public static function edit($data)
{
$p = array('title' => array('required' => true, 'type' => 'string', 'maxlength' => 140, 'label' => 'Titulo'), 'text' => array('required' => true, 'type' => 'string', 'label' => 'Texto'), 'image' => array('required' => false, 'type' => 'thumbnail', 'label' => 'Imagen'), 'tags' => array('required' => false, 'type' => 'string', 'label' => 'Tags'));
$v = new Validator();
$response = $v->validate($data, $p);
if (!$response['success']) {
return M::cr(false, $data, $response['msg']);
}
PDOSql::$pdobj = pdoConnect();
if (isset($_FILES['image']['name'])) {
$response = File::up2Web($_FILES['image']);
if ($response->success) {
// remove old image...
if (isset($data['old_image'])) {
File::unlinkWeb($data['old_image']);
}
$image = $response->data[0];
} else {
return M::cr(false, $data, $response->msg);
}
} else {
$image = '';
}
$params = array($data['title'], $data['text'], $image, $data['tags'], $data['id'], $_SESSION['userNAME']);
$where = array(' id = ?', 'author = ?');
$query = "UPDATE entries SET title = ?, text = ?, image = ?, tags = ? {%WHERE%}";
PDOSql::update($query, $params, $where);
return M::cr(true, array(), 'Se han actualizado los datos correctamente');
}
function connectDB($dbConfig)
{
$dbh = pdoConnect($dbConfig);
$dbh->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
$dbh->set_charset('utf8');
return $dbh;
}
static function resetPassword($data)
{
PDOSql::$pdobj = pdoConnect();
$hash = Sql::esc($data['h']);
$type = Sql::esc($data['t']);
$email = Sql::esc($data['q']);
$pass1 = Sql::esc($data['pass1']);
$pass2 = Sql::esc($data['pass2']);
if ($pass1 !== $pass2) {
return array('success' => false, 'data' => '', 'msg' => 'Las contraseñas no coinciden');
}
if ($type == 'C') {
$get_hash = "SELECT id, email, resetHash from clientes where email ='" . $email . "' AND resetHash = '" . $hash . "'";
$delete_hash = "UPDATE clientes set password = MD5('" . $pass1 . "'), resetHash = null where email ='" . $email . "' AND resetHash = '" . $hash . "'";
} elseif ($type == 'U') {
$get_hash = "SELECT id, email, resetHash from usuarios where email ='" . $email . "' AND resetHash = '" . $hash . "'";
$delete_hash = "UPDATE usuarios set password = MD5('" . $pass1 . "'), resetHash = null where email ='" . $email . "' AND resetHash = '" . $hash . "'";
} else {
return array('success' => false, 'data' => '', 'msg' => 'Problema con el reseteo');
}
$h = Sql::fetch($get_hash);
if (count($h) == 1) {
$u = Sql::update($delete_hash);
return array('success' => true, 'data' => array('id' => $h[0]['id']), 'msg' => 'Se realizo la operacion con exito.');
} else {
return array('success' => false, 'data' => '', 'msg' => 'Codigo invalido');
}
}
function connectDB($dbConfig)
{
$dbh = pdoConnect($dbConfig);
$dbh->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
$dbh->exec("SET NAMES 'utf8'");
$dbh->exec("SET AUTOCOMMIT = 0");
return $dbh;
}
function complete_schedule($sch_id, $status)
{
//$status = "CMP"; //CMP => Completed Status
$query = "UPDATE scheduler SET execution_status = '" . $status . "' WHERE id = " . $sch_id;
$db = pdoConnect();
$stmt = $db->prepare($query);
$stmt->execute();
}
static function deleteOld()
{
PDOSql::$pdobj = pdoConnect();
$id = Sql::esc($id);
$iduser = Sql::esc($_SESSION['userID']);
$res = Sql::delete("DELETE from notifications WHERE status = '1' AND view_date < NOW() - INTERVAL 1 month");
return array('success' => true, 'data' => $res, 'msg' => '');
}
static function getData($id)
{
PDOSql::$pdobj = pdoConnect();
$d = PDOSql::select("SELECT name, bg_image, subtitle FROM users WHERE id = ?", array($id));
if (count($d) > 0) {
$data['name'] = $d[0]['name'];
$data['bg_image'] = $d[0]['bg_image'];
$data['subtitle'] = $d[0]['subtitle'];
return M::cr(true, $data);
} else {
return M::cr(false, array('user' => array()), 'No se encontraron datos del usuario');
}
}
function check_if_admin_loggedin()
{
if (!isset($_SESSION['user_id'])) {
return false;
}
//No user, no admin
$dbh = pdoConnect();
//echo json_encode( $_SESSION['user_id'] );
$stmt = $dbh->prepare("SELECT role FROM users WHERE user_id = :user_id");
$stmt->bindParam(':user_id', $_SESSION['user_id'], PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
if ($row['role'] == "A") {
return true;
} else {
return false;
}
}
/**
* Activate user based on $user_id.
* @param int $user_id the id of the user to activate.
* @return boolean
*/
function activateUser($user_id)
{
// This block automatically checks this action against the permissions database before running.
if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
try {
global $db_table_prefix;
$db = pdoConnect();
$sqlVars = array();
$query = "UPDATE " . $db_table_prefix . "users\n SET active = 1\n WHERE\n id = :user_id\n LIMIT 1";
$stmt = $db->prepare($query);
$sqlVars[':user_id'] = $user_id;
$stmt->execute($sqlVars);
if ($stmt->rowCount() > 0) {
return true;
} else {
addAlert("danger", "Invalid user id specified.");
return false;
}
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
}
}
" ALT="" BORDER="0" WIDTH="299" HEIGHT="95"></A>
<BR><BR>
</CENTER>
</TD>
</TR></TABLE>
<!-- Header table -->
<?php
//===================================================================================
//Identify the type of query
if ((strpos($detailSelect, "sp_") ? strpos($detailSelect, "sp_") + 1 : 0) > 0 || (strpos($detailSelect, "xp_") ? strpos($detailSelect, "xp_") + 1 : 0) > 0) {
$isStoredProcedure = true;
} else {
$isStoredProcedure = false;
}
//Connect to the the user database
$conn_udb = pdoConnect($udb_server, $udb_name, $udb_username, $udb_password);
$paramStr = "";
$paramTitle = "";
//===================================================================================
//This section constructs and runs a title query if necessary
if (queryHasParams($titleSelect)) {
$paramStr = buildParamTitle($titleSelect);
traceHide("paramStr=" . $paramStr);
$titleSelect = buildSQLQuery($titleSelect);
traceHide("titleSelect=" . $titleSelect);
$udbStmt = pdoQuery($titleSelect, $conn_udb);
$udbRows = pdoFetch($udbStmt);
$paramTitle = "<BR>";
foreach ($udbRows as $row) {
foreach ($row as $fieldName => $dataItem) {
$paramTitle = $paramTitle . "<span class=\"ahTitle\">" . $fieldName . ": " . $dataItem . "</span><br />";
function create_job($obj)
{
global $data;
$data = $obj;
$job_name = $data->job_name;
$frequency = $data->frequency;
$message = $data->message;
$recipients = $data->recipients;
$params = json_decode("{}");
$params->days = $data->param_days;
$params->dates = $data->param_dates;
$params->months = $data->param_months;
//$params = $data->parameters;
//die( json_encode($params) );
if ($frequency != 'I') {
$start = get_php_timestamp($data->start_date);
}
//$end = get_php_timestamp($data->end_date);
$recur = $data->recur;
$schedules = array();
if ($frequency == 'I') {
$start = strtotime("now");
array_push($schedules, strtotime("now"));
} elseif ($frequency == 'O') {
array_push($schedules, $start);
} elseif ($frequency == 'D') {
//array_push($schedules,$start);
//$date = $start;
for ($i = 0; $i < $recur; $i++) {
$date = add_js_timestamp($data->start_date, $frequency, $i);
array_push($schedules, $date);
}
} elseif ($frequency == 'W') {
for ($i = 0; $i < count($params->days); $i++) {
$start_week_date = get_start_day($params->days[$i], $start);
for ($j = 0; $j < $recur; $j++) {
$date = add_js_timestamp(date_string($start_week_date), $frequency, $j);
//Add weekly count
array_push($schedules, $date);
}
}
} elseif ($frequency == 'M') {
for ($i = 0; $i < count($params->months); $i++) {
for ($j = 0; $j < count($params->dates); $j++) {
if ($params->dates[$j] > 31) {
$str = "";
//Its a special date, use it intelligently !!
//String format ==> 'Last Sunday of December 2015'
switch ($params->dates[$j]) {
case 41:
//First Day
$str = "First ";
break;
case 42:
//Second Day
$str = "Second ";
break;
case 43:
//Third Day
$str = "Third ";
break;
case 44:
//Fourth Day
$str = "Fourth ";
break;
case 45:
//Last Day
$str = "Last ";
break;
}
$day = $str;
for ($k = 0; $k < count($params->days); $k++) {
$str = "";
$str = $day . $days[$params->days[$k]];
$str = $str . " of ";
$str = $str . "" . $months[$params->months[$i]];
$str = $str . "" . get_year($data->start_date);
array_push($schedules, strtotime($str));
}
} else {
$date = get_month_date($params->dates[$j], $params->months[$i]);
array_push($schedules, $date);
}
}
}
}
//Save entries to the Database
$db = pdoConnect();
$query = "INSERT INTO jobs\n\t\t\t(`name`, `frequency`, `recur`, `message`, `recipients`, `start_date`, `parameters`, `user_id`) \n\t\t\tVALUES \n\t\t\t(:name, :frequency, :recur, :message, :recipients, :start_date, :parameters, :user_id );";
$sqlVars = array();
$obj_recipients = json_decode("{}");
//Create Object
$obj_recipients->values = $recipients;
$sqlVars[':name'] = $job_name;
$sqlVars[':frequency'] = $frequency;
$sqlVars[':recur'] = $recur;
$sqlVars[':message'] = $message;
$sqlVars[':recipients'] = json_encode($obj_recipients);
$sqlVars[':start_date'] = date_string($start);
$sqlVars[':parameters'] = json_encode($params);
$sqlVars[':user_id'] = "";
//$this->userID;
//die( json_encode($sqlVars) ) ;
$stmt = $db->prepare($query);
$stmt->execute($sqlVars);
$job_id = $db->lastInsertId();
$query = "INSERT INTO scheduler\n\t\t\t(`job_id`, `execution_date`) \n\t\t\tVALUES \n\t\t\t(:job_id, :execution_date);";
$sqlVars = array();
$sqlVars[':job_id'] = $job_id;
$schedule_id = -1;
$schedule_strings = array();
foreach ($schedules as $schedule) {
$sqlVars[':execution_date'] = date_string($schedule);
$stmt = $db->prepare($query);
$stmt->execute($sqlVars);
$schedule_id = $db->lastInsertId();
array_push($schedule_strings, array("id" => $schedule_id, "date" => date_string($schedule)));
//echo date_string($schedule)."\n";
}
//***** Return output ******//
$history = array();
if ($frequency == 'I') {
$history = send_to_recipients($obj_recipients, $message, $schedule_id);
}
return array("job_id" => $job_id, "schedules" => $schedule_strings, "history" => $history);
}
<?php
// adHocMenu.php
session_start();
require_once "adHocConst.php";
require_once "adHocInclude.php";
$connAdHoc = pdoConnect(cAdHocServer, cAdHocDatabase, cAdHocUsername, cAdHocPassword);
//get today's date
$pageDate = dateNow();
//request sitenum takes precedent over session sitenum
if (isset($_REQUEST["sitenum"])) {
$siteNum = $_REQUEST["sitenum"];
} else {
if (isset($_SESSION["sitenum"])) {
$siteNum = $_SESSION["sitenum"];
} else {
$siteNum = "1";
}
}
$_SESSION["sitenum"] = $siteNum;
traceHide("sitenum=" . $siteNum);
if (isset($_REQUEST["nextmenu"])) {
$nextMenu = $_REQUEST["nextmenu"];
} else {
$nextMenu = "1";
}
traceHide("nextmenu=" . $nextMenu);
$sql = " SELECT menu_num, line_num, title, sub_menu_num, select_stmt" . " FROM menus" . " LEFT JOIN queries ON main_query_num = query_num" . " WHERE menu_num = " . $nextMenu . " AND hidden = 0" . " ORDER BY menu_num, line_num";
$adHocStmt = pdoQuery($sql, $connAdHoc);
$adHocRows = pdoFetch($adHocStmt);
?>
static function rubros()
{
PDOSql::$pdobj = pdoConnect();
$rubs = Sql::fetch("SELECT rubro from rubros_generales ORDER BY id");
$r = array();
foreach ($rubs as $rub) {
$r[] = array('rubro' => $rub['rubro']);
}
return $r;
}
function getCityId($cityName)
{
$db = pdoConnect();
$query = "SELECT id from `city` WHERE cityName = '" . $cityName . "'";
//echo $query;
$stmt = $db->prepare($query);
if (!$stmt->execute()) {
// Error: column does not exist
return -1;
} else {
$row = null;
$row = $stmt->fetch();
if (!$row) {
return -1;
} else {
return $row["id"];
}
}
return -1;
}
function dbDeleteActionPermit($action_id, $type)
{
try {
global $db_table_prefix;
$db = pdoConnect();
$table = "";
if ($type == "user") {
$table = "user_action_permits";
} else {
if ($type == "group") {
$table = "group_action_permits";
} else {
return false;
}
}
$query = "DELETE FROM " . $db_table_prefix . $table . " WHERE id = :action_id";
$stmt = $db->prepare($query);
$sqlVars = array(':action_id' => $action_id);
$stmt->execute($sqlVars);
if ($stmt->rowCount() > 0) {
return true;
} else {
addAlert("danger", "Invalid action_id specified.");
return false;
}
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
}
}
<?php
/* This PHP will run regularly at regular intervals */
require_once "db-settings.php";
//Require DB connection
require "scheduler_functions.php";
//Require scheduler functions
// Constants
$status_new = "NEW";
$status_failed = "FLD";
//Current Date & time
$curr_dt_time = "" . date("Y-m-d H:i:s", strtotime("now"));
//Get current Date & Time
//die( $curr_dt_time );
//Select Scheduler entries that are pending
$db = pdoConnect();
$query = "Select sch.id, sch.job_id, job.message, job.recipients from scheduler as sch INNER JOIN jobs as job ON sch.job_id = job.id WHERE sch.execution_status IN ('" . $status_new . "','" . $status_failed . "') AND sch.execution_date <= '" . $curr_dt_time . "' ";
$stmt = $db->prepare($query);
$stmt->execute();
$row = $stmt->fetch();
while ($row) {
//echo "<br>".json_encode($row);
send_to_recipients(json_decode($row['recipients']), $row['message'], $row['id']);
$row = $stmt->fetch();
}
function DataSource($table, $parameters)
{
$this->db = pdoConnect();
$this->table = $table;
}
function fetchUserMin($user_id)
{
try {
global $db_table_prefix;
$results = array();
$db = pdoConnect();
$sqlVars = array();
$query = "select {$db_table_prefix}users.id as user_id, user_name, display_name from {$db_table_prefix}users where {$db_table_prefix}users.id = :user_id";
$sqlVars[':user_id'] = $user_id;
$stmt = $db->prepare($query);
$stmt->execute($sqlVars);
if (!($results = $stmt->fetch(PDO::FETCH_ASSOC))) {
addAlert("danger", "Invalid user id specified");
return false;
}
$stmt = null;
return $results;
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
}
}
} elseif (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 4) {
$message = 'Incorrect Length for Password';
} elseif (ctype_alnum($_POST['username']) != true) {
/*** if there is no match ***/
$message = "Username must be alpha numeric";
} elseif (ctype_alnum($_POST['password']) != true) {
/*** if there is no match ***/
$message = "Password must be alpha numeric";
} else {
/*** if we are here the data is valid and we can insert it into database ***/
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$password = sha1($password);
try {
$dbh = pdoConnect();
/*** $message = a message saying we have connected ***/
/*** set the error mode to excptions ***/
//$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** prepare the insert ***/
$stmt = $dbh->prepare("INSERT INTO users (username, password ) VALUES (:username, :password )");
/*** bind the parameters ***/
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);
/*** execute the prepared statement ***/
$stmt->execute();
/*** unset the form token session variable ***/
unset($_SESSION['form_token']);
/*** if all is done, say thanks ***/
$message = 'New user added';
} catch (Exception $e) {
