} $w = imagesx($im); $h = imagesy($im); $s = $w > $h ? $h : $w; //Smallest out of height and width $im2 = imagecreatetruecolor(200, 200); imagecopyresampled($im2, $im, 0, 0, 0, 0, 200, 200, $s, $s); $dao = new DAO(false); //Delete the previous profile picture $f_name = "../../profile_pictures/" . $user->user_picture; if (file_exists($f_name)) { unlink($f_name); } $user->user_picture = $user->user_id . "-" . date("U"); $r = imagejpeg($im2, "../../profile_pictures/" . $user->user_picture, 100); $im3 = imagecreatetruecolor(1, 1); imagecopyresampled($im3, $im2, 0, 0, 0, 0, 1, 1, 200, 200); $rgb = imagecolorat($im3, 0, 0); $colors = imagecolorsforindex($im3, $rgb); imagedestroy($im); imagedestroy($im2); imagedestroy($im3); $dao->myquery("UPDATE user SET user_picture=\"{$user->user_picture}\" WHERE user_id=\"{$user->user_id}\";"); } else { redirect($_POST["r"]); } } else { redirect($_POST["r"]); } header("Connection: close"); redirect($_POST["r"]);
#!/usr/bin/php -q <?php //Scan database for notifications that have not been seen and are ready for departure include_once "../util/mysql.php"; include "../mail/send.php"; include "../util/constants.php"; // chdir(".."); // error_log("\n\n"); // error_log("PHP_ini_loaded_file: ".php_ini_loaded_file()); // error_log("executable path: ".PHP_BINDIR); // error_log("user: "******"Beginning to email notifications..."); $dao = new DAO(false); $part = array("user_id", "user_email", "user_name", "notif_id", "notif_title", "notif_message", "notif_link"); $query = "SELECT user.user_id,user_email,user_name,notif_id,notif_title,notif_message,notif_link \n\t\t\t\tFROM notification \n\t\t\t\tJOIN user ON user.user_id=notification.user_id \n\t\t\t\tWHERE NOT notif_seen AND NOT notif_emailed\n\t\t\t\tAND notif_departure < NOW();"; $dao->myquery($query); $notifications = $dao->fetch_all_obj(); foreach ($notifications as $notification) { $body = "<p>Hello " . $notification->user_name . ",</p>\n\t\t<p>" . $notification->notif_message . " <a href=\"" . $SITE_URL . "script/notification/see.php?notif_id=" . $notification->notif_id . "\">Click here to view</a>.</p>\n\t\t<p>Best Wishes,<br>The Unify Team</p>"; mail_message($notification->user_email, $notification->notif_title, $body); $query = "UPDATE notification SET notif_emailed=\"1\" WHERE notif_id=\"" . $notification->notif_id . "\";"; $dao->myquery($query); } error_log("Finished emailing notifications...");
/** * Select all objects from the database where the WHERE clause is entirely true. * Every argument will match a value in a column in the database. * @param DAO $dao a reference to a instance of DAO * @param string $table the name of the table of the objects * @param array $keys the associative array naming the properties of these objects for selection * @param array $where the associative array describing the properties of these objects (used in the WHERE clause) * @return array An array of DataObject instances with the variables specified in $assoc which can * be committed to the table $table. */ static function select_all($dao, $table, $keys, $where) { $obj = new DataObject(); $obj->table = $table; $obj->dao = $dao; //Reference to the dao stored $obj->update = true; //This will be updated on commit $objects = array(); $query_where = $obj->key_values($where); $query_part = implode(",", $keys); $query = "SELECT " . $query_part . " FROM " . $table . " WHERE " . implode(" AND ", $query_where) . " ORDER BY " . $keys[0] . " DESC;"; $dao->myquery($query); $query_objects = $dao->fetch_all_part($keys); //determine primary key and value $dao->myquery("SHOW index FROM {$obj->table} where Key_name = 'PRIMARY';"); // var_dump($dao->fetch_one_obj()); $obj->primary_key = $dao->fetch_one_obj()->Column_name; foreach ($query_objects as $query_obj) { $new_obj = clone $obj; //Copy the default obj foreach ($keys as $key) { $new_obj->{$key} = $query_obj[$key]; } $new_obj->primary_id = $new_obj->{$new_obj->primary_key}; $objects[] = $new_obj; } return $objects; }
<?php include_once "../util/mysql.php"; $dao = new DAO(false); $uni_id = $dao->escape($_GET["university_id"]); $course = $dao->escape($_GET["course"]); $course = strtolower($course); //Take the query and return a json list of courses that might match this one $dao->myquery("SELECT course_id,course_name FROM course WHERE LOWER(course_name) LIKE '%{$course}%' AND university_id = '{$uni_id}';"); echo $dao->fetch_json_part(array("course_id", "course_name"));
<?php include_once "../util/mysql.php"; include "../util/session.php"; $dao = new DAO(false); $name = $dao->escape($_POST["q"]); $name = trim(strtolower($name)); if ($name != "") { //Find the select the cohort, course and university of the user $query = "SELECT cohort.cohort_id,course.course_id,university.university_id FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE user_id=\"{$user->user_id}\";"; $dao->myquery($query); $row = $dao->fetch_one(); $cohort_id = $row["cohort_id"]; $course_id = $row["course_id"]; $university_id = $row["university_id"]; if (isset($_POST["group_id"])) { $group_id = $dao->escape($_POST["group_id"]); $not_in_group = "AND NOT EXISTS(SELECT grouping_id FROM grouping WHERE user.user_id=grouping.user_id AND grouping.group_id=\"{$group_id}\")"; } else { $not_in_group = ""; } //Take the query and return a json list of courses that might match this one $dao->myquery("SELECT user_id,user_name,cohort_start,course_name,university_name,user_picture FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE (cohort.cohort_id=\"{$cohort_id}\" OR " . "course.course_id=\"{$course_id}\" OR " . "university.university_id=\"{$university_id}\") AND " . "LOWER(user_name) LIKE \"%{$name}%\" AND user_id!=\"{$user->user_id}\" {$not_in_group};"); echo $dao->fetch_json(); } else { echo "[]"; }
<?php include "../util/session.php"; include_once "../util/mysql.php"; include "../util/redirect.php"; $f = "../img/dp1.jpg"; if (isset($_GET["user_id1"])) { $dao = new DAO(false); $user_id1 = $dao->escape($_GET["user_id1"]); $dao->myquery("SELECT user_picture FROM user WHERE user_id=\"{$user_id1}\";"); $user1 = $dao->fetch_one_obj_part(array("user_picture")); $f = "../profile_pictures/" . $user1->user_picture; if (!$user1->user_picture || !file_exists($f)) { $f = "../img/dp1.jpg"; } header('Content-Type: image/jpeg'); header("Content-Disposition: inline; filename=\"{$user1->user_picture}\""); readfile($f); }
<?php if (isset($selected_user)) { unset($selected_user); } if ($logged_in && isset($_GET["user_id"])) { $dao = new DAO(false); $user_request = $dao->escape($_GET["user_id"]); $properties = array("user_id", "user_name", "user_picture", "course_name", "university_name"); $dao->myquery("SELECT " . implode(",", $properties) . " FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON course.university_id=university.university_id WHERE user_id=\"{$user_request}\";"); if ($dao->fetch_num_rows() > 0) { //User exists $selected_user = $dao->fetch_one_obj_part($properties); $friends_query = "SELECT * FROM connection WHERE (user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\") OR " . "(user_id2=\"{$user->user_id}\" AND user_id1=\"{$selected_user->user_id}\");"; $dao->myquery($friends_query); $is_friend = $dao->fetch_num_rows() != 0 || $selected_user->user_id == $user->user_id || $selected_user->user_id == 1; // I am friends with myself $selected_user->is_friend = $is_friend; $dao->myquery("SELECT * FROM friend_request WHERE user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\";"); $selected_user->request_sent = $dao->fetch_num_rows() != 0; $_SESSION["selected_user"] = $selected_user; unset($_SESSION["selected_cohort"]); } }
<?php include_once "../util/mysql.php"; include "../util/pwd.php"; $dao = new DAO(true); $user_password = $dao->escape(salt($_POST["user_password"])); $user->user_id = $dao->escape($_POST["user_id"]); $conf_rnd = $dao->escape($_POST["conf_rnd"]); $query = "SELECT * FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";"; $dao->myquery($query); if ($dao->fetch_num_rows() == 1) { $query = "DELETE FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";"; $dao->myquery($query); $new_password_query = "UPDATE user SET user_password=\"{$user_password}\" WHERE user_id=\"{$user->user_id}\";"; $dao->myquery($new_password_query); } ?>
<?php if ($logged_in) { $dao = new DAO(false); if (isset($_GET["cohort_id"])) { $cohort_request = $dao->escape($_GET["cohort_id"]); if ($cohort_request == $user->cohort_id) { $dao->myquery("SELECT cohort_id,cohort.group_id,group_name,cohort_start,course.course_name,university.university_name FROM cohort \n\t\t\t\t\tJOIN course ON cohort.course_id=course.course_id \n\t\t\t\t\tJOIN university ON university.university_id=course.university_id\n\t\t\t\t\tJOIN user_group ON cohort.group_id=user_group.group_id WHERE cohort_id=\"{$cohort_request}\";"); $row = $dao->fetch_one_obj(); if ($dao->fetch_num_rows() > 0) { //It exists $selected_group = new stdClass(); $selected_group->cohort_id = $row->cohort_id; $selected_group->course_name = $row->course_name; $selected_group->university_name = $row->university_name; $selected_group->group_id = $row->group_id; $selected_group->group_name = $row->course_name . " at " . $row->university_name . " " . date("Y", strtotime($row->cohort_start)); $selected_group->can_be_added_to = false; $d = new DateTime($row->cohort_start); $selected_group->cohort_start = $d->format('jS F Y'); $selected_group->posting_enabled = $selected_group->cohort_id == $user->cohort_id; $_SESSION["selected_group"] = $selected_group; unset($_SESSION["selected_user"]); } } else { redirect("../"); } } }
<?php include "../util/session.php"; include "../util/redirect.php"; include "../util/pwd.php"; include_once "../util/mysql.php"; $redirect = "/"; if (isset($_POST["r"]) && $_POST["r"] != "") { $redirect = htmlspecialchars($_POST["r"]); } if (isset($_POST["user_email"]) && isset($_POST["user_password"]) && $_POST["user_email"] != "" && $_POST["user_password"] != "") { $dao = new DAO(); $user_email = $dao->escape($_POST["user_email"]); $user_password = $dao->escape(salt($_POST["user_password"])); $user_query = "SELECT user_id,user_name,user_email,cohort_id,user_picture FROM user WHERE user_email=\"{$user_email}\" AND user_password=\"{$user_password}\";"; $dao->myquery($user_query); if ($dao->fetch_num_rows() == 1) { $_SESSION["user"] = $dao->fetch_one_obj_part(array("user_id", "user_name", "user_email", "cohort_id", "user_picture")); unset($_SESSION["selected_user"]); redirect($redirect); //Go to the redirect link } else { redirect("../../welcome/?&m=2&r=" . $redirect . "&user_email=" . htmlspecialchars($user_email)); } } else { redirect("../../welcome/?m=3" . (isset($_POST["user_email"]) ? "&user_email=" . $_POST["user_email"] : "") . "&r=" . $redirect); }
$conversation->user_id = $convo_id; $conversation->user_picture = $user2->user_picture; $conversations[$convo_id] = $conversation; } else { $conversation = $conversations[$convo_id]; } $conversation->messages[$message->msg_id] = $message; } return $conversations; } $dao = new DAO(false); if (isset($_POST["user_id"])) { if ($_POST["user_id"] == "-1") { //Get an array of all the conversations $conversations_query = "(SELECT user_id2 AS user_id FROM chat_msg WHERE user_id1={$user->user_id} GROUP BY user_id2) \n\t\t\t\t\t\t\t\t\tUNION \n\t\t\t\t\t\t\t\t\t(SELECT user_id1 AS user_id FROM chat_msg WHERE user_id2={$user->user_id} GROUP BY user_id1)"; $dao->myquery($conversations_query); $conversation_requests = $dao->fetch_all_part(array("user_id")); $conversations = array(); foreach ($conversation_requests as $request) { $c = get_conversations($dao, $request["user_id"], -1, -1)[$request["user_id"]]; $conversations[$request["user_id"]] = $c; } echo json_encode_strip($conversations); } else { $conversations = get_conversations($dao, $_POST["user_id"], -1, -1)[$_POST["user_id"]]; echo json_encode_strip($conversations); } } else { $conversation_requests = $_POST; $conversations = array(); foreach ($conversation_requests as $request) {
include_once "../util/mysql.php"; include "../util/redirect.php"; include "../mail/send.php"; $dao = new DAO(false); if (isset($_POST["user_name"]) && isset($_POST["user_email"]) && isset($_POST["user_password"]) && isset($_POST["university_id"]) && isset($_POST["course_id"]) && isset($_POST["start_year"]) && isset($_POST["start_month"])) { $user_name = $dao->escape($_POST["user_name"]); $user_email = $dao->escape($_POST["user_email"]); $user_password = $dao->escape(salt($_POST["user_password"])); $university_id = $dao->escape($_POST["university_id"]); $course_id = $dao->escape($_POST["course_id"]); $cohort_start = $dao->escape($_POST["start_year"]) . "-" . $dao->escape($_POST["start_month"]) . "-1"; //Checks // - Email is unique // - Email confirmation // - Cohort exists or not? $dao->myquery("SELECT user_email FROM user WHERE user_email LIKE \"%{$user_email}\";"); if ($dao->fetch_num_rows() == 0) { //Insert the user into the database, and retreive the user_id $cohort = DataObject::select_one($dao, "cohort", array("cohort_id", "group_id"), array("cohort_start" => $cohort_start, "course_id" => $course_id)); if (!$cohort) { //Cohort does not exist, insert it $group = DataObject::create($dao, "user_group", array("group_name" => "Cohort {$cohort_id} Group")); $group->commit(); $group_id = $group->get_primary_id(); $cohort = DataObject::create($dao, "cohort", array("course_id" => $course_id, "group_id" => $group_id, "cohort_start" => $cohort_start)); $cohort->commit(); } $uncomfirmed = salt($user_email); $user = DataObject::create($dao, "user", array("cohort_id" => $cohort->get_primary_id(), "user_name" => $user_name, "user_email" => "{$uncomfirmed} {$user_email}", "user_password" => $user_password, "user_picture" => "default")); if ($user->commit()) { //Add the user to the cohort's group
<?php include_once "../util/session.php"; include_once "../util/mysql.php"; $friends_query = "SELECT user_id,user_name,user_picture,course.course_name,university.university_name,cohort.cohort_start FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE (user_id in(SELECT user_id1 FROM connection WHERE user_id2=\"{$user->user_id}\") " . "OR user_id in(SELECT user_id2 FROM connection WHERE user_id1=\"{$user->user_id}\")) ORDER BY user.user_name ASC;"; $dao = new DAO(false); $dao->myquery($friends_query); echo $dao->fetch_json();
<?php include "script/util/mysql.php"; include "script/util/redirect.php"; $dao = new DAO(); $rnd = $dao->escape($_GET["rnd"]); //Delete the confirmation //Delete the user //Find the user id first $conf_query = "SELECT user_id FROM confirmation WHERE conf_rnd = \"{$rnd}\";"; $dao->myquery($conf_query); $row = $dao->fetch_one(); $user->user_id = $row["user_id"]; //Then delete the confirmation $conf_query = "DELETE FROM confirmation WHERE conf_rnd = \"{$rnd}\";"; $dao->myquery($conf_query); //And delete the user $user_query = "DELETE FROM user WHERE user_id = \"{$user->user_id}\";"; $dao->myquery($user_query); redirect("welcome/?m=9");
<?php include_once "../util/mysql.php"; $dao = new DAO(); $dao->myquery("SELECT * FROM university;"); echo $dao->fetch_json();