function get_siteInfo($TcName)
{
// Busca en la tabla de configuraciones el valor establecido
$query = "SELECT valor,tipo FROM Configuracion WHERE idConfiguracion = '{$TcName}'";
include_once './dataBaseClass/connection.php';
$cDb = new DataBase();
$result = $cDb->query($query);
$row = mysqli_fetch_assoc($result);
return $row["valor"];
}
/**
* 根据时间戳和联系人ID获取快照分组名
* @param int $user_id 用户ID
* @param int $cid 联系人ID
* @param int $dateline 时间戳
* @return string
*/
public function get_snapshot_category_by_cid($user_id, $cid, $dateline)
{
$sql = sprintf("SELECT category_id FROM %s WHERE uid = %d AND snapshot_id = %d AND cid = %d", $this->get_table($user_id, 'contact_classes_snapshot'), $user_id, $dateline, $cid);
$query = $this->db->query($sql);
if ($query->count()) {
$result = array();
$res = $query->result_array(FALSE);
foreach ($res as $val) {
$result[] = $val['category_id'];
}
return $result;
}
return array();
}
/**
* 获取联系信息列表
* @param int $id 联系人ID
* @return array
*/
private function _get_info_list($id, $type = 'emails')
{
switch ($type) {
case 'tels':
$row = '`type`, `value`, `pref`, `city`';
break;
case 'addresses':
$row = '`type`, `country`, `postal`, `region`, `city`, `street`';
break;
case 'ims':
$row = '`protocol`, `type`, `value`';
break;
default:
$row = '`type`, `value`';
break;
}
$query = $this->db->query("SELECT {$row} FROM `gcp_{$type}` WHERE `gcid` = '{$id}' ORDER BY `id` ASC");
return $query->result_array(FALSE);
}
<?php
try {
$allowGuest = $hideDefaultView = true;
require '../framework/inc.php';
} catch (Exception $e) {
die('Invalid DataBase informations <a href="javascript:window.history.back();">Launch installation wizard</a>');
}
try {
DataBase::query(file_get_contents('db-setup.sql'));
echo 'Please remove the <strong>install</strong> folder.<br /><a href="..">Done !</a>';
Page::setTitle('Installation Wizard');
Page::send();
} catch (Exception $e) {
echo '<h1>DataBase Error</h1>' . $e->message;
}
/**
* Find the related objects of the model
* @param $table The name of the table of the objects
* @param $conditions The relation conditions
* @return array Array of objects
*/
public function _findRelations($table, $conditions)
{
if (count($conditions) == 0) {
$query = "SELECT * FROM {$table}";
} else {
$query = "SELECT * FROM {$table} WHERE ( {$conditions} )";
}
$db2 = new DataBase();
$db2->query($query);
$numResults = $db2->numRows();
$results = array();
for ($i = 0; $i < $numResults; $i++) {
$result = $db2->fetchObject();
$results[] = new $table($result);
}
return $results;
}
<?php
session_start();
if (!isset($_SESSION['login_user']) || empty($_SESSION['login_user'])) {
header("Location: /Cobranza/index.php");
exit;
}
$idCliente = filter_input(INPUT_GET, 'id');
$nombre = filter_input(INPUT_GET, 'Nombre');
include './dataBaseClass/connection.php';
$cDb = new DataBase();
$result = $cDb->query("SELECT * FROM ExpedienteElectronico WHERE idCliente = {$idCliente}");
?>
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button
<h1 class="modal-title">Agregar Expediente al Cliente: <?php
echo $nombre;
?>
</h1>
</div>
<div class="modal-body" style="margin: 20px;">
<table id="tblExpedientes" class="table table-striped table-bordered" cellspacing="0" width="100%">
<thead>
<tr>
<th>Id</th>
<th>Nombre Archivo</th>
<th>Acciones</th>
</tr>
if ($mail['sender'] == User::getID()) {
$r = DataBase::update('messages', array('sender_dir' => $_GET['dir']), array('ID' => $_GET['ID'], 'sender' => User::getID()))->fetch();
} else {
if ($mail['recipient'] == User::getID()) {
$r = DataBase::update('messages', array('recipient_dir' => $_GET['dir']), array('ID' => $_GET['ID'], 'recipient' => User::getID()))->fetch();
} else {
die('<h3>Mail not found</h3>');
}
}
} else {
die('<h3>That\'s not your mail !</h3>');
}
die('true');
break;
case 'unread':
$unread = DataBase::query('SELECT COUNT(*) FROM messages WHERE opened = 0 AND recipient_dir = ' . DataBase::_secure($_GET['folder']) . ' AND recipient = ' . User::getID())->fetch()[0];
if (strval($unread)) {
die($unread);
} else {
die;
}
break;
case 'send':
// check message HTML does not comport malicious tags
// for example with HTMLPurify PHP library
$recipient = DataBase::get('users', array('ID'), array('fullname' => $_POST['recipient']));
if (!count($recipient) || $recipient === false) {
die('false');
}
if (DataBase::insert('messages', array('sender' => User::getID(), 'recipient' => $recipient[0]['ID'], 'subject' => htmlspecialchars($_POST['subject']), 'content' => $_POST['content'], 'sent' => array('NOW()'), 'opened' => 0, 'answerTo' => 0, 'sender_dir' => 'sent', 'recipient_dir' => 'inbox'))) {
if (DataBase::insert('messages', array('sender' => User::getID(), 'recipient' => $recipient[0]['ID'], 'subject' => htmlspecialchars($_POST['subject']), 'content' => $_POST['content'], 'sent' => array('NOW()'), 'opened' => 0, 'answerTo' => 0, 'sender_dir' => 'sent', 'recipient_dir' => 'sent'))) {
function delete($class, $where = "")
{
$temp_class = new $class();
$query = new Query($temp_class->__table__, "delete");
if ($where != "") {
$query->where = $where;
}
$db = new DataBase();
$db->connect();
//echo $query->build();
$res = $db->query($query);
return $res;
}
public function findOneByPK()
{
$sql = 'SELECT * FROM ' . static::$table . ' WHERE id=:id';
$db = new DataBase();
return $db->query($sql, [':id' => $this->id])[0];
}
function set_main($photo, $i)
{
$r = new DataBase();
$r->query("DELETE FROM photo_main WHERE folder = '" . $photo['folder'] . "'");
$r->query("INSERT INTO photo_main (folder, count) VALUES('" . $photo['folder'] . "', " . $i . ")");
}
require 'framework/inc.php';
Page::setTitle('Home');
?>
<div class="row">
<div class="col-lg-3">
<div class="widget style1 lazur-bg">
<div class="row">
<div class="col-xs-4">
<i class="fa fa-envelope-o fa-5x"></i>
</div>
<div class="col-xs-8 text-right" widget="new-messages">
<span> New messages </span>
<h2 class="font-bold"><?php
echo DataBase::query('SELECT COUNT(*) FROM messages WHERE opened = 0 AND recipient = ' . User::getID())->fetch()[0];
?>
</h2>
</div>
</div>
</div>
</div>
<!--<div class="col-lg-3">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span class="label label-success pull-right">Monthly</span>
<h5>Income</h5>
</div>
<div class="ibox-content">
<h1 class="no-margins">40 886,200</h1>
<div class="stat-percent font-bold text-success">98% <i class="fa fa-bolt"></i></div>
//Verify if account exists
$haserror = true;
foreach ($accounts->get() as $acc) {
if ($_DATA['id'] == $acc['id']) {
$haserror = false;
$forProfileId = $acc['profile_id'];
break;
}
}
if ($haserror) {
RestUtils::sendResponse('406', array('data' => 'accountId', 'message' => 'A conta escolhida não existe.'));
exit;
}
if ($forProfileId != CurrentUser::getId()) {
RestUtils::sendResponse('406', array('data' => 'accountId', 'message' => 'A conta escolhida não pertence ao usuário.'));
exit;
}
//Disable STATUS
$sql->query("UPDATE accounts SET status = 0 WHERE id = '" . $_DATA['id'] . "'");
//Close Connection
$sql->close();
RestUtils::sendResponse('200');
exit;
break;
/////////////////////////////////////DEFAULT
/////////////////////////////////////DEFAULT
default:
RestUtils::sendResponse('405', array('message' => 'O método escolhido não é suportado.'));
exit;
break;
}
<?php
require 'framework/inc.php';
if (!isset($_GET['request'])) {
die('<h3>Bad request</h3>');
}
$req = $_GET['request'];
$ans = DataBase::query('SELECT ID, fullname FROM users WHERE fullname LIKE ' . DataBase::_secure('%' . $req . '%'));
$f = array();
while ($data = $ans->fetch()) {
$f[] = $data;
}
die(json_encode($f));
function get_count($id)
{
$db = new DataBase();
$res = $db->query("select SUM(if(type = 'board',1,0)) as 'bcount', SUM(if(type = 'phone',1,0)) as 'pcount' from board_hits WHERE board_id = " . $id);
return mysql_fetch_array($res);
}
$sql = new DataBase();
$sql->connect();
//Verify if exists
$tr = $transactions->get('all', '', '', '', $ID);
$data = $tr;
if (count($tr) == 0) {
RestUtils::sendResponse('406', array('data' => 'transactionId', 'message' => 'Essa transação não existe.'));
}
if ($tr[0]['profile_id'] != CurrentUser::getId()) {
RestUtils::sendResponse('406', array('data' => 'transactionId', 'message' => 'Essa transação não pertence ao perfil.'));
}
//Remove in Ammount
if ($data[0]['account_to'] != '') {
$balance = $accounts->get(1, $data[0]['account_from'], 'balance');
$balance += $data[0]['amount'];
$sql->query("UPDATE accounts SET balance='" . $balance . "' WHERE id = '" . $data[0]['account_from'] . "'");
$sql->query("UPDATE accounts_month_balance AS amb SET amb.balance = amb.balance + " . $data[0]['amount'] . " WHERE amb.account_id = '" . $data[0]['account_from'] . "' AND amb.year >= " . date('Y', strtotime($data[0]['date'])) . " AND amb.month >= " . date('n', strtotime($data[0]['date'])) . "");
$balance = $accounts->get(1, $data[0]['account_to'], 'balance');
$balance -= $data[0]['amount'];
$sql->query("UPDATE accounts SET balance='" . $balance . "' WHERE id = '" . $data[0]['account_to'] . "'");
$sql->query("UPDATE accounts_month_balance AS amb SET amb.balance = amb.balance - " . $data[0]['amount'] . " WHERE amb.account_id = '" . $data[0]['account_to'] . "' AND amb.year >= " . date('Y', strtotime($data[0]['date'])) . " AND amb.month >= " . date('n', strtotime($data[0]['date'])) . "");
} else {
$balance = $accounts->get(1, $data[0]['account_from'], 'balance');
$balance -= $data[0]['amount'];
$sql->query("UPDATE accounts SET balance='" . $balance . "' WHERE id = '" . $data[0]['account_from'] . "'");
$sql->query("UPDATE accounts_month_balance AS amb SET amb.balance = amb.balance - " . $data[0]['amount'] . " WHERE amb.account_id = '" . $data[0]['account_from'] . "' AND amb.year >= " . date('Y', strtotime($data[0]['date'])) . " AND amb.month >= " . date('n', strtotime($data[0]['date'])) . "");
}
//Remove
$sql->query("DELETE FROM transactions_has_tags WHERE transaction_id = '" . $ID . "'");
$sql->query("DELETE FROM transactions WHERE id = '" . $ID . "'");
//Close Connection
function getTransactionTags($count, $id)
{
$sql = new DataBase();
$sql->connect();
$sql->query("\r\n\t\tSELECT tag.*\r\n\t\tFROM tags tag, transactions_has_tags tht\r\n\t\tWHERE tht.transaction_id = '" . $id . "' AND tag.profile_id = " . CurrentUser::getId() . "\r\n\t\tAND tag.id = tht.tag_id\r\n\t\tLIMIT " . $count . "\r\n\t\t");
//Objects
$json = array();
//Data
while ($data = mysql_fetch_array($sql->result)) {
$array = array("id" => $data["id"], "name" => $data["name"]);
array_push($json, $array);
}
//Close connection
$sql->close();
//Return
return $json;
}
<?php
session_start();
if (!isset($_SESSION['login_user'])) {
header("Location: /Cobranza/login.php");
}
include './dataBaseClass/connection.php';
$cDb = new DataBase();
$lEdit = FALSE;
$idCompania = filter_input(INPUT_GET, "idCompania");
$sQuery = "SELECT idTipo, nombre, 0 as marcado FROM TipoPoliza as cat ";
if ($idCompania != "") {
$sQuery = "SELECT idTipo, nombre, if(EXISTS(SELECT idTipo FROM TipoPolizaCompania where idTipo = cat.idTipo AND idCompania = {$idCompania}),1,0) as marcado FROM TipoPoliza as cat ";
$query = "SELECT * FROM Companias WHERE idCompania = {$idCompania}";
$result = $cDb->query($query);
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_array($result);
$lEdit = TRUE;
}
}
$cEncabezado = $lEdit ? "Editando: " . $row['nombre'] : "Compañia Nueva";
$resultTipos = $cDb->query($sQuery);
?>
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button
<h1 class="modal-title"><?php
echo $cEncabezado;
?>
//$transactions = new Transactions;
$accounts = new Accounts();
//Connect
$sql = new DataBase();
$sql->connect();
//Verify if exists
$tr = $transactions->get('all', '', '', '', $ID);
$data = $tr;
if (count($tr) == 0) {
RestUtils::sendResponse('406', array('data' => 'transactionId', 'message' => 'Essa transação não existe.'));
}
if ($tr[0]['profile_id'] != CurrentUser::getId()) {
RestUtils::sendResponse('406', array('data' => 'transactionId', 'message' => 'Essa transação não pertence ao perfil.'));
}
//Remove
$sql->query("DELETE FROM transactions_has_tags WHERE transaction_id = '" . $ID . "'");
$sql->query("DELETE FROM transactions WHERE id = '" . $ID . "'");
//Remove in Ammount
if ($data[0]['account_to'] != '') {
$balance = $accounts->get(1, $data[0]['account_from'], 'balance');
$balance += $data[0]['amount'];
$sql->query("UPDATE accounts SET balance='" . $balance . "' WHERE id = '" . $data[0]['account_from'] . "'");
$balance = $accounts->get(1, $data[0]['account_to'], 'balance');
$balance -= $data[0]['amount'];
$sql->query("UPDATE accounts SET balance='" . $balance . "' WHERE id = '" . $data[0]['account_to'] . "'");
} else {
$balance = $accounts->get(1, $data[0]['account_from'], 'balance');
$balance -= $data[0]['amount'];
$sql->query("UPDATE accounts SET balance='" . $balance . "' WHERE id = '" . $data[0]['account_from'] . "'");
}
//Close Connection
public static function getId()
{
//Get Token
if (isset($_GET['token'])) {
//Verify token
$token = new Token();
if (!$token->verify($_GET['token'])) {
//Connect
$sql = new DataBase();
$sql->connect();
$sql->query("\r\n\t\t\t\t\tSELECT DISTINCT *\r\n\t\t\t\t\tFROM token\r\n\t\t\t\t\tWHERE token = '" . $_GET['token'] . "'\r\n\t\t\t\t");
//Data
while ($data = mysql_fetch_array($sql->result)) {
return $data['profile_id'];
break;
}
} else {
RestUtils::sendResponse('400', array('data' => 'token', 'message' => 'A verificação do token falhou.'));
exit;
}
} else {
RestUtils::sendResponse('412', array('data' => 'token', 'message' => 'O token não foi passado pela URL.'));
exit;
}
}
function getForceBalance($account = "", $from = "", $to = "")
{
//Connect
$sql = new DataBase();
$sql->connect();
//Objects
$json = array();
$accounts = $this->get(50, $account);
//Data
foreach ($accounts as $acc) {
//Query
$balance = 0;
$query = "SELECT transaction.amount, transaction.account_to_id FROM transactions transaction";
$query .= " WHERE (transaction.account_from_id = '" . $acc['id'] . "' OR transaction.account_to_id = '" . $acc['id'] . "')";
if (!empty($from)) {
$query .= " AND transaction.date >= '" . $from . "' ";
}
if (!empty($to)) {
$query .= " AND transaction.date <= '" . $to . "' ";
}
//execute
$sql->query($query);
//Data
while ($data = mysql_fetch_array($sql->result)) {
if ($data["account_to_id"] == $acc["id"]) {
$balance -= $data["amount"];
} else {
$balance += $data["amount"];
}
}
$balance += $acc["initial_balance"];
//Array
$acc['balance'] = round($balance, 2);
$array = $acc;
array_push($json, $array);
}
return $json;
$sql->close();
}
*/
case 'delete':
$ID = $_DATA['id'];
//Connect
$sql = new DataBase();
$sql->connect();
//Verify if exists
$tr = $tags->getUnique($ID);
if (count($tr) == 0) {
RestUtils::sendResponse('406', array('data' => 'tagId', 'message' => 'Essa tag não existe.'));
}
if ($tr[0]['profile_id'] != CurrentUser::getId()) {
RestUtils::sendResponse('406', array('data' => 'tagId', 'message' => 'Essa tag não pertence ao perfil.'));
}
//Remove
$sql->query("DELETE FROM transactions_has_tags WHERE tag_id = '" . $ID . "'");
$sql->query("DELETE FROM tags WHERE id = '" . $ID . "'");
//Close Connection
$sql->close();
RestUtils::sendResponse('200');
break;
/*
* ======================================
* Default
* ======================================
*/
/*
* ======================================
* Default
* ======================================
*/
$generateToken = $token->generate();
//Atribui token ao usuário
$timeToBuildStructure = 1800;
//Segundos (30 * 60 = 30 minutos)
$now = time();
//Tempo atual (segundos desde 1/1/1970)
$finishedBuilding = $now + $timeToBuildStructure;
//Tempo a expirar
$sql4 = new DataBase();
$sql4->connect();
$sql4->query("INSERT INTO token(token,profile_id,expires,application_id) VALUES ('" . $generateToken . "','" . $userdetails['id'] . "','" . date("Y-m-d H:i:s", $finishedBuilding) . "','" . $data['id'] . "')");
}
//Atualiza tempo de último login
$sql4 = new DataBase();
$sql4->connect();
$sql4->query("UPDATE profiles SET last_login='******'this_session'] . "', this_session='" . date("Y-m-d H:i:s") . "' WHERE profiles.id = '" . $userdetails['id'] . "'");
//Construct a new logged in user object
//Transfer some db data to the session object
// $loggedInUser = new loggedInUser();
// $loggedInUser->email = $userdetails["email"];
// $loggedInUser->id = $userdetails["id"];
// $loggedInUser->hash_pw = $userdetails["password"];
// $loggedInUser->display_username = $userdetails["username"];
// $loggedInUser->clean_username = $userdetails["username_clean"];
// $loggedInUser->remember_me = $remember_choice;
// $loggedInUser->api_key = $_DATA['api_key'];
// $loggedInUser->login = $userdetails["email"];
// $loggedInUser->redirect = 'false';
// $loggedInUser->remember_me_sessid = generateHash(uniqid(rand(), true));
// //Update last sign in
// $loggedInUser->updatelast_sign_in();
function getTypes()
{
//Connect
$sql = new DataBase();
$sql->connect();
//Query
$sql->query("\r\n\t\tSELECT DISTINCT type.*\r\n\t\tFROM transactions_type type\r\n\t\tORDER BY type.id\r\n\t\t");
//Objects
$json = array();
//Data
while ($data = mysql_fetch_array($sql->result)) {
$array = array("id" => $data["id"], "name" => $data["name"]);
array_push($json, $array);
}
//Close connection
$sql->close();
//Return
return $json;
}
function run($query)
{
$db = new DataBase();
$db->connect();
$res = $db->query($query);
return $res;
}
<?php
global $hideDefaultView;
global $allowGuest;
if (User::isGuest() && !isset($allowGuest)) {
header('Location: login.php');
}
if (User::isLoggedIn()) {
$unreadMessages = DataBase::query('SELECT COUNT(*) FROM messages WHERE opened = 0 AND recipient_dir = "inbox" AND recipient = ' . User::getID())->fetch()[0];
if (!strval($unreadMessages)) {
$unreadMessages = '';
}
$unreadAlerts = DataBase::query('SELECT COUNT(*) FROM messages WHERE opened = 0 AND recipient_dir = "alerts" AND recipient = ' . User::getID())->fetch()[0];
if (!strval($unreadAlerts)) {
$unreadAlerts = '';
}
}
Page::css('main', true);
Page::css('font-awesome/font-awesome.min', true);
Page::css('inspinia/plugins/sweetalert/sweetalert', true);
Page::css('inspinia/plugins/iCheck/custom', true);
Page::css('inspinia/style', true);
Page::css('inspinia/animate', true);
Page::css('inspinia/bootstrap.min', true);
Page::js('main', true);
Page::js('inspinia/plugins/slimscroll/jquery.slimscroll', true);
Page::js('inspinia/plugins/metisMenu/jquery.metisMenu', true);
Page::js('inspinia/plugins/sweetalert/sweetalert.min', true);
Page::js('inspinia/plugins/iCheck/icheck.min', true);
Page::js('inspinia/inspinia', true);
Page::js('inspinia/bootstrap.min', true);
$sSqlLimit = intval($_POST['sql_limit'], 10);
$sSqlOffset = intval($_POST['sql_offset'], 10);
// get new db object
// (the parameters are stored in the db_config.php file)
$oDB = new DataBase($sHost, $sDbUser, $sDbPasswd, $sDatabase);
$oDB->connect();
// escape the search term
$sSearchTerm = mysql_real_escape_string($_POST['search_term']);
// extend the search term
$sSearchTerm = '%' . $sSearchTerm . '%';
// escape the db field names of the both languages
$sDbLang1 = mysql_real_escape_string($_POST['db_lang_1']);
$sDbLang2 = mysql_real_escape_string($_POST['db_lang_2']);
// now build the query
$sQuery = sprintf("SELECT %s, %s FROM voka WHERE %s LIKE '%s' OR %s LIKE '%s' LIMIT %d, %d", $sDbLang1, $sDbLang2, $sDbLang1, $sSearchTerm, $sDbLang2, $sSearchTerm, $sSqlOffset, $sSqlLimit);
$oResult = $oDB->query($sQuery);
$oDB->disconnect();
if (!$oResult) {
//echo "DB error: " . $oDB->getLastError();
$aReturnCode = array("code" => -1);
echo json_encode($aReturnCode);
return;
}
if (mysql_num_rows($oResult) == 0) {
//echo "No result: ". $oDB->getLastError();
$aReturnCode = array("code" => 0);
echo json_encode($aReturnCode);
return;
}
// determine total number of possible results
$oDB->connect();
<?php
include './Header.php';
include './dataBaseClass/connection.php';
$cDb = new DataBase();
$queryCompanias = "SELECT C.idCompania,C.nombre FROM Companias AS C INNER JOIN TipoPolizaCompania AS T ON T.idCompania = C.idCompania WHERE T.idTipo = 'AUTOMOVIL'";
$resultCompanias = $cDb->query($queryCompanias);
$queryPaquetes = "SELECT idPaquete FROM Paquete WHERE tipoPoliza = 'AUTOMOVIL' GROUP BY idPaquete";
$resultPaquetes = $cDb->query($queryPaquetes);
?>
<script type="text/javascript" src="/Cobranza/js/OrdenTrabajo.js"></script>
<div class="main">
<h1 class="page-header">Orden De Trabajo Automoviles</h1>
<br>
<button type="button" class="btn btn-primary" id="btnGuardar" onclick="GuardaOrdenTrabajo();">Guardar</button>
<br>
<br>
<form id="inputForm">
<div class="row">
<div class= "col-md-2">
<p class="text-right">
<label class="control-label" for="selCompania">Compañia:</label>
</p>
</div>
<div class="col-md-3">
<select class="form-control input-sm" id="selCompania" name="compania">
<option value = "c">Seleccionar compañia</option>
<?php
while ($row = mysqli_fetch_array($resultCompanias)) {
?>
<option value = "<?php
