public static function getHelp()
{
global $connection, $db_info;
if (databaseConnection()) {
try {
$sql = "SELECT * FROM {$db_info['help']}";
$statement = $connection->prepare($sql);
$statement->execute();
$result = array_map('reset', $statement->fetchAll(PDO::FETCH_GROUP | PDO::FETCH_ASSOC));
if (count($result) > 0) {
return $result;
} else {
return false;
}
} catch (Exception $e) {
}
}
}
public static function getAdminEmailList()
{
global $connection, $db_info;
if (databaseConnection()) {
try {
$sql = "SELECT * FROM {$db_info['member_tbl']} WHERE (rank = 1 OR rank = 2)";
$statement = $connection->prepare($sql);
$statement->execute();
$result = $statement->fetchAll(PDO::FETCH_ASSOC);
if (count($result) > 0) {
return $result;
} else {
return null;
}
} catch (Exception $e) {
}
}
return null;
}
public static function validateMusicBeeVersion($mbversions)
{
global $connection, $db_info;
if (databaseConnection()) {
try {
$sql = "SELECT ID_ALLVERSIONS FROM {$db_info['mb_all']} WHERE ID_ALLVERSIONS = :id";
$statement = $connection->prepare($sql);
$statement->bindValue(':id', $mbversions);
$statement->execute();
$result = $statement->fetchAll(PDO::FETCH_ASSOC);
if (count($result) != 1) {
return false;
}
} catch (Exception $e) {
return false;
}
return true;
}
}
public function checkStatExistsByIp($stat)
{
global $connection, $db_info;
if (databaseConnection()) {
try {
$sql = "SELECT STAT_ID \r\n\t\t\t\tFROM {$db_info['download_stat_tbl']}\r\n\t\t\t\tWHERE \r\n\t\t\t\tis_registered = {$stat['is_registered']}\r\n\t\t\t\tAND\r\n\t\t\t\tstat_type = :stat_type \r\n\t\t\t\tAND \r\n\t\t\t\tip_address = :ip \r\n\t\t\t\tAND \r\n\t\t\t\tID = :id";
$statement = $connection->prepare($sql);
$statement->bindValue(':ip', $stat['ip']);
$statement->bindValue(':stat_type', $stat['stat_type']);
$statement->bindValue(':id', $stat['id']);
$statement->execute();
$result = $statement->fetchAll(PDO::FETCH_ASSOC);
if (count($result) > 0) {
return true;
} else {
return false;
}
} catch (Exception $e) {
}
}
return false;
}
public function getAllAddonPublisherCount()
{
global $connection, $db_info;
if (databaseConnection()) {
try {
$sql = "SELECT\r\n\t\t\t\t\t\t COUNT(*) as publisherCount\r\n\t\t\t\t\t\tFROM\r\n\t\t\t\t\t\t {$db_info['member_tbl']}\r\n\t\t\t\t\t\tLEFT JOIN\r\n\t\t\t\t\t\t (\r\n\t\t\t\t\t\t SELECT\r\n\t\t\t\t\t\t ID_AUTHOR,\r\n\t\t\t\t\t\t COUNT(DISTINCT ID_ADDON) AS addonUploads\r\n\t\t\t\t\t\t FROM\r\n\t\t\t\t\t\t {$db_info['addon_tbl']}\r\n\t\t\t\t\t\t WHERE\r\n\t\t\t\t\t\t {$db_info['addon_tbl']}.status = 1\r\n\t\t\t\t\t\t GROUP BY addons.ID_AUTHOR\r\n\t\t\t\t\t\t) upload\r\n\t\t\t\t\t\tON\r\n\t\t\t\t\t\t upload.ID_AUTHOR = {$db_info['member_tbl']}.ID_MEMBER\r\n\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\tupload.addonUploads > 0";
$statement = $connection->prepare($sql);
$statement->execute();
$result = $statement->fetchAll(PDO::FETCH_ASSOC);
if ($result != null) {
return $result[0]['publisherCount'];
} else {
return null;
}
} catch (Exception $e) {
}
}
}
echo "<p>Area: <strong>" . $row['Area'] . "</strong> sq km</p>";
echo "<p>Population: <strong>" . number_format($row['Population']) . "</strong></p>";
echo "<p>Currency Name: <strong>" . $row['CurrencyName'] . "</strong></p>";
echo "<p>" . $row['CountryDescription'] . "</p>";
?>
</div>
<div class="panel panel-info">
<div class="panel-heading">Images From <?php
echo $row['CountryName'];
?>
</div>
<div class="well">
<div class="row">
<?php
$pdo = databaseConnection();
$sql = "SELECT TravelImage.ImageID, Path, CountryCodeISO, Title FROM TravelImageDetails\n" . "INNER JOIN TravelImage\n" . "ON TravelImage.ImageID = TravelImageDetails.ImageID WHERE CountryCodeISO ='" . $row['ISO'] . "'";
$result = $pdo->query($sql);
images($result);
$pdo = null;
?>
</div>
</div>
</div>
</div> <!-- end main content column -->
</div> <!-- end main content row -->
</div> <!-- end main content container -->
<?php
include "includes/travel-footer.inc.php";
?>
<?php
//Include the database information file
if (!isset($_POST['user_name'])) {
echo "Error!! Form inputs are not provided";
} else {
include 'db_connect.php';
//prepare and bind
$mysqli = databaseConnection();
$stmt = $mysqli->prepare(" SELECT full_name FROM tbl_users WHERE user_name=? AND password=?");
$stmt->bind_param("ss", $user_name, $password);
//set parameters and execute
$user_name = $_POST['user_name'];
$password = $_POST['user_password'];
$password = sha1($password);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$full_Name = $row['full_name'];
$stmt->close();
//Close the connection
$mysqli->close();
if (isset($full_Name)) {
echo "Login Successfull !!<br>";
echo "Welcome " . $full_Name;
} else {
echo "User is not authenticated";
}
}
/**
* Save rating to DB
*
* @param $addon_id
* @param $user_id
* @param $rate_val
*
* @return bool
*/
public function rateSubmit($addon_id, $user_id, $rate_val)
{
global $connection, $db_info;
if (databaseConnection()) {
try {
if ($rate_val == "like") {
$sql = "INSERT INTO {$db_info['likes_tbl']} SET ID_MEMBER = :user_id, ID_ADDON = :addon_id";
} elseif ($rate_val == "unlike") {
$sql = "DELETE FROM {$db_info['likes_tbl']} WHERE ID_MEMBER = :user_id AND ID_ADDON = :addon_id";
}
$statement = $connection->prepare($sql);
$statement->bindValue(':user_id', $user_id);
$statement->bindValue(':addon_id', $addon_id);
$statement->execute();
return true;
} catch (Exception $e) {
return false;
}
}
return false;
}
public function compareCurrentRelease($record_id)
{
global $connection, $db_info, $mb;
if (databaseConnection()) {
try {
$sql = "SELECT * FROM {$db_info['mb_all']} WHERE ID_ALLVERSIONS = :id";
$statement = $connection->prepare($sql);
$statement->bindValue(':id', $record_id);
$statement->execute();
$result = $statement->fetchAll(PDO::FETCH_ASSOC);
if (count($result) > 0) {
if ($result[0]['version'] == $mb['musicbee_download']['stable']['version']) {
return true;
} else {
return false;
}
} else {
return false;
}
} catch (Exception $e) {
$this->errorMessage = $this->errorMessage . $e;
return true;
}
}
return true;
}
/**
* Get all Website setting
*
* @return array
*/
function getSetting()
{
global $connection, $db_info;
if (databaseConnection()) {
try {
$sql = "SELECT * FROM {$db_info['settings_tbl']}";
$statement = $connection->prepare($sql);
$statement->execute();
$result = array_map('reset', array_map('reset', $statement->fetchAll(PDO::FETCH_GROUP | PDO::FETCH_ASSOC)));
$result['showPgaeLoadTime'] = $result['showPgaeLoadTime'] == 1 ? true : false;
$result['addonSubmissionOn'] = $result['addonSubmissionOn'] == 1 ? true : false;
$result['imgurUploadOn'] = $result['imgurUploadOn'] == 1 ? true : false;
return $result;
} catch (Exception $e) {
}
}
}
/**
* Check if user has reached submission limit per day
*
* @return bool
*/
function canUserSubmitAnymoreToday()
{
global $connection, $db_info, $mb, $setting;
$currentdate = date("F j, Y");
if (databaseConnection()) {
try {
$sql = "SELECT * FROM {$db_info['addon_tbl']} WHERE publish_date = :pub_date AND ID_AUTHOR = {$mb['user']['id']}";
$statement = $connection->prepare($sql);
$statement->bindValue(':pub_date', $currentdate);
$statement->execute();
$result = count($statement->fetchAll(PDO::FETCH_ASSOC));
if ($result <= $setting['maximumAddonSubmissionPerDay']) {
return true;
} else {
return false;
}
} catch (Exception $e) {
}
}
}
/**
* Get count of all the addon submitted by the User
*
* @param $user_id
*
* @return int|null
*/
public function getAddonCountByUser($user_id)
{
global $connection, $db_info;
if (databaseConnection()) {
try {
$sql = "SELECT * FROM {$db_info['addon_tbl']} WHERE ID_AUTHOR = :user_id AND status = 1";
$statement = $connection->prepare($sql);
$statement->bindValue(':user_id', $user_id);
$statement->execute();
$result = $statement->fetchAll(PDO::FETCH_ASSOC);
return count($result);
} catch (Exception $e) {
}
}
return null;
}
/**
* @param string $searchquery
* @param null $cat_input
* @param int $status_input
* @param null $authorid
* @param int $offset
* @param int $range
* @param string $orderby
*
* @return mixed
*/
public function searchAddons($searchquery, $cat_input = null, $status_input = 1, $authorid = null, $offset = 0, $range = 20, $orderby = "ID_ADDON DESC", $skip_count = null)
{
global $connection, $mb;
//Create arrays for SQL value binding
if ($cat_input == null) {
$cat_array = array_keys($mb['main_menu']['add-ons']['sub_menu']);
} elseif (!is_array($cat_input)) {
$cat_array = Format::createSqlArrayParam($cat_input);
} else {
$cat_array = $cat_input;
}
if (!is_array($status_input)) {
$status_array = Format::createSqlArrayParam($status_input);
} else {
$status_array = $status_input;
}
//sanitize input
$cat = Format::safeSqlArray($cat_array);
$status = Format::safeSqlArray($status_array);
if (!is_array($searchquery)) {
$searchquery = trim($searchquery);
//create an array from spaces between wrods
$search_array = Format::safeSqlSearchArray($searchquery);
//replace spaces and create a compact string, and then create a single array
$search_sort_term = array(str_replace(' ', '', $searchquery));
//add % sign on both end and do not replace spaces this time. and then create an array from spaces in between
$search_sort_term_unmod = preg_filter(['/^/', '/$/'], ['%$0', '$0%'], array(Format::safeSqlSearchArray($searchquery)[0]));
//Create another array which * sign after all array keys
$search_array_fulltext = preg_filter('/$/', '$0*', $search_array);
//create another array which has % sign before and at the end of all array keys
$search_array_like = preg_filter(['/^/', '/$/'], ['%$0', '$0%'], $search_array);
$cat_status_array = array_merge($cat_array, $status_array);
//If placeholder input has only 1 word in it then use mysql %LIKE% for searching
if (count($search_array) == 1) {
//create another array like "?,?,?,?...", this will prevent sql injection
$placeholder = Format::safeSqlArray($search_array);
//If search query is blank then get all
if (empty($searchquery)) {
//Now Merge all the arrays together and
$bindedVal = $cat_status_array;
} else {
if ($authorid == null) {
$bindedVal = array_merge($cat_status_array, $search_array_like, $search_array_like, $search_array_like, $search_array_fulltext, $search_sort_term, $search_sort_term_unmod);
} else {
$bindedVal = array_merge($cat_status_array, $search_array_like, $search_array_like, $search_array_fulltext, $search_sort_term, $search_sort_term_unmod);
}
}
} else {
//Unlike privously where we created array like "?,?,?,...", this time for FULLTEXT placeholder we are omitting
//commas and instead will use spaces
$placeholder = Format::safeSqlArrayFullText($search_array);
if ($authorid == null) {
//Create another single array of all sanitized array, we will pass it into execute() method
$bindedVal = array_merge($cat_status_array, $search_array_fulltext, $search_array_fulltext, $search_sort_term_unmod, $search_array_fulltext, $search_array_fulltext, $search_sort_term, $search_sort_term_unmod);
} else {
$bindedVal = array_merge($cat_status_array, $search_array_fulltext, $search_sort_term_unmod, $search_array_fulltext, $search_array_fulltext, $search_sort_term, $search_sort_term_unmod);
}
}
}
$search_sql = $this->generateQuery("result", $range, $offset, $placeholder, $search_array, $authorid, $status, $cat, $searchquery, $orderby);
$row_count_sql = $this->generateQuery("count", $range, $offset, $placeholder, $search_array, $authorid, $status, $cat, $searchquery, $orderby);
if (databaseConnection()) {
try {
//Get the result data
$search_statement = $connection->prepare($search_sql);
$search_statement->execute($bindedVal);
$data['result'] = $search_statement->fetchAll(PDO::FETCH_ASSOC);
if ($skip_count == null) {
//Get the total row count for pagination
$count_statement = $connection->prepare($row_count_sql);
$count_statement->execute($bindedVal);
$data['row_count'] = count($count_statement->fetchAll(PDO::FETCH_ASSOC));
}
//return showQuery($search_sql, $bindedVal);
return $data;
} catch (Exception $e) {
var_dump($e);
}
}
return null;
}
function postRows()
{
$pdo = databaseConnection();
$sql = "SELECT TravelPost.PostID , TravelPostImages.ImageID, Path, Title, Message, PostTime, FirstName, LastName, TravelUserDetails.UID \n" . "FROM TravelPostImages\n" . "INNER JOIN TravelPost\n" . "ON TravelPostImages.PostID = TravelPost.PostID\n" . "INNER JOIN TravelUserDetails\n" . "ON TravelPost.UID = TravelUserDetails.UID\n" . "INNER JOIN TravelImage\n" . "ON TravelImage.ImageID = TravelPostImages.ImageID\n" . "ORDER BY `TravelPost`.`PostID` ASC";
$result = $pdo->query($sql);
$lastPostID = 0;
foreach ($result as $statement) {
if ($statement['PostID'] != $lastPostID) {
$statement['FirstName'] = utf8_encode($statement['FirstName']);
$statement['LastName'] = utf8_encode($statement['LastName']);
$name = $statement['FirstName'] . " " . $statement['LastName'];
$concatMsg = substr($statement['Message'], 0, 197);
$concatMsg = utf8_encode($concatMsg);
$concatMsg = $concatMsg . "...";
$PostTime = substr($statement['PostTime'], 0, 10);
echo "<div class='row'>" . " <div class='col-md-2'>";
echo "<a href='single-image.php?id=" . $statement['ImageID'] . "'>";
echo "<img src='travel-images/square-medium/" . $statement['Path'] . "' alt='" . $statement['Title'] . "' class='img-thumbnail'/></a>";
echo "</div>" . "<div class='col-md-10'>" . "<h2>" . $statement['Title'] . "</h2>";
echo "<div class='details'>" . "Posted by <a href='single-user.php?id=" . $statement['UID'] . "'>" . $name . "</a>";
echo "<span class='pull-right'>" . $PostTime . "</span>" . " </div>" . "<p class='excerpt'>";
echo $concatMsg . "</p> <p>";
echo "<a href='single-post.php?id=" . $statement['PostID'] . "' class='btn btn-primary btn-sm'>Read more</a>";
echo "</p></div></div><hr/>";
$lastPostID++;
}
}
$pdo = null;
}
