public function view($page_name)
{
$page_name = sqlSafe($page_name);
$data = $this->Program->getProgram($page_name);
$this->set("title", $data['pages_title']);
$this->set("program", $data);
}
function error_logger($name = "Error", $message = "")
{
$sName = sqlSafe($name);
$sMsg = sqlSafe($message);
$sDate = sqlSafe(date("Y-m-d H:i:s"));
$query = "INSERT INTO error_log (`timestamp`,`error_name`,`error_description`) VALUES ({$sDate},{$sName},{$sMsg});";
writeQuery($query);
}
function saveStats($stats, $id, $type)
{
$date = sqlSafe(date("Y-m-d H:i:s"));
$followers = sqlSafe($stats['followers']);
$id = sqlSafe($id);
$type = sqlSafe($type);
$query = "INSERT INTO account_stats (`user_id`, `act_type`, `record_date`, `followers`)\n VALUES ({$id}, {$type}, {$date}, {$followers})";
print $query;
$result = writeQuery($query);
}
/**
* Remove the category
*
* @param String $name The name of the category to be removed
*/
function remove($name)
{
$this->set("title", "Remove category");
$name = sqlSafe($name);
if ($this->Categorie->removeCategory($name) == false) {
$this->set("message", "Unable to remove category");
} else {
$this->set("message", "Category removed");
}
}
function createAccount($email, $name)
{
$query = "INSERT INTO accounts (`email`, `fullname`) VALUES (" . sqlSafe($email) . ", " . sqlSafe($name) . ")";
if (writeQuery($query)) {
authorize($email);
return true;
} else {
var_dump(getSQLerrors());
return false;
}
}
function getFollowers($id, $timestamp)
{
$day = 24 * 60 * 60;
$sdate = sqlSafe(date('Y-m-d H:i:s', $timestamp - $day / 2));
$edate = sqlSafe(date('Y-m-d H:i:s', $timestamp + $day / 2));
$id = sqlSafe($id);
$query = "SELECT followers FROM account_stats WHERE user_id = {$id} AND (record_date BETWEEN {$sdate} AND {$edate})";
//print $query;
$result = readQuery($query);
if ($result) {
if ($row = $result->fetch_row()) {
return $row[0];
}
}
return null;
}
function createProject()
{
$account = getAccount();
$projdue = tryRetrieve($_POST, 'projDue');
$projtime = strtotime($projdue);
$duedate = sqlsafe(date("Y-m-d H:i:s", $projtime));
$title = sqlSafe(tryRetrieve($_POST, 'projName'));
//$notes = sqlSafe(tryRetrieve($_POST, 'projNotes'));
$query = "INSERT INTO projects (account_id, duedate, title) VALUES ({$account}, {$duedate}, {$title})";
if (writeQuery($query)) {
$id = getInsertID();
//Now give the project a hash
$hash = sqlSafe(hash('adler32', $id));
$query = "UPDATE projects SET hash={$hash} where id='{$id}'";
if (writeQuery($query)) {
$_SESSION['project'] = $id;
return getProjectInfo();
}
}
return null;
}
/**
* Prepare the Mail for sending
*
* @param String $to The address of the recipient
* @param String $subject The subject of the mail
* @param String $content The content of the mail
*
* @returns void
*/
function prepareMail($to, $subject, $content)
{
$this->to = $to;
$this->subject = $subject;
$this->content = sqlSafe($content);
}
/**
* Create new page
*/
function newpage()
{
initiateSession();
if (!isset($_SESSION['admin_hash'])) {
header("LOCATION: /admins/index");
}
$this->set("title", "New Page");
if (isset($_POST['post_page'])) {
if (!isset($_POST['post_title'])) {
$this->set("message", "Title is required");
return;
} else {
if (!isset($_POST['post_category'])) {
$this->set("message", "Page category is required");
} else {
if (!isset($_FILES['featured_image']) && !isset($_FILES['multiple_image'])) {
$this->set("message", "A feature image and supporting images must be uploaded");
} else {
$title = sqlSafe($_POST['post_title']);
if (isset($_POST['post_description'])) {
$description = sqlSafe($_POST['post_description']);
} else {
$description = null;
}
$category = sqlSafe($_POST['post_category']);
$date = date("Y-m-d H:i:s");
$status = "published";
$image = new Media($_FILES['featured_image']);
if ($image->validate() == false) {
$this->set("message", "Media File format not supported");
} else {
if ($image->setUploadPath(ROOT . DS . 'public' . DS . 'uploads' . DS . 'pages') == false) {
$this->set("message", "path error");
return;
}
if ($image->moveUploadedMedia() == false) {
$this->set("message", "Unable to upload media");
return;
} else {
$imageData = $image->getUploadData();
$imagePath = $imageData['upload_path'];
}
$moreImages = $this->uploadMultipleImage($_FILES['multiple_image']);
//echo $moreImages;
}
if ($this->Admin->newPage($title, $description, $category, $imagePath, $date, $status, $moreImages) == false) {
$this->set("message", "Unable to add new page");
} else {
$this->set("message", "New Page added successfully");
}
}
}
}
}
}
function getChildren($irn)
{
$irn = sqlSafe($irn);
$query = "SELECT c.irn, c.title, c.accession_no, c.location_barcode, c.location_name, c.barcode FROM children c LEFT JOIN objects o ON (o.irn = c.parent_irn) WHERE c.parent_irn = {$irn} AND (c.location_name != o.location_name OR o.location_name is null) order by c.accession_no";
$result = readQuery($query);
//var_dump($query);
$child = array();
while ($row = $result->fetch_assoc()) {
array_push($child, $row);
}
return $child;
}
/**
* Remove the post from the database
*
* @param Int $id The ID of the post to be removed
*/
function remove($id)
{
$this->set("title", "Blog");
initiateSession();
if (!isset($_SESSION['user_id'])) {
$this->set("message", "No permission to remove post");
} else {
if ($this->Blog->removePost(sqlSafe($id)) == false) {
$this->set("message", "Unable to remove post");
} else {
$this->set("message", "Post removed");
}
}
}
function SDticket($project)
{
$results = genSD($project);
if (isset($results)) {
$query = "UPDATE projects SET `SDurl` = " . sqlSafe($results['url']) . " WHERE id = " . sqlSafe($project);
writeQuery($query);
print json_encode(array("url" => $results['url']));
}
}
/**
* Reset Password
*
* @param String $username The username for password reset
* @param String $activationhash The reset code
*
*/
function reset($username, $activationhash)
{
$this->set("title", "IEEE NIEC | New Password");
$username = sqlSafe($username);
$activationhash = sqlSafe($activationhash);
$hash = $this->User->getUserPassword($username);
if ($hash == false) {
$this->set("message", "Invalid account");
} else {
if ($activationhash == md5($hash)) {
$this->User->updateStatus($username, 1);
$this->set("message", "Reset Your password");
} else {
$this->set("message", "Invalid activation hash");
}
}
}
/**
* Remove Image
*
* @param Int $id The ID of the image to be removed
*/
function remove($id)
{
initiateSession();
if (!isset($_SESSION['user_id'])) {
$this->set("message", "User not logged in");
} else {
$id = sqlSafe($id);
if ($this->Picture->removePicture($id) == false) {
$this->set("message", "Unable to remove picture");
} else {
$this->set("message", "Picture removed");
}
}
}
function attachObject($record)
{
$project = $_SESSION['project'];
$object = $record['irn'];
$query = "INSERT INTO `emuProjects`.`objectProject` (`project_id`, `object_irn`, object_holder) VALUES (" . sqlSafe($project) . "," . sqlSafe($object) . "," . sqlSafe($record['is_holder']) . ")";
writeQuery($query);
}
function deleteProject($project)
{
// To make this more secure check the account in the session field to ensure the account has access to the project
$query = "DELETE FROM projects WHERE id=" . sqlSafe($project);
writeQuery($query);
}
