protected function getEntitiesQuery($filters, $return, $offset) { $authorid = null; $newsItems = null; $status = null; $extended = false; if (array_key_exists('author', $filters)) { // use author $authorid = Database::queryNumber($filters['author']); } elseif (array_key_exists('authorid', $filters)) { // use author $authorid = Database::queryNumber($filters['authorid']); } if (array_key_exists('news', $filters)) { $newsItems = strtolower($filters['news']) == "true" || strtolower($filters['news']) == "yes"; } if (array_key_exists('extended', $filters)) { $extended = strtolower($filters['extended']) == "true" || strtolower($filters['extended']) == "yes"; } if (array_key_exists('status', $filters)) { $status = $filters['status']; } return 'call getFeaturesEx(' . Database::queryNumber($authorid) . ',' . Database::queryBoolean($newsItems) . ',' . Database::queryString($status) . ',' . Database::queryBoolean($extended) . ',' . $this->userid . ',' . $return . ',' . $offset . ',' . $this->tenantid . ');'; return $query; }
public static function startSession($sessionid, $tenantid, $userid) { $session_info = ""; if (array_key_exists('HTTP_HOST', $_SERVER)) { $session_info .= "HTTP_Host: " . $_SERVER['HTTP_HOST']; } if (array_key_exists('HTTP_REFERRER', $_SERVER)) { $session_info .= "; HTTP_Referrer: " . $_SERVER['HTTP_REFERRER']; } if (array_key_exists('REMOTE_ADDR', $_SERVER)) { $session_info .= "; Remote_Addr: " . $_SERVER['REMOTE_ADDR']; } if (array_key_exists('REMOTE_HOST', $_SERVER)) { $session_info .= "; Remote_Host: " . $_SERVER['REMOTE_HOST']; } if (array_key_exists('REQUEST_URI', $_SERVER)) { $session_info .= "; Request_Uri: " . $_SERVER['REQUEST_URI']; } if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) { $session_info .= "; User_Agent: " . $_SERVER['HTTP_USER_AGENT']; } $query = "insert into session(sessionid,startDateTime,tenantid,userid,info)\n values ('" . $sessionid . "', now(), " . $tenantid . ", " . $userid . ", " . Database::queryString($session_info) . ")"; Log::debug('query=' . $query, 1); try { $con = mysqli_connect(Config::$server, Config::$user, Config::$password, Config::$database); } catch (Exception $e) { Log::debug('unable to write to session table: ' . $e->getMessage(), 10); } if ($con) { mysqli_query($con, $query); } else { $this->debug('unable to connect to database for debug: no connection returned.', 10); } }
protected function getEntitiesQuery($filters, $return, $offset) { $name = null; $description = null; if (isset($filters["locationid"])) { $query = "call getMediaByLocationId(" . Database::queryNumber($filters["locationid"]) . "," . Database::queryNumber($this->tenantid) . "," . Database::queryNumber($this->userid) . ");"; return $query; } else { if (isset($filters["name"])) { $name = $filters["name"]; } if (isset($filters["description"])) { $description = $filters["description"]; } $query = "call getMediaItemsEx(" . Database::queryString($name) . "," . Database::queryString($description) . "," . Database::queryNumber($this->tenantid) . "," . Database::queryNumber($this->userid) . "," . Database::queryNumber($return) . "," . Database::queryNumber($offset) . ");"; return $query; } }
* get parameters are: * collection: name of the pageCollection to update (e.g. 'home') * pageid: id of the page * sort: new sort/sequence number for the page */ include_once dirname(__FILE__) . '/../partials/pageCheck.php'; include_once dirname(__FILE__) . '/../classes/utility.php'; include_once dirname(__FILE__) . '/../classes/service.php'; if ($_SERVER['REQUEST_METHOD'] == "POST") { $collection = Utility::getRequestVariable("collection", ""); $pageid = Utility::getRequestVariable("pageid", ""); $sort = Utility::getRequestVariable("sort", ""); if ($collection == "") { Service::returnError('collection parameter is required.'); } if ($pageid == "") { Service::returnError('pageid parameter is required.'); } if ($sort == "") { Service::returnError('sort parameter is required.'); } if (!$user->hasRole('admin', $tenantID)) { Service::returnError('Access denied.', 403); } $query = "call setPageSortOrderForCollection(" . Database::queryString($collection) . "," . Database::queryNumber($pageid) . "," . Database::queryNumber($sort) . "," . Database::queryNumber($tenantID) . ");"; Database::executeQuery($query); $json = '{"success":true}'; Service::returnJSON($json); } else { Service::returnError('Unsupported HTTP method.'); }
public function updatepassword($pass) { $secure_pass = generateHash($pass); $query = "UPDATE user SET password = " . Database::queryString($secure_pass) . ' WHERE id = ' . Database::queryNumber($this->id); return Database::executeQuery($query); }
<?php include_once dirname(__FILE__) . '/../partials/pageCheck.php'; include_once dirname(__FILE__) . '/../classes/database.php'; include_once dirname(__FILE__) . '/../classes/utility.php'; include_once dirname(__FILE__) . '/../classes/service.php'; if ($_SERVER['REQUEST_METHOD'] == "POST") { $event = Utility::getRequestVariable('event', 'unknown event'); $entityType = Utility::getRequestVariable('entityType', 'unknown entity'); $entityId = Utility::getRequestVariable('entityId', 0); $query = "INSERT INTO event (event,entityType,entityId,userId,sessionId,tenantId) values ("; $query .= Database::queryString($event); $query .= ',' . Database::queryString($entityType); $query .= ',' . Database::queryNumber($entityId); $query .= ',' . Database::queryNumber($userID); $query .= ',' . Database::queryString(session_id()); $query .= ',' . Database::queryNumber($tenantID); $query .= ")"; $errorMsg = ''; try { Database::executeQuery($query); } catch (Exception $ex) { $errorMsg = $ex->getMessage(); } if (strlen($errorMsg) > 0) { Service::returnError($errorMsg); } else { Service::returnJSON('{result: true}'); } } else { echo "Unsupported HTTP method.";
if (strlen($categories) > 0) { // may be a little overkill, but want to ensure nothing but integers get passed into category id list $idlist = explode("|", $categories, 10); $separator = ""; foreach ($idlist as $id) { if (is_numeric($id)) { $filter .= $separator . $id; $separator = ","; } } } Utility::debug('filter is: ' . $filter, 2); if ($listId > 0) { // a list was requested here. Different handling than regular entity set $query = 'call getLocationsByEntityListIdEx(' . $listId . ',' . $tenantID . ',' . $start . ',' . $return . ',' . $userID . ')'; } elseif (strlen($filter > 0)) { $query = "call getLocationsByLatLngAndCategoryIdList(" . $tenantID . "," . $userID . "," . $center_lat . "," . $center_long . "," . $return . "," . $start . "," . Database::queryString($filter) . ")"; } else { $query = "call getLocationsByLatLng(" . $tenantID . "," . $userID . "," . $center_lat . "," . $center_long . "," . $return . "," . $start . ")"; } Utility::debug('Executing query: ' . $query, 5); $data = mysqli_query($con, $query) or die(mysqli_error()); $rows = array(); while ($r = mysqli_fetch_assoc($data)) { $rows[] = Utility::addDisplayElements($r); } $set = "{\"locations\":" . json_encode($rows) . "}"; header('Content-Type: application/json'); header('Access-Control-Allow-Origin: *'); echo $set; }
$errMessage .= 'title is required. '; } if (strlen($data->{'locationid'}) <= 0) { $errMessage .= 'Locationid is required. '; } if (strlen($errMessage) > 0) { echo 'Unable to save link: ' . $errMessage; header(' ', true, 400); die; } Utility::debug('Adding link', 5); $query = "call addLocationLink(" . Database::queryNumber($data->{'locationid'}); $query .= "," . Database::queryString($data->{'link'}); $query .= "," . Database::queryString($data->{'title'}); $query .= "," . Database::queryString($data->{'author'}); $query .= "," . Database::queryString($data->{'publication'}); $query .= ')'; $result = Database::executeQuery($query); if (!$result) { echo 'Unable to save link.'; header(' ', true, 500); } else { $newID = 0; while ($r = mysqli_fetch_array($result)) { $newID = $r[0]; } $response = '{"id":' . json_encode($newID) . "}"; Utility::debug('Endorsement added: ID=' . $newID, 5); header('Content-Type: application/json'); echo $response; }
// this is an existing record: update // to do: add more data validations Utility::debug('Updating location', 5); $query = "call updateLocation(" . Database::queryString($data->{'id'}); $query .= "," . Database::queryString($data->{'name'}); $query .= "," . Database::queryString($data->{'address'}); $query .= "," . Database::queryString($data->{'city'}); $query .= "," . Database::queryString($data->{'state'}); $query .= "," . Database::queryString($data->{'phone'}); $query .= "," . Database::queryString($data->{'url'}); $query .= "," . Database::queryString($data->{'imageurl'}); $query .= "," . Database::queryNumber($data->{'latitude'}); $query .= "," . Database::queryNumber($data->{'longitude'}); $query .= "," . Database::queryString($data->{'shortdescription'}); $query .= "," . Database::queryString($data->{'googleReference'}); $query .= "," . Database::queryString($data->{'googlePlacesId'}); $query .= "," . Database::queryNumber($data->{'tenantid'}); $query .= ')'; try { $result = Database::executeQuery($query); } catch (Exception $e) { $result = false; if ($debug > 0) { // don't reveal errors unless in debug mode $errMessage = $e->getMessage(); } else { $errMessage = 'Unknown error.'; } } if (!$result) { header(' ', true, 500);
function fetchData($originLat, $originLong, $destLat, $destLong, $maxDetour, $numToReturn, $filter, $tenantID, $userID) { // build query if (strlen($filter) > 0) { $query = "call getLocationsOnRouteByCategoryIdList("; } else { $query = "call getLocationsOnRoute("; } $query .= Database::queryNumber($originLat); $query .= ', ' . Database::queryNumber($originLong); $query .= ', ' . Database::queryNumber($destLat); $query .= ', ' . Database::queryNumber($destLong); $query .= ', ' . Database::queryNumber($maxDetour); $query .= ', ' . Database::queryNumber($numToReturn); $query .= ', ' . Database::queryNumber($tenantID); $query .= ', ' . Database::queryNumber($userID); if (strlen($filter) > 0) { $query .= ', ' . Database::queryString($filter); } $query .= ')'; $data = Database::executeQuery($query); return $data; }
protected function getEntityCountQuery($filters) { $query = ''; $name = Utility::getRequestVariable('name', ''); if (strlen($name) > 0) { $query = "call countLocationsBySearchCriteria(" . $this->tenantid . "," . Database::queryString($name) . ")"; } else { $query = parent::getEntityCountQuery($filters); } return $query; }
if (strlen($data->{'locationid'}) <= 0) { $errMessage .= 'Locationid is required. '; } if (strlen($data->{'date'}) <= 0) { $errMessage .= 'Date is required. '; } if (strlen($errMessage) > 0) { echo 'Unable to save endorsement: ' . $errMessage; header(' ', true, 400); die; } Utility::debug('Adding endorsement', 5); $query = "call addLocationEndorsement(" . Database::queryNumber($data->{'locationid'}); $query .= "," . Database::queryNumber($data->{'userid'}); $query .= "," . Database::queryString($data->{'date'}); $query .= "," . Database::queryString($data->{'comments'}); $query .= ')'; $result = Database::executeQuery($query); if (!$result) { echo 'Unable to save endorsement.'; header(' ', true, 500); } else { $newID = 0; while ($r = mysqli_fetch_array($result)) { $newID = $r[0]; } $response = '{"id":' . json_encode($newID) . "}"; Utility::debug('Endorsement added: ID=' . $newID, 5); header('Content-Type: application/json'); echo $response; }
function getSavePropertySQL($id, $key, $value) { $tablename = lcfirst($this->getName()) . 'Property'; $idname = lcfirst($this->getName()) . 'id'; // key is a reserved word, making this a bit of a pain (hence appendeding table name) $query = 'insert into ' . $tablename . ' (' . $idname . ',' . $tablename . '.key,value)'; $query .= ' values (' . Database::queryNumber($id); $query .= ', ' . Database::queryString($key); $query .= ', ' . Database::queryString($value) . ');'; return $query; }
public static function startBatch($name, $itemcount, $tenantid) { $query = 'call addBatch(' . Database::queryString($name) . ',' . $itemcount . ',' . $tenantid . ')'; $result = Database::executeQuery($query); $row = mysqli_fetch_array($result); return $row[0]; }
public function setTenantAccess($data) { // TO DO: 1. remove all exiting tenants // 2. cycle through $data and add access to each tenant specified $queries = array("call removeTenantUsers(" . $this->id . ");"); $tenants = $data->{'tenants'}; foreach ($tenants as $tenant) { $query = "call addTenantUserRole(" . Database::queryNumber($this->id) . "," . Database::queryNumber($tenant->{'tenantid'}) . "," . Database::queryString($tenant->{'role'}) . ");"; array_push($queries, $query); } Database::executeQueriesInTransaction($queries); }
private function savePropertyBag($properties) { // first, cache and serialize property array $this->bagContents = $properties; $properties = serialize($properties); if ($this->bagId > 0) { // bag exists in DB: update $query = "call updatePropertyBag(" . $this->bagId . ',' . Database::queryString($this->bagName) . ',' . Database::queryString($properties) . ',' . $this->tenantid . ')'; Database::executeQuery($query); } else { // new bag: insert $query = "call addPropertyBag(" . Database::queryString($this->bagName) . ',' . Database::queryString($properties) . ',' . $this->tenantid . ')'; $results = Database::executeQuery($query); if ($row = mysqli_fetch_assoc($results)) { $this->bagId = $row["newID"]; } } }
$url = Utility::getArrayValue($result['result'], 'website'); } $query = "call addLocation(" . Database::queryString($placemark->name); $query .= "," . Database::queryString($address); $query .= "," . Database::queryString($city); $query .= "," . Database::queryString($state); $query .= "," . Database::queryString($phone); $query .= "," . Database::queryString($url); $query .= "," . Database::queryString($placemark->imageurl); $query .= "," . Database::queryNumber($coords[1]); $query .= "," . Database::queryNumber($coords[0]); $query .= ", null"; //. Database::queryNumber($placemark->categoryid); -- this isn't working for some reason. $query .= "," . Database::queryString($placemark->description); $query .= "," . Database::queryString($placemark->googleReference); $query .= "," . Database::queryString($placeid); $query .= "," . Database::queryNumber($tenantid); $query .= ')'; $errMessage = "."; $result = null; try { $result = Database::executeQuery($query); } catch (Exception $e) { if ($debug > 0) { // don't reveal errors unless in debug mode $errMessage = $e->getMessage(); } } if (!$result) { Utility::debug("Unable to save location/place #: " . $count . ". " . $errMessage, 5); $exceptions[] = $errMessage;