public function __construct($db_conf, $table, $user_field, $email_field, $pass_field, $key_field, $iv_field) { global $util, $security; if (!isset($_SESSION["user_id"]) || !isset($_SESSION["username"])) { $_SESSION["user_id"] = 0; $_SESSION["username"] = ""; } if ($_SESSION["user_id"] == 0 && isset($_COOKIE["user"]) && isset($_COOKIE["encrypted_pass"])) { $database = new Database($db_conf); $user = $database->sanitize($_COOKIE["user"]); $result = $database->query("SELECT `id`, `" . $user_field . "`, `" . $pass_field . "`, `" . $key_field . "`, `" . $iv_field . "` FROM `" . $table . "` WHERE `" . $user_field . "`=" . $user . " OR `" . $email_field . "`=" . $user . ";"); $cookie_user = $_COOKIE["user"]; $cookie_encrypted_pass = $_COOKIE["encrypted_pass"]; $security->delete_cookie("user"); $security->delete_cookie("encrypted_pass"); if (count($result) == 0) { if ($this->prevent_user_enum) { $this->check_pass("testing", "+wDY57krS5nRSY6wbfRk3LpYLHIXkPAaHwxmKGlKIy7V3XAa2EKAdNS/o8Mrv5ub+58rSREPuUSHA7Pc/zHnjYggi2St55DQEYEdypq2jDIbYJydsY0X8g7g46UdxQD2+LfFjNe4vyIzONGdXL/j5INeeZxCjt7sp+DbcdzySJUS2VXfAMVHsHU6fS8XNDWM", "drYB,|h=zS*cVJ6Q7::&m=Y3DYwGI\$TM", "GfDHP5lj88QAH2cr7lw8pEGgJM7stTeGpOUvUBVYPLo="); } return; } if (!$this->check_pass($cookie_encrypted_pass, $result[0][$pass_field], $result[0][$key_field], $result[0][$iv_field])) { return; } $_SESSION["user_id"] = $result[0]["id"]; $_SESSION["username"] = $result[0][$user_field]; $_SESSION["html_username"] = $util->sanitize($result[0][$user_field]); $security->set_cookie("user", $cookie_user); $security->set_cookie("encrypted_pass", $cookie_encrypted_pass); } }
public static function by_route($route) { $route = Database::sanitize($route); $content = self::$props['content']; $res = Database::query("SELECT doc.*, {$content} FROM doc INNER JOIN doc_route ON doc_route.doc_id = doc.id WHERE doc_route.route = {$route} LIMIT 1;"); $result = self::post_process($res); return isset($result[0]) ? $result[0] : []; }
public static function read_parts($params, $parts) { //echo '<pre>'; debug_print_backtrace(); echo '</pre>'; exit; $parts = explode(',', $parts); for ($i = 0; $i < count($parts); ++$i) { $parts[$i] = Database::sanitize($parts[$i]); } $parts = implode(',', $parts); $where = Session::is_admin() ? '' : 'AND private = 0'; $res = Database::query("SELECT * FROM part WHERE part IN ({$parts}) {$where};"); $result = Record::post_process($res); for ($i = 0; $i < count($result); ++$i) { $result[$i] = self::post_process_fields($result[$i]); } return $result; }
public static function push_notification(Action $action) { $mysqli = Database::connection(); //var_dump($mysqli); $class = get_class($action); switch ($class) { case 'JoinBadmintonDate': $action->badminton_date->get_datename(); $message = sprintf(NotificationPusher::$notification_messages[$class], $action->joiner->username, $action->badminton_date->datename); $a_href = $action->badminton_date->date_id; list($message, $a_href) = Database::sanitize(array($message, $a_href)); $action->badminton_date->get_attendees(array( $action->joiner) ); //print_r($action->badminton_date->attendees); foreach ($action->badminton_date->attendees as $attendant) { $a_href = "date.php?id=$a_href"; $insert = "INSERT INTO `notifications` (message, user_id, type, a_href, read_status, date_notified) VALUES ('$message', '$attendant->user_id', '" . NotificationFactory::$notification_type_contract[$class] . "', '$a_href', '" . NotificationFactory::UNREAD . "', NOW())"; $result = $mysqli->query($insert) or die ($mysqli->error); } return true; break; case 'LeaveBadmintonDate': $message = sprintf(NotificationPusher::$notification_messages[$class], $action->leaver->username, $action->badminton_date->datename); $a_href = $action->badminton_date->date_id; list($message, $a_href) = Database::sanitize(array($message, $a_href)); $action->badminton_date->get_attendees(); foreach ($action->badminton_date->attendees as $attendant) { if ($attendant->user_id != $action->leaver->user_id) { $a_href = "date.php?id=$a_href"; $insert = "INSERT INTO `notifications` (message, user_id, type, a_href, read_status, date_notified) VALUES ('$message', '$attendant->user_id', '" . NotificationFactory::$notification_type_contract[$class] . "', '$a_href', '" . NotificationFactory::UNREAD . "', NOW())"; $result = $mysqli->query($insert) or die ($mysqli->error); } } return true; break; case 'WithdrawAbsence': $message = sprintf(NotificationPusher::$notification_messages[$class], $action->withdrawer->username, $action->badminton_date->datename); $a_href = $action->badminton_date->date_id; list($message, $a_href) = Database::sanitize(array($message, $a_href)); $action->badminton_date->get_attendees(); foreach ($action->badminton_date->attendees as $attendant) { if ($attendant->user_id != $action->withdrawer->user_id) { $a_href = "date.php?id=$a_href"; $insert = "INSERT INTO `notifications` (message, user_id, type, a_href, read_status, date_notified) VALUES ('$message', '$attendant->user_id', '" . NotificationFactory::$notification_type_contract[$class] . "', '$a_href', '" . NotificationFactory::UNREAD . "', NOW())"; $result = $mysqli->query($insert) or die ($mysqli->error); } } return true; break; default: throw new UnexpectedValueException("$class is not a valid action class, tried to push in BadmintonDateNotificationPusher"); } }
try { /* $return_val = array(); $return_val['session'] = $_SESSION['user_id']; $return_val['token'] = $_COOKIE['token']; $return_val['cookie'] = $_COOKIE['user_id']; echo json_encode($return_val, JSON_PRETTY_PRINT);*/ $user = User::get_current_user(); if ($user instanceof CurrentUser) { //echo 'hi'; http_response_code(200); echo json_encode($user, JSON_PRETTY_PRINT); } else { if ($email && $password) { $mysqli = Database::connection(); $email = Database::sanitize($email); $sql = "SELECT user_id, password FROM users WHERE email = '$email'"; $return_val[] = $sql; $result = $mysqli->query($sql) or die ($mysqli->error); $mysqli->set_charset('utf-8'); if ($result->num_rows == 1) { // echo 'hi'; list($user_id, $hashed_password) = mysqli_fetch_row($result); $verify = password_verify($password, $hashed_password); if ($verify) { //The user is authenticated $size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB); $new_token = bin2hex(mcrypt_create_iv($size, MCRYPT_DEV_RANDOM));
<?php header("Content-Type: application/json"); //Set header for outputing the JSON information require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php'; $request = file_get_contents('php://input'); $data = json_decode($request); $thread_id = $data->thread_id; $thread_title = $data->thread_title; $thread_text = $data->thread_text; /*$thread_id = 18; $thread_text = 'editted text';*/ $user = User::get_current_user(); try { if (is_numeric($thread_id) && ($user instanceof User) && ($thread_text) && ($thread_title)) { list($thread_text, $thread_title) = Database::sanitize(array($thread_text, $thread_title)); $editted_thread = new Thread(array( 'thread_id' => $thread_id, 'thread_text' => $thread_text, 'thread_title' => $thread_title) ); $result = $user->edit_thread($editted_thread); if ($result) { http_response_code(200); $result->thread_text = $data->thread_text; echo json_encode($result, JSON_PRETTY_PRINT); } else { throw new RuntimeException('RuntimeException occured on request, could not edit thread for some reason'); } } else { throw new UnexpectedValueException('UnexpectedValueExceptionx occured on request');
<?php header("Content-Type: application/json"); //Set header for outputing the JSON information require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php'; $request = file_get_contents('php://input'); $data = json_decode($request); $date_string = $data->date; /*$date_string = '2015-09-07';*/ try { if ($date_string) { $date_string = Database::sanitize($date_string); $mysqli = Database::connection(); $sql = "SELECT t1.date_id, t1.datename, DATE_FORMAT(t1.begin_datetime, '%b %e, %Y - %r') as `begin_datetime`, DATE_FORMAT(t1.end_datetime, '%b %e, %Y - %r') as `end_datetime`, t1.creator_id as `user_id`, t2.username, t2.email, t2.reputation, t2.avatar, t1.bool_group, t1.confirmed FROM `badminton_dates` as t1 INNER JOIN `users` as t2 ON t2.user_id = t1.creator_id WHERE MONTH(date_id) = MONTH('$date_string') ORDER BY t1.begin_datetime ASC"; $result = $mysqli->query($sql) or die ($mysqli->error); $dates = array(); while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $row['creator'] = new ProfileUser($row); if ($row['confirmed']) { $badminton_date = new ConfirmedBadmintonDate($row); } else { if ($row['bool_group']) { $badminton_date = new GrouProposedDate($row); } else { $badminton_date = new PublicProposedDate($row);
public static function destroy_all($doc_id) { $q = Database::sanitize(["DELETE FROM doc_route WHERE doc_id = ?", $doc_id]); return Database::query($q); }
//Check to see if this is the correct token $sql = "SELECT email_token FROM users WHERE user_id = '$user_id' AND type != 1"; $result = $mysqli->query($sql) or die ($mysqli->error); if ($result->num_rows == 1) { $token_hashed = mysqli_fetch_row($result)[0]; if (password_verify($token, $token_hashed)) { //Officiate the user $sql = "UPDATE `users` SET type = 1 WHERE user_id ='$user_id'"; $result = $mysqli->query($sql) or die ($mysqli->error); //Create a real token and handshake with user $token = User::generate_token(); $hashed_token = Database::sanitize(password_hash($token, PASSWORD_BCRYPT)); //Send the hashed token to the server $sql = "UPDATE `users` SET token = '$hashed_token'"; $result = $mysqli->query($sql) or die ($mysqli->error); //Pass to cookies $_SESSION['user_id'] = $user_id; setcookie('user_id', $user_id, time() + 3600, "/"); setcookie('token', $token, time() + 3600, "/"); $_COOKIE['user_id'] = $user_id; $_COOKIE['token'] = $token; echo 'Account verified'; } else {
<?php header("Content-Type: application/json"); //Set header for outputing the JSON information require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php'; $request = file_get_contents('php://input'); $data = json_decode($request); $thread_text = $data->thread_text; $type = $data->type; $date_play = $data->date_play; // $type = 2; // $thread_text = 'ahdisahdosa'; $user = User::get_current_user(); try { if (array_key_exists($type, Thread::$type_contracts) && ($thread_text)) { if ($user instanceof CurrentUser) { list($thread_text) = Database::sanitize(array($thread_text)); $comment = new Thread(array( 'thread_text' => $thread_text, 'date_play' => $date_play, 'type' => $type) ); $result = $user->post_thread($comment); if ($result) { //Now if this is an anticipated date, we will try to create a tentative badminton date and denote it with a type = 2 http_response_code(200); $result->thread_text = $data->thread_text; echo json_encode($result, JSON_PRETTY_PRINT); } else { throw new RuntimeException('RuntimeException occured on request, could not post commment for some reason'); } }
<?php header("Content-Type: application/json"); //Set header for outputing the JSON information require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php'; $request = file_get_contents('php://input'); $data = json_decode($request); $password = $data->password; $confirm = $data->confirm_password; $user = User::get_current_user(); try { if ($user instanceof CurrentUser) { if ($password == $confirm) { $mysqli = Database::connection(); $password = Database::sanitize($password); $sql = "UPDATE users SET password = '******' WHERE user_id = '$user->user_id' LIMIT 1"; $result = $mysqli->query($sql) or die ($mysqli->error); http_response_code(200); } else { throw new UnexpectedValueException('Passwords do not match'); } } else { throw new UnexpectedValueException('UnexpectedValueException occured on request, no user is currently logged in'); } } catch (Exception $e) { http_response_code(400); Database::print_exception($e); }
$password = $data->password; $email = $data->email; $confirm_password = $data->confirm_password; /*$email = '*****@*****.**'; $username = '******'; $password = '******'; $confirm_password = '******';*/ $user = User::get_current_user(); try { if (!$user->user_id) { //Check input fields if ((strlen($password) >= 4) && ($confirm_password == $password) && (strlen($username) >= 2)) { $mysqli = Database::connection(); //Sanitize user inputs list($password, $confirm_password, $username, $email) = Database::sanitize(array($password, $confirm_password, $username, $email)); //Check if this email is not in the database if (!User::email_exists($email)) { $token = User::generate_token(); $hashed_token = password_hash($token, PASSWORD_BCRYPT); $hashed_password = password_hash($password, PASSWORD_BCRYPT); $sql = "INSERT INTO users (email, password, type, token) VALUES ('$email', '$hashed_password', '0', '$hashed_token')"; $result = $mysqli->query($sql) or die ($mysqli->error); $user_id = $mysqli->insert_id; //Mail the user the email
public static function create($model) { $table = self::table_name(get_called_class()); $create_keys = []; $create_values = []; foreach ($model as $key => $value) { $create_keys[] = Database::sanitize($key, TRUE); $create_values[] = Database::sanitize($value); } $create_keys = implode(',', $create_keys); $create_values = implode(',', $create_values); $res = Database::query("INSERT INTO {$table} ({$create_keys}) VALUES ({$create_values});"); if ($errors = Database::$mysql->error) { return ['error' => $errors]; } else { if ($res) { $model['_class'] = $table; $model['id'] = Database::$mysql->insert_id; return $model; } else { return ['error' => '500']; } } }
<?php header("Content-Type: application/json"); //Set header for outputing the JSON information require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php'; $request = file_get_contents('php://input'); $data = json_decode($request); $level = $data->level; $program = $data->program; $commuter = $data->commuter; $accolades = $data->accolades; $playingLevel = $data->playingLevel; $user = User::get_current_user(); //The user to edit on try { if ($user instanceof User) { if (is_numeric($level) && is_numeric($commuter)) { $program = Database::sanitize($program); $edit = new ProfileUser(array( 'level' => $level, 'program' => $program, 'commuter' => $commuter, 'bio' => $bio, 'playing_level' => $playingLevel, 'accolades' => $accolades) ); $result = $user->edit_self($edit); if ($result) { http_response_code(200); } else { throw new RuntimeException('RuntimeException occured on request, could not edit for some reason'); } }
public static function email_exists($email) { /* (Str) -> Bool Checks to see if an email exists in the database */ if ($email) { $mysqli = Database::connection(); $email = Database::sanitize($email); $sql = "SELECT user_id FROM users WHERE email = '$email' AND type != 0"; $result = $mysqli->query($sql) or die ($mysqli->error); return ($result->num_rows == 1); } else { return false; } }
<?php header("Content-Type: application/json"); //Set header for outputing the JSON information require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php'; $request = file_get_contents('php://input'); $data = json_decode($request); $message_text = $data->message_text; $parent_id = $data->parent_id; $user = User::get_current_user(); try { if (is_numeric($parent_id) && ($message_text) && ($user instanceof User)) { $message_text = Database::sanitize($message_text); $mysqli = Database::connection(); $result = $user->post_reply($message, $reply); if ($result) { $result->message_text = $data->message_text; echo json_encode($result, JSON_PRETTY_PRINT); http_response_code(200); } else { throw new RuntimeException('RuntimeException occured on request, could not insert reply for some reason'); } } else { throw new UnexpectedValueException('UnexpectedValueException occured on request'); } } catch (Exception $e) { http_response_code(400); Database::print_exception($e); }
header("Content-Type: application/json"); //Set header for outputing the JSON information function __autoload($class_name) { /* Last chance for PHP script to call a class name */ $class_name = ($class_name == 'OutgoingTranslation' || $class_name == 'IncomingTranslation') ? 'Translate' : $class_name; require_once $_SERVER['DOCUMENT_ROOT']. "/includes/$class_name.php"; } $request = file_get_contents('php://input'); $data = json_decode($request); $username = $data->username; /*$username = '******';*/ require_once __DIR__ . '/../../includes/Database.php'; try { if ($username) { $username = Database::sanitize($username); //Sanitize the user input $mysqli = Database::connection(); //Initiate the Mysqli Connection variable $sql = "SELECT user_id FROM users WHERE username = '******'"; $result = $mysqli->query($sql) or die ($mysqli->error); if ($result->num_rows > 0) { http_response_code(400); } else { http_response_code(200); //The username does not yet exist } } else { throw new UnexpectedValueException('UnexpectedValueException'); } }
<?php header("Content-Type: application/json"); //Set header for outputing the JSON information require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php'; $request = file_get_contents('php://input'); $data = json_decode($request); $thread_id = $data->thread_id; $comment_text = $data->comment_text; $parent_id = $data->parent_id; /*$thread_id = 11; $comment_text = 'hihih hiiii'; $parent_id = null;*/ $user = User::get_current_user(); try { if (is_numeric($thread_id) && ($comment_text) && ($user instanceof User) && (!$parent_id XOR (is_numeric($parent_id)))) { $comment_text = Database::sanitize($comment_text); $thread = new Thread(array( 'thread_id' => $thread_id) ); $comment = new ThreadComment(array( 'comment_text' => $comment_text, 'thread' => $thread ) ); $result_post = $user->post_thread_comment($thread, $comment); if ($result_post) { http_response_code(200); echo json_encode($result_post, JSON_PRETTY_PRINT); } else { throw new RuntimeException('RuntimeException occured on request, could not post comment for some reason'); }
$begin_datetime = $data->begin_datetime; $datename = ($data->datename) ? $data->datename : DEFAULT_BADMINTON_DATE_NAME; $end_datetime = $data->end_datetime; $visibility = $data->visibility; $summary = $data->summary; $group_id = $data->group_id; $user = User::get_current_user(); $max_attendants = $data->max_attendants; /*$begin_datetime = '2015-09-06 12:00:00'; $end_datetime = '2015-09-06 13:00:00';*/ /*$begin_datetime = '2015-09-21 00:00:00'; $end_datetime = '2015-09-22 00:00:00';*/ try { if (($user instanceof CurrentUser) && $end_datetime && $begin_datetime) { //Attempt to create a new badminton date list($datetime, $datename, $summary) = Database::sanitize(array($datetime, $datename, $summary)); if (!is_numeric($group_id)) { //The date is a public date $badminton_date = new PublicProposedDate(array( 'summary' => $summary, 'datename' => $datename, 'begin_datetime' => $begin_datetime, 'end_datetime' => $end_datetime, 'creator' => $user, 'max_attendants' => $max_attendants) ); } else { //The date is a group date $group = new Group(array( 'group_id' => $group_id)
$commuter = $data->commuter; $accolades = $data->accolades; $bio = $data->bio; // $commuter = 2; // $level = 'AngularJS Level'; // $program = 'Object Oriented'; // $level = 1; // $playingLevel = $data->playingLevel; // $commuter = 1; // $bio = 'hey there'; // $playingLevel = 1; $user = User::get_current_user(); //The user to edit on try { if ($user instanceof CurrentUser) { if (is_numeric($level) && is_numeric($commuter)) { list($program, $accolades, $bio) = Database::sanitize(array($program, $accolades, $bio)); $edit = new ProfileUser(array( 'level' => $level, 'program' => $program, 'commuter' => $commuter, 'bio' => $bio, 'accolades' => $accolades) ); $result = $user->edit_self($edit); if ($result) { http_response_code(200); } else { throw new RuntimeException('RuntimeException occured on request, could not edit for some reason'); } }