<?php require_once dirname(dirname(dirname(__DIR__))) . DIRECTORY_SEPARATOR . 'vendor/autoload.php'; use security\Models\MySQLISingleton; use security\Models\Generator\CountryList; $mysqli = new MySQLISingleton(); $countryList = new CountryList(); $countries = $countryList->getCountryList(); $faker = Faker\Factory::create(); $fakeCompanies = 10; $mysqlValues = $sqliteValues = []; $countryCodeKeys = array_keys($countries); $countryCodeKeysLen = count($countryCodeKeys) - 1; for ($i = 0; $i < $fakeCompanies; $i++) { $name = $faker->company; $mysqlName = $mysqli->real_escape_string($name); $sqliteName = SQLite3::escapeString($name); $domain = $faker->domainName; $mysqlDomain = $mysqli->real_escape_string($domain); $sqliteDomain = SQLite3::escapeString($domain); $address = $faker->streetAddress; $mysqlAddress = $mysqli->real_escape_string($address); $sqliteAddress = SQLite3::escapeString($address); $city = $faker->city; $mysqlCity = $mysqli->real_escape_string($city); $sqliteCity = SQLite3::escapeString($city); $state = $faker->state; $mysqlState = $mysqli->real_escape_string($state); $sqliteState = SQLite3::escapeString($state); $countryCode = $countryCodeKeys[mt_rand(0, $countryCodeKeysLen)]; $phone = $faker->unique()->numerify('##########');
* Note: addslashes is a bad idea because it only adds slashes as an escape sequence. * Depending upon the database, most notably SQLite, it follows the SQL standard of a * backslash followed by a single quote as the proper escape sequence, * while MySQL just uses the backslash as an escape sequence. Prepared statements are better than * relying upon these sorts of escape quote functions. * * Even within escaped characters recognized by addslashes, it does not recognize the correct encoding. * There are a certain class of injection attacks that take advantage of this to insert malicious data. */ // Create a default set of admin users so that each company will have at least one admin. // INSERT INTO `customers`(`id`, `username`, `password`, `plainpassword`, `email`, `address`, `instructions`, //`phone`, `numberordered`, `order_id`) //VALUES ([value-1],[value-2],[value-3],[value-4],[value-5],[value-6],[value-7],[value-8],[value-9]) for ($i = 1; $i <= $fakeCustomers; $i++) { $username = $faker->userName; $mysqlUsername = $mysqli->real_escape_string($username); $sqliteUsername = SQLite3::escapeString($username); $plainpassword = $faker->password; $mysqlPlainpassword = $mysqli->real_escape_string($plainpassword); $sqlitePlainpassword = SQLite3::escapeString($plainpassword); $mysqlPassword = password_hash($plainpassword, PASSWORD_DEFAULT); $sqlitePassword = password_hash($plainpassword, PASSWORD_DEFAULT); $email = $faker->safeEmail; $mysqlEmail = $mysqli->real_escape_string($email); $sqliteEmail = SQLite3::escapeString($email); $address = $faker->streetAddress; $mysqlAddress = $mysqli->real_escape_string($address); $sqliteAddress = SQLite3::escapeString($address); $city = $faker->city; $mysqlCity = $mysqli->real_escape_string($city); $sqliteCity = SQLite3::escapeString($city);
$fakeUsers = 150; $mysqlValues = $sqliteValues = []; /** * Note: addslashes is a bad idea because it only adds slashes as an escape sequence. * Depending upon the database, most notably SQLite, it follows the SQL standard of a * backslash followed by a single quote as the proper escape sequence, * while MySQL just uses the backslash as an escape sequence. Prepared statements are better than * relying upon these sorts of escape quote functions. * * Even within escaped characters recognized by addslashes, it does not recognize the correct encoding. * There are a certain class of injection attacks that take advantage of this to insert malicious data. */ // Create a default set of admin users so that each company will have at least one admin. for ($i = 1; $i <= $fakeUsers; $i++) { $username = $faker->unique()->userName; $mysqlUsername = $mysqli->real_escape_string($username); $sqliteUsername = SQLite3::escapeString($username); $email = $faker->unique()->safeEmail; $mysqlEmail = $mysqli->real_escape_string($email); $sqliteEmail = SQLite3::escapeString($email); $phone = $faker->unique()->numerify('##########'); $is_admin = 0; if ($rand->returnRandomNumber(0, 100) <= $chance) { $is_admin = 1; } $is_locked = 0; $attempts = 0; $plainpassword = $faker->password; $mysqlPlainpassword = $mysqli->real_escape_string($plainpassword); $sqlitePlainpassword = SQLite3::escapeString($plainpassword); $mysqlPassword = $mysqli->real_escape_string(password_hash($plainpassword, PASSWORD_DEFAULT));
<?php include_once dirname(dirname(dirname(__DIR__))) . DIRECTORY_SEPARATOR . 'vendor/autoload.php'; use security\Models\MySQLISingleton; $mysqli = new MySQLISingleton(); $faker = Faker\Factory::create(); $mysqlValues = $sqliteValues = []; $fakeGroups = 40; for ($i = 1; $i <= $fakeGroups; $i++) { $groupName = $faker->catchPhrase; $mysqlGroupname = $mysqli->real_escape_string($groupName); $sqliteGroupname = SQLite3::escapeString($groupName); $mysqlQuery = "INSERT INTO groups (id, `name`)\n VALUES(null, '{$mysqlGroupname}')"; $sqliteQuery = "INSERT INTO groups (id, `name`)\n VALUES(null, '{$sqliteGroupname}')"; $mysqlValues[] = $mysqlQuery; $sqliteValues[] = $sqliteQuery; } // Begin MySQL SQL statements. $valueString = "SET FOREIGN_KEY_CHECKS = 0;" . PHP_EOL; $valueString .= implode(";" . PHP_EOL, $mysqlValues); $valueString .= ";SET FOREIGN_KEY_CHECKS = 1;" . PHP_EOL; $valueString .= PHP_EOL . "--//@UNDO" . PHP_EOL . "SET FOREIGN_KEY_CHECKS = 0;\nTRUNCATE groups;\nSET FOREIGN_KEY_CHECKS = 1;" . PHP_EOL . "--//"; $seedsFile = dirname(__DIR__) . "/deltas/seeds/mysql/14-groupSeeds.sql"; if (!file_exists($seedsFile)) { touch($seedsFile); } file_put_contents($seedsFile, $valueString); /** * Begin SQLite Preparations */ $valueString = "PRAGMA foreign_keys=OFF;" . PHP_EOL;