Requests.php | searchcode

/View/Requests.php

https://bitbucket.org/onlinechessportal/onlinechessgameportal · PHP · 273 lines · 248 code · 25 blank · 0 comment · 44 complexity · f2665c3d9cf30405567434cb5aae212d MD5 · raw file

<?php

require '../Model/Connect.php';

require '../Control/RegisterLogic.php';

require '../Control/LoginLogic.php';

require '../Control/SendNotification.php';

require '../Control/CreateClubLogic.php';

	ob_start();

	$UserNm=$_SESSION['username'];

    $Role = $_SESSION['role'];    

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Online Chess Portal </title>

<!-- CSS Files -->

<link href="css/reset.css" rel="stylesheet" type="text/css" />

<link href="css/Form.css" rel="stylesheet" type="text/css" />

<link href="css/screen.css" rel="stylesheet" type="text/css" />

<link href="css/style.css" rel="stylesheet" type="text/css" />

<link rel="stylesheet" type="text/css" href="css/superfish.css" media="screen" />

<link rel="stylesheet" type="text/css" href="css/jquery.gritter.css" />

<!-- End of CSS Files -->

<!-- Javascript Files -->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>

<script type="text/javascript" src="javascript/jquery.cycle.all.js"></script>

<script type="text/javascript" src="javascript/superfish.js"></script>

<script type="text/javascript" src="javascript/dd.min.js"></script>

<script type="text/javascript" src="javascript/popup-window.js"></script>

<script type="text/javascript" src="javascript/wufoo.js"></script>

<script type="text/javascript" src="http://www.google.com/jsapi"></script>

<script type="text/javascript">google.load('jquery', '1.5');</script>

<script type="text/javascript" src="js/jquery.gritter.js"></script>

<script type="text/javascript"> 

<!--popup-->

var time_interval = setInterval(

function ()

{

$('#popup').load('../Control/Notification.php').fadeIn("slow");

}, 5000); // refresh every 5000 milliseconds

</script>>





	

<!-- End of Javascript Files -->

</head>

<body>

<!-- Wrapper -->

<div id="wrapper">

	<div id="topbar">

		<img src="images/icon1.png" alt="logo" width="42" height="41" class="logo" id='test' /><img src="images/logo.gif" alt="logo" width="322"  height="41" class="logo1" id='test' /> 

		

			<div id="secnav">

				<ul>

				<li> <a href="../Control/LogoutLogic.php?Reason=Normal">SIGN OUT</a> </li>

				<li class="noimg"></li>

			</ul>

			</div>

			

			<div class="menu">

				<ul class="sf-menu">

				

        <li> <a  class="on" href="Home.php">HOME</a></li>

				

       <li> <?php if($_SESSION['role'] == 'SiteAdmin') {

				?> <a href="SiteAdminProfile.php">

				<?php } else { ?>

					<a href="MemberProfile.php">

				<?php }

				$result = mysql_query("SELECT mp_fullname FROM memberprofile WHERE mp_username='".$_SESSION['username']."' ");

				$row = mysql_fetch_array($result);

				if($_SESSION['role'] == 'SiteAdmin') {

					echo 'Profile';

				} else {

					echo $row['mp_fullname'];

				}?></a> 

        </li>

				

        <li> <a href="SearchClub.php">Clubs</a> </li>

                

        <li> <a href="Inbox.php">Messages</a> </li>

			</ul>

		

			</div> </div><!-- menu end-->

	

	

  <div id="content"> 

    <div class="froms"> 

	<span id="popup"></span>

    <form method="post" action="">

        <input type="submit" class="Buttonview" value="Club Creation Requests" name="CCR" style="visibility:hidden"/>

        <input type="hidden" name="step" value="1"/>

    </form>

    <form method="post" action="">

        <input type="submit" class="Buttonview" value="Private Tournament Creation Requests"  name="TCR" style="visibility:hidden"/>

        <input type="hidden" name="step" value="2"/>

    </form>

    <form method="post" action="">

        <input type="submit" class="Buttonview" value="Club Reqs"  name="CR" style="visibility:hidden"/>

        <input type="hidden" name="step" value="3"/>

    </form>

    	<?php

		if(isset($_POST['step']) || isset($_POST['CCR']) || isset($_POST['TCR']) || isset($_POST['CR'])) {

			if($_POST['step'] == 1) {

				$result = mysql_query("SELECT * FROM clubcreaterequest WHERE ccr_status=1");

				echo "<table width='100%' id='ClubCreationReqTab' table border='2' style='border:#999999' style='visibility:hidden'>";

				$QueryNumRows = mysql_num_rows ($result); 

				if ($QueryNumRows == 0) {

					echo '<script language="javascript">alert("No Requests has been recieved")</script>';

				} else {

					while($row = mysql_fetch_array($result))

					{

						 $From = $row['ccr_from'];

						 $ClubName = $row['ccr_name'];

						 $ClubType = $row['ccr_type'];

						 $Status = $row['ccr_status'];

                         echo "<tr> ";

      					 echo "<td><strong>".$From." </td> 

						 	   <td>".$ClubName."</td>

							   <td>".$ClubType."</td>

							   <td> ".$Status."</td>							   

							   <td><form method=\"post\">

										<input type=\"submit\" value=\"Accept\"/>

										<input type=\"hidden\" value=\"12\" name=\"step\"/> 

										<input type=\"hidden\" value=$From name=\"Creator\"/> 

										<input type=\"hidden\" value=$ClubName name=\"ClubName\"/> 

										<input type=\"hidden\" value=$ClubType name=\"ClubType\"/> 

										<input type=\"hidden\" value=$Status name=\"Status\"/> 

							    	</form> </td></tr>";

					}

				}	

			} else if($_POST['step'] == 2) {

				$result = mysql_query("SELECT * FROM tourcreaterequest WHERE tcr_status=1");

				echo "<table width='100%' id='ClubCreationReqTab' table border='2' style='border:#999999' style='visibility:hidden'>";

				$QueryNumRows = mysql_num_rows ($result); 

				if ($QueryNumRows == 0) {

					echo '<script language="javascript">alert("No Requests has been recieved")</script>';

				} else {

					while($row = mysql_fetch_array($result))

					{

						 $From = $row['tcr_from'];

						 $TourName = $row['tcr_name'];			

						 $Status = $row['tcr_status'];

                         echo "<tr> ";

      					 echo "<td><strong>".$From." </td> 

						 	   <td>".$TourName."</td>

							   <td> ".$Status."</td>							   

							   <td><form method=\"post\">

										<input type=\"submit\" value=\"Accept\"/>

										<input type=\"hidden\" value=\"22\" name=\"step\"/> 

										<input type=\"hidden\" value=$From name=\"Creator\"/> 									 

										<input type=\"hidden\" value=$TourName name=\"ClubName\"/> 

										<input type=\"hidden\" value=$Status name=\"Status\"/> 

							    	</form> </td></tr>";

					}

				}		

			} else if($_POST['step'] == 3) {

				$result = mysql_query("SELECT * FROM clubcreaterequest WHERE ccr_status=1");

				echo "<table width='100%' id='ClubCreationReqTab' table border='2' style='border:#999999' style='visibility:hidden'>";

					   

				$QueryNumRows = mysql_num_rows ($result); 

				if ($QueryNumRows == 0) {

					echo '<script language="javascript">alert("No Requests has been recieved")</script>';

				} else {

					while($row = mysql_fetch_array($result))

					{

						 $To = $row['ccr_from'];

						 $From = $row['ccr_name'];

						 $Message = $row['ccr_type'];

						 $MID = $row['ccr_status'];

					}

				}	

			} else if($_POST['step'] == 12) {

				if(isset($_POST['ClubName']) && isset($_POST['ClubType']) && isset($_POST['Creator']) && isset($_POST['Status'] )) {

					$ClubID = InsertClub($_POST['ClubName'],$_POST['ClubType'],$_POST['Creator'],'DefaultClub.jpg');

					if($ClubID) {

						$Message = 'Dear Member, Please notify that the requset to creat the new Paying club have been rejected because there is a similar club within this site.';

						echo '<script language="javascript">alert("the club is already exsting")</script>';

					} else {						

						$Message = 'Dear Member, Please notify that the requset to creat the new Playing club have been Authenticated. <a href="ClubProfile.php"?ClubNo='.$ClubID.'&Admin='.$_POST['Creator'].'> Go to Club </a>';

					}

					DeleteClubReq($_POST['ClubName'],$_POST['ClubType'],$_POST['Creator']);

						$Notify = new Notification();

						$To = $_POST['Creator'];

						

						$User = $_SESSION['username'];

						$time = time();

						

						$From = GetFullName($User);

						$MsgID = GetMaxMsgID();

						$Result = $Notify->SendMessage($To,$From,$Message,$MsgID,$time);

				}

			} else if($_POST['step'] == 22) {

				if(isset($_POST['TourName']) && isset($_POST['Creator']) && isset($_POST['Status'] )) {

					InsertTournament($_POST['TourName'],$_POST['Creator'],'DefaultClub.gif');

					DeleteTourReq($_POST['TourName'],$_POST['Creator']);

					

					$Notify = new Notification();

					$To = $_POST['Creator'];

					$Message = 'Dear Member, Please notify that the requset to creat the new Paying club have been Authenticated.';

					$User = $_SESSION['username'];

        			$time = time();

					

					$From = GetFullName($User);

					$MsgID = GetMaxMsgID();

					$Result = $Notify->SendMessage($To,$From,$Message,$MsgID,$time);

				}

			}

		}

		?>

    </table>

   

   

    </div></div>

    <div id="sidebar"> 

      <li class="content"> 

        <!--------------------------------------------------------------->

        <h2>Requests</h2>

        <ul>

          <li><a href="ClubCreationReq.php">Club Creation</a></li>

          <li><a href="TourCreationReq.php">Tournament Creation</a></li>

        </ul>

      </li>

    </div>

    <!-- topbar-->

    <div class="clear"></div>

    <div id="footers"> 

      



<div style="float:right"><div class="fotterlast">

	<a href="#" title="About Us">About Us</a>

	|

	<a href="#" title="Terms of Service">Terms of Service</a>

	|

	<a href="#" title="Privacy Statement">Privacy</a>

	|

	<a href="Contact.php" title="Contact Us">Contact Us</a>

	</div></div>



	  <div style="float:Left"><div class="fotterlastdesing">Designed by SEP_WE_05 Team.</div></div>

				

	</div>

    </div>

  </div>

</div>

</body>

</html>

<?php

function GetFullName($User) {

	$GetNameFrom = "SELECT mp_fullname FROM memberprofile WHERE mp_username = '".$User."' ";

	$ResultNameFrom = mysql_query($GetNameFrom);

	if ($ResultNameFrom) {

		$rows = mysql_num_rows($ResultNameFrom); 

		while($info = mysql_fetch_assoc( $ResultNameFrom)) {

			$From = $info['mp_fullname'];

		}

		return $From;

	}					

}



function GetMaxMsgID() {

	$sql = "SELECT max(no_ID)+1 AS x FROM notify ";

	$ResultSql = mysql_query($sql);

	if ($ResultSql) {

		$rows = mysql_num_rows($ResultSql); 

		while($info = mysql_fetch_assoc( $ResultSql)) {

			$MsgID = $info['x'];

		}

		return $MsgID;

	}

}



?>
Alerts (22)

'var' Legacy var keyword detected; use public/private/protected for class properties
36
'mysql_fetch_array(' Deprecated mysql_* functions; use PDO or MySQLi for modern database access
71 111 139 165
'$_POST[' Unbounded request input detected; limit size (e.g., check Content-Length or use max input vars) to prevent memory exhaustion
103 104 132 157 173 174 175 180 182 184 193 194 195 196 199
Complexity hotspot; lines 173 to 174 (total complexity: 7)
173 174