<?php
session_start();
include '../CodeBehind/database.php';
$pdo = db_connect_pdo();
$error = "";
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if ($username == "") {
$error = "You must enter a Username";
} else {
if ($password == "") {
$error = "You must enter a Password";
} else {
$sql = "SELECT Salt FROM Login WHERE Username=:username";
$query = $pdo->prepare($sql);
$query->execute(array(":username" => $username));
$results = $query->fetchAll();
if ($results != FALSE && $query->rowCount() > 0) {
$salt = $results[0][0];
$passwordSalt = $password . $salt;
$passwordHashed = hash('sha256', $passwordSalt);
$sql2 = "SELECT UserID FROM Login WHERE Username=:username && Password=:password";
$query2 = $pdo->prepare($sql2);
$query2->execute(array(":username" => $username, ":password" => $passwordHashed));
$results2 = $query2->fetchAll();
if ($results2 != FALSE && $query->rowCount() > 0) {
$userID = $results2[0][0];
if (isset($userID)) {
setcookie("LoggedIn", $userID, time() + 3600);
public static function Get_savings_accounts($login_id, array &$account_list)
{
$sql = 'SELECT a.account_id, concat(parent.account_name, \':\', a.account_name) ' . 'as account_name ' . 'FROM Accounts a ' . 'INNER JOIN Accounts parent ON ' . ' parent.account_id = a.account_parent_id ' . 'WHERE a.is_savings = 1 AND a.login_id = :login_id ' . 'ORDER BY concat(parent.account_name, \':\', a.account_name) ';
$pdo = db_connect_pdo();
$ps = $pdo->prepare($sql);
$ps->bindParam(':login_id', $login_id);
$success = $ps->execute();
if (!$success) {
return get_pdo_error($ps);
}
while ($row = $ps->fetch(PDO::FETCH_ASSOC)) {
$account_list[$row['account_id']] = $row['account_name'];
}
return '';
}
public static function Authenticate($user, $password)
{
$sql = "SELECT login_id, default_account_id, login_admin, " . " display_name, default_summary1, default_summary2, " . " car_account_id, bad_login_count, locked \n" . "FROM Logins \n" . "WHERE login_user = :user " . " AND login_password = MD5(:password) ";
$result = false;
$pdo = db_connect_pdo();
// use transaction because an update will follow the select
$pdo->beginTransaction();
$ps = $pdo->prepare($sql);
$ps->bindParam(':user', $user);
$ps->bindParam(':password', $password);
$success = $ps->execute();
if (!$success) {
return get_pdo_error($ps);
}
if ($row = $ps->fetch(PDO::FETCH_ASSOC)) {
// found login & correct password. Check for lockout.
$locked = $row['locked'];
if ($locked > 0) {
$result = "The account '{$user}' is locked!";
} else {
$_SESSION['login_id'] = $row['login_id'];
$_SESSION['login_user'] = $_POST['login_user'];
$_SESSION['default_account_id'] = $row['default_account_id'];
$_SESSION['default_summary1'] = $row['default_summary1'];
$_SESSION['default_summary2'] = $row['default_summary2'];
$_SESSION['car_account_id'] = $row['car_account_id'];
$_SESSION['login_admin'] = $row['login_admin'];
$_SESSION['display_name'] = $row['display_name'];
$result = true;
// on success, wipe the bad login count
self::Set_bad_login_count($pdo, $user, 0);
}
} else {
// bad login
$result = "Incorrect username & password";
// find the relevant user login_id
$login_id = self::Find_login_id($pdo, $user);
if (is_numeric($login_id) && $login_id > 0) {
// Load user object, get bad count, then increment it.
$login = new Login();
$login->Load_login($login_id);
$bad_count = $login->get_bad_login_count();
$bad_count++;
$error = self::Set_bad_login_count($pdo, $user, $bad_count);
if ($bad_count >= self::$MAX_AUTH_FAILURES) {
$result = "The account '{$user}' has been locked!";
}
if ($error != '') {
$result = $error;
}
} else {
if (strlen($login_id) > 5) {
$result = "Problem finding login_id: " . $login_id;
}
}
}
// End bad login
$pdo->commit();
return $result;
}
private function Set_trans_balance($account_id, $account_debit, $min_date)
{
$sql = "SELECT sum(ledger_amount * a.account_debit * {$account_debit})" . " as balance \n" . "FROM Ledger_Entries le \n" . "INNER JOIN Transactions t on " . "\tle.trans_id = t.trans_id " . "INNER JOIN Accounts a on " . "\tle.account_id = a.account_id " . "LEFT JOIN Accounts a2 on " . "\ta.account_parent_id = a2.account_id \n" . "WHERE (a.account_id = :account_id OR " . " a2.account_id = :account_id OR " . " a2.account_parent_id = :account_id) " . " AND (t.accounting_date < :accounting_date " . "\t\tOR (t.accounting_date = :accounting_date " . "\t\t\tAND (t.trans_id < :trans_id " . "\t\t\t\tOR (t.trans_id = :trans_id " . "\t\t\t\t\tAND le.ledger_id < :ledger_id ) ) ) )";
if (!is_null($min_date)) {
// doing a period total, so add a minimum accounting date
$sql .= "\n\tAND t.accounting_date >= '{$min_date}' ";
}
// Time the query
$time = microtime(true);
$pdo = db_connect_pdo();
$ps = $pdo->prepare($sql);
$ps->bindParam(':account_id', $account_id);
$accounting_date_val = $this->get_accounting_date_sql();
$ps->bindParam(':accounting_date', $accounting_date_val);
$ps->bindParam(':trans_id', $this->m_trans_id);
$ledger_id_val = $this->get_ledger_id();
$ps->bindParam(':ledger_id', $ledger_id_val);
$success = $ps->execute();
if (!$success) {
echo get_pdo_error($ps);
return;
}
// Successful query
$row = $ps->fetch(PDO::FETCH_NUM);
$elapsed = round((microtime(true) - $time) * 1000, 0);
//echo "Select time: $elapsed". "ms";
if ($row) {
$this->m_ledger_total = $row[0] + $this->get_ledger_amount(true);
} else {
$this->m_ledger_total = 0.0;
}
// no rows found
}
$query = $con->prepare($sql);
$query->execute(array(":groupname" => $category));
$results = $query->fetchAll();
if ($results != False && $query->rowCount() > 0) {
$category_id = $results[0][0];
return $category_id;
} else {
create_new_category($con, $image, $category);
$category_id = get_category_id($con, $image, $category);
return $category_id;
}
}
//////////// MAIN CODE START ////////////
// Call db connection
//$con = db_connect_mysqli();
$con = db_connect_pdo();
if (isset($_POST['submit'])) {
$word = $_POST['word'];
$phrase = $_POST['phrase'];
$action = $_POST['action'];
// Check if an image was provided and set image variable if so
if ($_POST['image'] != "") {
$image = $_POST['image'];
// Otherwise set to the default image
} else {
$image = "noImage";
}
// Check if a category was provided and add word to an existing group if so
if ($_POST['category'] != "") {
$category = $_POST['category'];
// If category is not the Core category, get ID
public function Delete_account_audit()
{
$error = '';
if ($this->m_audit_id < 0) {
return "Unable to delete audit record; not yet initialized.";
}
$sql = "DELETE FROM AccountAudits " . "WHERE audit_id = :audit_id ";
$pdo = db_connect_pdo();
$ps = $pdo->prepare($sql);
$ps->bindParam(':audit_id', $this->m_audit_id);
$success = $ps->execute();
if (!$success) {
return get_pdo_error($ps);
}
$count = $ps->rowCount();
if ($count != 1) {
return 'Error: audit delete affected ' . $count . ' rows';
}
// Success; set audit_id to -1
$this->m_audit_id = -1;
return '';
}
