Exemple #1
0
function findUserByUsernameOrEmail($usernameOrEmail)
{
    $table = getTableQuote("users");
    $query = "SELECT * FROM {$table} WHERE (username='******' OR email='{$usernameOrEmail}') AND active=1;";
    $queryReturn = runQuery($query);
    $possibleUser = count($queryReturn) == 1 ? $queryReturn[0] : null;
    return $possibleUser;
}
Exemple #2
0
function getInviteKey($email)
{
    $table = "invitations";
    $sentInviteKey = runQuery("SELECT inviteKey FROM " . getTableQuote($table) . " WHERE email='{$email}';");
    if (count($sentInviteKey) == 1) {
        $inviteKey = $sentInviteKey[0]['inviteKey'];
    } else {
        $inviteKey = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
    }
    return $inviteKey;
}
Exemple #3
0
function getJoin($table1, $table2, $joinOn, $t1_constraints, $t2_constraints)
{
    $t1_q = getTableQuote($table1);
    $t2_q = getTableQuote($table2);
    $jo = getJoinOn($table1, $table2, $joinOn);
    $tables = [];
    $tables[$table1] = $t1_constraints;
    $tables[$table2] = $t2_constraints;
    $con = getConstraintsWithTables($tables);
    $t2_columns = arrayToString(getColumnNamesWithTable($table2));
    $query = "SELECT {$t1_q}.*, {$t2_columns} FROM {$t1_q} INNER JOIN {$t2_q} ON {$jo} {$con};";
    return $query;
}
Exemple #4
0
function getJoin($table1, $table2, $joinOn, $t1_constraints, $t2_constraints)
{
    $t1_q = getTableQuote($table1);
    $t2_q = getTableQuote($table2);
    $jo = getJoinOn($table1, $table2, $joinOn);
    $tables = [];
    $tables[$table1] = $t1_constraints;
    $tables[$table2] = $t2_constraints;
    $con = getConstraintsWithTables($tables);
    $t2_columns = arrayToString(getColumnNamesWithTable($table2));
    $query = "SELECT " . $t1_q . ".*, " . $t2_columns . " FROM " . $t1_q . " INNER JOIN " . $t2_q . " ON " . $jo . " " . $con . ";";
    return $query;
}
Exemple #5
0
<?php

include_once '../config/config.php';
include_once $serverPath . 'utils/db_get.php';
$table = 'events';
if (!empty($_GET['id'])) {
    $id = $_GET['id'];
    echo json_encode(findById($table, $id));
}
if (!empty($_GET['startDate']) && !empty($_GET['endDate'])) {
    $startDate = $_GET['startDate'];
    $endDate = $_GET['endDate'];
    $query = "Select * FROM " . getTableQuote($table) . " WHERE active='Yes' AND ((startDate <= {$endDate} AND endDate >= {$startDate}) \n\t\t\t\tOR (startDate=0 AND endDate >= {$startDate}) OR  (startDate <= {$endDate} AND endDate=0) OR (startDate=0 AND endDate=0));";
    echo json_encode(runQuery($query));
}
Exemple #6
0
<?php

session_start();
include_once '../config/config.php';
include_once $serverPath . 'utils/db/db_get.php';
$login_ok = false;
if (!empty($_POST)) {
    if (!empty($_POST['username']) && !empty($_POST['password'])) {
        $table = "users";
        $query = "SELECT * FROM " . getTableQuote($table) . " WHERE (username='******'username'] . "' OR email='" . $_POST['username'] . "')";
        $user = runQuery($query);
        if (count($user) == 1) {
            $user = $user[0];
        }
        if (isset($user['salt']) && isset($user['password']) && isset($user['username'])) {
            $check_password = hash('sha256', $_POST['password'] . $user['salt']);
            for ($round = 0; $round < 65536; $round++) {
                $check_password = hash('sha256', $check_password . $user['salt']);
            }
            if ($check_password === $user['password']) {
                // If they do, then we flip this to true
                $login_ok = true;
            }
            if ($login_ok) {
                unset($user['salt']);
                unset($user['password']);
                $_SESSION['user'] = $user;
                header("Location: " . $baseURL);
                die("Redirecting to: admin page");
            } else {
                sendErrorMessage("Username not found or password is incorrect");
Exemple #7
0
$stopFirewall = 'true';
$table = 'users';
if (empty($_GET['inviteKey'])) {
    header("Location: " . $baseURL);
}
$users = runQuery("SELECT email FROM " . getTableQuote('invitations') . " WHERE inviteKey='" . $_GET['inviteKey'] . "';");
if (count($users) > 0) {
    $email = $users[0]['email'];
} else {
    header("Location: " . $baseURL);
}
if (!empty($_POST)) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    if (!empty($email) && !empty($username) && !empty($password)) {
        $query = "SELECT username FROM " . getTableQuote($table) . " WHERE `username`='{$username}' OR `email`='{$email}';";
        if (count(runQuery($query)) == 0) {
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                die("Invalid E-Mail Address");
            }
            $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
            $password = hash('sha256', $_POST['password'] . $salt);
            for ($round = 0; $round < 65536; $round++) {
                $password = hash('sha256', $password . $salt);
            }
            $data = ['email' => $email, 'password' => $password, 'salt' => $salt, 'username' => $username];
            insert($table, $data);
            $headers = 'MIME-Version: 1.0' . "\r\n";
            $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
            $headers .= 'From:' . $webmasterMail . ' <' . $webmasterMail . '>' . "\r\n";
            $message = "\n\t\t\t<html>\n\t\t\t<body>\n\t\t\t<p>Your account has been created for the Linger Martini Bar.</p>\n\t\t\t\t\t\n\t\t\t<p>Username: {$username}</p>\n\t\t\t\n\t\t\t</body>\n\t\t\t\n\t\t\t</html>\n\t\t\t";
Exemple #8
0
<?php

include_once '../../config/config.php';
include_once $serverPath . 'utils/db_post.php';
if (!empty($_GET['faceBookID'])) {
    $table = "photos";
    $insert = "DELETE FROM " . getTableQuote($table) . " WHERE faceBookID=" . $_GET['faceBookID'] . ";";
    runInsert($insert);
}
if (!empty($_GET['carousel_image_id'])) {
    $table = "carousel_images";
    deleteFrom($table, $_GET['carousel_image_id']);
}
Exemple #9
0
<?php

include_once '../config/config.php';
include_once $serverPath . 'utils/security/requireLogin.php';
include_once $serverPath . 'utils/db/db_get.php';
if (!empty($_GET['get'])) {
    $get = $_GET['get'];
    $table = "users";
    if ($get == "myData") {
        $data = runQuery("SELECT first_name, last_name, id, admin, protected, username, email, assestDefaultAccess FROM " . getTableQuote($table) . " WHERE id='" . $_SESSION['user']['id'] . "';");
        if (count($data) == 1) {
            echo json_encode($data[0]);
        }
    } else {
        if ($get == "defaultAccess") {
            $data = runQuery("SELECT assestDefaultAccess FROM " . getTableQuote($table) . " WHERE id='" . $_SESSION['user']['id'] . "';");
            if (count($data) == 1) {
                echo json_encode($data[0]);
            }
        }
    }
}
Exemple #10
0
<?php

include_once '../../config/config.php';
include_once $serverPath . 'admin/login/requireAdmin.php';
include_once $serverPath . 'utils/db_get.php';
echo json_encode(runQuery("SELECT id, username, email FROM " . getTableQuote('users') . " WHERE username='******'user']['username'] . "';"));
Exemple #11
0
<?php

include_once '../../config/config.php';
include_once $serverPath . 'admin/login/requireAdmin.php';
include_once $serverPath . 'utils/db_get.php';
$table = 'users';
if (!empty($_GET['get'])) {
    $get = $_GET['get'];
    if ($get == 'grid') {
        $query = "SELECT id, username, email, active FROM " . getTableQuote($table) . " WHERE protected != 1;";
        echo json_encode(runQuery($query));
    }
}
Exemple #12
0
function deleteFrom($table, $id)
{
    $insert = "DELETE FROM " . getTableQuote($table) . " WHERE id=" . $id . ";";
    runInsert($insert);
}
Exemple #13
0
function getConstraintsWithTable($table, $constraints)
{
    $q_table = getTableQuote($table);
    foreach ($constraints as $columnName => $value) {
        $constraints[$q_table . "." . $columnName] = $value;
        unset($constraints[$columnName]);
    }
    return getConstraintBody($constraints);
}
<?php

include_once '../../config/config.php';
include_once $serverPath . 'admin/login/requireAdmin.php';
include_once $serverPath . 'utils/db_post.php';
include_once $serverPath . 'utils/db_get.php';
$table = 'users';
$_POST = json_decode(file_get_contents('php://input'), true);
if (!empty($_POST)) {
    if (!empty($_POST['email']) && !empty($_POST['id']) && $_POST['id'] != $_SESSION['user']['id'] && ($_POST['active'] == 1 || $_POST['active'] == 0)) {
        $user = findById($table, $_POST['id']);
        if ($user['protected'] != '1') {
            $update = "Update " . getTableQuote($table) . " SET active=" . $_POST['active'] . " WHERE id=" . $_POST['id'] . ";";
            runInsert($update);
            $headers = 'MIME-Version: 1.0' . "\r\n";
            $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
            $headers .= 'From:' . $webmasterMail . ' <' . $webmasterMail . '>' . "\r\n";
            $activated = $_POST['active'] == 0 ? 'deactivated' : 'activated';
            $link = $_POST['active'] == 1 ? '<p>Click here to login: <a href="' . $externalLink . 'admin/login/">Login</a></p>' : '';
            $message = "\n\t\t\t\t\t<html>\n\t\t\t\t\t\t<body>\n\t\t\t\t\t\t<p>Your account has been {$activated}</p>\n\t\t\t\t\t\t{$link}\n\t\t\t\n\t\t\t\t\t</body>\n\t\t\t\n\t\t\t\t\t</html>\n\t\t\t\t\t";
            $subject = "Your account has been {$activated} for The Linger Martini Bar";
            mail($_POST['email'], $subject, $message, $headers);
        }
    }
}
Exemple #15
0
function getConstraintsWithTable($table, $constraints)
{
    $q_table = getTableQuote($table);
    $constraint = "";
    foreach ($constraints as $columnName => $value) {
        $c = getTableQuote($columnName);
        $constraint .= "{$q_table}.{$c} = {$value} AND ";
    }
    return cutString($constraint, 5);
}