public function approveRestriction($restrictionId, $restrictionTable, $approval)
{
//create instance of Database Manager object
$dbMan = new DatabaseManager();
//establish connection
//if returns false, connection failed
if (!$dbMan->establishConnection()) {
//database connection error
return false;
}
//if approval is true - change restriction status to active
if ($approval) {
/* Create new request to get all pending airline restrictions */
$request = new Request('Approve Restriction', $restrictionTable);
$request->addParameter('restriction_id', $restrictionId);
$request->addParameter('status', 'ACTIVE');
} else {
if (!$approval) {
/* Create new request to get all pending airline restrictions */
$request = new Request('Delete Restriction', $restrictionTable);
$request->addParameter('restriction_id', $restrictionId);
}
}
//transform the command to sql statement
$request->transformCommand();
//execute command
$results = $dbMan->executeQuery($request);
//if results is not null, command was successfully executed.
if ($results != null) {
//successfully approved
return true;
}
//command was not successfully executed.
return false;
}
function getAirlines()
{
$dbMan = new DatabaseManager();
if (!$dbMan->establishConnection()) {
//database connection error
return;
}
$request = new Request('SELECT *', 'se_Airlines');
$request->transformCommand();
$users = $dbMan->executeQuery($request);
//server error
if ($users == null) {
//request was unsuccessful
} else {
if ($users->num_rows) {
/* Get number of rows returned */
$rows = $users->num_rows;
/* For each row - push the airline name
* onto the $airlines array */
for ($i = 0; $i < $rows; ++$i) {
$users->data_seek($i);
$row = $users->fetch_array(MYSQLI_NUM);
echo "<option>" . $row[0] . "</option>";
}
}
}
}
public function removeRestrictionRequest($restrictionId, $restrictionTable)
{
//create instance of Database Manager object
$dbMan = new DatabaseManager();
//establish connection
//if returns false, connection failed
if (!$dbMan->establishConnection()) {
//database connection error
return false;
}
/* Create new request to remove restriction*/
$request = new Request('Delete Restriction', $restrictionTable);
$request->addParameter('restriction_id', $restrictionId);
//transform the command to sql statement
$request->transformCommand();
//execute command
$results = $dbMan->executeQuery($request);
//if results is not null, command was successfully executed.
if ($results != null) {
//successfully approved
return true;
}
//command was not successfully executed.
return false;
}
public function getNonRestrictedRegions()
{
$regions = array();
$dbMan = new DatabaseManager();
/* Establish connection with database
* if the establishConnection function
* returns false, a connection error occured*/
if (!$dbMan->establishConnection()) {
//database connection error
return;
}
/* Create request to get valid airlines for user_id provided */
$request = new Request('getValidRegions', 'se_Region_Restrictions');
$request->addParameter('user_id', $this->id);
/* Transform the Request into an MySQL command*/
$request->transformCommand();
/* Execute command to get valid Regions */
$validRegions = $dbMan->executeQuery($request);
//server error
if ($validRegions == null) {
//request was unsuccessful
} else {
if ($validRegions->num_rows) {
/* Get number of rows returned */
$rows = $validRegions->num_rows;
/* For each row - push the region name
* onto the $regions array */
for ($i = 0; $i < $rows; ++$i) {
$validRegions->data_seek($i);
$row = $validRegions->fetch_array(MYSQLI_NUM);
/* Push value onto array */
array_push($regions, $row[0]);
}
}
}
/* Return Valid Regions */
return $regions;
}
</tr>
</thead>
<tbody>
<?php
/* Create new instance of database manager */
$dbMan = new DatabaseManager();
/* Establish Connection with the database */
if (!$dbMan->establishConnection()) {
//database connection error
return;
}
/* Create new request to get all pending airline restrictions */
$request = new Request('getPendingRegionRestrictions', 'se_Region_Restrictions');
$request->transformCommand();
/* Execute query */
$results = $dbMan->executeQuery($request);
if ($results == null) {
//request failed
} else {
$rows = $results->num_rows;
for ($i = 0; $i < $rows; ++$i) {
$results->data_seek($i);
$row = $results->fetch_array(MYSQLI_NUM);
$userId = $row[1];
$restrictionId = $row[0];
$name = "{$row['2']} {$row['3']}";
$region = $row[4];
$status = $row[5];
echo "<tr>";
echo "<td>{$userId}</td>";
echo "<td>{$name}</td>";
function updateUserPassword($userId)
{
/* Create new instance of database manager */
$dbMan = new DatabaseManager();
/* Establish connection with server */
if (!$dbMan->establishConnection()) {
//database connection error
return;
}
/* Create new request to update user password */
$request = new Request('UPDATE', 'se_Users');
$request->addParameter('user_id', $userId);
/* If the new passwords entered by the user match */
if ($_POST['MY_ACCOUNT_PASSWORD'] == $_POST['MY_ACCOUNT_VERIFY_PASSWORD']) {
$email = $_SESSION['user']->email;
$password = $_POST['MY_ACCOUNT_PASSWORD'];
$hashedPassword = hash('ripemd128', "g!cT{$email}{$password}");
$request->addParameter('password', $hashedPassword);
} else {
unmatchedPasswords();
return;
}
/* Transform request into SQL command */
$request->transformCommand();
/* Results returned from server */
$results = $dbMan->executeQuery($request);
//server error
if ($results == null) {
//request was unsuccessful
} else {
accountUpdateSuccess();
}
}
function getNumberOfPendingAccounts()
{
$dbMan = new DatabaseManager();
if (!$dbMan->establishConnection()) {
//database connection error
return;
}
$request = new Request('SELECT *', 'se_Users');
$request->addParameter('status', 'PENDING_APPROVAL');
$request->transformCommand();
$results = $dbMan->executeQuery($request);
if ($results == null) {
//request failed
}
return $rows = $results->num_rows;
}
} else {
return $this->renderer->render($res, 'entrance');
}
});
$app->get('/static/{fileName}', function ($req, $res, $args) {
return Utility::loadStaticFile($this, $res, __DIR__ . '/assets/' . $args['fileName']);
});
$app->post('/signin', function ($req, $res, $args) use($config) {
try {
if (validateReferer($req)) {
if (hasRequireParams($req->getParams(), ['screen_name', 'password'])) {
$params = $req->getParams();
$screenName = $params['screen_name'];
$password = $params['password'];
$db = new DatabaseManager($config['db-hostname'], $config['db-username'], $config['db-password'], $config['db-dbname']);
$user = $db->executeQuery('select * from frost_account where screen_name = ? limit 1', [$screenName])->fetch();
if (count($user) === 0) {
throw new ApiException(2, ['invalid_parameter' => 'screen_name']);
}
$passwordHash = hash('sha256', $password . $user[0]['created_at']);
if ($user[0]['password_hash'] !== $passwordHash) {
throw new ApiException(2, ['invalid_parameter' => 'password']);
}
$_SESSION['me'] = ['screen_name' => $user[0]['screen_name'], 'id' => $user[0]['id'], 'name' => $user[0]['name']];
return withSuccess($res, 'Success signin.');
}
}
} catch (ApiException $e) {
return withFailure($res, $e->getCode(), $e->getData());
}
});
