function isStudent()
{
if (!$this->isLoggedIn()) {
return false;
}
$conn = connectToDB();
$perms = CheckedQuery("SELECT * FROM `Permissions` WHERE `UserID`='" . $this->userID . "'", $conn);
$conn->close();
return $perms->num_rows == 0;
}
function setTagPrmpt($category, $tag, $prompt)
{
sanitizeIn($category);
sanitizeIn($tag);
sanitizeIn($prompt);
$conn = connectToDB();
$sql = "UPDATE `Tags` SET TEntryAdvice='" . $prompt . "' WHERE CName='" . $cat . "' AND TName='" . $tag . "'";
CheckedQuery($sql, $conn);
$conn->close();
}
function setProfile($id, $FirstName, $MiddleName, $LastName, $Email, $Website, $Address, $Phone)
{
sanitizeIn($FirstName);
sanitizeIn($MiddleName);
sanitizeIn($LastName);
sanitizeIn($Email);
sanitizeIn($Website);
sanitizeIn($Address);
sanitizeIn($Phone);
$conn = connectToDB();
$sql = "UPDATE `Users` SET FirstName='" . $FirstName . "', MiddleName='" . $MiddleName . "', LastName='" . $LastName . "', EmailAddress='" . $Email . "', Website='" . $Website . "', MailingAddress='" . $Address . "', Phone='" . $Phone . "' WHERE UserID=" . $id;
CheckedQuery($sql, $conn);
$conn->close();
}
function GetMySubscriptions()
{
$user = getUser();
$conn = connectToDB();
$sql = "SELECT `TName` FROM `Subscriptions` WHERE `UserID`='" . $user->userID . "'";
$tags = CheckedQuery($sql, $conn);
$retVal = array();
if ($tags) {
while ($tag = $tags->fetch_assoc()) {
$retVal[SanitizeOut($tag['TName'])] = true;
}
}
$conn->close();
return $retVal;
}
function GetTagsString($FeedbackID, $conn)
{
$retVal = '';
$tags = CheckedQuery("SELECT TName FROM `FeedbackTags` WHERE `FeedbackID`='" . $FeedbackID . "'", $conn);
while ($row = $tags->fetch_assoc()) {
$retVal = $retVal . $row['TName'] . ', ';
}
$retVal = substr($retVal, 0, -2);
//chop off the trailing ', '
$retVal = sanitizeOut($retVal);
//sanitize
if (empty($retVal)) {
$retVal = " ";
//prevent column-alignment weirdness
}
return $retVal;
}
function forgotPasswordCheck($Email, $Code, $Password, $Confirm)
{
if ($Password !== $Confirm) {
return false;
}
$conn = connectToDB();
$userInfo = GetSingleDbValue("SELECT `ExtraHash`, `Salt`, `UserID` FROM `Users` WHERE `EmailAddress`='" . $Email . "'", $conn);
if (!$userInfo) {
$conn->close();
return false;
}
if (hash("sha256", $Code . $userInfo['Salt']) !== $userInfo['ExtraHash']) {
$conn->close();
return false;
}
$newInfo = saltPasswordForUpdate($Password);
CheckedQuery("UPDATE `Users` SET `SaltedHash`='" . $newInfo['SaltedHash'] . "', 'Salt'='" . $newInfo['Salt'] . "', 'ExtraHash'='' WHERE `EmailAddress`='" . $Email . "'", $conn);
$conn->close();
return;
}
function getTagsArray()
{
$conn = connectToDB();
SanitizeIn($FeedbackID);
$sql = "SELECT * FROM `Tags`";
$tags = CheckedQuery($sql, $conn);
$retVal = array();
if ($tags) {
while ($tag = $tags->fetch_assoc()) {
$retVal[SanitizeOut($tag['CName'])][SanitizeOut($tag['TName'])] = SanitizeOut($tag['TEntryAdvice']);
}
}
$conn->close();
return $retVal;
}
<h4><center>News</center></h4>
<div class="container white z-depth-2">
<?php
require_once "Backend/Common.php";
if (!($start = $_GET['start'])) {
$start = 0;
}
if (!($count = $_GET['count'])) {
$count = 5;
}
$toRequest = $count + 1;
//count, plus one to check presence or absence of "older" news
$conn = connectToDB();
$result = CheckedQuery("SELECT `Title` , `HTML` , DATE_FORMAT(`Added`,'%M %d, %Y') AS `Date`" . " FROM `News` ORDER BY `Added` DESC LIMIT " . $start . ", " . $toRequest, $conn);
//Output the news
$needsDivider = false;
for ($n = 0; $n < $count && ($news = $result->fetch_assoc()); $n = $n + 1) {
if ($needsDivider) {
echo '<div class="divider"></div>';
}
$needsDivider = true;
//always true after the first time
//NOTE: These are not, and should not be, sanitized!
echo '<div class="section">';
echo '<h5>' . $news['Date'] . ' – ' . $news['Title'] . '</h5>';
echo '<p>' . $news['HTML'] . '</p>';
echo '</div>';
}
//Now, output the Older and Newer News links
function createUser($data)
{
$user = getUser();
$perms = $user->getPermissions();
if ($perms['CreateUser'] != 1) {
logToFile("Log Suspicious Activity.txt", "UserID: " . $user->userID . " attempted account creation without permission.");
die("Cannot create account without User Creation permission. :P");
//TODO: this doesn't seem to display to the screen...
} else {
if ($perms['SuperAdmin'] != 1) {
//But if not Super Admin, delete any permissions that the current user does not have
$data->Permissions = array_intersect_assoc($data->Permissions, $perms);
//TODO: log any change?
}
}
$conn = connectToDB();
//make a user, and grab the auto-increment key
$id = CheckedQueryAndGetID($data->makeSQL(), $conn);
//TODO: nicer message for Duplicate-Email
if (isset($id)) {
logToFile("Log Account Creation.txt", "UserID: " . $user->userID . " created account " . $id . ".");
//log all permissions in one line
if (count($data->Permissions) > 0) {
$permsText = '';
foreach ($data->Permissions as $perm) {
$permsText = $permsText . $perm . ', ';
}
$permsText = substr($permsText, 0, -2);
logToFile("Log Account Permissions.txt", "UserID: " . $user->userID . " created account " . $id . " with permission(s) " . $permsText . ".");
}
CheckedQuery($data->makePermissionsSQL($id), $conn);
CheckedQuery($data->makeDegreesSQL($id), $conn);
//Debug logging for thoroughness' sake and to avoid forgetting passwords
//TODO: Remove before final release
logToFile("Log Debug Password.txt", $data->Email . " Password: "******" Salt: " . $data->Salt . " SaltedHash: " . $data->SaltedHash);
//Send the user an email, so they can use their account (and to save the password...)
sendEmailOnAccountCreated($data);
} else {
logToFile("Log Account Creation.txt", "UserID: " . $user->userID . " failed to create account.");
}
$conn->close();
}
function getEmployerFor($userID, $conn)
{
$employerDisp = "";
$employers = CheckedQuery("SELECT EName from EmploymentHistories WHERE UserID='" . $userID . "' AND Current=1 AND Private=0", $conn);
if ($row = $employers->fetch_assoc()) {
$employerDisp = sanitizeOut($row['EName']);
while ($row = $employers->fetch_assoc()) {
$employerDisp = $employerDisp . '<br />' . sanitizeOut($row['EName']);
}
}
return $employerDisp;
}
