Example #1
0
 public function update()
 {
     $db = new Database();
     $db->connect();
     $returnValue;
     //if($this->isCreated()){
     $where = 'id=' . $this->getId();
     $updateInformation = array();
     $updateInformation["name"] = $db->escapeString($this->getName());
     $updateInformation["description"] = $db->escapeString($this->getDescription());
     $updateInformation["display"] = $db->escapeString($this->getDisplay());
     date_default_timezone_set('America/Chicago');
     $updateInformation["last_updated_timestamp"] = $db->escapeString(date('Y-m-d G:i:s'));
     $result = $db->update(static::$tableName, $updateInformation, $where);
     if ($result) {
         $returnValue = true;
     } else {
         $returnValue = false;
     }
     $db->disconnect();
     //}else{
     //	$returnValue = false;
     //}
     return $returnValue;
 }
Example #2
0
 public function update()
 {
     $db = new Database();
     $db->connect();
     $where = 'id=' . $this->getId();
     $updateInformation = array();
     $updateInformation['name'] = $db->escapeString($this->getName());
     $updateInformation['description'] = $db->escapeString($this->getDescription());
     $updateInformation["last_updated_timestamp"] = $db->escapeString(date('Y-m-d G:i:s'));
     $result = $db->update(static::$tableName, $updateInformation, $where);
     $db->disconnect();
     if ($result) {
         $this->setId($result);
         return $result;
     } else {
         return false;
     }
 }
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
if (isset($_POST['submit'])) {
    $newPass = $database->escapeString($_POST['newPass']);
    $confPass = $database->escapeString($_POST['confPass']);
    $code = $database->escapeString($_POST['code']);
    $hash = password_hash($newPass, PASSWORD_BCRYPT);
    if ($newPass != $confPass) {
        redirect($_SERVER['HTTP_REFERER'] . "&error=equals");
    } else {
        if (strlen($newPass) < 6) {
            redirect($_SERVER['HTTP_REFERER'] . "&error=length");
        } else {
            $user->setId($code);
            $user->setPassword($hash);
            if ($user->updatePassword()) {
                $path = "../logs";
                $dateTime = strftime("%Y-%m-%d %H:%M:%S");
                $text = "Password changed for user with ID:";
                $content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text;
                $user->setId($_SESSION['USID']);
                $user->storeLog($content, $path);
                redirect("../users.php?users=1&pass=succeed");
            } else {
Example #4
0
<?php

require_once 'db/config.php';
$con = new config(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$db = new Database($con);
$db->openConnection();
$postdata = file_get_contents("php://input");
$jsonHandle = new jsonHandler();
$requestData = $jsonHandle->decode($postdata);
$data = array();
$page = $db->escapeString($requestData->page);
$innerPage = $db->escapeString($requestData->innerPage);
if ($page == "dashboard") {
    $query = $db->query("SELECT * FROM tbl_hashtag");
    /*Overview Page*/
    if ($innerPage == "overview") {
        /*Check whether it contains tha hashtag data or not*/
        if ($db->hasRows($query)) {
            $data['hashtagArray'] = array();
            $i = 0;
            while ($row = $db->fetchAssoc($query)) {
                $hashtagName = $row['hashtagName'];
                /*Total Tweet Count*/
                $totTweetsQuery = $db->query("SELECT COUNT(DISTINCT tweet_id) FROM tweet_tags WHERE tag = '{$hashtagName}'");
                $totalTweets = $db->fetchArray($totTweetsQuery);
                $data['hashtagArray'][$i]['hashtagName'] = $hashtagName;
                $data['hashtagArray'][$i]['tweets'] = array();
                //$tweetQuery = "SELECT * FROM tweet_tags LEFT JOIN"
                $data['hashtagArray'][$i]['totalTweets'] = $totalTweets[0];
                $data['hashtagArray'][$i]['totalImpressions'] = $i + 2000;
                $data['hashtagArray'][$i]['profileVisits'] = 3000;
Example #5
0
        echo $d['id'];
        ?>
" class="btn btn-primary btn-xs">Tindak</a></td>
		</tr>
		<?php 
    }
    ?>
	</tbody>
</table>

<div class="alert alert-info" role="alert">Klik pada nama siswa atau NIS untuk melihat daftar peringatan.</div>

<?php 
} else {
    if (isset($_POST['idtindak'])) {
        $idtindak = $db->escapeString($_POST['idtindak']);
        $status = $db->escapeString($_POST['status']);
        $db->update('tindak', array('tindak' => $status, 'ubah' => wkt(), 'idguru' => $_SESSION['userid']), "id='{$idtindak}'");
        echo "Processing...";
        eksyen('Data berhasil diubah', '?hal=penindakan');
    }
    $id = mysql_real_escape_string($_GET['detail']);
    $db->select('tindak', '*', null, "id='{$id}'");
    $res = $db->getResult();
    foreach ($res as $d) {
        ?>

<div class="col-lg-12">
    <h1 class="page-header">Detail Tindakan <small>| <a href="?hal=penindakan">Kembali</a></small></h1>
</div>
<form action="" method="post">
Example #6
0
            if (isset($_GET['id'])) {
                echo '<h1 class="page-header">Ubah Data Sanksi <small>| <a href="?hal=sanksi">Kembali</a></small></h1>';
                $id = $_GET['id'];
                $db->select('sanksi', '*', NULL, "id='{$id}'", null);
                // Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions
                $jum = $db->numRows();
                if ($jum < 1) {
                    eksyen('Data tidak ditemukan', '?hal=sanksi');
                }
                $d = $db->getResult();
            } else {
                echo '<h1 class="page-header">Tambah Data Sanksi <small>| <a href="?hal=sanksi">Kembali</a></small></h1>';
            }
            if (isset($_POST['nama'])) {
                echo "Processing...";
                $nama = $db->escapeString($_POST['nama']);
                $minimal = $db->escapeString($_POST['minimal']);
                $maksimal = $db->escapeString($_POST['maksimal']);
                if (isset($_POST['id'])) {
                    $id = mysql_real_escape_string($_POST['id']);
                    $db->update('sanksi', array('nama' => $nama, 'minimal' => $minimal, 'maksimal' => $maksimal, 'ubah' => wkt()), 'id="' . $id . '"');
                    eksyen('Data berhasil diubah', '?hal=sanksi');
                } else {
                    $db->insert('sanksi', array('nama' => $nama, 'minimal' => $minimal, 'maksimal' => $maksimal, 'ubah' => wkt()));
                    $res = $db->getResult();
                    eksyen('Data berhasil diinput', '?hal=sanksi');
                }
            }
            ?>
			<form action="" method="POST" class="form-horizontal" role="form">
				<?php 
<?php

include 'class/mysql_crud.php';
$db = new Database();
$db->connect();
$data = $db->escapeString("name5@email.com");
// Escape any input before insert
$db->insert('CRUDClass', array('name' => 'Name 5', 'email' => $data));
// Table name, column names and respective values
$res = $db->getResult();
print_r($res);
Example #8
0
<?php

//header('Access-Control-Allow-Origin: *');
//header('Content-Type: application/json; charset = UTF-8');
//session_start();
require_once 'db/config.php';
$con = new config(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$db = new Database($con);
$db->openConnection();
$postdata = file_get_contents("php://input");
$jsonHandle = new jsonHandler();
$requestdata = $jsonHandle->decode($postdata);
//$requestdata = json_decode($postdata);
$userName = $db->escapeString($requestdata->userName);
$userPass = $db->escapeString($requestdata->userPass);
$data = array();
if (!empty($userName) && !empty($userPass)) {
    $query = $db->query("SELECT * FROM tbl_admin WHERE admin_user= '{$userName}' AND admin_pass = '{$userPass}'");
    if ($db->hasRows($query) > 0) {
        while ($row = $db->fetchAssoc($query)) {
            if ($row['admin_status'] == 1) {
                $_SESSION['user'] = $row['admin_user'];
                $_SESSION['loggedIn'] = true;
                $data['adminUser'] = $row['admin_user'];
                $data['adminType'] = $row['admin_type'];
                $data['adminMail'] = $row['admin_mail'];
                $data['adminContactMail'] = $row['admin_contactmail'];
                $data['loggedIn'] = true;
                /*Super admin*/
                if ($row['admin_type'] == "sadmin") {
                    $data['message'] = "You have successfully connected and too have full access over the data";
Example #9
0
 /**
  * Wrapper for the db.
  *
  * @param string $string
  * @return string
  */
 public function escapeString($string)
 {
     return $this->db->escapeString($string);
 }
Example #10
0
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
$menu = new Menu();
$links = new Links();
$pages = new Page();
if (isset($_POST['addMenuBtn'])) {
    $menuName = $database->escapeString($_POST['menuName']);
    $description = $database->escapeString($_POST['description']);
    // check if parent is set
    if (isset($_POST['parent']) && $_POST['parent'] != "" && $_POST['parent'] != null) {
        $parentLinkId = $database->escapeString($_POST['parent']);
        $links->setLinkId($parentLinkId);
        $language = $links->getSubMenusLangId($database);
    } else {
        $language = $database->escapeString($_POST['language']);
        $parentLinkId = 0;
    }
    // set values
    $menu->setLangId($language);
    $menu->setIsMain(0);
    $menu->setDescription($description);
    $menu->setParentLinkId($parentLinkId);
    $menu->setTitle($menuName);
    // do not allove a link to have two sub menus
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
$hotel = new Hotel();
$location = new Location();
$media = new Media();
if (isset($_POST['submit'])) {
    $name = $database->escapeString($_POST['name']);
    $address = $database->escapeString($_POST['address']);
    $stars = $database->escapeString($_POST['stars']);
    $destination = $database->escapeString($_POST['location']);
    $description = $database->escapeString($_POST['description']);
    $hotel->setHotelName($name);
    $hotel->setAddress($address);
    $hotel->setStars($stars);
    $hotel->setDescription($description);
    $hotel->setCityId($destination);
    if (isset($_POST['hotelId'])) {
        $hotelId = $database->escapeString($_POST['hotelId']);
        $hotel->setHotelId($hotelId);
        $hotel->update($database);
    } else {
        $hotelId = $hotel->create($database);
    }
    if (count($_FILES) != 0) {
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$user = new User();
$database = new Database();
$pageLayout = new PageLayout();
if (isset($_POST['pageLayoutList']) && $_POST['pageLayoutList'] != null) {
    foreach ($_POST['pageLayoutList'] as $pageLayoutId) {
        $pageLayout->setPageLayoutId($database->escapeString($pageLayoutId));
        $pageLayout->getById($database);
        unlink("../" . $pageLayout->getImage());
        $pageLayout->delete($database);
        $path = "../logs";
        $dateTime = strftime("%Y-%m-%d %H:%M:%S");
        $text = "Deleted page layout with id:" . $pageLayoutId . " and name: " . $pageLayout->getName();
        $content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text;
        $user->setId($_SESSION['USID']);
        $user->storeLog($content, $path);
        echo "true";
    }
} else {
    echo "false";
}
Example #13
0
}
$db->select('tipoarticulo', 'idtipoart, descripcion');
// Table name, Column Names, WHERE conditions, ORDER BY conditions
$res = $db->getResult();
$ltipoart = '';
foreach ($res as $key => $value) {
    $ltipoart .= '<option value="' . $value['idtipoart'] . '">' . $value['descripcion'] . '</option>';
}
if (isset($_POST['btnguardar'])) {
    $db->select('articulo', 'max(idarticulo) as id');
    // Table name, Column Names, WHERE conditions, ORDER BY conditions
    $res = $db->getResult();
    foreach ($res as $key => $value) {
        $id = $value['id'] + 1;
    }
    $vcodint = $db->escapeString("{$_POST['txtcodint']}");
    // Escape any input before insert
    $vmodelo = $db->escapeString("{$_POST['txtmodelo']}");
    $vdescripcion = $db->escapeString("{$_POST['txtdescripcion']}");
    $vdesetiqueta = $db->escapeString("{$_POST['txtdesetiqueta']}");
    $vdesticket = $db->escapeString("{$_POST['txtdesticket']}");
    $vdeslarga = $db->escapeString("{$_POST['txtdeslarga']}");
    $vidfotoart = $db->escapeString("{$_POST['txtidfotoart']}");
    $vcodbarra = $db->escapeString("{$_POST['txtcodbarra']}");
    $vidimpuestos = $db->escapeString("{$_POST['idimpuestos']}");
    $vidproveedor = $db->escapeString("{$_POST['txtidproveedor']}");
    $vidmarca = $db->escapeString("{$_POST['txtidmarca']}");
    $vpreciocosto = $db->escapeString("{$_POST['txtpreciocosto']}");
    $vpvp = $db->escapeString("{$_POST['txtpvp']}");
    $vmpcosto = $db->escapeString("{$_POST['txtmpcosto']}");
    $vfechact = $db->escapeString("{$_POST['txtfechact']}");
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$user = new User();
$database = new Database();
if (isset($_GET['user']) && isset($_GET['active']) && $_GET['user'] != null && $_GET['active'] != null) {
    $id = $database->escapeString($_GET['user']);
    $active = $database->escapeString($_GET['active']);
    $user->setId($id);
    $user->setActive($active);
    if ($user->changeActive($database)) {
        $path = "../logs";
        $dateTime = strftime("%Y-%m-%d %H:%M:%S");
        $text = "Enabled/Disabled user with id :" . $id;
        $content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text;
        $user->setId($_SESSION['USID']);
        $user->storeLog($content, $path);
        redirect("../users.php");
    } else {
    }
} else {
    echo "User not set";
}
Example #15
0
            if (isset($_GET['id'])) {
                echo '<h1 class="page-header">Ubah Data Tata Tertib <small>| <a href="?hal=tatatertib">Kembali</a></small></h1>';
                $id = $_GET['id'];
                $db->select('tata_tertib', '*', NULL, "id='{$id}'", null);
                // Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions
                $jum = $db->numRows();
                if ($jum < 1) {
                    eksyen('Data tidak ditemukan', '?hal=tatatertib');
                }
                $d = $db->getResult();
            } else {
                echo '<h1 class="page-header">Tambah Data Tata Tertib <small>| <a href="?hal=tatatertib">Kembali</a></small></h1>';
            }
            if (isset($_POST['nama'])) {
                echo "Processing...";
                $nama = $db->escapeString($_POST['nama']);
                $poin = $db->escapeString($_POST['poin']);
                $jenis = $db->escapeString($_POST['jenis']);
                if (isset($_POST['id'])) {
                    $id = mysql_real_escape_string($_POST['id']);
                    $db->update('tata_tertib', array('nama' => $nama, 'poin' => $poin, 'jenis' => $jenis, 'ubah' => wkt()), 'id="' . $id . '"');
                    eksyen('Data berhasil diubah', '?hal=tatatertib');
                } else {
                    $db->insert('tata_tertib', array('nama' => $nama, 'poin' => $poin, 'jenis' => $jenis, 'ubah' => wkt()));
                    $res = $db->getResult();
                    eksyen('Data berhasil diinput', '?hal=tatatertib');
                }
            }
            ?>
			<form action="" method="POST" class="form-horizontal" role="form">
				<?php 
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
$post = new Post();
$media = new Media();
if (isset($_POST['submit'])) {
    //print_r($_FILES['mediaUploads']);
    $title = $database->escapeString($_POST['title']);
    $undertitle = $database->escapeString($_POST['undertitle']);
    $pageId = $database->escapeString($_POST['pageId']);
    $body = $database->escapeString($_POST['body']);
    $d = new DateTime();
    $date = $d->format('Y-m-d H:i');
    $userId = $_SESSION['USID'];
    $post->setTitle($title);
    $post->setUnderTitle($undertitle);
    $post->setPageId($pageId);
    $post->setBody($body);
    $post->setDate($date);
    $post->setUserId($userId);
    if (isset($_POST['postId'])) {
        $postId = $database->escapeString($_POST['postId']);
        $post->setPostId($postId);
        $post->update($database);
        $post->deleteCategories($database);
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
$category = new Category();
if ($_POST['category']) {
    $category->setCategoryId($database->escapeString($_POST['categoryId']));
    foreach ($_POST as $key => $value) {
        if ($key == "categoryId" || $key == "submit") {
            continue;
        }
        $category->update($database, $key, $value);
    }
    redirect("../posts.php?posts=4&category={$_POST['categoryId']}");
} else {
    echo "<h2>Problem in editing category. Try again later or contact your administrator.</h2>";
}
Example #18
0
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$user = new User();
$database = new Database();
$page = new Page();
if (isset($_POST['pageList']) && $_POST['pageList'] != null) {
    foreach ($_POST['pageList'] as $pageId) {
        $page->setPageId($database->escapeString($pageId));
        $page->delete($database);
        $path = "../logs";
        $dateTime = strftime("%Y-%m-%d %H:%M:%S");
        $text = "Deleted page with id:" . $pageId;
        $content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text;
        $user->setId($_SESSION['USID']);
        $user->storeLog($content, $path);
        echo "true";
    }
} else {
    echo "false";
}
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
$widget = new Widget();
$menu = new Menu();
$post = new Post();
if (isset($_POST['widgetName'])) {
    $widgetId = $database->escapeString($_POST['widgetName']);
    $widgetName = "Widget " . $widgetId;
    $widget->setWidgetId($widgetId);
    $widget->setName($widgetName);
    $widget->setMenuId(0);
    $widget->setPostId(0);
    if ($widget->create($database)) {
        echo "true";
    } else {
        echo "false";
    }
} else {
    if (isset($_POST['widgetIds'])) {
        foreach ($_POST['widgetIds'] as $widgetId) {
            $widget->setWidgetId($widgetId);
            $widget->delete($database);
        }
        echo "true";
Example #20
0
    echo $row["active"] . "<br />";
    echo "- - - - - <br><br>";
}
echo "<br/><br/>";
// Delete Rows
echo "Delete Rows";
echo "<br />------------------<br />";
// [Table name], [WHERE]
$db->delete('posts', 'id=5');
$response = $db->getResponse();
echo $response[0] == TRUE ? 'TRUE' : 'FALSE';
echo "<br/><br/>";
// Insert Rows
echo "Insert Rows";
echo "<br />------------------<br />";
$title = $db->escapeString("Title 5");
// Escape String
$content = $db->escapeString("Lorem Ipsum");
// Escape String
$db->insert('posts', array('id' => 5, 'title' => $title, 'slug' => 'title-5', 'content' => $content, 'category' => 'Category 5', 'keywords' => 'keyword 1 keyword 2', 'image' => 'image', 'create' => date("Y-m-d H:i:s"), 'update' => NULL, 'active' => TRUE));
$response = $db->getResponse();
echo $response[0] == TRUE ? 'TRUE' : 'FALSE';
echo "<br/><br/>";
// Update Rows
echo "Update Rows";
echo "<br />------------------<br />";
// [Table name], [UPDATE Values], [WHERE]
$db->update('posts', array('active' => FALSE), 'id=5 AND active=TRUE');
$response = $db->getResponse();
echo $response[0] == TRUE ? 'TRUE' : 'FALSE';
echo "<br/><br/>";
<?php

include 'includes.php';
$partController = new PartController();
$categoryId = $_GET['id'];
$db = new Database();
$db->connect();
$db->delete("categories", "id=" . $categoryId);
$update = array();
$update["parent_id"] = $db->escapeString(null);
$db->update("categories", $update, "parent_id=" . $categoryId);
$db->delete("category_connector", "category_id=" . $categoryId);
header("Location: /admin/categories");
$tags = $_POST['tags'];
//Gets array of categories
$categories = $_POST['categories'];
$db = new Database();
$db->connect();
//CATEGORIES
$db->select("category_connector", "category_id", null, "item_id=" . $id);
$existingCategories = array_column($db->getResult(), 'category_id');
//GET ALL Grandparent Cats
$db->select("categories", "id", null, "parent_id = 0");
$grandparentCats = array_column($db->getResult(), 'id');
foreach ($categories as $key => $categoryId) {
    $pos = array_search($categoryId, $existingCategories);
    if ($pos === false) {
        $sanitizedInformation = array();
        $sanitizedInformation["category_id"] = $db->escapeString($categoryId);
        $sanitizedInformation["item_id"] = $db->escapeString($id);
        $db->insert("category_connector", $sanitizedInformation);
        checkForParentCat($categoryId);
    } else {
        checkForParentCat($existingCategories[$pos]);
        unset($existingCategories[$pos]);
    }
}
//remove categories that were attached but were removed from the list
foreach ($existingCategories as $key => $categoryId) {
    $result = $db->delete("category_connector", "category_id=" . $categoryId . " AND item_id=" . $id);
}
function checkForParentCat($catId)
{
    global $existingCategories;
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
if (isset($_POST['privilege']) && isset($_POST['userId'])) {
    $isOk = false;
    $userID = $database->escapeString($_POST['userId']);
    $privilegeId = $database->escapeString($_POST['privilege']);
    if ($_SESSION['USPRID'] == 1) {
        $isOk = true;
    } else {
        if ($_SESSION['USPRID'] == 2) {
            $user->setId($userID);
            $user->getById($database);
            if ($user->getCompanyId() == $_SESSION['CID']) {
                $isOk = true;
            }
        }
    }
    if ($isOk) {
        $user->setPrivilegeId($privilegeId);
        $user->setId($userID);
        if ($user->changePrivilege()) {
            echo "true";
        } else {
            echo "false";
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
$language = new Language();
if (isset($_GET['langId'])) {
    $langId = $database->escapeString($_GET['langId']);
    $language->setId($langId);
    $language->setDefault(1);
    if ($language->updateDefault($database)) {
        redirect("../settings.php?settings=1");
    } else {
        echo "<h2>Default language cannot be change. Contact your administrator</h2>";
    }
} else {
    echo "<h2>Try again or contact your administrator</h2>";
}
Example #25
0
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$user = new User();
$database = new Database();
$page = new Page();
// check the parameters
if (isset($_GET['page']) && isset($_GET['active']) && $_GET['page'] != null && $_GET['active'] != null) {
    // set page id
    $pageId = $database->escapeString($_GET['page']);
    $page->setPageId($pageId);
    // change the visibility otherwise
    if ($_GET['active'] == 1) {
        $visibility = 0;
        $page->setVisibility($visibility);
        $page->chageVisibility($database);
        redirect("../pages.php?pages=1");
    } else {
        if ($_GET['active'] == 0) {
            $visibility = 1;
            $page->setVisibility($visibility);
            $page->chageVisibility($database);
            redirect("../pages.php?pages=1");
        } else {
            echo "<h1>Go back and try again or contact your Administrator<br>There is something wrong with the visibility value</h1>";
        }
    }
Example #26
0
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
$menu = new Menu();
$links = new Links();
$pages = new Page();
if (isset($_GET['menuid']) && $_GET['menuid'] != null) {
    $menuId = $database->escapeString($_GET['menuid']);
    $links->setMenuId($menuId);
    $menu->setMenuId($menuId);
    // look if this menu is a main menu
    $isMain = $menu::getMainMenuId($database);
    // delete menu with his links
    if ($links->deleteByMenu($database) && $menu->delete($database)) {
        // make main menu the next top menu
        if ($isMain == $menuId) {
            $menu->makeTopMenuToMain($database);
        }
        redirect("../pages.php?pages=4");
    } else {
        echo "<h1>Contact your administrator</h1>";
    }
} else {
    echo "<h1>DELETION FAILED! Go back and try again or contact your administrator</h1>";
}
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
$category = new Category();
if (isset($_POST['categoryName'])) {
    $categoryName = $database->escapeString($_POST['categoryName']);
    $parent = $database->escapeString($_POST['parent']);
    $category->setCategory($categoryName);
    $category->setInherit($parent);
    if ($category->create($database)) {
        echo "true";
    } else {
        echo "false";
    }
} else {
    if (isset($_POST['categoryId'])) {
        foreach ($_POST['categoryId'] as $categoryId) {
            $category->setCategoryId($categoryId);
            $category->delete($database);
            $category->deleteCategories($database);
        }
        echo "true";
    } else {
        echo "Try again later";
    }
Example #28
0
/**
 * this function uploads the pdf file from the form to the respective directory papers/course/level/filename.pdf
 */
function uploader()
{
    /**
     * the default max_upload_filesize in php is 2 mb
     * so if a larger file is to be uploaded then go to php.ini inside xampp/apache and change the value of max_upload_filesize as required 
     */
    $target_dir = 'C:/xampp/htdocs/QuestionBank/papers/';
    //folder where the file is to be stored
    $conn = new Database();
    //creating new connection
    $conn->connect();
    //connecting to the database
    $info = pathinfo($_FILES['pdf_file']['name']);
    //filename of uploaded file
    $ext = '.' . $info['extension'];
    // get the extension of the file
    $course_id = $_POST['course'];
    $level_id = $_POST['level'];
    $subject_id = $_POST['subject'];
    $year = $_POST['year'];
    $sql = "SELECT course_code FROM courses WHERE id = {$course_id}";
    //sql command to fetch the course code for determining the name of the course directory
    $course_code = $conn->query($sql)->fetch_object()->course_code;
    //gets the course code of the course from course table in the database
    $target_course_dir = $course_code . '/';
    $paper_name = '';
    //file name of the pdf paper file
    // echo 'direcgtoy name:'. dirname(__FILE__);
    //mkdir($target_dir.$target_course_dir);
    if (!file_exists($target_dir . $target_course_dir)) {
        //the course folder doesnot exist...
        // echo ' <br>1. if (!file_exists(' . $target_dir . $target_course_dir . ') ) {';
        if (mkdir($target_dir . $target_course_dir)) {
            //new folder for courses created...
            // echo '<br>1.1 from helper: Directory for course created : '. $target_dir . $target_course_dir;
            $sql = "SELECT level_id FROM levels WHERE id = {$level_id}";
            //sql command to fetch the course code for determining the name of the course directory
            $level_code = $conn->query($sql)->fetch_object()->level_id;
            //gets the level code of the level from course table in the database
            $target_level_dir = $level_code . '/';
            if (!file_exists($target_dir . $target_course_dir . $level_code)) {
                //the level folder doesnot exist...
                // echo '<br>1.1.1 if(!file_exists(' . $target_dir . $target_course_dir . $level_code . ')){}';
                if (mkdir($target_dir . $target_course_dir . $target_level_dir)) {
                    //new folder created for the level with level_id = $level_code
                    // echo '<br>1.1.1.1   if(mkdir( '.$target_dir . $target_course_dir . $target_level_dir.' )){';
                    // echo '<br>Message from helper: Directory for level created : '. $target_dir . $target_course_dir . $target_level_dir;
                    $sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}";
                    //sql command to fetch the subject code for determining the filename of the new uploaded file
                    $subject_code = $conn->query($sql)->fetch_object()->sub_code;
                    //gets the course code of the course from course table in the database
                    $paper_name = $subject_code . '_' . $year;
                    //name of the pdf file
                    $final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext;
                    //final location of the file
                    $file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext;
                    //path of the file to be stored in the database
                    $sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path;
                    $file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false;
                    if (!$file_exists) {
                        //file is not recorded in the database, i.e. the paper doesnot exist in the database
                        if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) {
                            //file successfully saved to permanent location
                            //now save the file path in the database in location field in table: papers
                            // echo "<br>1.1.1.1  if(move_uploaded_file(" . $_FILES['pdf_file']['tmp_name'] . "," .  $target_dir . $target_course_dir . $target_level_dir . $paper_name . "{";
                            // echo '<br>Message from helper : File successfully added';
                            $paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year);
                            if ($conn->insert('papers', $paper_details)) {
                                // echo '<br>Message from DB: file saved in database';
                                $insert_id = $conn->getResult();
                                //stores the array returned from the database object $conn
                                $return_value = $insert_id[0];
                                //return value for paper_id
                                return $insert_id[0];
                                //returning the new id of the paper inserted
                            } else {
                                // echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)';
                                return false;
                            }
                        } else {
                            // echo ' <br>1.1.2  Error from helper.php: could not save file ';
                            return false;
                        }
                    } else {
                        // echo '<br>Warning from helper: File already present in the database';
                    }
                } else {
                    //could not create new directory for levels
                    // echo '<br> Error from helper.php:could not create new level folder';
                    return false;
                }
            } else {
                //the level folder exists
                //move the uploaded file to this folder
                // echo '<br>Message from helper: directory for levels already exists '.$level_code;
                $final_location = $target_dir . $target_course_dir . $target_level_dir;
                $sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}";
                //sql command to fetch the subject code for determining the filename of the new uploaded file
                $subject_code = $conn->query($sql)->fetch_object()->sub_code;
                //gets the course code of the course from course table in the database
                $paper_name = $subject_code . '_' . $year;
                // permanent name of the paper
                $final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext;
                //final location of the file to be stored in the disk
                $file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext;
                //path of the file to be stored in the database
                $sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path;
                $file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false;
                if (!$file_exists) {
                    if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) {
                        //file successfully saved to permanent location
                        //now save the file path in the location field in table: papers
                        // echo "<br>1.1.1.1  if(move_uploaded_file(" . $_FILES['pdf_file']['tmp_name'] . "," .  $target_dir . $target_course_dir . $target_level_dir . $paper_name . "{";
                        // echo '<br>Message from helper : File successfully saved in disk';
                        $paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year);
                        if ($conn->insert('papers', $paper_details)) {
                            // echo '<br>Message from DB: file saved in database';
                            $insert_id = $conn->getResult();
                            //stores the result from the object $conn which is in the form of array
                            $return_value = $insert_array[0];
                            //return value for paper_id
                            return $insert_id;
                            //returning the new id of the paper inserted
                        } else {
                            // echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)';
                            return false;
                        }
                    } else {
                        // echo ' <br>1.1.2  Error from helper.php: could not save file in disk';
                        return false;
                    }
                }
            }
        } else {
            //the new folder could not be created
            // echo '<br>Error from helper:could not create directory for course. '.$target_dir.$target_course_dir;
            return false;
        }
    } else {
        //the course directory already exists...
        //check if the level directory exists or not
        // echo '<br>Message from helper : directory for course exists : '.
        $sql = "SELECT level_id FROM levels WHERE id = {$level_id}";
        //sql command to fetch the course code for determining the name of the course directory
        $level_code = $conn->query($sql)->fetch_object()->level_id;
        //gets the level code of the level from level table in the database
        $target_level_dir = $level_code . '/';
        //directory name for level
        if (!file_exists($target_dir . $target_course_dir . $target_level_dir)) {
            //the level folder doesnot exist
            if (mkdir($final_location = $target_dir . $target_course_dir . $target_level_dir)) {
                //new folder created for the level with level_id = $level_code
                // echo '<br>Directory for level exists.';
                $sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}";
                //sql command to fetch the subject code for determining the filename of the new uploaded file which then concatenates with the year to give the full filename
                $subject_code = $conn->query($sql)->fetch_object()->sub_code;
                //gets the course code of the course from course table in the database
                $paper_name = $subject_code . '_' . $year;
                $final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext;
                $file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext;
                $sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path;
                $file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false;
                if (!$file_exists) {
                    if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) {
                        // echo '<br>Error from helper: file successfully saved in disk';
                        $paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year);
                        if ($conn->insert('papers', $paper_details)) {
                            // echo '<br>Message from DB: file saved in database';
                            $insert_id = $conn->getResult();
                            //stores the result from the database object $conn and is in the form of array
                            $return_value = $insert_id[0];
                            //return value for paper_id
                            return $return_value;
                            //returning the new id of the paper inserted
                        } else {
                            // echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)';
                            return false;
                        }
                    } else {
                        // echo '<br>Error from helper : file couldnot be added';
                        return false;
                    }
                } else {
                    // echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)';
                }
            } else {
                // echo '<br>Error from helper:folder could not be created';
                return false;
            }
        } else {
            //the level folder exists
            //move the uploaded file to this folder
            // echo '<br>Message from helper : directory for level exists : ';
            $final_location = $target_dir . $target_course_dir . $target_level_dir;
            $sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}";
            //sql command to fetch the subject code for determining the filename of the new uploaded file
            $subject_code = $conn->query($sql)->fetch_object()->sub_code;
            //gets the course code of the course from course table in the database
            $paper_name .= $subject_code . '_' . $year;
            $final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext;
            $file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext;
            $sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path;
            $file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false;
            if (!$file_exists) {
                if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) {
                    // echo '<br>Message from helper: file successfully added';
                    $paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year);
                    if ($conn->insert('papers', $paper_details)) {
                        // echo '<br>Message from DB: file saved in database';
                        $insert_array = $conn->getResult();
                        $return_value = $insert_array[0];
                        return $return_value;
                        //returning the new id of the paper inserted
                    } else {
                        // echo '<br>Message from DB: couldnot insert record into database';
                        return false;
                    }
                } else {
                    // echo '<br>Error from helper : file couldnot be added';
                    return false;
                }
            } else {
                // echo '<br>Message from helper: File already exists in the database';
            }
        }
    }
}
<?php

require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
    redirect("../login.php");
}
$database = new Database();
$user = new User();
$language = new Language();
$category = new Category();
if (isset($_POST['langName'])) {
    $langName = $database->escapeString($_POST['langName']);
    $language->setLangName($langName);
    if ($language->create($database)) {
        $columnName = strtolower($langName);
        $category->insertColumnForLanguage($database, $columnName);
        echo "true";
    } else {
        echo "false";
    }
} else {
    if (isset($_POST['languageIds'])) {
        foreach ($_POST['languageIds'] as $langId) {
            $language->setId($langId);
            $language->getById($database);
            if ($language->getLangName() != "") {
                $category->deleteColumnForLanguage($database, strtolower($language->getLangName()));
            }
            $language->delete($database);
        }
Example #30
0
            if (isset($_GET['id'])) {
                echo '<h1 class="page-header">Ubah Data Kelas <small>| <a href="?hal=kelas">Kembali</a></small></h1>';
                $id = $_GET['id'];
                $db->select('kelas', '*', NULL, "id='{$id}'", null);
                // Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions
                $jum = $db->numRows();
                if ($jum < 1) {
                    eksyen('Data tidak ditemukan', '?hal=kelas');
                }
                $d = $db->getResult();
            } else {
                echo '<h1 class="page-header">Tambah Data Kelas <small>| <a href="?hal=kelas">Kembali</a></small></h1>';
            }
            if (isset($_POST['nama'])) {
                echo "Processing...";
                $nama = $db->escapeString($_POST['nama']);
                $wali = $db->escapeString($_POST['wali']);
                if (isset($_POST['id'])) {
                    $id = mysql_real_escape_string($_POST['id']);
                    $db->update('kelas', array('nama' => $nama, 'wali_kelas' => $wali, 'ubah' => wkt()), 'id="' . $id . '"');
                    eksyen('Data berhasil diubah', '?hal=kelas');
                } else {
                    $db->insert('kelas', array('nama' => $nama, 'wali_kelas' => $wali, 'buat' => wkt()));
                    $res = $db->getResult();
                    eksyen('Data berhasil diinput', '?hal=kelas');
                }
            }
            ?>
			<form action="" method="POST" class="form-horizontal" role="form">
				<?php 
            if (isset($_GET['id'])) {