public function processSignupForm($post)
{
$passwordLength = 8;
$firstName = parent::getEscaped($post['firstName']);
$lastName = parent::getEscaped($post['lastName']);
$email = parent::getEscaped($post['email']);
$phoneNum = parent::getEscaped($post['phoneNum']);
$username = parent::getEscaped(strtolower($post['username']));
$password = parent::getEscaped($post['password']);
$confirmPass = parent::getEscaped($post['cPassword']);
$type = parent::getEscaped($post['range']);
$rangeType = 'Regular';
$res = $this->getSpecificUser($username);
//this if statement executes when the passwords are identical
if (strcmp($password, $confirmPass) === 0) {
if (count($res) == 0) {
$salt = $this->generateSalt($password, $username);
$pass = $this->hashPassword($password, $salt);
$newUser = "******";
$this->insertUser($newUser);
parent::closeConnection();
} else {
parent::printMessage("MESSAGE", "The username is already taken! please take another one", "signUp.php");
}
} else {
parent::printMessage("MESSAGE", "The password confirmation failed! Please try again", "signUp.php");
}
}
public static function createUser($username, $email, $password)
{
$datbase = new Database();
$datbase->openConnection();
mysqli_query($datbase->getConnection(), "INSERT INTO `Users`(`Username`,`Email`,`Password`) VALUES('" . mysqli_real_escape_string($datbase->getConnection(), $username) . "','" . mysqli_real_escape_string($datbase->getConnection(), $email) . "','" . mysqli_real_escape_string($datbase->getConnection(), hash("sha256", $password)) . "')");
$datbase->closeConnection();
}
function updateGameState()
{
$db = new Database();
$conn = $db->connection;
$query = "UPDATE gamestate SET timestamp = ?, pDice1 = ?, pDice2 = ?, pDice3 = ?, oDice1 = ?, oDice2 = ?, oDice3 = ? WHERE userID =" . $this->userID;
$prep = $db->prepare($query);
$prep->bind_param("iiiiiii", $this->timeStamp, ${$this}->pDice1, $this->pDice2, $this->pDice3, $this->oDice1, $this->oDice2, $this->oDice3);
$prep->execute();
$db->closeConnection();
}
function testExecutingSQLWithUnSetTablePrefixShouldFail()
{
global $TWITALYTIC_CFG;
$TWITALYTIC_CFG['table_prefix'] = 'tw_';
$this->expectException();
$db = new Database($TWITALYTIC_CFG);
$conn = $db->getConnection();
$sql_result = $db->exec("SELECT \n\t\t\t\tuser_id \n\t\t\tFROM \n\t\t\t\t%prefix%users \n\t\t\tWHERE \n\t\t\t\tuser_id = 930061");
$db->closeConnection($conn);
}
public static function DeleteImage($ownerid, $imageid)
{
$database = new Database();
$database->openConnection();
$result = mysqli_query($database->getConnection(), "SELECT `ImagePath` FROM `Images` WHERE `id`='" . mysqli_real_escape_string($database->getConnection(), $imageid) . "' AND `OwnerUserID`='" . mysqli_real_escape_string($database->getConnection(), $ownerid) . "' LIMIT 1");
if (mysqli_num_rows($result) == 1) {
mysqli_query($database->getConnection(), "DELETE FROM `Images` WHERE `id`='" . mysqli_real_escape_string($database->getConnection(), $imageid) . "' AND `OwnerUserID`='" . mysqli_real_escape_string($database->getConnection(), $ownerid) . "' LIMIT 1");
unlink(__DIR__ . '/../public/' . mysqli_fetch_array($result)['ImagePath']);
}
$database->closeConnection();
}
public static function uploadFile($userid, $image)
{
$type = $image['image']['type'];
if ($type == "image/png" || $type == "image/jpg" || $type == "image/jpeg") {
if (move_uploaded_file($image['image']['tmp_name'], __DIR__ . "/../public/images/" . $image['image']['name'])) {
$database = new Database();
$database->openConnection();
mysqli_query($database->getConnection(), "INSERT INTO `Images`(`OwnerUserID`,`ImagePath`) VALUES('" . $_SESSION['User']->getID() . "','" . mysqli_real_escape_string($database->getConnection(), "images/" . $image['image']['name']) . "')");
$database->closeConnection();
}
}
}
/**
* Instantiates a new instance of the Error class with the arguments
* indicative of what type of error and a callback to close the transaction.
*
* @param array $args
* @param callable $callback
*/
public function __construct($args, $callback = false)
{
if ($callback) {
call_user_func($callback);
}
// Perform the printing of the error.
echo json_encode($args);
// Perform some cleanup.
Database::closeConnection();
// Close the program permenantly.
exit;
}
function getTokenValid($username, $token)
{
$db = new Database();
$username = $db->link->real_escape_string($username);
$db->doSQL("SELECT * FROM `Token` WHERE `userID` = '{$username}' AND `token` = '{$token}'");
$result = $db->getRecord();
if (mysqli_num_rows($result) == 0) {
return false;
} else {
return true;
}
$db->closeConnection();
}
public static function LoginUser($email, $password)
{
$datbase = new Database();
$datbase->openConnection();
$results = mysqli_query($datbase->getConnection(), "SELECT `id`,`Email`,`Password`,`IsAdmin` FROM `Users` WHERE `Email`='" . mysqli_real_escape_string($datbase->getConnection(), $email) . "' AND `Password`='" . mysqli_real_escape_string($datbase->getConnection(), hash("sha256", $password)) . "' LIMIT 1");
$resultsarray = mysqli_fetch_array($results);
$datbase->closeConnection();
if (mysqli_num_rows($results) == 1) {
return new User($resultsarray['id'], $resultsarray['Email'], $resultsarray['Password'], $resultsarray['IsAdmin'] == 1 ? true : false);
} else {
return null;
}
}
function __construct($userID)
{
$db = new Database();
$conn = $db->connection;
if ($data = $conn->query("SELECT timestamp, pointsEarned, outcome FROM gamehistory WHERE userID = " . $userID)) {
$resCount = $data->num_rows;
for ($i = 0; $i < $resCount; $i++) {
$resRow = $data->fetch_assoc();
$game = new GameResult($resRow['timestamp'], $resRow['pointsEarned'], $resRow['outcome']);
$this->hist[$i] = $game;
}
}
$db->closeConnection();
}
function __construct()
{
$db = new Database();
$conn = $db->connection;
if ($data = $conn->query("SELECT userID FROM points ORDER BY pointsTotal DESC LIMIT 5")) {
$resCount = $data->num_rows;
for ($i = 0; $i < $resCount; $i++) {
$resRow = $data->fetch_assoc();
$user = new User($resRow['userID']);
$this->leaders[$i] = $user;
}
}
$db->closeConnection();
}
function testExecutingSQLWithUnSetTablePrefixShouldFail()
{
global $THINKTANK_CFG;
$THINKTANK_TEST_CFG['table_prefix'] = 'tw_';
$THINKTANK_TEST_CFG['db_password'] = $THINKTANK_CFG['db_password'];
$THINKTANK_TEST_CFG['db_host'] = $THINKTANK_CFG['db_host'];
$THINKTANK_TEST_CFG['db_name'] = $THINKTANK_CFG['db_name'];
$THINKTANK_TEST_CFG['db_user'] = $THINKTANK_CFG['db_user'];
$this->expectException();
$db = new Database($THINKTANK_TEST_CFG);
$conn = $db->getConnection();
$sql_result = $db->exec("SELECT\n\t\t\t\tuser_id \n\t\t\tFROM \n\t\t\t\t%prefix%users \n\t\t\tWHERE \n\t\t\t\tuser_id = 930061");
$db->closeConnection($conn);
}
function __construct($userID)
{
$db = new Database();
$conn = $db->connection;
if ($data = $conn->query("SELECT userName FROM USERS WHERE userID =" . $userID)) {
$resRow = $data->fetch_assoc();
$this->userName = $resRow["userName"];
}
if ($data = $conn->query("SELECT pointsTotal FROM POINTS WHERE userID =" . $userID)) {
$resRow = $data->fetch_assoc();
$this->points = $resRow['pointsTotal'];
}
if ($data = $conn->query("SELECT * FROM gamehistory WHERE userID=" . $userID . " AND OUTCOME = 'W'")) {
$this->wins = $data->num_rows;
}
if ($data = $conn->query("SELECT * FROM gamehistory WHERE userID=" . $userID . " AND OUTCOME = 'L'")) {
$this->loss = $data->num_rows;
}
$db->closeConnection();
}
function dbLogin($username, $password)
{
$db = new Database();
$mysqli = $db->openConnection();
$sql = "SELECT salt, hash FROM users WHERE email = ?";
$stmt = $mysqli->prepare($sql);
$hash_db = NULL;
$salt_db = NULL;
if ($stmt->bind_param('s', $username)) {
if ($stmt->execute()) {
$stmt->bind_result($salt_db, $hash_db);
if (!$stmt->fetch()) {
return false;
} else {
return existingUsername($salt_db, $hash_db, $password, $username);
}
$stmt->free_result();
}
$db->closeConnection($mysqli);
}
return false;
}
public static function clearGameInProgress($uID)
{
$db = new Database();
$conn = $db->connection;
$query = "DELETE FROM gamestate WHERE userID = ?";
$prep = $conn->prepare($query);
$prep->bind_param("i", $uID);
$prep->execute();
$db->closeConnection();
}
function payedStats()
{
$db = new Database();
$db->doSQL("SELECT `payed`, COUNT(`payed`) as 'amount' FROM `Invoices` GROUP BY `payed`");
$db->closeConnection();
$result = $db->getRecord();
error_log(print_r($result, true));
if (mysqli_num_rows($result) == 0) {
return false;
} else {
return $result;
}
}
<?php
require_once 'database.inc.php';
require_once "mysql_connect_data.inc.php";
$db = new Database($host, $userName, $password, $database);
$db->openConnection();
if (!$db->isConnected()) {
header("Location: cannotConnect.html");
exit;
}
$userId = $_REQUEST['userId'];
if (!$db->userExists($userId)) {
$db->closeConnection();
header("Location: noSuchUser.html");
exit;
}
$db->closeConnection();
session_start();
$_SESSION['db'] = $db;
$_SESSION['userId'] = $userId;
header("Location: booking1.php");
$twitter_id = $api->doesAuthenticate();
if ($twitter_id > 0) {
echo "Twitter authentication successful.<br />";
$id = new InstanceDAO($db);
$i = $id->getByUsername($tu);
$oid = new OwnerInstanceDAO($db);
if (isset($i)) {
echo "Instance already exists.<br />";
$id->updatePassword($tu, $tp);
echo "Updated existing instance's password.<br />";
$oi = $oid->get($owner->id, $i->id);
if ($oi != null) {
echo "Owner already has this instance, no insert or update.<br />";
} else {
$oid->insert($owner->id, $i->id);
echo "Added owner instance.<br />";
}
} else {
echo "Instance does not exist.<br />";
$id->insert($twitter_id, $tu, $tp);
echo "Created instance with password.<br />";
$i = $id->getByUsername($tu);
$oid->insert($owner->id, $i->id);
echo "Created an owner_instance.<br />";
}
} else {
echo 'Twitter authentication failed.';
}
# clean up
$db->closeConnection($conn);
echo '<br /> <a href="' . $THINKTANK_CFG['site_root_path'] . 'account/">Back to your account</a>.';
<script src="<?php
echo PUBLIC_ROOT;
?>
js/main.js"></script>
<?php
$this->controller->addVar('csrfToken', Session::generateCsrfToken());
?>
<script>extract(<?php
echo json_encode($this->controller->vars);
?>
);</script>
<?php
if (!empty($this->controller->vars['globalPage'])) {
?>
<script>$(function(){ $(".sidebar-nav #"+(globalPage.constructor === Array? globalPage[0]: globalPage)+" a").addClass("active"); });</script>
<script>$(document).ready(initializePageEvents());</script>
<?php
}
?>
<?php
Database::closeConnection();
?>
</body>
</html>
}
$_SESSION[RegCodes::USED_USERNAME] = 2;
return false;
}
function addUser($mysqli, $email, $pwd)
{
$crypto = new Crypto();
$salt = $crypto->generateSalt(10);
$hash = $crypto->generateHash($pwd, $salt);
$sql = "INSERT INTO users(email, hash, salt, nbrAttempts) \n\t\t\tVALUES('" . $email . "', '" . $hash . "', '" . $salt . "', '0')";
$mysqli->multi_query($sql);
$_SESSION['isLoggedIn'] = 1;
$_SESSION['username'] = $email;
redirect("https://127.0.0.1/searchView.php");
}
$token = $_POST['token'];
if ($token == session_id()) {
$email = $_POST['username'];
$pwd = $_POST['password'];
$db = new Database();
$mysqli = $db->openConnection();
$usernameAvailable = isUsernameFree($mysqli, $email);
if ($usernameAvailable) {
addUser($mysqli, $email, $pwd);
} else {
redirect("https://127.0.0.1/registerView.php");
}
$db->closeConnection($mysqli);
} else {
redirect("https://127.0.0.1/index.php");
}
$cleansedCName = str_replace(" ", "_", $cleansedCName);
$vendorFolderName = $cleansedCName . '_' . $rand;
//Check if folder exists
if (file_exists($vendorFolderName)) {
$rand = rand(1, 1000000);
//Gen new rand num
$vendorFolderName = $cleansedCName . '_' . $rand;
} else {
mkdir("../../images/Vendor/" . $vendorFolderName, 0777);
//Vendor root folder
mkdir("../../images/Vendor/" . $vendorFolderName . "/products", 0777);
//folder to store product images
//Push data to the database
$insert = "INSERT INTO Vendor(vendorName, vendorAddressLine1, vendorAddressLine2, vendorCity, vendorTelephone, vendorAccountCreation,vendorFolderName,vendorDescription,vendorEmail,vendorPassword )VALUES ('{$cName}', '{$addressLine1}', '{$addressLine2}', '{$city}','{$phone}', NOW( ),'{$vendorFolderName}','{$description}','{$email}' , '{$pass1}')";
$connection->insertData($insert);
$connection->closeConnection();
}
?>
<?php
} else {
//Print All the errors instead of the account summary
echo '<div style="margin-top:20px; border:1px solid white;">';
for ($i = 0; $i < count($errors); $i++) {
echo '<center><span class="error">' . $errors[$i] . '</span></center><br>';
}
//Close for loop
echo '<script type="text/javascript">resetPassword()</script>';
echo '</div>';
public function __deconstruct()
{
$this->conn = Database::closeConnection();
}
$stmt->bind_result($itemId, $itemName, $cost);
print "<tr><th>Name</th><th>cost</th></tr>";
if ($stmt->fetch()) {
print "</th><th>" . $itemName . "</th><th>" . $cost . "</th></tr>";
} else {
print " 0 results for search: " . $search;
}
$stmt->free_result();
}
}
echo "</table>";
echo "<div>";
if (!is_null($itemName)) {
$_SESSION['itemId'] = $itemId;
$_SESSION['itemName'] = $itemName;
$database->closeConnection($mysqli);
echo "<form action='addToCart.php' method='POST'>";
echo "<input id='submit' type='submit' value='Add to cart' name= 'Add to cart'>";
//echo "<input type=\"hidden\" name=\"token\" value=\"" . session_id() . "\"/>";
echo "</form>";
echo "<form action='checkoutView.php' method='POST'>";
echo "<input id='submit' type='submit' value='Checkout' name= 'Checkout'>";
//echo "<input type=\"hidden\" name=\"token\" value=\"" . session_id() . "\"/>";
echo "</form>";
echo "</form>";
} else {
echo "<br/>";
}
echo "<form action='searchView.php' method='POST'>";
echo "<input id='submit' type='submit' value='back' name= 'back'>";
echo "</form>";
/**
* close
*
* @return void
*/
private function close()
{
return $this->dbc->closeConnection();
}
public function __construct($sql, $params, Connection $connection, Database $db)
{
try {
$stmt = $connection->prepare($sql);
$stmt->execute($params);
$this->statement = $stmt;
$this->connection = $connection;
} catch (\PDOException $e) {
// 服务端断开时重连一次
if ($e->errorInfo[1] == 2006 || $e->errorInfo[1] == 2013) {
$master_or_slave = $connection->getMasterOrSlave();
$db->closeConnection($master_or_slave, $connection->getConnectionIndex());
$connection = $db->getConnection($master_or_slave == Connection::MASTER_CONNECTION);
try {
$stmt = $connection->prepare($sql);
$stmt->execute($params);
$this->statement = $stmt;
$this->connection = $connection;
} catch (\PDOException $ex) {
$db->rollback();
throw $ex;
}
} else {
$db->rollback();
throw $e;
}
}
}
