function verify_user($username, $password, $return_token = false) { #Creates an object for the return of the json object. $json_verified = array(); $json_verified['Verified'] = false; #The entire statement is enclosed in a try in case of a PDO exeption. try { #Includes the database connection file in this script require '/var/www/dbconnection/Get_db_connection.php'; #Runs the get_db_connection function in the above file which returns #the PDO connection to the database $db_connection = DbConnection::get_instance()->get_db_connection(); #Creates a prepared statement to select the username and password associated with the account $stmt_handle = $db_connection->prepare('Select UserID, Password, Verified From Biometrix.dbo.LoginTable WHERE Username = :name'); #bands the value of :name in the above statement to the first value #passed in on the commandline $stmt_handle->bindValue(':name', $username, PDO::PARAM_STR); #Executes the prepared statement $stmt_handle->execute(); $pass_correct = false; $userid = 0; #Fetches the first row, if null the username and password were wrong if ($row = $stmt_handle->fetch()) { if ($row[2] == 0) { $json_verified['Verified'] = false; $json_verified['Error'] = "Please verify your email account"; } else { if (password_verify($password, $row[1])) { $pass_correct = true; $json_verified['Verified'] = true; #creates a return token for the user if one was #requested if ($return_token = true) { $userid = intval($row[0]); #$userid = 1; require '/var/www/dbconnection/Sign_jwt.php'; $json_verified['Token'] = JWTSign::sign_token($userid); } } } } } catch (PDOException $except) { echo $except->getMessage(); $db_connection = null; } #Returns the json object for success or failure of login return $json_verified; }
<?php # # Author: Troy Riblett, troy.riblett@oit.edu # Created: 2/15/2016 # Last Modified: 2/15/2016 # # delete_unverified # This php script removes the user from the database. Should only be # called for unverified users. try { #includes the script for getting the db connection require '/var/www/dbconnection/Get_db_connection.php'; #Makes a call to a the get_db_connection that sets up the PDO connection $db_connection = DbConnection::get_instance()->get_db_connection(); $stmt_handle = $db_connection->prepare('Delete Biometrix.dbo.LoginTable Where Username = :name'); #Binds the username to the prepared statement $stmt_handle->bindValue(':name', $argv[1], PDO::PARAM_STR); $stmt_handle->execute(); $db_connection = null; } catch (PDOException $except) { echo $except->getMessage() . "\n"; $db_connection = null; }
function insert_or_update($userid, $operation, $params, $table) { try { #includes the script for getting the db connection require '/var/www/dbconnection/Get_db_connection.php'; #Makes a call to a the get_db_connection that sets up the PDO connection $db_connection = DbConnection::get_instance()->get_db_connection(); switch ($table) { case "Exercise": $prep_string = "Exec Exercise{$operation}"; $prep_string = $prep_string . " @UserID = :UserID"; $prep_string = $prep_string . ", @LocalExerciseID = :LocalExerciseID"; $prep_string = $prep_string . ", @Title = :Title"; $prep_string = $prep_string . ", @Type = :Type"; $prep_string = $prep_string . ", @Minutes = :Minutes"; $prep_string = $prep_string . ", @Inty = :Inty"; $prep_string = $prep_string . ", @Notes = :Notes"; $prep_string = $prep_string . ", @DateEx = :DateEx"; $prep_string = $prep_string . ", @TimeEx = :TimeEx"; if ($operation == "Update") { $prep_string = $prep_string . ", @WebExerciseID = :WebExerciseID"; } $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "UserID"; $cols["2"] = "LocalExerciseID"; $cols["3"] = "Title"; $cols["4"] = "Type"; $cols["5"] = "Minutes"; $cols["6"] = "Inty"; $cols["7"] = "Notes"; $cols["8"] = "DateEx"; $cols["9"] = "TimeEx"; if ($operation == "Update") { $cols["10"] = "WebExerciseID"; } break; case "Sleep": $prep_string = "Exec Sleep{$operation}"; $prep_string = $prep_string . " @UserID = :UserID"; $prep_string = $prep_string . ", @LocalSleepID = :LocalSleepID"; $prep_string = $prep_string . ", @Date = :Date"; $prep_string = $prep_string . ", @Time = :Time"; $prep_string = $prep_string . ", @Duration = :Duration"; $prep_string = $prep_string . ", @Quality = :Quality"; $prep_string = $prep_string . ", @Notes = :Notes"; if ($operation == "Update") { $prep_string = $prep_string . ", @WebSleepID = :WebSleepID"; } $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "UserID"; $cols["2"] = "LocalSleepID"; $cols["3"] = "Date"; $cols["4"] = "Time"; $cols["5"] = "Duration"; $cols["6"] = "Quality"; $cols["7"] = "Notes"; if ($operation == "Update") { $cols["8"] = "WebSleepID"; } break; case "Mood": $prep_string = "Exec Mood{$operation}"; $prep_string = $prep_string . " @UserID = :UserID"; $prep_string = $prep_string . ", @LocalMoodID = :LocalMoodID"; $prep_string = $prep_string . ", @Date = :Date"; $prep_string = $prep_string . ", @Time = :Time"; $prep_string = $prep_string . ", @Depression = :Depression"; $prep_string = $prep_string . ", @Elevated = :Elevated"; $prep_string = $prep_string . ", @Irritable = :Irritable"; $prep_string = $prep_string . ", @Anxiety = :Anxiety"; $prep_string = $prep_string . ", @Sad = :Sad"; $prep_string = $prep_string . ", @Happy = :Happy"; $prep_string = $prep_string . ", @Anger = :Anger"; $prep_string = $prep_string . ", @Notes = :Notes"; if ($operation == "Update") { $prep_string = $prep_string . ", @WebMoodID = :WebMoodID"; } $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "UserID"; $cols["2"] = "LocalMoodID"; $cols["3"] = "Date"; $cols["4"] = "Time"; $cols["5"] = "Depression"; $cols["6"] = "Elevated"; $cols["7"] = "Irritable"; $cols["8"] = "Anxiety"; $cols["9"] = "Sad"; $cols["10"] = "Happy"; $cols["11"] = "Anger"; $cols["12"] = "Notes"; if ($operation == "Update") { $cols["13"] = "WebMoodID"; } break; case "Diet": $prep_string = "Exec Diet{$operation}"; $prep_string = $prep_string . " @UserID = :UserID"; $prep_string = $prep_string . ", @LocalDietID = :LocalDietID"; $prep_string = $prep_string . ", @Date = :Date"; $prep_string = $prep_string . ", @FoodType = :FoodType"; $prep_string = $prep_string . ", @Meal = :Meal"; $prep_string = $prep_string . ", @ServingSize = :ServingSize"; $prep_string = $prep_string . ", @Calories = :Calories"; $prep_string = $prep_string . ", @TotalFat = :TotalFat"; $prep_string = $prep_string . ", @SaturatedFat = :SaturatedFat"; $prep_string = $prep_string . ", @TransFat = :TransFat"; $prep_string = $prep_string . ", @Cholesterol = :Cholesterol"; $prep_string = $prep_string . ", @Sodium = :Sodium"; $prep_string = $prep_string . ", @TotalCarbs = :TotalCarbs"; $prep_string = $prep_string . ", @DietaryFiber = :DietaryFiber"; $prep_string = $prep_string . ", @Sugars = :Sugars"; $prep_string = $prep_string . ", @Protein = :Protein"; $prep_string = $prep_string . ", @VitaminA = :VitaminA"; $prep_string = $prep_string . ", @VitaminB = :VitaminB"; $prep_string = $prep_string . ", @Calcium = :Calcium"; $prep_string = $prep_string . ", @Iron = :Iron"; $prep_string = $prep_string . ", @Notes = :Notes"; if ($operation == "Update") { $prep_string = $prep_string . ", @WebDietID = :WebDietID"; } $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "UserID"; $cols["2"] = "LocalDietID"; $cols["3"] = "Date"; $cols["4"] = "FoodType"; $cols["5"] = "Meal"; $cols["6"] = "ServingSize"; $cols["7"] = "Calories"; $cols["8"] = "TotalFat"; $cols["9"] = "SaturatedFat"; $cols["10"] = "TransFat"; $cols["11"] = "Cholesterol"; $cols["12"] = "Sodium"; $cols["13"] = "TotalCarbs"; $cols["14"] = "DietaryFiber"; $cols["15"] = "Sugars"; $cols["16"] = "Protein"; $cols["17"] = "VitaminA"; $cols["18"] = "VitaminB"; $cols["19"] = "Calcium"; $cols["20"] = "Iron"; $cols["21"] = "Notes"; if ($operation == "Update") { $cols["22"] = "WebDietID"; } break; case "Medication": $prep_string = "Exec Medication{$operation}"; $prep_string = $prep_string . " @UserID = :UserID"; $prep_string = $prep_string . ", @LocalMedicationID = :LocalMedicationID"; $prep_string = $prep_string . ", @Date = :Date"; $prep_string = $prep_string . ", @Time = :Time"; $prep_string = $prep_string . ", @BrandName = :BrandName"; $prep_string = $prep_string . ", @Prescriber = :Prescriber"; $prep_string = $prep_string . ", @Dose = :Dose"; $prep_string = $prep_string . ", @Instructions = :Instructions"; $prep_string = $prep_string . ", @Warnings = :Warnings"; $prep_string = $prep_string . ", @Notes = :Notes"; if ($operation == "Update") { $prep_string = $prep_string . ", @WebMedicationID = :WebMedicationID"; } $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "UserID"; $cols["2"] = "LocalMedicationID"; $cols["3"] = "Date"; $cols["4"] = "Time"; $cols["5"] = "BrandName"; $cols["6"] = "Prescriber"; $cols["7"] = "Dose"; $cols["8"] = "Instructions"; $cols["9"] = "Warnings"; $cols["10"] = "Notes"; if ($operation == "Update") { $cols["11"] = "WebMedicationID"; } break; default: echo "Unrecognized database table"; break; } $json_verified = array(); #If these variables are set, a valid table was chosen #Bind the parameters and execute the stored procedure. if (isset($cols) && isset($stmt_handle)) { $index = 1; foreach ($cols as $col) { if ($col == "UserID") { $value = $userid; } else { $value = $params[$col]; } #Empty values passed in may include "" or "null" #Replace these with NULL if (strcasecmp($value, "null") == 0 || strcasecmp($value, "\"null\"") == 0) { $value = ""; } $bind_name = ':' . $col; $stmt_handle->bindValue($bind_name, $value, PDO::PARAM_STR); } $stmt_handle->execute(); if ($operation == "Insert") { if ($row = $stmt_handle->fetch()) { $json_verified['Verified'] = true; $updated_pair = array(); $updated_pair['Local'] = $row[0]; $updated_pair['Web'] = $row[1]; $json_verified['Row'] = $updated_pair; } else { $json_verified['Verified'] = false; $json_verified['Error'] = "Database insert failed"; $json_verified['ErrorInfo'] = $stmt_handle->errorInfo(); } } else { if ($operation == "Update") { if ($row = $stmt_handle->fetch()) { $num_rows = $row[0]; if ($num_rows == 1) { $json_verified['Verified'] = true; #Grabs the web key from the first argument $json_verified['WebKey'] = $row[1]; } else { if ($num_rows > 1) { $json_verified['Verified'] = false; $json_verified['Error'] = "Database updated multiple fields"; } else { $json_verified['Verified'] = false; $json_verified['Error'] = "Failed to update row on Webdatabase"; $json_verified['ErrorInfo'] = $stmt_handle->errorInfo(); $json_verified['PreapredWith'] = $prep_string; } } } else { $json_verified['Verified'] = false; $json_verified['Error'] = "Database update failed"; } } } $stmt_handle = null; } else { $json_verified['Verified'] = false; $json_verified['Error'] = "Invalid database table chosen"; } $db_connection = null; return $json_verified; } catch (PDOException $except) { echo $except->getMessage() . "\n"; $err_arr = $stmt_handle->errorInfo(); print_r($err_arr); $stmt_handle = null; $db_connection = null; } catch (InvalidArgumentException $arg_except) { echo $arg_except->getMessage() . "\n"; } }
function delete_values($userid, $params, $table) { try { #includes the script for getting the db connection require '/var/www/dbconnection/Get_db_connection.php'; #Makes a call to a the get_db_connection that sets up the PDO connection $db_connection = DbConnection::get_instance()->get_db_connection(); switch ($table) { case "Mood": $prep_string = "Exec MoodDelete"; $prep_string = $prep_string . " @WebMoodID = :WebMoodID"; $prep_string = $prep_string . ", @UserID = :UserID"; $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "WebMoodID"; $cols["2"] = "UserID"; break; case "Diet": $prep_string = "Exec DietDelete"; $prep_string = $prep_string . " @WebDietID = :WebDietID"; $prep_string = $prep_string . ", @UserID = :UserID"; $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "WebDietID"; $cols["2"] = "UserID"; break; case "Exercise": $prep_string = "Exec ExerciseDelete"; $prep_string = $prep_string . " @WebExerciseID = :WebExerciseID"; $prep_string = $prep_string . ", @UserID = :UserID"; $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "WebExerciseID"; $cols["2"] = "UserID"; break; case "Sleep": $prep_string = "Exec SleepDelete"; $prep_string = $prep_string . " @WebSleepID = :WebSleepID"; $prep_string = $prep_string . ", @UserID = :UserID"; $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "WebSleepID"; $cols["2"] = "UserID"; break; case "Medication": $prep_string = "Exec MedicationDelete"; $prep_string = $prep_string . " @WebMedicationID = :WebMedicationID"; $prep_string = $prep_string . ", @UserID = :UserID"; $stmt_handle = $db_connection->Prepare($prep_string); $cols = array(); $cols["1"] = "WebMedicationID"; $cols["2"] = "UserID"; break; default: echo "Unrecognized database table"; break; } $json_verified = array(); #If these variables are set, a valid table was chosen #Bind the parameters and execute the stored procedure. if (isset($cols) && isset($stmt_handle)) { foreach ($cols as $col) { if ($col == "UserID") { $value = $userid; } else { $value = $params[$col]; } #Empty values passed in may include "" or "null" #Replace these with NULL if (strcasecmp($value, "null") == 0 || strcasecmp($value, "\"null\"") == 0) { $value = ""; } $bind_name = ':' . $col; $json_verified[$bind_name] = $value; $stmt_handle->bindValue($bind_name, $value, PDO::PARAM_STR); } $stmt_handle->execute(); $row = $stmt_handle->fetch(); $rows_affected = $row[0]; if ($rows_affected == 1) { $json_verified['Verified'] = true; #Grabs the webkey from the first argument $json_verified['WebKey'] = $params[$cols["1"]]; } else { if ($rows_affected == 0) { $json_verified['Verified'] = false; $json_verified['Error'] = "Row was not deleted from the web database"; $json_verified['ErrorInfo'] = $stmt_handle->errorInfo(); } else { if ($rows_affected > 1) { $json_verified['Verified'] = false; $json_verified['Error'] = 'Multiple rows deleted from the web database. Only 1 row should have been'; } } } $stmt_handle = null; } else { $json_verified['Verified'] = false; $json_verified['Error'] = "Invalid database table chosen"; } $db_connection = null; return $json_verified; } catch (PDOException $except) { echo $except->getMessage() . "\n"; $err_arr = $stmt_handle->errorInfo(); print_r($err_arr); $stmt_handle = null; $db_connection = null; } catch (InvalidArgumentException $arg_except) { echo $arg_except->getMessage() . "\n"; } }
function pull_values($userid, $table) { try { #includes the script for getting the db connection require '/var/www/dbconnection/Get_db_connection.php'; #Makes a call to a the get_db_connection that sets up the PDO connection $db_connection = DbConnection::get_instance()->get_db_connection(); $json_verified = array(); switch ($table) { case "Mood": $prep_string = "Select "; $prep_string = $prep_string . "WebMoodID"; $prep_string = $prep_string . ", UserID"; $prep_string = $prep_string . ", LocalMoodID"; $prep_string = $prep_string . ", Date"; $prep_string = $prep_string . ", convert(varchar(5), Time, 114)"; $prep_string = $prep_string . ", Depression"; $prep_string = $prep_string . ", Elevated"; $prep_string = $prep_string . ", Irritable"; $prep_string = $prep_string . ", Anxiety"; $prep_string = $prep_string . ", Sad"; $prep_string = $prep_string . ", Happy"; $prep_string = $prep_string . ", Anger"; $prep_string = $prep_string . ", Notes"; $prep_string = $prep_string . " From Biometrix.dbo.Mood"; $prep_string = $prep_string . " LEFT JOIN #TempID ON ID = WebMoodID"; $prep_string = $prep_string . " Where [UserId] = ? AND ID is null"; $stmt_handle = $db_connection->Prepare($prep_string); $num_cols = 13; $cols = array(); $cols[0] = "WebMoodID"; $cols[1] = "UserID"; $cols[2] = "LocalMoodID"; $cols[3] = "Date"; $cols[4] = "Time"; $cols[5] = "Depression"; $cols[6] = "Elevated"; $cols[7] = "Irritable"; $cols[8] = "Anxiety"; $cols[9] = "Sad"; $cols[10] = "Happy"; $cols[11] = "Anger"; $cols[12] = "Notes"; break; case "Diet": $prep_string = "Select "; $prep_string = $prep_string . "WebDietID"; $prep_string = $prep_string . ", UserID"; $prep_string = $prep_string . ", LocalDietID"; $prep_string = $prep_string . ", Date"; $prep_string = $prep_string . ", FoodType"; $prep_string = $prep_string . ", Meal"; $prep_string = $prep_string . ", ServingSize"; $prep_string = $prep_string . ", Calories"; $prep_string = $prep_string . ", TotalFat"; $prep_string = $prep_string . ", SaturatedFat"; $prep_string = $prep_string . ", TransFat"; $prep_string = $prep_string . ", Cholesterol"; $prep_string = $prep_string . ", Sodium"; $prep_string = $prep_string . ", TotalCarbs"; $prep_string = $prep_string . ", DietaryFiber"; $prep_string = $prep_string . ", Sugars"; $prep_string = $prep_string . ", Protein"; $prep_string = $prep_string . ", VitaminA"; $prep_string = $prep_string . ", VitaminB"; $prep_string = $prep_string . ", Calcium"; $prep_string = $prep_string . ", Iron"; $prep_string = $prep_string . ", Notes"; $prep_string = $prep_string . " From Biometrix.dbo.Diet"; $prep_string = $prep_string . " LEFT JOIN #TempID ON ID = WebDietID"; $prep_string = $prep_string . " Where [UserId] = ? AND ID is null"; $stmt_handle = $db_connection->Prepare($prep_string); $num_cols = 22; $cols = array(); $cols[0] = "WebDietID"; $cols[1] = "UserID"; $cols[2] = "LocalDietID"; $cols[3] = "Date"; $cols[4] = "FoodType"; $cols[5] = "Meal"; $cols[6] = "ServingSize"; $cols[7] = "Calories"; $cols[8] = "TotalFat"; $cols[9] = "SaturatedFat"; $cols[10] = "TransFat"; $cols[11] = "Cholesterol"; $cols[12] = "Sodium"; $cols[13] = "TotalCarbs"; $cols[14] = "DietaryFiber"; $cols[15] = "Sugars"; $cols[16] = "Protein"; $cols[17] = "VitaminA"; $cols[18] = "VitaminB"; $cols[19] = "Calcium"; $cols[20] = "Iron"; $cols[21] = "Notes"; break; case "Exercise": $prep_string = "Select "; $prep_string = $prep_string . "WebExerciseID"; $prep_string = $prep_string . ", UserID"; $prep_string = $prep_string . ", LocalExerciseID"; $prep_string = $prep_string . ", Title"; $prep_string = $prep_string . ", Type"; $prep_string = $prep_string . ", Minutes"; $prep_string = $prep_string . ", Inty"; $prep_string = $prep_string . ", Notes"; $prep_string = $prep_string . ", DateEx"; $prep_string = $prep_string . ", TimeEx"; $prep_string = $prep_string . " From Biometrix.dbo.Exercise"; $prep_string = $prep_string . " LEFT JOIN #TempID ON ID = WebExerciseID"; $prep_string = $prep_string . " Where [UserId] = ? AND ID is null"; $stmt_handle = $db_connection->Prepare($prep_string); $num_cols = 10; $cols = array(); $cols[0] = "WebExerciseID"; $cols[1] = "UserID"; $cols[2] = "LocalExerciseID"; $cols[3] = "Title"; $cols[4] = "Type"; $cols[5] = "Minutes"; $cols[6] = "Inty"; $cols[7] = "Notes"; $cols[8] = "DateEx"; $cols[9] = "TimeEx"; break; case "Sleep": $prep_string = "Select "; $prep_string = $prep_string . "WebSleepID"; $prep_string = $prep_string . ", UserID"; $prep_string = $prep_string . ", LocalSleepID"; $prep_string = $prep_string . ", Date"; $prep_string = $prep_string . ", convert(varchar(5), Time, 114)"; $prep_string = $prep_string . ", convert(varchar(5), Duration, 114)"; $prep_string = $prep_string . ", Quality"; $prep_string = $prep_string . ", Notes"; $prep_string = $prep_string . " From Biometrix.dbo.Sleep"; $prep_string = $prep_string . " LEFT JOIN #TempID ON ID = WebSleepID"; $prep_string = $prep_string . " Where [UserId] = ? AND ID is null"; $stmt_handle = $db_connection->Prepare($prep_string); $num_cols = 8; $cols = array(); $cols[0] = "WebSleepID"; $cols[1] = "UserID"; $cols[2] = "LocalSleepID"; $cols[3] = "Date"; $cols[4] = "Time"; $cols[5] = "Duration"; $cols[6] = "Quality"; $cols[7] = "Notes"; break; case "Medication": $prep_string = "Select "; $prep_string = $prep_string . "WebMedicationID"; $prep_string = $prep_string . ", UserID"; $prep_string = $prep_string . ", LocalMedicationID"; $prep_string = $prep_string . ", Date"; $prep_string = $prep_string . ", convert(varchar(5), Time, 114)"; $prep_string = $prep_string . ", BrandName"; $prep_string = $prep_string . ", Prescriber"; $prep_string = $prep_string . ", Dose"; $prep_string = $prep_string . ", Instructions"; $prep_string = $prep_string . ", Warnings"; $prep_string = $prep_string . ", Notes"; $prep_string = $prep_string . " From Biometrix.dbo.Medication"; $prep_string = $prep_string . " LEFT JOIN #TempID ON ID = WebMedicationID"; $prep_string = $prep_string . " Where [UserId] = ? AND ID is null"; $stmt_handle = $db_connection->Prepare($prep_string); $num_cols = 11; $cols = array(); $cols[0] = "WebMedicationID"; $cols[1] = "UserID"; $cols[2] = "LocalMedicationID"; $cols[3] = "Date"; $cols[4] = "Time"; $cols[5] = "BrandName"; $cols[6] = "Prescriber"; $cols[7] = "Dose"; $cols[8] = "Instructions"; $cols[9] = "Warnings"; $cols[10] = "Notes"; break; default: echo "Unrecognized database table"; break; } $stmt_handle->bindValue(1, $userid, PDO::PARAM_INT); $stmt_handle->execute(); $cur_row_num = 0; while ($row = $stmt_handle->fetch()) { $row_entry = array(); for ($i = 0; $i < $num_cols; $i++) { $col_entry = array(); $col_entry["ColumnName"] = $cols[$i]; $col_entry["Value"] = $row[$i]; $row_entry[$i] = $col_entry; } #Hack to get php to stop treating this as a freakin list. $row_entry[-1] = -1; $json_verified[$cur_row_num] = $row_entry; $cur_row_num = $cur_row_num + 1; } $json_verified["NumRows"] = $cur_row_num; $json_verified["NumColumns"] = $num_cols; $db_connection = null; return $json_verified; } catch (PDOException $except) { echo $except->getMessage() . "\n"; $err_arr = $stmt_handle->errorInfo(); print_r($err_arr); $stmt_handle = null; $db_connection = null; } catch (InvalidArgumentException $arg_except) { echo $arg_except->getMessage() . "\n"; } }