public static function edit($data) { $p = array('title' => array('required' => true, 'type' => 'string', 'maxlength' => 140, 'label' => 'Titulo'), 'text' => array('required' => true, 'type' => 'string', 'label' => 'Texto'), 'image' => array('required' => false, 'type' => 'thumbnail', 'label' => 'Imagen'), 'tags' => array('required' => false, 'type' => 'string', 'label' => 'Tags')); $v = new Validator(); $response = $v->validate($data, $p); if (!$response['success']) { return M::cr(false, $data, $response['msg']); } PDOSql::$pdobj = pdoConnect(); if (isset($_FILES['image']['name'])) { $response = File::up2Web($_FILES['image']); if ($response->success) { // remove old image... if (isset($data['old_image'])) { File::unlinkWeb($data['old_image']); } $image = $response->data[0]; } else { return M::cr(false, $data, $response->msg); } } else { $image = ''; } $params = array($data['title'], $data['text'], $image, $data['tags'], $data['id'], $_SESSION['userNAME']); $where = array(' id = ?', 'author = ?'); $query = "UPDATE entries SET title = ?, text = ?, image = ?, tags = ? {%WHERE%}"; PDOSql::update($query, $params, $where); return M::cr(true, array(), 'Se han actualizado los datos correctamente'); }
function connectDB($dbConfig) { $dbh = pdoConnect($dbConfig); $dbh->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); $dbh->set_charset('utf8'); return $dbh; }
static function resetPassword($data) { PDOSql::$pdobj = pdoConnect(); $hash = Sql::esc($data['h']); $type = Sql::esc($data['t']); $email = Sql::esc($data['q']); $pass1 = Sql::esc($data['pass1']); $pass2 = Sql::esc($data['pass2']); if ($pass1 !== $pass2) { return array('success' => false, 'data' => '', 'msg' => 'Las contraseñas no coinciden'); } if ($type == 'C') { $get_hash = "SELECT id, email, resetHash from clientes where email ='" . $email . "' AND resetHash = '" . $hash . "'"; $delete_hash = "UPDATE clientes set password = MD5('" . $pass1 . "'), resetHash = null where email ='" . $email . "' AND resetHash = '" . $hash . "'"; } elseif ($type == 'U') { $get_hash = "SELECT id, email, resetHash from usuarios where email ='" . $email . "' AND resetHash = '" . $hash . "'"; $delete_hash = "UPDATE usuarios set password = MD5('" . $pass1 . "'), resetHash = null where email ='" . $email . "' AND resetHash = '" . $hash . "'"; } else { return array('success' => false, 'data' => '', 'msg' => 'Problema con el reseteo'); } $h = Sql::fetch($get_hash); if (count($h) == 1) { $u = Sql::update($delete_hash); return array('success' => true, 'data' => array('id' => $h[0]['id']), 'msg' => 'Se realizo la operacion con exito.'); } else { return array('success' => false, 'data' => '', 'msg' => 'Codigo invalido'); } }
function connectDB($dbConfig) { $dbh = pdoConnect($dbConfig); $dbh->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); $dbh->exec("SET NAMES 'utf8'"); $dbh->exec("SET AUTOCOMMIT = 0"); return $dbh; }
function complete_schedule($sch_id, $status) { //$status = "CMP"; //CMP => Completed Status $query = "UPDATE scheduler SET execution_status = '" . $status . "' WHERE id = " . $sch_id; $db = pdoConnect(); $stmt = $db->prepare($query); $stmt->execute(); }
static function deleteOld() { PDOSql::$pdobj = pdoConnect(); $id = Sql::esc($id); $iduser = Sql::esc($_SESSION['userID']); $res = Sql::delete("DELETE from notifications WHERE status = '1' AND view_date < NOW() - INTERVAL 1 month"); return array('success' => true, 'data' => $res, 'msg' => ''); }
static function getData($id) { PDOSql::$pdobj = pdoConnect(); $d = PDOSql::select("SELECT name, bg_image, subtitle FROM users WHERE id = ?", array($id)); if (count($d) > 0) { $data['name'] = $d[0]['name']; $data['bg_image'] = $d[0]['bg_image']; $data['subtitle'] = $d[0]['subtitle']; return M::cr(true, $data); } else { return M::cr(false, array('user' => array()), 'No se encontraron datos del usuario'); } }
function check_if_admin_loggedin() { if (!isset($_SESSION['user_id'])) { return false; } //No user, no admin $dbh = pdoConnect(); //echo json_encode( $_SESSION['user_id'] ); $stmt = $dbh->prepare("SELECT role FROM users WHERE user_id = :user_id"); $stmt->bindParam(':user_id', $_SESSION['user_id'], PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch(); if ($row['role'] == "A") { return true; } else { return false; } }
/** * Activate user based on $user_id. * @param int $user_id the id of the user to activate. * @return boolean */ function activateUser($user_id) { // This block automatically checks this action against the permissions database before running. if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) { addAlert("danger", "Sorry, you do not have permission to access this resource."); return false; } try { global $db_table_prefix; $db = pdoConnect(); $sqlVars = array(); $query = "UPDATE " . $db_table_prefix . "users\n SET active = 1\n WHERE\n id = :user_id\n LIMIT 1"; $stmt = $db->prepare($query); $sqlVars[':user_id'] = $user_id; $stmt->execute($sqlVars); if ($stmt->rowCount() > 0) { return true; } else { addAlert("danger", "Invalid user id specified."); return false; } } catch (PDOException $e) { addAlert("danger", "Oops, looks like our database encountered an error."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } }
" ALT="" BORDER="0" WIDTH="299" HEIGHT="95"></A> <BR><BR> </CENTER> </TD> </TR></TABLE> <!-- Header table --> <?php //=================================================================================== //Identify the type of query if ((strpos($detailSelect, "sp_") ? strpos($detailSelect, "sp_") + 1 : 0) > 0 || (strpos($detailSelect, "xp_") ? strpos($detailSelect, "xp_") + 1 : 0) > 0) { $isStoredProcedure = true; } else { $isStoredProcedure = false; } //Connect to the the user database $conn_udb = pdoConnect($udb_server, $udb_name, $udb_username, $udb_password); $paramStr = ""; $paramTitle = ""; //=================================================================================== //This section constructs and runs a title query if necessary if (queryHasParams($titleSelect)) { $paramStr = buildParamTitle($titleSelect); traceHide("paramStr=" . $paramStr); $titleSelect = buildSQLQuery($titleSelect); traceHide("titleSelect=" . $titleSelect); $udbStmt = pdoQuery($titleSelect, $conn_udb); $udbRows = pdoFetch($udbStmt); $paramTitle = "<BR>"; foreach ($udbRows as $row) { foreach ($row as $fieldName => $dataItem) { $paramTitle = $paramTitle . "<span class=\"ahTitle\">" . $fieldName . ": " . $dataItem . "</span><br />";
function create_job($obj) { global $data; $data = $obj; $job_name = $data->job_name; $frequency = $data->frequency; $message = $data->message; $recipients = $data->recipients; $params = json_decode("{}"); $params->days = $data->param_days; $params->dates = $data->param_dates; $params->months = $data->param_months; //$params = $data->parameters; //die( json_encode($params) ); if ($frequency != 'I') { $start = get_php_timestamp($data->start_date); } //$end = get_php_timestamp($data->end_date); $recur = $data->recur; $schedules = array(); if ($frequency == 'I') { $start = strtotime("now"); array_push($schedules, strtotime("now")); } elseif ($frequency == 'O') { array_push($schedules, $start); } elseif ($frequency == 'D') { //array_push($schedules,$start); //$date = $start; for ($i = 0; $i < $recur; $i++) { $date = add_js_timestamp($data->start_date, $frequency, $i); array_push($schedules, $date); } } elseif ($frequency == 'W') { for ($i = 0; $i < count($params->days); $i++) { $start_week_date = get_start_day($params->days[$i], $start); for ($j = 0; $j < $recur; $j++) { $date = add_js_timestamp(date_string($start_week_date), $frequency, $j); //Add weekly count array_push($schedules, $date); } } } elseif ($frequency == 'M') { for ($i = 0; $i < count($params->months); $i++) { for ($j = 0; $j < count($params->dates); $j++) { if ($params->dates[$j] > 31) { $str = ""; //Its a special date, use it intelligently !! //String format ==> 'Last Sunday of December 2015' switch ($params->dates[$j]) { case 41: //First Day $str = "First "; break; case 42: //Second Day $str = "Second "; break; case 43: //Third Day $str = "Third "; break; case 44: //Fourth Day $str = "Fourth "; break; case 45: //Last Day $str = "Last "; break; } $day = $str; for ($k = 0; $k < count($params->days); $k++) { $str = ""; $str = $day . $days[$params->days[$k]]; $str = $str . " of "; $str = $str . "" . $months[$params->months[$i]]; $str = $str . "" . get_year($data->start_date); array_push($schedules, strtotime($str)); } } else { $date = get_month_date($params->dates[$j], $params->months[$i]); array_push($schedules, $date); } } } } //Save entries to the Database $db = pdoConnect(); $query = "INSERT INTO jobs\n\t\t\t(`name`, `frequency`, `recur`, `message`, `recipients`, `start_date`, `parameters`, `user_id`) \n\t\t\tVALUES \n\t\t\t(:name, :frequency, :recur, :message, :recipients, :start_date, :parameters, :user_id );"; $sqlVars = array(); $obj_recipients = json_decode("{}"); //Create Object $obj_recipients->values = $recipients; $sqlVars[':name'] = $job_name; $sqlVars[':frequency'] = $frequency; $sqlVars[':recur'] = $recur; $sqlVars[':message'] = $message; $sqlVars[':recipients'] = json_encode($obj_recipients); $sqlVars[':start_date'] = date_string($start); $sqlVars[':parameters'] = json_encode($params); $sqlVars[':user_id'] = ""; //$this->userID; //die( json_encode($sqlVars) ) ; $stmt = $db->prepare($query); $stmt->execute($sqlVars); $job_id = $db->lastInsertId(); $query = "INSERT INTO scheduler\n\t\t\t(`job_id`, `execution_date`) \n\t\t\tVALUES \n\t\t\t(:job_id, :execution_date);"; $sqlVars = array(); $sqlVars[':job_id'] = $job_id; $schedule_id = -1; $schedule_strings = array(); foreach ($schedules as $schedule) { $sqlVars[':execution_date'] = date_string($schedule); $stmt = $db->prepare($query); $stmt->execute($sqlVars); $schedule_id = $db->lastInsertId(); array_push($schedule_strings, array("id" => $schedule_id, "date" => date_string($schedule))); //echo date_string($schedule)."\n"; } //***** Return output ******// $history = array(); if ($frequency == 'I') { $history = send_to_recipients($obj_recipients, $message, $schedule_id); } return array("job_id" => $job_id, "schedules" => $schedule_strings, "history" => $history); }
<?php // adHocMenu.php session_start(); require_once "adHocConst.php"; require_once "adHocInclude.php"; $connAdHoc = pdoConnect(cAdHocServer, cAdHocDatabase, cAdHocUsername, cAdHocPassword); //get today's date $pageDate = dateNow(); //request sitenum takes precedent over session sitenum if (isset($_REQUEST["sitenum"])) { $siteNum = $_REQUEST["sitenum"]; } else { if (isset($_SESSION["sitenum"])) { $siteNum = $_SESSION["sitenum"]; } else { $siteNum = "1"; } } $_SESSION["sitenum"] = $siteNum; traceHide("sitenum=" . $siteNum); if (isset($_REQUEST["nextmenu"])) { $nextMenu = $_REQUEST["nextmenu"]; } else { $nextMenu = "1"; } traceHide("nextmenu=" . $nextMenu); $sql = " SELECT menu_num, line_num, title, sub_menu_num, select_stmt" . " FROM menus" . " LEFT JOIN queries ON main_query_num = query_num" . " WHERE menu_num = " . $nextMenu . " AND hidden = 0" . " ORDER BY menu_num, line_num"; $adHocStmt = pdoQuery($sql, $connAdHoc); $adHocRows = pdoFetch($adHocStmt); ?>
static function rubros() { PDOSql::$pdobj = pdoConnect(); $rubs = Sql::fetch("SELECT rubro from rubros_generales ORDER BY id"); $r = array(); foreach ($rubs as $rub) { $r[] = array('rubro' => $rub['rubro']); } return $r; }
function getCityId($cityName) { $db = pdoConnect(); $query = "SELECT id from `city` WHERE cityName = '" . $cityName . "'"; //echo $query; $stmt = $db->prepare($query); if (!$stmt->execute()) { // Error: column does not exist return -1; } else { $row = null; $row = $stmt->fetch(); if (!$row) { return -1; } else { return $row["id"]; } } return -1; }
function dbDeleteActionPermit($action_id, $type) { try { global $db_table_prefix; $db = pdoConnect(); $table = ""; if ($type == "user") { $table = "user_action_permits"; } else { if ($type == "group") { $table = "group_action_permits"; } else { return false; } } $query = "DELETE FROM " . $db_table_prefix . $table . " WHERE id = :action_id"; $stmt = $db->prepare($query); $sqlVars = array(':action_id' => $action_id); $stmt->execute($sqlVars); if ($stmt->rowCount() > 0) { return true; } else { addAlert("danger", "Invalid action_id specified."); return false; } } catch (PDOException $e) { addAlert("danger", "Oops, looks like our database encountered an error."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } catch (ErrorException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); return false; } }
<?php /* This PHP will run regularly at regular intervals */ require_once "db-settings.php"; //Require DB connection require "scheduler_functions.php"; //Require scheduler functions // Constants $status_new = "NEW"; $status_failed = "FLD"; //Current Date & time $curr_dt_time = "" . date("Y-m-d H:i:s", strtotime("now")); //Get current Date & Time //die( $curr_dt_time ); //Select Scheduler entries that are pending $db = pdoConnect(); $query = "Select sch.id, sch.job_id, job.message, job.recipients from scheduler as sch INNER JOIN jobs as job ON sch.job_id = job.id WHERE sch.execution_status IN ('" . $status_new . "','" . $status_failed . "') AND sch.execution_date <= '" . $curr_dt_time . "' "; $stmt = $db->prepare($query); $stmt->execute(); $row = $stmt->fetch(); while ($row) { //echo "<br>".json_encode($row); send_to_recipients(json_decode($row['recipients']), $row['message'], $row['id']); $row = $stmt->fetch(); }
function DataSource($table, $parameters) { $this->db = pdoConnect(); $this->table = $table; }
function fetchUserMin($user_id) { try { global $db_table_prefix; $results = array(); $db = pdoConnect(); $sqlVars = array(); $query = "select {$db_table_prefix}users.id as user_id, user_name, display_name from {$db_table_prefix}users where {$db_table_prefix}users.id = :user_id"; $sqlVars[':user_id'] = $user_id; $stmt = $db->prepare($query); $stmt->execute($sqlVars); if (!($results = $stmt->fetch(PDO::FETCH_ASSOC))) { addAlert("danger", "Invalid user id specified"); return false; } $stmt = null; return $results; } catch (PDOException $e) { addAlert("danger", "Oops, looks like our database encountered an error."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } catch (ErrorException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); return false; } }
} elseif (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 4) { $message = 'Incorrect Length for Password'; } elseif (ctype_alnum($_POST['username']) != true) { /*** if there is no match ***/ $message = "Username must be alpha numeric"; } elseif (ctype_alnum($_POST['password']) != true) { /*** if there is no match ***/ $message = "Password must be alpha numeric"; } else { /*** if we are here the data is valid and we can insert it into database ***/ $username = filter_var($_POST['username'], FILTER_SANITIZE_STRING); $password = filter_var($_POST['password'], FILTER_SANITIZE_STRING); /*** now we can encrypt the password ***/ $password = sha1($password); try { $dbh = pdoConnect(); /*** $message = a message saying we have connected ***/ /*** set the error mode to excptions ***/ //$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); /*** prepare the insert ***/ $stmt = $dbh->prepare("INSERT INTO users (username, password ) VALUES (:username, :password )"); /*** bind the parameters ***/ $stmt->bindParam(':username', $username, PDO::PARAM_STR); $stmt->bindParam(':password', $password, PDO::PARAM_STR, 40); /*** execute the prepared statement ***/ $stmt->execute(); /*** unset the form token session variable ***/ unset($_SESSION['form_token']); /*** if all is done, say thanks ***/ $message = 'New user added'; } catch (Exception $e) {