OwlCyberSecurity - MANAGER
Edit File: store-procedure.php
<?php ini_set('max_execution_time', 300); ini_set('session.gc_maxlifetime', 43200); // server should keep session data for AT LEAST 24 minutes session_set_cookie_params(43200); // each client should remember their session id for EXACTLY 24 minutes session_start(); // Starting Session date_default_timezone_set("Asia/Bangkok"); // set time zone to GMT+7 $now = time(); if (isset($_SESSION['discard_after']) && $now > $_SESSION['discard_after']) { // this session has worn out its welcome; kill it and start a brand new one session_unset(); session_destroy(); session_start(); } $_SESSION['discard_after'] = $now + 43200; // either new or old, it should live at most for another 24 minutes // =============================================================================================================== // if there is no activity for more than 600 seconds (10 minutes) // the request is redirected to the logout page which would successfully log out the user. $inactive = 43200; // check to see if $_SESSION["timeout"] is set if (isset($_SESSION["timeout"])) { // calculate the session's "time to live" $sessionTTL = time() - $_SESSION["timeout"]; if ($sessionTTL > $inactive) { session_destroy(); header("Location: logout.php"); } } $_SESSION["timeout"] = time(); // =============================================================================================================== include 'dbaccess.php'; include 'systemsecurity.php'; // =============================================================================================================== function CHECK_SESSION() { if(!isset($_SESSION['sid']) && empty($_SESSION['sid'])) { return false; } if(!isset($_SESSION['user_name']) && empty($_SESSION['user_name'])) { return false; } if ( $_SESSION['sid'] == session_id()) { if (RETURN_TABLE_MASTER_USER_NAME($_SESSION['user_name'])) { return true; } else { return false; } } } // =============================================================================================================== function RETURN_TABLE_MASTER_USER_NAME($user_name) { // Check for member_username $host = DB_HOST; $db = DB_NAME; $user = DB_USER; $pass = DB_PASSWORD; $charset = 'utf8'; $sql = "SELECT user_name FROM " . $db . ".`tbl-master-user` WHERE user_name='" . $user_name . "';"; $dsn = "mysql:host=$host;dbname=$db;charset=$charset"; $opt = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; $pdo = new PDO($dsn, $user, $pass, $opt); $statement = $pdo->query($sql); foreach ($statement as $row) { if ($row['user_name'] == $user_name) { return true; } else { return false; } } } function RETURN_TABLE_MASTER_USER_PASSWORD($user_name, $user_password) { // Check for member_password $host = DB_HOST; $db = DB_NAME; $user = DB_USER; $pass = DB_PASSWORD; $charset = 'utf8'; $sql = "SELECT user_password FROM " . $db . ".`tbl-master-user` WHERE user_name='" . $user_name . "';"; $dsn = "mysql:host=$host;dbname=$db;charset=$charset"; $opt = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; $pdo = new PDO($dsn, $user, $pass, $opt); $statement = $pdo->query($sql); foreach ($statement as $row) { if ($row['user_password'] == $user_password) { return true; } else { return false; } } } if (isset($_POST['login-button-login'])) { include_once 'systemsecureimage/securimage.php'; $securimage = new Securimage(); if ($securimage->check($_POST['user_validasi']) == false) { // Captcha Incorrect header('Location: index.php'); } else { $user_name = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'user_name',FILTER_SANITIZE_STRING)); $user_password = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'user_password',FILTER_SANITIZE_STRING)); if (RETURN_TABLE_MASTER_USER_NAME($user_name)) { if (RETURN_TABLE_MASTER_USER_PASSWORD($user_name, $user_password)){ session_regenerate_id(); $_SESSION['user_name'] = $user_name; // Initializing Session User Name $_SESSION['sid'] = session_id(); // Initializing Session ID header('Location: dashboard.php'); } else { header('Location: relogin.php'); } } else { header('Location: relogin.php'); } } } function RETURN_SESSION_USER_NAME_LOGIN() { if (isset($_SESSION['user_name'])) { return $_SESSION['user_name']; } else { return NULL; } } function SIGNOUT(){ $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } // Finally, destroy the session. session_destroy(); return true; } // =============================================================================================================== function RETURN_SESSION_USER_PASSWORD() { if (isset($_SESSION['user_name'])) { $login_user_name = $_SESSION['user_name']; } $user_password = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT user_password FROM `" . DB_NAME . "`.`tbl-master-user` WHERE `" . DB_NAME . "`.`tbl-master-user`.`user_name` = '" . $login_user_name . "';"; // echo $sql_string; mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return NULL; } else { $user_password = $data['user_password']; mysqli_close($db_conn); return $user_password; } } function RETURN_SESSION_USER_ID() { if (isset($_SESSION['user_name'])) { $login_user_name = $_SESSION['user_name']; } $user_id = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT user_id FROM `" . DB_NAME . "`.`tbl-master-user` WHERE `" . DB_NAME . "`.`tbl-master-user`.`user_name` = '" . $login_user_name . "';"; // echo $sql_string; mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return NULL; } else { $user_id = $data['user_id']; mysqli_close($db_conn); return $user_id; } } if (isset($_POST['profile-button-cancel'])) { // Cancel Edited Data Profile header('Location: dashboard.php'); } if (isset($_POST['profile-button-save'])) { // Check Current Profile Password and Save Edited Data Profile $user_id = RETURN_SESSION_USER_ID(); $user_name = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'username',FILTER_SANITIZE_STRING)); $user_password = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'userpassword',FILTER_SANITIZE_STRING)); $user_password_new_1 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'userpasswordnew1',FILTER_SANITIZE_STRING)); $user_password_new_2 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'userpasswordnew2',FILTER_SANITIZE_STRING)); $status_name = ""; $status_password = ""; if (RETURN_SESSION_USER_NAME_LOGIN() == $user_name) { $status_name = "same"; } else { $status_name = "change"; } if ($user_password_new_1 == "New Password" AND $user_password_new_2 == "Retype New Password") { // User Does Not Want To Update his/her Current Password Just Update Profile $status_password = "same"; $sql_string = "UPDATE `" . DB_NAME . "`.`tbl-master-user` SET `user_name` = '" . $user_name . "' WHERE `user_id` = " . $user_id . ";"; } else { $status_password = "change"; // User Want To Update his/her Password and Profile $sql_string = "UPDATE `" . DB_NAME . "`.`tbl-master-user` SET `user_name` = '" . $user_name . "', `user_password` = '" . $user_password_new_1 . "' WHERE `user_id` = " . $user_id . ";"; } // echo $sql_string; if (RETURN_SESSION_USER_PASSWORD() == $user_password) { // If Current Confirmation Password Correct Then Execute Update Request $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); // mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); if ($result) { if ($status_password == "same" AND $status_name == "same") { header('Location: profile.php?status=success'); } elseif ($status_password == "change" AND $status_name == "change") { header('Location: logout.php?status=profileusernamepasswordchanged'); } elseif ($status_password == "change" AND $status_name == "same") { header('Location: logout.php?status=profilepasswordchanged'); } elseif ($status_password == "same" AND $status_name == "change") { header('Location: logout.php?status=profileusernamechanged'); } } else { // Some Thing Went Wrong When Executing Query header('Location: profile.php?status=fail'); } mysqli_close($db_conn); } else { // echo $user_auth_id; header('Location: profile.php?status=password'); } } function RETURN_TABLE_MASTER_USER_TOTAL_ROWS() { $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT COUNT(*) AS total_row FROM `" . DB_NAME . "`.`tbl-master-user`;"; // echo $sql_string; mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return 0; } else { mysqli_close($db_conn); return $data["total_row"]; } } function RETURN_TABLE_MASTER_USER_ID($number) { $user_id = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT user_id FROM `" . DB_NAME . "`.`tbl-master-user` ORDER BY user_id LIMIT " . $number . ",1;"; // echo $sql_string; mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return NULL; } else { $user_id = $data['user_id']; mysqli_close($db_conn); return $user_id; } } function RETURN_TABLE_MASTER_USER_NAME_1($user_id) { $user_name = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT user_name FROM `" . DB_NAME . "`.`tbl-master-user` WHERE user_id = " . $user_id . ";"; // echo $sql_string; mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return NULL; } else { $user_name = $data['user_name']; mysqli_close($db_conn); return $user_name; } } function RETURN_TABLE_MASTER_USER_REG_DATE($user_id) { $user_reg_date = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT reg_date FROM `" . DB_NAME . "`.`tbl-master-user` WHERE user_id = " . $user_id . ";"; // echo $sql_string; mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return NULL; } else { $user_reg_date = $data['reg_date']; mysqli_close($db_conn); return $user_reg_date; } } if (isset($_POST['useroperatoractions-button-cancel'])) { // Cancel Adding or Editing Data UserOperatorActions header('Location: useroperator.php'); } if (isset($_POST['useroperatoractions-button-save'])) { // Check Current Profile Password and Save Edited Data Profile $user_id = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'userid1',FILTER_SANITIZE_NUMBER_INT)); $user_name = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'username',FILTER_SANITIZE_STRING)); $user_password_new_1 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'userpasswordnew1',FILTER_SANITIZE_STRING)); $user_password_new_2 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'userpasswordnew2',FILTER_SANITIZE_STRING)); $status_password = ""; if ($user_password_new_1 == "New Password" AND $user_password_new_2 == "Retype New Password") { // Admin Does Not Want To Update Current Password Just Update Profile $status_password = "same"; $sql_string = "UPDATE `" . DB_NAME . "`.`tbl-master-user` SET `user_name` = '" . $user_name . "' WHERE `user_id` = " . $user_id . ";"; } else { // Admin Want To Update User Operator Password $status_password = "change"; $sql_string = "UPDATE `" . DB_NAME . "`.`tbl-master-user` SET `user_name` = '" . $user_name . "', `user_password` = '" . $user_password_new_1 . "' WHERE `user_id` = " . $user_id . ";"; } // echo $sql_string; // If Current Session is Admin and Confirmation Password Correct Then Execute Update Request $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); // mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); if ($result) { if ($status_password == "same") { header('Location: useroperator.php?status=success'); } elseif ($status_password == "change") { header('Location: useroperator.php?status=passwordchanged'); } } else { // Some Thing Went Wrong When Executing Query header('Location: useroperatoractions.php?status=fail'); } mysqli_close($db_conn); } if (isset($_POST['useroperatoractions-button-add'])) { // Check Current Profile Password And Add New Data User Operator $user_id = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'userid1',FILTER_SANITIZE_NUMBER_INT)); $user_name = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'username',FILTER_SANITIZE_STRING)); $user_password_new_1 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'userpasswordnew1',FILTER_SANITIZE_STRING)); $user_password_new_2 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,'userpasswordnew2',FILTER_SANITIZE_STRING)); $sql_string = "INSERT INTO `" . DB_NAME . "`.`tbl-master-user` (`user_name`, `user_password`) VALUES ('" . $user_name . "','" . $user_password_new_1 . "');"; // echo $sql_string; if ($user_password_new_1 == $user_password_new_2) { $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); // mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); if ($result) { mysqli_close($db_conn); header('Location: useroperator.php?status=success'); } } else { header('Location: useroperator.php?status=pswd'); } } function DELETE_TABLE_MASTER_USER($user_id) { $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "DELETE FROM `" . DB_NAME . "`.`tbl-master-user` WHERE user_id ='" . $user_id . "';"; // echo $sql_string; // mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); return $result; } // =============================================================================================================== function RETURN_TABLE_MASTER_PERIODE_TOTAL_ROWS() { $periode_total_rows = 0; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT count(result_id) as total_rows FROM `" . DB_NAME . "`.`tbl-result` ORDER BY result_id limit 0,30;"; // echo $sql_string; die(); mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return $periode_total_rows; } else { $periode_total_rows = $data['total_rows']; mysqli_close($db_conn); return $periode_total_rows; } } function RETURN_TABLE_MASTER_PERIODE_ID($number){ $periode_id = 0; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT result_id FROM `" . DB_NAME . "`.`tbl-result` ORDER BY result_draw_date DESC LIMIT " . $number . ",1;"; // echo $sql_string; die(); mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return $periode_id; } else { $periode_id = $data['result_id']; mysqli_close($db_conn); return $periode_id; } } function RETURN_TABLE_MASTER_PERIODE_DRAW($periode_id){ $periode_name = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT result_period FROM `" . DB_NAME . "`.`tbl-result` WHERE result_id = " . $periode_id . ";"; // echo $sql_string; die(); mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return $periode_name; } else { $periode_name = $data['result_period']; mysqli_close($db_conn); return $periode_name; } } function RETURN_TABLE_MASTER_PERIODE_DATE($periode_id){ $reg_date = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT result_draw_date FROM `" . DB_NAME . "`.`tbl-result` WHERE result_id = " . $periode_id . ";"; // echo $sql_string; die(); mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return $reg_date; } else { $reg_date = $data['result_draw_date']; mysqli_close($db_conn); return $reg_date; } } function RETURN_TABLE_MASTER_PERIODE_RESULT($periode_id){ $reg_date = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT result_draw_a1 FROM `" . DB_NAME . "`.`tbl-result` WHERE result_id = " . $periode_id . ";"; // echo $sql_string; die(); mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return $reg_date; } else { $reg_date = $data['result_draw_a1']; mysqli_close($db_conn); return $reg_date; } } function RETURN_TABLE_MASTER_PERIODE_RESULT_2($periode_id){ $reg_date = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT result_draw_a2 FROM `" . DB_NAME . "`.`tbl-result` WHERE result_id = " . $periode_id . ";"; // echo $sql_string; die(); mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return $reg_date; } else { $reg_date = $data['result_draw_a2']; mysqli_close($db_conn); return $reg_date; } } function RETURN_TABLE_MASTER_PERIODE_RESULT_3($periode_id){ $reg_date = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT result_draw_a3 FROM `" . DB_NAME . "`.`tbl-result` WHERE result_id = " . $periode_id . ";"; // echo $sql_string; die(); mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return $reg_date; } else { $reg_date = $data['result_draw_a3']; mysqli_close($db_conn); return $reg_date; } } function RETURN_TABLE_MASTER_PERIODE_JACKPOT($periode_id){ $periode_name = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT result_jackpot FROM `" . DB_NAME . "`.`tbl-result` WHERE result_id = " . $periode_id . ";"; // echo $sql_string; die(); mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return $periode_name; } else { $periode_name = $data['result_jackpot']; mysqli_close($db_conn); return $periode_name; } } function RETURN_TABLE_MASTER_PERIODE_STATUS($periode_id){ $periode_name = ""; $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "SELECT result_status FROM `" . DB_NAME . "`.`tbl-result` WHERE result_id = " . $periode_id . ";"; // echo $sql_string; die(); mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); $data = mysqli_fetch_assoc($result); $row = mysqli_num_rows($result); if (!$result || $row <= 0) { mysqli_close($db_conn); return $periode_name; } else { $periode_name = $data['result_status']; mysqli_close($db_conn); return $periode_name; } } if (isset($_POST['periodeactions-button-cancel'])) { // Cancel Edited Data Member header('Location: result.php'); } function SAVE_TABLE_MASTER_PERIODE ($result_id, $result_period, $result_draw_date, $result_draw_a1, $result_draw_a2, $result_draw_a3, $result_jackpot, $result_status) { $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "UPDATE `" . DB_NAME . "`.`tbl-result" . "` SET `result_period` = '" . $result_period . "', `result_draw_date` = '" . $result_draw_date . " " . DRAW_RESULT_HOUR . ":" . DRAW_RESULT_MINUTE . ":" . DRAW_RESULT_SECOND . "', `result_draw_a1` = '" . $result_draw_a1 . "', `result_draw_a2` = '" . $result_draw_a2 . "', `result_draw_a3` = '" . $result_draw_a3 . "', `result_jackpot` = " . $result_jackpot . ", `result_status` = " . $result_status . " WHERE `result_id` = " . $result_id . ";"; // echo $sql_string; die(); // mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); return $result; } if (isset($_POST['periodeactions-button-save'])) { $result_id = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodeid1",FILTER_SANITIZE_NUMBER_INT)); $result_period = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodedraw",FILTER_SANITIZE_NUMBER_INT)); $result_draw_date = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodedrawdate",FILTER_SANITIZE_STRING)); $result_draw_a1 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodenumber1",FILTER_SANITIZE_NUMBER_INT)); $result_draw_a2 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodenumber2",FILTER_SANITIZE_NUMBER_INT)); $result_draw_a3 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodenumber3",FILTER_SANITIZE_NUMBER_INT)); $result_status_TEMP = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodestatus",FILTER_SANITIZE_STRING)); $result_jackpot = 0; if ($result_status_TEMP === 'RUNNING') { $result_status = 0; } else if ($result_status_TEMP === 'DONE') { $result_status = 1; } if ( SAVE_TABLE_MASTER_PERIODE ($result_id, $result_period, $result_draw_date, $result_draw_a1, $result_draw_a2, $result_draw_a3, $result_jackpot, $result_status) ){ header('Location: result.php?status=success'); } else { header('Location: result.php?status=fail'); } } function DELETE_TABLE_MASTER_PERIODE($periode_id) { $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "DELETE FROM `" . DB_NAME . "`.`tbl-result` WHERE result_id = " . $periode_id . ";"; // echo $sql_string; die(); // mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); return $result; } function ADD_TABLE_MASTER_PERIODE ( $result_period, $result_draw_date, $result_draw_a1, $result_draw_a2, $result_draw_a3, $result_jackpot, $result_status, $array_0, $array_1, $array_2, $array_3, $array_4, $array_5, $array_6, $array_7, $array_8, $array_9, $array_10, $array_11, $array_12, $array_13, $array_14, $array_15, $array_16, $array_17, $array_18, $array_19 ) { $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "INSERT INTO `" . DB_NAME . "`.`tbl-result` ( `result_period`, `result_draw_date`, `result_draw_a1`, `result_jackpot`, `result_status`, `result_draw_a2`, `result_draw_a3`, `result_draw_b1`, `result_draw_b2`, `result_draw_b3`, `result_draw_b4`, `result_draw_b5`, `result_draw_b6`, `result_draw_b7`, `result_draw_b8`, `result_draw_b9`, `result_draw_b10`, `result_draw_c1`, `result_draw_c2`, `result_draw_c3`, `result_draw_c4`, `result_draw_c5`, `result_draw_c6`, `result_draw_c7`, `result_draw_c8`, `result_draw_c9`, `result_draw_c10` ) VALUES ( '" . $result_period . "', '" . $result_draw_date . " " . DRAW_RESULT_HOUR . ":" . DRAW_RESULT_MINUTE . ":" . DRAW_RESULT_SECOND . "', '" . $result_draw_a1 . "', " . $result_jackpot . ", " . $result_status . ", '" . $result_draw_a2 . "', '" . $result_draw_a3 . "', '" . $array_0 . "', '" . $array_1 . "', '" . $array_2 . "', '" . $array_3 . "', '" . $array_4 . "', '" . $array_5 . "', '" . $array_6 . "', '" . $array_7 . "', '" . $array_8 . "', '" . $array_9 . "', '" . $array_10 . "', '" . $array_11 . "', '" . $array_12 . "', '" . $array_13 . "', '" . $array_14 . "', '" . $array_15 . "', '" . $array_16 . "', '" . $array_17 . "', '" . $array_18 . "', '" . $array_19 . "' );"; // echo $sql_string; die(); // mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); return $result; } if (isset($_POST['periodeactions-button-add'])) { $result_period = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodedraw",FILTER_SANITIZE_NUMBER_INT)); $result_draw_date = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodedrawdate",FILTER_SANITIZE_STRING)); $result_draw_a1 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodenumber1",FILTER_SANITIZE_NUMBER_INT)); $result_draw_a2 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodenumber2",FILTER_SANITIZE_NUMBER_INT)); $result_draw_a3 = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodenumber3",FILTER_SANITIZE_NUMBER_INT)); $result_status_TEMP = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,"periodestatus",FILTER_SANITIZE_STRING)); $result_jackpot = 0; if ($result_status_TEMP === 'RUNNING') { $result_status = 0; } else if ($result_status_TEMP === 'DONE') { $result_status = 1; } $array_a = array(); $dummy_random_asnumber = ''; $dummy_random_kopnumber = ''; $dummy_random_kepalanumber = ''; $dummy_random_ekornumber = ''; $dummy_random_number = ''; while (count($array_a) <= 20) { $dummy_random_asnumber = (string) rand(0, 9); $dummy_random_kopnumber = (string) rand(0, 9); $dummy_random_kepalanumber = (string) rand(0, 9); $dummy_random_ekornumber = (string) rand(0, 9); $dummy_random_number = $dummy_random_asnumber . $dummy_random_kopnumber . $dummy_random_kepalanumber . $dummy_random_ekornumber; while (in_array($dummy_random_number,$array_a) OR $dummy_random_number == $result_draw_a1 OR $dummy_random_number == $result_draw_a2 OR $dummy_random_number == $result_draw_a3) { $dummy_random_asnumber = (string) rand(0, 9); $dummy_random_kopnumber = (string) rand(0, 9); $dummy_random_kepalanumber = (string) rand(0, 9); $dummy_random_ekornumber = (string) rand(0, 9); $dummy_random_number = $dummy_random_asnumber . $dummy_random_kopnumber . $dummy_random_kepalanumber . $dummy_random_ekornumber; } array_push($array_a, $dummy_random_number); } if ( ADD_TABLE_MASTER_PERIODE ( $result_period, $result_draw_date, $result_draw_a1, $result_draw_a2, $result_draw_a3, $result_jackpot, $result_status, $array_a[0], $array_a[1], $array_a[2], $array_a[3], $array_a[4], $array_a[5], $array_a[6], $array_a[7], $array_a[8], $array_a[9], $array_a[10], $array_a[11], $array_a[12], $array_a[13], $array_a[14], $array_a[15], $array_a[16], $array_a[17], $array_a[18], $array_a[19] ) ){ header('Location: result.php?status=success'); } else { header('Location: result.php?status=fail'); } } // ============================================================================================================== // SET UP RESULT (For SetUpResult.php ) function ADD_TABLE_MASTER_PERIODE_SET_UP ( $result_period, $result_draw_date, $result_draw_a1, $result_jackpot, $array_0, $array_1, $array_2, $array_3, $array_4, $array_5, $array_6, $array_7, $array_8, $array_9, $array_10, $array_11, $array_12, $array_13, $array_14, $array_15, $array_16, $array_17, $array_18, $array_19, $array_20, $array_21 ) { $db_conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting to Database Server.'); $sql_string = "INSERT INTO `" . DB_NAME . "`.`tbl-result` ( `result_period`, `result_draw_date`, `result_draw_a1`, `result_jackpot`, `result_draw_a2`, `result_draw_a3`, `result_draw_b1`, `result_draw_b2`, `result_draw_b3`, `result_draw_b4`, `result_draw_b5`, `result_draw_b6`, `result_draw_b7`, `result_draw_b8`, `result_draw_b9`, `result_draw_b10`, `result_draw_c1`, `result_draw_c2`, `result_draw_c3`, `result_draw_c4`, `result_draw_c5`, `result_draw_c6`, `result_draw_c7`, `result_draw_c8`, `result_draw_c9`, `result_draw_c10`, `result_status` ) VALUES ( '" . $result_period . "', '" . $result_draw_date . " " . DRAW_RESULT_HOUR . ":" . DRAW_RESULT_MINUTE . ":" . DRAW_RESULT_SECOND . "', '" . $result_draw_a1 . "', " . $result_jackpot . ", '" . $array_0 . "', '" . $array_1 . "', '" . $array_2 . "', '" . $array_3 . "', '" . $array_4 . "', '" . $array_5 . "', '" . $array_6 . "', '" . $array_7 . "', '" . $array_8 . "', '" . $array_9 . "', '" . $array_10 . "', '" . $array_11 . "', '" . $array_12 . "', '" . $array_13 . "', '" . $array_14 . "', '" . $array_15 . "', '" . $array_16 . "', '" . $array_17 . "', '" . $array_18 . "', '" . $array_19 . "', '" . $array_20 . "', '" . $array_21 . "', 1 );"; // echo $sql_string; die(); // mysqli_query($db_conn, $sql_string) or die('Error querying database.'); $result = mysqli_query($db_conn, $sql_string); return $result; } function SET_UP_RESULT_1 ($start_periode,$start_date,$jumlah_hari,$jumlah_jackpot) { $nomor = 1; $periode = $start_periode; $tanggal = $start_date; $hari = $jumlah_hari; while ($nomor <= $hari) { $dummy_random_asnumber = (string) rand(0, 9); $dummy_random_kopnumber = (string) rand(0, 9); $dummy_random_kepalanumber = (string) rand(0, 9); $dummy_random_ekornumber = (string) rand(0, 9); $dummy_random_number = $dummy_random_asnumber . $dummy_random_kopnumber . $dummy_random_kepalanumber . $dummy_random_ekornumber; $hasil = $dummy_random_number; echo $periode . ' | ' . $tanggal . ' | ' . $hasil . ' | ' . $jumlah_jackpot . ' | '; SET_UP_RESULT_2 ($periode,$tanggal,$hasil,$jumlah_jackpot); $periode++; $tanggal_tambah = date('Y-m-d', strtotime($tanggal . ' +1 day')); $tanggal = $tanggal_tambah; $nomor++; } } function SET_UP_RESULT_2 ($Var1,$Var2,$Var3,$Var4) { $result_period = $Var1; $result_draw_date = $Var2; $result_draw_a1 = $Var3; $result_jackpot = $Var4; $array_a = array(); $dummy_random_asnumber = ''; $dummy_random_kopnumber = ''; $dummy_random_kepalanumber = ''; $dummy_random_ekornumber = ''; $dummy_random_number = ''; while (count($array_a) <= 22) { $dummy_random_asnumber = (string) rand(0, 9); $dummy_random_kopnumber = (string) rand(0, 9); $dummy_random_kepalanumber = (string) rand(0, 9); $dummy_random_ekornumber = (string) rand(0, 9); $dummy_random_number = $dummy_random_asnumber . $dummy_random_kopnumber . $dummy_random_kepalanumber . $dummy_random_ekornumber; while (in_array($dummy_random_number,$array_a) OR $dummy_random_number == $result_draw_a1) { $dummy_random_asnumber = (string) rand(0, 9); $dummy_random_kopnumber = (string) rand(0, 9); $dummy_random_kepalanumber = (string) rand(0, 9); $dummy_random_ekornumber = (string) rand(0, 9); $dummy_random_number = $dummy_random_asnumber . $dummy_random_kopnumber . $dummy_random_kepalanumber . $dummy_random_ekornumber; } array_push($array_a, $dummy_random_number); } if ( ADD_TABLE_MASTER_PERIODE_SET_UP ( $result_period, $result_draw_date, $result_draw_a1, $result_jackpot, $array_a[0], $array_a[1], $array_a[2], $array_a[3], $array_a[4], $array_a[5], $array_a[6], $array_a[7], $array_a[8], $array_a[9], $array_a[10], $array_a[11], $array_a[12], $array_a[13], $array_a[14], $array_a[15], $array_a[16], $array_a[17], $array_a[18], $array_a[19], $array_a[20], $array_a[21] ) ){ echo 'SUCCESS <br>'; } else { echo 'FAILED <br>'; } } ?> // ============================================================================================================== // ==============================================================================================================