public static function getHelp() { global $connection, $db_info; if (databaseConnection()) { try { $sql = "SELECT * FROM {$db_info['help']}"; $statement = $connection->prepare($sql); $statement->execute(); $result = array_map('reset', $statement->fetchAll(PDO::FETCH_GROUP | PDO::FETCH_ASSOC)); if (count($result) > 0) { return $result; } else { return false; } } catch (Exception $e) { } } }
public static function getAdminEmailList() { global $connection, $db_info; if (databaseConnection()) { try { $sql = "SELECT * FROM {$db_info['member_tbl']} WHERE (rank = 1 OR rank = 2)"; $statement = $connection->prepare($sql); $statement->execute(); $result = $statement->fetchAll(PDO::FETCH_ASSOC); if (count($result) > 0) { return $result; } else { return null; } } catch (Exception $e) { } } return null; }
public static function validateMusicBeeVersion($mbversions) { global $connection, $db_info; if (databaseConnection()) { try { $sql = "SELECT ID_ALLVERSIONS FROM {$db_info['mb_all']} WHERE ID_ALLVERSIONS = :id"; $statement = $connection->prepare($sql); $statement->bindValue(':id', $mbversions); $statement->execute(); $result = $statement->fetchAll(PDO::FETCH_ASSOC); if (count($result) != 1) { return false; } } catch (Exception $e) { return false; } return true; } }
public function checkStatExistsByIp($stat) { global $connection, $db_info; if (databaseConnection()) { try { $sql = "SELECT STAT_ID \r\n\t\t\t\tFROM {$db_info['download_stat_tbl']}\r\n\t\t\t\tWHERE \r\n\t\t\t\tis_registered = {$stat['is_registered']}\r\n\t\t\t\tAND\r\n\t\t\t\tstat_type = :stat_type \r\n\t\t\t\tAND \r\n\t\t\t\tip_address = :ip \r\n\t\t\t\tAND \r\n\t\t\t\tID = :id"; $statement = $connection->prepare($sql); $statement->bindValue(':ip', $stat['ip']); $statement->bindValue(':stat_type', $stat['stat_type']); $statement->bindValue(':id', $stat['id']); $statement->execute(); $result = $statement->fetchAll(PDO::FETCH_ASSOC); if (count($result) > 0) { return true; } else { return false; } } catch (Exception $e) { } } return false; }
public function getAllAddonPublisherCount() { global $connection, $db_info; if (databaseConnection()) { try { $sql = "SELECT\r\n\t\t\t\t\t\t COUNT(*) as publisherCount\r\n\t\t\t\t\t\tFROM\r\n\t\t\t\t\t\t {$db_info['member_tbl']}\r\n\t\t\t\t\t\tLEFT JOIN\r\n\t\t\t\t\t\t (\r\n\t\t\t\t\t\t SELECT\r\n\t\t\t\t\t\t ID_AUTHOR,\r\n\t\t\t\t\t\t COUNT(DISTINCT ID_ADDON) AS addonUploads\r\n\t\t\t\t\t\t FROM\r\n\t\t\t\t\t\t {$db_info['addon_tbl']}\r\n\t\t\t\t\t\t WHERE\r\n\t\t\t\t\t\t {$db_info['addon_tbl']}.status = 1\r\n\t\t\t\t\t\t GROUP BY addons.ID_AUTHOR\r\n\t\t\t\t\t\t) upload\r\n\t\t\t\t\t\tON\r\n\t\t\t\t\t\t upload.ID_AUTHOR = {$db_info['member_tbl']}.ID_MEMBER\r\n\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\tupload.addonUploads > 0"; $statement = $connection->prepare($sql); $statement->execute(); $result = $statement->fetchAll(PDO::FETCH_ASSOC); if ($result != null) { return $result[0]['publisherCount']; } else { return null; } } catch (Exception $e) { } } }
echo "<p>Area: <strong>" . $row['Area'] . "</strong> sq km</p>"; echo "<p>Population: <strong>" . number_format($row['Population']) . "</strong></p>"; echo "<p>Currency Name: <strong>" . $row['CurrencyName'] . "</strong></p>"; echo "<p>" . $row['CountryDescription'] . "</p>"; ?> </div> <div class="panel panel-info"> <div class="panel-heading">Images From <?php echo $row['CountryName']; ?> </div> <div class="well"> <div class="row"> <?php $pdo = databaseConnection(); $sql = "SELECT TravelImage.ImageID, Path, CountryCodeISO, Title FROM TravelImageDetails\n" . "INNER JOIN TravelImage\n" . "ON TravelImage.ImageID = TravelImageDetails.ImageID WHERE CountryCodeISO ='" . $row['ISO'] . "'"; $result = $pdo->query($sql); images($result); $pdo = null; ?> </div> </div> </div> </div> <!-- end main content column --> </div> <!-- end main content row --> </div> <!-- end main content container --> <?php include "includes/travel-footer.inc.php"; ?>
<?php //Include the database information file if (!isset($_POST['user_name'])) { echo "Error!! Form inputs are not provided"; } else { include 'db_connect.php'; //prepare and bind $mysqli = databaseConnection(); $stmt = $mysqli->prepare(" SELECT full_name FROM tbl_users WHERE user_name=? AND password=?"); $stmt->bind_param("ss", $user_name, $password); //set parameters and execute $user_name = $_POST['user_name']; $password = $_POST['user_password']; $password = sha1($password); $stmt->execute(); $result = $stmt->get_result(); $row = $result->fetch_assoc(); $full_Name = $row['full_name']; $stmt->close(); //Close the connection $mysqli->close(); if (isset($full_Name)) { echo "Login Successfull !!<br>"; echo "Welcome " . $full_Name; } else { echo "User is not authenticated"; } }
/** * Save rating to DB * * @param $addon_id * @param $user_id * @param $rate_val * * @return bool */ public function rateSubmit($addon_id, $user_id, $rate_val) { global $connection, $db_info; if (databaseConnection()) { try { if ($rate_val == "like") { $sql = "INSERT INTO {$db_info['likes_tbl']} SET ID_MEMBER = :user_id, ID_ADDON = :addon_id"; } elseif ($rate_val == "unlike") { $sql = "DELETE FROM {$db_info['likes_tbl']} WHERE ID_MEMBER = :user_id AND ID_ADDON = :addon_id"; } $statement = $connection->prepare($sql); $statement->bindValue(':user_id', $user_id); $statement->bindValue(':addon_id', $addon_id); $statement->execute(); return true; } catch (Exception $e) { return false; } } return false; }
public function compareCurrentRelease($record_id) { global $connection, $db_info, $mb; if (databaseConnection()) { try { $sql = "SELECT * FROM {$db_info['mb_all']} WHERE ID_ALLVERSIONS = :id"; $statement = $connection->prepare($sql); $statement->bindValue(':id', $record_id); $statement->execute(); $result = $statement->fetchAll(PDO::FETCH_ASSOC); if (count($result) > 0) { if ($result[0]['version'] == $mb['musicbee_download']['stable']['version']) { return true; } else { return false; } } else { return false; } } catch (Exception $e) { $this->errorMessage = $this->errorMessage . $e; return true; } } return true; }
/** * Get all Website setting * * @return array */ function getSetting() { global $connection, $db_info; if (databaseConnection()) { try { $sql = "SELECT * FROM {$db_info['settings_tbl']}"; $statement = $connection->prepare($sql); $statement->execute(); $result = array_map('reset', array_map('reset', $statement->fetchAll(PDO::FETCH_GROUP | PDO::FETCH_ASSOC))); $result['showPgaeLoadTime'] = $result['showPgaeLoadTime'] == 1 ? true : false; $result['addonSubmissionOn'] = $result['addonSubmissionOn'] == 1 ? true : false; $result['imgurUploadOn'] = $result['imgurUploadOn'] == 1 ? true : false; return $result; } catch (Exception $e) { } } }
/** * Check if user has reached submission limit per day * * @return bool */ function canUserSubmitAnymoreToday() { global $connection, $db_info, $mb, $setting; $currentdate = date("F j, Y"); if (databaseConnection()) { try { $sql = "SELECT * FROM {$db_info['addon_tbl']} WHERE publish_date = :pub_date AND ID_AUTHOR = {$mb['user']['id']}"; $statement = $connection->prepare($sql); $statement->bindValue(':pub_date', $currentdate); $statement->execute(); $result = count($statement->fetchAll(PDO::FETCH_ASSOC)); if ($result <= $setting['maximumAddonSubmissionPerDay']) { return true; } else { return false; } } catch (Exception $e) { } } }
/** * Get count of all the addon submitted by the User * * @param $user_id * * @return int|null */ public function getAddonCountByUser($user_id) { global $connection, $db_info; if (databaseConnection()) { try { $sql = "SELECT * FROM {$db_info['addon_tbl']} WHERE ID_AUTHOR = :user_id AND status = 1"; $statement = $connection->prepare($sql); $statement->bindValue(':user_id', $user_id); $statement->execute(); $result = $statement->fetchAll(PDO::FETCH_ASSOC); return count($result); } catch (Exception $e) { } } return null; }
/** * @param string $searchquery * @param null $cat_input * @param int $status_input * @param null $authorid * @param int $offset * @param int $range * @param string $orderby * * @return mixed */ public function searchAddons($searchquery, $cat_input = null, $status_input = 1, $authorid = null, $offset = 0, $range = 20, $orderby = "ID_ADDON DESC", $skip_count = null) { global $connection, $mb; //Create arrays for SQL value binding if ($cat_input == null) { $cat_array = array_keys($mb['main_menu']['add-ons']['sub_menu']); } elseif (!is_array($cat_input)) { $cat_array = Format::createSqlArrayParam($cat_input); } else { $cat_array = $cat_input; } if (!is_array($status_input)) { $status_array = Format::createSqlArrayParam($status_input); } else { $status_array = $status_input; } //sanitize input $cat = Format::safeSqlArray($cat_array); $status = Format::safeSqlArray($status_array); if (!is_array($searchquery)) { $searchquery = trim($searchquery); //create an array from spaces between wrods $search_array = Format::safeSqlSearchArray($searchquery); //replace spaces and create a compact string, and then create a single array $search_sort_term = array(str_replace(' ', '', $searchquery)); //add % sign on both end and do not replace spaces this time. and then create an array from spaces in between $search_sort_term_unmod = preg_filter(['/^/', '/$/'], ['%$0', '$0%'], array(Format::safeSqlSearchArray($searchquery)[0])); //Create another array which * sign after all array keys $search_array_fulltext = preg_filter('/$/', '$0*', $search_array); //create another array which has % sign before and at the end of all array keys $search_array_like = preg_filter(['/^/', '/$/'], ['%$0', '$0%'], $search_array); $cat_status_array = array_merge($cat_array, $status_array); //If placeholder input has only 1 word in it then use mysql %LIKE% for searching if (count($search_array) == 1) { //create another array like "?,?,?,?...", this will prevent sql injection $placeholder = Format::safeSqlArray($search_array); //If search query is blank then get all if (empty($searchquery)) { //Now Merge all the arrays together and $bindedVal = $cat_status_array; } else { if ($authorid == null) { $bindedVal = array_merge($cat_status_array, $search_array_like, $search_array_like, $search_array_like, $search_array_fulltext, $search_sort_term, $search_sort_term_unmod); } else { $bindedVal = array_merge($cat_status_array, $search_array_like, $search_array_like, $search_array_fulltext, $search_sort_term, $search_sort_term_unmod); } } } else { //Unlike privously where we created array like "?,?,?,...", this time for FULLTEXT placeholder we are omitting //commas and instead will use spaces $placeholder = Format::safeSqlArrayFullText($search_array); if ($authorid == null) { //Create another single array of all sanitized array, we will pass it into execute() method $bindedVal = array_merge($cat_status_array, $search_array_fulltext, $search_array_fulltext, $search_sort_term_unmod, $search_array_fulltext, $search_array_fulltext, $search_sort_term, $search_sort_term_unmod); } else { $bindedVal = array_merge($cat_status_array, $search_array_fulltext, $search_sort_term_unmod, $search_array_fulltext, $search_array_fulltext, $search_sort_term, $search_sort_term_unmod); } } } $search_sql = $this->generateQuery("result", $range, $offset, $placeholder, $search_array, $authorid, $status, $cat, $searchquery, $orderby); $row_count_sql = $this->generateQuery("count", $range, $offset, $placeholder, $search_array, $authorid, $status, $cat, $searchquery, $orderby); if (databaseConnection()) { try { //Get the result data $search_statement = $connection->prepare($search_sql); $search_statement->execute($bindedVal); $data['result'] = $search_statement->fetchAll(PDO::FETCH_ASSOC); if ($skip_count == null) { //Get the total row count for pagination $count_statement = $connection->prepare($row_count_sql); $count_statement->execute($bindedVal); $data['row_count'] = count($count_statement->fetchAll(PDO::FETCH_ASSOC)); } //return showQuery($search_sql, $bindedVal); return $data; } catch (Exception $e) { var_dump($e); } } return null; }
function postRows() { $pdo = databaseConnection(); $sql = "SELECT TravelPost.PostID , TravelPostImages.ImageID, Path, Title, Message, PostTime, FirstName, LastName, TravelUserDetails.UID \n" . "FROM TravelPostImages\n" . "INNER JOIN TravelPost\n" . "ON TravelPostImages.PostID = TravelPost.PostID\n" . "INNER JOIN TravelUserDetails\n" . "ON TravelPost.UID = TravelUserDetails.UID\n" . "INNER JOIN TravelImage\n" . "ON TravelImage.ImageID = TravelPostImages.ImageID\n" . "ORDER BY `TravelPost`.`PostID` ASC"; $result = $pdo->query($sql); $lastPostID = 0; foreach ($result as $statement) { if ($statement['PostID'] != $lastPostID) { $statement['FirstName'] = utf8_encode($statement['FirstName']); $statement['LastName'] = utf8_encode($statement['LastName']); $name = $statement['FirstName'] . " " . $statement['LastName']; $concatMsg = substr($statement['Message'], 0, 197); $concatMsg = utf8_encode($concatMsg); $concatMsg = $concatMsg . "..."; $PostTime = substr($statement['PostTime'], 0, 10); echo "<div class='row'>" . " <div class='col-md-2'>"; echo "<a href='single-image.php?id=" . $statement['ImageID'] . "'>"; echo "<img src='travel-images/square-medium/" . $statement['Path'] . "' alt='" . $statement['Title'] . "' class='img-thumbnail'/></a>"; echo "</div>" . "<div class='col-md-10'>" . "<h2>" . $statement['Title'] . "</h2>"; echo "<div class='details'>" . "Posted by <a href='single-user.php?id=" . $statement['UID'] . "'>" . $name . "</a>"; echo "<span class='pull-right'>" . $PostTime . "</span>" . " </div>" . "<p class='excerpt'>"; echo $concatMsg . "</p> <p>"; echo "<a href='single-post.php?id=" . $statement['PostID'] . "' class='btn btn-primary btn-sm'>Read more</a>"; echo "</p></div></div><hr/>"; $lastPostID++; } } $pdo = null; }