function login() { $link = $this->db_connection(); $pass = $_POST['user_password']; $user = $_POST['user_name']; $query = "SELECT password, user_type, name FROM user WHERE user_name='{$user}'"; $result = mysqli_query($link, $query) or die(mysqli_error($link)); if (mysqli_num_rows($result) == 1) { $result = mysqli_fetch_array($result); //$hash= password_hash($result[0], PASSWORD_DEFAULT); //$hash=$result[0]; //echo $hash; //print_r($result); // if($result[0]==$pass){ if (password_verify($pass, $result[0])) { session_start(); $_SESSION['type'] = $result[1]; $_SESSION['name'] = $result[2]; //echo $_SESSION['type'].'<br>'.$_SESSION['name']=$result[2]; header("Location:card.php"); } else { return $error = TRUE; } } else { return $error = TRUE; } }
function sc_check_priv($prob_id, $opened, $user) { if (!function_exists('check_priv')) { require __DIR__ . '/privilege.php'; } if (isset($_SESSION['user'])) { if (strcmp($user, $_SESSION['user']) == 0 || check_priv(PRIV_SOURCE)) { return TRUE; } } require __DIR__ . '/../conf/database.php'; if (!defined('PROB_HAS_TEX')) { require __DIR__ . '/../lib/problem_flags.php'; } if ($opened) { $row = mysqli_fetch_row(mysqli_query($con, "select has_tex from problem where problem_id={$prob_id}")); if (!$row) { return _('There\'s no such problem'); } $prob_flag = $row[0]; if ($prob_flag & PROB_IS_HIDE && !check_priv(PRIV_INSIDER)) { return _('Looks like you can\'t access this page'); } if ($prob_flag & PROB_DISABLE_OPENSOURCE) { return _('This solution is not open-source'); } else { if ($prob_flag & PROB_SOLVED_OPENSOURCE) { if (isset($_SESSION['user'])) { $query = 'select min(result) from solution where user_id=\'' . $_SESSION['user'] . "' and problem_id={$prob_id} group by problem_id"; $user_status = mysqli_query($con, $query); $row = mysqli_fetch_row($user_status); if ($row && $row[0] == 0) { return TRUE; } } return _('You can\'t see me before solving it'); } else { if (isset($_SESSION['user'])) { $res = mysqli_query($con, "SELECT contest.contest_id,co.contest_id from contest\n RIGHT JOIN (select contest_id from contest_status where user_id='" . $_SESSION['user'] . "' and leave_time is NULL) as cs on (contest.contest_id=cs.contest_id)\n LEFT JOIN (select contest_id from contest_problem where problem_id={$prob_id}) as cp on (contest.contest_id=cp.contest_id)\n LEFT JOIN (select contest_id from contest_owner where user_id='" . $_SESSION['user'] . "') as co on (contest.contest_id=co.contest_id)\n where NOW()>start_time and NOW()<end_time and contest.hide_source_code"); $num = mysqli_num_rows($res); if ($num > 0) { $accessible = false; while ($row = mysqli_fetch_row($res)) { if (!is_null($row[1])) { $accessible = true; } } if ($accessible) { return TRUE; } else { return _('You can\'t see me before the contest ends'); } } return TRUE; } } } } return _('Looks like you can\'t access this page'); }
function add_eleve($_login, $_nom, $_prenom, $_civilite, $_naissance, $_elenoet = 0) { // Fonction d'ajout d'un élève dans la base Gepi if ($_civilite != "M" && $_civilite != "F") { if ($_civilite == 1) { $_civilite = "M"; } elseif ($_civilite == 0) { $_civilite = "F"; } else { $_civilite = "F"; } } // Si l'élève existe déjà, on met simplement à jour ses informations... $test = mysqli_query($GLOBALS["mysqli"], "SELECT login FROM eleves WHERE login = '******'"); if (mysqli_num_rows($test) > 0) { $record = mysqli_query($GLOBALS["mysqli"], "UPDATE eleves SET nom = '" . $_nom . "', prenom = '" . $_prenom . "', sexe = '" . $_civilite . "', naissance = '" . $_naissance . "', elenoet = '" . $_elenoet . "' WHERE login = '******'"); } else { $query = "INSERT into eleves SET\n login= '******',\n nom = '" . $_nom . "',\n prenom = '" . $_prenom . "',\n sexe = '" . $_civilite . "',\n naissance = '" . $_naissance . "',\n elenoet = '" . $_elenoet . "'"; $record = mysqli_query($GLOBALS["mysqli"], $query); } if ($record) { return true; } else { return false; } }
/** * Returns the crowd report of a certain room * @param mysqli $db database to retrieve data from * @param string $company the company where we want to retrieve data of room from * @param string $branch specific address of the room of interest * @param string $room the room number of interest * @return json-encoded value containing data about the crowdedness of the room */ function request_crowd_report($db, $company, $branch, $room) { $query = "SELECT c.company_name, b.branch_address, r.room_id, r.room_number, r.people_in, r.people_out,\n r.max_capacity, r.date, r.time FROM `company` AS c\n INNER JOIN `branch` AS b on c.company_id = b.company_id\n INNER JOIN `room` AS r on b.branch_id = r.branch_id\n WHERE r.room_number = '{$room}' AND b.branch_address = '{$branch}' AND c.company_name = '{$company}'"; $results = $db->query($query); $exists = mysqli_num_rows($results); //Set Not Found error if no rooms exist or wrong company/branch for a room if ($exists) { $rooms = $results->fetch_assoc(); $total_in = $rooms['people_in']; $total_out = $rooms['people_out']; $max = $rooms['max_capacity']; $time = $rooms['time']; $date = $rooms['date']; $curr_number = $total_in - $total_out; //Make sure crowd_percent is greater than or equal to 0 or less than or equal to 100 if ($curr_number >= 0) { $crowd_percent = round(($total_in - $total_out) / $max * 100); if ($crowd_percent > 100) { $crowd_percent = 100; } } else { $crowd_percent = 0; } $room_info = array("company" => $company, "address" => $branch, "room" => $room, "date" => $date, "time" => $time, "crowd" => $crowd_percent); return json_encode(array("crowd" => $room_info)); } else { http_response_code(404); exit; } }
function login_check($sql) { // Überprüfe, ob alle Session-Variablen gesetzt sind if (isset($_SESSION['nutzerID'], $_SESSION['name'], $_SESSION['login_string'])) { $nutzerID = $_SESSION['nutzerID']; $login_string = $_SESSION['login_string']; $name = $_SESSION['name']; // Hole den user-agent string des Benutzers. $nutzer_browser = $_SERVER['HTTP_USER_AGENT']; $login_ab = "SELECT * FROM nutzer WHERE nutzerID = '" . $nutzerID . "';"; if ($login_an = mysqli_query($sql, $login_ab)) { if (mysqli_num_rows($login_an) == 1) { $login = mysqli_fetch_array($login_an); $login_check = hash('sha512', $login['passwort'] . $nutzer_browser); if ($login_check == $login_string) { // Eingeloggt!!!! return true; } else { // Nicht eingeloggt return false; } } else { return false; } } else { return false; } } else { return false; } }
function ExportTable($conn, $title, $filter, $dbtable, $dbjoin = "", $joinfield = "") { $query = "SELECT * FROM {$dbtable}"; if ($dbjoin) { $query .= " INNER JOIN {$dbjoin} ON {$dbtable}.{$joinfield}={$dbjoin}.{$joinfield}"; } if ($filter) { $query .= " WHERE {$filter}"; } $result = mysqli_query($conn, $query); $nrcampos = mysqli_field_count($conn); echo "<h2>{$title}</h2>"; echo "{$dbtable}"; if ($dbjoin) { echo "| <a href=\"dbshow.php?dbtable={$dbjoin}\" target=\"_blank\">{$dbjoin}</a>"; } echo "| " . mysqli_num_rows($result) . " row(s)"; echo "<p><table cellspacing=\"0\" cellpadding=\"5\" border=\"1\">"; echo "<tr>"; for ($i = 0; $i < $nrcampos; $i++) { $finfo = mysqli_fetch_field_direct($result, $i); echo "<td>" . $finfo->name . "</td>"; } echo "</tr>"; while ($row = mysqli_fetch_array($result)) { echo "<tr>"; for ($i = 0; $i < $nrcampos; $i++) { echo "<td>" . $row[$i] . "</td>"; } echo "</tr>"; } echo "</table></p><br> "; }
function verificar_login($userid, $pass, &$result) { $servername = "localhost"; $username = '******'; $password = ""; $dbname = "cmd"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $sql = "SELECT * FROM `trabajador` WHERE `userid`=\"" . $userid . "\" and `password`=\"" . $pass . "\""; $result = mysqli_query($conn, $sql); $count = 0; if (!$result) { echo "no result"; } else { if (mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { $_SESSION['userid'] = $row["userid"]; $_SESSION['rol'] = $row["rol"]; $count++; } } if ($count == 1) { return 1; } else { return 0; } } }
public function getCount($sql, $row = 0, $field = null) { $query = $this->execute_sql($sql); is_object($query) and mysqli_num_rows($query) and $result = $this->fetch_one($query, $row, $field) or $result = 0; $this->free_result(); return $result; }
function buscar($dato) { $sql = "select * \r\n\t\t\tfrom ot\r\n\t\t\twhere folio like '%" . $dato . "%' OR nombre like '%" . $dato . "%' OR modelo like '%" . $dato . "%' OR serie like '%" . $dato . "%' "; $rs = mysqli_query($this->conn, $sql); $i = 0; if (mysqli_num_rows($rs) < 1) { echo "La busqueda no obtuvo resultados."; } else { echo "<table border='1' align='center' class='table_' ><thead>\r\n\t\t\t\t\t<th>Folio</th>\r\n\t\t\t\t\t<th>Nombre</th>\r\n\t\t\t\t\t<th>Apellido</th>\r\n\t\t\t\t\t<th>Modelo</th>\r\n\t\t\t\t\t<th>Serie</th>\r\n\t\t\t\t\t<th>descripcion</th>\r\n\t\t\t\t\t<th>Fallas</th>\r\n\t\t\t\t\t<th>Resultado</th>\r\n\t\t\t\t\t<th>Estatus</th>\r\n\t\t\t\t\t<th>Fecha_Reg</th>\r\n\t\t\t\t\t<th>Fecha_Entr</th>\r\n\t\t\t\t\t<th>Comentario</th>\r\n\t\t\t\t</thead><tbody>"; while ($row = mysqli_fetch_array($rs)) { echo "<tr><td align='center'>" . $row["folio"] . "</td>"; echo "<td align='center'>" . $row["nombre"] . "</td>"; echo "<td align='center'>" . $row["apellido"] . "</td>"; echo "<td align='center'>" . $row["modelo"] . "</td>"; echo "<td align='center'>" . $row["serie"] . "</td>"; echo "<td align='center'>" . $row["des"] . "</td>"; echo "<td align='center'>" . $row["fallas"] . "</td>"; echo "<td align='center'>" . $row["resultado"] . "</td>"; echo "<td align='center'>" . $row["estatus"] . "</td>"; echo "<td align='center'>" . $row["fechae"] . "</td>"; echo "<td align='center'>" . $row["fecha"] . "</td>"; echo '<td align="center"> <a class="fancybox fancybox.iframe" href="index.php?id=' . $row["id"] . '&folio=' . $row["folio"] . '&nombre=' . $row["nombre"] . '&apellido=' . $row["apellido"] . '&telefono=' . $row["telefono"] . ' " >Comentario</a></td>'; $i++; } } echo "</tbody></table>"; }
/** * Storing new user * returns user details */ public function storeUser($name, $email, $gcm_regid) { // insert user into database $c = new DB_Connect(); $d = $c->connect(); $test = mysqli_query($d, "SELECT * class_details where code='{$email}'"); if ($test) { $result = mysqli_query($d, "INSERT INTO gcm_users(name, email, gcm_regid, created_at) VALUES('{$name}', '{$email}', '{$gcm_regid}', NOW())"); // check for successful store if ($result) { // get user details $id = mysqli_insert_id(); // last inserted id $result = mysqli_query($d, "SELECT * FROM gcm_users WHERE id = {$id}") or die(mysql_error()); // return user details if (mysqli_num_rows($result) > 0) { return mysqli_fetch_array($result); } else { return false; } } else { return false; } } else { return false; } }
function deleteInstitution($institutionId) { //Delete all children of Institution $conn = connectToDatabase(); mysqli_begin_transaction($conn, MYSQLI_TRANS_START_READ_WRITE); $sql = "SELECT CURP FROM BelongsToInstitution WHERE institutionId = '{$institutionId}';"; $result = mysqli_query($conn, $sql); if (mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { deleteChildSameConnection($row["CURP"], $conn); } } //Delete all users from institution $sql = "SELECT userName FROM WorksInInstitution WHERE institutionId = '{$institutionId}';"; $result = mysqli_query($conn, $sql); if (mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { deleteUserSameConnection($row["userName"], $conn); } } $sql = "DELETE FROM Institution WHERE institutionId = '{$institutionId}'"; if (mysqli_query($conn, $sql)) { echo "1"; } else { echo "0" . mysqli_error($conn); } mysqli_commit($conn); closeDb($conn); }
function retourneDevoirs($ele_login) { $date_ct1 = mktime(0, 0, 0, date("m"), date("d"), date("Y")); // On récupère tous les devoirs depuis aujourd'hui 00:00:00 $sql = "SELECT DISTINCT ctde.* FROM ct_devoirs_entry ctde, j_eleves_groupes jeg\r\n\t\t\t\t\t\t\t\tWHERE ctde.id_groupe = jeg.id_groupe\r\n\t\t\t\t\t\t\t\tAND jeg.login = '******'\r\n\t\t\t\t\t\t\t\tAND ctde.date_ct >= '" . $date_ct1 . "'\r\n\t\t\t\t\t\t\tORDER BY ctde.date_ct, ctde.id_groupe;"; //echo "$sql<br />"; $res_ct = mysqli_query($GLOBALS["mysqli"], $sql); $cpt2 = 0; // on initialise un compteur pour le while if (mysqli_num_rows($res_ct) > 0) { while ($lig_ct = mysqli_fetch_object($res_ct)) { $tab_ele['cdt_dev'][$cpt2] = array(); $tab_ele['cdt_dev'][$cpt2]['id_ct'] = $lig_ct->id_ct; $tab_ele['cdt_dev'][$cpt2]['id_groupe'] = $lig_ct->id_groupe; $tab_ele['cdt_dev'][$cpt2]['date_ct'] = $lig_ct->date_ct; $tab_ele['cdt_dev'][$cpt2]['id_login'] = $lig_ct->id_login; $tab_ele['cdt_dev'][$cpt2]['contenu'] = $lig_ct->contenu; $cpt2++; } $tab_ele['cdt_dev']['count'] = $cpt2; } else { $tab_ele['cdt_dev']['count'] = 0; } return $tab_ele; }
function validate($dbc, $email = '', $pwd = '') { $errors = array(); #Array to store errors. if (empty($email)) { $errors[] = 'Enter your email address.'; } else { $e = mysqli_real_escape_string($dbc, trim($email)); #Escapes any special characters #to avoid codes being run on the database. $email = strip_tags($email); } if (empty($pwd)) { $errors[] = 'Enter your password.'; } else { $p = mysqli_real_escape_string($dbc, trim($pwd)); $pwd = strip_tags($pwd); } if (empty($errors)) { $q = "SELECT customer_id,first_name,last_name\r\n\tFROM customers \r\n\tWHERE email='{$e}'\r\n\tAND password= SHA1('{$p}')"; #Retrieves customer related data $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { $row = mysqli_fetch_array($r, MYSQLI_ASSOC); return array(true, $row); } else { $errors[] = 'Email address and password not found'; } return array(false, $errors); } }
function getDatosAnteriores($nombreUsuario) { $datos = array(); if ($connect = mysqli_connect("localhost", "root", "", "prueba1")) { $sql_select = sprintf("select Nombre,Apellidos,Fecha_Nacimiento,DNI,Localidad,Provincia,CP,Telefono from datos_usuarios\r\n\t\t\t\t\t\t\tinner join credenciales on datos_usuarios.ID_Credenciales=credenciales.idCredenciales\r\n\t\t\t\t\t\t\twhere credenciales.Usuario= '%s';", $nombreUsuario); //echo $sql_select."</br>"; $resultado_queryDatos = mysqli_query($connect, $sql_select); if ($resultado_queryDatos == FALSE) { echo "Error al ejecutar la consulta:</br>"; echo mysqli_error($resultado_queryDatos) . "</br>"; } else { if (mysqli_num_rows($resultado_queryDatos) == 1) { $i = 0; $registro = mysqli_fetch_row($resultado_queryDatos); while ($i <= 7) { //echo $i." ".$registro[$i]."</br>"; $datos[$i] = $registro[$i]; $i++; } return $datos; } else { echo "El resultado es diferente uno"; return false; } } } else { echo "Error al conectar con BBDD </br>"; return false; } }
/** * смена пароля **/ function change_forgot_password() { global $connection; $hash = trim(mysqli_real_escape_string($connection, $_POST['hash'])); $password = trim($_POST['new_password']); if (empty($password)) { $_SESSION['forgot']['change_error'] = "Не введен пароль"; return; } $query = "SELECT * FROM forgot WHERE hash = '{$hash}' LIMIT 1"; $res = mysqli_query($connection, $query); // если не найден хэш if (!mysqli_num_rows($res)) { return; } $now = time(); $row = mysqli_fetch_assoc($res); // если ссылка устарела if ($row['expire'] - $now < 0) { mysqli_query($connection, "DELETE FROM forgot WHERE expire < {$now}"); return; } $password = md5($password); mysqli_query($connection, "UPDATE users SET password = '******' WHERE email = '{$row['email']}'"); mysqli_query($connection, "DELETE FROM forgot WHERE email = '{$row['email']}'"); $_SESSION['forgot']['ok'] = "Вы успешно сменили пароль. Теперь можно авторизоваться"; }
function addNewRecord($conn, $name, $password, $email, $phone) { $sql_table = "customer"; $query = "SELECT * FROM {$sql_table} WHERE email = '{$email}'"; $result = mysqli_query($conn, $query); if (!$result) { echo "<div class=\"error\"> The query error</div>"; } else { //echo "query : ", $query , "<br/>"; //echo 'mysqli_num_rows($result): ' , mysqli_num_rows($result); if (mysqli_num_rows($result) == 0) { $customerNo = uniqid(); $query = "INSERT INTO `{$sql_table}` (`customer_number`,`name`,`password`,`email`,`phone`)\n\t\t VALUES(\n\t\t '{$customerNo}',\n\t\t '{$name}',\n\t\t '{$password}',\n\t\t '{$email}',\n\t\t '{$phone}'\n\t\t )"; //echo "query: ", $query; $result2 = mysqli_query($conn, $query); if ($result2) { $GLOBALS['success'] = true; $GLOBALS['strClass'] = "class=\"success\""; $GLOBALS['strErr'] .= "<p>Dear " . $name . ", you are successfully registered into ShipOnline</p>"; $GLOBALS['strErr'] .= "<p>Your customer number is " . $customerNo . "</p>"; session_start(); //set _session here //$_SESSION['customer_number'] = $customerNo; } } else { $GLOBALS['strClass'] = "class=\"error\""; $GLOBALS['strErr'] .= "This email exists "; } } }
function get_enemy_material($database_connection, $material) { // Just in case a material has an apostraphe in it $material = mysqli_real_escape_string($database_connection, $material); $result = mysqli_query($database_connection, "SELECT * FROM `Bestiary` WHERE `Bestiary`.`Drops0` ='" . $material . "' \n OR `Bestiary`.`Drops1` ='" . $material . "' \n OR `Bestiary`.`Drops2` ='" . $material . "' \n OR `Bestiary`.`Drops3` ='" . $material . "' \n OR `Bestiary`.`Drops4` ='" . $material . "' \n OR `Bestiary`.`Drops5` ='" . $material . "' \n OR `Bestiary`.`Drops6` ='" . $material . "';"); // Obtain the number of rows from the result of the query $num_rows = mysqli_num_rows($result); // Will be storing all the rows in here // Multidimensional array of form rows[table][row] $rows = array(); // Get all the rows for ($i = 0; $i < $num_rows; $i++) { $rows[$i] = mysqli_fetch_array($result); } // Fields that we need $name = array(); $genus = array(); $type = array(); $continent = array(); $location = array(); $lv = array(); $drops0 = array(); $drops1 = array(); $drops2 = array(); $drops3 = array(); $drops4 = array(); $drops5 = array(); $drops6 = array(); // Fill the arrays with the data from the database for ($i = 0; $i < $num_rows; $i++) { $name[$i] = $rows[$i]["Name"]; $genus[$i] = $rows[$i]["Genus"]; $type[$i] = $rows[$i]["Type"]; $continent[$i] = $rows[$i]["Continent"]; $location[$i] = $rows[$i]["Location"]; $lv[$i] = $rows[$i]["Lv"]; $drops0[$i] = $rows[$i]["Drops0"]; $drops1[$i] = $rows[$i]["Drops1"]; $drops2[$i] = $rows[$i]["Drops2"]; $drops3[$i] = $rows[$i]["Drops3"]; $drops4[$i] = $rows[$i]["Drops4"]; $drops5[$i] = $rows[$i]["Drops5"]; $drops6[$i] = $rows[$i]["Drops6"]; } $data = array(); $data[0] = $name; $data[1] = $genus; $data[2] = $type; $data[3] = $continent; $data[4] = $location; $data[5] = $lv; $data[6] = $drops0; $data[7] = $drops1; $data[8] = $drops2; $data[9] = $drops3; $data[10] = $drops4; $data[11] = $drops5; $data[12] = $drops6; return $data; }
/** * Object constructor. * * @param mixed $result Resource returned by db::query or mysqli_query * @param callable $mapper Optional callback mapper for the fetch method */ public function __construct(\MySQLi_Result $result, $mapper = null) { $this->result = $result; $this->row = 0; $this->mapper = $mapper; $this->num_rows = mysqli_num_rows($result); }
public function getRecordList($page) { if (is_null($page)) { $page = 0; } $page = mysqli_real_escape_string(parent::getDb(), $page); $qRecord = mysqli_real_escape_string(parent::getDb(), $this->qRecord); $qBand = mysqli_real_escape_string(parent::getDb(), $this->qBand); $qGenre = mysqli_real_escape_string(parent::getDb(), $this->qGenre); $qPerformer = mysqli_real_escape_string(parent::getDb(), $this->qPerformer); $start_index = $page * NUM_OF_RESULTS; if ($qPerformer === '') { $query = "SELECT DISTINCT record.record_id, record.record_name, \n \t\t\t\trecord.record_artwork, band.band_name \n\t\t\t\tFROM record\n\t\t\t\tLEFT OUTER JOIN band\n\t\t\t\tON record.band_id = band.band_id\n\t\t\t\tLEFT OUTER JOIN genre\n\t\t\t\tON record.genre_id = genre.genre_id\n\t\t\t\tWHERE record.record_name LIKE '%{$qRecord}%' AND COALESCE(genre.genre_name,'') LIKE '%{$qGenre}%'\n\t\t\t\tAND band.band_name LIKE '%{$qBand}%' \n\t\t\t\tORDER BY record.record_id"; } else { $query = "SELECT DISTINCT record.record_id, record.record_name, \n \t\t\t\trecord.record_artwork, band.band_name \n\t\t\t\tFROM record\n\t\t\t\tLEFT OUTER JOIN band\n\t\t\t\tON record.band_id = band.band_id\n\t\t\t\tLEFT OUTER JOIN genre\n\t\t\t\tON record.genre_id = genre.genre_id\n\t\t\t\tLEFT OUTER JOIN bandmate\n\t\t\t\tON record.band_id = bandmate.band_id\n\t\t\t\tLEFT OUTER JOIN performer\n\t\t\t\tON bandmate.performer_id = performer.performer_id\n\t\t\t\tWHERE record.record_name LIKE '%{$qRecord}%' AND COALESCE(genre.genre_name,'') LIKE '%{$qGenre}%' \n\t\t\t\tAND band.band_name LIKE '%{$qBand}%' \n\t\t\t\tAND performer.performer_name LIKE '%{$qPerformer}%'\n\t\t\t\tORDER BY record.record_id"; } $countRows = mysqli_query(parent::getDb(), $query); $this->countResults = mysqli_num_rows($countRows); $result = mysqli_query(parent::getDb(), $query . " DESC LIMIT {$start_index}, " . NUM_OF_RESULTS); $list = null; if ($result) { while ($data = $result->fetch_assoc()) { $list[] = $data; } } if (sizeof($list) !== 0) { $this->foundResults = true; } else { $this->foundResults = false; } return isset($list) ? $list : null; }
function query($SQL, $select = false) { static $CONFIG = ['server' => 'localhost', 'username' => 'root', 'password' => 'root', 'database' => 'wt']; static $connection; if (!isset($connection)) { // Create connection $connection = mysqli_connect($CONFIG['server'], $CONFIG['username'], $CONFIG['password'], $CONFIG['database']); if (!$connection) { die('Could not connect to database!'); } } if ($select) { // IS A SELECT QUERY, RETURN ARRAY $results = mysqli_query($connection, $SQL); $toReturn = []; if (mysqli_num_rows($results) > 0) { while ($result = mysqli_fetch_assoc($results)) { array_push($toReturn, $result); } } return $toReturn; } else { // RETURN BOOL if (mysqli_query($connection, $SQL)) { return true; } else { return false; } } // Execute SQL }
function check_login($dbc, $name = '', $password = '') { $errors = array(); if (empty($name)) { $errors[] = 'you forget to input your ID'; } else { $e = mysqli_real_escape_string($dbc, trim($name)); } if (empty($password)) { $errors[] = 'you forget to input your password'; } else { $p = mysqli_real_escape_string($dbc, trim($password)); } if (empty($errors)) { $q = "SELECT name FROM Manager where name= '{$e}' AND Cro = '{$p}'"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { $row = mysqli_fetch_array($r, MYSQLI_ASSOC); return array(ture, $row); } else { $errors[] = 'your name OR password did not match!'; } } return array(false, $errors); }
function login($username, $password) { $sql = mysqli_query($this->connect, "SELECT * FROM `register` WHERE `username`='{$username}' and `password`='{$password}'") or die(mysqli_error()); if (mysqli_num_rows($sql) > 0) { return true; } }
public function addUpdate($title, $body, $target, $source) { $con = $this->connect(); $title = mysqli_real_escape_string($con, $title); $body = mysqli_real_escape_string($con, $body); $target = mysqli_real_escape_string($con, $target); $source = mysqli_real_escape_string($con, $source); $query = "INSERT INTO news VALUES(null, '{$title}', '{$body}','{$target}', NOW(),'{$source}')"; $res = mysqli_query($con, $query) or die("Couldn't execute query: " . mysqli_error($con)); if ($res) { $id = mysqli_insert_id($con); $query = "SELECT * FROM news WHERE id = {$id}"; $update = mysqli_query($con, $query); if (mysqli_num_rows($update) > 0) { $rows = array(); while ($row = mysqli_fetch_array($update, MYSQLI_ASSOC)) { $rows[] = $row; } return $rows; } else { return false; } } else { return false; } $this->close(); }
function venda($conn, $idUsuario, $idCliente) { $data = date('Y-m-d h:m:s'); $statusVenda = '1'; /* statusVenda (0) = cancelada statusVenda (1) = aberda statusVenda (2) = concluida */ $sqlVenda = "SELECT * FROM venda WHERE id_usuario='{$idUsuario}' AND id_cliente='{$idCliente}'"; // $sVenda = mysqli_query($conn, $sqlVenda); if (!mysqli_num_rows($sVenda)) { /* Verificando a existencia dessa venda, relacao funcionario cliente */ $insert_pedido = "INSERT INTO venda (id_usuario, data, id_cliente, statusVenda) VALUE\n ('{$idUsuario}', '{$data}', '{$idCliente}', '{$statusVenda}')"; mysqli_query($conn, $insert_pedido); $idVenda = mysqli_insert_id($conn); /* ID referente a esta venda */ } else { /* --- Encontrar o id relacionado a essa venda */ $sql = "SELECT idVenda FROM venda WHERE id_cliente='{$idCliente}' AND id_usuario='{$idUsuario}'"; $query = mysqli_query($conn, $sql); $getId = mysqli_fetch_array($query); $idVenda = $getId['idVenda']; } return $idVenda; }
function getstockprice() { global $con; $sql = "SELECT ROUND(current_stock_price, 1) as ct , ROUND(last_stock_price, 1) as lt from stocks"; $query = mysqli_query($con, $sql); if (!$query && !mysqli_num_rows($query)) { throw new Exception('Error in SQL'); } $i = 1; $ret = array(); while ($row = mysqli_fetch_assoc($query)) { if ($row['ct'] > $row['lt']) { $direction = 'up'; $color = 'green'; } else { $direction = 'down'; $color = 'red'; } $arr[$i] = array($row['ct'], $direction, $color); array_push($ret, $arr[$i]); $i++; } mysqli_close($con); return $ret; }
function connexion() { try { //si le login et le mdp existent if (isset($_POST["login"]) && isset($_POST["mdp"])) { // récupération sécurisée du mdp et du login dans des variables $login = htmlspecialchars(addslashes(trim(strtoupper($_POST['login'])))); $password = htmlspecialchars(addslashes(trim(md5($_POST['mdp'])))); $_SESSION['login'] = $login; $query = "SELECT COL_NO, TAU_NO, COL_NOM, COL_PRENOM, COL_MNEMONIC FROM COLLABORATEUR WHERE COL_MNEMONIC='" . $login . "' AND (COL_PASSWORD='******' OR COL_PASS_ALL='" . $password . "')"; $result = $GLOBALS['connexion']->query($query); if (mysqli_num_rows($result) == 1) { $connection = true; $row = $result->fetch_assoc(); $_SESSION['col_id'] = $row['COL_NO']; $_SESSION['accreditation'] = $row['TAU_NO']; $_SESSION['nom'] = $row['COL_NOM']; $_SESSION['prenom'] = $row['COL_PRENOM']; $_SESSION['mnemonic'] = $row['COL_MNEMONIC']; header("Location: accueil.php"); //header ("Location: accueil_bloque.php"); } else { $_SESSION = array(); session_destroy(); return '<script>alert("Identifiant et/ou mot de passe incorrect");</script>'; } } else { $connection = false; } } catch (Exception $e) { // message en cas d'erreur die('Erreur : ' . $e->getMessage()); } return ''; }
function login($user, $pass) { $con = new db(); $conc = $con->c(); $kcook = intval($_POST["remember"]); $q = mysqli_query($conc, "SELECT `id`,`user`,`name`,`email`,`img1`,`img2`,`img3`,`bgcolor` FROM `users` WHERE (`user` = '{$user}' OR `email` ='{$user}') AND pass = '******'"); if (mysqli_num_rows($q) == 1) { $r = mysqli_fetch_array($q); setcookie("u", $r[1], time() + 52 * 60 * 60 * 24 * 7); $_SESSION["uid"] = $r[0]; $_SESSION["user"] = $r[1]; $_SESSION["name"] = $r[2]; $_SESSION["email"] = $r[3]; $_SESSION["p"] = $pass; $_SESSION["color"] = $r[7]; $_SESSION["img1"] = $r[4]; $_SESSION["img2"] = $r[5]; $_SESSION["img3"] = $r[6]; $_SESSION["ula"] = md5("{$r['1']} {$pass} {$r['0']}"); $con->close_db_con($conc); if ($kcook == 1) { setcookie("u", $r[1], time() + 2 * 60 * 60 * 24 * 7); setcookie("p", $pass, time() + 2 * 60 * 60 * 24 * 7); } return true; } else { return false; } }
function login2($user, $pass) { $con = new db(); $conc = $con->c(); $kcook = intval($_POST["remember"]); $q = mysqli_query($conc, "SELECT `id`,`user`,`name`,`email`,`img1`,`img2`,`img3`,`bgcolor` FROM `users` WHERE (`user` = '{$user}' OR `email` ='{$user}') AND pass = '******'"); if (mysqli_num_rows($q) == 1) { $r = mysqli_fetch_array($q); setcookie("u", $r[1], time() + 52 * 60 * 60 * 24 * 7, "/"); $_SESSION["uid"] = $r[0]; $_SESSION["user"] = $r[1]; $_SESSION["name"] = $r[2]; $_SESSION["email"] = $r[3]; $_SESSION["p"] = $pass; $_SESSION["color"] = $r[7]; $_SESSION["img1"] = $r[4]; $_SESSION["img2"] = $r[5]; $_SESSION["img3"] = $r[6]; $_SESSION["ula"] = md5("{$r['1']} {$pass} {$r['0']}"); $con->close_db_con($conc); if (!valid_name($_SESSION["user"])) { $_SESSION["set_user"] = "******"; header("location: ./?settings"); } else { if ($kcook == 1) { setcookie("um", $r[1], time() + 52 * 60 * 60 * 24 * 7, "/"); setcookie("pm", $pass, time() + 52 * 60 * 60 * 24 * 7, "/"); } return true; } } else { return false; } }
function login($username, $passwd) { //check username and password with db //if yes return true //else throw exception //connect to db include 'db_fns.php'; if (!$conn) { die . mysqli_error(); } else { $username = $_POST['username']; $passwd = $_POST['passwd']; $username = stripslashes($username); $passwd = stripslashes($passwd); $username = mysqli_real_escape_string($conn, $username); $passwd = mysqli_real_escape_string($conn, $passwd); //check if username is unique $result = mysqli_query($conn, "SELECT username, passwd FROM usertable WHERE username='******' AND passwd=sha1( '" . $passwd . "') ") or die("Query failed." . mysqli_error()); $row = mysqli_num_rows($result); if ($row == 1) { session_start(); $_SESSION['valid_user'] = $username; ob_end_clean(); header("Location: member.php"); exit; } else { die('Could not log you in. Username invalid.'); do_html_URL('index.php', 'Login'); exit; } } }
/** * This method will handle user login process * @param array $data * @return boolean true or false based on success or failure */ public function login(array $data) { $_SESSION['logged_in'] = false; if (!empty($data)) { // Trim all the incoming data: $trimmed_data = array_map('trim', $data); // escape variables for security $email = mysqli_real_escape_string($this->_con, $trimmed_data['email']); $password = mysqli_real_escape_string($this->_con, $trimmed_data['password']); if (!$email || !$password) { throw new Exception(LOGIN_FIELDS_MISSING); } $password = md5($password); $query = "SELECT id, name, email, created FROM users where email = '{$email}' and password = '******' "; $result = mysqli_query($this->_con, $query); $data = mysqli_fetch_assoc($result); $count = mysqli_num_rows($result); mysqli_close($this->_con); if ($count == 1) { $_SESSION = $data; $_SESSION['logged_in'] = true; return true; } else { throw new Exception(LOGIN_FAIL); } } else { throw new Exception(LOGIN_FIELDS_MISSING); } }