Esempio n. 1
0
 /**
  * Register a new user if username doesn't already exist
  *
  * @param \model\RegisterUser $credential
  * @param \model\IregisterListener $listener
  * @return bool
  */
 public function doRegister(\model\RegisterUser $credential, model\IregisterListener $listener)
 {
     $username = $credential->getUsername();
     $records = new Db();
     $records->query('SELECT username,password FROM users WHERE username = :username');
     $records->bind(':username', $username);
     $records->resultset();
     if ($records->rowCount() > 0) {
         $listener->userExist("RegisterModel::UserAlreadyExistException");
     } else {
         $password = password_hash($credential->getPassword(), PASSWORD_BCRYPT);
         $records->query('INSERT INTO users (username, password) VALUES (:username, :password)');
         $records->bind(':username', $username);
         $records->bind(':password', $password);
         $records->execute();
         $_SESSION[self::$newUsername] = $username;
         return true;
     }
 }
Esempio n. 2
0
 /**
  * Login user
  *
  * @param \model\User $credential
  * @return bool
  */
 public function doLogin(\model\User $credential)
 {
     $username = $credential->getUsername();
     $password = $credential->getPassword();
     $records = new \Db();
     $records->query('SELECT username, password FROM users WHERE BINARY username = :username');
     $records->bind(':username', $username);
     $results = $records->single();
     if (count($results) > 0 && password_verify($password, $results['password'])) {
         return $this->sessionStorage->set(SessionStorage::$auth, $username);
     } else {
         return false;
     }
 }
Esempio n. 3
0
    $SQL .= " AND id<:id";
    $db->bind("id", $_SESSION[$cat]);
}
$db->bind("initial", $initial);
$db->bind("final", $final);
$SQL .= " LIMIT :initial, :final";
$posts = $db->query($SQL);
if (!isset($_SESSION[$cat])) {
    $_SESSION[$cat] = $posts[0]['id'];
}
//SI ESTA LOGEADO SE AÑADE EL CAMPO likable AL ARRAY
if (isset($_SESSION['username'])) {
    $db = new Db();
    $user = $_SESSION['username'];
    foreach ($posts as &$p) {
        $id = $p['id'];
        $db->bind("id", $id);
        $db->bind("user", $user);
        $liked = $db->query("SELECT id FROM likes WHERE postId = :id AND username = :user");
        if ($liked) {
            $likable = 0;
        } else {
            $likable = 1;
        }
        $p['likable'] = $likable;
        if (!$likable) {
            $p['likeId'] = $likeId;
        }
    }
}
echo json_encode($posts);
 public function invalidate_login_token($token)
 {
     Db::bind("token", $token);
     $response = Db::query("UPDATE login_tokens SET disabled='false' WHERE token=:token");
     if ($response) {
         return true;
     } else {
         return false;
     }
 }
        overflow: hidden;
        width: 250px;
    }

    .bar__percent {
        background: #222;
        float: right;
        height: 12px;
        width:100%;
    }
</style>

<?php 
$id = $_GET['id'];
$db = new Db();
$db->bind("id", $id);
$invoice = $db->query("SELECT * FROM invoices WHERE invoice_id = :id");
?>
    <?php 
foreach ($invoice as $key) {
    ?>

    <!-- .wrapper -->
    <div class="wrapper">
        <!-- .page -->
        <div class="page">
            <!-- .page__head -->
            <header class="page__head">
                <h2 class="page__title">Invoice #<?php 
    echo $id;
    ?>
Esempio n. 6
0
<?php

require "Db.class.php";
// Creates the instance
$db = new Db();
// 3 ways to bind parameters :
// 1. Read friendly method
$db->bind("firstname", "John");
$db->bind("age", "19");
// 2. Bind more parameters
$db->bindMore(array("firstname" => "John", "age" => "19"));
// 3. Or just give the parameters to the method
$db->query("SELECT * FROM Persons WHERE firstname = :firstname AND age = :age", array("firstname" => "John", "age" => "19"));
//  Fetching data
$person = $db->query("SELECT * FROM Persons");
// If you want another fetchmode just give it as parameter
$persons_num = $db->query("SELECT * FROM Persons", null, PDO::FETCH_NUM);
// Fetching single value
$firstname = $db->single("SELECT firstname FROM Persons WHERE Id = :id ", array('id' => '3'));
// Single Row
$id_age = $db->row("SELECT Id, Age FROM Persons WHERE firstname = :f", array("f" => "Zoe"));
// Single Row with numeric index
$id_age_num = $db->row("SELECT Id, Age FROM Persons WHERE firstname = :f", array("f" => "Zoe"), PDO::FETCH_NUM);
// Column, numeric index
$ages = $db->column("SELECT age FROM Persons");
// The following statemens will return the affected rows
// Update statement
$update = $db->query("UPDATE Persons SET firstname = :f WHERE Id = :id", array("f" => "Johny", "id" => "1"));
// Insert statement
//	$insert	 	=  $db->query("INSERT INTO Persons(Firstname,Age) 	VALUES(:f,:age)",array("f"=>"Vivek","age"=>"20"));
// Delete statement
Esempio n. 7
0
 /**
  * @return array
  */
 public function selectRowInDatabase()
 {
     $database = new Db();
     // use username from session if session isset or else use username from cookie
     $username = $this->isSessionSet() ? $_SESSION[self::$setSessionUser] : $_COOKIE['LoginView::CookieName'];
     $database->query('SELECT username ,cookie_password, coockie_date, browser FROM users WHERE username = :username');
     $database->bind(':username', $username);
     $row = $database->single();
     $var1 = $row['cookie_password'];
     $var2 = $row['coockie_date'];
     $var3 = $row['username'];
     $var4 = $row['browser'];
     return array($var1, $var2, $var3, $var4);
 }
 public function __construct($login_username, $login_password)
 {
     // Validate input
     $validated = false;
     $message = '';
     // Lazy validation, checking purely length. We sanitize later to prevent abuse.
     if (!isset($login_username, $login_password) || !(strlen($login_username) < 20) || !(strlen($login_password) < 100)) {
         $message = 'Please enter a valid username and password';
     } else {
         $validated = true;
     }
     // Validation complete
     if ($validated) {
         // Sanitize the username and password. Remove prefix and postfix spaces remove code tags and HTML encode special characters
         $login_username = filter_var(trim($login_username), FILTER_SANITIZE_STRING);
         $login_password = filter_var(trim($login_password), FILTER_SANITIZE_STRING);
         // Open database connection
         global $db;
         $db = new Db($db);
         // Check if username exists in the database
         $db->bind("username", $login_username);
         $ifexist = $db->single("SELECT * FROM users WHERE username = :username");
         if (!$ifexist) {
             $message = "This user does not exist!";
         } else {
             $db->bind("username", $login_username);
             // Query database for stored password hash
             $password_hash = $db->single("SELECT password FROM users WHERE username = :username");
             // Let PHP verify the hash and get user ID if password is correct
             if (password_verify($login_password, $password_hash)) {
                 $db->bind("username", $login_username);
                 $logged_in_id = $db->single("SELECT id FROM users WHERE username = :username");
             } else {
                 $message = "Wrong password";
             }
         }
         // Return error message if the above didn't result in a login
         if (!isset($logged_in_id)) {
             $message = $message . ' Login Failed';
         } else {
             $_SESSION['id'] = $logged_in_id;
             $this->logged_in_id = $logged_in_id;
             $message = 'Login succeeded';
         }
     }
     echo $message;
 }
Esempio n. 9
0
<?php

include_once "../includes/header.inc.php";
if (isset($PARAMS['username'])) {
    require_once "../Classes/Db.class.php";
    $db = new Db();
    $db->bind("username", $PARAMS['username']);
    $posts = $db->query("SELECT * FROM `view_posts_valoracion` where (reports<10 or reports<likes) AND username = :username");
    if ($posts) {
        echo json_encode(array("status" => "OK", "content" => $posts));
    } else {
        echo json_encode(array("status" => "ceroPosts"));
    }
} else {
    echo json_encode(array("status" => "wrongData"));
}
Esempio n. 10
0
    if ($post->variables) {
        $db = new Db();
        $liked = $db->query("select id from likes where postId= :id AND username = :username", array('id' => $PARAMS['id'], "username" => $_SESSION['username']));
        if ($liked) {
            $like = new Like();
            $like->Find($liked[0]['id']);
            $like->Delete();
            echo json_encode(array("status" => "OK"));
        } else {
            $like = new Like();
            $like->postId = $PARAMS['id'];
            $like->username = $_SESSION["username"];
            $like->Create();
            //AUTOVERIFICACION DE POST
            if ($autoverify) {
                $db->bind("id", $PARAMS['id']);
                $aux = $db->query("SELECT * FROM view_posts_valoracion WHERE id = :id");
                $aux = $aux[0];
                if ($aux['likes'] >= $minLikesToVerify && $aux['reports'] <= $maxReportToVerify && !$aux['verified']) {
                    $post->Find();
                    $post->verified = 1;
                    $post->Save();
                }
            }
            echo json_encode(array("status" => "OK"));
        }
    } else {
        echo json_encode(array("status" => "postNotFound"));
    }
} else {
    echo json_encode(array("status" => "wrongData"));
Esempio n. 11
0
<?php

include CHEMIN_LIB . 'Db.class.php';
$db = new Db();
$db->bind("type", "references");
$result['references'] = $db->query("SELECT * FROM `cadres` AS c \n\tLEFT JOIN `references` AS r \n\tON  c.id=r.id\n\tWHERE c.type = :type");
$db->bind("type", "autres");
$result['autres'] = $db->query("SELECT * FROM `cadres` AS c \n\tLEFT JOIN `autres` AS a \n\tON  c.id=a.id\n\tWHERE c.type = :type");
$result['reseaux-sociaux'] = $db->query("SELECT * FROM `reseaux-sociaux`");
$db->CloseConnection();
$fp = fopen('json/results.json', 'w');
$encode = json_encode($result);
//fputs($fp, $encode);
fwrite($fp, $encode . "\r\n", strlen($encode));
fclose($fp);