public function changePassword($pwd)
{
if (empty($pwd->current)) {
return 'Current password is required.';
}
if (empty($pwd->new)) {
return 'New password cannot be blank.';
}
if (empty($pwd->confirm) || $pwd->new != $pwd->confirm) {
return "Passwords don't match";
}
if (strlen($pwd->new) < 5) {
return 'Password is too short';
}
$db = new Database();
$db->select('Users', 'Email', null, "StudentId is null and Email ='" . $pwd->email . "' and Password=password('" . $pwd->current . "');");
$res = $db->getResult();
if (!array_key_exists('Email', $res)) {
return 'Wrong password';
}
if (!$db->sql("UPDATE Users SET Password=password('" . $pwd->new . "') WHERE StudentId is null and Email ='" . $pwd->email . "' and Password=password('" . $pwd->current . "');")) {
$res = $db->getResult();
return $res;
}
return true;
}
function buscar($b)
{
include 'crud/class/mysql_crud.php';
$db = new Database();
$db->connect();
$db->select('proveedor', 'idproveedor, razonsocial, numerodoc', NULL, ' UPPER(numerodoc) LIKE "%' . strtoupper($b) . '%"', NULL, '1');
// Table name, Column Names, WHERE conditions, ORDER BY conditions
$res = $db->getResult();
$contar = $db->numRows();
if ($contar == 0) {
echo "No se han encontrado resultados para '<b>" . $b . "</b>'.";
} else {
foreach ($res as $key => $value) {
//$name = $value['numerodoc'].'|'.$value['razonsocial'].'|'.$value['idproveedor'];
//array_push($data, $name);
$id = $value['idproveedor'];
$razonsocial = $value['razonsocial'];
$numerodoc = $value['numerodoc'];
$data = array('idproveedor' => $id, 'razonsocial' => $razonsocial, 'numerodoc' => $numerodoc);
//echo $data['razonsocial'];
}
echo json_encode($data);
exit;
}
}
public function remove($id)
{
$db = new Database();
$db->delete('Questions', 'id=' . $id);
$res = $db->getResult();
return array('success' => $res[0] === 1);
}
public function searchVideos($pSrchString)
{
if (strlen($pSrchString) > 0)
{
$lSrchString = trim($pSrchString);
$lSplitter = preg_split('/\s+/', $lSrchString);
if (count($lSplitter) > 0)
{
$lStatement = "SELECT ID, VideoTitle, Duration FROM VideoDB WHERE 1=1 ";
foreach ($lSplitter as $lKey => $lValue)
$lStatement .= " AND VideoTitle like '%$lValue%'";
$lStatement .= " LIMIT 0," . Config::$YoutubeMaxLocalResults;
$lDB = new Database();
$lDB->connect();
$lDB->select($lStatement);
$lResult = $lDB->getResult();
$lDB->disconnect();
}
}
return($lResult);
}
public static function fin_notificaciones()
{
///$configdb = new Mysql('localhost','root','','corsione');
$configdb = new Database();
$configdb->connect();
$configdb->update('notificaciones', array('estado' => "1"), 'estado="0"');
$res = $configdb->getResult();
}
/**
* Commit current tracking data.
* @param $groupId
*/
public function commit($groupId)
{
$sql = "UPDATE dbtrack_actions SET groupid = :groupid WHERE groupid = 0";
$this->dbms->executeQuery($sql, array('groupid' => $groupId));
// Count new actions.
$count = $this->dbms->getResult('SELECT COALESCE(COUNT(id), 0) AS actions FROM dbtrack_actions WHERE groupid = :groupid', array('groupid' => $groupId));
return $count->actions;
}
public function getId($id)
{
$db = new Database();
$db->connect();
$sql = "select id, fullname from feedback_db where id={$id}";
$db->selectJoin($sql);
return $db->getResult();
}
public function testGetResultWrongParam()
{
$db = new Database();
$get_logs_stmt = $db->prepare('SELECT id FROM Users');
$get_logs_stmt->execute();
$results = $db->getResult($db);
$this->assertTrue(empty($results));
}
function select()
{
$db = new Database();
$db->connect();
$db->select('CRUDClass', 'id,name', NULL, 'name="Name 1"', 'id DESC');
// Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions
$res = $db->getResult();
print_r($res);
}
public function getAll()
{
$db = new Database();
$db->select('History');
$res = $db->getResult();
if (array_key_exists('id', $res)) {
$res = array($res);
}
return array('total' => count($res), 'data' => $res);
}
public static function get_asignado($usuario)
{
//DB Conection
$db = new Database();
$db->connect();
$sql = "SELECT CONCAT_WS(' ', IF(nombre != '', nombre, ''), IF(apellido != '', apellido, '')) AS nombre_completo, email, HEX(uuid_usuario) as uuid_usuario FROM usuarios WHERE uuid_usuario IN('" . $usuario . "')\n\t\t\t\tAND status = 'Activo'";
$db->sql($sql);
$results = $db->getResult();
return array('nombre_completo' => $results[0]['nombre_completo'], 'uuid_usuario' => $results[0]['uuid_usuario']);
}
public function getByEmail($email)
{
$db = new Database();
$db->sql("select s.id,u.Email,u.FirstName,u.LastName,s.Project,s.Location, case when(select GradesPosted from Settings) = 1 then s.Grade else null end as Grade\nfrom Users as u inner join Students as s on u.StudentId = s.id\nwhere u.Email = '" . $email . "'");
$res = $db->getResult();
if (count($res) == 0) {
return null;
}
return $res;
}
public function getContact($email)
{
$db = new Database();
$db->sql('select FirstName, LastName, Email from Users where Email = \'' . $email . '\'');
$res = $db->getResult();
$total = 0;
if (array_key_exists('LastName', $res)) {
$res = array($res);
$total = count($res);
} else {
$res = $email;
}
return array('total' => $total, 'data' => $res);
}
public function setAccept($judgeId, $studentId, $acceptance)
{
$db = new Database();
$success = $db->update('JudgeStudentGrade', array('Accepted' => $acceptance ? 1 : 0), 'JudgeId = ' . $judgeId . ' and StudentId = ' . $studentId);
$msg = $db->getResult();
if (!$success) {
return array('success' => false, 'msg' => $msg);
}
$db->select('JudgeStudentGrade', 'Grade, Accepted', null, 'StudentId = ' . $studentId);
$res = $db->getResult();
if (array_key_exists('Grade', $res)) {
$res = array($res);
}
$grade = 0;
$reviewed = 0;
$accepted = 0;
$total = 0;
foreach ($res as $judge) {
$total++;
if (is_null($judge['Accepted'])) {
continue;
}
if (intval($judge['Accepted']) === 1) {
$accepted++;
$grade += intval($judge['Grade']);
}
$reviewed++;
}
if ($total == $reviewed && $accepted > 0) {
$grade /= $accepted;
$db->update('Students', array('Grade' => $grade), 'id = ' . $studentId);
return array('success' => true, 'grade' => $grade);
} else {
$db->sql('UPDATE Students SET Grade = NULL WHERE id = ' . $studentId . ';');
return array('success' => true, 'grade' => null);
}
}
public function get_question_details($qid)
{
$result = array();
$db = new Database();
if ($db->connect()) {
if ($db->select('questions', 'q_id,c_id,q_name,q_tag,q_hint,q_points', NULL, 'q_id=' . $qid)) {
$dbResult = $db->getResult();
foreach ($dbResult as $out) {
$q = new question();
$q->set_question_information($out['q_id'], $out['c_id'], $out['q_name'], $out['q_tag'], $out['q_hint'], $out['q_points']);
array_push($result, $q);
}
}
$db->disconnect();
}
return $result;
}
function verificar_login($n, $p)
{
include 'crud/class/mysql_crud.php';
$db = new Database();
$db->connect();
$db->select('usuario', 'nick, pass', NULL, 'nick="' . $n . '" and pass="******"');
// Table name, Column Names, WHERE conditions, ORDER BY conditions
$res = $db->getResult();
print_r($res);
$res = $db->numRows();
echo $res;
if ($res == 1) {
return 1;
} else {
return 0;
}
}
public function get_all_categories()
{
$db = new Database();
if (!$db->connect()) {
return array();
}
if (!$db->select('categories', 'c_id,c_name')) {
return array();
}
$result = $db->getResult();
$categories = array();
foreach ($result as $output) {
$c = new category();
$c->set_category($output['c_id'], $output['c_name']);
array_push($categories, $c);
}
$db->disconnect();
return $categories;
}
public function editItem($id)
{
//change to items controller
$partController = new PartController();
$partController->editItemForm($id);
$search = isset($_GET['search']) ? $_GET['search'] : "";
//change to tag controller
$db = new Database();
$db->connect();
$db->select("tags", "id,name", null, "name LIKE '%" . $search . "%'");
$results = $db->getResult();
$tagList = [];
foreach ($results as $key => $result) {
$tagList[$key]['value'] = $result['name'];
$tagList[$key]['id'] = $result['id'] . $key;
}
echo "<script>var test = " . json_encode($tagList) . ";</script>";
$db->disconnect();
}
private static function getUsuarios($user_info)
{
//DB Conection
$db = new Database();
$db->connect();
$sql = "SELECT usr.id_usuario, HEX(uuid_usuario) as uuid_usuario, HEX(ucat.uuid_categoria) as uuid_categoria, reporta_rol, reporta_usuario, id_rol, ucat.key\n\t\t\t\tFROM usuarios AS usr\n\t\t\t\tLEFT JOIN usuario_rol as urol ON urol.id_usuario = usr.id_usuario\n\t\t\t\tLEFT JOIN usuarios_categoria as ucat ON ucat.uuid_categoria = usr.uuid_categoria\n\t\t\t\tWHERE reporta_rol = " . $user_info[0]["id_rol"];
if (!empty($user_info[0]["key"]) && $user_info[0]["key"] != 'admin') {
$sql .= " AND HEX(ucat.uuid_categoria) = " . $user_info[0]["uuid_categoria"];
}
$sql .= " AND reporta_usuario = 0 OR reporta_usuario = " . $user_info[0]["id_usuario"];
$db->sql($sql);
$result = $db->getResult();
if (!empty($result) && count($result) > 0) {
foreach ($result as $usuario) {
array_push(self::$array_helper, $usuario["uuid_usuario"]);
if (!in_array($usuario["uuid_usuario"], self::$array_helper, true)) {
self::getUsuarios(self::$array_helper, $usuario);
}
}
} else {
array_push(self::$array_helper, $user_info[0]["uuid_usuario"]);
}
return self::$array_helper;
}
<?php
include 'db.php';
include 'fungsi.php';
$nis = $_GET['nis'];
$db = new Database();
$db->connect();
$db->select('siswa', '*', null, "nis='{$nis}'");
// Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions
$res = $db->getResult();
foreach ($res as $d) {
echo konvert('kelas', $d['kelas'], 'wali_kelas');
}
</div>
</div>
<?php
$partController->editItemForm($id);
?>
<?php
$db = new Database();
$db->connect();
$where = "id=" . $id;
$db->select("item", "*", null, $where);
$result = $db->getResult(true);
$item = $partController->resultToItem($result);
?>
<div class='clear'></div>
<div class='items-wrapper'>
<h2><?php
echo $item->getName();
?>
Parts</h2>
<a href='create_part.php?parent_id=<?php
echo $id;
?>
&level=<?php
echo $level;
?>
'><div class='add button'>Create Part</div></a>
<?php
require_once 'app/start.php';
if (empty($_GET['page'])) {
$page = false;
} else {
//Bisogna prevedere la ricurezza per SQL injection
$slug = $_GET['page'];
$querySql = "SELECT *\n\t\t\t\tFROM pages\n\t\t\t\tWHERE slug = '" . $slug . "' LIMIT 1";
$pages = Database::getResult($querySql);
//Mageggio per dare il primo record
$page = $pages[0];
if ($page) {
//inserire controlli per la creazione delle date
}
}
require VIEW_ROOT . '/page/show.php';
<?php
require_once 'db_helper.php';
require_once 'common.php';
if (!isset($_GET['latitude']) or !isset($_GET['longitude']) or !isset($_GET['stop'])) {
die("Expected get data of 'latitude' and 'longitude'.");
}
$database = new Database();
$lat = mysql_real_escape_string($_GET['latitude']);
$long = mysql_real_escape_string($_GET['longitude']);
$stop = mysql_real_escape_string($_GET['stop']);
$stop = $database->getResult("SELECT (3959 * 1000 * 1.609344 * ACOS(COS(RADIANS({$lat})) * COS( RADIANS(latitude)) * COS(RADIANS(longitude) - RADIANS({$long})) + SIN(RADIANS({$lat})) * SIN(RADIANS(latitude)))) AS distance \n\t\tFROM routing_stop\n\t\tWHERE id = {$stop}\n\t\tORDER BY distance ASC;");
echo json_encode($stop);
<?php
include "../wp-load.php";
$id = $_POST['id'];
$parentId = $_POST['parentId'];
$name = $_POST['name'];
$description = $_POST['description'];
if (!$id) {
$category = new Category($name, $description, $parentId);
$id = $category->create();
} else {
$db = new Database();
$db->connect();
$db->select("categories", "*", null, "id = " . $parentId);
$parentCategory = $db->getResult(true);
if ($parentCategory['parent_id'] != $id) {
$category = new Category($name, $description, $parentId, $id);
$category->update();
} else {
$db->select("categories", "*", null, "id = " . $id);
$thisCategory = $db->getResult(true);
$category = new Category($name, $description, $thisCategory['parent_id'], $id);
$category->update();
}
}
header("Location: /admin/categories/" . $id);
exit;
<?php
require_once 'config.php';
require_once 'database.php';
$db = new Database(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME);
$db->insert('name', array('my_first_name', 'arp19690', 'my_last_name'), array('first', 'middle', 'last'));
$db->insert('name', array('f', 'arp19690', 'l'), array('first', 'middle', 'last'));
echo $db->error();
echo $db->error();
$db->update('name', array('middle' => 'my_middle_name'), array('first', 'my_first_name'));
echo $db->error();
$db->select('name', true, '*', 'middle = "my_middle_name"');
echo $db->error();
echo "result " . $db->getResult();
<?php
session_start();
include '../includes/database.php';
$error = '';
if (!empty($_POST)) {
if (isset($_POST['login'])) {
if (!empty($_POST['username']) and !empty($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$db = new Database();
$db->connect();
$user_exists = $db->select('admin_panel', '*', null, 'username='******'" . $username . "' AND password="******"'" . $password . "'");
$user_array = $db->getResult();
if (!empty($user_array)) {
$_SESSION['user'] = $username;
header('location:welcome.php');
} else {
$error .= '<br>Username doesnot exist';
header('location:login.php?e=3');
}
} else {
$error .= '<br>Login form incomplete';
header('location:login.php?e=2');
}
} else {
$error .= '<br>Login form not submitted';
header('location:login.php?e=1');
}
}
public function updatepassword($old, $new, $confirm)
{
if ($new != $confirm) {
return -1;
}
$userid = $this->session_id();
$db = new Database();
$db->connect();
$query = "select password from user where id='" . $userid . "' limit 1";
$db->query($query);
$tmp = $db->getResult();
if ($tmp['password'] != md5($old)) {
return -1;
}
$db2 = new Database();
$db2->connect();
$new = md5($new);
$query2 = "update user set password='******' where id='" . $userid . "' limit 1";
$db2->query($query2);
return 1;
}
**********/
set_time_limit(240);
$database = new Database();
$route_page = file_get_contents("http://itsmarta.com/bus-routes-by-route.aspx");
$html = str_get_html($route_page, true);
$routes = $html->find(".PageHeaderBlack");
$routes = $routes[0];
$routes = $routes->parent()->parent();
$routes = $routes->find("li");
foreach ($routes as $route) {
$link = $route->first_child();
if (!$link->title) {
continue;
}
$route_vals = "('" . mysql_real_escape_string(trim($link->title)) . "','" . mysql_real_escape_string(trim($link->text())) . "','Bus')";
$res = $database->getResult("SELECT *\n\t\t\tFROM routing_route\n\t\t\tWHERE marta_id = '" . mysql_real_escape_string(trim($link->title)) . "'\n\t\t\tAND name = '" . mysql_real_escape_string(trim($link->text())) . "'\n\t\t\tAND type = 'Bus';");
if ($res != null) {
continue;
}
$route_id = $database->getResultInserted("INSERT INTO routing_route\n\t\t\t(marta_id, name, type)\n\t\t\tVALUES {$route_vals};");
loadBusTimes(trim($link->title), $route_id, $database);
}
/************
Load Train Routes
************/
$trainRoutes = array("Red" => "NS-w.aspx", "Blue" => "EW-w.aspx", "Gold" => "NE-w.aspx", "Green" => "PC-w.aspx");
foreach ($trainRoutes as $key => $value) {
$link = $value;
$marta_id = mysql_real_escape_string(strtoupper($key));
public function register($data)
{
$db = new Database();
$db->update('JudgeInvitations', array('Replied' => date('Y-m-d H:i:s'), 'Response' => 1), "id ='" . $data->id . "'");
$res = $db->getResult();
if ($res[0] !== 1) {
return "Invalid invitation link.";
}
$db->insert('Judges', array('Title' => $data->Title, 'Affiliation' => $data->Affiliation));
$res = $db->getResult();
$id = $res[0];
foreach ($data->Conflicts as $studentId) {
$db->insert('JudgeStudentConflicts', array('JudgeId' => $id, 'StudentId' => $studentId));
}
$db->select('Settings', 'StudentsPerJudge,Subject,Date,Time,Location');
$res = $db->getResult();
$maxStudents = $res['StudentsPerJudge'];
$db->sql('insert into JudgeStudentGrade (JudgeId, StudentId)
select ' . $id . ' as JudgeId, s.id as StudentId
from Students as s
left outer join JudgeStudentGrade as g on g.StudentId = s.id
where s.id not in (select StudentId from JudgeStudentConflicts where JudgeId = ' . $id . ')
group by s.id
order by count(g.JudgeId), rand()
limit ' . $maxStudents);
$db->select('Users', 'Email,FirstName,LastName,StudentId,JudgeId,Roles,DefaultRole', null, "Email ='" . $data->Email . "'");
$studentUser = $db->getResult();
if (count($studentUser) > 0) {
$newRoles = "";
$defaultRole = "judge";
if ($studentUser['Roles'] == "admin;student") {
$newRoles = "admin;judge;student";
} else {
if ($studentUser['Roles'] == "student") {
$newRoles = "judge;student";
} else {
if ($studentUser['Roles'] == "") {
$newRoles = "judge";
}
}
}
$success = $db->update('Users', array('Roles' => $newRoles), "Email ='" . $data->Email . "';");
if (!$success) {
return "Roles update failed";
}
$success = $db->update('Users', array('DefaultRole' => $defaultRole), "Email ='" . $data->Email . "';");
if (!$success) {
return "Default update failed";
}
$success = $db->sql("UPDATE Users SET Password=password('" . $data->Password . "') WHERE Email ='" . $data->Email . "';");
// and Password=NULL;");
if (!$success) {
return "Password update failed";
}
$success = $db->update('Users', array('JudgeId' => ".{$id}."), "Email ='" . $data->Email . "';");
if (!$success) {
return "ID update failed";
}
} else {
$db->sql("insert into Users (Email, FirstName, LastName, Password, JudgeId, Roles, DefaultRole) VALUES ('" . $data->Email . "', '" . $data->FirstName . "', '" . $data->LastName . "', password('" . $data->Password . "'), " . $id . ", 'judge', 'judge');");
}
$date = date_format(DateTime::createFromFormat('Y-m-d', $res['Date']), "l, F j");
$sent = mail($data->Email, 'Confirmation: ' . $res['Subject'], '<html>
<body>
<div style="width: 600px; border: 2px solid #E9EBF6; margin: auto; font-size: 16px; color: #555555;">
<h1 style="margin: 0; padding: 8px; background-color: #E9EBF6; text-align: center;">
Dear ' . $data->FirstName . ' ' . $data->LastName . ',
</h1>
<div style="overflow: hidden; padding: 8px; padding-top: 0; background-color: #F5F6FB;">
<p>We are pleased to confirm your participation in the FIU Computer Science Senior Project Event!</p>
<p>The day of the event will be ' . $date . ' ' . $res['Time'] . ' at ' . $res['Location'] . '.<br /> You will be able to login on this <a href="' . Invites::getRSVPUrl() . '">Web Application</a> with the following credentials:</p>
<p>Username: '******' <br />Password: '******' <p>
<p>Keep this information safe for the day of the event.</p>
<br />
<p>Sincerely,</p>
<p>Masoud Sadjadi</p>
</div>
</div>
</body>
</html>', "From: Masoud Sadjadi <*****@*****.**>\r\nMIME-Version: 1.0\r\nContent-type: text/html; charset=iso-8859-1\r\n");
return $sent;
}
<?php
require_once 'db_helper.php';
require_once 'common.php';
if (!isset($_GET['stop'])) {
die("Expected get data of 'stop'.");
}
$database = new Database();
$stop = mysql_real_escape_string($_GET['stop']);
$stop_data = $database->getResult("SELECT latitude, longitude\n\t\tFROM routing_stop\n\t\tWHERE id = {$stop};");
echo json_encode($stop_data);
