public static function createDBUser($username, $password = "", $host = "localhost") { if (!IsSanitized::variable($username)) { return false; } if (!IsSanitized::variable($host, ".:")) { return false; } // Note: If you're getting an "access violation" error here, you can post this exact query to another system // (such as Navicat) and it will work fine. Not sure why it's failing here. Database::query('GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO "' . $username . '"@"' . $host . '" IDENTIFIED BY ? WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;', array($password)); $user = Database::selectValue("SELECT user FROM mysql.user WHERE user=?", array($username)); return $user !== false ? true : false; }
public static function copy($sourceTable, $destinationTable, $sqlWhere = "", $sqlArray = array(), $limit = 1000, $move = false) { // Protect Tables if (!IsSanitized::variable($destinationTable) or !IsSanitized::variable($sourceTable)) { return false; } // Make sure the backup table exists Database::exec("CREATE TABLE IF NOT EXISTS " . $destinationTable . " LIKE " . $sourceTable); // Begin the Database_Transfer Database::startTransaction(); // Insert Rows into Database_Transfer Table Database::query("INSERT INTO " . $destinationTable . " SELECT * FROM " . $sourceTable . ($sqlWhere != "" ? " WHERE " . Sanitize::variable($sqlWhere, " ,`!=<>?()") : "") . ($limit ? ' LIMIT ' . (int) $limit : ''), $sqlArray); $newCount = Database::$rowsAffected; if ($move === true) { // Delete Rows from Original Table (if applicable) Database::query("DELETE FROM " . $sourceTable . ($sqlWhere != "" ? " WHERE " . Sanitize::variable($sqlWhere, " ,`!=<>?()") : ""), $sqlArray); // If the number of inserts matches the number of deletions, commit the transaction return Database::endTransaction($newCount == Database::$rowsAffected); } return Database::endTransaction(); }
public static function email($email) { // Make sure the email doesn't contain illegal characters $illegalChars = Sanitize::email($email, "", true); if ($illegalChars != array()) { Alert::error("Validate Email", "The email does not allow: " . self::announceIllegalChars($illegalChars), 3); return false; } // Make sure the email has an "@" if (strpos($email, "@") === false) { Alert::error("Validate Email", "Email improperly formatted: doesn't include an @ character.", 3); return false; } // Prepare Values $emailData = array(); $exp = explode("@", $email); $emailData['full'] = $email; $emailData['username'] = $exp[0]; $emailData['domain'] = $exp[1]; $lenEmail = strlen($email); $lenUser = strlen($emailData['username']); $lenDomain = strlen($emailData['domain']); // Check if the email is too long if ($lenEmail > 72) { Alert::error("Validate Email", "Email is over 72 characters long.", 1); return false; } // Check if the username is too long if ($lenUser < 1 or $lenUser > 50) { Alert::error("Validate Email", "Email username must be between 1 and 50 characters.", 2); return false; } // Check if the domain is too long if ($lenDomain < 1 or $lenDomain > 50) { Alert::error("Validate Email", "Email domain must be between 1 and 50 characters.", 2); return false; } // Check for valid emails with the username if ($emailData['username'][0] == '.' or $emailData['username'][$lenUser - 1] == '.') { Alert::error("Validate Email", "Email username cannot start or end with a period.", 5); return false; } // Username cannot have two consecutive dots if (strpos($emailData['username'], "..") !== false) { Alert::error("Validate Email", "Email username cannot contain two consecutive periods.", 5); return false; } // Check the domain for valid characters if (!IsSanitized::variable($emailData['domain'], "-.")) { Alert::error("Validate Email", "Email domain was not properly sanitized.", 3); return false; } // The email was successfully validated return true; }