/web/index.php

https://github.com/MrMEEE/ironhide · PHP · 137 lines · 116 code · 14 blank · 7 comment · 13 complexity · 18377ad422c0ddee7bbd2ffab0fa0a3d MD5 · raw file 

    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * XXX: check which characters are allowed!
    4. 

  4.  * - fix data containing pipes (|) from breaking the output of search=showall
    5. 

  5.  */
    6. 

  6. require "connect.php";
    7. 

  7. 

  8. if(isset($_GET["addmachine"])){
    9. 

  9.     $manufacturer = filter_input(INPUT_GET, "manufacturer");
    10. 

  10.     $model = filter_input(INPUT_GET, "model");
    11. 

  11.     $start = filter_input(INPUT_GET, "start");
    12. 

  12.     $shutdown = filter_input(INPUT_GET, "shutdown");
    13. 

  13.     if($start==""){
    14. 

  14.      $start="UNAVAILABLE";
    15. 

  15.      $shutdown="UNAVAILABLE";
    16. 

  16.     }
    17. 

  17.     $user = filter_input(INPUT_GET, "user");
    18. 

  18.     $distro = filter_input(INPUT_GET, "distro");
    19. 

  19.     // if the host allows it, use MySQLi + prepared statements
    20. 

  20.     $sql = sprintf('SELECT * from confirmed
    21. 

  21.         WHERE Manufacturer="%s" AND Model="%s" AND `nVidia Startup`="%s" AND `nVidia Shutdown`="%s"',
    22. 

  22.         mysql_real_escape_string($manufacturer), mysql_real_escape_string($model),
    23. 

  23.         mysql_real_escape_string($start), mysql_real_escape_string($shutdown));
    24. 

  24.     $query = mysql_query($sql);    
    25. 

  25.     $row = mysql_fetch_assoc($query);
    26. 

  26.     if($row['Manufacturer'] == $manufacturer){
    27. 

  27.      $id = $row['id'];
    28. 

  28.      $confirmed = $row['Users Confirming'];
    29. 

  29.      $confirmed += 1;
    30. 

  30.      // acceptable since $confirmed and $id are both numbers
    31. 

  31.      mysql_query("UPDATE `confirmed` SET `Users Confirming`=$confirmed WHERE id=$id");
    32. 

  32.      echo "System Added to already existing profile";
    33. 

  33.     }
    34. 

  34.     else{
    35. 

  35.      if($manufacturer!=""&&$model!=""&&$user!=""){ // &&$user!=$row['Confirming User']
    36. 

  36.       $sql = sprintf('INSERT into confirmed (Manufacturer, Model, `nVidia Startup`,
    37. 

  37.         `nVidia Shutdown`, `Submitting User`, `Users Confirming`, Distribution) VALUES
    38. 

  38.         ("%s", "%s", "%s", "%s", "%s", 1, "%s")',
    39. 

  39.         mysql_real_escape_string($manufacturer), mysql_real_escape_string($model),
    40. 

  40.         mysql_real_escape_string($start), mysql_real_escape_string($shutdown),
    41. 

  41.         mysql_real_escape_string($user), mysql_real_escape_string($distro)
    42. 

  42.         );
    43. 

  43.       mysql_query($sql);
    44. 

  44.       echo "System Added";
    45. 

  45.      }
    46. 

  46.     }
    47. 

  47. }
    48. 

  48. else if(isset($_GET["search"])){ // addmachine should not be combined with search
    49. 

  49.     // do not render the output as HTML
    50. 

  50.     header('Content-Type: text/plain');
    51. 

  51.   $searchitem = filter_input(INPUT_GET, 'searchitem');
    52. 

  52.   if($searchitem=="showall")
    53. 

  53.   $query = mysql_query("SELECT * FROM `confirmed` ORDER by Manufacturer");
    54. 

  54.   else
    55. 

  55.   $query = mysql_query(sprintf("SELECT * FROM confirmed WHERE Model = '%s'",
    56. 

  56.     mysql_real_escape_string($searchitem)));
    57. 

  57. 

  58. while($row = mysql_fetch_assoc($query)){
    59. 

  59.     echo $row['Manufacturer'];
    60. 

  60.     echo "| ";
    61. 

  61.     echo $row['Model'];
    62. 

  62.     echo "| ";
    63. 

  63.     echo $row['nVidia Startup'];
    64. 

  64.     echo "| ";
    65. 

  65.     echo $row['nVidia Shutdown'];
    66. 

  66.     echo "| ";
    67. 

  67.     echo $row['Submitting User'];
    68. 

  68.     echo "| ";
    69. 

  69.     echo $row['Users Confirming'];
    70. 

  70.     echo "| ";
    71. 

  71.     echo $row['Distribution'];
    72. 

  72.     echo "\n";
    73. 

  73. }
    74. 

  74. 

  75. }
    76. 

  76. 

  77. if (!isset($_GET["search"])){
    78. 

  78. 

  79. echo "<script src=\"sorttable.js\"></script>";
    80. 

  80. echo "<LINK href=\"style.css\" rel=\"stylesheet\" type=\"text/css\">";
    81. 

  81. 

  82. 

  83. echo '<form type="get">Search: <input type="text" name="searchitem"><input name="search" type="submit">
    84. 

  84. </form>';
    85. 

    86. 

  86. 

  87. echo '<form type="get">
    88. 

  88. Manufacturer: <input type="text" name="manufacturer">Model: <input type="text" name="model">nVidia Startup: <input type="text" name="start">nVidia Shutdown: <input type="text" name="shutdown">User Submitted: <input type="text" name="user">Distribution: <input type="text" name="distro"><input name="addmachine" type="submit">
    89. 

  89. </form>';
    90. 

    91. 

  91. $query = mysql_query("SELECT * FROM `confirmed`");
    92. 

  92. 

  93. echo "<table class=\"sortable\">";
    94. 

  94. echo "<thead>";
    95. 

  95. echo " <tr><th>Manufacturer</th><th>Model</th><th>nVidia Startup</th><th>nVidia Shutdown</th><th>Submitting User</th><th>Users Confirming</th><th>Distro</th></tr>";
    96. 

  96. echo "</thead>";
    97. 

  97. echo "<tbody>";
    98. 

  98. while($row = mysql_fetch_assoc($query)){
    99. 

  99.     echo "<tr>";
    100. 

  100.     echo "<td>";
    101. 

  101.     echo htmlspecialchars($row['Manufacturer']);
    102. 

  102.     echo "</td>";
    103. 

  103.     echo "<td>";
    104. 

  104.     echo htmlspecialchars($row['Model']);
    105. 

  105.     echo "</td>";
    106. 

  106.     if ($row['nVidia Startup'] != "UNAVAILABLE"){
    107. 

  107.      echo '<td><a href="showinfo.php?show=1&id='. htmlspecialchars($row['id']) . '&info=nVidia Startup">Available</a></td>';
    108. 

  108.     }
    109. 

  109.     else
    110. 

  110.     {
    111. 

  111.      echo "<td>Unavailable</td>";
    112. 

  112.     }
    113. 

  113.     if ($row['nVidia Shutdown'] != "UNAVAILABLE"){
    114. 

  114.      echo '<td><a href="showinfo.php?show=1&id='. htmlspecialchars($row['id']) . '&info=nVidia Shutdown">Available</a></td>';
    115. 

  115.     }
    116. 

  116.     else
    117. 

  117.     {   
    118. 

  118.      echo "<td>Unavailable</td>";
    119. 

  119.     }
    120. 

  120.     echo "<td>";
    121. 

  121.     echo htmlspecialchars($row['Submitting User']);
    122. 

  122.     echo "</td>";
    123. 

  123.     echo "<td>";
    124. 

  124.     echo htmlspecialchars($row['Users Confirming']);
    125. 

  125.     echo "</td>";
    126. 

  126.     echo "<td>";
    127. 

  127.     echo htmlspecialchars($row['Distribution']);
    128. 

  128.     echo "</td>";
    129. 

  129.     echo "</tr>";
    130. 

  130. }
    131. 

  131. echo "</tbody>";
    132. 

  132. echo "</table>";
    133. 

  133. }
    134. 

  134. 

  135. 

  136. 

  137. ?>
    138.