// Short-circuit if the client did not give us a date range. if (!isset($_POST['start']) || !isset($_POST['end'])) { die("Please provide a date range."); } $range_start = parseDateTime($_POST['start']); $range_end = parseDateTime($_POST['end']); $conexion = dbCon(2); $res = array(); // sleep(1000); $sql = "SELECT * FROM events WHERE user = "******""; /** ***************************************************************** to-do: add WHERE start > request.start AND start < request.end start: 2015-05-06 request.start: 2015-05-31 request.end: 2015-07-12 formats compatibles!? ****************************************************************/ if ($events = query_escaped($conexion, $sql)) { // echo "into if"; while ($event = mysqli_fetch_array($events)) { $event = new Event($event); if ($event->isWithinDayRange($range_start, $range_end)) { $res[] = $event->toArray(); } } } echo json_encode($res);
/** * * return negative values for errors, 0 for success, and >0 for other * **/ function login($login, $password) { $return = -1; //error not captured if ($dbAdmin = dbCon(0)) { $pas = hash('sha256', mysqli_real_escape_string($dbAdmin, $password)); $exists = query_escaped($dbAdmin, "SELECT id, login FROM user WHERE login = '******' AND password = '******' LIMIT 1;"); if (mysqli_num_rows($exists) == 1) { $user = mysqli_fetch_assoc($exists); if (session_start()) { if (isset($_SESSION['login'])) { //error session already started $return = -4; } else { $_SESSION['login'] = $user['login']; $_SESSION['id'] = $user['id']; $return = 0; //success login } } else { $return = -5; //error session can't be started } } else { $return = -3; //usuari no existent } } else { $return = -2; //error dbCon } return $return; }
/** * Return JSON object with all of user's events, with * - id * - parcela * - title * - start * - detalls * - realitzada * - user * * @param int $user user id whose events will be returned * * @return JSON array with events parameters, or error detail if fail. */ function getCultius($user) { if ($user == 0) { $conexion = dbCon(2); } else { $conexion = dbCon(1); } $res = array(); $cultius = query_escaped($conexion, "SELECT id, planta, data_ini, data_fi, parcela, user FROM cultiu WHERE user = {$user};"); if (mysqli_num_rows($cultius)) { // echo "into if"; while ($cultiu = mysqli_fetch_array($cultius)) { $data_ini = date('d/m/Y', strtotime($cultiu['data_ini'])); $data_fi = date('d/m/Y', strtotime($cultiu['data_fi'])); $res[$cultiu['id']] = array('id' => $cultiu['id'], 'planta' => $cultiu['planta'], 'data_ini' => $data_ini, 'data_fi' => $data_fi, 'parcela' => $cultiu['parcela']); } } else { $res["error"] = "No hi ha cultius de l'usuari {$user} a la BBDD"; } mysqli_close($conexion); return $res; }
/** * Receive validated and password and check it on DB. If success, set $_SESSION parameters and send user's workspace * * @param string $login new user's login * @param string $password new user's password * * @return int|array if success, array with user's workspace. If error, returns [-4, -1] */ function login($login, $password) { $return = -1; //error not captured if ($dbAdmin = dbCon(0)) { $pas = hash('sha256', mysqli_real_escape_string($dbAdmin, $password)); $exists = query_escaped($dbAdmin, "SELECT id, login FROM user WHERE login = '******' AND password = '******' LIMIT 1;"); if (mysqli_num_rows($exists) == 1) { $user = mysqli_fetch_assoc($exists); if (isset($_SESSION['login'])) { //error session already started $return = -4; } else { $_SESSION['login'] = $user['login']; $_SESSION['id'] = $user['id']; $return = getUserWS($user['id']); //success login } } else { $return = -3; //usuari o contrassenya incorrectes o no existents a la BD } mysqli_close($dbAdmin); } else { $return = -2; //error dbCon } return $return; }