public static function queryToArray($sql)
{
global $my_user, $my_pass, $my_host, $my_db, $config_enable_cache;
$link = Database::getLink();
$db_selected = mysqli_select_db($link, $my_db);
if (!$db_selected) {
die('Can\'t use ' . $my_db . ' : ' . mysqli_error($link));
}
// Perform Query
$result = mysqli_query($link, $sql);
$id = mysqli_insert_id($link);
if ($id > 0) {
// we did an insert, just return the id
return $id;
}
//echo ("\ndatabase qtoa before proc id is $id");
if (!$result) {
$message = 'Invalid query: ' . mysqli_error($link) . "\n";
$message .= 'Whole query: ' . $sql;
die($message);
}
if ($result === true) {
// probably an insert..
return false;
}
$rows = array();
while ($row = mysqli_fetch_assoc($result)) {
$rows[] = $row;
}
return $rows;
}
if (isset($_POST['submit'])) {
$title = $_POST['title'];
$contents = htmlspecialchars($_POST['blogPost']);
//htmlspecialchars converts contents from the editor to html code
if (trim($title) == "") {
$titleErr = "<font color ='red'>Title can not be blank</font>";
$sccess = false;
}
if (trim($contents) == "") {
$contentErr = "<font color ='red'>Content area can not be blank</font>";
$sccess = false;
}
if ($sccess) {
$query = 'INSERT INTO blogpost set Title = "' . $title . '", Content = "' . $contents . '", Author = "' . $_SESSION['username'] . '"';
$result = $database->sql_query($query);
$id = mysqli_insert_id($database->getLink());
header('Location: readblog.php?id=' . $id . '');
exit;
}
}
if (isset($_POST['exit'])) {
$draft = true;
if (trim($title) == "" && trim($contents) == "") {
header('Location: blogview.php');
exit;
} else {
$query = 'INSERT INTO blogpost set Title = "' . $title . '", Content = "' . $contents . '", isDraft = "' . $draft . '", Author = "' . $_SESSION['username'] . '"';
$result = $database->sql_query($query);
$query = 'INSERT INTO blogdraft set BlogPostID ="' . $id . '"';
$result = $database->sql_query($query);
header('Location: myblogs.php');
function loginUserIntoSession()
{
$db = new Database();
$uid = (int) $_REQUEST['user_id'];
$sid = $_REQUEST['session_id'];
$csrf_token = md5(uniqid(rand(), TRUE));
$sql = "SELECT * FROM " . WS_SESSIONS . " WHERE session_id = '" . mysql_real_escape_string($sid, $db->getLink()) . "'";
$res = $db->query($sql);
$session_data = "running|s:4:\"true\";";
$session_data .= "userid|s:" . strlen($uid) . ":\"" . $uid . "\";";
$session_data .= "username|s:" . strlen($_REQUEST['username']) . ":\"" . $_REQUEST['username'] . "\";";
$session_data .= "nickname|s:" . strlen($_REQUEST['nickname']) . ":\"" . $_REQUEST['nickname'] . "\";";
$session_data .= "admin|s:" . strlen($_REQUEST['admin']) . ":\"" . $_REQUEST['admin'] . "\";";
$session_data .= "csrf_token|s:" . strlen($csrf_token) . ":\"" . $csrf_token . "\";";
if (mysql_num_rows($res) > 0) {
$sql = "UPDATE " . WS_SESSIONS . " SET " . "session_data = '" . mysql_real_escape_string($session_data, $db->getLink()) . "' " . "WHERE session_id = '" . mysql_real_escape_string($sid, $db->getLink()) . "';";
$db->query($sql);
} else {
$expires = time() + SESSION_EXPIRE;
$db->insert(WS_SESSIONS, array("session_id" => $sid, "session_expires" => $expires, "session_data" => $session_data), array("%s", "%d", "%s"));
}
}
