public function getEntityCountForList($listId) { $query = 'select count(*) from entityList EL inner join entityListItem ELI on EL.id =ELI.entityListId'; $query .= ' where EL.entity="product" and EL.id=' . Database::queryNumber($listId) . ' and EL.tenantid=' . Database::queryNumber($this->tenantid) . ';'; $data = Database::executeQuery($query); if ($data->num_rows == 0) { //no match found. return 0; } else { $r = mysqli_fetch_row($data); return $r[0]; } }
protected function getEntityCountQuery($filters) { // override base to allow searching for features by the following: // author (or authorid), same result $where = ''; if (array_key_exists('news', $filters)) { $where = ' and isNewsItem=1'; } if (array_key_exists('author', $filters)) { // use author $where = ' and author = ' . Database::queryNumber($filters['author']); } elseif (array_key_exists('authorid', $filters)) { // use author $where = ' and author = ' . Database::queryNumber($filters['authorid']); } $query = 'select count(*) from ' . lcfirst($this->getName()) . ' where tenantid=' . $this->tenantid . $where; return $query; }
protected function getEntitiesQuery($filters, $return, $offset) { $name = null; $description = null; if (isset($filters["locationid"])) { $query = "call getMediaByLocationId(" . Database::queryNumber($filters["locationid"]) . "," . Database::queryNumber($this->tenantid) . "," . Database::queryNumber($this->userid) . ");"; return $query; } else { if (isset($filters["name"])) { $name = $filters["name"]; } if (isset($filters["description"])) { $description = $filters["description"]; } $query = "call getMediaItemsEx(" . Database::queryString($name) . "," . Database::queryString($description) . "," . Database::queryNumber($this->tenantid) . "," . Database::queryNumber($this->userid) . "," . Database::queryNumber($return) . "," . Database::queryNumber($offset) . ");"; return $query; } }
public function setTenantAccess($data) { // TO DO: 1. remove all exiting tenants // 2. cycle through $data and add access to each tenant specified $queries = array("call removeTenantUsers(" . $this->id . ");"); $tenants = $data->{'tenants'}; foreach ($tenants as $tenant) { $query = "call addTenantUserRole(" . Database::queryNumber($this->id) . "," . Database::queryNumber($tenant->{'tenantid'}) . "," . Database::queryString($tenant->{'role'}) . ");"; array_push($queries, $query); } Database::executeQueriesInTransaction($queries); }
protected function getEntitiesQuery($filters, $return, $offset) { // override default since we don't need tenantID on this one. $query = 'call getTenants(' . Database::queryNumber($this->userid) . ', ' . Database::queryNumber($return) . ', ' . Database::queryNumber($offset) . ');'; return $query; }
* get parameters are: * collection: name of the pageCollection to update (e.g. 'home') * pageid: id of the page * sort: new sort/sequence number for the page */ include_once dirname(__FILE__) . '/../partials/pageCheck.php'; include_once dirname(__FILE__) . '/../classes/utility.php'; include_once dirname(__FILE__) . '/../classes/service.php'; if ($_SERVER['REQUEST_METHOD'] == "POST") { $collection = Utility::getRequestVariable("collection", ""); $pageid = Utility::getRequestVariable("pageid", ""); $sort = Utility::getRequestVariable("sort", ""); if ($collection == "") { Service::returnError('collection parameter is required.'); } if ($pageid == "") { Service::returnError('pageid parameter is required.'); } if ($sort == "") { Service::returnError('sort parameter is required.'); } if (!$user->hasRole('admin', $tenantID)) { Service::returnError('Access denied.', 403); } $query = "call setPageSortOrderForCollection(" . Database::queryString($collection) . "," . Database::queryNumber($pageid) . "," . Database::queryNumber($sort) . "," . Database::queryNumber($tenantID) . ");"; Database::executeQuery($query); $json = '{"success":true}'; Service::returnJSON($json); } else { Service::returnError('Unsupported HTTP method.'); }
public function updatepassword($pass) { $secure_pass = generateHash($pass); $query = "UPDATE user SET password = " . Database::queryString($secure_pass) . ' WHERE id = ' . Database::queryNumber($this->id); return Database::executeQuery($query); }
include_once dirname(__FILE__) . '/../partials/pageCheck.php'; include_once dirname(__FILE__) . '/../classes/database.php'; include_once dirname(__FILE__) . '/../classes/utility.php'; include_once dirname(__FILE__) . '/../classes/service.php'; if ($_SERVER['REQUEST_METHOD'] == "POST") { $event = Utility::getRequestVariable('event', 'unknown event'); $entityType = Utility::getRequestVariable('entityType', 'unknown entity'); $entityId = Utility::getRequestVariable('entityId', 0); $query = "INSERT INTO event (event,entityType,entityId,userId,sessionId,tenantId) values ("; $query .= Database::queryString($event); $query .= ',' . Database::queryString($entityType); $query .= ',' . Database::queryNumber($entityId); $query .= ',' . Database::queryNumber($userID); $query .= ',' . Database::queryString(session_id()); $query .= ',' . Database::queryNumber($tenantID); $query .= ")"; $errorMsg = ''; try { Database::executeQuery($query); } catch (Exception $ex) { $errorMsg = $ex->getMessage(); } if (strlen($errorMsg) > 0) { Service::returnError($errorMsg); } else { Service::returnJSON('{result: true}'); } } else { echo "Unsupported HTTP method."; }
// to do: add more data validations Utility::debug('Updating location', 5); $query = "call updateLocation(" . Database::queryString($data->{'id'}); $query .= "," . Database::queryString($data->{'name'}); $query .= "," . Database::queryString($data->{'address'}); $query .= "," . Database::queryString($data->{'city'}); $query .= "," . Database::queryString($data->{'state'}); $query .= "," . Database::queryString($data->{'phone'}); $query .= "," . Database::queryString($data->{'url'}); $query .= "," . Database::queryString($data->{'imageurl'}); $query .= "," . Database::queryNumber($data->{'latitude'}); $query .= "," . Database::queryNumber($data->{'longitude'}); $query .= "," . Database::queryString($data->{'shortdescription'}); $query .= "," . Database::queryString($data->{'googleReference'}); $query .= "," . Database::queryString($data->{'googlePlacesId'}); $query .= "," . Database::queryNumber($data->{'tenantid'}); $query .= ')'; try { $result = Database::executeQuery($query); } catch (Exception $e) { $result = false; if ($debug > 0) { // don't reveal errors unless in debug mode $errMessage = $e->getMessage(); } else { $errMessage = 'Unknown error.'; } } if (!$result) { header(' ', true, 500); echo 'Unable to save location. ' . $errMessage;
function fetchData($originLat, $originLong, $destLat, $destLong, $maxDetour, $numToReturn, $filter, $tenantID, $userID) { // build query if (strlen($filter) > 0) { $query = "call getLocationsOnRouteByCategoryIdList("; } else { $query = "call getLocationsOnRoute("; } $query .= Database::queryNumber($originLat); $query .= ', ' . Database::queryNumber($originLong); $query .= ', ' . Database::queryNumber($destLat); $query .= ', ' . Database::queryNumber($destLong); $query .= ', ' . Database::queryNumber($maxDetour); $query .= ', ' . Database::queryNumber($numToReturn); $query .= ', ' . Database::queryNumber($tenantID); $query .= ', ' . Database::queryNumber($userID); if (strlen($filter) > 0) { $query .= ', ' . Database::queryString($filter); } $query .= ')'; $data = Database::executeQuery($query); return $data; }
} $response = '{"id":' . json_encode($newID) . "}"; Utility::debug('Endorsement added: ID=' . $newID, 5); header('Content-Type: application/json'); echo $response; } } else { // this is an existing record: update // to do: add data validations Utility::debug('Updating endorsement', 5); echo 'Unable to uodate endorsement: method is not yet implemented'; header(' ', true, 500); } } elseif ($_SERVER['REQUEST_METHOD'] == "DELETE") { $json = file_get_contents('php://input'); $data = json_decode($json); // to do: got to figure out how to secure this sucker $id = $data->{'id'}; if (!$id > 0) { echo 'Unable to delete endorsement: an ID is required'; header(' ', true, 400); die; } Utility::debug('Deleting endorsement id=' . $id, 5); $query = "call deleteLocationEndorsement(" . Database::queryNumber($id); $query .= "," . Database::queryNumber($tenantID); $query .= ')'; $result = Database::executeQuery($query); } else { echo "Unsupported HTTP method."; }
function getSavePropertySQL($id, $key, $value) { $tablename = lcfirst($this->getName()) . 'Property'; $idname = lcfirst($this->getName()) . 'id'; // key is a reserved word, making this a bit of a pain (hence appendeding table name) $query = 'insert into ' . $tablename . ' (' . $idname . ',' . $tablename . '.key,value)'; $query .= ' values (' . Database::queryNumber($id); $query .= ', ' . Database::queryString($key); $query .= ', ' . Database::queryString($value) . ');'; return $query; }
public static function getBatchStatus($id, $tenantid, $userid) { $query = 'call getBatchById(' . Database::queryNumber($id) . ',' . $tenantid . ',' . $userid . ')'; $result = Database::executeQuery($query); return $result; }
protected function getEntitiesQuery($filters, $return, $offset) { return "call getAssignments(" . Database::queryNumber($this->userid) . ',' . $return . ',' . $offset . ',' . $this->tenantid . ');'; }