public function getMainNavigation()
{
$d = new Database();
$d->open('hacker_blog');
$sql = "SELECT * FROM navigation ";
if ($this->type == 'private') {
$sql .= " WHERE public = 0 ";
} else {
$sql .= " WHERE private = 1 ";
}
$s = $d->q($sql);
if ($s && $d->numrows() >= 1) {
$arr = array();
while ($r = $d->mfa()) {
//print_r($r);
array_push($arr, $r);
}
$this->messages = array("success" => "Found Navigation");
$this->current = $arr;
return $arr;
$d->close();
} else {
$this->messages = array("error" => "Could not Find Navigation");
$d->close();
return false;
}
}
protected function cleanAndPost()
{
for ($n = 0; $n < count($this->message_information); $n++) {
//clean left and white white space, escape the string for the Database
$this->message_information[$n] = Sanitize::prepForDatabase(Sanitize::clearWhiteSpaceLR($this->message_information[$n]));
}
$d = new Database();
$d->open('hacker_blog');
//check for duplicates
$chx = $d->q("SELECT * FROM user_messages WHERE user_messages.message = '{$this->message_information[2]}'");
if ($chx && $d->numrows() <= 0) {
// id in the messages field is for the user's uid or user_id, depending on how you are moving forward with your code
$s = $d->q("INSERT into user_messages\n\t\t\t\t \t\t(user_message_id,first_name,last_name,id,message,type,added_on) VALUES\n\t\t\t\t\t\t(NULL,'{$this->message_information[0]}','{$this->message_information[1]}',NULL,'{$this->message_information[2]}','{$this->type}',now())");
if ($s) {
//echo 'made it through gauntlet. Added info into Database.';
$this->passed = true;
} else {
$this->passed = false;
}
} else {
//echo 'You have already made a comment like this.';
$this->passed = false;
}
$d->close();
//print_r($this->message_information);
}
function extendAuthentication($ticket)
{
$db = new Database('tazapi');
$db->open();
$dateTime = new DateTime('+1 hour', new DateTimeZone('Europe/Vilnius'));
$expires = $dateTime->format('Y-m-d H:i:s');
$sql = "UPDATE tickets SET expires='" . $expires . "' WHERE ticket = '" . $ticket . "';";
$db->conn()->query($sql);
$db->close();
}
public function getPage($id = null)
{
if (is_int($id)) {
$this->page_id = $id;
}
$d = new Database();
$d->open('hacker_blog');
$s = $d->q("SELECT * FROM pages WHERE id = '{$this->page_id}'");
if ($s && $d->numrows() >= 1) {
return $d->mfa();
$d->close();
} else {
return false;
}
}
function getCategories()
{
@($user = $_SESSION[SESSION_USER_ID]);
@($foreignLng = $_SESSION[SESSION_FOREIGN_LANG]);
$db = new Database();
$db->open();
// TODO validation
$arrCategory = array();
$sql = sprintf("SELECT cat.id, cat.name FROM `%s` cat INNER JOIN `%s` us_cat ON cat.id = us_cat.category WHERE us_cat.user = %d AND us_cat.foreign_language = %d ORDER BY category_order", CATEGORIES, USERS_CATEGORIES_LANGUAGES, $user, $foreignLng);
$queryCategories = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_row($queryCategories)) {
$arrCategory[$row[0]] = $row[1];
}
$db->close();
return $arrCategory;
}
public function getMainNavigation()
{
$d = new Database();
$d->open('hacker_blog');
$s = $d->q("SELECT * FROM navigation");
if ($s) {
$r = $d->mfa();
$this->messages = array("success" => "Found Navigation");
$d->close();
return $r;
} else {
$this->messages = array("error" => "Could not Find Navigation");
$d->close();
return false;
}
}
function login($user, $pass)
{
$db = new Database();
$id = null;
$foreign = null;
$db->open();
$sql = sprintf("SELECT us.id FROM `%s` as us WHERE us.user = '******' AND us.password = '******'", USERS, $user, $pass);
$query = mysql_query($sql) or die(mysql_error() . "<br>SQL: {$sql}");
if ($row = mysql_fetch_row($query)) {
$id = $row[0];
$sql = sprintf("SELECT us_lan.foreign_language FROM `%s` as us_lan WHERE us_lan.user = '******'", USERS_CATEGORIES_LANGUAGES, $id);
$query = mysql_query($sql) or die(mysql_error() . "<br>SQL: {$sql}");
$row = mysql_fetch_row($query);
$foreign = $row[0];
}
$db->close();
return array($id, $foreign);
}
public function createBlogPost($title = null, $body = null)
{
$this->title = (string) $title;
$this->body = (string) $body;
//$this->title = Sanitize::sanitize_string($this->title);
//$this->body = Sanitize::sanitize_string($this->body);
// add database method to push into Database
// mysql_real_escape_string (php.net for use examples)
$d = new Database();
$d->open('hacker_blog');
//$d = new Database();
//$d->setDB('hacker_blog');
$s = $d->q("INSERT INTO blog_entries (blog_id,user_id,blog_title,blog_created_at,blog_updated_at,blog_body) VALUES (NULL,1,'{$this->title}',now(),now(),'{$this->body}');");
$d->close();
if ($s) {
return true;
} else {
return false;
}
}
public function readBlogPost($start = 0, $end = 5, $post_id = null, $order = null)
{
$d = new Database();
$d->open('hacker_blog');
$sql = "SELECT * FROM blog_entries ";
if (is_int($post_id)) {
$sql .= " WHERE blog_id = '{$post_id}' ";
}
if (is_string($order)) {
$sql .= " ORDER BY {$order} ";
}
$sql .= " LIMIT {$start}, {$end}";
//
$s = $d->q($sql);
if ($s && $d->numrows() >= 1) {
$posts = array();
while ($r = $d->mfa()) {
array_push($posts, $r);
}
return $posts;
} else {
return false;
}
}
function addItem($nameItem, $translationItem, $categoryItem)
{
@($user = $_SESSION[SESSION_USER_ID]);
@($foreignLng = $_SESSION[SESSION_FOREIGN_LANG]);
$nameItem = htmlentities($nameItem);
$translationItem = htmlentities($translationItem);
if ($nameItem && $translationItem && $categoryItem) {
$db = new Database();
$db->open();
// TODO validation
$sql = sprintf("INSERT INTO `%s` (`item`, `translation`, `category`) VALUES ('%s', '%s', %d)", LANGUAGE_ITEMS, $nameItem, $translationItem, $categoryItem);
$queryInsert = mysql_query($sql) or die(mysql_error());
$ok = $queryInsert && mysql_affected_rows() == 1;
$db->close();
} else {
$ok = false;
}
return $ok;
}
<?php
require_once '../blog/includes/session.php';
require_once '../blog/classes/clsDatabase.php';
require_once '../blog/classes/clsSanitize.php';
if ($_POST['login']) {
//print_r($_POST);
// sanitize
$login = Sanitize::clearWhiteSpaceLR($_POST['login']);
//$password = Sanitize::clearWhiteSpaceLR($_POST['password']);
$password = strtolower(Sanitize::clearWhiteSpaceLR($_POST['password']));
//echo $login.' '.$password;
// test if in Database as well
$d = new Database();
$d->open('hacker_blog');
$s = $d->q("SELECT * FROM user WHERE user.username = '******' AND user.password = sha1('{$password}') LIMIT 0,1");
if ($s && $d->numrows() > 0) {
//mysql fetch assoc
$info = $d->mfa();
//print_r($info);
//$info = associative array
$_SESSION['loggedin'] = true;
// concat first and last name
$name = $info['user_first_name'] . ' ' . $info['user_last_name'];
//echo "NAME: $name";
$_SESSION['loggedin'] = true;
$_SESSION['user_full_name'] = $name;
$_SESSION['user_quick_name'] = $info['user_first_name'];
$_SESSION['user_id'] = $info['id'];
//echo '<a href="/week_eight/secret_loggedin_area.php">Manual Override</a>';
header("Location: /week_eight/secret_loggedin_area.php");
function error_handler($errorno, $string, $file, $line)
{
if ($errorno != 2048 && $errorno != 8) {
// E_STRICT & E_NOTICE && $errorno != 8
return compile_error($string, $file, $line);
}
}
set_error_handler("error_handler");
/**
* Get all of the settings into one big array
*/
/* Get the configuration options */
global $_CONFIG;
/* Get the database Object and set it to a global */
error::reset();
$_DBA =& Database::open($_CONFIG['dba']);
if (error::grab()) {
return critical_error();
}
$GLOBALS['_DBA'] =& $_DBA;
/*
$query = "";
foreach(explode("\r\n", $query) as $q)
if($q != '')
$_DBA->executeUpdate($q);
exit;
*/
/**
* Create some cache files to reduce queries, but only if it needs to be re/created
*/
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] =& $process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
// processing page
Session::start();
Database::open();
// define current module
$modules_codes_list = array_keys($g_modules);
$g_current_module = $modules_codes_list[0];
if (isset($_GET['module']) && in_array($_GET['module'], $modules_codes_list)) {
$g_current_module = $_GET['module'];
}
// define current action
$g_actions = $g_modules[$g_current_module]['actions'];
$actions_codes_list = array_keys($g_actions);
$g_current_action = $actions_codes_list[0];
if (isset($_GET['action']) && in_array($_GET['action'], $actions_codes_list)) {
$g_current_action = $_GET['action'];
}
$g_method = $_SERVER['REQUEST_METHOD'];
if ($g_method == 'GET') {
return $app->abort(404);
}
});
$app->post('/eventos/{id}', function ($id, Request $request) use($app) {
$evento = json_decode($request->getContent());
$db = Database::open();
if ($evento->id == 0) {
$r = $db->executeUpdate('INSERT INTO eventos(nome, estado, cidade) VALUES(?, ?, ?)', array($evento->nome, $evento->estado, $evento->cidade));
$evento->id = $db->lastInsertId();
} else {
$r = $db->executeUpdate('UPDATE eventos SET nome = ?, estado = ?, cidade = ? WHERE id = ?', array($evento->nome, $evento->estado, $evento->cidade, $evento->id));
}
return $app->json(array('data' => $evento));
});
$app->delete('/eventos/{id}', function ($id) use($app) {
$db = Database::open();
$r = $db->executeUpdate('DELETE FROM eventos WHERE id = ?', array($id));
return $app->json(array('data' => $r));
});
$app->post('/login', function (Request $request) use($app) {
$vars = json_decode($request->getContent(), true);
try {
if (empty($vars['_username']) || empty($vars['_password'])) {
throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $vars['_username']));
}
/**
* @var $user User
*/
$user = $app['users']->loadUserByUsername($vars['_username']);
if (!$app['security.encoder.digest']->isPasswordValid($user->getPassword(), $vars['_password'], '')) {
throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $vars['_username']));
<?php
// here is a helpful controller file
// we can use this to help us create a much better experience for ourselves!
$basic = "Hero";
$data = new Database();
$data->open('phpclass');
$user_data = $data->q("SELECT * FROM users");
//Resource ID
$resource = $data->getResource();
$r = $data->mfa($user_data);
$data->close();
// used to call a function and get a result, yeah.
//print_r($r);
function CallHook($hookname, $params)
{
global $use_mediawikiplugin, $G_SESSION, $HTML;
if (isset($params['group_id'])) {
$group_id = $params['group_id'];
} elseif (isset($params['group'])) {
$group_id = $params['group'];
} else {
$group_id = null;
}
if ($hookname == "outermenu") {
$params['TITLES'][] = 'MediaWiki';
$params['DIRS'][] = '/mediawiki';
} elseif ($hookname == "usermenu") {
$text = $this->text;
// this is what shows in the tab
if ($G_SESSION->usesPlugin("mediawiki")) {
echo ' | ' . $HTML->PrintSubMenu(array($text), array('/mediawiki/index.php?title=User:'******'TITLES'][] = $this->text;
$params['DIRS'][] = '/plugins/mediawiki/index.php?group_id=' . $project->getID();
}
$params['toptab'] == $this->name ? $params['selected'] = count($params['TITLES']) - 1 : '';
} elseif ($hookname == "groupisactivecheckbox") {
//Check if the group is active
// this code creates the checkbox in the project edit public info page to activate/deactivate the plugin
$group =& group_get_object($group_id);
echo "<tr>";
echo "<td>";
echo ' <input type="CHECKBOX" name="use_mediawikiplugin" value="1" ';
// CHECKED OR UNCHECKED?
if ($group->usesPlugin($this->name)) {
echo "CHECKED";
}
echo "><br/>";
echo "</td>";
echo "<td>";
echo "<strong>Use " . $this->text . " Plugin</strong>";
echo "</td>";
echo "</tr>";
} elseif ($hookname == "groupisactivecheckboxpost") {
// this code actually activates/deactivates the plugin after the form was submitted in the project edit public info page
$group =& group_get_object($group_id);
$use_mediawikiplugin = getStringFromRequest('use_mediawikiplugin');
if ($use_mediawikiplugin == 1) {
$group->setPluginUse($this->name);
} else {
$group->setPluginUse($this->name, false);
}
} elseif ($hookname == "userisactivecheckbox") {
//check if user is active
// this code creates the checkbox in the user account manteinance page to activate/deactivate the plugin
$user = $params['user'];
echo "<tr>";
echo "<td>";
echo ' <input type="CHECKBOX" name="use_mediawikiplugin" value="1" ';
// CHECKED OR UNCHECKED?
if ($user->usesPlugin($this->name)) {
echo "CHECKED";
}
echo "> Use " . $this->text . " Plugin";
echo "</td>";
echo "</tr>";
} elseif ($hookname == "userisactivecheckboxpost") {
// this code actually activates/deactivates the plugin after the form was submitted in the user account manteinance page
$user = $params['user'];
$use_mediawikiplugin = getStringFromRequest('use_mediawikiplugin');
if ($use_mediawikiplugin == 1) {
$user->setPluginUse($this->name);
} else {
$user->setPluginUse($this->name, false);
}
echo "<tr>";
echo "<td>";
echo ' <input type="CHECKBOX" name="use_mediawikiplugin" value="1" ';
// CHECKED OR UNCHECKED?
if ($user->usesPlugin($this->name)) {
echo "CHECKED";
}
echo "> Use " . $this->text . " Plugin";
echo "</td>";
echo "</tr>";
} elseif ($hookname == "user_personal_links") {
// this displays the link in the user's profile page to it's personal MediaWiki (if you want other sto access it, youll have to change the permissions in the index.php
$userid = $params['user_id'];
$user = user_get_object($userid);
$text = $params['text'];
//check if the user has the plugin activated
if ($user->usesPlugin($this->name)) {
echo ' <p>';
echo util_make_link("/plugins/helloworld/index.php?id={$userid}&type=user&pluginname=" . $this->name, _('View Personal MediaWiki'));
echo '</p>';
}
} elseif ($hookname == "project_admin_plugins") {
// this displays the link in the project admin options page to it's MediaWiki administration
$group_id = $params['group_id'];
$group =& group_get_object($group_id);
if ($group->usesPlugin($this->name)) {
echo util_make_link("/plugins/projects_hierarchy/index.php?id=" . $group->getID() . '&type=admin&pluginname=' . $this->name, _('View the MediaWiki Administration'));
echo '</p>';
}
} elseif ($hookname == "session_before_login") {
$loginname = $params['loginname'];
$passwd = $params['passwd'];
if (!session_login_valid_dbonly($loginname, $passwd, false)) {
return;
}
$u = user_get_object_by_name($loginname);
define('MEDIAWIKI', true);
if (is_file('/var/lib/mediawiki/LocalSettings.php')) {
require_once '/var/lib/mediawiki/LocalSettings.php';
} elseif (is_file('/var/lib/mediawiki1.10/LocalSettings.php')) {
require_once '/var/lib/mediawiki1.10/LocalSettings.php';
} else {
return 1;
}
if (is_dir('/usr/share/mediawiki')) {
$mw_share_path = "/usr/share/mediawiki";
} elseif (is_dir('/usr/share/mediawiki1.10')) {
$mw_share_path = "/usr/share/mediawiki1.10";
} else {
return 1;
}
require_once $mw_share_path . '/includes/Defines.php';
require_once $mw_share_path . '/includes/Exception.php';
require_once $mw_share_path . '/includes/GlobalFunctions.php';
require_once $mw_share_path . '/StartProfiler.php';
require_once $mw_share_path . '/includes/Database.php';
$mwdb = new Database();
$mwdb->open($wgDBserver, $wgDBuser, $wgDBpassword, $wgDBname);
$sql = "select count(*) from user where user_name=?";
$res = $mwdb->safeQuery($sql, ucfirst($loginname));
$row = $mwdb->fetchRow($res);
if ($row[0] == 1) {
$sql = "update user set user_password=?, user_email=?, user_real_name=? where user_name=?";
$res = $mwdb->safeQuery($sql, md5($passwd), $u->getEmail(), $u->getRealName(), array(ucfirst($loginname)));
} else {
$sql = "insert into user (user_name, user_real_name, user_password, user_email, user_options) values (?, ?, ?, ?, ?)";
$res = $mwdb->safeQuery($sql, array(ucfirst($loginname), $u->getRealName(), md5($passwd), $u->getEmail(), "skin=gforge\ncols=80\nrows=25"));
}
} elseif ($hookname == "blahblahblah") {
// ...
}
}
