function getRequestedCategory($categoryID, &$strResponseData) { assert(isset($categoryID)); $arrCategoryItems = array(); $strResponseMessage = "Unsuccessful"; $dbConnection = getDBConnection($strResponseMessage); if (!$dbConnection->connect_errno) { $stmtQuery = "SELECT category_item_id, name, price FROM icaict515a_category_items"; $stmtQuery .= " WHERE category_id=?"; if ($stmt = $dbConnection->prepare($stmtQuery)) { $categoryID = scrubInput($categoryID, $dbConnection); $stmt->bind_param('s', $categoryID); if ($stmt->execute()) { $stmt->bind_result($db_category_item_id, $db_name, $db_price); while ($stmt->fetch()) { $orderItem = new structCategoryItem(); $orderItem->categoryItemID = $db_category_item_id; $orderItem->name = $db_name; $orderItem->price = $db_price; $arrCategoryItems[] = $orderItem; } $strResponseMessage = "Success"; } $stmt->close(); // Free resultset } $dbConnection->close(); } $strResponseData = json_encode($arrCategoryItems); return $strResponseMessage; }
function updateDeptDB($deptID, $deptName, $deptManagerID, $deptBudget) { assert(isset($deptID)); assert(isset($deptName)); assert(isset($deptManagerID)); assert(isset($deptBudget)); global $strResponseMessage; global $strResponseData; $strResponseMessage = "Unsuccessful"; $strResponseData = "Update failed. Please contact Administrator to update details"; $dbConnection = getDBConnection($strResponseMessage); if (!$dbConnection->connect_errno) { $stmtQuery = "UPDATE icaict515a_departments SET name=?, manager_id=?, budget=?"; $stmtQuery .= " WHERE department_id=?"; if ($stmt = $dbConnection->prepare($stmtQuery)) { $deptID = scrubInput($deptID, $dbConnection); $deptName = scrubInput($deptName, $dbConnection); $deptManagerID = scrubInput($deptManagerID, $dbConnection); $deptBudget = scrubInput($deptBudget, $dbConnection); $stmt->bind_param("ssss", $deptName, $deptManagerID, $deptBudget, $deptID); if ($stmt->execute()) { $strResponseMessage = "Success"; if ($dbConnection->affected_rows > 0) { $strResponseData = "Update Successful"; } else { $strResponseData = "Nothing changed. Details are still the same."; } } $stmt->close(); } $dbConnection->close(); } return $strResponseMessage == "Success"; }
function insertNewISORequest($cleanedInputs) { //database-related variables $dbHost = "192.168.122.1"; //ionia's private IP $username = "******"; $password = "******"; $dbname = "testrig"; //actually attempt connecting to the database using PHP's PDO try { $dbLink = new PDO("mysql:host={$dbHost};dbname={$dbname}", $username, $password); //error mode for PDO is exception $dbLink->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $cmd = "INSERT INTO testParameters\n (cid,username,useremail,user_tt_id,requested_tests)\n VALUES (?, ?, ?, ?, ?)"; $statement = $dbLink->prepare($cmd); $CID = scrubInput($_SESSION["CID"]); $statement->execute(array($CID, $cleanedInputs["username"], $cleanedInputs["email"], $cleanedInputs["troubleTicket"], $cleanedInputs["testCSV"])); } catch (PDOException $e) { echo "<h1> Oops! Something went wrong while interacting with the database:</h1> <br>" . $e->getMessage(); return 0; } $dbLink = null; return 1; }
if (!empty($_SESSION["username"])) { print 'You are already logged in, ' . $_SESSION["username"]; } else { if ($_SERVER["REQUEST_METHOD"] == "POST") { $errFlag = 0; if (empty($_REQUEST["trUsername"])) { $inputErrors["trUsername"] = "******"; $errFlag = 1; } if (empty($_REQUEST["trPassword"])) { $inputErrors["trPassword"] = "******"; $errFlag = 1; } if ($errFlag != 1) { $inputs["trUsername"] = scrubInput($_REQUEST["trUsername"]); $inputs["trPassword"] = scrubInput($_REQUEST["trPassword"]); logIn($inputs["trUsername"], $inputs["trPassword"]); } } } //END AJAX processing ?> <html> <head> <link href="trstylesheet.css" rel="stylesheet" type="text/css" /> </head>
function getMemberNameDB($email, &$bSuccess) { assert(isset($email)); $strName = ""; $bSuccess = FALSE; $dbConnection = getDBConnection($strResponseMessage); if (!$dbConnection->connect_errno) { $stmtQuery = "SELECT firstname, lastname FROM icaict515a_employees WHERE email=?"; if ($stmt = $dbConnection->prepare($stmtQuery)) { $email = scrubInput($email, $dbConnection); $stmt->bind_param('s', $email); if ($stmt->execute()) { $stmt->bind_result($db_firstname, $db_lastname); if ($stmt->fetch()) { $strName = $db_firstname . " " . $db_lastname; $bSuccess = TRUE; } } $stmt->close(); // Free resultset } $dbConnection->close(); } return $strName; }
} if ($_REQUEST["testRigPassword"] != $_REQUEST["testRigPasswordConfirm"]) { $testRigPasswordConfirmError = "passwords do not match"; $errFlag = 1; } if ($errFlag != 1) { $inputs["fName"] = scrubInput($_REQUEST["fName"]); $inputs["lName"] = scrubInput($_REQUEST["lName"]); $inputs["email"] = scrubInput($_REQUEST["email"]); $inputs["testRigUsername"] = scrubInput($_REQUEST["testRigUsername"]); $inputs["phoneNumber"] = scrubInput($_REQUEST["phoneNumber"]); $inputs["instName"] = scrubInput($_REQUEST["instName"]); $inputs["scpUsername"] = scrubInput($_REQUEST["scpUsername"]); $inputs["scpDstIp"] = scrubInput($_REQUEST["scpDstIp"]); $inputs["scpPubKey"] = scrubInput($_REQUEST["scpPubKey"]); $inputs["rtEmailAddress"] = scrubInput($_REQUEST["rtEmailAddress"]); //hash the password $inputs["testRigPassword"] = password_hash($_REQUEST["testRigPassword"], PASSWORD_BCRYPT); //echo "You entered:<hr>First Name: ".$inputs["fName"]. "<br>Last Name: " . $inputs["lName"]. "<br>Email: " . $inputs["email"] . "<br>Phone: " . $inputs["phoneNumber"] . "<br>Institution: " . $inputs["instName"] . "<br>SCP Username: "******"scpUsername"]. "<br>Dst IP: " .$inputs["scpDstIp"]. "<br>Key: " . $inputs["scpPubKey"] . "<br>" . "Password: "******"testRigPassword"] . "<br>"; //insert this shit into the DB if (insertIntoDB($inputs)) { if (triggerNotification($inputs)) { echo "Your subscription request to TestRig2.0 has been received. Please allow 1 "; echo "business day to process the request and receive approval notification."; } else { echo "The attempt to send notification of your request failed."; } } else { echo "There was a problem processing your request."; } }
foreach ($checkedTests as $val) { $val = scrubInput($val); //just in case someone does something funky to the form if ($count == count($checkedTests) - 1) { $testString = $testString . $val; } else { $testString = $testString . $val . ", "; } $count++; } //END foreach checkedTests $inputs["username"] = scrubInput($_REQUEST["username"]); $inputs["email"] = scrubInput($_REQUEST["email"]); $inputs["troubleTicket"] = scrubInput($_REQUEST["troubleTicket"]); $inputs["testCSV"] = $testString; $inputs["queueName"] = scrubInput($_REQUEST["queueName"]); //everything is scrubbed and prepped for entry into the DB, so let's do this insertNewISORequest($inputs); // It turns out that exec has an issue with some versions of bash which prevents it // from properly redirecting STDIN and STDERR to a file. This prevents exec from going into // the background. Turns out this proc_close(proc_open()) trick does work. proc_close(proc_open("/home/rapier/testrig/isobuilder/isobuilder.pl -f /home/rapier/testrig/isobuilder/isobuilder.cfg -c {$_SESSION['CID']} -u {$_SESSION['UID']} 2>&1 /dev/null &", array(), $dummy_var)); } //END successful submission if/then ?> <div id="inputSection" name="inputSection"> <form id="isoRequest" name="isoRequest" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>
function insertNewISORequest($cleanedInputs) { //this function will insert parameters for an ISO into the test_parameters table //database-related variables $dbHost = "192.168.122.1"; //ionia's private IP $username = "******"; $password = "******"; $dbname = "testrig"; //generate a timestamp for the ISO's creation date date_default_timezone_set('UTC'); $creationTimestamp = date('YmdHs'); //actually attempt connecting to the database using PHP's PDO try { $dbLink = new PDO("mysql:host={$dbHost};dbname={$dbname}", $username, $password); //error mode for PDO is exception $dbLink->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $cmd = "INSERT INTO testParameters\n\t\t\t\t (cid, username,\n useremail, user_tt_id,\n requested_tests, creation_timestamp, \n queue_name, target,\n maxrun, validtodate) \n\t\t\t\tVALUES (?, ?, \n ?, ?, \n ?, ?, \n ?, ?,\n ?, ?)"; $statement = $dbLink->prepare($cmd); $CID = scrubInput($_SESSION["CID"]); $statement->execute(array($CID, $cleanedInputs["username"], $cleanedInputs["email"], $cleanedInputs["troubleTicket"], $cleanedInputs["testCSV"], $creationTimestamp, $cleanedInputs["queueName"], $cleanedInputs["target"], $cleanedInputs["maxRun"], $cleanedInputs["validToDate"])); } catch (PDOException $e) { echo "<h1> Oops! Something went wrong while interacting with the database:</h1> <br>" . $e->getMessage(); return 0; } $dbLink = null; //we need to add the UID of the recently created ISO to the session for the ISO creation to take place //since we have all of the other params for this iso, we can query for the combination of them and then get the UID //do we need a new db handle? -> yup, it wouldn't work unless I made a new one $dbh = new PDO("mysql:host={$dbHost};dbname={$dbname}", $username, $password); $sqlStmnt = $dbh->prepare('SELECT uid FROM testParameters WHERE cid = :cid AND username = :username AND useremail = :email AND user_tt_id = :troubleTicket AND requested_tests = :testCSV'); $sqlStmnt->bindParam(':cid', $_SESSION["CID"], PDO::PARAM_STR); $sqlStmnt->bindParam(':username', $cleanedInputs["username"], PDO::PARAM_STR); $sqlStmnt->bindParam(':email', $cleanedInputs["email"], PDO::PARAM_STR); $sqlStmnt->bindParam(':troubleTicket', $cleanedInputs["troubleTicket"], PDO::PARAM_STR); $sqlStmnt->bindParam(':testCSV', $cleanedInputs["testCSV"], PDO::PARAM_STR); $sqlStmnt->execute(); $uidQueryResult = $sqlStmnt->fetch(PDO::FETCH_ASSOC); //returns FALSE if empty result if (!$uidQueryResult) { print "an error occurred interacting with the database!"; } else { $_SESSION["UID"] = $uidQueryResult["uid"]; } return 1; }
function getDBPasswordDB($dbConnection, $userID, &$dbPassword) { assert(isset($dbConnection)); assert(isset($userID)); $bSuccess = FALSE; if (!$dbConnection->connect_errno) { $stmtQuery = "SELECT password FROM icaict515a_employees WHERE employee_id=?"; if ($stmt = $dbConnection->prepare($stmtQuery)) { $userID = scrubInput($userID, $dbConnection); $stmt->bind_param('i', $userID); if ($bSuccess = $stmt->execute()) { $stmt->bind_result($db_password); if ($stmt->fetch()) { $dbPassword = $db_password; } } $stmt->close(); } } return $bSuccess; }