echo "Sign up (placeholder)<br />"; if (isset($_POST['submit'])) { $host = "localhost"; $dbuser = "******"; $dbpassword = "******"; $database = "calendapp"; $table = "users"; $connector = new SQLConnector(new Credentials($host, $dbuser, $dbpassword, $database)); $connector->connect(); $username = trim($_POST["username"]); $email = trim($_POST['email']); $cryptpw = password_hash($_POST['password'], PASSWORD_DEFAULT); $date = date(DATE_ISO8601); $sqlQuery = "insert into users values('{$username}', '{$cryptpw}', 'temp', '{$date}', '{$email}')"; echo $sqlQuery . "<br />"; if ($connector->insert($sqlQuery)) { $_SESSION['loggedIn'] = true; //Stay logged in $_SESSION['username'] = $username; header("Location: main.php"); } } $body = <<<BODY <form action="signup.php" method="post"> Username: <input type="text" name="username" required="required"><br /> Password: <input type="password" name="password" required="required"><br /> Email: <input type="email" name="email" required="required"><br /> <input type="submit" name="submit" value="Sign Up"><br /> <input type="reset" name="reset" value="Reset"> </form> BODY;
// receive data $selected_classes = implode(",", json_decode($_POST['class_string'])); $passtype = $_POST['passtype']; $price = intval($_POST['price']); $tax = round($price * 0.035 + 0.3, 2); $id = $_SESSION['submission_id']; // prep connecting to db $fe = new FileEditor('login-info.txt'); $credentials = $fe->readFile(); $cred = new Credentials("terrapintango.cgpkve9uh8yp.us-east-1.rds.amazonaws.com", $credentials[0], $credentials[1], "tangodb", 3306); //$cred = new Credentials("localhost", "tango", "tango", "test"); $connection = new SQLConnector($cred); $connection->connect(); $query = "INSERT INTO `classes` (`registerid`, `classes`, `price`, `passtype`)\n VALUES ('{$id}', '{$selected_classes}', '{$price}', '{$passtype}');"; try { $connection->insert($query); } catch (Exception $e) { $error = $e->getMessage(); header("Location: error.php?sql_error={$error}"); } //print_r( $selected_classes); //echo "<br />"; //echo $price; ?> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://ogp.me/ns/fb#"> <head> <script source=></script> <title>7th annual Terrapin Tango Festival</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="keywords" content="Argentine Tango, University of Maryland, ATC, Terrapin Tango Festival" />
// // echo "<br>class array final "; // print_r($class_ary); if (sizeof($class_ary) > 1) { $new_class_str = implode(",", $class_ary); } else { if (sizeof($class_ary) == 1) { $new_class_str = $class_ary[0]; } else { $new_class_str = ""; } } $query = "UPDATE classes SET classes = '{$new_class_str}' WHERE registerid = {$registerid};"; // echo $query; try { $connector->insert($query); } catch (Exception $e) { echo $e->getMessage(); } echo "Table updated."; echo "<p><form action='editdb.php' method=POST><input type='submit' name='xyz' value='Back'></form></p>"; } else { if (isset($_POST['submit'])) { // page 2 $registerid = $_POST['radio']; $query = "SELECT r.fname, r.lname, c.classes\n FROM records r, classes c\n WHERE c.registerid = {$registerid} and r.registerid = c.registerid"; $table = "<table border ='1' id='table'><th align='center'>Remove</th><th align='center'>Class</th>"; try { $result = $connector->retrieve($query); } catch (Exception $e) { echo $e->getMessage();
function drawPage() { global $credentials; $body = ""; $login = new Credentials("terrapintango.cgpkve9uh8yp.us-east-1.rds.amazonaws.com", $credentials[0], $credentials[1], "tangodb"); $connector = new SQLConnector($login); $connector->connect(); //print_r($result); if (isset($_POST['submit'])) { $fields = $_POST['field']; $fieldsString = implode(", ", $fields); foreach ($fields as $table) { if ($table == "ConfirmedRegistrants") { $query = "SELECT r.fname, r.lname, r.partnerfname, r.email, c.classes, c.passtype, c.price\n FROM records r, classes c, confirmation f\n WHERE r.registerid = c.registerid and r.registerid = f.registerid and\n f.payment_status = 'Completed'"; } else { $query = "select * from {$table}"; } $result = $connector->retrieve($query); $body .= "<h1>" . ucfirst($table) . "</h1>" . drawTable($result); } } else { if (isset($_POST['arbsubmitr'])) { $query = $_POST['arbtext']; $result = $connector->retrieve($query); $body .= "<h1>{$query}</h1>" . drawTable($result); } else { if (isset($_POST['arbsubmiti'])) { $query = $_POST['arbtext']; $error = false; try { $result = $connector->insert($query); } catch (Exception $e) { echo $e->getMessage(); $error = true; } if (!$error) { $body .= "Query successful."; } $body .= "<p><form action='admin.php' method=POST><input type='submit' value='Back'></form></p>"; } else { if (isset($_POST['classprint'])) { header("Location: classBalanceInfo.php"); } else { if (isset($_POST['mapping'])) { echo print_class_info(); } else { if (isset($_POST['edit'])) { header("Location: editdb.php"); } else { $body = <<<BODY <h1> Database Access </h1> <form action="admin.php" method="post"> <p> <strong>Select tables to display</strong><br /> <select name="field[]" multiple="multiple"> <option value="records">Records</option> <option value="classes">Classes</option> <option value="confirmation">Confirmation</option> <option value="ConfirmedRegistrants">Confirmed registrations</option> </select> </p> <p> <input type="submit" name="submit" value="Display Tables"> </p> <p> <input type='text' name='arbtext'> </p> <p> <input type='submit' name='arbsubmitr' value='Submit arbitrary query (Get response)'> <input type='submit' name='arbsubmiti' value='Submit arbitrary query (Do not get response)'> </p> \t\t\t\t\t<p> \t\t\t\t\t\t<input type='submit' name='classprint' value='Class Balance Info'> \t\t\t\t\t</p> <p> \t\t\t\t\t\t<input type='submit' name='mapping' value='Confirmed Schedules'> \t\t\t\t\t</p> <p> \t\t\t\t\t\t<input type='submit' name='edit' value='Edit Classes'> \t\t\t\t\t</p> </form> BODY; } } } } } } echo generatePage($body, "Admin Panel"); }
<?php require_once "uploadimage.php"; require_once "dbLogin.php"; require_once "sqlconnector.php"; session_start(); if (isset($_SESSION['username'])) { $CurrentUserName = $_SESSION['username']; } else { $CurrentUserName = "******"; } $host = "localhost"; $dbuser = "******"; $dbpassword = "******"; $database = "calendapp"; $table = "users"; $connector = new SQLConnector(new Credentials($host, $dbuser, $dbpassword, $database)); $connector->connect(); $CurrentEmail = ""; $DateJoined = $connector->retrieve("select joined from users where name='{$_SESSION['username']}'")['joined']; if (isset($_POST['submit'])) { $w = new ImageWorker(null); //no sql here $id = $w->uploadToDir("/profilepics", "filename"); $connector->insert("update users set profilepic='{$id}' where name='{$_SESSION['username']}'"); } $ProPic = "profilepics/" . $connector->retrieve("select profilepic from users where email='{$_SESSION['email']}'")['profilepic']; echo "\n <html>\n <head>\n <title>Profile</title>\n <link rel='stylesheet' href='profile.css' type='text/css' />\n </head>\n <body>\n <a href='main.php'> <img src='img/CalendAppLogo.png' width='256' height='73' alt='CalendApp' id='logo'> </a>\n <div id='subtitle'>\n <img src='img/Pro.png' alt='Profile' id='subtitle'>\n </div>\n \n <form action='profile.php' enctype='multipart/form-data' method='post' id='form'>\n\t\t\t <h1>{$CurrentUserName}</h1>\n <img src='{$ProPic}' alt = 'Profile Picture' id='propic'/>\n\t\t\t <p>\n Date Joined: {$DateJoined}\n </p>\n <p id='upload'>\n Upload New Profile Picture\n <input type='file' name='filename'/><br /><input type='submit' name='submit' value='Upload'>\n </p>\n \n \n </form> \n </body>\n </html>";
$connection->connect(); $fe1 = new FileEditor("log.txt"); $fe1->writeToFile("Run"); try { $verified = $listener->processIpn(); } catch (Exception $e) { // fatal error trying to process IPN. $fe1->writeToFile($e); exit(0); } if (isset($_GET['submission_id'])) { $id = $_GET['submission_id']; } else { $id = 22; // debug } if ($verified) { $post_data = $listener->get_post_data(); $transaction_id = $post_data['txn_id']; $payment_gross = $post_data['mc_gross']; $status = $post_data['payment_status']; $payer_email = $post_data['payer_email']; //not seen by user, so no error redirection try { $connection->insert("insert into confirmation (registerid, total, payment_status, transaction_id, payer_email) values({$id}, {$payment_gross}, '{$status}', '{$transaction_id}', '{$payer_email}');"); } catch (Exception $e) { $fe1->writeToFile("ERROR: " . $e->getMessage()); } } else { $fe1->writeToFile("Failure"); }