/** * Create a new object for future insertion. Each argument is a value for a column in the database. * @param DAO $dao a reference to a instance of DAO * @param string $table the name of the table of this object * @param array $assoc the associative array describing the properties of this object * @return DataObject A new DataObject instance with the variables specified in $assoc which can * be committed to the table $table. */ static function create($dao, $table, $assoc) { $obj = new DataObject(); $obj->table = $table; $obj->dao = $dao; //Reference to the dao stored $obj->update = false; //This will be inserted on commit foreach ($assoc as $key => $arg) { $obj->{$key} = $dao->escape($arg); } return $obj; }
<?php include "script/util/mysql.php"; include "script/util/redirect.php"; $dao = new DAO(false); $rnd = $dao->escape($_GET["rnd"]); //Delete the confirmation //Fix the users email! //Find the user id first $confirmation = DataObject::select_one($dao, "confirmation", array("conf_id", "user_id"), array("conf_rnd" => $rnd)); if ($confirmation != NULL) { $user_id = $confirmation->user_id; //Then delete the confirmation if ($confirmation->delete()) { //Find the user that it relates to $user = DataObject::select_one($dao, "user", array("user_id", "user_email"), array("user_id" => $user_id)); if ($user != NULL) { $user_email = $user->user_email; //Correct their email to enable login $space_pos = strpos($user_email, " ") + 1; $user_email = substr($user_email, $space_pos); //Take everything after space //Change and commit $user->user_email = $user_email; if ($user->commit()) { redirect("welcome/?m=10"); } else { //Faliure to change the user's email //User should be deleted so they can register again $user->delete(); redirect("welcome/?m=6");
<?php include "../util/session.php"; include "../util/session_var.php"; include_once "../util/mysql.php"; //Return posts from a certain cohort $query = ""; $dao = new DAO(false); $page_from = "0"; if (!(isset($_POST["post_id"]) || isset($_POST["comment_id"]))) { $page_from = $dao->escape($_POST["page_from"]); $page_to = $dao->escape($_POST["page_to"]); $PAGE_LENGTH = 10; $limit = "LIMIT " . $page_from * $PAGE_LENGTH . "," . ($page_to - $page_from) * $PAGE_LENGTH; } $hidden = "(post.post_id in(SELECT post_id FROM hidden_post WHERE user_id=\"{$user->user_id}\"))"; $can_vote = "!(post.post_id in(SELECT post_id FROM post_vote WHERE user_id=\"{$user->user_id}\"))"; $properties = "post.post_id,user.user_id,post.post_time,post.post_content,post.post_rating_up,post.post_rating_dn,user.user_name,user.user_picture,{$hidden} AS post_is_hidden,{$can_vote} AS can_vote"; if (isset($_POST["comment_id"])) { $comment = DataObject::select_one($dao, "comment", array("comment_id", "post_id"), array("comment_id" => $_POST["comment_id"])); if ($comment) { $post_id = $comment->post_id; } $query = "SELECT {$properties} FROM post JOIN user ON user.user_id=post.user_id WHERE post_id=\"{$post_id}\" ORDER BY post_time;"; } else { if (isset($_POST["post_id"])) { $post_id = $dao->escape($_POST["post_id"]); $query = "SELECT {$properties} FROM post JOIN user ON user.user_id=post.user_id WHERE post_id=\"{$post_id}\" ORDER BY post_time;"; } else { if (isset($selected_user)) { $query = "SELECT {$properties} FROM post JOIN user ON user.user_id=post.user_id WHERE post.group_id=\"-1\" AND post.user_id=\"{$selected_user->user_id}\" ORDER BY post_time DESC {$limit};";
<?php //Get all the members of a group given a group_id include_once "../util/mysql.php"; $dao = new DAO(false); $group_id = $dao->escape($_POST["group_id"]); $query = "SELECT user.user_id,user.user_picture,user.user_name FROM grouping JOIN user ON user.user_id=grouping.user_id WHERE grouping.group_id=\"{$group_id}\";"; $dao->myquery($query); echo $dao->fetch_json_part(array("user_id", "user_picture", "user_name"));
<?php include_once "../util/mysql.php"; $dao = new DAO(false); $uni_id = $dao->escape($_GET["university_id"]); $course = $dao->escape($_GET["course"]); $course = strtolower($course); //Take the query and return a json list of courses that might match this one $dao->myquery("SELECT course_id,course_name FROM course WHERE LOWER(course_name) LIKE '%{$course}%' AND university_id = '{$uni_id}';"); echo $dao->fetch_json_part(array("course_id", "course_name"));
<?php //Confirm password reset and display reset form //If the checksum matches, then the user is presented a password reset dialogue for them to enter a new one. // The password is reset and they are directed to the login page. //Otherwise // Send back to login page include "../script/util/constants.php"; include "../script/util/mysql.php"; include "../script/util/redirect.php"; include "../script/mail/send.php"; $dao = new DAO(false); $user = new stdClass(); $user->user_id = $dao->escape($_GET["user_id"]); $conf_rnd = $dao->escape($_GET["conf_rnd"]); ?> <!DOCTYPE HMTL> <html> <head> <style> * { font-family: Arial, sans-serif; font-size:14px; } </style> <script type="text/javascript" src="../jquery.js"></script> <script type="text/javascript"> function id(element) { return document.getElementById(element); }
<?php include "../util/session.php"; include_once "../util/mysql.php"; include "../util/redirect.php"; $f = "../img/dp1.jpg"; if (isset($_GET["user_id1"])) { $dao = new DAO(false); $user_id1 = $dao->escape($_GET["user_id1"]); $dao->myquery("SELECT user_picture FROM user WHERE user_id=\"{$user_id1}\";"); $user1 = $dao->fetch_one_obj_part(array("user_picture")); $f = "../profile_pictures/" . $user1->user_picture; if (!$user1->user_picture || !file_exists($f)) { $f = "../img/dp1.jpg"; } header('Content-Type: image/jpeg'); header("Content-Disposition: inline; filename=\"{$user1->user_picture}\""); readfile($f); }
<?php //Unhide a post that has been hidden include "../util/session.php"; include_once "../util/mysql.php"; include "../util/status.php"; $dao = new DAO(false); if (isset($_GET["post_id"])) { $post_id = $dao->escape($_GET["post_id"]); $hidden_post = DataObject::select_one($dao, "hidden_post", array("hide_id"), array("post_id" => $post_id, "user_id" => $user->user_id)); if ($hidden_post) { $result = $hidden_post->delete(); if ($result) { echo Status::json(0, "Post unhidden"); } else { echo Status::json(1, "Post could not be unhidden"); } } else { echo Status::json(2, "Post not hidden"); } } else { echo Status::json(3, "No post id"); }
<?php include_once "../util/mysql.php"; include "../util/session.php"; $dao = new DAO(false); $name = $dao->escape($_POST["q"]); $name = trim(strtolower($name)); if ($name != "") { //Find the select the cohort, course and university of the user $query = "SELECT cohort.cohort_id,course.course_id,university.university_id FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE user_id=\"{$user->user_id}\";"; $dao->myquery($query); $row = $dao->fetch_one(); $cohort_id = $row["cohort_id"]; $course_id = $row["course_id"]; $university_id = $row["university_id"]; if (isset($_POST["group_id"])) { $group_id = $dao->escape($_POST["group_id"]); $not_in_group = "AND NOT EXISTS(SELECT grouping_id FROM grouping WHERE user.user_id=grouping.user_id AND grouping.group_id=\"{$group_id}\")"; } else { $not_in_group = ""; } //Take the query and return a json list of courses that might match this one $dao->myquery("SELECT user_id,user_name,cohort_start,course_name,university_name,user_picture FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE (cohort.cohort_id=\"{$cohort_id}\" OR " . "course.course_id=\"{$course_id}\" OR " . "university.university_id=\"{$university_id}\") AND " . "LOWER(user_name) LIKE \"%{$name}%\" AND user_id!=\"{$user->user_id}\" {$not_in_group};"); echo $dao->fetch_json(); } else { echo "[]"; }
<?php if (isset($selected_user)) { unset($selected_user); } if ($logged_in && isset($_GET["user_id"])) { $dao = new DAO(false); $user_request = $dao->escape($_GET["user_id"]); $properties = array("user_id", "user_name", "user_picture", "course_name", "university_name"); $dao->myquery("SELECT " . implode(",", $properties) . " FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON course.university_id=university.university_id WHERE user_id=\"{$user_request}\";"); if ($dao->fetch_num_rows() > 0) { //User exists $selected_user = $dao->fetch_one_obj_part($properties); $friends_query = "SELECT * FROM connection WHERE (user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\") OR " . "(user_id2=\"{$user->user_id}\" AND user_id1=\"{$selected_user->user_id}\");"; $dao->myquery($friends_query); $is_friend = $dao->fetch_num_rows() != 0 || $selected_user->user_id == $user->user_id || $selected_user->user_id == 1; // I am friends with myself $selected_user->is_friend = $is_friend; $dao->myquery("SELECT * FROM friend_request WHERE user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\";"); $selected_user->request_sent = $dao->fetch_num_rows() != 0; $_SESSION["selected_user"] = $selected_user; unset($_SESSION["selected_cohort"]); } }
<?php include_once "../util/mysql.php"; include "../util/pwd.php"; $dao = new DAO(true); $user_password = $dao->escape(salt($_POST["user_password"])); $user->user_id = $dao->escape($_POST["user_id"]); $conf_rnd = $dao->escape($_POST["conf_rnd"]); $query = "SELECT * FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";"; $dao->myquery($query); if ($dao->fetch_num_rows() == 1) { $query = "DELETE FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";"; $dao->myquery($query); $new_password_query = "UPDATE user SET user_password=\"{$user_password}\" WHERE user_id=\"{$user->user_id}\";"; $dao->myquery($new_password_query); } ?>
<?php include "../util/session.php"; include "../util/redirect.php"; include "../util/pwd.php"; include_once "../util/mysql.php"; $redirect = "/"; if (isset($_POST["r"]) && $_POST["r"] != "") { $redirect = htmlspecialchars($_POST["r"]); } if (isset($_POST["user_email"]) && isset($_POST["user_password"]) && $_POST["user_email"] != "" && $_POST["user_password"] != "") { $dao = new DAO(); $user_email = $dao->escape($_POST["user_email"]); $user_password = $dao->escape(salt($_POST["user_password"])); $user_query = "SELECT user_id,user_name,user_email,cohort_id,user_picture FROM user WHERE user_email=\"{$user_email}\" AND user_password=\"{$user_password}\";"; $dao->myquery($user_query); if ($dao->fetch_num_rows() == 1) { $_SESSION["user"] = $dao->fetch_one_obj_part(array("user_id", "user_name", "user_email", "cohort_id", "user_picture")); unset($_SESSION["selected_user"]); redirect($redirect); //Go to the redirect link } else { redirect("../../welcome/?&m=2&r=" . $redirect . "&user_email=" . htmlspecialchars($user_email)); } } else { redirect("../../welcome/?m=3" . (isset($_POST["user_email"]) ? "&user_email=" . $_POST["user_email"] : "") . "&r=" . $redirect); }
<?php if ($logged_in) { $dao = new DAO(false); if (isset($_GET["cohort_id"])) { $cohort_request = $dao->escape($_GET["cohort_id"]); if ($cohort_request == $user->cohort_id) { $dao->myquery("SELECT cohort_id,cohort.group_id,group_name,cohort_start,course.course_name,university.university_name FROM cohort \n\t\t\t\t\tJOIN course ON cohort.course_id=course.course_id \n\t\t\t\t\tJOIN university ON university.university_id=course.university_id\n\t\t\t\t\tJOIN user_group ON cohort.group_id=user_group.group_id WHERE cohort_id=\"{$cohort_request}\";"); $row = $dao->fetch_one_obj(); if ($dao->fetch_num_rows() > 0) { //It exists $selected_group = new stdClass(); $selected_group->cohort_id = $row->cohort_id; $selected_group->course_name = $row->course_name; $selected_group->university_name = $row->university_name; $selected_group->group_id = $row->group_id; $selected_group->group_name = $row->course_name . " at " . $row->university_name . " " . date("Y", strtotime($row->cohort_start)); $selected_group->can_be_added_to = false; $d = new DateTime($row->cohort_start); $selected_group->cohort_start = $d->format('jS F Y'); $selected_group->posting_enabled = $selected_group->cohort_id == $user->cohort_id; $_SESSION["selected_group"] = $selected_group; unset($_SESSION["selected_user"]); } } else { redirect("../"); } } }
<?php include "../util/pwd.php"; include_once "../util/mysql.php"; include "../util/redirect.php"; include "../mail/send.php"; $dao = new DAO(false); if (isset($_POST["user_name"]) && isset($_POST["user_email"]) && isset($_POST["user_password"]) && isset($_POST["university_id"]) && isset($_POST["course_id"]) && isset($_POST["start_year"]) && isset($_POST["start_month"])) { $user_name = $dao->escape($_POST["user_name"]); $user_email = $dao->escape($_POST["user_email"]); $user_password = $dao->escape(salt($_POST["user_password"])); $university_id = $dao->escape($_POST["university_id"]); $course_id = $dao->escape($_POST["course_id"]); $cohort_start = $dao->escape($_POST["start_year"]) . "-" . $dao->escape($_POST["start_month"]) . "-1"; //Checks // - Email is unique // - Email confirmation // - Cohort exists or not? $dao->myquery("SELECT user_email FROM user WHERE user_email LIKE \"%{$user_email}\";"); if ($dao->fetch_num_rows() == 0) { //Insert the user into the database, and retreive the user_id $cohort = DataObject::select_one($dao, "cohort", array("cohort_id", "group_id"), array("cohort_start" => $cohort_start, "course_id" => $course_id)); if (!$cohort) { //Cohort does not exist, insert it $group = DataObject::create($dao, "user_group", array("group_name" => "Cohort {$cohort_id} Group")); $group->commit(); $group_id = $group->get_primary_id(); $cohort = DataObject::create($dao, "cohort", array("course_id" => $course_id, "group_id" => $group_id, "cohort_start" => $cohort_start)); $cohort->commit(); } $uncomfirmed = salt($user_email);
<?php if ($logged_in) { $dao = new DAO(false); if (isset($_GET["group_id"])) { $group_request = $dao->escape($_GET["group_id"]); $user_in_group = NULL != DataObject::select_one($dao, "grouping", array("grouping_id"), array("group_id" => $group_request, "user_id" => $user->user_id)); if ($user_in_group) { $row = DataObject::select_one($dao, "user_group", array("group_id", "group_name"), array("group_id" => $group_request)); if ($row) { $selected_group = new stdClass(); $selected_group->group_id = $row->group_id; $selected_group->group_name = stripslashes($row->group_name); $selected_group->posting_enabled = true; $selected_group->can_be_added_to = true; $_SESSION["selected_group"] = $selected_group; unset($_SESSION["selected_user"]); } else { redirect("../"); } } else { redirect("../"); } } }
<!DOCTYPE> <html><head><style>*{font-family: Arial,sans-serif}</style></head><body> <?php include "../script/util/mysql.php"; include "../script/util/redirect.php"; if (isset($_POST["user_email"])) { include "../script/mail/send.php"; $dao = new DAO(false); $user_email = $dao->escape($_POST["user_email"]); $query = "SELECT user_email,user_id,user_name FROM user WHERE user_email=\"{$user_email}\";"; $dao->myquery($query); if ($dao->fetch_num_rows() == 1) { //Store intent to reset in the database with a checksum as the old password? $user = $dao->fetch_one_obj(); $names = explode(" ", $user->user_name); if (count($names) == 0) { $user_first_name = $user->user_name; } else { $user_first_name = $names[0]; } $conf_rnd = md5("lsdfuh.uh3" . rand(0, 10000000) . "g.adugi213y"); $query = "INSERT INTO reset_request VALUES (NULL,\"{$user->user_id}\",\"{$conf_rnd}\")" . "ON DUPLICATE KEY UPDATE conf_rnd=\"{$conf_rnd}\";"; $dao->myquery($query); $body = "<p>Hello {$user_first_name},</p>" . "<p>It appears you are having trouble remembering your password for Unify. " . "As such, someone (hopefully you) has requested that you reset your password. " . "If you have no idea what's going on, feel free to take no further action, " . "it's possible someone entered your email by mistake or is dillberately trying to " . "confuse you. However, if you really do want to reset your password, click the " . "link below!</p>" . "<p><a href=\"http://unify.lukebarnard.co.uk/reset-password/confirm.php?user_id={$user->user_id}&conf_rnd={$conf_rnd}\">RESET YOUR PASSWORD</a></p>" . "<p>Best Wishes,<br>" . "The Unify Team</p>"; if (mail_message($user_email, "Password Reset", $body)) { echo "A message has been sent to your email account. When you get the email, click on the link it contains and you will be taken to a page where you can reset your password. "; } else { echo "Something has gone wrong when trying to email you. <a href=\".\">Try again?</a>"; } } else { echo "Your email could not be found in our database. Perhaps you made a mistake when typing it? <a href=\".\">Try again?</a>";