option2`, `option3`, `option4`, `correct_ans`, `marks`, `negative_marks`) \n VALUES('{$question}','{$option1}','{$option2}', '{$option3}', '{$option4}', '{$correct_ans}', '{$marks}', '{$negative_marks}')";
if (!is_null($db->query_database($query))) {
redirect_to("add_question.php?message=true");
} else {
echo "Question cannot be added";
}
} else {
$message = "Someting was not set";
<?php
require_once "/includes/session.php";
require_once "/includes/db_connect.php";
require_once "/includes/functions.php";
confirm_logged_in();
$db = new DB_CONNECT();
if (isset($_POST["latitude"]) && isset($_POST["longitude"]) && isset($_POST["type_of_help"])) {
$latitude = trim($db->mysql_prep($_POST["latitude"]));
$longitude = trim($db->mysql_prep($_POST["longitude"]));
$type_of_help = trim($db->mysql_prep($_POST["type_of_help"]));
$queryString = "INSERT INTO help ( longitude , latitude , type_of_help ) VALUES( '{$longitude}','{$latitude}' , '{$type_of_help}') ";
$result = $db->query_db($queryString);
if ($result) {
//$_POST["message"] = "Inserted to the database";
redirect_to("addcoordinates.php?message=Inserted to the database");
} else {
echo "Cannot be inserted .Query Failed";
}
} else {
echo "Problem in the post request";
}
<?php
require_once "../includes/db_connect.php";
require_once "../includes/functions.php";
require_once "../includes/session.php";
require_once "utils/question.php";
require_once "utils/user.php";
confirm_logged_in();
if (isset($_POST["submit"])) {
$db = new DB_CONNECT();
var_dump($_POST);
// get username from the session
$username = get_username();
if (check_is_set($_POST)) {
if (check_empty($_POST)) {
$test_name = $db->mysql_prep($_POST["test_name"]);
$start_time = make_sql_date_time($_POST["start_time"], "/");
$end_time = make_sql_date_time($_POST["end_time"], "/");
$event_date = $_POST["event_date"];
$duration = $db->mysql_prep($_POST["duration"]);
$query = "Insert into " . TESTS_TABLE . " (username, test_name, start_time, end_time, event_date, duration) " . "values('{$username}', '{$test_name}', '{$start_time}', '{$end_time}','{$event_date}','{$duration}')";
$result = $db->query_database($query);
if (is_null($result)) {
// query failed
echo "query failed";
} else {
if (!is_null(Question::create_table($test_name))) {
if (!is_null(User::create_table($test_name))) {
// create the test folder
if (!mkdir("../tests/" . $test_name)) {
echo "Unable to create the directory";
