function searchgrade($newky)
{
$obj = new mysql_helper();
$conn = $obj->connect();
$sql = "call myproce4({$newky})";
$result = $obj->mysql_selecte($sql, $conn);
$obj->mysql_close($conn);
$result = mysql_fetch_array($result);
return $result;
}
function get_update_info()
{
global $error_manager;
$mysql = new mysql_helper('localhost', 0, 0);
$results = $mysql->execute_query('SELECT * FROM `updates` ORDER BY Version DESC');
if (!isset($results[0]['version']) || !isset($results[0]['change_log'])) {
return $error_manager->error_generator(ERROR_SQL_QUERY_FAILED);
}
if (isset($results['error_code']) && isset($results['error_description'])) {
return $results;
}
$latest_version = $results[0]['version'];
$download_link = 'http://www.xboxchaos.com/assembly/update.zip';
$output_array = array('download_link' => $download_link, 'latest_version' => $latest_version, 'change_logs' => $results);
return $output_array;
}
function get_cached_data($data_array)
{
global $error_manager;
$requestedTimestamp = $data_array['timestamp'];
$requestedType = $data_array['type'];
$mysql = new mysql_helper('localhost', 0, 0);
$bindings = array();
$bindings = $mysql->add_binding($bindings, 's', $requestedType);
$results = $mysql->execute_query('SELECT * FROM `cache` WHERE (`type` = ?0)', $bindings);
if (!isset($results[0]['type']) || !isset($results[0]['timestamp'])) {
return $error_manager->error_generator(ERROR_SQL_QUERY_FAILED);
}
if (isset($results['error_code']) && isset($results['error_code'])) {
return $results;
}
$responseType = $results[0]['type'];
$responseTimestamp = $results[0]['timestamp'];
$returnArray = array('update_cache' => $responseTimestamp > $requestedTimestamp);
return $returnArray;
}
function user_sign_in($data_array)
{
global $error_manager;
$input_username = $data_array['username'];
$input_password = $data_array['password'];
$input_timestamp = time();
$mysql = new mysql_helper('localhost', 0, 1);
$bindings = array();
$bindings = $mysql->add_binding($bindings, 's', $input_username);
$members_result = $mysql->execute_query('SELECT * FROM `members` WHERE (`members_l_username` = ?0)', $bindings);
$check_valid = $mysql->check_query_valid($members_result, array('member_group_id', 'member_id', 'members_pass_salt', 'members_pass_hash', 'members_display_name', 'posts'));
if ($check_valid['error_code'] != -1) {
return $check_valid;
}
$output_session_id = random_string_generation(16);
$output_gid = $members_result[0]['member_group_id'];
$output_mid = $members_result[0]['member_id'];
$output_salt = $members_result[0]['members_pass_salt'];
$output_hash = $members_result[0]['members_pass_hash'];
$output_display_name = $members_result[0]['members_display_name'];
$output_posts = $members_result[0]['posts'];
$calculated_hash = md5(md5($output_salt) . $input_password);
if ($calculated_hash != $output_hash) {
return $error_manager->error_generator(ERROR_INVALID_PASS);
}
$bindings = array();
$bindings = $mysql->add_binding($bindings, 'i', $output_mid);
$avatar_result = $mysql->execute_query('SELECT * FROM `profile_portal` WHERE `pp_member_id` = ?0', $bindings);
$check_valid = $mysql->check_query_valid($avatar_result, array('pp_member_id'));
if ($check_valid['error_code'] != SUCCESS) {
return $check_valid;
}
$output_avatar_raw = $avatar_result[0]['pp_thumb_photo'];
if (substr($output_avatar_raw, 0, 3) != 'http') {
$output_avatar_raw = 'http://uploads.xbchaos.netdna-cdn.com/' . $output_avatar_raw;
}
$bindings = array();
$bindings = $mysql->add_binding($bindings, 'i', $output_mid);
$assembly_users_result = $mysql->execute_query('SELECT * FROM `users` WHERE `member_id` = ?0', $bindings);
$check_valid = $mysql->check_query_valid($assembly_users_result, array('member_id', 'session_id', 'timestamp'));
if ($check_valid['error_code'] != SUCCESS) {
return $check_valid;
}
if ($check_valid['error_code'] == SEMIE_SQL_QUERY_ZERO_ROWS) {
// mysql_query("INSERT INTO `users` (`member_id` , `session_id` , `timestamp`) VALUES ('$member_id' , '$session_id', '$timestamp')");
$bindings = array();
$bindings = $mysql->add_binding($bindings, 'i', $output_mid);
$bindings = $mysql->add_binding($bindings, 's', $output_session_id);
$bindings = $mysql->add_binding($bindings, 'i', $input_timestamp);
$insert_result = $mysql->execute_query('INSERT INTO `users` (`member_id` , `session_id` , `timestamp`) VALUES (?0 , ?1, ?2)', $bindings);
// $check_valid = $mysql->check_query_valid($insert_result, array());
// if ($check_valid['error_code'] != SUCCESS)
// return $check_valid;
} else {
$bindings = array();
$bindings = $mysql->add_binding($bindings, 'i', $output_mid);
$bindings = $mysql->add_binding($bindings, 's', $output_session_id);
$bindings = $mysql->add_binding($bindings, 'i', $input_timestamp);
$update_result = $mysql->execute_query('UPDATE `users` SET (`session_id` = ?0, `timestamp` = ?1) WHERE `users`.`member_id` = ?2', $bindings);
// $check_valid = $mysql->check_query_valid($update_result, array());
// if ($check_valid['error_code'] != SUCCESS)
// return $check_valid;
}
$return_array = array('member_id' => $output_mid, 'session_id' => $output_session_id, 'display_name' => $output_display_name, 'signin_name' => $input_username, 'group_id' => $output_gid, 'post_count' => $output_posts, 'avatar_url' => $output_avatar_raw);
return $return_array;
}
<?php
include '../config/config.class.php';
include '../model/scoreserve.php';
$grade = $_GET['new'];
$keyname = $_GET['key'];
$judeger = $_GET['judger'];
if ($grade > 100 || $grade < 0 || $grade == "") {
$grade = "error";
} else {
$score = new score();
@($flag = $score->getflag($keyname, $judeger));
if ($flag == 1) {
$grade = "errorse";
} else {
$flag = 1;
$sql = "update zg_grade set grade='{$grade}',flag='{$flag}' where stunumber='{$keyname}' and judeger='{$judeger}'";
$obj = new mysql_helper();
$conn = $obj->connect();
$obj->mysql_do($sql, $conn);
$grade = "success!";
$obj->mysql_close($conn);
}
}
echo $grade;
<?php
$obj = new mysql_helper();
$conn = $obj->connect();
$file_name_show = xfs($_POST["xy"]) . '/' . xfs($_POST["xh"]) . '_' . xfs($_POST["xm"]) . '_' . xfs($_POST["xy"]) . '_' . xfs($_POST["bj"]) . '.doc';
$filename = xfs($_POST["xh"]) . '_' . xfs($_POST["xm"]) . '_' . xfs($_POST["xy"]) . '_' . xfs($_POST["bj"]);
$stunumb = xfs($_POST["xh"]);
$listdir = xfs($_POST["xy"]);
$sqlc = "select stunumber from upload_table where stunumber='{$stunumb}'";
@($result = $obj->mysql_selecte($sqlc, $conn));
$result = mysql_fetch_array($result);
if ($result[0] == $stunumb) {
$sqlu = "update upload_table set filename='{$filename}' where stunumber='{$stunumb}'";
@$obj->mysql_do($sqlu, $conn);
} else {
$sql = "insert into upload_table(filename,stunumber,academy) values('{$filename}','{$stunumb}','{$listdir}')";
$sql1 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','1')";
$sql2 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','2')";
$sql3 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','3')";
@$obj->mysql_do($sql, $conn);
@$obj->mysql_do($sql1, $conn);
@$obj->mysql_do($sql2, $conn);
@$obj->mysql_do($sql3, $conn);
}
@$obj->mysql_close($conn);
$POST_MAX_SIZE = ini_get('post_max_size');
$unit = strtoupper(substr($POST_MAX_SIZE, -1));
$multiplier = $unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1));
if ((int) $_SERVER['CONTENT_LENGTH'] > $multiplier * (int) $POST_MAX_SIZE && $POST_MAX_SIZE) {
header("HTTP/1.1 500 Internal Server Error");
echo "POST exceeded maximum allowed size.";
