public function runIPcheck()
{
$myIP = $this->getIP();
$localIP = str_replace('.', '', $this->addZeros($myIP));
$sql = "SELECT * FROM firewall_rules WHERE '{$localIP}' >= from_ip AND '{$localIP}' <= to_ip ";
$result = db::returnrow($sql);
if ($result) {
if ($result['mode'] == 1) {
return true;
} else {
return false;
}
} else {
return false;
}
}
public function getQuizTitle($quizid)
{
$sql = "SELECT quiz_title FROM quiz WHERE quizid='" . db::escapechars($quizid) . "'";
$result = db::returnrow($sql);
return $result['quiz_title'];
}
public function convertUUIDtoRegisterID($id)
{
$sql = "SELECT registerid FROM registers WHERE uuid='" . db::escapechars($id) . "'";
$result = db::returnrow($sql);
return $result['registerid'];
}
public function getUserInfo($userid)
{
$sql = "SELECT\n *\n FROM\n users\n WHERE\n userid='" . db::escapechars($userid) . "'\n ";
$result = db::returnrow($sql);
return $result;
}
public function maintainauth()
{
// Maintain Authentication using session variables and a connection to the DB
if ($_SESSION['username'] == "" || $_SESSION['passwd'] == "" || $_SESSION['utype'] == "") {
if ($_POST['username'] !== "" && $_POST['passwd'] !== "" && $_POST['z'] == "login") {
// Authenticating against scripts so allow through this check script
return 'authing';
} else {
// Log in form required
return 'noauth';
}
} else {
/*
*
* Should be authenticated ok but always check the authentication
* in case SESSION vars are being tampered with
*
*/
$username = db::escapechars($_SESSION['username']);
$sql = "SELECT * FROM users WHERE username = '******'";
$result = db::returnrow($sql);
if ($result) {
// If there is a match set the session variables
if ($_SESSION['passwd'] == $result['password']) {
$_SESSION['username'] = $username;
$_SESSION['passwd'] = $_SESSION['passwd'];
$_SESSION['utype'] = $result['user_type'];
return 'auth';
} else {
// Stored data doesn't match that passed to it - log the activity and destroy data
// Log the spurious activity
$logType = "Session Auth";
$IPAddress = $_SERVER["REMOTE_ADDR"];
$logValue = db::escapechars($_SESSION['username']) . " Tried Session maintain - Failed auth maintain from {$IPAddress}";
$this->logevent($logType, $logValue);
// Kill the session variables and give an error message
$_SESSION['username'] = "";
$_SESSION['passwd'] = "";
$_SESSION['utype'] = "";
// return failure
return "fail";
session_destroy();
return 'noauth';
}
} else {
// Couldn't get the username - need to authenticate again because something is wrong
return 'noauth';
}
}
}
public function getDiaryEvent($eventid)
{
$sql = "SELECT * FROM class_diary WHERE event_id='" . db::escapechars($eventid) . "'";
$result = db::returnrow($sql);
return $result;
}
public function getGravatarIcon($userid, $iconsize = '30')
{
// Gravatar requires an MD5 of the email address to poll for an image so grab from DB and output URL
$sql = "SELECT\n email_address\n FROM\n users\n WHERE\n userid='" . db::escapechars($userid) . "'";
$result = db::returnrow($sql);
$email = $result['email_address'];
return "//www.gravatar.com/avatar/" . md5($email) . "?s=" . db::escapechars($iconsize);
}
public function uuidtoruleid($uuid)
{
$sql = "SELECT rule_id FROM firewall_rules WHERE uuid='" . db::escapechars($uuid) . "'";
$result = db::returnrow($sql);
return $result['rule_id'];
}
public function getSingleTweet($twitterid = '', $stackid = '')
{
if ($twitterid != "") {
$sql = "SELECT * FROM tweetstack WHERE twitterID='" . db::escapechars($twitterid) . "'";
} elseif ($stackid != "") {
$sql = "SELECT * FROM tweetstack WHERE twitterID='" . db::escapechars($twitterid) . "'";
} else {
$sql = "SELECT * FROM tweetstack WHERE flaggedAbuse !='1' ORDER BY dateCreated DESC";
}
$result = db::returnrow($sql);
return $result;
}
public function viewContent($uuid)
{
$sql = "SELECT * FROM class_documents WHERE document_id='" . $this->convertUUIDToContentID(db::escapechars($uuid)) . "'";
$result = db::returnrow($sql);
return $result;
}
public function uuidToMessageID($uuid)
{
$sql = "SELECT message_id FROM user_messages WHERE uuid='" . db::escapechars($uuid) . "'";
$result = db::returnrow($sql);
return $result['message_id'];
}
