function dolog($json_array) { $GLOBALS['conn'] = null; createConnection("localhost", "access_log", "C148aADhCs7FMWgXs4V5", "sswd", $json_array); $ip = $_SERVER['REMOTE_ADDR']; if (isset($_GET['key'])) { $key = $_GET['key']; } else { if (isset($_POST['key'])) { $key = $_POST['key']; } else { $key = ""; } } $result = $json_array['success']; $message = ""; $auser = $json_array['auth_user']; if (isset($_GET['api'])) { $api = $_GET['api']; } else { $api = ""; } foreach ($json_array['message'] as $msg) { if (is_array($msg)) { $message .= json_encode($msg) . ";"; } else { $message .= $msg . ";"; } } $stmt = $GLOBALS['conn']->prepare("INSERT INTO access_log (log_ip, log_api, log_key, log_result, log_message, log_auth_user) VALUES (?, ?, ?, ?, ?, ?)"); $stmt->bind_param("sssiss", $ip, $api, $key, $result, $message, $auser); $stmt->execute(); $GLOBALS['conn'] = null; }
function letzteBestellungenExtended($benutzer) { //$con = mysql_connect('localhost','root',''); //mysql_select_db('ebertspizzapalace', $con); createConnection(); $sql = "SELECT p.Name, xpo.Amount, group_concat(i.Name) AS Zutaten, o.ID\n\t\tFROM Customers c, Orders o, xProductOrder xpo, Products p, xProductIngredient xpi, Ingredients i \n\t\tWHERE c.ID = o.CustomerID \n\t\tAND o.ID = xpo.OrderID \n\t\tAND xpo.ProductID = p.ID \n\t\tAND p.ID = xpi.ProductID \n\t\tAND xpi.IngredientID = i.ID \n\t\tAND c.Login = '******'\n\t\tGROUP BY p.ID, o.ID"; $results = mysql_query($sql); //mysql_close($con); closeConnection(); return $results; }
function BenutzernameCheck($inputBenutzername) { createConnection(); //$con = mysql_connect('localhost','root',''); //mysql_select_db('ebertspizzapalace', $con); $sql = "SELECT Login FROM Customers WHERE Login = '******'"; $result = mysql_query($sql, $con); $count = mysql_num_rows($result); closeConnection(); //mysql_close($con); return $count; }
function executeQueryString($queryString) { $conn = createConnection(); if ($conn->query($queryString) === TRUE) { //echo "<br>New record created successfully<br>"; return true; } else { echo "Error: " . $queryString . "<br>" . $conn->error; return false; } closeConnection($conn); }
function warenkorbGesamtpreis($anzahl, $produkt) { //$con = mysql_connect('localhost','root',''); //mysql_select_db('ebertspizzapalace', $con); createConnection(); $sql = "SELECT Price FROM Products WHERE ID = '{$produkt}'"; $result = mysql_query($sql); $price = mysql_result($result, 0, 0); //mysql_close($con); closeConnection(); $zahl = $price * $anzahl; return $zahl; }
function insertData($data) { $conn = createConnection(); $tableName = "TvPrices"; $productInfoList = $data['productInfoList']; if (sizeof($productInfoList) > 0) { // not required; foreach ($productInfoList as $list) { $prodIdentifier = $list['productBaseInfo']['productIdentifier']; $prodAttr = $list['productBaseInfo']['productAttributes']; $ItemId = $prodIdentifier['productId']; $ItemTitle = $prodAttr['title']; $ItemMRP = $prodAttr['maximumRetailPrice']['amount']; $ItemSP = $prodAttr['sellingPrice']['amount']; $ItemURL = $prodAttr['productUrl']; $ItemBrand = $prodAttr['productBrand']; $variable = $prodAttr['imageUrls']; foreach ($variable as $key => $imageUrl) { break; } $ItemImage = $imageUrl; // echo '<br>'.$ItemId; // echo '<br>'.$ItemTitle; // echo '<br>'.$ItemMRP; // echo '<br>'.$ItemSP; // echo '<br>'.$ItemURL; // echo '<br>'.$ItemBrand; // echo '<br>'.$ItemImage; echo '<hr>'; $columns = 'id, title, mrp, sp, url, brand, image'; $values = "'" . $ItemId . "'" . ',' . "'" . $ItemTitle . "'" . ',' . $ItemMRP . ',' . $ItemSP . ',' . "'" . $ItemURL . "'" . ',' . "'" . $ItemBrand . "'" . ',' . "'" . $ItemImage . "'"; // echo $values; $sql = "INSERT INTO " . $tableName . "(" . $columns . ") VALUES (" . $values . ")"; if ($conn->query($sql) === TRUE) { echo "New record created successfully"; } else { // row is already exists. $sql = "UPDATE " . $tableName . " SET mrp=" . $ItemMRP . ", sp=" . $ItemSP . ", url=" . "'" . $ItemURL . "'" . " where id='" . $ItemId . "'"; if ($conn->query($sql) === TRUE) { echo "row updated successfully"; } else { echo "Error updating table" . $conn->error; } } } } $conn->close(); }
function loeschen($benutzer, $passwort) { //$con = mysql_connect('localhost','root',''); //mysql_select_db('ebertspizzapalace', $con); createConnection(); $sql = "SELECT Password FROM Customers WHERE Login = '******'"; $result = mysql_query($sql); $passwortDB = mysql_result($result, 0, 0); //mysql_close($con); closeConnection(); if (crypt($passwort, $passwortDB) == $passwortDB) { $con = mysql_connect('localhost', 'root', ''); mysql_select_db('ebertspizzapalace', $con); $sql = "UPDATE Customers SET IsDeleted = '1' WHERE Login = '******'"; $result = mysql_query($sql); mysql_close($con); session_destroy(); echo ' <script type="text/javascript"> window.location.href=\'index.php\'; </script> '; } else { echo ' <div id="myModal2" class="modal fade" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h4 class="modal-title">Account ' . $benutzer . ' löschen</h4> </div> <div class="modal-body"> <p>Löschen des Accounts: ' . $benutzer . ' nicht möglich.</p> <p>Fehler: Falsches Passwort</p> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button> </div> </div> </div> </div> <script> $(\'#myModal2\').modal( \'show\'); </script> '; } }
function getMenuHeaderStrings() { $retArray = array(); createConnection(); //create statement $statement = "SELECT ID,Name FROM Categories WHERE SuperCategoryID = 0 AND IsDeleted = 0"; //query db $result = mysql_query($statement); //if there are any results fill retArray if ($result) { //add all results to retArray while ($row = mysql_fetch_array($result)) { array_push($retArray, array($row["ID"], htmlentities($row["Name"]))); } } closeConnection(); return $retArray; }
createConnection("localhost", "sswd", "EVF3mYZgGrh9Mnis7J2m", "sswd"); // prepare sql for search $stmt = $GLOBALS['conn']->prepare("SELECT mem_id, mem_name, mem_role, mem_nickname, mem_short_description, mem_long_description, mem_short_skills, mem_long_skills FROM `sswd`.`members`"); $stmt->execute(); $stmt->bind_result($mem_id, $mem_name, $mem_role, $mem_nickname, $mem_short_description, $mem_long_description, $mem_short_skills, $mem_long_skills); while ($stmt->fetch()) { $json_array[$mem_id] = array('real_name' => $mem_name, 'role' => $mem_role, 'nickname' => $mem_nickname, 'short_description' => $mem_short_description, 'long_description' => $mem_long_description, 'short_skills' => $mem_short_skills, 'long_skills' => $mem_long_skills); } } } } if (isset($_GET['memid'])) { $memid = (int) $_GET['memid']; if ($memid > 0) { //Connect only after it's confirmed what they want and it's safe to proceed createConnection("localhost", "sswd", "EVF3mYZgGrh9Mnis7J2m", "sswd"); // prepare sql for search $stmt = $GLOBALS['conn']->prepare("SELECT mem_id, mem_name, mem_role, mem_nickname, mem_short_description, mem_long_description, mem_short_skills, mem_long_skills FROM `sswd`.`members` WHERE mem_id = ? LIMIT 1"); $stmt->bind_param("d", $memid); $stmt->execute(); $stmt->bind_result($mem_id, $mem_name, $mem_role, $mem_nickname, $mem_short_description, $mem_long_description, $mem_short_skills, $mem_long_skills); $stmt->fetch(); if ($mem_name != null) { $json_array[$mem_id] = array('real_name' => $mem_name, 'role' => $mem_role, 'nickname' => $mem_nickname, 'short_description' => $mem_short_description, 'long_description' => $mem_long_description, 'short_skills' => $mem_short_skills, 'long_skills' => $mem_long_skills); } else { $json_array = array('error' => "The input memid parameter returned no members"); } } else { $json_array = array('error' => "Please enter a valid memid"); } }
<?php include 'connectdb.php'; # check: code and api_url preset as query parameters if ($_SERVER["REQUEST_METHOD"] == "GET") { if (!(empty($_GET["code"]) || empty($_GET["api_url"]))) { $conn = createConnection(); $secrets = getSecrets($conn); $access_token = getAccessToken($_GET['code'], $secrets['client_id'], $secrets['client_secret'], $_GET["access_token_url"]); $sql = "SELECT * FROM shops where api_url = '{$_GET['api_url']}'"; $result = $conn->query($sql); # if installing first time or updating existing token if ($result->num_rows > 0) { $row = $result->fetch_assoc(); $sql = "UPDATE shops SET access_token='{$access_token}' WHERE id= {$row['id']}"; } else { $sql = "INSERT INTO shops (code, api_url, return_url, access_token)\n VALUES ('{$_GET['code']}', '{$_GET['api_url']}', '{$_GET['return_url']}','{$access_token}')"; } # insert token into database if (!$conn->query($sql) === TRUE) { echo "Error: " . $sql . "<br>" . $conn->error; } closeConnection($conn); # redirect to the return_url header("Location: {$_GET['return_url']}"); die; } } function getAccessToken($code, $client_id, $client_secret, $url) { $curl_post_data = array('code' => $code, 'client_id' => $client_id, 'client_secret' => $client_secret); $json = curl_post($url, $curl_post_data);
$stmt->bind_param("s", $_GET['user']); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($post_id, $post_user, $post_date, $post_news, $post_alert, $post_warning, $post_global, $post_hidden, $post_edited, $post_title, $post_text, $post_tags); while ($stmt->fetch()) { $Parsedown = new Parsedown(); $json_array['message']['post'][$post_id] = array('username' => $post_user, 'date' => $post_date, 'isnews' => $post_news, 'isalert' => $post_alert, 'iswarning' => $post_warning, 'isglobal' => $post_global, 'ishidden' => $post_hidden, 'isedited' => $post_edited, 'title' => $post_title, 'body' => nl2br(str_replace("\n", "", $Parsedown->text($post_text))), 'tags' => $post_tags); } } else { $json_array['success'] = false; $json_array['message'][] = "Username was provided in the incorrect format"; } } else { if ($sb == "pid") { if ((int) $_GET['id'] > 0) { createConnection("localhost", "blog", "oKU9DIeWLJIEDrIhTIJJ", "sswd"); $stmt = $GLOBALS['conn']->prepare("SELECT post_id, post_user, post_date, post_news, post_alert, post_warning, post_global, post_hidden, post_edited, post_title, post_text, post_tags FROM `sswd`.`blog` WHERE post_id = ? LIMIT 30"); $stmt->bind_param("i", $_GET['id']); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($post_id, $post_user, $post_date, $post_news, $post_alert, $post_warning, $post_global, $post_hidden, $post_edited, $post_title, $post_text, $post_tags); $stmt->fetch(); if ($post_user != null) { $Parsedown = new Parsedown(); $json_array['message']['post'][$post_id] = array('username' => $post_user, 'date' => $post_date, 'isnews' => $post_news, 'isalert' => $post_alert, 'iswarning' => $post_warning, 'isglobal' => $post_global, 'ishidden' => $post_hidden, 'isedited' => $post_edited, 'title' => $post_title, 'body' => nl2br(str_replace("\n", "", $Parsedown->text($post_text))), 'tags' => $post_tags); } else { $json_array['success'] = false; $json_array['message'][] = "No user found with that id"; } } else { $json_array['success'] = false;
function aenderungenVerarbeiten($FirstName, $LastName, $Street, $Zip, $City, $inputAltesPasswort, $inputPasswortNeu, $inputPasswortNeuW, $benutzer) { $aenderungen = array(); if (!empty($FirstName)) { array_push($aenderungen, "FirstName"); } if (!empty($LastName)) { array_push($aenderungen, "LastName"); } if (!empty($Street)) { array_push($aenderungen, "Street"); } if (!empty($Zip)) { array_push($aenderungen, "Zip"); } if (!empty($City)) { array_push($aenderungen, "City"); } $result = compact("event", "nothing_here", $aenderungen); foreach ($result as $key => $value) { //$con = mysql_connect('localhost','root',''); //mysql_select_db('ebertspizzapalace', $con); createConnection(); $sql = "UPDATE Customers SET {$key} = '{$value}' WHERE Login = '******'"; $result = mysql_query($sql, $con); //mysql_close($con); closeConnection(); } if (!empty($inputAltesPasswort) and !empty($inputPasswortNeu) and !empty($inputPasswortNeuW)) { //$con = mysql_connect('localhost','root',''); //mysql_select_db('ebertspizzapalace', $con); createConnection(); $sql = "SELECT Password FROM Customers WHERE Login = '******'"; $result = mysql_query($sql, $con); $passwortAenderung = mysql_result($result, 0, 0); //mysql_close($con); closeConnection(); echo $passwortAenderung; echo crypt($inputAltesPasswort, $passwortAenderung); if (crypt($inputAltesPasswort, $passwortAenderung) == $passwortAenderung) { if ($inputPasswortNeu == $inputPasswortNeuW) { $salt1 = '$2a$07$R.gJb2U2N.FmZ4hPp1y2CN$'; $passwortUpdate = crypt($inputPasswortNeu, $salt1); //$con = mysql_connect('localhost','root',''); //mysql_select_db('ebertspizzapalace', $con); createConnection(); $sql = "UPDATE Customers SET Password = '******' WHERE Login = '******'"; $result = mysql_query($sql, $con); //mysql_close($con); closeConnection(); session_destroy(); echo ' <script type="text/javascript"> window.location.href=\'index.php\'; </script> '; } else { echo ' <div id="fehlerNeuesPasswort" class="modal fade" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h4 class="modal-title">Fehler neues Passwort</h4> </div> <div class="modal-body"> <p>Fehler: Beim neuen Passwort ist ein Fehler aufgetreten.</p> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button> </div> </div> </div> </div> <script> $(\'#fehlerNeuesPasswort\').modal( \'show\'); </script> '; } } else { echo ' <div id="fehlerAltesPasswort" class="modal fade" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h4 class="modal-title">Fehler altes Passwort</h4> </div> <div class="modal-body"> <p>Fehler: Altes Passwort nicht korrekt.</p> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button> </div> </div> </div> </div> <script> $(\'#fehlerAltesPasswort\').modal( \'show\'); </script> '; } } }
function getTopMenues($limit) { $retArray = array(); createConnection(); $statement = "SELECT m.Name, SUM(mo.Amount) AS 'Count' FROM xMenueOrder mo INNER JOIN Orders o ON mo.OrderID = o.ID INNER JOIN Invoices i ON o.ID = i.OrderID INNER JOIN Menues m ON mo.MenueID = m.ID GROUP BY mo.MenueID ORDER BY COUNT(mo.MenueID) LIMIT " . $limit . ";"; $result = mysql_query($statement); while ($row = mysql_fetch_array($result)) { array_push($retArray, array($row["Name"], htmlentities($row["Count"]))); } closeConnection(); return $retArray; }
function query($sql, &$conn) { global $conn, $socket; if (!isset($conn) || !mysql_ping($conn)) { print "Warning - connection to mysql lost, recreating\n"; $conn = createConnection(); } $result = @mysql_query($sql, $conn); if (!$result) { print "Query failure on socket {$socket}\n"; print "Query: {$sql}\n"; print "ERROR: " . mysql_error($conn) . "\n"; return false; } return $result; }
function registrieren($inputVorname, $inputNachname, $inputStrasse, $inputPLZ, $inputOrt, $inputBenutzername, $inputPasswortRegi, $inputPasswortRegiW) { $passwortCheck = true; $benutzerCheck = true; if (!($inputPasswortRegi == $inputPasswortRegiW)) { echo ' <div id="myModal3" class="modal fade" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h4 class="modal-title">Registrieren</h4> </div> <div class="modal-body"> <p>Fehler: Die Passwörter stimmen nicht überein</p> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button> </div> </div> </div> </div> <script> $(\'#myModal3\').modal( \'show\'); </script> '; $passwortCheck = false; } if (BenutzernameCheck($inputBenutzername) != 0) { echo ' <div id="myModal4" class="modal fade" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h4 class="modal-title">Registrieren</h4> </div> <div class="modal-body"> <p>Fehler: Der Benutzername ist bereits vorhanden, bitte wählen sie einen anderen</p> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button> </div> </div> </div> </div> <script> $(\'#myModal4\').modal( \'show\'); </script> '; $benutzerCheck = false; } if ($passwortCheck and $benutzerCheck) { $salt = '$2a$07$R.gJb2U2N.FmZ4hPp1y2CN$'; $passwort = crypt($inputPasswortRegi, $salt); //$con = mysql_connect('localhost','root',''); //mysql_select_db('ebertspizzapalace', $con); createConnection(); $sql = "INSERT INTO Customers (FirstName, Lastname, Street, Zip, City, Login, Password) VALUES ('{$inputVorname}', '{$inputNachname}', '{$inputStrasse}', '{$inputPLZ}', '{$inputOrt}', '{$inputBenutzername}', '{$passwort}')"; $result = mysql_query($sql); //mysql_close($con); closeConnection(); echo ' <div id="myModal5" class="modal fade" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h4 class="modal-title">Registrieren</h4> </div> <div class="modal-body"> <p>Erfolgreich registriert!</p> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button> </div> </div> </div> </div> <script> $(\'#myModal5\').modal( \'show\'); </script> '; } }
<?php /* Router, all requests sent to api directory forwarded here. URLs of type api/data/args converted to array. Determine method then data. Call functions in dbLib* to process commands */ include_once "setUp.php"; include_once "utils.php"; include_once "databaseFunctions.php"; if (!isset($db)) { $db = createConnection(); } $urlParameters = explodeQuery($_SERVER['QUERY_STRING']); switch ($_SERVER['REQUEST_METHOD']) { case "POST": // Creation /* echo "<strong><code>Post</code></strong>: <br>"; */ post($db, $urlParameters); break; case "GET": //Retrieval /* echo "<p><strong><code>Get</code></strong>:</p>"; */ get($db, $urlParameters); break; case "DELETE": /* echo "<strong><code>Delete</code></strong>: <br>"; */ break; default: echo "<strong>Error: unexpected method. Can handle <code>POST</code>, <code>GET</code>, <code>DELETE</code></strong>"; http_response_code(405);