";
$title = $row['title']." by ".$row['author'];
do_html_url($url, $title);
echo "
";
}
echo "
";
}
echo "";
}
function display_book_details($book) {
// display all details about this book
if (is_array($book)) {
echo "
";
//display the picture if there is one
if (@file_exists("images/".$book['isbn'].".jpg")) {
$size = GetImageSize("images/".$book['isbn'].".jpg");
if(($size[0] > 0) && ($size[1] > 0)) {
echo "
query("select * from admin
where username='".$username."'
and password = sha1('".$password."')");
if (!$result) {
return 0;
}
if ($result->num_rows>0) {
return 1;
} else {
return 0;
}
}
function check_admin_user() {
// see if somebody is logged in and notify them if not
if (isset($_SESSION['admin_user'])) {
return true;
} else {
return false;
}
}
function change_password($username, $old_password, $new_password) {
// change password for username/old_password to new_password
// return true or false
// if the old password is right
// change their password to new_password and return true
// else return false
if (login($username, $old_password)) {
if (!($conn = db_connect())) {
return false;
}
$result = $conn->query("update admin
set password = sha1('".$new_password."')
where username = '".$username."'");
if (!$result) {
return false; // not changed
} else {
return true; // changed successfully
}
} else {
return false; // old password was wrong
}
}
?>
admin_fns.php
data_valid_fns.php
$value) {
if ((!isset($key)) || ($value == '')) {
return false;
}
}
return true;
}
function valid_email($address) {
// check an email address is possibly valid
if (ereg("^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$", $address)) {
return true;
} else {
return false;
}
}
?>
order_fns.php
autocommit(FALSE);
// insert customer address
$query = "select customerid from customers where
name = '".$name."' and address = '".$address."'
and city = '".$city."' and state = '".$state."'
and zip = '".$zip."' and country = '".$country."'";
$result = $conn->query($query);
if($result->num_rows>0) {
$customer = $result->fetch_object();
$customerid = $customer->customerid;
} else {
$query = "insert into customers values
(0, '".$name."','".$address."','".$city."','".$state."','".$zip."','".$country."')";
$result = $conn->query($query);
if (!$result) {
return false;
}
}
$customerid = $conn->insert_id;
$date = date("Y-m-d");
$query = "insert into orders values
(0, '".$customerid."', '".$_SESSION['total_price']."', '".$date."', '".'PARTIAL'."',
'".$ship_name."', '".$ship_address."', '".$ship_city."', '".$ship_state."',
'".$ship_zip."', '".$ship_country."')";
$result = $conn->query($query);
if (!$result) {
return false;
}
$query = "select orderid from orders where
customerid = '".$customerid."' and
amount > (".$_SESSION['total_price']."-.001) and
amount < (".$_SESSION['total_price']."+.001) and
date = '".$date."' and
order_status = 'PARTIAL' and
ship_name = '".$ship_name."' and
ship_address = '".$ship_address."' and
ship_city = '".$ship_city."' and
ship_state = '".$ship_state."' and
ship_zip = '".$ship_zip."' and
ship_country = '".$ship_country."'";
$result = $conn->query($query);
if($result->num_rows>0) {
$order = $result->fetch_object();
$orderid = $order->orderid;
} else {
return false;
}
// insert each book
foreach($_SESSION['cart'] as $isbn => $quantity) {
$detail = get_book_details($isbn);
$query = "delete from order_items where
orderid = '".$orderid."' and isbn = '".$isbn."'";
$result = $conn->query($query);
$query = "insert into order_items values
('".$orderid."', '".$isbn."', ".$detail['price'].", $quantity)";
$result = $conn->query($query);
if(!$result) {
return false;
}
}
// end transaction
$conn->commit();
$conn->autocommit(TRUE);
return $orderid;
}
?>
index.php
Please chose a category: ";
$cat_array = get_categories();
display_categories($cat_array);
// If login as admin, show add, delete, edit cat link
if (isset($_SESSION['admin_user'])) {
display_button("admin.php", "admin-menu", "Admin Menu");
}
do_html_footer();
?>
login.php
logout.php
Logged out.";
do_html_url("login.php", "Login");
} else {
// if they weren't logged in but came to this page somehow
echo "
You were not logged in, and so have not been logged out.
You could not be logged in.
You must be logged in to view this page.";
do_html_url("login.php", "Login");
do_html_footer();
exit;
}
}
do_html_header("Administrtion");
if (check_admin_user()) {
display_admin_menu();
}else {
echo "
You are not authorized to enter the administration area.
";
}
do_html_footer();
?>
insert_book_form.php
You are not authorized to enter the administration area.";
}
do_html_footer();
?>
insert_book.php
Book ".stripslashes($title)." was added to the database.";
}else {
echo "
Book ".stripslashes($title)." could not be added to the database.
";
}
}else {
echo "
You have not filled out the form. Please try again
";
}
}else {
echo "
You are not authorized to enter the administration area.
";
}
do_html_footer();
?>
insert_category_form.php
You are not authorized to enter the administration area.";
}
do_html_footer();
?>
insert_category.php
Category \"".$catname."\" was added to the database.";
}else {
echo "
Category \"".$catname."\" could not be added to the database.
";
}
}else {
echo "
You have not filled out the form. Please try again
";
}
}else {
echo "
You are not authorized to enter the administration area.
You are not authorized to enter the administration area.
";
}
do_html_footer();
?>
change_password_form.php
change_password.php
You have not filled out the form completely.
Please try again.";
do_html_url("admin.php", "Back to administration menu");
do_html_footer();
exit;
} else {
$new_passwd = $_POST['new_passwd'];
$new_passwd2 = $_POST['new_passwd2'];
$old_passwd = $_POST['old_passwd'];
if ($new_passwd != $new_passwd2) {
echo "
Passwords entered were not the same. Not changed.
";
} else if ((strlen($new_passwd)>16) || (strlen($new_passwd)<6)) {
echo "
New password must be between 6 and 16 characters. Try again.
This article is from an interview with Zuhaib Siddique, a production engineer at HipChat, makers of group chat and IM for teams.
HipChat started in an unusual space, one you might not
![](\"images/".$row['isbn'].".jpg\")
";
do_html_url($url, $title);
} else {
echo " ";
}
echo "![](\"images/".$book['isbn'].".jpg\")
![\"".$alt."\"](\"images/".$image.".gif\")