<?php
include 'dbAccess.php';
header('Content-Type: application/json;charset=euc-kr');
$json = array();
if (!isset($_GET['id']) || !isset($_GET['ename'])) {
$json['code'] = 0;
$json['result'] = "parameter not exist";
echo json_encode($json);
die;
}
$id = $_GET['id'];
$ename = $_GET['ename'];
$pid = loadEname($conn, $ename);
$likes = split(" ", checkId($conn, $id));
$sw = false;
for ($i = 0; $i < count($likes); $i++) {
if ($likes[$i] == $ename) {
$likes[$i] = "";
$sw = true;
break;
}
}
if (!$sw) {
array_push($likes, $ename);
}
$str = "";
for ($i = 0; $i < count($likes); $i++) {
if ($likes[$i] != "") {
$str .= $likes[$i] . " ";
}
public function index($id)
{
if (checkId($id)) {
echo 'id=' . $id;
} else {
echo 'value=' . $id . ', isn\'t id';
}
}
function updateProducts($link)
{
if (isset($_POST['action']) && $_SESSION['role'] != 'guest') {
$name = mysqli_real_escape_string($link, $_POST['name']);
$desc = mysqli_real_escape_string($link, $_POST['description']);
$price = mysqli_real_escape_string($link, $_POST['price']);
$image = mysqli_real_escape_string($link, $_POST['image']);
$is_active = mysqli_real_escape_string($link, $_POST['is_active']);
$vendor = mysqli_real_escape_string($link, $_POST['vendor']);
$edit_date = date('Y-m-d H:i:s');
$id = isset($_POST['id']) ? mysqli_real_escape_string($link, $_POST['id']) : null;
if ($is_active != null && $name != null) {
$data = "`name`='{$name}',\n description='{$desc}',\n price='{$price}',\n image='{$image}',\n is_active='{$is_active}',\n vendor='{$vendor}',\n edit_date='{$edit_date}'";
if (checkId($link, $id) && $_SESSION['role'] == 'admin') {
$sql = "UPDATE products SET " . $data . " WHERE id={$id}";
} elseif ($_SESSION['role'] == 'admin' || $_SESSION['role'] == 'user') {
$id = isset($id) ? "id={$id}, " : '';
$sql = "INSERT INTO products SET {$id}" . $data;
}
mysqli_query($link, $sql);
}
}
}
<?php
include_once "../services/connect.php";
include_once "../services/common.php";
$isUpdate = isset($isUpdate) ? $isUpdate : $_POST['myprofile_flag'];
if ($isUpdate) {
$user_id = isset($user_id) ? $user_id : $_POST['user_id'];
$first_name = isset($first_name) ? $first_name : $_POST['first_name'];
$last_name = isset($last_name) ? $last_name : $_POST['last_name'];
$age = isset($age) ? $age : $_POST['age'];
$user_id = checkId($user_id);
$first_name = checkString($first_name);
$last_name = checkString($last_name);
$age = checkString($age);
$update_result = updateProfile($user_id, $first_name, $last_name, $age);
if ($update_result) {
$response = '{"status": "ok", "message": "The user profile has been updated successfully!"}';
} else {
$response = '{"status": "error", "message": "The user profile could not be updated. Please try again later."}';
}
echo $response;
}
function updateProfile($user_id, $first_name, $last_name, $age)
{
$sql = sprintf("UPDATE user SET first_name = '%s', last_name = '%s', age = '%s' WHERE user_id = %d", $first_name, $last_name, $age, $user_id);
return executeSql($sql);
}
if (checkId($user_id)) {
$task_progress_result = taskProgressByTaskIdUserId($task['task_id'], $user_id);
$task_progress_array = array("progress" => "0", "is_complete" => "0", "date_completed" => "");
while ($task_progress = mysql_fetch_array($task_progress_result)) {
$task_progress_array = array("progress" => $task_progress['progress'], "is_complete" => $task_progress['is_complete'], "date_completed" => $task_progress['date_completed']);
}
$task_array['task_progress'] = $task_progress_array;
} else {
$response = errorResponse("The user id provided is not valid");
}
}
$steps_array = array();
while ($step = mysql_fetch_array($step_result)) {
$step_array = array("id" => $step['step_id'], "name" => $step['name'], "brief_desc" => $step['brief_desc']);
if ($user_id) {
if (checkId($user_id)) {
$step_progress_result = stepProgressByStepIdUserId($step['step_id'], $user_id);
$step_progress_array = array("is_complete" => "0", "date_completed" => "");
while ($step_progress = mysql_fetch_array($step_progress_result)) {
$step_progress_array = array("is_complete" => $step_progress['is_complete'], "date_completed" => $step_progress['date_completed']);
}
$step_array['step_progress'] = $step_progress_array;
}
}
array_push($steps_array, $step_array);
}
$task_array['steps'] = $steps_array;
array_push($tasks_array, $task_array);
}
$response_array = array("status" => "ok", "module_id" => $module_id, "tasks" => $tasks_array);
$response = json_encode($response_array);
}
} else {
if ($module_id) {
if (checkId($module_id)) {
$response = moduleByModuleId($module_id);
} else {
$response = errorResponse("The module id provided is not valid");
}
} else {
if ($new_module) {
$user_id = intval($_POST['user_id']);
$module_id = intval($_POST['module_id']);
$progress = checkString($_POST['progress']);
$is_complete = checkString($_POST['is_complete']);
$date_completed = checkString($_POST['date_completed']);
if (checkId($user_id) && checkId($module_id)) {
$response = moduleUserProgress($user_id, $module_id, $progress, $is_complete, $date_completed);
}
} else {
$response = allModules($user_id);
}
}
}
echo $response;
function moduleByUserId($user_id)
{
$result = getModuleByUserId($user_id);
return formJson($result, "progress", 0);
}
function getModuleByUserId($user_id)
{
function databaseAdd($folderpath, $filename, $realitivePath)
{
global $database, $rootpath;
if (function_exists('finfo')) {
$finfo = new finfo(FILEINFO_MIME, "{$rootpath}/inc/magic");
$type = $finfo->file("{$folderpath}/{$filename}");
} else {
if (function_exists('mime_content_type') && mime_content_type("relay.php") != "") {
$type = mime_content_type("{$folderpath}/{$filename}");
} else {
if (!$GLOBALS['mime']) {
include_once "inc/mimetypehandler.class.php";
$GLOBALS['mime'] = new MimetypeHandler();
}
$type = $GLOBALS['mime']->getMimetype("{$filename}");
}
}
$size = get_size($folderpath . '/' . $filename);
$fileid = fileid($folderpath, $filename);
while (!checkId($fileid)) {
$fileid++;
}
$query = "insert into {$GLOBALS['tablePrefix']}filesystem set id=\"{$fileid}\",filename=\"{$filename}\",path=\"{$folderpath}\",rpath=\"{$realitivePath}\",type=\"{$type}\",size=\"{$size}\"";
$result = mysql_query($query, $database) or die(mysql_error());
chmod($folderpath . '/' . $filename, 0755);
touch($folderpath . '/' . $filename, $fileid);
}
}
}
$mes = 'データを編集しました';
// 新規登録
} else {
// データなし
if (is_array($data) && count($data) == 0) {
$registKey = 1;
} else {
// 最新ID取得
if (count($data) > 1) {
usort($data, 'cmpByIdDesc');
}
$registKey = (int) $data[0][0] + 1;
// ID重複チェック(連続投稿対策)
if (checkId($registKey) === false) {
$err['file'] = '連続投稿はできません';
break;
}
// 内容重複チェック
if (checkValue($form) === false) {
$err['file'] = '日付と内容が同じデータが既に入力されています';
break;
}
$data[] = array($registKey, $form['date'], $form['body']);
$mes = 'データを登録しました';
}
}
// データ保存
if ($res = putData($data)) {
$err['file'] = $res;
