protected function getEntitiesQuery($filters, $return, $offset)
{
$authorid = null;
$newsItems = null;
$status = null;
$extended = false;
if (array_key_exists('author', $filters)) {
// use author
$authorid = Database::queryNumber($filters['author']);
} elseif (array_key_exists('authorid', $filters)) {
// use author
$authorid = Database::queryNumber($filters['authorid']);
}
if (array_key_exists('news', $filters)) {
$newsItems = strtolower($filters['news']) == "true" || strtolower($filters['news']) == "yes";
}
if (array_key_exists('extended', $filters)) {
$extended = strtolower($filters['extended']) == "true" || strtolower($filters['extended']) == "yes";
}
if (array_key_exists('status', $filters)) {
$status = $filters['status'];
}
return 'call getFeaturesEx(' . Database::queryNumber($authorid) . ',' . Database::queryBoolean($newsItems) . ',' . Database::queryString($status) . ',' . Database::queryBoolean($extended) . ',' . $this->userid . ',' . $return . ',' . $offset . ',' . $this->tenantid . ');';
return $query;
}
public static function startSession($sessionid, $tenantid, $userid)
{
$session_info = "";
if (array_key_exists('HTTP_HOST', $_SERVER)) {
$session_info .= "HTTP_Host: " . $_SERVER['HTTP_HOST'];
}
if (array_key_exists('HTTP_REFERRER', $_SERVER)) {
$session_info .= "; HTTP_Referrer: " . $_SERVER['HTTP_REFERRER'];
}
if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
$session_info .= "; Remote_Addr: " . $_SERVER['REMOTE_ADDR'];
}
if (array_key_exists('REMOTE_HOST', $_SERVER)) {
$session_info .= "; Remote_Host: " . $_SERVER['REMOTE_HOST'];
}
if (array_key_exists('REQUEST_URI', $_SERVER)) {
$session_info .= "; Request_Uri: " . $_SERVER['REQUEST_URI'];
}
if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
$session_info .= "; User_Agent: " . $_SERVER['HTTP_USER_AGENT'];
}
$query = "insert into session(sessionid,startDateTime,tenantid,userid,info)\n values ('" . $sessionid . "', now(), " . $tenantid . ", " . $userid . ", " . Database::queryString($session_info) . ")";
Log::debug('query=' . $query, 1);
try {
$con = mysqli_connect(Config::$server, Config::$user, Config::$password, Config::$database);
} catch (Exception $e) {
Log::debug('unable to write to session table: ' . $e->getMessage(), 10);
}
if ($con) {
mysqli_query($con, $query);
} else {
$this->debug('unable to connect to database for debug: no connection returned.', 10);
}
}
protected function getEntitiesQuery($filters, $return, $offset)
{
$name = null;
$description = null;
if (isset($filters["locationid"])) {
$query = "call getMediaByLocationId(" . Database::queryNumber($filters["locationid"]) . "," . Database::queryNumber($this->tenantid) . "," . Database::queryNumber($this->userid) . ");";
return $query;
} else {
if (isset($filters["name"])) {
$name = $filters["name"];
}
if (isset($filters["description"])) {
$description = $filters["description"];
}
$query = "call getMediaItemsEx(" . Database::queryString($name) . "," . Database::queryString($description) . "," . Database::queryNumber($this->tenantid) . "," . Database::queryNumber($this->userid) . "," . Database::queryNumber($return) . "," . Database::queryNumber($offset) . ");";
return $query;
}
}
* get parameters are:
* collection: name of the pageCollection to update (e.g. 'home')
* pageid: id of the page
* sort: new sort/sequence number for the page
*/
include_once dirname(__FILE__) . '/../partials/pageCheck.php';
include_once dirname(__FILE__) . '/../classes/utility.php';
include_once dirname(__FILE__) . '/../classes/service.php';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$collection = Utility::getRequestVariable("collection", "");
$pageid = Utility::getRequestVariable("pageid", "");
$sort = Utility::getRequestVariable("sort", "");
if ($collection == "") {
Service::returnError('collection parameter is required.');
}
if ($pageid == "") {
Service::returnError('pageid parameter is required.');
}
if ($sort == "") {
Service::returnError('sort parameter is required.');
}
if (!$user->hasRole('admin', $tenantID)) {
Service::returnError('Access denied.', 403);
}
$query = "call setPageSortOrderForCollection(" . Database::queryString($collection) . "," . Database::queryNumber($pageid) . "," . Database::queryNumber($sort) . "," . Database::queryNumber($tenantID) . ");";
Database::executeQuery($query);
$json = '{"success":true}';
Service::returnJSON($json);
} else {
Service::returnError('Unsupported HTTP method.');
}
public function updatepassword($pass)
{
$secure_pass = generateHash($pass);
$query = "UPDATE user SET password = " . Database::queryString($secure_pass) . ' WHERE id = ' . Database::queryNumber($this->id);
return Database::executeQuery($query);
}
<?php
include_once dirname(__FILE__) . '/../partials/pageCheck.php';
include_once dirname(__FILE__) . '/../classes/database.php';
include_once dirname(__FILE__) . '/../classes/utility.php';
include_once dirname(__FILE__) . '/../classes/service.php';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$event = Utility::getRequestVariable('event', 'unknown event');
$entityType = Utility::getRequestVariable('entityType', 'unknown entity');
$entityId = Utility::getRequestVariable('entityId', 0);
$query = "INSERT INTO event (event,entityType,entityId,userId,sessionId,tenantId) values (";
$query .= Database::queryString($event);
$query .= ',' . Database::queryString($entityType);
$query .= ',' . Database::queryNumber($entityId);
$query .= ',' . Database::queryNumber($userID);
$query .= ',' . Database::queryString(session_id());
$query .= ',' . Database::queryNumber($tenantID);
$query .= ")";
$errorMsg = '';
try {
Database::executeQuery($query);
} catch (Exception $ex) {
$errorMsg = $ex->getMessage();
}
if (strlen($errorMsg) > 0) {
Service::returnError($errorMsg);
} else {
Service::returnJSON('{result: true}');
}
} else {
echo "Unsupported HTTP method.";
if (strlen($categories) > 0) {
// may be a little overkill, but want to ensure nothing but integers get passed into category id list
$idlist = explode("|", $categories, 10);
$separator = "";
foreach ($idlist as $id) {
if (is_numeric($id)) {
$filter .= $separator . $id;
$separator = ",";
}
}
}
Utility::debug('filter is: ' . $filter, 2);
if ($listId > 0) {
// a list was requested here. Different handling than regular entity set
$query = 'call getLocationsByEntityListIdEx(' . $listId . ',' . $tenantID . ',' . $start . ',' . $return . ',' . $userID . ')';
} elseif (strlen($filter > 0)) {
$query = "call getLocationsByLatLngAndCategoryIdList(" . $tenantID . "," . $userID . "," . $center_lat . "," . $center_long . "," . $return . "," . $start . "," . Database::queryString($filter) . ")";
} else {
$query = "call getLocationsByLatLng(" . $tenantID . "," . $userID . "," . $center_lat . "," . $center_long . "," . $return . "," . $start . ")";
}
Utility::debug('Executing query: ' . $query, 5);
$data = mysqli_query($con, $query) or die(mysqli_error());
$rows = array();
while ($r = mysqli_fetch_assoc($data)) {
$rows[] = Utility::addDisplayElements($r);
}
$set = "{\"locations\":" . json_encode($rows) . "}";
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
echo $set;
}
$errMessage .= 'title is required. ';
}
if (strlen($data->{'locationid'}) <= 0) {
$errMessage .= 'Locationid is required. ';
}
if (strlen($errMessage) > 0) {
echo 'Unable to save link: ' . $errMessage;
header(' ', true, 400);
die;
}
Utility::debug('Adding link', 5);
$query = "call addLocationLink(" . Database::queryNumber($data->{'locationid'});
$query .= "," . Database::queryString($data->{'link'});
$query .= "," . Database::queryString($data->{'title'});
$query .= "," . Database::queryString($data->{'author'});
$query .= "," . Database::queryString($data->{'publication'});
$query .= ')';
$result = Database::executeQuery($query);
if (!$result) {
echo 'Unable to save link.';
header(' ', true, 500);
} else {
$newID = 0;
while ($r = mysqli_fetch_array($result)) {
$newID = $r[0];
}
$response = '{"id":' . json_encode($newID) . "}";
Utility::debug('Endorsement added: ID=' . $newID, 5);
header('Content-Type: application/json');
echo $response;
}
// this is an existing record: update
// to do: add more data validations
Utility::debug('Updating location', 5);
$query = "call updateLocation(" . Database::queryString($data->{'id'});
$query .= "," . Database::queryString($data->{'name'});
$query .= "," . Database::queryString($data->{'address'});
$query .= "," . Database::queryString($data->{'city'});
$query .= "," . Database::queryString($data->{'state'});
$query .= "," . Database::queryString($data->{'phone'});
$query .= "," . Database::queryString($data->{'url'});
$query .= "," . Database::queryString($data->{'imageurl'});
$query .= "," . Database::queryNumber($data->{'latitude'});
$query .= "," . Database::queryNumber($data->{'longitude'});
$query .= "," . Database::queryString($data->{'shortdescription'});
$query .= "," . Database::queryString($data->{'googleReference'});
$query .= "," . Database::queryString($data->{'googlePlacesId'});
$query .= "," . Database::queryNumber($data->{'tenantid'});
$query .= ')';
try {
$result = Database::executeQuery($query);
} catch (Exception $e) {
$result = false;
if ($debug > 0) {
// don't reveal errors unless in debug mode
$errMessage = $e->getMessage();
} else {
$errMessage = 'Unknown error.';
}
}
if (!$result) {
header(' ', true, 500);
function fetchData($originLat, $originLong, $destLat, $destLong, $maxDetour, $numToReturn, $filter, $tenantID, $userID)
{
// build query
if (strlen($filter) > 0) {
$query = "call getLocationsOnRouteByCategoryIdList(";
} else {
$query = "call getLocationsOnRoute(";
}
$query .= Database::queryNumber($originLat);
$query .= ', ' . Database::queryNumber($originLong);
$query .= ', ' . Database::queryNumber($destLat);
$query .= ', ' . Database::queryNumber($destLong);
$query .= ', ' . Database::queryNumber($maxDetour);
$query .= ', ' . Database::queryNumber($numToReturn);
$query .= ', ' . Database::queryNumber($tenantID);
$query .= ', ' . Database::queryNumber($userID);
if (strlen($filter) > 0) {
$query .= ', ' . Database::queryString($filter);
}
$query .= ')';
$data = Database::executeQuery($query);
return $data;
}
protected function getEntityCountQuery($filters)
{
$query = '';
$name = Utility::getRequestVariable('name', '');
if (strlen($name) > 0) {
$query = "call countLocationsBySearchCriteria(" . $this->tenantid . "," . Database::queryString($name) . ")";
} else {
$query = parent::getEntityCountQuery($filters);
}
return $query;
}
if (strlen($data->{'locationid'}) <= 0) {
$errMessage .= 'Locationid is required. ';
}
if (strlen($data->{'date'}) <= 0) {
$errMessage .= 'Date is required. ';
}
if (strlen($errMessage) > 0) {
echo 'Unable to save endorsement: ' . $errMessage;
header(' ', true, 400);
die;
}
Utility::debug('Adding endorsement', 5);
$query = "call addLocationEndorsement(" . Database::queryNumber($data->{'locationid'});
$query .= "," . Database::queryNumber($data->{'userid'});
$query .= "," . Database::queryString($data->{'date'});
$query .= "," . Database::queryString($data->{'comments'});
$query .= ')';
$result = Database::executeQuery($query);
if (!$result) {
echo 'Unable to save endorsement.';
header(' ', true, 500);
} else {
$newID = 0;
while ($r = mysqli_fetch_array($result)) {
$newID = $r[0];
}
$response = '{"id":' . json_encode($newID) . "}";
Utility::debug('Endorsement added: ID=' . $newID, 5);
header('Content-Type: application/json');
echo $response;
}
function getSavePropertySQL($id, $key, $value)
{
$tablename = lcfirst($this->getName()) . 'Property';
$idname = lcfirst($this->getName()) . 'id';
// key is a reserved word, making this a bit of a pain (hence appendeding table name)
$query = 'insert into ' . $tablename . ' (' . $idname . ',' . $tablename . '.key,value)';
$query .= ' values (' . Database::queryNumber($id);
$query .= ', ' . Database::queryString($key);
$query .= ', ' . Database::queryString($value) . ');';
return $query;
}
public static function startBatch($name, $itemcount, $tenantid)
{
$query = 'call addBatch(' . Database::queryString($name) . ',' . $itemcount . ',' . $tenantid . ')';
$result = Database::executeQuery($query);
$row = mysqli_fetch_array($result);
return $row[0];
}
public function setTenantAccess($data)
{
// TO DO: 1. remove all exiting tenants
// 2. cycle through $data and add access to each tenant specified
$queries = array("call removeTenantUsers(" . $this->id . ");");
$tenants = $data->{'tenants'};
foreach ($tenants as $tenant) {
$query = "call addTenantUserRole(" . Database::queryNumber($this->id) . "," . Database::queryNumber($tenant->{'tenantid'}) . "," . Database::queryString($tenant->{'role'}) . ");";
array_push($queries, $query);
}
Database::executeQueriesInTransaction($queries);
}
private function savePropertyBag($properties)
{
// first, cache and serialize property array
$this->bagContents = $properties;
$properties = serialize($properties);
if ($this->bagId > 0) {
// bag exists in DB: update
$query = "call updatePropertyBag(" . $this->bagId . ',' . Database::queryString($this->bagName) . ',' . Database::queryString($properties) . ',' . $this->tenantid . ')';
Database::executeQuery($query);
} else {
// new bag: insert
$query = "call addPropertyBag(" . Database::queryString($this->bagName) . ',' . Database::queryString($properties) . ',' . $this->tenantid . ')';
$results = Database::executeQuery($query);
if ($row = mysqli_fetch_assoc($results)) {
$this->bagId = $row["newID"];
}
}
}
$url = Utility::getArrayValue($result['result'], 'website');
}
$query = "call addLocation(" . Database::queryString($placemark->name);
$query .= "," . Database::queryString($address);
$query .= "," . Database::queryString($city);
$query .= "," . Database::queryString($state);
$query .= "," . Database::queryString($phone);
$query .= "," . Database::queryString($url);
$query .= "," . Database::queryString($placemark->imageurl);
$query .= "," . Database::queryNumber($coords[1]);
$query .= "," . Database::queryNumber($coords[0]);
$query .= ", null";
//. Database::queryNumber($placemark->categoryid); -- this isn't working for some reason.
$query .= "," . Database::queryString($placemark->description);
$query .= "," . Database::queryString($placemark->googleReference);
$query .= "," . Database::queryString($placeid);
$query .= "," . Database::queryNumber($tenantid);
$query .= ')';
$errMessage = ".";
$result = null;
try {
$result = Database::executeQuery($query);
} catch (Exception $e) {
if ($debug > 0) {
// don't reveal errors unless in debug mode
$errMessage = $e->getMessage();
}
}
if (!$result) {
Utility::debug("Unable to save location/place #: " . $count . ". " . $errMessage, 5);
$exceptions[] = $errMessage;
