public function update()
{
$db = new Database();
$db->connect();
$returnValue;
//if($this->isCreated()){
$where = 'id=' . $this->getId();
$updateInformation = array();
$updateInformation["name"] = $db->escapeString($this->getName());
$updateInformation["description"] = $db->escapeString($this->getDescription());
$updateInformation["display"] = $db->escapeString($this->getDisplay());
date_default_timezone_set('America/Chicago');
$updateInformation["last_updated_timestamp"] = $db->escapeString(date('Y-m-d G:i:s'));
$result = $db->update(static::$tableName, $updateInformation, $where);
if ($result) {
$returnValue = true;
} else {
$returnValue = false;
}
$db->disconnect();
//}else{
// $returnValue = false;
//}
return $returnValue;
}
public function update()
{
$db = new Database();
$db->connect();
$where = 'id=' . $this->getId();
$updateInformation = array();
$updateInformation['name'] = $db->escapeString($this->getName());
$updateInformation['description'] = $db->escapeString($this->getDescription());
$updateInformation["last_updated_timestamp"] = $db->escapeString(date('Y-m-d G:i:s'));
$result = $db->update(static::$tableName, $updateInformation, $where);
$db->disconnect();
if ($result) {
$this->setId($result);
return $result;
} else {
return false;
}
}
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
if (isset($_POST['submit'])) {
$newPass = $database->escapeString($_POST['newPass']);
$confPass = $database->escapeString($_POST['confPass']);
$code = $database->escapeString($_POST['code']);
$hash = password_hash($newPass, PASSWORD_BCRYPT);
if ($newPass != $confPass) {
redirect($_SERVER['HTTP_REFERER'] . "&error=equals");
} else {
if (strlen($newPass) < 6) {
redirect($_SERVER['HTTP_REFERER'] . "&error=length");
} else {
$user->setId($code);
$user->setPassword($hash);
if ($user->updatePassword()) {
$path = "../logs";
$dateTime = strftime("%Y-%m-%d %H:%M:%S");
$text = "Password changed for user with ID:";
$content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text;
$user->setId($_SESSION['USID']);
$user->storeLog($content, $path);
redirect("../users.php?users=1&pass=succeed");
} else {
<?php
require_once 'db/config.php';
$con = new config(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$db = new Database($con);
$db->openConnection();
$postdata = file_get_contents("php://input");
$jsonHandle = new jsonHandler();
$requestData = $jsonHandle->decode($postdata);
$data = array();
$page = $db->escapeString($requestData->page);
$innerPage = $db->escapeString($requestData->innerPage);
if ($page == "dashboard") {
$query = $db->query("SELECT * FROM tbl_hashtag");
/*Overview Page*/
if ($innerPage == "overview") {
/*Check whether it contains tha hashtag data or not*/
if ($db->hasRows($query)) {
$data['hashtagArray'] = array();
$i = 0;
while ($row = $db->fetchAssoc($query)) {
$hashtagName = $row['hashtagName'];
/*Total Tweet Count*/
$totTweetsQuery = $db->query("SELECT COUNT(DISTINCT tweet_id) FROM tweet_tags WHERE tag = '{$hashtagName}'");
$totalTweets = $db->fetchArray($totTweetsQuery);
$data['hashtagArray'][$i]['hashtagName'] = $hashtagName;
$data['hashtagArray'][$i]['tweets'] = array();
//$tweetQuery = "SELECT * FROM tweet_tags LEFT JOIN"
$data['hashtagArray'][$i]['totalTweets'] = $totalTweets[0];
$data['hashtagArray'][$i]['totalImpressions'] = $i + 2000;
$data['hashtagArray'][$i]['profileVisits'] = 3000;
echo $d['id'];
?>
" class="btn btn-primary btn-xs">Tindak</a></td>
</tr>
<?php
}
?>
</tbody>
</table>
<div class="alert alert-info" role="alert">Klik pada nama siswa atau NIS untuk melihat daftar peringatan.</div>
<?php
} else {
if (isset($_POST['idtindak'])) {
$idtindak = $db->escapeString($_POST['idtindak']);
$status = $db->escapeString($_POST['status']);
$db->update('tindak', array('tindak' => $status, 'ubah' => wkt(), 'idguru' => $_SESSION['userid']), "id='{$idtindak}'");
echo "Processing...";
eksyen('Data berhasil diubah', '?hal=penindakan');
}
$id = mysql_real_escape_string($_GET['detail']);
$db->select('tindak', '*', null, "id='{$id}'");
$res = $db->getResult();
foreach ($res as $d) {
?>
<div class="col-lg-12">
<h1 class="page-header">Detail Tindakan <small>| <a href="?hal=penindakan">Kembali</a></small></h1>
</div>
<form action="" method="post">
if (isset($_GET['id'])) {
echo '<h1 class="page-header">Ubah Data Sanksi <small>| <a href="?hal=sanksi">Kembali</a></small></h1>';
$id = $_GET['id'];
$db->select('sanksi', '*', NULL, "id='{$id}'", null);
// Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions
$jum = $db->numRows();
if ($jum < 1) {
eksyen('Data tidak ditemukan', '?hal=sanksi');
}
$d = $db->getResult();
} else {
echo '<h1 class="page-header">Tambah Data Sanksi <small>| <a href="?hal=sanksi">Kembali</a></small></h1>';
}
if (isset($_POST['nama'])) {
echo "Processing...";
$nama = $db->escapeString($_POST['nama']);
$minimal = $db->escapeString($_POST['minimal']);
$maksimal = $db->escapeString($_POST['maksimal']);
if (isset($_POST['id'])) {
$id = mysql_real_escape_string($_POST['id']);
$db->update('sanksi', array('nama' => $nama, 'minimal' => $minimal, 'maksimal' => $maksimal, 'ubah' => wkt()), 'id="' . $id . '"');
eksyen('Data berhasil diubah', '?hal=sanksi');
} else {
$db->insert('sanksi', array('nama' => $nama, 'minimal' => $minimal, 'maksimal' => $maksimal, 'ubah' => wkt()));
$res = $db->getResult();
eksyen('Data berhasil diinput', '?hal=sanksi');
}
}
?>
<form action="" method="POST" class="form-horizontal" role="form">
<?php
<?php
include 'class/mysql_crud.php';
$db = new Database();
$db->connect();
$data = $db->escapeString("*****@*****.**");
// Escape any input before insert
$db->insert('CRUDClass', array('name' => 'Name 5', 'email' => $data));
// Table name, column names and respective values
$res = $db->getResult();
print_r($res);
<?php
//header('Access-Control-Allow-Origin: *');
//header('Content-Type: application/json; charset = UTF-8');
//session_start();
require_once 'db/config.php';
$con = new config(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$db = new Database($con);
$db->openConnection();
$postdata = file_get_contents("php://input");
$jsonHandle = new jsonHandler();
$requestdata = $jsonHandle->decode($postdata);
//$requestdata = json_decode($postdata);
$userName = $db->escapeString($requestdata->userName);
$userPass = $db->escapeString($requestdata->userPass);
$data = array();
if (!empty($userName) && !empty($userPass)) {
$query = $db->query("SELECT * FROM tbl_admin WHERE admin_user= '******' AND admin_pass = '******'");
if ($db->hasRows($query) > 0) {
while ($row = $db->fetchAssoc($query)) {
if ($row['admin_status'] == 1) {
$_SESSION['user'] = $row['admin_user'];
$_SESSION['loggedIn'] = true;
$data['adminUser'] = $row['admin_user'];
$data['adminType'] = $row['admin_type'];
$data['adminMail'] = $row['admin_mail'];
$data['adminContactMail'] = $row['admin_contactmail'];
$data['loggedIn'] = true;
/*Super admin*/
if ($row['admin_type'] == "sadmin") {
$data['message'] = "You have successfully connected and too have full access over the data";
/**
* Wrapper for the db.
*
* @param string $string
* @return string
*/
public function escapeString($string)
{
return $this->db->escapeString($string);
}
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
$menu = new Menu();
$links = new Links();
$pages = new Page();
if (isset($_POST['addMenuBtn'])) {
$menuName = $database->escapeString($_POST['menuName']);
$description = $database->escapeString($_POST['description']);
// check if parent is set
if (isset($_POST['parent']) && $_POST['parent'] != "" && $_POST['parent'] != null) {
$parentLinkId = $database->escapeString($_POST['parent']);
$links->setLinkId($parentLinkId);
$language = $links->getSubMenusLangId($database);
} else {
$language = $database->escapeString($_POST['language']);
$parentLinkId = 0;
}
// set values
$menu->setLangId($language);
$menu->setIsMain(0);
$menu->setDescription($description);
$menu->setParentLinkId($parentLinkId);
$menu->setTitle($menuName);
// do not allove a link to have two sub menus
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
$hotel = new Hotel();
$location = new Location();
$media = new Media();
if (isset($_POST['submit'])) {
$name = $database->escapeString($_POST['name']);
$address = $database->escapeString($_POST['address']);
$stars = $database->escapeString($_POST['stars']);
$destination = $database->escapeString($_POST['location']);
$description = $database->escapeString($_POST['description']);
$hotel->setHotelName($name);
$hotel->setAddress($address);
$hotel->setStars($stars);
$hotel->setDescription($description);
$hotel->setCityId($destination);
if (isset($_POST['hotelId'])) {
$hotelId = $database->escapeString($_POST['hotelId']);
$hotel->setHotelId($hotelId);
$hotel->update($database);
} else {
$hotelId = $hotel->create($database);
}
if (count($_FILES) != 0) {
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$user = new User();
$database = new Database();
$pageLayout = new PageLayout();
if (isset($_POST['pageLayoutList']) && $_POST['pageLayoutList'] != null) {
foreach ($_POST['pageLayoutList'] as $pageLayoutId) {
$pageLayout->setPageLayoutId($database->escapeString($pageLayoutId));
$pageLayout->getById($database);
unlink("../" . $pageLayout->getImage());
$pageLayout->delete($database);
$path = "../logs";
$dateTime = strftime("%Y-%m-%d %H:%M:%S");
$text = "Deleted page layout with id:" . $pageLayoutId . " and name: " . $pageLayout->getName();
$content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text;
$user->setId($_SESSION['USID']);
$user->storeLog($content, $path);
echo "true";
}
} else {
echo "false";
}
}
$db->select('tipoarticulo', 'idtipoart, descripcion');
// Table name, Column Names, WHERE conditions, ORDER BY conditions
$res = $db->getResult();
$ltipoart = '';
foreach ($res as $key => $value) {
$ltipoart .= '<option value="' . $value['idtipoart'] . '">' . $value['descripcion'] . '</option>';
}
if (isset($_POST['btnguardar'])) {
$db->select('articulo', 'max(idarticulo) as id');
// Table name, Column Names, WHERE conditions, ORDER BY conditions
$res = $db->getResult();
foreach ($res as $key => $value) {
$id = $value['id'] + 1;
}
$vcodint = $db->escapeString("{$_POST['txtcodint']}");
// Escape any input before insert
$vmodelo = $db->escapeString("{$_POST['txtmodelo']}");
$vdescripcion = $db->escapeString("{$_POST['txtdescripcion']}");
$vdesetiqueta = $db->escapeString("{$_POST['txtdesetiqueta']}");
$vdesticket = $db->escapeString("{$_POST['txtdesticket']}");
$vdeslarga = $db->escapeString("{$_POST['txtdeslarga']}");
$vidfotoart = $db->escapeString("{$_POST['txtidfotoart']}");
$vcodbarra = $db->escapeString("{$_POST['txtcodbarra']}");
$vidimpuestos = $db->escapeString("{$_POST['idimpuestos']}");
$vidproveedor = $db->escapeString("{$_POST['txtidproveedor']}");
$vidmarca = $db->escapeString("{$_POST['txtidmarca']}");
$vpreciocosto = $db->escapeString("{$_POST['txtpreciocosto']}");
$vpvp = $db->escapeString("{$_POST['txtpvp']}");
$vmpcosto = $db->escapeString("{$_POST['txtmpcosto']}");
$vfechact = $db->escapeString("{$_POST['txtfechact']}");
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$user = new User();
$database = new Database();
if (isset($_GET['user']) && isset($_GET['active']) && $_GET['user'] != null && $_GET['active'] != null) {
$id = $database->escapeString($_GET['user']);
$active = $database->escapeString($_GET['active']);
$user->setId($id);
$user->setActive($active);
if ($user->changeActive($database)) {
$path = "../logs";
$dateTime = strftime("%Y-%m-%d %H:%M:%S");
$text = "Enabled/Disabled user with id :" . $id;
$content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text;
$user->setId($_SESSION['USID']);
$user->storeLog($content, $path);
redirect("../users.php");
} else {
}
} else {
echo "User not set";
}
if (isset($_GET['id'])) {
echo '<h1 class="page-header">Ubah Data Tata Tertib <small>| <a href="?hal=tatatertib">Kembali</a></small></h1>';
$id = $_GET['id'];
$db->select('tata_tertib', '*', NULL, "id='{$id}'", null);
// Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions
$jum = $db->numRows();
if ($jum < 1) {
eksyen('Data tidak ditemukan', '?hal=tatatertib');
}
$d = $db->getResult();
} else {
echo '<h1 class="page-header">Tambah Data Tata Tertib <small>| <a href="?hal=tatatertib">Kembali</a></small></h1>';
}
if (isset($_POST['nama'])) {
echo "Processing...";
$nama = $db->escapeString($_POST['nama']);
$poin = $db->escapeString($_POST['poin']);
$jenis = $db->escapeString($_POST['jenis']);
if (isset($_POST['id'])) {
$id = mysql_real_escape_string($_POST['id']);
$db->update('tata_tertib', array('nama' => $nama, 'poin' => $poin, 'jenis' => $jenis, 'ubah' => wkt()), 'id="' . $id . '"');
eksyen('Data berhasil diubah', '?hal=tatatertib');
} else {
$db->insert('tata_tertib', array('nama' => $nama, 'poin' => $poin, 'jenis' => $jenis, 'ubah' => wkt()));
$res = $db->getResult();
eksyen('Data berhasil diinput', '?hal=tatatertib');
}
}
?>
<form action="" method="POST" class="form-horizontal" role="form">
<?php
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
$post = new Post();
$media = new Media();
if (isset($_POST['submit'])) {
//print_r($_FILES['mediaUploads']);
$title = $database->escapeString($_POST['title']);
$undertitle = $database->escapeString($_POST['undertitle']);
$pageId = $database->escapeString($_POST['pageId']);
$body = $database->escapeString($_POST['body']);
$d = new DateTime();
$date = $d->format('Y-m-d H:i');
$userId = $_SESSION['USID'];
$post->setTitle($title);
$post->setUnderTitle($undertitle);
$post->setPageId($pageId);
$post->setBody($body);
$post->setDate($date);
$post->setUserId($userId);
if (isset($_POST['postId'])) {
$postId = $database->escapeString($_POST['postId']);
$post->setPostId($postId);
$post->update($database);
$post->deleteCategories($database);
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
$category = new Category();
if ($_POST['category']) {
$category->setCategoryId($database->escapeString($_POST['categoryId']));
foreach ($_POST as $key => $value) {
if ($key == "categoryId" || $key == "submit") {
continue;
}
$category->update($database, $key, $value);
}
redirect("../posts.php?posts=4&category={$_POST['categoryId']}");
} else {
echo "<h2>Problem in editing category. Try again later or contact your administrator.</h2>";
}
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$user = new User();
$database = new Database();
$page = new Page();
if (isset($_POST['pageList']) && $_POST['pageList'] != null) {
foreach ($_POST['pageList'] as $pageId) {
$page->setPageId($database->escapeString($pageId));
$page->delete($database);
$path = "../logs";
$dateTime = strftime("%Y-%m-%d %H:%M:%S");
$text = "Deleted page with id:" . $pageId;
$content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text;
$user->setId($_SESSION['USID']);
$user->storeLog($content, $path);
echo "true";
}
} else {
echo "false";
}
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
$widget = new Widget();
$menu = new Menu();
$post = new Post();
if (isset($_POST['widgetName'])) {
$widgetId = $database->escapeString($_POST['widgetName']);
$widgetName = "Widget " . $widgetId;
$widget->setWidgetId($widgetId);
$widget->setName($widgetName);
$widget->setMenuId(0);
$widget->setPostId(0);
if ($widget->create($database)) {
echo "true";
} else {
echo "false";
}
} else {
if (isset($_POST['widgetIds'])) {
foreach ($_POST['widgetIds'] as $widgetId) {
$widget->setWidgetId($widgetId);
$widget->delete($database);
}
echo "true";
echo $row["active"] . "<br />";
echo "- - - - - <br><br>";
}
echo "<br/><br/>";
// Delete Rows
echo "Delete Rows";
echo "<br />------------------<br />";
// [Table name], [WHERE]
$db->delete('posts', 'id=5');
$response = $db->getResponse();
echo $response[0] == TRUE ? 'TRUE' : 'FALSE';
echo "<br/><br/>";
// Insert Rows
echo "Insert Rows";
echo "<br />------------------<br />";
$title = $db->escapeString("Title 5");
// Escape String
$content = $db->escapeString("Lorem Ipsum");
// Escape String
$db->insert('posts', array('id' => 5, 'title' => $title, 'slug' => 'title-5', 'content' => $content, 'category' => 'Category 5', 'keywords' => 'keyword 1 keyword 2', 'image' => 'image', 'create' => date("Y-m-d H:i:s"), 'update' => NULL, 'active' => TRUE));
$response = $db->getResponse();
echo $response[0] == TRUE ? 'TRUE' : 'FALSE';
echo "<br/><br/>";
// Update Rows
echo "Update Rows";
echo "<br />------------------<br />";
// [Table name], [UPDATE Values], [WHERE]
$db->update('posts', array('active' => FALSE), 'id=5 AND active=TRUE');
$response = $db->getResponse();
echo $response[0] == TRUE ? 'TRUE' : 'FALSE';
echo "<br/><br/>";
<?php
include 'includes.php';
$partController = new PartController();
$categoryId = $_GET['id'];
$db = new Database();
$db->connect();
$db->delete("categories", "id=" . $categoryId);
$update = array();
$update["parent_id"] = $db->escapeString(null);
$db->update("categories", $update, "parent_id=" . $categoryId);
$db->delete("category_connector", "category_id=" . $categoryId);
header("Location: /admin/categories");
$tags = $_POST['tags'];
//Gets array of categories
$categories = $_POST['categories'];
$db = new Database();
$db->connect();
//CATEGORIES
$db->select("category_connector", "category_id", null, "item_id=" . $id);
$existingCategories = array_column($db->getResult(), 'category_id');
//GET ALL Grandparent Cats
$db->select("categories", "id", null, "parent_id = 0");
$grandparentCats = array_column($db->getResult(), 'id');
foreach ($categories as $key => $categoryId) {
$pos = array_search($categoryId, $existingCategories);
if ($pos === false) {
$sanitizedInformation = array();
$sanitizedInformation["category_id"] = $db->escapeString($categoryId);
$sanitizedInformation["item_id"] = $db->escapeString($id);
$db->insert("category_connector", $sanitizedInformation);
checkForParentCat($categoryId);
} else {
checkForParentCat($existingCategories[$pos]);
unset($existingCategories[$pos]);
}
}
//remove categories that were attached but were removed from the list
foreach ($existingCategories as $key => $categoryId) {
$result = $db->delete("category_connector", "category_id=" . $categoryId . " AND item_id=" . $id);
}
function checkForParentCat($catId)
{
global $existingCategories;
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
if (isset($_POST['privilege']) && isset($_POST['userId'])) {
$isOk = false;
$userID = $database->escapeString($_POST['userId']);
$privilegeId = $database->escapeString($_POST['privilege']);
if ($_SESSION['USPRID'] == 1) {
$isOk = true;
} else {
if ($_SESSION['USPRID'] == 2) {
$user->setId($userID);
$user->getById($database);
if ($user->getCompanyId() == $_SESSION['CID']) {
$isOk = true;
}
}
}
if ($isOk) {
$user->setPrivilegeId($privilegeId);
$user->setId($userID);
if ($user->changePrivilege()) {
echo "true";
} else {
echo "false";
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
$language = new Language();
if (isset($_GET['langId'])) {
$langId = $database->escapeString($_GET['langId']);
$language->setId($langId);
$language->setDefault(1);
if ($language->updateDefault($database)) {
redirect("../settings.php?settings=1");
} else {
echo "<h2>Default language cannot be change. Contact your administrator</h2>";
}
} else {
echo "<h2>Try again or contact your administrator</h2>";
}
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$user = new User();
$database = new Database();
$page = new Page();
// check the parameters
if (isset($_GET['page']) && isset($_GET['active']) && $_GET['page'] != null && $_GET['active'] != null) {
// set page id
$pageId = $database->escapeString($_GET['page']);
$page->setPageId($pageId);
// change the visibility otherwise
if ($_GET['active'] == 1) {
$visibility = 0;
$page->setVisibility($visibility);
$page->chageVisibility($database);
redirect("../pages.php?pages=1");
} else {
if ($_GET['active'] == 0) {
$visibility = 1;
$page->setVisibility($visibility);
$page->chageVisibility($database);
redirect("../pages.php?pages=1");
} else {
echo "<h1>Go back and try again or contact your Administrator<br>There is something wrong with the visibility value</h1>";
}
}
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
$menu = new Menu();
$links = new Links();
$pages = new Page();
if (isset($_GET['menuid']) && $_GET['menuid'] != null) {
$menuId = $database->escapeString($_GET['menuid']);
$links->setMenuId($menuId);
$menu->setMenuId($menuId);
// look if this menu is a main menu
$isMain = $menu::getMainMenuId($database);
// delete menu with his links
if ($links->deleteByMenu($database) && $menu->delete($database)) {
// make main menu the next top menu
if ($isMain == $menuId) {
$menu->makeTopMenuToMain($database);
}
redirect("../pages.php?pages=4");
} else {
echo "<h1>Contact your administrator</h1>";
}
} else {
echo "<h1>DELETION FAILED! Go back and try again or contact your administrator</h1>";
}
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
$category = new Category();
if (isset($_POST['categoryName'])) {
$categoryName = $database->escapeString($_POST['categoryName']);
$parent = $database->escapeString($_POST['parent']);
$category->setCategory($categoryName);
$category->setInherit($parent);
if ($category->create($database)) {
echo "true";
} else {
echo "false";
}
} else {
if (isset($_POST['categoryId'])) {
foreach ($_POST['categoryId'] as $categoryId) {
$category->setCategoryId($categoryId);
$category->delete($database);
$category->deleteCategories($database);
}
echo "true";
} else {
echo "Try again later";
}
/**
* this function uploads the pdf file from the form to the respective directory papers/course/level/filename.pdf
*/
function uploader()
{
/**
* the default max_upload_filesize in php is 2 mb
* so if a larger file is to be uploaded then go to php.ini inside xampp/apache and change the value of max_upload_filesize as required
*/
$target_dir = 'C:/xampp/htdocs/QuestionBank/papers/';
//folder where the file is to be stored
$conn = new Database();
//creating new connection
$conn->connect();
//connecting to the database
$info = pathinfo($_FILES['pdf_file']['name']);
//filename of uploaded file
$ext = '.' . $info['extension'];
// get the extension of the file
$course_id = $_POST['course'];
$level_id = $_POST['level'];
$subject_id = $_POST['subject'];
$year = $_POST['year'];
$sql = "SELECT course_code FROM courses WHERE id = {$course_id}";
//sql command to fetch the course code for determining the name of the course directory
$course_code = $conn->query($sql)->fetch_object()->course_code;
//gets the course code of the course from course table in the database
$target_course_dir = $course_code . '/';
$paper_name = '';
//file name of the pdf paper file
// echo 'direcgtoy name:'. dirname(__FILE__);
//mkdir($target_dir.$target_course_dir);
if (!file_exists($target_dir . $target_course_dir)) {
//the course folder doesnot exist...
// echo ' <br>1. if (!file_exists(' . $target_dir . $target_course_dir . ') ) {';
if (mkdir($target_dir . $target_course_dir)) {
//new folder for courses created...
// echo '<br>1.1 from helper: Directory for course created : '. $target_dir . $target_course_dir;
$sql = "SELECT level_id FROM levels WHERE id = {$level_id}";
//sql command to fetch the course code for determining the name of the course directory
$level_code = $conn->query($sql)->fetch_object()->level_id;
//gets the level code of the level from course table in the database
$target_level_dir = $level_code . '/';
if (!file_exists($target_dir . $target_course_dir . $level_code)) {
//the level folder doesnot exist...
// echo '<br>1.1.1 if(!file_exists(' . $target_dir . $target_course_dir . $level_code . ')){}';
if (mkdir($target_dir . $target_course_dir . $target_level_dir)) {
//new folder created for the level with level_id = $level_code
// echo '<br>1.1.1.1 if(mkdir( '.$target_dir . $target_course_dir . $target_level_dir.' )){';
// echo '<br>Message from helper: Directory for level created : '. $target_dir . $target_course_dir . $target_level_dir;
$sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}";
//sql command to fetch the subject code for determining the filename of the new uploaded file
$subject_code = $conn->query($sql)->fetch_object()->sub_code;
//gets the course code of the course from course table in the database
$paper_name = $subject_code . '_' . $year;
//name of the pdf file
$final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext;
//final location of the file
$file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext;
//path of the file to be stored in the database
$sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path;
$file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false;
if (!$file_exists) {
//file is not recorded in the database, i.e. the paper doesnot exist in the database
if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) {
//file successfully saved to permanent location
//now save the file path in the database in location field in table: papers
// echo "<br>1.1.1.1 if(move_uploaded_file(" . $_FILES['pdf_file']['tmp_name'] . "," . $target_dir . $target_course_dir . $target_level_dir . $paper_name . "{";
// echo '<br>Message from helper : File successfully added';
$paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year);
if ($conn->insert('papers', $paper_details)) {
// echo '<br>Message from DB: file saved in database';
$insert_id = $conn->getResult();
//stores the array returned from the database object $conn
$return_value = $insert_id[0];
//return value for paper_id
return $insert_id[0];
//returning the new id of the paper inserted
} else {
// echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)';
return false;
}
} else {
// echo ' <br>1.1.2 Error from helper.php: could not save file ';
return false;
}
} else {
// echo '<br>Warning from helper: File already present in the database';
}
} else {
//could not create new directory for levels
// echo '<br> Error from helper.php:could not create new level folder';
return false;
}
} else {
//the level folder exists
//move the uploaded file to this folder
// echo '<br>Message from helper: directory for levels already exists '.$level_code;
$final_location = $target_dir . $target_course_dir . $target_level_dir;
$sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}";
//sql command to fetch the subject code for determining the filename of the new uploaded file
$subject_code = $conn->query($sql)->fetch_object()->sub_code;
//gets the course code of the course from course table in the database
$paper_name = $subject_code . '_' . $year;
// permanent name of the paper
$final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext;
//final location of the file to be stored in the disk
$file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext;
//path of the file to be stored in the database
$sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path;
$file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false;
if (!$file_exists) {
if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) {
//file successfully saved to permanent location
//now save the file path in the location field in table: papers
// echo "<br>1.1.1.1 if(move_uploaded_file(" . $_FILES['pdf_file']['tmp_name'] . "," . $target_dir . $target_course_dir . $target_level_dir . $paper_name . "{";
// echo '<br>Message from helper : File successfully saved in disk';
$paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year);
if ($conn->insert('papers', $paper_details)) {
// echo '<br>Message from DB: file saved in database';
$insert_id = $conn->getResult();
//stores the result from the object $conn which is in the form of array
$return_value = $insert_array[0];
//return value for paper_id
return $insert_id;
//returning the new id of the paper inserted
} else {
// echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)';
return false;
}
} else {
// echo ' <br>1.1.2 Error from helper.php: could not save file in disk';
return false;
}
}
}
} else {
//the new folder could not be created
// echo '<br>Error from helper:could not create directory for course. '.$target_dir.$target_course_dir;
return false;
}
} else {
//the course directory already exists...
//check if the level directory exists or not
// echo '<br>Message from helper : directory for course exists : '.
$sql = "SELECT level_id FROM levels WHERE id = {$level_id}";
//sql command to fetch the course code for determining the name of the course directory
$level_code = $conn->query($sql)->fetch_object()->level_id;
//gets the level code of the level from level table in the database
$target_level_dir = $level_code . '/';
//directory name for level
if (!file_exists($target_dir . $target_course_dir . $target_level_dir)) {
//the level folder doesnot exist
if (mkdir($final_location = $target_dir . $target_course_dir . $target_level_dir)) {
//new folder created for the level with level_id = $level_code
// echo '<br>Directory for level exists.';
$sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}";
//sql command to fetch the subject code for determining the filename of the new uploaded file which then concatenates with the year to give the full filename
$subject_code = $conn->query($sql)->fetch_object()->sub_code;
//gets the course code of the course from course table in the database
$paper_name = $subject_code . '_' . $year;
$final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext;
$file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext;
$sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path;
$file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false;
if (!$file_exists) {
if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) {
// echo '<br>Error from helper: file successfully saved in disk';
$paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year);
if ($conn->insert('papers', $paper_details)) {
// echo '<br>Message from DB: file saved in database';
$insert_id = $conn->getResult();
//stores the result from the database object $conn and is in the form of array
$return_value = $insert_id[0];
//return value for paper_id
return $return_value;
//returning the new id of the paper inserted
} else {
// echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)';
return false;
}
} else {
// echo '<br>Error from helper : file couldnot be added';
return false;
}
} else {
// echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)';
}
} else {
// echo '<br>Error from helper:folder could not be created';
return false;
}
} else {
//the level folder exists
//move the uploaded file to this folder
// echo '<br>Message from helper : directory for level exists : ';
$final_location = $target_dir . $target_course_dir . $target_level_dir;
$sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}";
//sql command to fetch the subject code for determining the filename of the new uploaded file
$subject_code = $conn->query($sql)->fetch_object()->sub_code;
//gets the course code of the course from course table in the database
$paper_name .= $subject_code . '_' . $year;
$final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext;
$file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext;
$sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path;
$file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false;
if (!$file_exists) {
if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) {
// echo '<br>Message from helper: file successfully added';
$paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year);
if ($conn->insert('papers', $paper_details)) {
// echo '<br>Message from DB: file saved in database';
$insert_array = $conn->getResult();
$return_value = $insert_array[0];
return $return_value;
//returning the new id of the paper inserted
} else {
// echo '<br>Message from DB: couldnot insert record into database';
return false;
}
} else {
// echo '<br>Error from helper : file couldnot be added';
return false;
}
} else {
// echo '<br>Message from helper: File already exists in the database';
}
}
}
}
<?php
require_once '../model/paths.php';
$session = new Session();
if (!$session->isLogin) {
redirect("../login.php");
}
$database = new Database();
$user = new User();
$language = new Language();
$category = new Category();
if (isset($_POST['langName'])) {
$langName = $database->escapeString($_POST['langName']);
$language->setLangName($langName);
if ($language->create($database)) {
$columnName = strtolower($langName);
$category->insertColumnForLanguage($database, $columnName);
echo "true";
} else {
echo "false";
}
} else {
if (isset($_POST['languageIds'])) {
foreach ($_POST['languageIds'] as $langId) {
$language->setId($langId);
$language->getById($database);
if ($language->getLangName() != "") {
$category->deleteColumnForLanguage($database, strtolower($language->getLangName()));
}
$language->delete($database);
}
if (isset($_GET['id'])) {
echo '<h1 class="page-header">Ubah Data Kelas <small>| <a href="?hal=kelas">Kembali</a></small></h1>';
$id = $_GET['id'];
$db->select('kelas', '*', NULL, "id='{$id}'", null);
// Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions
$jum = $db->numRows();
if ($jum < 1) {
eksyen('Data tidak ditemukan', '?hal=kelas');
}
$d = $db->getResult();
} else {
echo '<h1 class="page-header">Tambah Data Kelas <small>| <a href="?hal=kelas">Kembali</a></small></h1>';
}
if (isset($_POST['nama'])) {
echo "Processing...";
$nama = $db->escapeString($_POST['nama']);
$wali = $db->escapeString($_POST['wali']);
if (isset($_POST['id'])) {
$id = mysql_real_escape_string($_POST['id']);
$db->update('kelas', array('nama' => $nama, 'wali_kelas' => $wali, 'ubah' => wkt()), 'id="' . $id . '"');
eksyen('Data berhasil diubah', '?hal=kelas');
} else {
$db->insert('kelas', array('nama' => $nama, 'wali_kelas' => $wali, 'buat' => wkt()));
$res = $db->getResult();
eksyen('Data berhasil diinput', '?hal=kelas');
}
}
?>
<form action="" method="POST" class="form-horizontal" role="form">
<?php
if (isset($_GET['id'])) {
