function del_imgs($kw)
{
if (strlen(trim($kw)) <= 0) {
return "";
}
$db = new MySQLi(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($db->connect_error) {
return "";
}
echo "<table class='table'><tr><th class='text-center'>序号</th><th class='text-center'>删除文件</th>";
echo "<th class='text-center'><button class='btn btn-danger btn-xs' onclick='self_close();' >关闭</button></th></tr>";
$ps = explode(",", $kw);
$count = 0;
$res = null;
foreach ($ps as $p) {
if (strpos($p, "img/") !== 0) {
continue;
}
if (!file_exists($p)) {
continue;
}
$count++;
$sql = "delete from " . TB_PIC . " where url='" . $p . "'";
echo "<tr><td class='text-center'>{$count}</td><td>{$p}</td>";
$res = $db->prepare($sql);
$res->execute();
unlink($p);
if ($res) {
echo "<td class='text-center'>Success</td></tr>";
} else {
echo "<td class='text-center'>Fail</td></tr>";
}
}
echo "</table>";
}
/**
* To prevent random errors being thrown to the users, I override this
* method and catch the error as-it-happens, to send it to the debug
* channel afterwards. The behaviour of the method is not changed.
*
* @param string $sStatement The statement to prepare.
* @return MySQLi_STMT
*/
public function prepare($sStatement)
{
$pStatement = parent::prepare($sStatement);
if (!is_object($pStatement)) {
ModuleManager::getInstance()->offsetGet('LVPEchoHandler')->error(null, LVP::DEBUG_CHANNEL, 'Preparing statement failed: ' . $this->error);
return false;
}
return $pStatement;
}
/**
* Adds a user to the authorized_users table. Returns the username.
* @param String $username
* @param String $password
* @return AdminUser the new user.
*/
public function add_user($username, $password)
{
//We do not want to store the password as plain text. Instead, we
//are going to get a hash of the password using password_hash.
//This way, in the event of a database comprimise, your user's
//passwords will not be given away to attackers. This is especially
//important becuase many people use the same password on all sites.
$phash = password_hash($password, PASSWORD_DEFAULT);
$query = 'INSERT INTO authorized_users (username, phash) VALUES (?,?)';
$stmt = $this->mysqli->prepare($query);
$stmt->bind_param('ss', $username, $phash);
$stmt->execute();
if ($stmt->error) {
return self::$DATABASE_ERROR;
} else {
return new AdminUser($username, $phash);
}
}
/**
* Data sourcing - this is a little bit of commentary on the SQL as I found it
* interesting.
*
* We want to get each goal, and it's latest update (but not if no update exists).
*
* The method of doing this is fairly complex (I need to learn about it) - the
* "per-group-maximum" question. Source:
* http://stackoverflow.com/questions/3448573/is-it-possible-to/3448816#3448816
* http://kristiannielsen.livejournal.com/6745.html
*
* This could be done using an ORM, by loading all of the goals and then
* getting the latest status for each one - however this means executing 1 +
* (the number of results) queries. - this single slow(er) query is better than
* sending lots of queries, although an ORM is easier to understand and could be
* cached to remove the bottleneck.
*/
function getGoals(MySQLi $db)
{
$sql = <<<SQL
SELECT
Goal.id as id,
Goal.name as name,
g1.value AS value,
Goal.value_mask AS mask,
Goal.created AS created,
g1.created AS updated
FROM GoalStatus g1 -- The first GoalStatus.
LEFT JOIN Goal ON Goal.id = g1.goal -- Goal information.
WHERE EXISTS -- Check the goal exists if statuses
(SELECT id -- exist from a deleted goal.
FROM Goal
WHERE id = g1.goal)
AND g1.created = -- Find the highest GS.created, by
(SELECT MAX(created) -- comparing the current GS.created to
FROM GoalStatus g2 -- the highest in the table.
WHERE g1.goal = g2.goal);
SQL;
$goalStmt = $db->prepare($sql);
$goalStmt->execute();
$goalStmt->bind_result($id, $name, $value, $mask, $created, $updated);
$goals = array();
$i = 0;
// Fill an array
while ($goalStmt->fetch()) {
$value = (int) $value;
$goals[] = array("id" => $id, "name" => $name, "value" => $value, "mask" => $mask, "value_label" => "", "created" => $created, "updated" => $updated, "width" => $value > 100 ? 100 : $value);
// For done/not done tasks
if (trim($mask) == "?" && ($value == 1 || $value == 0)) {
$goals[$i]["value_label"] = $value == 1 ? "Completed" : "Not completed";
$goals[$i]["width"] = $value == 1 ? 100 : 0;
} else {
$goals[$i]["value_label"] = str_replace("?", $value, $mask);
}
$i++;
}
$goalStmt->close();
return $goals;
}
function getPlayers()
{
$mysqli = new MySQLi("localhost", "wotmanager", "DT5HtrpaUlJ3iVGm", "testing", 3306);
$stmt = $mysqli->prepare("SELECT ID,nick,battles,tier,wn8,wr,rwn8,rwr,clan,time FROM result order by time desc");
$stmt->bind_result($id, $nick, $battles, $tier, $wn8, $wr, $rwn8, $rwr, $clan, $updated);
$stmt->execute();
while ($stmt->fetch()) {
echo '<tr>
<td><b><a href="http://stats.wotmanager.com/na/player/' . $nick . '" target="_blank">' . $nick . '</a></b></td>
<td><b><font color="' . getColor($battles, "bat") . '">' . $battles . '</font></b></td>
<td><b><font color="' . getColor($tier, "tier") . '">' . $tier . '</font></b></td>
<td><b><font color="' . getColor($wn8, "wn8") . '">' . $wn8 . '</font></b></td>
<td><b><font color="' . getColor($wr, "wr") . '">' . $wr . '</font></b></td>
<td><b><font color="' . getColor($rwn8, "wn8") . '">' . $rwn8 . '</font></b></td>
<td><b><font color="' . getColor($rwr, "wr") . '">' . $rwr . '</font></b></td>
<td>' . $clan . '</td>
<td>' . $updated . '</td>
<td><a href="http://forum.worldoftanks.com/index.php?app=members&module=messaging§ion=send&do=form&preview=1&_from=quickPM&fromMemberID=' . $id . '"target="_blank"><i class="fa fa-envelope fa-lg"></i></a></td>
</tr>';
}
}
function get_imgs($kw)
{
if (strlen(trim($kw)) <= 0) {
return "";
}
$db = new MySQLi(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($db->connect_error) {
return "";
}
$sql = "select url from " . TB_PIC . generate_sub_sql($kw) . "ORDER BY name";
$res = $db->prepare($sql);
$res->execute();
$url = null;
$res->bind_result($url);
$img = "[ ";
while ($res->fetch()) {
if (file_exists($url . 'rs')) {
$img .= '"' . $url . 'rs",';
}
}
$img = substr($img, 0, strlen($img) - 1) . " ]";
return $img;
}
public function prepare($query)
{
return parent::prepare($this->instagram_stmt($query));
}
if (!preg_match('/^(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\\.){3}(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$/', $request['server']) && !preg_match('/^[a-z0-9\\-\\._]+\\.[a-z]{2,4}$/i', $request['server'])) {
$errors['server'] = 'unmatch';
}
// validate port number to be a number
if (!preg_match('/^\\d{2,5}$/', $request['port'])) {
$errors['port'] = 'unmatch';
}
// validate key to be 10 chars length and contain numbers and capital letters
if (!preg_match('/^[A-Z0-9]{10}$/', $request['key'])) {
$errors['key'] = 'unmatch';
}
// if validation passed
if (!count($errors)) {
// check did we issued code entered through the form
$q = 'SELECT 1 FROM `keys` WHERE `key`=' . (PDOAvailable ? ':key' : '?');
$query = $db->prepare($q);
if (PDOAvailable) {
$query->bindValue(':key', $request['key'], PDO::PARAM_STR);
} else {
$query->bind_param('s', $request['key']);
}
$query->execute();
$keyExists = PDOAvailable ? $query->rowCount() : $query->num_rows;
// if code does not exists - get off
if (!$keyExists) {
$errors['key'] = 'invalid';
} else {
// keys can be used only one
$q = 'DELETE FROM `keys` WHERE `key`=' . (PDOAvailable ? ':key' : '?');
$query = $db->prepare($q);
if (PDOAvailable) {
/**
* Perform a query
* @param string $queryText The prepared SQL statement that will be executed
* @param bool|string $typeDef (Optional) The types of values that will be passed through the prepared statement. One letter per parameter
* @param bool|array $params (Optional) The array of values that will be binded to the prepared statement
* @return mixed Returns an array of the values received from the query or returns false on empty
*/
private function doQuery($queryText, $typeDef = false, $params = false)
{
$multiQuery = true;
if ($stmt = $this->dbc->prepare($queryText)) {
if (count($params) == count($params, 1)) {
$params = array($params);
$multiQuery = false;
}
if ($typeDef) {
$bindParams = array();
$bindParamsReferences = array();
$bindParams = array_pad($bindParams, (count($params, 1) - count($params)) / count($params), "");
foreach ($bindParams as $key => $value) {
$bindParamsReferences[$key] =& $bindParams[$key];
}
array_unshift($bindParamsReferences, $typeDef);
$bindParamsMethod = new ReflectionMethod('mysqli_stmt', 'bind_param');
$bindParamsMethod->invokeArgs($stmt, $bindParamsReferences);
}
$result = array();
foreach ($params as $queryKey => $query) {
if ($typeDef) {
foreach ($bindParams as $paramKey => $value) {
$bindParams[$paramKey] = $query[$paramKey];
}
}
$queryResult = array();
if ($stmt->execute()) {
$resultMetaData = $stmt->result_metadata();
$this->last_id = $stmt->insert_id;
if ($resultMetaData) {
$stmtRow = array();
$rowReferences = array();
while ($field = $resultMetaData->fetch_field()) {
$rowReferences[] =& $stmtRow[$field->name];
}
mysqli_free_result($resultMetaData);
$bindResultMethod = new ReflectionMethod('mysqli_stmt', 'bind_result');
$bindResultMethod->invokeArgs($stmt, $rowReferences);
while (mysqli_stmt_fetch($stmt)) {
$row = array();
foreach ($stmtRow as $key => $value) {
$row[$key] = $value;
}
$queryResult[] = $row;
}
mysqli_stmt_free_result($stmt);
} else {
$queryResult[] = mysqli_stmt_affected_rows($stmt);
}
} else {
$this->error($this->dbc->error, $this->dbc->errno);
$queryResult[] = false;
}
$result[$queryKey] = $queryResult;
}
mysqli_stmt_close($stmt);
} else {
$result = false;
}
if ($this->dbc->error) {
$this->error($this->dbc->error, $this->dbc->errno);
}
if ($multiQuery) {
return $result;
} else {
return $result[0];
}
}
<?php
$type = $_POST['seller'];
$user = $_POST['username'];
$pass = $_POST['password1'];
$mysqli = new MySQLi("localhost", "root", "", "flat_finder");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL:(" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
if (!($stmt = $mysqli->prepare("SELECT Password FROM info WHERE Username=? AND BuyerSeller=?"))) {
echo "Prepare failed : (" . $mysqli->errno . ")" . $mysqli->error;
}
if (!$stmt->bind_param('ss', $user, $type)) {
echo "Binding failed : (" . $stmt->errno . ")" . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execution failed : (" . $stmt->errno . ")" . $stmt->error;
}
if (!$stmt->bind_result($pswd)) {
echo "Binding result failed : (" . $stmt->errno . ")" . $stmt->error;
}
$count = 0;
while ($stmt->fetch()) {
$hash = $pswd;
if (password_verify($pass, $hash)) {
$count = 1;
/*if(!strcmp($ty,"eller"))
{
$check=0;
}
else
/**
* Prepares a MySQLi statement and wraps it within an
* RPG_Database_Statement object.
*
* @param string $sql
*/
public function prepare($sql)
{
return new RPG_Database_Statement($this->_mysqli->prepare($sql));
}
function show_search_result($kw, $total, $pn, $size = 25)
{
global $imgs;
echo "<table class='table table-striped'>";
echo "<tr><th class='text-center'>序号</th><th class='text-center'>IP</th><th class='text-center'>时间</th>";
echo "<th class='text-center'><button id='j_del' class='btn btn-danger btn-xs' onclick='del_pics();' >删除</button> ";
echo "<button class='btn btn-success btn-xs' onclick='select_all();' >全选</button></tr>";
if ($total === 0) {
echo "</table>";
return;
}
$db = new MySQLi(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($db->connect_error) {
echo "</table>";
return;
}
$sql = "select ip,name,url from " . TB_PIC . generate_sub_sql($kw) . "ORDER BY name LIMIT {$pn},{$size}";
# echo $sql;
$res = $db->prepare($sql);
$res->execute();
$ip = $name = $url = null;
$res->bind_result($ip, $name, $url);
$count = 0;
while ($res->fetch()) {
$count++;
echo "<tr>";
echo "<td class='text-center'>{$count}</td>";
echo "<td class='text-center'>{$ip}</td>";
echo "<td class='text-center'><a id='j_img_{$count}' href='view.php?kw={$name}' target='_blank' title=''>";
echo "{$name}</a></td>";
echo "<td class='text-center' ><input type='checkbox' value='{$url}' name='j_checkbox' ></td>";
echo "</tr>";
$url_resize = $url . 'rs';
if (file_exists($url_resize)) {
$imgs .= "\$( \"#j_img_{$count}\" ).tooltip({ content: '<img src=\"{$url_resize}\" alt=\"{$name}\" width=\"280\"/>' }); \n";
} else {
$imgs .= "\$( \"#j_img_{$count}\" ).tooltip({ content: '<img src=\"{$url}\" alt=\"{$name}\" width=\"280\"/>' }); \n";
}
}
echo "</table>";
}
/**
* Prepares the query for execution
*/
private function _prepareQuery()
{
$this->_query = $this->_db->prepare($this->_query_string);
}
private function AddSet()
{
if ($this->get_request_method() != "POST") {
$this->response('', 406);
}
$action = $this->_request['Action'];
$query = "";
$setName = $this->_request['Name'];
$setNumber = $this->_request['Number'];
$revision = $this->_request['Revision'];
$universal = $setNumber . "-" . $revision;
$pieces = $this->_request['Pieces'];
$theme = $this->_request['Theme'];
$subtheme = $this->_request['Subtheme'];
$wptag = $this->_request['Tag'];
$image = $this->_request['Image'];
$released = $this->_request['Start'];
$retired = $this->_request['End'];
$description = $this->_request['Description'];
$stub = $this->stubify($setName);
if ($released == '') {
$released = null;
}
if ($retired == '') {
$retired = null;
}
$mysqli = new MySQLi(self::DB_SERVER, self::DB_USER, self::DB_PASSWORD, self::DB);
if ($action == "new") {
// $query = $mysqli->prepare("INSERT into test_setguide_main
// set_number,revision,set_name,set_stub,theme_id,subtheme_id,pieces,
// root_image,date_released,date_retired,wordpress_tag)
// values(?,?,?,?,?,?,?,?,?,?,?)");
// $query->bind_param('iisssiiisiis',$number,$revision,$name,$stub,$theme,$subtheme,
// $pieces,$image,$released,$retired,$wptag);
$query = $mysqli->prepare("INSERT into test_setguide_main \r\n\t\t\t\t\t(set_number,set_name,theme_id,subtheme_id,pieces,root_image,revision,\r\n\t\t\t\t\tset_stub,date_released,date_retired,wordpress_tag,universal_id,`description`) \r\n\t\t\t\t\tvalues(?,?,?,?,?,?,?,?,?,?,?,?,?)");
$query->bind_param('isiiisisiisss', $setNumber, $setName, $theme, $subtheme, $pieces, $image, $revision, $stub, $released, $retired, $wptag, $universal, $description);
} else {
$query = $mysqli->prepare("UPDATE test_setguide_main SET \r\n\t\t\t\t\tset_name=?,theme_id=?,subtheme_id=?,pieces=?,\r\n\t\t\t\t\troot_image=?,revision=?,set_stub=?,date_released=?,date_retired=?,\r\n\t\t\t\t\twordpress_tag=?,universal_id=?,`description`=? \r\n\t\t\t\t\tWHERE set_number=" . $setNumber);
$query->bind_param('siiisisiisss', $setName, $theme, $subtheme, $pieces, $image, $revision, $stub, $released, $retired, $wptag, $universal, $description);
}
$query->execute();
$mysqli->close();
$this->response('', 200);
}
/**
* @param $query
* @return \mysqli_stmt
*/
public function prepare($query)
{
return $this->_db->prepare($query);
}
<head>
<meta charset="UTF-8">
<title>Post a Message</title>
</head>
<body>
<?php
// This is an OOP version of the script from Chapter 13.
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Validate the data (omitted)!
// Connect to the database:
$mysqli = new MySQLi('localhost', 'root', '', 'forum');
$mysqli->set_charset('utf8');
// Make the query:
$q = 'INSERT INTO messages (forum_id, parent_id, user_id, subject, body, date_entered) VALUES (?, ?, ?, ?, ?, NOW())';
// Prepare the statement:
$stmt = $mysqli->prepare($q);
// Bind the variables:
$stmt->bind_param('iiiss', $forum_id, $parent_id, $user_id, $subject, $body);
// Assign the values to variables:
$forum_id = (int) $_POST['forum_id'];
$parent_id = (int) $_POST['parent_id'];
$user_id = 3;
// The user_id value would normally come from the session.
$subject = strip_tags($_POST['subject']);
$body = strip_tags($_POST['body']);
// Execute the query:
$stmt->execute();
// Print a message based upon the result:
if ($stmt->affected_rows == 1) {
echo '<p>Your message has been posted.</p>';
} else {
<?php
require_once __DIR__ . "/lib/comm.php";
require_once __DIR__ . "/lib/AnimGif.php";
if (check_login()) {
header("Location:login.php");
}
ini_set('max_execution_time', 300);
$key_word = str_replace("'", "", substr(filter_input(INPUT_GET, 'kw', FILTER_SANITIZE_SPECIAL_CHARS), 0, 250));
$db = new MySQLi(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($db->connect_error) {
return "";
}
$sql = "select url from " . TB_PIC . generate_sub_sql($key_word) . "ORDER BY name";
$res = $db->prepare($sql);
$res->execute();
$url = null;
$res->bind_result($url);
$imgs = array();
while ($res->fetch()) {
if ($url) {
# 如果没有缩略图,则尝试创建。
if (!file_exists($url . "rs")) {
$org_img = imagecreatefromjpeg($url);
if ($org_img) {
list($width, $height) = getimagesize($url);
$resize_img = imagecreatetruecolor($width * 0.25, $height * 0.25);
imagecopyresampled($resize_img, $org_img, 0, 0, 0, 0, $width * 0.25, $height * 0.25, $width, $height);
imagejpeg($resize_img, $url . "rs");
imagedestroy($resize_img);
imagedestroy($org_img);
exit("Could not delete fb_tags table\n");
}
if (FALSE === $db->query("DROP TABLE IF EXISTS fb_posts_tags")) {
exit("Could not delete fb_posts_tags table\n");
}
if (FALSE === $db->query("CREATE TABLE fb_posts (\n\tfb_post_id varchar(50) NOT NULL,\n\tfb_link varchar(5000),\n\timage_url varchar(5000),\n\tcreated int(11) NOT NULL,\n\tupdated int(11) NOT NULL,\n\ttype varchar(20) NOT NULL,\n\tmessage text,\n\tstory text,\n\textra text,\n\tPRIMARY KEY (fb_post_id)\n) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci")) {
exit("Could not create fb_posts table\n");
}
if (FALSE === $db->query("CREATE TABLE fb_tags (\n\tfb_tag_id VARCHAR(20) NOT NULL,\n\tname VARCHAR(100) NOT NULL,\n\tcategory VARCHAR(100),\n\tPRIMARY KEY (fb_tag_id)\n) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci")) {
exit("Could not create fb_tags table\n");
}
if (FALSE === $db->query("CREATE TABLE fb_posts_tags (\n\tfb_post_id varchar(50) NOT NULL,\n\tfb_tag_id VARCHAR(20) NOT NULL,\n\tPRIMARY KEY (fb_post_id, fb_tag_id)\n) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci")) {
exit("Could not create fb_posts_tags table\n");
}
echo "Inserting tags...\n";
$st = $db->prepare("INSERT INTO fb_tags (fb_tag_id, name, category) VALUES (?, ?, ?)");
$stats = array('items' => 0, 'inserted' => 0, 'failed' => 0);
foreach ($tags as $id => $tag) {
$stats['items']++;
if (FALSE !== $st->bind_param("sss", $id, $tag->name, $tag->category)) {
if (FALSE !== $st->execute()) {
$stats['inserted']++;
} else {
$stats['failed']++;
}
} else {
$stats['failed']++;
}
}
print_r($stats);
echo "Inserting posts...\n";
<?php
session_start();
if (isset($_SESSION['vol_user'])) {
header('location:index.php');
}
if (isset($_POST['concert'])) {
$sql = new MySQLi("localhost", "goru", "mnnit", "ds");
$stmt = $sql->prepare("select name from users where concert=? and ticket=?");
$stmt->bind_param("ss", $_POST['concert'], $_POST['ticket']);
$stmt->execute();
$name = '';
$stmt->bind_result($name);
if ($stmt->fetch()) {
$_SESSION['vol_user'] = $name;
$_SESSION['vol_concert'] = $_POST['concert'];
header('location:index.php');
} else {
echo '<span style="color:red">Login failed!</span>';
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Volume controller</title>
<link rel="stylesheet" href="styl.css" />
</head>
<body>
ini_set('max_execution_time', 180);
require_once __DIR__ . '/lib/config.php';
$pic_str = filter_input(INPUT_POST, 'pic', FILTER_SANITIZE_STRING);
$len = strlen($pic_str);
if ($len < 102400 || $len > 5 * 1024 * 1024) {
die("Pic size error! Allow size: 100KB to 5MB");
}
$ip = substr($_SERVER['REMOTE_ADDR'], 0, 49);
$pic = base64_decode($pic_str);
unset($pic_str);
$name = date('YmdHis', time());
$dir = 'img/' . date('Y/m/d', time());
$url = $dir . '/' . substr($name, 8) . '_' . uniqid() . '.png';
$sql = "insert into p(ip,name,url,rotate) values(?,?,?,0)";
$con = new MySQLi(DB_HOST, DB_NAME, DB_USER, DB_PASS);
$res = $con->prepare($sql);
$res->bind_param("sss", $ip, $name, $url);
$res->execute();
$res->close();
$con->close();
if (!is_dir($dir)) {
mkdir($dir, 0755, true);
}
$file = fopen($url, "wb");
fwrite($file, $pic);
fflush($file);
fclose($file);
$img = imagecreatefromstring($pic);
unset($pic);
$width = imagesx($img);
$height = imagesy($img);
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRIC LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
if ($_GET['a'] == 'c') {
$mysqli = new MySQLi(POT_DB_HOST, POT_DB_USER, POT_DB_PASS, POT_DB);
$stmt = $mysqli->prepare('INSERT INTO clicks
(page_impression, link_position_count,
element_tag, element_id, element_href, element_rel,
element_title, event_client_x, event_client_y, event_page_x,
event_page_y, event_screen_x, event_screen_y)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
$stmt->bind_param('i', $_SESSION['page_impression']);
$stmt->bind_param('i', $_GET['c']);
$stmt->bind_param('s', $_GET['t']);
$stmt->bind_param('s', $_GET['i']);
$stmt->bind_param('s', $_GET['h']);
$stmt->bind_param('s', $_GET['r']);
$stmt->bind_param('s', $_GET['ti']);
$stmt->bind_param('i', $_GET['cx']);
$stmt->bind_param('i', $_GET['cy']);
$stmt->bind_param('i', $_GET['px']);
$stmt->bind_param('i', $_GET['py']);
$stmt->bind_param('i', $_GET['sx']);
$stmt->bind_param('i', $_GET['sy']);
if (isset($_POST['submission'])) {
// Escapen der Benutzereingaben.
$username = htmlspecialchars($_POST['inputUsername']);
$passwordNonHash = htmlspecialchars($_POST['inputPassword']);
$password = md5($passwordNonHash);
if (!empty($username) && !empty($passwordNonHash)) {
// Wird ausgeführt, wenn Benutzername und Passwort eingegeben wurden.
// DB-Verbindung aufbauen
$connection = new MySQLi('localhost', 'headbook', 'gibbiX12345', 'headbook');
if ($connection->connect_error) {
throw new Exception("Verbindungsfehler: {$connection->connect_error}");
}
// -----------------------------------------------------------------------------
// Benutzer und Passwort auslesen (Auf Existenz und Korrektheit prüfen)
$query = 'SELECT * FROM user WHERE name = ?';
$statement = $connection->prepare($query);
$statement->bind_param('s', $username);
if (!$statement->execute()) {
throw new Exception($statement->error);
} else {
$result = $statement->get_result();
if (!$result) {
throw new Exception($statement->error);
}
$hasUser = false;
while ($row = $result->fetch_object()) {
$rowPassword = $row->password;
$rowName = $row->name;
$rowId = $row->id_user;
// Passwörter werden verglichen
if ($rowPassword == $password) {
function get_cam_ip()
{
$db = new MySQLi(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($db->connect_error) {
return "";
}
$sql = "select ip from s order by ip";
$res = $db->prepare($sql);
$res->execute();
$res->bind_result($ip);
$ip = null;
$ret = "";
while ($res->fetch()) {
$ret .= $ip . ",";
}
return $ret;
}
