public function __set($name, $value)
{
$s_name = db::escape($name);
$s_val = db::escape($value);
$s_uid = db::escape($this->_uid);
return db::execute("REPLACE INTO 202_config (var_name, var_value, user_id)\n VALUES ('{$s_name}', '{$s_val}', '{$s_uid}')");
}
public function saveRule($rule_id, $start_ip, $end_ip, $rule_state)
{
$sql = "UPDATE\n firewall_rules\n SET\n start_ip='" . db::escapechars($start_ip) . "',\n end_ip='" . db::escapechars($end_ip) . "',\n rule_state='" . db::escapechars($rule_state) . "'\n date_modified=NOW()\n WHERE\n rule_id='" . db::escapechars($rule_id) . "'\n LIMIT 1";
$updateFirewall = db::execute($sql);
if ($removeItem) {
// Log activity
$logType = "Firewall";
$logValue = db::escapechars($_SESSION['username']) . " updated a firewall rule - " . db::escapechars($ruleid);
$this->logevent($logType, $logValue);
return true;
} else {
// Log failure
$logValue = db::escapechars($_SESSION['username']) . " Failed updating a firewall rule - " . db::escapechars($sql);
$this->logfault($logValue);
return false;
}
}
public function storeAppSettings($settingName, $settingValue)
{
$errors = 0;
// For each of the provided settings store the associated value
for ($i = 0; $i <= count($settingName); $i++) {
$sql = "UPDATE\n framework_settings\n SET\n settingValue='" . db::escapechars($settingValue[$i]) . "'\n WHERE\n settingName='" . db::escapechars($settingName[$i]) . "'\n LIMIT 1";
$result = db::execute($sql);
if ($result) {
$this->logevent('Settings Update', $_SESSION['username'] . " updated setting " . db::escapechars($settingName[$i]) . " to " . db::escapechars($settingValue[$i]));
} else {
$errors++;
$this->logerror("Error updating settings: " . $sql);
}
}
if ($errors > 0) {
return false;
} else {
return true;
}
}
function run($query, $param, $action = '', $db = null)
{
$response = false;
$db = new db(null, $db);
$db->query($query);
$db->execute($param);
switch ($action) {
case 'fetch':
$response = $db->fetch();
break;
case 'update':
$response = $db;
break;
case 'insert':
$response = $db->lastInsertId();
break;
default:
$response = $db->fetchset();
break;
}
return $response;
}
public static function importUser($affiliate_id, $install_db)
{
// Grab user from directtrack db.
//$s_addcode = db::escape($pub);
$user = db::getRow("select * from prosper_master.affiliates WHERE affiliate_id='{$affiliate_id}'");
//md5 the user pass with salt
$user_pass = salt_user_pass($_SESSION['login_pass']);
$mysql['user_pass'] = db::escape($user_pass);
//insert this user
$user_sql = " \tINSERT INTO {$install_db}.`202_users`\n\t\t\t\t\t \tSET\tuser_email='" . $user['email'] . "',\n\t\t\t\t\t \t\tuser_name='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_pass='******'user_pass'] . "',\n\t\t\t\t\t \t\taddCode='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_timezone='-5',\n\t\t\t\t\t \t\tuser_time_register=NOW()";
//die($user_sql);
$user_result = db::execute($user_sql);
$user_id = mysql_insert_id(db::$db_write);
$mysql['user_id'] = db::escape($user_id);
$mysql['affiliate_id'] = $user['affiliate_id'];
$md5token = md5(serialize($user) . uniqid());
$_SESSION['authtoken'] = $md5token;
db::execute("insert into prosper_master.login_tokens(affiliate_id, user_id, user_name, token)\n\t\t values ('" . $mysql['affiliate_id'] . "', '" . $mysql['user_id'] . "', '" . $user['addCode'] . "', '" . $md5token . "');");
//update user preference table
$user_sql = "INSERT INTO {$install_db}.`202_users_pref` SET user_id='" . $mysql['user_id'] . "'";
$user_result = db::execute($user_sql);
}
function getAverages($company_id)
{
$scores = [];
$superaverage = 0;
//create keys for scores and zero out any leftover data in the scores array
$keys = ['company_id', 'WLBalance', 'Salary', 'Benefits', 'Opportunity', 'Fairness', 'Leadership', 'Loyalty', 'Morale', 'Communication'];
foreach ($keys as $key) {
$scores[$key] = 0;
}
//now I know I could replace all of this with a simple SQL query
// $db = new DB;
$sql = "SELECT * FROM Reviews WHERE company_id = {$company_id}";
$results = db::execute($sql);
// $results = $db->execute($sql);
//grab number of reviews for calculating average
$count = $results->num_rows;
//remove non-calculation columns and sum the rest into the scores array
while ($row = $results->fetch_assoc()) {
unset($row['review_id']);
unset($row['person_id']);
unset($row['ReviewText']);
foreach ($row as $key => $value) {
$scores[$key] += $value;
}
}
//calculate average for each column and trim to two decimal places
foreach ($scores as $key => $value) {
$scores[$key] = substr($value / $count, 0, 4);
}
//sum the averages and get that average and add to the array
foreach ($scores as $key => $value) {
$superaverage += $value;
}
$superaverage /= count($keys);
$superaverage = substr($superaverage, 0, 4);
$scores['Average'] = $superaverage;
return $scores;
}
public function resetPassword($userid, $seededpassword, $newpasswd = '')
{
$userid = db::escapechars($userid);
$newpasswd = db::escapechars($newpasswd);
if (is_null($newpasswd)) {
$newpassword = $this->generatePassword();
} else {
$newpassword = $newpasswd;
}
$newpasswordmd5 = md5($newpassword . $seededpassword);
$sql = "UPDATE\n users\n SET\n password='******'\n WHERE\n userid='{$userid}'\n LIMIT 1";
$resetpass = db::execute($sql);
if ($resetpass) {
// Log the activity
$logType = "Reset Password";
$IPAddress = $_SERVER["REMOTE_ADDR"];
$myusername = $_SESSION['username'];
$theirusername = $this->useridtoname($userid);
$logValue = "{$myusername} reset user password for user ( {$theirusername} )";
$this->logevent($logType, $logValue);
// Email user with reset notification
$message = "<h2>Password Reset</h2><p>Hello, a reset password request was sent for your account ({$theirusername}).</p><p>Your new password is {$newpassword}</p><p>You should log on and change this as soon as possible</p>";
$this->emailUser($userid, 'Password Reset', $message);
return true;
} else {
return false;
}
}
public static function logged_in()
{
$session_time_passed = time() - $_SESSION['session_time'];
// Tricky logic for handing off authentication across subdomains.
if (!isset($_SESSION['user_id']) && !isset($_SESSION['login_user']) && isset($_GET['auth'])) {
$s_token = db::escape($_GET['auth']);
$user_row = db::getRow("SELECT lt.*, a.addCode from prosper_master.login_tokens lt\r\n INNER JOIN prosper_master.affiliates a ON lt.affiliate_id=a.affiliate_id\r\n WHERE token='{$s_token}'");
$_SESSION['session_fingerprint'] = md5('session_fingerprint' . $_SERVER['HTTP_USER_AGENT'] . session_id());
$_SESSION['session_time'] = time();
$_SESSION['user_name'] = $user_row['user_name'];
$_SESSION['user_id'] = $user_row['user_id'];
$_SESSION['addCode'] = $user_row['addCode'];
$_SESSION['user_api_key'] = @$user_row['user_api_key'];
$_SESSION['user_stats202_app_key'] = @$user_row['user_stats202_app_key'];
$_SESSION['user_timezone'] = @$user_row['user_timezone'];
@db::execute("delete from prosper_master.login_tokens WHERE token='{$s_token}' LIMIT 1");
$uri = preg_replace('/auth=[a-zA-Z0-9]+/', '', $_SERVER['REQUEST_URI']);
forward($uri);
exit;
}
if (!isset($_SESSION['user_id']) && isset($_SESSION['login_user'])) {
if (self::login($_SESSION['login_user'], $_SESSION['login_pass'])) {
return true;
}
}
if ($_SESSION['user_name'] and $_SESSION['user_id'] and $_SESSION['session_fingerprint'] == md5('session_fingerprint' . $_SERVER['HTTP_USER_AGENT'] . session_id()) and $session_time_passed < 50000) {
$_SESSION['session_time'] = time();
return true;
} else {
return false;
}
}
public function purgeDiary($classid, $teacherid)
{
// Check if owner of the class or if an administrator
$classInfo = $this->getClassInformation($classid);
if ($classInfo['teacher_id'] == $teacherid || $_SESSION['utype'] >= 8) {
$sql = "DELETE FROM\n class_diary\n WHERE\n class_id='" . db::escapechars($classid) . "'\n AND\n item_status='9'";
$purge = db::execute($sql);
if ($purge) {
// Log the activity
$logType = "Classes";
$logValue = db::escapechars($_SESSION['username']) . " Purged class diary events - " . db::escapechars($classid);
$this->logevent($logType, $logValue);
return true;
} else {
// Log the activity
$logValue = db::escapechars($_SESSION['username']) . " Failed Purging class diary events - " . db::escapechars($sql);
$this->logfault($logValue);
return false;
}
} else {
return false;
}
}
public static function delete($where = array())
{
$sql = "DELETE FROM %s%s;";
$sql = sprintf($sql, self::filter_table(self::$settings['table']), self::where_str($where));
debug::set('sql', self::$settings['class'] . '::' . __FUNCTION__, $sql);
return parent::execute($sql) ? 1 : 0;
return -1;
}
<?php
include_once BASE_PATH . 'admin/utils/initialize.php';
if (!empty($_POST)) {
$db = new db();
$country_id = $db->escape_string($_POST['country_id']);
$rss = $db->escape_string($_POST['rss']);
$sql = $db->execute("INSERT INTO rss (country_id, link, active) VALUES ('{$country_id}', '{$rss}', '1')");
}
echo $twig->render('add_rss.html', array('active_menu' => 'add_rss', 'msg' => $msg, 'title_part' => 'Adăugare rss', 'utils' => $utils, 'slugs' => get_slugs()));
$country_slug = $slug['slug'];
$rsss = $db->array_select("SELECT * FROM rss WHERE country_id = '{$country_id}' AND active='1'");
foreach ($rsss as $rss) {
$content = file_get_contents($rss['link']);
$xmlfeed = new SimpleXmlElement($content);
$author = $xmlfeed->channel->link;
$first = strpos($author, '.');
$author = substr($author, $first + 1);
$second = strpos($author, '/');
$author = substr($author, 0, $second);
foreach ($xmlfeed->channel->item as $entry) {
if (strpos($entry->pubDate, $today)) {
$title = $db->escape_string($entry->title);
$double = $db->num_rows("SELECT id FROM news WHERE title = '{$title}'");
if ($double == 0) {
$link = $db->escape_string($entry->link);
$pubDate = $entry->pubDate;
$date = convert_date($pubDate);
$description = prepare_description($entry->description);
$site_link = prepare_link($title, $country_slug);
$metakeywords = prepare_metakeywords($description);
$metadescription = prepare_metadescription($description);
$sql = $db->execute("INSERT INTO news (country_id, author, title, description, site_link, link, pubdate, metadescription, metakeywords) VALUES ('{$country_id}', '{$author}', '{$title}', '{$description}', '{$site_link}','{$link}', '{$date}', '{$metadescription}', '{$metakeywords}')");
}
}
}
}
}
}
//delete entries older than 2 days
$sql = $db->execute("DELETE from news WHERE (pubdate NOT LIKE '%{$today2}%' AND pubdate NOT LIKE '%{$yesterday}%' AND pubdate NOT LIKE '%{$yesterday2}%')");
defined('WCROOT') or die('Access Denied');
require WCROOT . PS . "config" . PS . "config_" . $_SESSION['domain'] . ".php";
$db = new db();
$sqlfile = WCROOT . '/install/data/basic.sql';
file_exists($sqlfile) or die('<br /><font color="#F00">数据库安装文件丢失:' . $sqlfile . '</font>');
$sql = file_get_contents($sqlfile);
$sql = str_replace("\r\n", "\n", $sql);
if (empty($sql)) {
die('无法获取安装数据。file_get_contents()');
}
$sql = trim(str_replace("\r", "\n", str_replace(' `ws_', ' `' . $db_config['db_pre'], $sql)));
$ret = explode(";\n", $sql);
unset($sql);
$result = true;
foreach ($ret as $sql) {
$sql = trim($sql);
@$db->execute($sql) or $result = false;
}
if ($result) {
msgbox('', 'index.php?step=6');
} else {
echo '<div style="padding:30px 0 30px 20px; color:#F00;">系统模块安装失败,请重新安装或尝试跳过这一步。</div>';
}
?>
<table width="100%"><tr>
<td width="80" height="80"> </td>
<td align="center"><a href="index.php?step=4" onfocus="this.blur()"><img src="images/button_prev.png" width="112" height="35" /></a></td>
<td align="center"><a href="index.php?step=6" onfocus="this.blur()"><img src="images/button_next.png" width="112" height="35" /></a></td>
<td width="80"> </td>
</tr></table>
$db->beginTransaction();
if ($attach_id == 'e') {
$db->query("SELECT IFNULL(MAX(attach_group_id),0) + 1 as max_id FROM attachments");
$res = $db->fetch();
if (!empty($res)) {
$new_attach_id = $res['max_id'];
} else {
$new_attach_id = 1;
}
} else {
$new_attach_id = $attach_id;
}
$db->query("INSERT INTO attachments (attach_group_id, attach_desc)\n\t\t\t\tVALUES (:attach_group_id, :attach_desc)");
$db->bind(":attach_group_id", $new_attach_id);
$db->bind(":attach_desc", $file_name);
$sq = $db->execute();
$db->endTransaction();
$flag = 1;
} catch (Exception $e) {
$flag = 2;
$db->cancelTransaction();
}
} else {
$flag = 3;
}
}
$db->query("SELECT * FROM attachments WHERE attach_group_id = :id");
$db->bind(":id", $new_attach_id);
$getAttaches = $db->fetchAll();
if (!empty($getAttaches)) {
foreach ($getAttaches as $row) {
/**
* build the create table query
*/
private static function create($tableDef = array())
{
try {
$table = $tableDef['table'];
$cols = $tableDef['columns'];
$query = "create table " . $table['name'] . " (";
foreach ($cols as $col => $def) {
$query .= $col . " " . $def['type'] . " (" . $def['length'] . ") ,";
}
$query = rtrim($query, ",");
$query .= ")";
if ($table['charset'] && $table['collate']) {
$query .= "CHARACTER SET " . $table['charset'] . " COLLATE " . $table['collate'];
}
$db = new db();
echo $db->execute($query) ? "DB table " . $tableDef['table']['name'] . " migrated" : "Some error occured while migrating";
} catch (Exception $e) {
echo $e->getMessage();
}
}
public function deleteRegister($registerid)
{
$sql = "UPDATE class_register SET register_status='9' WHERE registerid='" . db::escapechars($registerid) . "' LIMIT 1";
$deleteRegister = db::execute($sql);
if ($purgeMessage) {
// Log the activity
$logType = "Register";
$logValue = $this->usernametorealname($_SESSION['username']) . "(" . $_SESSION['username'] . ") deleted a register (" . db::escapechars($registerid) . ") ";
$this->logevent($logType, $logValue);
return true;
} else {
// Log the fault in the system
$logValue = $this->usernametorealname($_SESSION['username']) . "(" . $_SESSION['username'] . ") failed deleting a register: " . db::escapechars($sql);
$this->logfault($logValue);
return faluse;
}
}
<?php
include_once BASE_PATH . 'admin/utils/initialize.php';
if (!empty($_POST)) {
$db = new db();
//get data
$country = $_POST['country'];
$slug = $_POST['slug'];
$country2 = $_POST['country2'];
$language = $_POST['language'];
$timezone = $_POST['timezone'];
//insert new country in database
$sql = $db->execute("INSERT INTO slugs (country, slug, country2, language, timezone) VALUES ('{$country}', '{$slug}', '{$country2}', '{$language}', '{$timezone}')");
//create new country in locale table
$sql = $db->execute("ALTER TABLE locale ADD " . $slug . " VARCHAR( 255 )");
}
echo $twig->render('add_slug.html', array('active_menu' => 'add_slug', 'msg' => $msg, 'title_part' => 'Adăugare ţară', 'utils' => $utils));
defined('WCROOT') or die('Access Denied');
require WCROOT . PS . "config" . PS . "config_" . $_SESSION['domain'] . ".php";
if (isset($_POST['website'])) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
//$website = trim($_POST['website']);
//$website = rtrim($website,'/').'/';
//strlen($website) < 10 && msgbox('网站访问地址填写不正确。');
//$config['url'] = $website;
preg_match('/^[\\w_]{5,20}$/', $username) or msgbox('管理员帐号必须由5 - 20个字符组成,只能使用数字、字母或下划线!');
(preg_match('/[\'\\"\\\\\\/]/', $password) || strlen($password) < 5 || strlen($password) > 20) && msgbox('管理员密码必须为5 - 20个字符,不得使用特殊字符!');
$db = new db();
$count = $db->query("SELECT count(*) FROM `{$db_config['db_pre']}user`", 1, 0);
$sql = "INSERT INTO `{$db_config['db_pre']}user` (nickname,loginname,loginpwd,lasttime,lastip) VALUES ('admin','{$username}','{$password}','" . date('Y-m-d H:i:s') . "','" . get_ip() . "');";
$db->execute($sql) ? msgbox('', 'index.php?step=7') : msgbox('添加管理员出错!');
/*if($count[0] == 0){
$encryption = random(8,0);
//$password = md5(md5($password).md5($encryption));
$sql = "INSERT INTO `{$db_config['db_pre']}user` (nickname,loginname,loginpwd,lasttime,lastip) VALUES ('admin','{$username}','{$password}','".date('Y-m-d H:i:s')."','{get_ip()}');";
$db->execute($sql) ? msgbox('','index.php?step=7') : msgbox('添加管理员出错!');
} else {
msgbox('','index.php?step=7');
}
/*if(array2php($config,'config',MLEROOT.'/inc/config/globals.config.php')){
$keyfile = file_get_contents(MLEROOT.'/inc/config/version.config.php');
empty($keyfile) && die('无法获取配置文件。file_get_contents()');
$keyfile = str_replace('__{WEBKEY}__',random(38,0),$keyfile);
if(@file_put_contents(MLEROOT.'/inc/config/version.config.php',$keyfile)){
$db = new db;
$count = $db->query("SELECT count(*) FROM `{$DB['prefix']}admin`",1,0);
public function addHashtag($hashtag, $userid)
{
if ($hashtag) {
$hashtagStripped = str_replace('@', '', $hashtag);
$hashtagStripped = str_replace('#', '', $hashtagStripped);
$sql = "INSERT INTO tweetSearch SET ";
if (substr($hashtag, 0, 1) == "@") {
$sql .= " accountID='" . db::escapechars($hashtagStripped) . "'";
} else {
$sql .= " hashtag='" . db::escapechars($hashtagStripped) . "'";
}
$sql .= " , userID='" . db::escapechars($userid) . "'";
$result = db::execute($sql);
if ($result) {
$logType = "";
$myusername = $this->useridtorealname($userid);
$logValue = "{$myusername} created a hashtag or username (" . db::escapechars($hashtagStripped) . ")";
$this->logevent($logType, $logValue);
return true;
} else {
$this->logfault('ADD HASHTAG', "TRYING TO UNDERTAKE: " . $sql);
return false;
}
} else {
return false;
}
}
}
try {
$db->beginTransaction();
//adding task details into database
$q = "INSERT INTO tasks (creator_id, assignee_id, loc_id, start_date, due_date, `repeat`, title, `desc`, attach_group_id, status)\n\t\t\t VALUES (:creator_id, :assignee_id, :loc_id, :start_date, :due_date, :repeat, :title, :des, :attach_group_id, 1)";
$sq = $db->query($q);
$db->bind(":creator_id", $creatorId);
$db->bind(":assignee_id", $assigneeId);
$db->bind(":loc_id", $locId);
$db->bind(":start_date", $startDate);
$db->bind(":due_date", $endDate);
$db->bind(":repeat", $repeat);
$db->bind(":title", $title);
$db->bind(":des", $desc);
$db->bind(":attach_group_id", $attachId);
$sq = $db->execute();
if ($sq) {
//add followers of task if exist
if ($followersIds != '') {
$cond = count($followersIds);
//get task_id
$db->query("SET @lastId = (SELECT task_id FROM tasks ORDER BY task_id DESC LIMIT 1)");
$sql = $db->execute();
for ($i = 0; $i < $cond; $i++) {
array_push($followersArr, $followersIds[$i]);
$db->query("INSERT INTO tasks_followers (task_id, follower_id)\n\t\t\t\t\t\t\t\t VALUES (@lastId, :follower_id)");
$db->bind(":follower_id", $followersIds[$i]);
$sq = $db->execute();
}
}
//add task to notifications
exit;
}
// Bail out if this page is accessed directly.
if (!isset($_SESSION['login_user'])) {
forward("/xtracks-login.php");
exit;
}
if (!isset($_GET['action'])) {
$subdomain = $_SESSION['subdomain_granted'];
$s_subdomain = db::escape($subdomain);
// Check if we have something running already.
$row = db::getRow("select id, status from prosper_master.install_jobs\n where subdomain='{$s_subdomain}'");
if ($row) {
$install_id = $row['id'];
} else {
db::execute("insert into prosper_master.install_jobs\n (subdomain) VALUES ('{$s_subdomain}')");
$install_id = mysql_insert_id(db::$db_write);
}
$run_install = true;
}
if (isset($_GET['action']) && $_GET['action'] == 'check') {
$install_id = (int) $_GET['install'];
$row = db::getRow('select * from prosper_master.install_jobs
where id=' . (int) $install_id);
echo json_encode(array('status' => $row['status'], 'auth' => $_SESSION['authtoken']));
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<?php
include_once BASE_PATH . 'admin/utils/initialize.php';
if (!empty($_POST)) {
$db = new db();
foreach ($_POST as $key => $value) {
$parts = explode('_', $key);
$operation = $parts[0];
$id = $parts[1];
$slug = $parts[2];
if ($parts[0] == 'update') {
$value = $db->escape_string($value);
$sql = $db->execute("UPDATE locale SET {$slug} = '{$value}' WHERE id = '{$id}'");
}
}
$slugs_string = '';
$slugs = $db->array_select("SELECT slug FROM slugs");
foreach ($slugs as $slug) {
$slugs_string .= $slug['slug'] . ',';
}
$slugs_string = substr($slugs_string, 0, -1);
$index = 0;
while (!empty($_POST['insert_' . $index . '_us'])) {
$values_string = '';
foreach ($slugs as $slug) {
$values_string .= "'" . $_POST['insert_' . $index . '_' . $slug['slug']] . "',";
}
$values_string = substr($values_string, 0, -1);
$sql = "INSERT INTO locale ({$slugs_string}) VALUES ({$values_string})";
$db->execute($sql);
$index++;
<?php
// error_reporting(E_ALL);
// ini_set('display_errors', 'on');
include 'initialize.php';
$emailreg = '/^[a-zA-Z-_.+]+@[a-zA-Z-_.+]+\\.[a-z]{2,6}\\.?[a-z]+/';
$passreg = '/((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\\W]).{8,64})/';
$errorarray = [];
$errorstring = "";
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$sql = "SELECT * FROM People WHERE email = '{$_POST['email']}'";
$result = db::execute($sql);
// Check email against REGEX
if (preg_match($emailreg, $_POST['email']) === 1) {
// Check that email is unique
if ($result->num_rows == 0) {
//Check that passwords match
if ($_POST['password'] == $_POST['verifypassword']) {
// print_r($_POST);
//Check password has 8chars and at least 1 number and one symbol
if (preg_match($passreg, $_POST['password']) == 1) {
//Drop second password field
unset($_POST['verifypassword']);
$sql_values = $_POST;
$sql_values['password'] = password_hash($sql_values['password'], PASSWORD_DEFAULT);
$table = "People";
// db::insert($table, $sql_values);
} else {
$errorstring = "Your password must be at least 8 characters with at least one number and one symbol";
array_push($errorarray, $errorstring);
}
function global_settings_set($params)
{
$db = new db();
$db->query("DELETE FROM measure_system WHERE measure_system_setting_name NOT LIKE( 'current_version' )");
$db->execute();
foreach ($params['data'] as $k => $v) {
$db->query('INSERT INTO measure_system ( measure_system_setting_name, measure_system_setting_value ) VALUES ( :key, :value )');
$db->data('key', $k);
$db->data('value', $v);
$db->execute();
}
}
public function toggleQuiz($quizid, $quizState = '0')
{
$sql = "UPDATE\n quiz\n SET\n quiz_status='" . db::escapechars($quizState) . "'\n WHERE\n quizid='" . db::escapechars($quizid) . "'\n LIMIT 1";
$insertClass = db::execute($sql);
if ($insertClass) {
// Log the activity
$logType = "Classes";
$logValue = db::escapechars($_SESSION['username']) . " Toggled a quiz state - " . db::escapechars($classid);
$this->logevent($logType, $logValue);
return true;
} else {
// Log the activity
$logValue = db::escapechars($_SESSION['username']) . " Failed toggling a quiz state - " . db::escapechars($sql);
$this->logfault($logValue);
return false;
}
}
</head>
<body>
<main>
<?php
include 'header.php';
?>
</main>
<section>
<h1>My Reviews as a Former Employee</h1>
<?php
foreach ($reviews as $i => $value) {
$sql_comp = "\n SELECT *\n FROM Companies\n WHERE company_id = {$reviews[$i]['company_id']}";
$output = db::execute($sql_comp);
// $output = $db->execute($sql_comp);
$company_info = $output->fetch_assoc();
echo "<table>\n <thead>\n <tr>\n <th><div style='width: 275px'>Qualities at {$company_info['Name']}</div></th>\n <th><div style='width: 50px'>Scores</div></th>\n </tr>\n </thead>\n <tbody>\n <tr>\n <td>Work/Life Balance</td>\n <td>{$reviews[$i]['WLBalance']}</td>\n </tr> \n <td>Salary</td>\n <td>{$reviews[$i]['Salary']}</td> \n </tr>\n <td>Benefits</td>\n <td>{$reviews[$i]['Benefits']}</td>\n </tr>\n <td>Advancement Opportunities</td>\n <td>{$reviews[$i]['Opportunity']}</td> \n </tr>\n <td>Equality/Fairness</td>\n <td>{$reviews[$i]['Fairness']}</td> \n </tr>\n <td>Leadership</td>\n <td>{$reviews[$i]['Leadership']}</td> \n </tr>\n <td>Loyalty</td>\n <td>{$reviews[$i]['Loyalty']}</td>\n </tr>\n <td>Morale</td>\n <td>{$reviews[$i]['Morale']}</td> \n </tr>\n <td>Communication</td>\n <td>{$reviews[$i]['Communication']}</td>\n </tr> \n </tbody> \n </table>";
}
?>
</section>
<!-- <?php
echo 'You\'re logged in ' . $_SESSION['email'];
?>
-->
</body>
</html>
/**
* Runs a INSERT query with values
*
* @param string $table The table name
* @param array $fields an array of field names
* @param array $values an array of array of keys and values.
* @return mixed The last inserted id if everything went fine or an error response.
*/
static function insert_all($table, $fields, $values)
{
$query = 'INSERT INTO ' . self::prefix($table) . ' (' . implode(',', $fields) . ') VALUES ';
$rows = array();
foreach ($values as $v) {
$str = '(\'';
$sep = '';
foreach ($v as $input) {
$str .= $sep . db::escape($input);
$sep = "','";
}
$str .= '\')';
$rows[] = $str;
}
$query .= implode(',', $rows);
return db::execute($query);
}
// ghetto-switch time
switch ($_REQUEST['action']) {
case "add_affnet":
$mysql['user_id'] = mysql_real_escape_string($_SESSION['user_id']);
$mysql['name'] = mysql_real_escape_string($_REQUEST['affnet_id']);
if (db::execute("INSERT INTO 202_aff_networks (user_id, aff_network_name) VALUES ('" . $mysql['user_id'] . "', '" . $mysql['name'] . "')")) {
$result = db::getRow("SELECT aff_network_name as name, aff_network_id as id FROM 202_aff_networks WHERE aff_network_name = '" . $mysql['name'] . "'");
} else {
$result = "error";
}
// fancy
break;
case "delete_affnet":
$mysql['user_id'] = mysql_real_escape_string($_SESSION['user_id']);
$mysql['id'] = mysql_real_escape_string($_REQUEST['affnet_id']);
$result = db::execute("DELETE FROM 202_aff_networks WHERE user_id = '" . $mysql['user_id'] . "' AND aff_network_id = '" . $mysql['id'] . "'");
break;
}
echo json_encode($result);
exit;
}
}
//get all of the user data
$mysql['user_id'] = mysql_real_escape_string($_SESSION['user_id']);
$user_sql = "\tSELECT \t*\n\t\t\t\t FROM \t`202_users`\n\t\t\t\t LEFT JOIN `202_users_pref` USING (user_id)\n\t\t\t\t WHERE \t`202_users`.`user_id`='" . $mysql['user_id'] . "'";
$user_result = _mysql_query($user_sql);
$user_row = mysql_fetch_assoc($user_result);
$html = array_map('htmlentities', $user_row);
//make it hide most of the api keys
$hideChars = 22;
for ($x = 0; $x < $hideChars; $x++) {
public function delete()
{
return db::execute($this->sql(__FUNCTION__));
}
echo '<div id="notice"></div>';
file_exists($sqlfile) or die('<br /><font color="#F00">数据库安装文件丢失:' . $sqlfile . '</font>');
$sql = file_get_contents($sqlfile);
$sql = str_replace("\r\n", "\n", $sql);
if (empty($sql)) {
die('无法获取安装数据。file_get_contents()');
}
$sql = trim(str_replace("\r", "\n", str_replace(' `ws_', ' `' . $db_config['db_pre'], $sql)));
$ret = explode(";\n", $sql);
unset($sql);
$result = true;
foreach ($ret as $sql) {
$sql = trim($sql);
if (substr($sql, 0, 12) == 'CREATE TABLE') {
$t_name = preg_replace("/CREATE TABLE `([a-z0-9_]+)` .*/is", "\\1", $sql);
if (@$db->execute($sql)) {
showjsmessage('<ol>正在创建数据表:' . $t_name . ' … <img src="images/ok.png" /></ol>');
} else {
$result = false;
showjsmessage('<ol><font color="#FF0000">正在创建数据表:' . $t_name . ' … </font><img src="images/not.png" /></ol>');
}
} else {
@$db->execute($sql);
}
}
if ($result) {
showjsmessage('<ol><font color="#000000">数据库安装成功,请继续下一步安装。</font></ol>');
} else {
showjsmessage('<ol><font color="#FF0000">数据库没有正确安装或是安装过程中出现异常,请检查连接参数设置是否正确。</font></ol>');
}
?>
