/**
* Register a new user if username doesn't already exist
*
* @param \model\RegisterUser $credential
* @param \model\IregisterListener $listener
* @return bool
*/
public function doRegister(\model\RegisterUser $credential, model\IregisterListener $listener)
{
$username = $credential->getUsername();
$records = new Db();
$records->query('SELECT username,password FROM users WHERE username = :username');
$records->bind(':username', $username);
$records->resultset();
if ($records->rowCount() > 0) {
$listener->userExist("RegisterModel::UserAlreadyExistException");
} else {
$password = password_hash($credential->getPassword(), PASSWORD_BCRYPT);
$records->query('INSERT INTO users (username, password) VALUES (:username, :password)');
$records->bind(':username', $username);
$records->bind(':password', $password);
$records->execute();
$_SESSION[self::$newUsername] = $username;
return true;
}
}
/**
* Login user
*
* @param \model\User $credential
* @return bool
*/
public function doLogin(\model\User $credential)
{
$username = $credential->getUsername();
$password = $credential->getPassword();
$records = new \Db();
$records->query('SELECT username, password FROM users WHERE BINARY username = :username');
$records->bind(':username', $username);
$results = $records->single();
if (count($results) > 0 && password_verify($password, $results['password'])) {
return $this->sessionStorage->set(SessionStorage::$auth, $username);
} else {
return false;
}
}
$SQL .= " AND id<:id";
$db->bind("id", $_SESSION[$cat]);
}
$db->bind("initial", $initial);
$db->bind("final", $final);
$SQL .= " LIMIT :initial, :final";
$posts = $db->query($SQL);
if (!isset($_SESSION[$cat])) {
$_SESSION[$cat] = $posts[0]['id'];
}
//SI ESTA LOGEADO SE AÑADE EL CAMPO likable AL ARRAY
if (isset($_SESSION['username'])) {
$db = new Db();
$user = $_SESSION['username'];
foreach ($posts as &$p) {
$id = $p['id'];
$db->bind("id", $id);
$db->bind("user", $user);
$liked = $db->query("SELECT id FROM likes WHERE postId = :id AND username = :user");
if ($liked) {
$likable = 0;
} else {
$likable = 1;
}
$p['likable'] = $likable;
if (!$likable) {
$p['likeId'] = $likeId;
}
}
}
echo json_encode($posts);
public function invalidate_login_token($token)
{
Db::bind("token", $token);
$response = Db::query("UPDATE login_tokens SET disabled='false' WHERE token=:token");
if ($response) {
return true;
} else {
return false;
}
}
overflow: hidden;
width: 250px;
}
.bar__percent {
background: #222;
float: right;
height: 12px;
width:100%;
}
</style>
<?php
$id = $_GET['id'];
$db = new Db();
$db->bind("id", $id);
$invoice = $db->query("SELECT * FROM invoices WHERE invoice_id = :id");
?>
<?php
foreach ($invoice as $key) {
?>
<!-- .wrapper -->
<div class="wrapper">
<!-- .page -->
<div class="page">
<!-- .page__head -->
<header class="page__head">
<h2 class="page__title">Invoice #<?php
echo $id;
?>
<?php
require "Db.class.php";
// Creates the instance
$db = new Db();
// 3 ways to bind parameters :
// 1. Read friendly method
$db->bind("firstname", "John");
$db->bind("age", "19");
// 2. Bind more parameters
$db->bindMore(array("firstname" => "John", "age" => "19"));
// 3. Or just give the parameters to the method
$db->query("SELECT * FROM Persons WHERE firstname = :firstname AND age = :age", array("firstname" => "John", "age" => "19"));
// Fetching data
$person = $db->query("SELECT * FROM Persons");
// If you want another fetchmode just give it as parameter
$persons_num = $db->query("SELECT * FROM Persons", null, PDO::FETCH_NUM);
// Fetching single value
$firstname = $db->single("SELECT firstname FROM Persons WHERE Id = :id ", array('id' => '3'));
// Single Row
$id_age = $db->row("SELECT Id, Age FROM Persons WHERE firstname = :f", array("f" => "Zoe"));
// Single Row with numeric index
$id_age_num = $db->row("SELECT Id, Age FROM Persons WHERE firstname = :f", array("f" => "Zoe"), PDO::FETCH_NUM);
// Column, numeric index
$ages = $db->column("SELECT age FROM Persons");
// The following statemens will return the affected rows
// Update statement
$update = $db->query("UPDATE Persons SET firstname = :f WHERE Id = :id", array("f" => "Johny", "id" => "1"));
// Insert statement
// $insert = $db->query("INSERT INTO Persons(Firstname,Age) VALUES(:f,:age)",array("f"=>"Vivek","age"=>"20"));
// Delete statement
/**
* @return array
*/
public function selectRowInDatabase()
{
$database = new Db();
// use username from session if session isset or else use username from cookie
$username = $this->isSessionSet() ? $_SESSION[self::$setSessionUser] : $_COOKIE['LoginView::CookieName'];
$database->query('SELECT username ,cookie_password, coockie_date, browser FROM users WHERE username = :username');
$database->bind(':username', $username);
$row = $database->single();
$var1 = $row['cookie_password'];
$var2 = $row['coockie_date'];
$var3 = $row['username'];
$var4 = $row['browser'];
return array($var1, $var2, $var3, $var4);
}
public function __construct($login_username, $login_password)
{
// Validate input
$validated = false;
$message = '';
// Lazy validation, checking purely length. We sanitize later to prevent abuse.
if (!isset($login_username, $login_password) || !(strlen($login_username) < 20) || !(strlen($login_password) < 100)) {
$message = 'Please enter a valid username and password';
} else {
$validated = true;
}
// Validation complete
if ($validated) {
// Sanitize the username and password. Remove prefix and postfix spaces remove code tags and HTML encode special characters
$login_username = filter_var(trim($login_username), FILTER_SANITIZE_STRING);
$login_password = filter_var(trim($login_password), FILTER_SANITIZE_STRING);
// Open database connection
global $db;
$db = new Db($db);
// Check if username exists in the database
$db->bind("username", $login_username);
$ifexist = $db->single("SELECT * FROM users WHERE username = :username");
if (!$ifexist) {
$message = "This user does not exist!";
} else {
$db->bind("username", $login_username);
// Query database for stored password hash
$password_hash = $db->single("SELECT password FROM users WHERE username = :username");
// Let PHP verify the hash and get user ID if password is correct
if (password_verify($login_password, $password_hash)) {
$db->bind("username", $login_username);
$logged_in_id = $db->single("SELECT id FROM users WHERE username = :username");
} else {
$message = "Wrong password";
}
}
// Return error message if the above didn't result in a login
if (!isset($logged_in_id)) {
$message = $message . ' Login Failed';
} else {
$_SESSION['id'] = $logged_in_id;
$this->logged_in_id = $logged_in_id;
$message = 'Login succeeded';
}
}
echo $message;
}
<?php
include_once "../includes/header.inc.php";
if (isset($PARAMS['username'])) {
require_once "../Classes/Db.class.php";
$db = new Db();
$db->bind("username", $PARAMS['username']);
$posts = $db->query("SELECT * FROM `view_posts_valoracion` where (reports<10 or reports<likes) AND username = :username");
if ($posts) {
echo json_encode(array("status" => "OK", "content" => $posts));
} else {
echo json_encode(array("status" => "ceroPosts"));
}
} else {
echo json_encode(array("status" => "wrongData"));
}
if ($post->variables) {
$db = new Db();
$liked = $db->query("select id from likes where postId= :id AND username = :username", array('id' => $PARAMS['id'], "username" => $_SESSION['username']));
if ($liked) {
$like = new Like();
$like->Find($liked[0]['id']);
$like->Delete();
echo json_encode(array("status" => "OK"));
} else {
$like = new Like();
$like->postId = $PARAMS['id'];
$like->username = $_SESSION["username"];
$like->Create();
//AUTOVERIFICACION DE POST
if ($autoverify) {
$db->bind("id", $PARAMS['id']);
$aux = $db->query("SELECT * FROM view_posts_valoracion WHERE id = :id");
$aux = $aux[0];
if ($aux['likes'] >= $minLikesToVerify && $aux['reports'] <= $maxReportToVerify && !$aux['verified']) {
$post->Find();
$post->verified = 1;
$post->Save();
}
}
echo json_encode(array("status" => "OK"));
}
} else {
echo json_encode(array("status" => "postNotFound"));
}
} else {
echo json_encode(array("status" => "wrongData"));
<?php
include CHEMIN_LIB . 'Db.class.php';
$db = new Db();
$db->bind("type", "references");
$result['references'] = $db->query("SELECT * FROM `cadres` AS c \n\tLEFT JOIN `references` AS r \n\tON c.id=r.id\n\tWHERE c.type = :type");
$db->bind("type", "autres");
$result['autres'] = $db->query("SELECT * FROM `cadres` AS c \n\tLEFT JOIN `autres` AS a \n\tON c.id=a.id\n\tWHERE c.type = :type");
$result['reseaux-sociaux'] = $db->query("SELECT * FROM `reseaux-sociaux`");
$db->CloseConnection();
$fp = fopen('json/results.json', 'w');
$encode = json_encode($result);
//fputs($fp, $encode);
fwrite($fp, $encode . "\r\n", strlen($encode));
fclose($fp);
