function getData()
{
if (!$this->isLoggedIn()) {
return NULL;
}
$conn = connectToDB();
$user = GetSingleDbValue("SELECT * FROM `Users` WHERE `UserID`='" . $this->userID . "'", $conn);
$conn->close();
return $user;
}
function DisplayFullText()
{
$conn = connectToDB();
$FeedbackID = $_GET['FeedbackID'];
SanitizeIn($FeedbackID);
$sql = "SELECT `Text` FROM `Feedbacks` WHERE `FeedbackID`='" . $FeedbackID . "'";
$feedback = GetSingleDbValue($sql, $conn);
if (!$feedback) {
echo 'No such feedback found.';
} else {
echo SanitizeOut($feedback['Text']);
}
$conn->close();
}
function CheckedQueryAndGetID($query, $conn)
{
//begin transaction, to prevent LAST_INSERT_ID() weirdness
$conn->query("START TRANSACTION");
//run the query
$succeeded = CheckedQuery($query, $conn);
//Then grab the auto-increment key
$id = GetSingleDbValue("SELECT LAST_INSERT_ID()", $conn);
$id = $id['LAST_INSERT_ID()'];
//end transaction, even if transaction failed
$conn->query("COMMIT");
if (!$succeeded) {
return NULL;
} else {
return $id;
}
}
function forgotPasswordCheck($Email, $Code, $Password, $Confirm)
{
if ($Password !== $Confirm) {
return false;
}
$conn = connectToDB();
$userInfo = GetSingleDbValue("SELECT `ExtraHash`, `Salt`, `UserID` FROM `Users` WHERE `EmailAddress`='" . $Email . "'", $conn);
if (!$userInfo) {
$conn->close();
return false;
}
if (hash("sha256", $Code . $userInfo['Salt']) !== $userInfo['ExtraHash']) {
$conn->close();
return false;
}
$newInfo = saltPasswordForUpdate($Password);
CheckedQuery("UPDATE `Users` SET `SaltedHash`='" . $newInfo['SaltedHash'] . "', 'Salt'='" . $newInfo['Salt'] . "', 'ExtraHash'='' WHERE `EmailAddress`='" . $Email . "'", $conn);
$conn->close();
return;
}
