function isStudent() { if (!$this->isLoggedIn()) { return false; } $conn = connectToDB(); $perms = CheckedQuery("SELECT * FROM `Permissions` WHERE `UserID`='" . $this->userID . "'", $conn); $conn->close(); return $perms->num_rows == 0; }
function setTagPrmpt($category, $tag, $prompt) { sanitizeIn($category); sanitizeIn($tag); sanitizeIn($prompt); $conn = connectToDB(); $sql = "UPDATE `Tags` SET TEntryAdvice='" . $prompt . "' WHERE CName='" . $cat . "' AND TName='" . $tag . "'"; CheckedQuery($sql, $conn); $conn->close(); }
function setProfile($id, $FirstName, $MiddleName, $LastName, $Email, $Website, $Address, $Phone) { sanitizeIn($FirstName); sanitizeIn($MiddleName); sanitizeIn($LastName); sanitizeIn($Email); sanitizeIn($Website); sanitizeIn($Address); sanitizeIn($Phone); $conn = connectToDB(); $sql = "UPDATE `Users` SET FirstName='" . $FirstName . "', MiddleName='" . $MiddleName . "', LastName='" . $LastName . "', EmailAddress='" . $Email . "', Website='" . $Website . "', MailingAddress='" . $Address . "', Phone='" . $Phone . "' WHERE UserID=" . $id; CheckedQuery($sql, $conn); $conn->close(); }
function GetMySubscriptions() { $user = getUser(); $conn = connectToDB(); $sql = "SELECT `TName` FROM `Subscriptions` WHERE `UserID`='" . $user->userID . "'"; $tags = CheckedQuery($sql, $conn); $retVal = array(); if ($tags) { while ($tag = $tags->fetch_assoc()) { $retVal[SanitizeOut($tag['TName'])] = true; } } $conn->close(); return $retVal; }
function GetTagsString($FeedbackID, $conn) { $retVal = ''; $tags = CheckedQuery("SELECT TName FROM `FeedbackTags` WHERE `FeedbackID`='" . $FeedbackID . "'", $conn); while ($row = $tags->fetch_assoc()) { $retVal = $retVal . $row['TName'] . ', '; } $retVal = substr($retVal, 0, -2); //chop off the trailing ', ' $retVal = sanitizeOut($retVal); //sanitize if (empty($retVal)) { $retVal = " "; //prevent column-alignment weirdness } return $retVal; }
function forgotPasswordCheck($Email, $Code, $Password, $Confirm) { if ($Password !== $Confirm) { return false; } $conn = connectToDB(); $userInfo = GetSingleDbValue("SELECT `ExtraHash`, `Salt`, `UserID` FROM `Users` WHERE `EmailAddress`='" . $Email . "'", $conn); if (!$userInfo) { $conn->close(); return false; } if (hash("sha256", $Code . $userInfo['Salt']) !== $userInfo['ExtraHash']) { $conn->close(); return false; } $newInfo = saltPasswordForUpdate($Password); CheckedQuery("UPDATE `Users` SET `SaltedHash`='" . $newInfo['SaltedHash'] . "', 'Salt'='" . $newInfo['Salt'] . "', 'ExtraHash'='' WHERE `EmailAddress`='" . $Email . "'", $conn); $conn->close(); return; }
function getTagsArray() { $conn = connectToDB(); SanitizeIn($FeedbackID); $sql = "SELECT * FROM `Tags`"; $tags = CheckedQuery($sql, $conn); $retVal = array(); if ($tags) { while ($tag = $tags->fetch_assoc()) { $retVal[SanitizeOut($tag['CName'])][SanitizeOut($tag['TName'])] = SanitizeOut($tag['TEntryAdvice']); } } $conn->close(); return $retVal; }
<h4><center>News</center></h4> <div class="container white z-depth-2"> <?php require_once "Backend/Common.php"; if (!($start = $_GET['start'])) { $start = 0; } if (!($count = $_GET['count'])) { $count = 5; } $toRequest = $count + 1; //count, plus one to check presence or absence of "older" news $conn = connectToDB(); $result = CheckedQuery("SELECT `Title` , `HTML` , DATE_FORMAT(`Added`,'%M %d, %Y') AS `Date`" . " FROM `News` ORDER BY `Added` DESC LIMIT " . $start . ", " . $toRequest, $conn); //Output the news $needsDivider = false; for ($n = 0; $n < $count && ($news = $result->fetch_assoc()); $n = $n + 1) { if ($needsDivider) { echo '<div class="divider"></div>'; } $needsDivider = true; //always true after the first time //NOTE: These are not, and should not be, sanitized! echo '<div class="section">'; echo '<h5>' . $news['Date'] . ' – ' . $news['Title'] . '</h5>'; echo '<p>' . $news['HTML'] . '</p>'; echo '</div>'; } //Now, output the Older and Newer News links
function createUser($data) { $user = getUser(); $perms = $user->getPermissions(); if ($perms['CreateUser'] != 1) { logToFile("Log Suspicious Activity.txt", "UserID: " . $user->userID . " attempted account creation without permission."); die("Cannot create account without User Creation permission. :P"); //TODO: this doesn't seem to display to the screen... } else { if ($perms['SuperAdmin'] != 1) { //But if not Super Admin, delete any permissions that the current user does not have $data->Permissions = array_intersect_assoc($data->Permissions, $perms); //TODO: log any change? } } $conn = connectToDB(); //make a user, and grab the auto-increment key $id = CheckedQueryAndGetID($data->makeSQL(), $conn); //TODO: nicer message for Duplicate-Email if (isset($id)) { logToFile("Log Account Creation.txt", "UserID: " . $user->userID . " created account " . $id . "."); //log all permissions in one line if (count($data->Permissions) > 0) { $permsText = ''; foreach ($data->Permissions as $perm) { $permsText = $permsText . $perm . ', '; } $permsText = substr($permsText, 0, -2); logToFile("Log Account Permissions.txt", "UserID: " . $user->userID . " created account " . $id . " with permission(s) " . $permsText . "."); } CheckedQuery($data->makePermissionsSQL($id), $conn); CheckedQuery($data->makeDegreesSQL($id), $conn); //Debug logging for thoroughness' sake and to avoid forgetting passwords //TODO: Remove before final release logToFile("Log Debug Password.txt", $data->Email . " Password: "******" Salt: " . $data->Salt . " SaltedHash: " . $data->SaltedHash); //Send the user an email, so they can use their account (and to save the password...) sendEmailOnAccountCreated($data); } else { logToFile("Log Account Creation.txt", "UserID: " . $user->userID . " failed to create account."); } $conn->close(); }
function getEmployerFor($userID, $conn) { $employerDisp = ""; $employers = CheckedQuery("SELECT EName from EmploymentHistories WHERE UserID='" . $userID . "' AND Current=1 AND Private=0", $conn); if ($row = $employers->fetch_assoc()) { $employerDisp = sanitizeOut($row['EName']); while ($row = $employers->fetch_assoc()) { $employerDisp = $employerDisp . '<br />' . sanitizeOut($row['EName']); } } return $employerDisp; }