function searchgrade($newky) { $obj = new mysql_helper(); $conn = $obj->connect(); $sql = "call myproce4({$newky})"; $result = $obj->mysql_selecte($sql, $conn); $obj->mysql_close($conn); $result = mysql_fetch_array($result); return $result; }
function get_update_info() { global $error_manager; $mysql = new mysql_helper('localhost', 0, 0); $results = $mysql->execute_query('SELECT * FROM `updates` ORDER BY Version DESC'); if (!isset($results[0]['version']) || !isset($results[0]['change_log'])) { return $error_manager->error_generator(ERROR_SQL_QUERY_FAILED); } if (isset($results['error_code']) && isset($results['error_description'])) { return $results; } $latest_version = $results[0]['version']; $download_link = 'http://www.xboxchaos.com/assembly/update.zip'; $output_array = array('download_link' => $download_link, 'latest_version' => $latest_version, 'change_logs' => $results); return $output_array; }
function get_cached_data($data_array) { global $error_manager; $requestedTimestamp = $data_array['timestamp']; $requestedType = $data_array['type']; $mysql = new mysql_helper('localhost', 0, 0); $bindings = array(); $bindings = $mysql->add_binding($bindings, 's', $requestedType); $results = $mysql->execute_query('SELECT * FROM `cache` WHERE (`type` = ?0)', $bindings); if (!isset($results[0]['type']) || !isset($results[0]['timestamp'])) { return $error_manager->error_generator(ERROR_SQL_QUERY_FAILED); } if (isset($results['error_code']) && isset($results['error_code'])) { return $results; } $responseType = $results[0]['type']; $responseTimestamp = $results[0]['timestamp']; $returnArray = array('update_cache' => $responseTimestamp > $requestedTimestamp); return $returnArray; }
function user_sign_in($data_array) { global $error_manager; $input_username = $data_array['username']; $input_password = $data_array['password']; $input_timestamp = time(); $mysql = new mysql_helper('localhost', 0, 1); $bindings = array(); $bindings = $mysql->add_binding($bindings, 's', $input_username); $members_result = $mysql->execute_query('SELECT * FROM `members` WHERE (`members_l_username` = ?0)', $bindings); $check_valid = $mysql->check_query_valid($members_result, array('member_group_id', 'member_id', 'members_pass_salt', 'members_pass_hash', 'members_display_name', 'posts')); if ($check_valid['error_code'] != -1) { return $check_valid; } $output_session_id = random_string_generation(16); $output_gid = $members_result[0]['member_group_id']; $output_mid = $members_result[0]['member_id']; $output_salt = $members_result[0]['members_pass_salt']; $output_hash = $members_result[0]['members_pass_hash']; $output_display_name = $members_result[0]['members_display_name']; $output_posts = $members_result[0]['posts']; $calculated_hash = md5(md5($output_salt) . $input_password); if ($calculated_hash != $output_hash) { return $error_manager->error_generator(ERROR_INVALID_PASS); } $bindings = array(); $bindings = $mysql->add_binding($bindings, 'i', $output_mid); $avatar_result = $mysql->execute_query('SELECT * FROM `profile_portal` WHERE `pp_member_id` = ?0', $bindings); $check_valid = $mysql->check_query_valid($avatar_result, array('pp_member_id')); if ($check_valid['error_code'] != SUCCESS) { return $check_valid; } $output_avatar_raw = $avatar_result[0]['pp_thumb_photo']; if (substr($output_avatar_raw, 0, 3) != 'http') { $output_avatar_raw = 'http://uploads.xbchaos.netdna-cdn.com/' . $output_avatar_raw; } $bindings = array(); $bindings = $mysql->add_binding($bindings, 'i', $output_mid); $assembly_users_result = $mysql->execute_query('SELECT * FROM `users` WHERE `member_id` = ?0', $bindings); $check_valid = $mysql->check_query_valid($assembly_users_result, array('member_id', 'session_id', 'timestamp')); if ($check_valid['error_code'] != SUCCESS) { return $check_valid; } if ($check_valid['error_code'] == SEMIE_SQL_QUERY_ZERO_ROWS) { // mysql_query("INSERT INTO `users` (`member_id` , `session_id` , `timestamp`) VALUES ('$member_id' , '$session_id', '$timestamp')"); $bindings = array(); $bindings = $mysql->add_binding($bindings, 'i', $output_mid); $bindings = $mysql->add_binding($bindings, 's', $output_session_id); $bindings = $mysql->add_binding($bindings, 'i', $input_timestamp); $insert_result = $mysql->execute_query('INSERT INTO `users` (`member_id` , `session_id` , `timestamp`) VALUES (?0 , ?1, ?2)', $bindings); // $check_valid = $mysql->check_query_valid($insert_result, array()); // if ($check_valid['error_code'] != SUCCESS) // return $check_valid; } else { $bindings = array(); $bindings = $mysql->add_binding($bindings, 'i', $output_mid); $bindings = $mysql->add_binding($bindings, 's', $output_session_id); $bindings = $mysql->add_binding($bindings, 'i', $input_timestamp); $update_result = $mysql->execute_query('UPDATE `users` SET (`session_id` = ?0, `timestamp` = ?1) WHERE `users`.`member_id` = ?2', $bindings); // $check_valid = $mysql->check_query_valid($update_result, array()); // if ($check_valid['error_code'] != SUCCESS) // return $check_valid; } $return_array = array('member_id' => $output_mid, 'session_id' => $output_session_id, 'display_name' => $output_display_name, 'signin_name' => $input_username, 'group_id' => $output_gid, 'post_count' => $output_posts, 'avatar_url' => $output_avatar_raw); return $return_array; }
<?php include '../config/config.class.php'; include '../model/scoreserve.php'; $grade = $_GET['new']; $keyname = $_GET['key']; $judeger = $_GET['judger']; if ($grade > 100 || $grade < 0 || $grade == "") { $grade = "error"; } else { $score = new score(); @($flag = $score->getflag($keyname, $judeger)); if ($flag == 1) { $grade = "errorse"; } else { $flag = 1; $sql = "update zg_grade set grade='{$grade}',flag='{$flag}' where stunumber='{$keyname}' and judeger='{$judeger}'"; $obj = new mysql_helper(); $conn = $obj->connect(); $obj->mysql_do($sql, $conn); $grade = "success!"; $obj->mysql_close($conn); } } echo $grade;
<?php $obj = new mysql_helper(); $conn = $obj->connect(); $file_name_show = xfs($_POST["xy"]) . '/' . xfs($_POST["xh"]) . '_' . xfs($_POST["xm"]) . '_' . xfs($_POST["xy"]) . '_' . xfs($_POST["bj"]) . '.doc'; $filename = xfs($_POST["xh"]) . '_' . xfs($_POST["xm"]) . '_' . xfs($_POST["xy"]) . '_' . xfs($_POST["bj"]); $stunumb = xfs($_POST["xh"]); $listdir = xfs($_POST["xy"]); $sqlc = "select stunumber from upload_table where stunumber='{$stunumb}'"; @($result = $obj->mysql_selecte($sqlc, $conn)); $result = mysql_fetch_array($result); if ($result[0] == $stunumb) { $sqlu = "update upload_table set filename='{$filename}' where stunumber='{$stunumb}'"; @$obj->mysql_do($sqlu, $conn); } else { $sql = "insert into upload_table(filename,stunumber,academy) values('{$filename}','{$stunumb}','{$listdir}')"; $sql1 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','1')"; $sql2 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','2')"; $sql3 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','3')"; @$obj->mysql_do($sql, $conn); @$obj->mysql_do($sql1, $conn); @$obj->mysql_do($sql2, $conn); @$obj->mysql_do($sql3, $conn); } @$obj->mysql_close($conn); $POST_MAX_SIZE = ini_get('post_max_size'); $unit = strtoupper(substr($POST_MAX_SIZE, -1)); $multiplier = $unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)); if ((int) $_SERVER['CONTENT_LENGTH'] > $multiplier * (int) $POST_MAX_SIZE && $POST_MAX_SIZE) { header("HTTP/1.1 500 Internal Server Error"); echo "POST exceeded maximum allowed size.";