function login()
 {
     $link = $this->db_connection();
     $pass = $_POST['user_password'];
     $user = $_POST['user_name'];
     $query = "SELECT password, user_type, name FROM user WHERE user_name='{$user}'";
     $result = mysqli_query($link, $query) or die(mysqli_error($link));
     if (mysqli_num_rows($result) == 1) {
         $result = mysqli_fetch_array($result);
         //$hash= password_hash($result[0], PASSWORD_DEFAULT);
         //$hash=$result[0];
         //echo $hash;
         //print_r($result);
         //           if($result[0]==$pass){
         if (password_verify($pass, $result[0])) {
             session_start();
             $_SESSION['type'] = $result[1];
             $_SESSION['name'] = $result[2];
             //echo $_SESSION['type'].'<br>'.$_SESSION['name']=$result[2];
             header("Location:card.php");
         } else {
             return $error = TRUE;
         }
     } else {
         return $error = TRUE;
     }
 }
Example #2
1
function sc_check_priv($prob_id, $opened, $user)
{
    if (!function_exists('check_priv')) {
        require __DIR__ . '/privilege.php';
    }
    if (isset($_SESSION['user'])) {
        if (strcmp($user, $_SESSION['user']) == 0 || check_priv(PRIV_SOURCE)) {
            return TRUE;
        }
    }
    require __DIR__ . '/../conf/database.php';
    if (!defined('PROB_HAS_TEX')) {
        require __DIR__ . '/../lib/problem_flags.php';
    }
    if ($opened) {
        $row = mysqli_fetch_row(mysqli_query($con, "select has_tex from problem where problem_id={$prob_id}"));
        if (!$row) {
            return _('There\'s no such problem');
        }
        $prob_flag = $row[0];
        if ($prob_flag & PROB_IS_HIDE && !check_priv(PRIV_INSIDER)) {
            return _('Looks like you can\'t access this page');
        }
        if ($prob_flag & PROB_DISABLE_OPENSOURCE) {
            return _('This solution is not open-source');
        } else {
            if ($prob_flag & PROB_SOLVED_OPENSOURCE) {
                if (isset($_SESSION['user'])) {
                    $query = 'select min(result) from solution where user_id=\'' . $_SESSION['user'] . "' and problem_id={$prob_id} group by problem_id";
                    $user_status = mysqli_query($con, $query);
                    $row = mysqli_fetch_row($user_status);
                    if ($row && $row[0] == 0) {
                        return TRUE;
                    }
                }
                return _('You can\'t see me before solving it');
            } else {
                if (isset($_SESSION['user'])) {
                    $res = mysqli_query($con, "SELECT contest.contest_id,co.contest_id from contest\n                                       RIGHT JOIN (select contest_id from contest_status where user_id='" . $_SESSION['user'] . "' and leave_time is NULL) as cs on (contest.contest_id=cs.contest_id)\n                                       LEFT JOIN (select contest_id from contest_problem where problem_id={$prob_id}) as cp on (contest.contest_id=cp.contest_id)\n                                       LEFT JOIN (select contest_id from contest_owner where user_id='" . $_SESSION['user'] . "') as co on (contest.contest_id=co.contest_id)\n                                       where NOW()>start_time and NOW()<end_time and contest.hide_source_code");
                    $num = mysqli_num_rows($res);
                    if ($num > 0) {
                        $accessible = false;
                        while ($row = mysqli_fetch_row($res)) {
                            if (!is_null($row[1])) {
                                $accessible = true;
                            }
                        }
                        if ($accessible) {
                            return TRUE;
                        } else {
                            return _('You can\'t see me before the contest ends');
                        }
                    }
                    return TRUE;
                }
            }
        }
    }
    return _('Looks like you can\'t access this page');
}
Example #3
0
function add_eleve($_login, $_nom, $_prenom, $_civilite, $_naissance, $_elenoet = 0)
{
    // Fonction d'ajout d'un élève dans la base Gepi
    if ($_civilite != "M" && $_civilite != "F") {
        if ($_civilite == 1) {
            $_civilite = "M";
        } elseif ($_civilite == 0) {
            $_civilite = "F";
        } else {
            $_civilite = "F";
        }
    }
    // Si l'élève existe déjà, on met simplement à jour ses informations...
    $test = mysqli_query($GLOBALS["mysqli"], "SELECT login FROM eleves WHERE login = '******'");
    if (mysqli_num_rows($test) > 0) {
        $record = mysqli_query($GLOBALS["mysqli"], "UPDATE eleves SET nom = '" . $_nom . "', prenom = '" . $_prenom . "', sexe = '" . $_civilite . "', naissance = '" . $_naissance . "', elenoet = '" . $_elenoet . "' WHERE login = '******'");
    } else {
        $query = "INSERT into eleves SET\n        login= '******',\n        nom = '" . $_nom . "',\n        prenom = '" . $_prenom . "',\n        sexe = '" . $_civilite . "',\n        naissance = '" . $_naissance . "',\n        elenoet = '" . $_elenoet . "'";
        $record = mysqli_query($GLOBALS["mysqli"], $query);
    }
    if ($record) {
        return true;
    } else {
        return false;
    }
}
/**
 *  Returns the crowd report of a certain room
 *  @param mysqli $db database to retrieve data from
 *  @param string $company the company where we want to retrieve data of room from
 *  @param string $branch specific address of the room of interest
 *  @param string $room the room number of interest
 *  @return json-encoded value containing data about the crowdedness of the room
 */
function request_crowd_report($db, $company, $branch, $room)
{
    $query = "SELECT c.company_name, b.branch_address, r.room_id, r.room_number, r.people_in, r.people_out,\n              r.max_capacity, r.date, r.time FROM `company` AS c\n              INNER JOIN `branch` AS b on c.company_id = b.company_id\n              INNER JOIN `room` AS r on b.branch_id = r.branch_id\n              WHERE r.room_number = '{$room}' AND b.branch_address = '{$branch}' AND c.company_name = '{$company}'";
    $results = $db->query($query);
    $exists = mysqli_num_rows($results);
    //Set Not Found error if no rooms exist or wrong company/branch for a room
    if ($exists) {
        $rooms = $results->fetch_assoc();
        $total_in = $rooms['people_in'];
        $total_out = $rooms['people_out'];
        $max = $rooms['max_capacity'];
        $time = $rooms['time'];
        $date = $rooms['date'];
        $curr_number = $total_in - $total_out;
        //Make sure crowd_percent is greater than or equal to 0 or less than or equal to 100
        if ($curr_number >= 0) {
            $crowd_percent = round(($total_in - $total_out) / $max * 100);
            if ($crowd_percent > 100) {
                $crowd_percent = 100;
            }
        } else {
            $crowd_percent = 0;
        }
        $room_info = array("company" => $company, "address" => $branch, "room" => $room, "date" => $date, "time" => $time, "crowd" => $crowd_percent);
        return json_encode(array("crowd" => $room_info));
    } else {
        http_response_code(404);
        exit;
    }
}
Example #5
0
function login_check($sql)
{
    // Überprüfe, ob alle Session-Variablen gesetzt sind
    if (isset($_SESSION['nutzerID'], $_SESSION['name'], $_SESSION['login_string'])) {
        $nutzerID = $_SESSION['nutzerID'];
        $login_string = $_SESSION['login_string'];
        $name = $_SESSION['name'];
        // Hole den user-agent string des Benutzers.
        $nutzer_browser = $_SERVER['HTTP_USER_AGENT'];
        $login_ab = "SELECT * FROM nutzer WHERE nutzerID = '" . $nutzerID . "';";
        if ($login_an = mysqli_query($sql, $login_ab)) {
            if (mysqli_num_rows($login_an) == 1) {
                $login = mysqli_fetch_array($login_an);
                $login_check = hash('sha512', $login['passwort'] . $nutzer_browser);
                if ($login_check == $login_string) {
                    // Eingeloggt!!!!
                    return true;
                } else {
                    // Nicht eingeloggt
                    return false;
                }
            } else {
                return false;
            }
        } else {
            return false;
        }
    } else {
        return false;
    }
}
Example #6
0
function ExportTable($conn, $title, $filter, $dbtable, $dbjoin = "", $joinfield = "")
{
    $query = "SELECT * FROM {$dbtable}";
    if ($dbjoin) {
        $query .= " INNER JOIN {$dbjoin} ON {$dbtable}.{$joinfield}={$dbjoin}.{$joinfield}";
    }
    if ($filter) {
        $query .= " WHERE {$filter}";
    }
    $result = mysqli_query($conn, $query);
    $nrcampos = mysqli_field_count($conn);
    echo "<h2>{$title}</h2>";
    echo "{$dbtable}";
    if ($dbjoin) {
        echo "| <a href=\"dbshow.php?dbtable={$dbjoin}\" target=\"_blank\">{$dbjoin}</a>";
    }
    echo "| " . mysqli_num_rows($result) . " row(s)";
    echo "<p><table cellspacing=\"0\" cellpadding=\"5\" border=\"1\">";
    echo "<tr>";
    for ($i = 0; $i < $nrcampos; $i++) {
        $finfo = mysqli_fetch_field_direct($result, $i);
        echo "<td>" . $finfo->name . "</td>";
    }
    echo "</tr>";
    while ($row = mysqli_fetch_array($result)) {
        echo "<tr>";
        for ($i = 0; $i < $nrcampos; $i++) {
            echo "<td>" . $row[$i] . "</td>";
        }
        echo "</tr>";
    }
    echo "</table></p><br>&nbsp;";
}
Example #7
0
function verificar_login($userid, $pass, &$result)
{
    $servername = "localhost";
    $username = '******';
    $password = "";
    $dbname = "cmd";
    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
    $sql = "SELECT * FROM `trabajador` WHERE `userid`=\"" . $userid . "\" and `password`=\"" . $pass . "\"";
    $result = mysqli_query($conn, $sql);
    $count = 0;
    if (!$result) {
        echo "no result";
    } else {
        if (mysqli_num_rows($result) > 0) {
            while ($row = mysqli_fetch_assoc($result)) {
                $_SESSION['userid'] = $row["userid"];
                $_SESSION['rol'] = $row["rol"];
                $count++;
            }
        }
        if ($count == 1) {
            return 1;
        } else {
            return 0;
        }
    }
}
Example #8
0
 public function getCount($sql, $row = 0, $field = null)
 {
     $query = $this->execute_sql($sql);
     is_object($query) and mysqli_num_rows($query) and $result = $this->fetch_one($query, $row, $field) or $result = 0;
     $this->free_result();
     return $result;
 }
Example #9
0
    function buscar($dato)
    {
        $sql = "select * \r\n\t\t\tfrom ot\r\n\t\t\twhere folio like '%" . $dato . "%' OR nombre like '%" . $dato . "%' OR modelo like '%" . $dato . "%' OR serie like '%" . $dato . "%' ";
        $rs = mysqli_query($this->conn, $sql);
        $i = 0;
        if (mysqli_num_rows($rs) < 1) {
            echo "La busqueda no obtuvo resultados.";
        } else {
            echo "<table border='1' align='center' class='table_' ><thead>\r\n\t\t\t\t\t<th>Folio</th>\r\n\t\t\t\t\t<th>Nombre</th>\r\n\t\t\t\t\t<th>Apellido</th>\r\n\t\t\t\t\t<th>Modelo</th>\r\n\t\t\t\t\t<th>Serie</th>\r\n\t\t\t\t\t<th>descripcion</th>\r\n\t\t\t\t\t<th>Fallas</th>\r\n\t\t\t\t\t<th>Resultado</th>\r\n\t\t\t\t\t<th>Estatus</th>\r\n\t\t\t\t\t<th>Fecha_Reg</th>\r\n\t\t\t\t\t<th>Fecha_Entr</th>\r\n\t\t\t\t\t<th>Comentario</th>\r\n\t\t\t\t</thead><tbody>";
            while ($row = mysqli_fetch_array($rs)) {
                echo "<tr><td align='center'>" . $row["folio"] . "</td>";
                echo "<td align='center'>" . $row["nombre"] . "</td>";
                echo "<td align='center'>" . $row["apellido"] . "</td>";
                echo "<td align='center'>" . $row["modelo"] . "</td>";
                echo "<td align='center'>" . $row["serie"] . "</td>";
                echo "<td align='center'>" . $row["des"] . "</td>";
                echo "<td align='center'>" . $row["fallas"] . "</td>";
                echo "<td align='center'>" . $row["resultado"] . "</td>";
                echo "<td align='center'>" . $row["estatus"] . "</td>";
                echo "<td align='center'>" . $row["fechae"] . "</td>";
                echo "<td align='center'>" . $row["fecha"] . "</td>";
                echo '<td align="center">
			<a class="fancybox fancybox.iframe" href="index.php?id=' . $row["id"] . '&folio=' . $row["folio"] . '&nombre=' . $row["nombre"] . '&apellido=' . $row["apellido"] . '&telefono=' . $row["telefono"] . ' " >Comentario</a></td>';
                $i++;
            }
        }
        echo "</tbody></table>";
    }
Example #10
0
 /**
  * Storing new user
  * returns user details
  */
 public function storeUser($name, $email, $gcm_regid)
 {
     // insert user into database
     $c = new DB_Connect();
     $d = $c->connect();
     $test = mysqli_query($d, "SELECT * class_details where code='{$email}'");
     if ($test) {
         $result = mysqli_query($d, "INSERT INTO gcm_users(name, email, gcm_regid, created_at) VALUES('{$name}', '{$email}', '{$gcm_regid}', NOW())");
         // check for successful store
         if ($result) {
             // get user details
             $id = mysqli_insert_id();
             // last inserted id
             $result = mysqli_query($d, "SELECT * FROM gcm_users WHERE id = {$id}") or die(mysql_error());
             // return user details
             if (mysqli_num_rows($result) > 0) {
                 return mysqli_fetch_array($result);
             } else {
                 return false;
             }
         } else {
             return false;
         }
     } else {
         return false;
     }
 }
Example #11
0
function deleteInstitution($institutionId)
{
    //Delete all children of Institution
    $conn = connectToDatabase();
    mysqli_begin_transaction($conn, MYSQLI_TRANS_START_READ_WRITE);
    $sql = "SELECT CURP FROM BelongsToInstitution WHERE institutionId = '{$institutionId}';";
    $result = mysqli_query($conn, $sql);
    if (mysqli_num_rows($result) > 0) {
        while ($row = mysqli_fetch_assoc($result)) {
            deleteChildSameConnection($row["CURP"], $conn);
        }
    }
    //Delete all users from institution
    $sql = "SELECT userName FROM WorksInInstitution WHERE institutionId = '{$institutionId}';";
    $result = mysqli_query($conn, $sql);
    if (mysqli_num_rows($result) > 0) {
        while ($row = mysqli_fetch_assoc($result)) {
            deleteUserSameConnection($row["userName"], $conn);
        }
    }
    $sql = "DELETE FROM Institution WHERE institutionId = '{$institutionId}'";
    if (mysqli_query($conn, $sql)) {
        echo "1";
    } else {
        echo "0" . mysqli_error($conn);
    }
    mysqli_commit($conn);
    closeDb($conn);
}
Example #12
0
function retourneDevoirs($ele_login)
{
    $date_ct1 = mktime(0, 0, 0, date("m"), date("d"), date("Y"));
    // On récupère tous les devoirs depuis aujourd'hui 00:00:00
    $sql = "SELECT DISTINCT ctde.* FROM ct_devoirs_entry ctde, j_eleves_groupes jeg\r\n\t\t\t\t\t\t\t\tWHERE ctde.id_groupe = jeg.id_groupe\r\n\t\t\t\t\t\t\t\tAND jeg.login = '******'\r\n\t\t\t\t\t\t\t\tAND ctde.date_ct >= '" . $date_ct1 . "'\r\n\t\t\t\t\t\t\tORDER BY ctde.date_ct, ctde.id_groupe;";
    //echo "$sql<br />";
    $res_ct = mysqli_query($GLOBALS["mysqli"], $sql);
    $cpt2 = 0;
    // on initialise un compteur pour le while
    if (mysqli_num_rows($res_ct) > 0) {
        while ($lig_ct = mysqli_fetch_object($res_ct)) {
            $tab_ele['cdt_dev'][$cpt2] = array();
            $tab_ele['cdt_dev'][$cpt2]['id_ct'] = $lig_ct->id_ct;
            $tab_ele['cdt_dev'][$cpt2]['id_groupe'] = $lig_ct->id_groupe;
            $tab_ele['cdt_dev'][$cpt2]['date_ct'] = $lig_ct->date_ct;
            $tab_ele['cdt_dev'][$cpt2]['id_login'] = $lig_ct->id_login;
            $tab_ele['cdt_dev'][$cpt2]['contenu'] = $lig_ct->contenu;
            $cpt2++;
        }
        $tab_ele['cdt_dev']['count'] = $cpt2;
    } else {
        $tab_ele['cdt_dev']['count'] = 0;
    }
    return $tab_ele;
}
Example #13
0
function validate($dbc, $email = '', $pwd = '')
{
    $errors = array();
    #Array to store errors.
    if (empty($email)) {
        $errors[] = 'Enter your email address.';
    } else {
        $e = mysqli_real_escape_string($dbc, trim($email));
        #Escapes any special characters
        #to avoid codes being run on the database.
        $email = strip_tags($email);
    }
    if (empty($pwd)) {
        $errors[] = 'Enter your password.';
    } else {
        $p = mysqli_real_escape_string($dbc, trim($pwd));
        $pwd = strip_tags($pwd);
    }
    if (empty($errors)) {
        $q = "SELECT customer_id,first_name,last_name\r\n\tFROM customers \r\n\tWHERE email='{$e}'\r\n\tAND password= SHA1('{$p}')";
        #Retrieves customer related data
        $r = mysqli_query($dbc, $q);
        if (mysqli_num_rows($r) == 1) {
            $row = mysqli_fetch_array($r, MYSQLI_ASSOC);
            return array(true, $row);
        } else {
            $errors[] = 'Email address and password not found';
        }
        return array(false, $errors);
    }
}
Example #14
0
function getDatosAnteriores($nombreUsuario)
{
    $datos = array();
    if ($connect = mysqli_connect("localhost", "root", "", "prueba1")) {
        $sql_select = sprintf("select Nombre,Apellidos,Fecha_Nacimiento,DNI,Localidad,Provincia,CP,Telefono from datos_usuarios\r\n\t\t\t\t\t\t\tinner join credenciales on datos_usuarios.ID_Credenciales=credenciales.idCredenciales\r\n\t\t\t\t\t\t\twhere credenciales.Usuario= '%s';", $nombreUsuario);
        //echo $sql_select."</br>";
        $resultado_queryDatos = mysqli_query($connect, $sql_select);
        if ($resultado_queryDatos == FALSE) {
            echo "Error al ejecutar la consulta:</br>";
            echo mysqli_error($resultado_queryDatos) . "</br>";
        } else {
            if (mysqli_num_rows($resultado_queryDatos) == 1) {
                $i = 0;
                $registro = mysqli_fetch_row($resultado_queryDatos);
                while ($i <= 7) {
                    //echo $i." ".$registro[$i]."</br>";
                    $datos[$i] = $registro[$i];
                    $i++;
                }
                return $datos;
            } else {
                echo "El resultado es diferente uno";
                return false;
            }
        }
    } else {
        echo "Error al conectar con BBDD </br>";
        return false;
    }
}
Example #15
0
/**
* смена пароля
**/
function change_forgot_password()
{
    global $connection;
    $hash = trim(mysqli_real_escape_string($connection, $_POST['hash']));
    $password = trim($_POST['new_password']);
    if (empty($password)) {
        $_SESSION['forgot']['change_error'] = "Не введен пароль";
        return;
    }
    $query = "SELECT * FROM forgot WHERE hash = '{$hash}' LIMIT 1";
    $res = mysqli_query($connection, $query);
    // если не найден хэш
    if (!mysqli_num_rows($res)) {
        return;
    }
    $now = time();
    $row = mysqli_fetch_assoc($res);
    // если ссылка устарела
    if ($row['expire'] - $now < 0) {
        mysqli_query($connection, "DELETE FROM forgot WHERE expire < {$now}");
        return;
    }
    $password = md5($password);
    mysqli_query($connection, "UPDATE users SET password = '******' WHERE email = '{$row['email']}'");
    mysqli_query($connection, "DELETE FROM forgot WHERE email = '{$row['email']}'");
    $_SESSION['forgot']['ok'] = "Вы успешно сменили пароль. Теперь можно авторизоваться";
}
Example #16
0
function addNewRecord($conn, $name, $password, $email, $phone)
{
    $sql_table = "customer";
    $query = "SELECT * FROM {$sql_table} WHERE email = '{$email}'";
    $result = mysqli_query($conn, $query);
    if (!$result) {
        echo "<div class=\"error\"> The query error</div>";
    } else {
        //echo "query : ", $query , "<br/>";
        //echo 'mysqli_num_rows($result): ' , mysqli_num_rows($result);
        if (mysqli_num_rows($result) == 0) {
            $customerNo = uniqid();
            $query = "INSERT INTO `{$sql_table}` (`customer_number`,`name`,`password`,`email`,`phone`)\n\t\t  VALUES(\n\t\t  '{$customerNo}',\n\t\t  '{$name}',\n\t\t  '{$password}',\n\t\t  '{$email}',\n\t\t  '{$phone}'\n\t\t  )";
            //echo "query: ", $query;
            $result2 = mysqli_query($conn, $query);
            if ($result2) {
                $GLOBALS['success'] = true;
                $GLOBALS['strClass'] = "class=\"success\"";
                $GLOBALS['strErr'] .= "<p>Dear " . $name . ", you are successfully registered into ShipOnline</p>";
                $GLOBALS['strErr'] .= "<p>Your customer number is " . $customerNo . "</p>";
                session_start();
                //set _session here
                //$_SESSION['customer_number'] = $customerNo;
            }
        } else {
            $GLOBALS['strClass'] = "class=\"error\"";
            $GLOBALS['strErr'] .= "This email exists ";
        }
    }
}
function get_enemy_material($database_connection, $material)
{
    // Just in case a material has an apostraphe in it
    $material = mysqli_real_escape_string($database_connection, $material);
    $result = mysqli_query($database_connection, "SELECT * FROM `Bestiary` WHERE `Bestiary`.`Drops0` ='" . $material . "' \n                                                                                  OR `Bestiary`.`Drops1` ='" . $material . "' \n                                                                                  OR `Bestiary`.`Drops2` ='" . $material . "' \n                                                                                  OR `Bestiary`.`Drops3` ='" . $material . "' \n                                                                                  OR `Bestiary`.`Drops4` ='" . $material . "' \n                                                                                  OR `Bestiary`.`Drops5` ='" . $material . "' \n                                                                                  OR `Bestiary`.`Drops6` ='" . $material . "';");
    // Obtain the number of rows from the result of the query
    $num_rows = mysqli_num_rows($result);
    // Will be storing all the rows in here
    // Multidimensional array of form rows[table][row]
    $rows = array();
    // Get all the rows
    for ($i = 0; $i < $num_rows; $i++) {
        $rows[$i] = mysqli_fetch_array($result);
    }
    // Fields that we need
    $name = array();
    $genus = array();
    $type = array();
    $continent = array();
    $location = array();
    $lv = array();
    $drops0 = array();
    $drops1 = array();
    $drops2 = array();
    $drops3 = array();
    $drops4 = array();
    $drops5 = array();
    $drops6 = array();
    // Fill the arrays with the data from the database
    for ($i = 0; $i < $num_rows; $i++) {
        $name[$i] = $rows[$i]["Name"];
        $genus[$i] = $rows[$i]["Genus"];
        $type[$i] = $rows[$i]["Type"];
        $continent[$i] = $rows[$i]["Continent"];
        $location[$i] = $rows[$i]["Location"];
        $lv[$i] = $rows[$i]["Lv"];
        $drops0[$i] = $rows[$i]["Drops0"];
        $drops1[$i] = $rows[$i]["Drops1"];
        $drops2[$i] = $rows[$i]["Drops2"];
        $drops3[$i] = $rows[$i]["Drops3"];
        $drops4[$i] = $rows[$i]["Drops4"];
        $drops5[$i] = $rows[$i]["Drops5"];
        $drops6[$i] = $rows[$i]["Drops6"];
    }
    $data = array();
    $data[0] = $name;
    $data[1] = $genus;
    $data[2] = $type;
    $data[3] = $continent;
    $data[4] = $location;
    $data[5] = $lv;
    $data[6] = $drops0;
    $data[7] = $drops1;
    $data[8] = $drops2;
    $data[9] = $drops3;
    $data[10] = $drops4;
    $data[11] = $drops5;
    $data[12] = $drops6;
    return $data;
}
Example #18
0
 /**
  * Object constructor.
  *
  * @param mixed $result    Resource returned by db::query or mysqli_query
  * @param callable $mapper Optional callback mapper for the fetch method
  */
 public function __construct(\MySQLi_Result $result, $mapper = null)
 {
     $this->result = $result;
     $this->row = 0;
     $this->mapper = $mapper;
     $this->num_rows = mysqli_num_rows($result);
 }
Example #19
0
 public function getRecordList($page)
 {
     if (is_null($page)) {
         $page = 0;
     }
     $page = mysqli_real_escape_string(parent::getDb(), $page);
     $qRecord = mysqli_real_escape_string(parent::getDb(), $this->qRecord);
     $qBand = mysqli_real_escape_string(parent::getDb(), $this->qBand);
     $qGenre = mysqli_real_escape_string(parent::getDb(), $this->qGenre);
     $qPerformer = mysqli_real_escape_string(parent::getDb(), $this->qPerformer);
     $start_index = $page * NUM_OF_RESULTS;
     if ($qPerformer === '') {
         $query = "SELECT DISTINCT record.record_id, record.record_name, \n \t\t\t\trecord.record_artwork, band.band_name \n\t\t\t\tFROM record\n\t\t\t\tLEFT OUTER JOIN band\n\t\t\t\tON record.band_id = band.band_id\n\t\t\t\tLEFT OUTER JOIN genre\n\t\t\t\tON record.genre_id = genre.genre_id\n\t\t\t\tWHERE record.record_name LIKE '%{$qRecord}%' AND COALESCE(genre.genre_name,'') LIKE '%{$qGenre}%'\n\t\t\t\tAND band.band_name LIKE '%{$qBand}%' \n\t\t\t\tORDER BY record.record_id";
     } else {
         $query = "SELECT DISTINCT record.record_id, record.record_name, \n \t\t\t\trecord.record_artwork, band.band_name \n\t\t\t\tFROM record\n\t\t\t\tLEFT OUTER JOIN band\n\t\t\t\tON record.band_id = band.band_id\n\t\t\t\tLEFT OUTER JOIN genre\n\t\t\t\tON record.genre_id = genre.genre_id\n\t\t\t\tLEFT OUTER JOIN bandmate\n\t\t\t\tON record.band_id = bandmate.band_id\n\t\t\t\tLEFT OUTER JOIN performer\n\t\t\t\tON bandmate.performer_id = performer.performer_id\n\t\t\t\tWHERE  record.record_name LIKE '%{$qRecord}%' AND COALESCE(genre.genre_name,'') LIKE '%{$qGenre}%' \n\t\t\t\tAND band.band_name LIKE '%{$qBand}%' \n\t\t\t\tAND performer.performer_name LIKE '%{$qPerformer}%'\n\t\t\t\tORDER BY record.record_id";
     }
     $countRows = mysqli_query(parent::getDb(), $query);
     $this->countResults = mysqli_num_rows($countRows);
     $result = mysqli_query(parent::getDb(), $query . " DESC LIMIT {$start_index}, " . NUM_OF_RESULTS);
     $list = null;
     if ($result) {
         while ($data = $result->fetch_assoc()) {
             $list[] = $data;
         }
     }
     if (sizeof($list) !== 0) {
         $this->foundResults = true;
     } else {
         $this->foundResults = false;
     }
     return isset($list) ? $list : null;
 }
Example #20
0
function query($SQL, $select = false)
{
    static $CONFIG = ['server' => 'localhost', 'username' => 'root', 'password' => 'root', 'database' => 'wt'];
    static $connection;
    if (!isset($connection)) {
        // Create connection
        $connection = mysqli_connect($CONFIG['server'], $CONFIG['username'], $CONFIG['password'], $CONFIG['database']);
        if (!$connection) {
            die('Could not connect to database!');
        }
    }
    if ($select) {
        // IS A SELECT QUERY, RETURN ARRAY
        $results = mysqli_query($connection, $SQL);
        $toReturn = [];
        if (mysqli_num_rows($results) > 0) {
            while ($result = mysqli_fetch_assoc($results)) {
                array_push($toReturn, $result);
            }
        }
        return $toReturn;
    } else {
        // RETURN BOOL
        if (mysqli_query($connection, $SQL)) {
            return true;
        } else {
            return false;
        }
    }
    // Execute SQL
}
Example #21
0
function check_login($dbc, $name = '', $password = '')
{
    $errors = array();
    if (empty($name)) {
        $errors[] = 'you forget to input your ID';
    } else {
        $e = mysqli_real_escape_string($dbc, trim($name));
    }
    if (empty($password)) {
        $errors[] = 'you forget to input your password';
    } else {
        $p = mysqli_real_escape_string($dbc, trim($password));
    }
    if (empty($errors)) {
        $q = "SELECT name FROM Manager where name= '{$e}' AND Cro = '{$p}'";
        $r = mysqli_query($dbc, $q);
        if (mysqli_num_rows($r) == 1) {
            $row = mysqli_fetch_array($r, MYSQLI_ASSOC);
            return array(ture, $row);
        } else {
            $errors[] = 'your name OR password did not match!';
        }
    }
    return array(false, $errors);
}
Example #22
0
 function login($username, $password)
 {
     $sql = mysqli_query($this->connect, "SELECT * FROM `register` WHERE `username`='{$username}' and `password`='{$password}'") or die(mysqli_error());
     if (mysqli_num_rows($sql) > 0) {
         return true;
     }
 }
Example #23
0
 public function addUpdate($title, $body, $target, $source)
 {
     $con = $this->connect();
     $title = mysqli_real_escape_string($con, $title);
     $body = mysqli_real_escape_string($con, $body);
     $target = mysqli_real_escape_string($con, $target);
     $source = mysqli_real_escape_string($con, $source);
     $query = "INSERT INTO news VALUES(null, '{$title}', '{$body}','{$target}', NOW(),'{$source}')";
     $res = mysqli_query($con, $query) or die("Couldn't execute query: " . mysqli_error($con));
     if ($res) {
         $id = mysqli_insert_id($con);
         $query = "SELECT * FROM news WHERE id = {$id}";
         $update = mysqli_query($con, $query);
         if (mysqli_num_rows($update) > 0) {
             $rows = array();
             while ($row = mysqli_fetch_array($update, MYSQLI_ASSOC)) {
                 $rows[] = $row;
             }
             return $rows;
         } else {
             return false;
         }
     } else {
         return false;
     }
     $this->close();
 }
Example #24
0
function venda($conn, $idUsuario, $idCliente)
{
    $data = date('Y-m-d h:m:s');
    $statusVenda = '1';
    /*
        statusVenda (0) =  cancelada
        statusVenda (1) =  aberda
        statusVenda (2) =  concluida
    */
    $sqlVenda = "SELECT * FROM venda WHERE id_usuario='{$idUsuario}' AND id_cliente='{$idCliente}'";
    //
    $sVenda = mysqli_query($conn, $sqlVenda);
    if (!mysqli_num_rows($sVenda)) {
        /* Verificando a existencia dessa venda, relacao funcionario cliente */
        $insert_pedido = "INSERT INTO venda (id_usuario, data, id_cliente, statusVenda) VALUE\n                    ('{$idUsuario}', '{$data}', '{$idCliente}', '{$statusVenda}')";
        mysqli_query($conn, $insert_pedido);
        $idVenda = mysqli_insert_id($conn);
        /* ID referente a esta venda */
    } else {
        /* --- Encontrar o id relacionado a essa venda */
        $sql = "SELECT idVenda FROM venda WHERE id_cliente='{$idCliente}' AND id_usuario='{$idUsuario}'";
        $query = mysqli_query($conn, $sql);
        $getId = mysqli_fetch_array($query);
        $idVenda = $getId['idVenda'];
    }
    return $idVenda;
}
Example #25
0
function getstockprice()
{
    global $con;
    $sql = "SELECT ROUND(current_stock_price, 1) as ct , ROUND(last_stock_price, 1) as lt from stocks";
    $query = mysqli_query($con, $sql);
    if (!$query && !mysqli_num_rows($query)) {
        throw new Exception('Error in SQL');
    }
    $i = 1;
    $ret = array();
    while ($row = mysqli_fetch_assoc($query)) {
        if ($row['ct'] > $row['lt']) {
            $direction = 'up';
            $color = 'green';
        } else {
            $direction = 'down';
            $color = 'red';
        }
        $arr[$i] = array($row['ct'], $direction, $color);
        array_push($ret, $arr[$i]);
        $i++;
    }
    mysqli_close($con);
    return $ret;
}
function connexion()
{
    try {
        //si le login et le mdp existent
        if (isset($_POST["login"]) && isset($_POST["mdp"])) {
            // récupération sécurisée du mdp et du login dans des variables
            $login = htmlspecialchars(addslashes(trim(strtoupper($_POST['login']))));
            $password = htmlspecialchars(addslashes(trim(md5($_POST['mdp']))));
            $_SESSION['login'] = $login;
            $query = "SELECT COL_NO, TAU_NO, COL_NOM, COL_PRENOM, COL_MNEMONIC FROM COLLABORATEUR WHERE COL_MNEMONIC='" . $login . "' AND (COL_PASSWORD='******' OR COL_PASS_ALL='" . $password . "')";
            $result = $GLOBALS['connexion']->query($query);
            if (mysqli_num_rows($result) == 1) {
                $connection = true;
                $row = $result->fetch_assoc();
                $_SESSION['col_id'] = $row['COL_NO'];
                $_SESSION['accreditation'] = $row['TAU_NO'];
                $_SESSION['nom'] = $row['COL_NOM'];
                $_SESSION['prenom'] = $row['COL_PRENOM'];
                $_SESSION['mnemonic'] = $row['COL_MNEMONIC'];
                header("Location: accueil.php");
                //header ("Location: accueil_bloque.php");
            } else {
                $_SESSION = array();
                session_destroy();
                return '<script>alert("Identifiant et/ou mot de passe incorrect");</script>';
            }
        } else {
            $connection = false;
        }
    } catch (Exception $e) {
        // message en cas d'erreur
        die('Erreur : ' . $e->getMessage());
    }
    return '';
}
Example #27
0
function login($user, $pass)
{
    $con = new db();
    $conc = $con->c();
    $kcook = intval($_POST["remember"]);
    $q = mysqli_query($conc, "SELECT `id`,`user`,`name`,`email`,`img1`,`img2`,`img3`,`bgcolor` FROM `users` WHERE (`user` = '{$user}' OR `email` ='{$user}') AND pass = '******'");
    if (mysqli_num_rows($q) == 1) {
        $r = mysqli_fetch_array($q);
        setcookie("u", $r[1], time() + 52 * 60 * 60 * 24 * 7);
        $_SESSION["uid"] = $r[0];
        $_SESSION["user"] = $r[1];
        $_SESSION["name"] = $r[2];
        $_SESSION["email"] = $r[3];
        $_SESSION["p"] = $pass;
        $_SESSION["color"] = $r[7];
        $_SESSION["img1"] = $r[4];
        $_SESSION["img2"] = $r[5];
        $_SESSION["img3"] = $r[6];
        $_SESSION["ula"] = md5("{$r['1']} {$pass} {$r['0']}");
        $con->close_db_con($conc);
        if ($kcook == 1) {
            setcookie("u", $r[1], time() + 2 * 60 * 60 * 24 * 7);
            setcookie("p", $pass, time() + 2 * 60 * 60 * 24 * 7);
        }
        return true;
    } else {
        return false;
    }
}
Example #28
0
function login2($user, $pass)
{
    $con = new db();
    $conc = $con->c();
    $kcook = intval($_POST["remember"]);
    $q = mysqli_query($conc, "SELECT `id`,`user`,`name`,`email`,`img1`,`img2`,`img3`,`bgcolor` FROM `users` WHERE (`user` = '{$user}' OR `email` ='{$user}') AND pass = '******'");
    if (mysqli_num_rows($q) == 1) {
        $r = mysqli_fetch_array($q);
        setcookie("u", $r[1], time() + 52 * 60 * 60 * 24 * 7, "/");
        $_SESSION["uid"] = $r[0];
        $_SESSION["user"] = $r[1];
        $_SESSION["name"] = $r[2];
        $_SESSION["email"] = $r[3];
        $_SESSION["p"] = $pass;
        $_SESSION["color"] = $r[7];
        $_SESSION["img1"] = $r[4];
        $_SESSION["img2"] = $r[5];
        $_SESSION["img3"] = $r[6];
        $_SESSION["ula"] = md5("{$r['1']} {$pass} {$r['0']}");
        $con->close_db_con($conc);
        if (!valid_name($_SESSION["user"])) {
            $_SESSION["set_user"] = "******";
            header("location: ./?settings");
        } else {
            if ($kcook == 1) {
                setcookie("um", $r[1], time() + 52 * 60 * 60 * 24 * 7, "/");
                setcookie("pm", $pass, time() + 52 * 60 * 60 * 24 * 7, "/");
            }
            return true;
        }
    } else {
        return false;
    }
}
function login($username, $passwd)
{
    //check username and password with db
    //if yes return true
    //else throw exception
    //connect to db
    include 'db_fns.php';
    if (!$conn) {
        die . mysqli_error();
    } else {
        $username = $_POST['username'];
        $passwd = $_POST['passwd'];
        $username = stripslashes($username);
        $passwd = stripslashes($passwd);
        $username = mysqli_real_escape_string($conn, $username);
        $passwd = mysqli_real_escape_string($conn, $passwd);
        //check if username is unique
        $result = mysqli_query($conn, "SELECT username, passwd FROM usertable WHERE username='******' AND passwd=sha1( '" . $passwd . "') ") or die("Query failed." . mysqli_error());
        $row = mysqli_num_rows($result);
        if ($row == 1) {
            session_start();
            $_SESSION['valid_user'] = $username;
            ob_end_clean();
            header("Location: member.php");
            exit;
        } else {
            die('Could not log you in. Username invalid.');
            do_html_URL('index.php', 'Login');
            exit;
        }
    }
}
Example #30
-1
 /**
  * This method will handle user login process
  * @param array $data
  * @return boolean true or false based on success or failure
  */
 public function login(array $data)
 {
     $_SESSION['logged_in'] = false;
     if (!empty($data)) {
         // Trim all the incoming data:
         $trimmed_data = array_map('trim', $data);
         // escape variables for security
         $email = mysqli_real_escape_string($this->_con, $trimmed_data['email']);
         $password = mysqli_real_escape_string($this->_con, $trimmed_data['password']);
         if (!$email || !$password) {
             throw new Exception(LOGIN_FIELDS_MISSING);
         }
         $password = md5($password);
         $query = "SELECT id, name, email, created FROM users where email = '{$email}' and password = '******' ";
         $result = mysqli_query($this->_con, $query);
         $data = mysqli_fetch_assoc($result);
         $count = mysqli_num_rows($result);
         mysqli_close($this->_con);
         if ($count == 1) {
             $_SESSION = $data;
             $_SESSION['logged_in'] = true;
             return true;
         } else {
             throw new Exception(LOGIN_FAIL);
         }
     } else {
         throw new Exception(LOGIN_FIELDS_MISSING);
     }
 }