public function getRecordList($page)
{
if (is_null($page)) {
$page = 0;
}
$page = mysqli_real_escape_string(parent::getDb(), $page);
$qRecord = mysqli_real_escape_string(parent::getDb(), $this->qRecord);
$qBand = mysqli_real_escape_string(parent::getDb(), $this->qBand);
$qGenre = mysqli_real_escape_string(parent::getDb(), $this->qGenre);
$qPerformer = mysqli_real_escape_string(parent::getDb(), $this->qPerformer);
$start_index = $page * NUM_OF_RESULTS;
if ($qPerformer === '') {
$query = "SELECT DISTINCT record.record_id, record.record_name, \n \t\t\t\trecord.record_artwork, band.band_name \n\t\t\t\tFROM record\n\t\t\t\tLEFT OUTER JOIN band\n\t\t\t\tON record.band_id = band.band_id\n\t\t\t\tLEFT OUTER JOIN genre\n\t\t\t\tON record.genre_id = genre.genre_id\n\t\t\t\tWHERE record.record_name LIKE '%{$qRecord}%' AND COALESCE(genre.genre_name,'') LIKE '%{$qGenre}%'\n\t\t\t\tAND band.band_name LIKE '%{$qBand}%' \n\t\t\t\tORDER BY record.record_id";
} else {
$query = "SELECT DISTINCT record.record_id, record.record_name, \n \t\t\t\trecord.record_artwork, band.band_name \n\t\t\t\tFROM record\n\t\t\t\tLEFT OUTER JOIN band\n\t\t\t\tON record.band_id = band.band_id\n\t\t\t\tLEFT OUTER JOIN genre\n\t\t\t\tON record.genre_id = genre.genre_id\n\t\t\t\tLEFT OUTER JOIN bandmate\n\t\t\t\tON record.band_id = bandmate.band_id\n\t\t\t\tLEFT OUTER JOIN performer\n\t\t\t\tON bandmate.performer_id = performer.performer_id\n\t\t\t\tWHERE record.record_name LIKE '%{$qRecord}%' AND COALESCE(genre.genre_name,'') LIKE '%{$qGenre}%' \n\t\t\t\tAND band.band_name LIKE '%{$qBand}%' \n\t\t\t\tAND performer.performer_name LIKE '%{$qPerformer}%'\n\t\t\t\tORDER BY record.record_id";
}
$countRows = mysqli_query(parent::getDb(), $query);
$this->countResults = mysqli_num_rows($countRows);
$result = mysqli_query(parent::getDb(), $query . " DESC LIMIT {$start_index}, " . NUM_OF_RESULTS);
$list = null;
if ($result) {
while ($data = $result->fetch_assoc()) {
$list[] = $data;
}
}
if (sizeof($list) !== 0) {
$this->foundResults = true;
} else {
$this->foundResults = false;
}
return isset($list) ? $list : null;
}
public function authAccount()
{
$status = true;
if (isset($_POST['email']) and isset($_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
//compare password against bcrypt hash
$result = mysqli_query(parent::getDb(), "SELECT * FROM `user` WHERE user_email='{$email}'");
$count = mysqli_num_rows($result);
// Double check that only one result is returned
$row = mysqli_fetch_assoc($result);
$password_hash = password_hash($password, PASSWORD_BCRYPT);
var_dump($password_hash);
// We use bcrypt hash for verifcation
if ($count == 1 && password_verify($password, $row['user_password_hash'])) {
$_SESSION['loggedin'] = true;
$_SESSION['user_id'] = $row['user_id'];
header('Location: ' . realpath() . '/index.php');
} else {
$status = false;
}
} else {
$status = false;
}
return $status;
}
private function setUserDataByApiKey($api_key)
{
$result = mysqli_query(parent::getDb(), "SELECT * FROM `user` WHERE user_api_key='{$api_key}'");
$this->count = mysqli_num_rows($result);
var_dump(mysqli_error(parent::getDb()));
if ($this->count === 1) {
$this->data = mysqli_fetch_assoc($result);
$this->user_id = self::getUserId();
} else {
$this->data = NULL;
}
$result->close();
}
private function setGenreDataByGenreId($genre_id)
{
$genre_id = mysqli_real_escape_string(parent::getDb(), $genre_id);
$result = mysqli_query(parent::getDb(), "SELECT * FROM `genre` WHERE genre_id='{$genre_id}'");
$this->count = mysqli_num_rows($result);
// This is just for error checking, since we want to obtain a single unique label entry
if ($this->count === 1) {
$this->data = mysqli_fetch_assoc($result);
$this->genre_id = $this->data['genre_id'];
// here we set our internal data var, now we can just use it like a array dictionary
// i.e. $this->data['label_id'] will return the integer value of the label_id
} else {
$this->data = NULL;
// This is important, as this will be used to check whether we were able to find an associated label
}
$result->close();
// not 100% why we do this... But I did notice it in some docs one time.
}
private function setUserDataByApiKey($user_api_key)
{
$user_api_key = mysqli_real_escape_string(parent::getDb(), $user_api_key);
$result = mysqli_query(parent::getDb(), "SELECT * FROM `user` WHERE user_api_key='{$user_api_key}'");
$this->count = mysqli_num_rows($result);
if ($this->count === 1) {
$this->data = mysqli_fetch_assoc($result);
$this->user_id = self::getUserId();
} else {
$this->data = NULL;
}
$result->close();
}
<?php
require_once __DIR__ . '/libs/bourbon.php';
$b = new Bourbon();
function cidr_match($ip, $range)
{
list($subnet, $bits) = explode('/', $range);
$ip = ip2long($ip);
$subnet = ip2long($subnet);
$mask = -1 << 32 - $bits;
$subnet &= $mask;
# nb: in case the supplied subnet wasn't correctly aligned
return ($ip & $mask) == $subnet;
}
// Make sure either an authenticated user or GitHub is running this script
if (!WEB::_req('POST')) {
$b->auth(null);
} else {
if (!cidr_match($_SERVER['REMOTE_ADDR'], '192.30.252.0/22')) {
header('Location: ' . realpath() . '/index.php');
}
}
/**
* GIT DEPLOYMENT SCRIPT
*
* Used for automatically deploying websites via github or bitbucket, more deets here:
*
* https://gist.github.com/1809044
*/
// The commands
$commands = array('echo $PWD', 'whoami', 'git pull', 'git status', 'git submodule sync', 'git submodule update', 'git submodule status', 'mysqladmin -uroot -proot -f drop bourbon', 'mysqladmin -uroot -proot -f create bourbon', 'mysql -uroot -proot bourbon < /srv/cpsc471-bourbon/sql/latest.sql');
private function setRecordDataByRecordId($record_id)
{
$record_id = mysqli_real_escape_string(parent::getDb(), $record_id);
$query = "SELECT *\n\t\t\t\t\t FROM record\n\t\t\t\t\t JOIN band ON record.band_id=band.band_id\n\t\t\t\t\t LEFT OUTER JOIN genre ON record.genre_id= genre.genre_id\n\t\t\t\t\t WHERE record_id = '{$record_id}'";
$result = mysqli_query(parent::getDb(), $query);
$this->count = mysqli_num_rows($result);
// This is just for error checking, since we want to obtain a single unique label entry
if ($this->count === 1) {
$this->data = mysqli_fetch_assoc($result);
$this->record_id = $this->data['record_id'];
// here we set our internal data var, now we can just use it like a array dictionary
// i.e. $this->data['label_id'] will return the integer value of the label_id
} else {
$this->data = NULL;
// This is important, as this will be used to check whether we were able to find an associated label
}
}
<?php
require_once __DIR__ . '/bourbon/libs/bourbon.php';
Bourbon::destroySession();
header('Location: ' . realpath() . '/login.php');
<?php
require_once __DIR__ . "/bourbon/record.php";
require_once __DIR__ . "/bourbon/libs/Mandrill.php";
//Not required with Composer
$b = new Bourbon();
$mandrill = new Mandrill('BNc02m60hJyYEe-ADC-aEg');
$r = new Record();
$r->init(WEB::_get('record_id'));
$email = WEB::_get('email');
$name = WEB::_get('name');
// Dispatch Email using Mandrill
if (filter_var($email, FILTER_VALIDATE_EMAIL) && $r->valid()) {
$query = "SELECT user_email \n\t\t\t \t FROM user\n\t\t\t\t WHERE user_notify = TRUE;";
$result = mysqli_query($b->getDb(), $query);
if ($result) {
while ($data = $result->fetch_assoc()) {
$users[] = $data;
}
}
$recName = $r->getRecordName();
try {
for ($i = 0; $i < count($users); $i++) {
$user_email = "" . $users[$i]['user_email'];
// Send Email
$message = new stdClass();
$message->html = "Hi!<br><br><strong>{$name}</strong> just inquired about: <strong>{$recName}</strong>.<br><br>Email them at: {$email}.";
$message->subject = "[Bourbon] New Record Inquiry - {$recName}";
$message->from_email = "{$email}";
$message->from_name = "{$name}";
$message->to = array(array("email" => "{$user_email}"));
<?php
require_once __DIR__ . "/../bourbon/libs/bourbon.php";
API::_json();
// Auth and Grab Data
$index = new Bourbon();
if (!$index->auth(API::_get('api_key'))) {
exit;
}
// Here is the API Interface
// Here is the API Interface
// GET
if (API::_req('GET')) {
printNotSupportedClass();
}
// POST
if (API::_req('POST')) {
printNotSupportedClass();
}
// PUT - Since PHP Does not support PUT, we look for &update action
if (API::_req('PUT')) {
printNotSupportedClass();
}
// DELETE
if (API::_req('DELETE')) {
printNotSupportedClass();
}
// Simple Helper Function to print user data
function printNotSupportedClass()
{
echo json_encode(array("status" => "error", "name" => "Invalid_Request", "message" => "Request Not Supported."));