public function runIPcheck() { $myIP = $this->getIP(); $localIP = str_replace('.', '', $this->addZeros($myIP)); $sql = "SELECT * FROM firewall_rules WHERE '{$localIP}' >= from_ip AND '{$localIP}' <= to_ip "; $result = db::returnrow($sql); if ($result) { if ($result['mode'] == 1) { return true; } else { return false; } } else { return false; } }
public function getQuizTitle($quizid) { $sql = "SELECT quiz_title FROM quiz WHERE quizid='" . db::escapechars($quizid) . "'"; $result = db::returnrow($sql); return $result['quiz_title']; }
public function convertUUIDtoRegisterID($id) { $sql = "SELECT registerid FROM registers WHERE uuid='" . db::escapechars($id) . "'"; $result = db::returnrow($sql); return $result['registerid']; }
public function getUserInfo($userid) { $sql = "SELECT\n *\n FROM\n users\n WHERE\n userid='" . db::escapechars($userid) . "'\n "; $result = db::returnrow($sql); return $result; }
public function maintainauth() { // Maintain Authentication using session variables and a connection to the DB if ($_SESSION['username'] == "" || $_SESSION['passwd'] == "" || $_SESSION['utype'] == "") { if ($_POST['username'] !== "" && $_POST['passwd'] !== "" && $_POST['z'] == "login") { // Authenticating against scripts so allow through this check script return 'authing'; } else { // Log in form required return 'noauth'; } } else { /* * * Should be authenticated ok but always check the authentication * in case SESSION vars are being tampered with * */ $username = db::escapechars($_SESSION['username']); $sql = "SELECT * FROM users WHERE username = '******'"; $result = db::returnrow($sql); if ($result) { // If there is a match set the session variables if ($_SESSION['passwd'] == $result['password']) { $_SESSION['username'] = $username; $_SESSION['passwd'] = $_SESSION['passwd']; $_SESSION['utype'] = $result['user_type']; return 'auth'; } else { // Stored data doesn't match that passed to it - log the activity and destroy data // Log the spurious activity $logType = "Session Auth"; $IPAddress = $_SERVER["REMOTE_ADDR"]; $logValue = db::escapechars($_SESSION['username']) . " Tried Session maintain - Failed auth maintain from {$IPAddress}"; $this->logevent($logType, $logValue); // Kill the session variables and give an error message $_SESSION['username'] = ""; $_SESSION['passwd'] = ""; $_SESSION['utype'] = ""; // return failure return "fail"; session_destroy(); return 'noauth'; } } else { // Couldn't get the username - need to authenticate again because something is wrong return 'noauth'; } } }
public function getDiaryEvent($eventid) { $sql = "SELECT * FROM class_diary WHERE event_id='" . db::escapechars($eventid) . "'"; $result = db::returnrow($sql); return $result; }
public function getGravatarIcon($userid, $iconsize = '30') { // Gravatar requires an MD5 of the email address to poll for an image so grab from DB and output URL $sql = "SELECT\n email_address\n FROM\n users\n WHERE\n userid='" . db::escapechars($userid) . "'"; $result = db::returnrow($sql); $email = $result['email_address']; return "//www.gravatar.com/avatar/" . md5($email) . "?s=" . db::escapechars($iconsize); }
public function uuidtoruleid($uuid) { $sql = "SELECT rule_id FROM firewall_rules WHERE uuid='" . db::escapechars($uuid) . "'"; $result = db::returnrow($sql); return $result['rule_id']; }
public function getSingleTweet($twitterid = '', $stackid = '') { if ($twitterid != "") { $sql = "SELECT * FROM tweetstack WHERE twitterID='" . db::escapechars($twitterid) . "'"; } elseif ($stackid != "") { $sql = "SELECT * FROM tweetstack WHERE twitterID='" . db::escapechars($twitterid) . "'"; } else { $sql = "SELECT * FROM tweetstack WHERE flaggedAbuse !='1' ORDER BY dateCreated DESC"; } $result = db::returnrow($sql); return $result; }
public function viewContent($uuid) { $sql = "SELECT * FROM class_documents WHERE document_id='" . $this->convertUUIDToContentID(db::escapechars($uuid)) . "'"; $result = db::returnrow($sql); return $result; }
public function uuidToMessageID($uuid) { $sql = "SELECT message_id FROM user_messages WHERE uuid='" . db::escapechars($uuid) . "'"; $result = db::returnrow($sql); return $result['message_id']; }