public function getMainNavigation()
{
$d = new Database();
$d->open('hacker_blog');
$sql = "SELECT * FROM navigation ";
if ($this->type == 'private') {
$sql .= " WHERE public = 0 ";
} else {
$sql .= " WHERE private = 1 ";
}
$s = $d->q($sql);
if ($s && $d->numrows() >= 1) {
$arr = array();
while ($r = $d->mfa()) {
//print_r($r);
array_push($arr, $r);
}
$this->messages = array("success" => "Found Navigation");
$this->current = $arr;
return $arr;
$d->close();
} else {
$this->messages = array("error" => "Could not Find Navigation");
$d->close();
return false;
}
}
static function delete($delete)
{
$conn = Database::connect();
$query = "DELETE FROM `linkpreview`.`linkpreview` WHERE `id` = '" . $delete["id"] . "'";
mysqli_query($conn, $query);
Database::close($conn);
}
function delete()
{
$db = new Database();
$sql = sprintf("delete from order_props where id = %d", $this->id);
$db->executeSQL($sql, __FILE__, __LINE__, false);
$db->close();
}
function checkLogin($login, $pass)
{
$db = new Database();
//Traigo el usuario
$q = "select salt from jugador where login='******' limit 1";
$r = $db->query($q);
//Controlo que exista el usuario con el login $login
if ($db->num_rows($r) > 0) {
//Traigo el registro
$data = $db->fetch_array($r);
$salt_db = $data['salt'];
//Genero el mismo hash que se creo al registrar jugador
$hashedpass = hash('sha512', $pass . $salt_db);
$q2 = "select * from jugador where login='******' and pass=PASSWORD('{$hashedpass}')";
$r2 = $db->query($q2);
if ($db->num_rows($r2) > 0) {
return 1;
} else {
return 0;
}
} else {
alertMessage('El usuario no existe');
exit;
}
$db->close();
}
protected function cleanAndPost()
{
for ($n = 0; $n < count($this->message_information); $n++) {
//clean left and white white space, escape the string for the Database
$this->message_information[$n] = Sanitize::prepForDatabase(Sanitize::clearWhiteSpaceLR($this->message_information[$n]));
}
$d = new Database();
$d->open('hacker_blog');
//check for duplicates
$chx = $d->q("SELECT * FROM user_messages WHERE user_messages.message = '{$this->message_information[2]}'");
if ($chx && $d->numrows() <= 0) {
// id in the messages field is for the user's uid or user_id, depending on how you are moving forward with your code
$s = $d->q("INSERT into user_messages\n\t\t\t\t \t\t(user_message_id,first_name,last_name,id,message,type,added_on) VALUES\n\t\t\t\t\t\t(NULL,'{$this->message_information[0]}','{$this->message_information[1]}',NULL,'{$this->message_information[2]}','{$this->type}',now())");
if ($s) {
//echo 'made it through gauntlet. Added info into Database.';
$this->passed = true;
} else {
$this->passed = false;
}
} else {
//echo 'You have already made a comment like this.';
$this->passed = false;
}
$d->close();
//print_r($this->message_information);
}
public function save(&$user)
{
$bin = array("0", "1");
$db = new Database();
$db->query("UPDATE Badge set " . $this->label . "=" . $bin[$this->achieved] . " WHERE id='" . $user->getId() . "'");
$db->close();
}
public function getMainNavigation()
{
$d = new Database();
$d->open('hacker_blog');
$s = $d->q("SELECT * FROM navigation");
if ($s) {
$r = $d->mfa();
$this->messages = array("success" => "Found Navigation");
$d->close();
return $r;
} else {
$this->messages = array("error" => "Could not Find Navigation");
$d->close();
return false;
}
}
function __construct()
{
require_once $_SERVER['DOCUMENT_ROOT'] . '/restfulController/application/database.php';
$database = new Database();
$query = "SELECT * FROM Menu LEFT JOIN Content ON Menu.MenuContentKey = Content.ContentKey ORDER BY Menu.MenuID ASC";
$this->Menu = $database->execute($query);
$database->close();
}
static function delete($delete)
{
$conn = Database::connect();
$delete = array_map("mysql_real_escape_string", $delete);
$query = "DELETE FROM `linkpreview`.`linkpreview` WHERE `id` = '" . $delete["id"] . "'";
mysql_query($query);
Database::close($conn);
}
static function insert($save)
{
$conn = Database::connect();
$save = array_map("mysql_real_escape_string", $save);
$query = "INSERT INTO `linkpreview`.`linkpreview` (`id`, `text`, `image`, `title`, `canonicalUrl`, `url`, `description`, `iframe`)\n VALUES (NULL, '" . $save["text"] . "', '" . $save["image"] . "', '" . $save["title"] . "', '" . $save["canonicalUrl"] . "', '" . $save["url"] . "', '" . $save["description"] . "', '" . $save["iframe"] . "')";
mysql_query($query);
Database::close($conn);
}
public static function count()
{
$db = new Database();
$sql = "SELECT COUNT(distinct session_group) FROM panelmembers";
$result = $db->query($sql);
$row = $db->fetch($result);
$db->close();
return intval($row['COUNT(distinct session_group)']);
}
public function getEventById($id)
{
$sql = "select * from event where id='{$id}'";
$db = new Database();
$db->connect();
$eventInfo = $db->query_first($sql);
$db->close();
return $eventInfo;
}
function showCloumns($db, $table)
{
$d = new Database();
$d->setDB('hacker_blog');
$cols = $d->showTableColumns($table);
$d->close();
print_r($cols);
return $cols;
}
public static function count()
{
$db = new Database();
$sql = "SELECT COUNT(UID) FROM userids";
$result = $db->query($sql);
$row = $db->fetch($result);
$db->close();
return intval($row['COUNT(UID)']) - 1;
}
public function getNameById($id)
{
$sql = "select name from centre where id='{$id}'";
$db = new Database();
$db->connect();
$name = $db->query_first($sql);
$db->close();
return $name['name'];
}
public static function load()
{
// Run Global Render
self::runGlobalRende();
// Run Controller
self::runController();
// Database close conection
Database::close();
// Delivery response
self::deliveryResponse();
}
public function find($conditions)
{
$where = "where 1=1";
foreach ($conditions as $key => $value) {
$where .= " and {$key}=" . (is_numeric($value) ? $value : "'{$value}' ");
}
$db = new Database();
$db->connect();
$obj = $db->query("select * from " . $this->table_name_full . " {$where}");
$db->close();
return new response(array('body' => $obj));
}
/**
* Player ID beállítása
* @author vitozy
*/
public function setUserID()
{
if ($this->isLoggedIn() == false) {
$this->userid = 0;
$_SESSION['userid'] = 0;
} else {
$username = $_SESSION['name'];
$db = new Database();
$user = $db->getRow("SELECT * FROM users WHERE name = '{$username}'");
$db->close();
$this->userid = $user['userid'];
$_SESSION['userid'] = $user['userid'];
}
}
public function getPage($id = null)
{
if (is_int($id)) {
$this->page_id = $id;
}
$d = new Database();
$d->open('hacker_blog');
$s = $d->q("SELECT * FROM pages WHERE id = '{$this->page_id}'");
if ($s && $d->numrows() >= 1) {
return $d->mfa();
$d->close();
} else {
return false;
}
}
public function createAction()
{
$database = new Database();
$stmt = $database->getConnection()->prepare("INSERT INTO Accounts (Username, Password, SecurityLevel) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $Username, $Password, $SecurityLevel);
// set parameters and execute
$Username = $this->_params['Username'];
$Password = $this->_params['Password'];
$SecurityLevel = $this->_params['SecurityLevel'];
if ($Username != null && $Pasword != null && $SecurityLevel != null) {
$stmt->execute();
}
$stmt->close();
$database->close();
}
function getCategories()
{
@($user = $_SESSION[SESSION_USER_ID]);
@($foreignLng = $_SESSION[SESSION_FOREIGN_LANG]);
$db = new Database();
$db->open();
// TODO validation
$arrCategory = array();
$sql = sprintf("SELECT cat.id, cat.name FROM `%s` cat INNER JOIN `%s` us_cat ON cat.id = us_cat.category WHERE us_cat.user = %d AND us_cat.foreign_language = %d ORDER BY category_order", CATEGORIES, USERS_CATEGORIES_LANGUAGES, $user, $foreignLng);
$queryCategories = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_row($queryCategories)) {
$arrCategory[$row[0]] = $row[1];
}
$db->close();
return $arrCategory;
}
function login($user, $pass)
{
$db = new Database();
$id = null;
$foreign = null;
$db->open();
$sql = sprintf("SELECT us.id FROM `%s` as us WHERE us.user = '******' AND us.password = '******'", USERS, $user, $pass);
$query = mysql_query($sql) or die(mysql_error() . "<br>SQL: {$sql}");
if ($row = mysql_fetch_row($query)) {
$id = $row[0];
$sql = sprintf("SELECT us_lan.foreign_language FROM `%s` as us_lan WHERE us_lan.user = '******'", USERS_CATEGORIES_LANGUAGES, $id);
$query = mysql_query($sql) or die(mysql_error() . "<br>SQL: {$sql}");
$row = mysql_fetch_row($query);
$foreign = $row[0];
}
$db->close();
return array($id, $foreign);
}
function chk_login($username, $passwd)
{
//include('include/config.php');
//include('include/database.class.php');
global $host;
global $usr;
global $pwd;
$db = new Database($host, $usr, $pwd, "employee");
//connect database
$conn = $db->conn;
$sql = "select * from mmemployee_table where E='" . text_number($username) . "' and F='" . text_number($passwd) . "'";
$result = $db->query($sql);
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_object($result);
return $row->A . "," . $row->B . $row->C;
} else {
return false;
}
$db->close();
}
public function createBlogPost($title = null, $body = null)
{
$this->title = (string) $title;
$this->body = (string) $body;
//$this->title = Sanitize::sanitize_string($this->title);
//$this->body = Sanitize::sanitize_string($this->body);
// add database method to push into Database
// mysql_real_escape_string (php.net for use examples)
$d = new Database();
$d->open('hacker_blog');
//$d = new Database();
//$d->setDB('hacker_blog');
$s = $d->q("INSERT INTO blog_entries (blog_id,user_id,blog_title,blog_created_at,blog_updated_at,blog_body) VALUES (NULL,1,'{$this->title}',now(),now(),'{$this->body}');");
$d->close();
if ($s) {
return true;
} else {
return false;
}
}
function SiteConfigs($arr = array())
{
$this->items = array();
if (is_array($arr)) {
if (count($arr) == 0) {
$db = new Database();
$sql = "select config_keyword from siteconfig order by config_keyword";
$db->fetchRowObjects($sql, __FILE__, __LINE__, false);
foreach ($db->results as $r) {
$arr[] = $r["config_keyword"];
}
$db->close();
}
foreach ($arr as $a) {
$this->items[] = new SiteConfig($a);
}
} else {
$this->items[] = new SiteConfig($arr);
}
}
public function insertNewTransfer($eventId, $offer)
{
$insert['mode'] = $_GET['mode'];
$insert['event_id'] = $eventId;
$insert['start'] = $_POST['start'];
$insert['via'] = $_POST['via'];
$insert['destination'] = $_POST['destination'];
$insert['email'] = $_POST['email'];
$insert['name'] = $_POST['name'];
$insert['message'] = $_POST['message'];
$insert['centre_fk'] = $_SESSION['centreIdent'];
#echo "*".$_SESSION['centreIdent'];
#check for Spamrobots
if ($_SESSION['centreIdent'] != '') {
echo "Spam";
$db = new Database();
$db->connect();
$db->query_insert("transfer", $insert);
$this->debug("NEW TRANSFER ENTRY", "Inserting transfer with the following content:\n" . $this->convert($insert));
$db->close();
}
}
public static function save($id, $label, $field, $value)
{
$db = new Database();
$query = "UPDATE {$label} SET " . $field . "=" . $value . " WHERE id='" . $id . "'";
$result = $db->query($query);
$db->close();
}
<?php
//Verifico la sesion, si no tiene session mando al login
include_once "../checkSession.php";
include_once "../functions.php";
if (isset($_POST['amigo'])) {
include_once "../classes/conexiones.php";
include_once "../classes/jugador.php";
include_once "../classes/notificacion.php";
//MySQL Injection
$db = new Database();
$amigo = $db->checkInjection($_POST['amigo']);
$db->close();
//Salgo si ya son amigos o si ya se ha enviado solicitud de amistad
$j = new jugador();
$j->xId($_SESSION['id']);
$n = new notificacion();
$n->setIdJ1($_SESSION['id']);
$n->setIdJ2($amigo);
//Si ya son amigos
if ($j->isFriend($amigo)) {
echo 2;
exit;
}
//Si ya hay una invitacion de por medio acepto la invitacion o no hago nada si yo soy el que la envio
if ($j->hasRelation($amigo)) {
//Si me enviaron una solicitud de amistad
if (!$j->initFriendship($amigo)) {
if (!$j->acceptFriend($amigo)) {
echo 0;
exit;
/****** create_tables.php/Include_stuff
* FUNCTION
* Include classes and the config file.
****/
include 'config.php';
require 'class_command.php';
Database::connect();
//Connect to the database
/****** create_tables.php/Create_tables_in_db
* FUNCTION
* Creates the tables in our database.
****/
//Create content_description table
$query = "CREATE TABLE content_description (\n externalpage text NOT NULL,\n title text NOT NULL,\n description text NOT NULL,\n ages varchar(100) NOT NULL default '',\n mediadate date NOT NULL default '0000-00-00',\n priority tinyint(2) NOT NULL default 0\n);\n";
Database::sqlWithoutAnswer($query);
//Create :)
//Create content_links table
$query = "CREATE TABLE content_links (\n catid bigint(8) NOT NULL default '0',\n topic text NOT NULL,\n type varchar(20) NOT NULL default '',\n resource text NOT NULL,\n KEY catid (catid)\n);\n";
Database::sqlWithoutAnswer($query);
//Create :)
//Create structure table
$query = "CREATE TABLE structure (\n catid bigint(8) NOT NULL default '0',\n name text NOT NULL,\n title varchar(255) NOT NULL default '',\n description text NOT NULL default '',\n lastupdate datetime NOT NULL default '0000-00-00 00:00:00',\n KEY catid (catid)\n);\n";
Database::sqlWithoutAnswer($query);
//Create :)
//Create datatypes table
$query = "CREATE TABLE datatypes (\n catid bigint(8) NOT NULL default '0',\n type varchar(20) NOT NULL default '',\n resource text NOT NULL,\n KEY catid (catid)\n);\n";
Database::sqlWithoutAnswer($query);
//Create :)
Basic::printToConsole("\nTables in the database (" . DB_DATABASE . ") are successfully created!\n");
Database::close();
//Close connection
if (!isset($_SESSION['ITCLoggedInAdmin']) || !isset($_SESSION["ITCadminEmail"])) {
$json = array("status" => 0, "msg" => "You are not logged in.");
header('Content-type: application/json');
echo json_encode($json);
} else {
if (filter_input(INPUT_POST, "deleteThisAdmin") != NULL) {
$postVars = array('id');
// Form fields names
//Validate the POST variables and add up to error message if empty
foreach ($postVars as $postVar) {
switch ($postVar) {
default:
$adminObj->{$postVar} = filter_input(INPUT_POST, $postVar) ? mysqli_real_escape_string($dbObj->connection, filter_input(INPUT_POST, $postVar)) : '';
if ($adminObj->{$postVar} === "") {
array_push($errorArr, "Please enter {$postVar} ");
}
break;
}
}
//If validated and not empty submit it to database
if (count($errorArr) < 1) {
echo $adminObj->delete();
} else {
$json = array("status" => 0, "msg" => $errorArr);
$dbObj->close();
//Close Database Connection
header('Content-type: application/json');
echo json_encode($json);
}
}
}
