<?php include 'dbAccess.php'; header('Content-Type: application/json;charset=euc-kr'); $json = array(); if (!isset($_GET['id']) || !isset($_GET['ename'])) { $json['code'] = 0; $json['result'] = "parameter not exist"; echo json_encode($json); die; } $id = $_GET['id']; $ename = $_GET['ename']; $pid = loadEname($conn, $ename); $likes = split(" ", checkId($conn, $id)); $sw = false; for ($i = 0; $i < count($likes); $i++) { if ($likes[$i] == $ename) { $likes[$i] = ""; $sw = true; break; } } if (!$sw) { array_push($likes, $ename); } $str = ""; for ($i = 0; $i < count($likes); $i++) { if ($likes[$i] != "") { $str .= $likes[$i] . " "; }
public function index($id) { if (checkId($id)) { echo 'id=' . $id; } else { echo 'value=' . $id . ', isn\'t id'; } }
function updateProducts($link) { if (isset($_POST['action']) && $_SESSION['role'] != 'guest') { $name = mysqli_real_escape_string($link, $_POST['name']); $desc = mysqli_real_escape_string($link, $_POST['description']); $price = mysqli_real_escape_string($link, $_POST['price']); $image = mysqli_real_escape_string($link, $_POST['image']); $is_active = mysqli_real_escape_string($link, $_POST['is_active']); $vendor = mysqli_real_escape_string($link, $_POST['vendor']); $edit_date = date('Y-m-d H:i:s'); $id = isset($_POST['id']) ? mysqli_real_escape_string($link, $_POST['id']) : null; if ($is_active != null && $name != null) { $data = "`name`='{$name}',\n description='{$desc}',\n price='{$price}',\n image='{$image}',\n is_active='{$is_active}',\n vendor='{$vendor}',\n edit_date='{$edit_date}'"; if (checkId($link, $id) && $_SESSION['role'] == 'admin') { $sql = "UPDATE products SET " . $data . " WHERE id={$id}"; } elseif ($_SESSION['role'] == 'admin' || $_SESSION['role'] == 'user') { $id = isset($id) ? "id={$id}, " : ''; $sql = "INSERT INTO products SET {$id}" . $data; } mysqli_query($link, $sql); } } }
<?php include_once "../services/connect.php"; include_once "../services/common.php"; $isUpdate = isset($isUpdate) ? $isUpdate : $_POST['myprofile_flag']; if ($isUpdate) { $user_id = isset($user_id) ? $user_id : $_POST['user_id']; $first_name = isset($first_name) ? $first_name : $_POST['first_name']; $last_name = isset($last_name) ? $last_name : $_POST['last_name']; $age = isset($age) ? $age : $_POST['age']; $user_id = checkId($user_id); $first_name = checkString($first_name); $last_name = checkString($last_name); $age = checkString($age); $update_result = updateProfile($user_id, $first_name, $last_name, $age); if ($update_result) { $response = '{"status": "ok", "message": "The user profile has been updated successfully!"}'; } else { $response = '{"status": "error", "message": "The user profile could not be updated. Please try again later."}'; } echo $response; } function updateProfile($user_id, $first_name, $last_name, $age) { $sql = sprintf("UPDATE user SET first_name = '%s', last_name = '%s', age = '%s' WHERE user_id = %d", $first_name, $last_name, $age, $user_id); return executeSql($sql); }
if (checkId($user_id)) { $task_progress_result = taskProgressByTaskIdUserId($task['task_id'], $user_id); $task_progress_array = array("progress" => "0", "is_complete" => "0", "date_completed" => ""); while ($task_progress = mysql_fetch_array($task_progress_result)) { $task_progress_array = array("progress" => $task_progress['progress'], "is_complete" => $task_progress['is_complete'], "date_completed" => $task_progress['date_completed']); } $task_array['task_progress'] = $task_progress_array; } else { $response = errorResponse("The user id provided is not valid"); } } $steps_array = array(); while ($step = mysql_fetch_array($step_result)) { $step_array = array("id" => $step['step_id'], "name" => $step['name'], "brief_desc" => $step['brief_desc']); if ($user_id) { if (checkId($user_id)) { $step_progress_result = stepProgressByStepIdUserId($step['step_id'], $user_id); $step_progress_array = array("is_complete" => "0", "date_completed" => ""); while ($step_progress = mysql_fetch_array($step_progress_result)) { $step_progress_array = array("is_complete" => $step_progress['is_complete'], "date_completed" => $step_progress['date_completed']); } $step_array['step_progress'] = $step_progress_array; } } array_push($steps_array, $step_array); } $task_array['steps'] = $steps_array; array_push($tasks_array, $task_array); } $response_array = array("status" => "ok", "module_id" => $module_id, "tasks" => $tasks_array); $response = json_encode($response_array);
} } else { if ($module_id) { if (checkId($module_id)) { $response = moduleByModuleId($module_id); } else { $response = errorResponse("The module id provided is not valid"); } } else { if ($new_module) { $user_id = intval($_POST['user_id']); $module_id = intval($_POST['module_id']); $progress = checkString($_POST['progress']); $is_complete = checkString($_POST['is_complete']); $date_completed = checkString($_POST['date_completed']); if (checkId($user_id) && checkId($module_id)) { $response = moduleUserProgress($user_id, $module_id, $progress, $is_complete, $date_completed); } } else { $response = allModules($user_id); } } } echo $response; function moduleByUserId($user_id) { $result = getModuleByUserId($user_id); return formJson($result, "progress", 0); } function getModuleByUserId($user_id) {
function databaseAdd($folderpath, $filename, $realitivePath) { global $database, $rootpath; if (function_exists('finfo')) { $finfo = new finfo(FILEINFO_MIME, "{$rootpath}/inc/magic"); $type = $finfo->file("{$folderpath}/{$filename}"); } else { if (function_exists('mime_content_type') && mime_content_type("relay.php") != "") { $type = mime_content_type("{$folderpath}/{$filename}"); } else { if (!$GLOBALS['mime']) { include_once "inc/mimetypehandler.class.php"; $GLOBALS['mime'] = new MimetypeHandler(); } $type = $GLOBALS['mime']->getMimetype("{$filename}"); } } $size = get_size($folderpath . '/' . $filename); $fileid = fileid($folderpath, $filename); while (!checkId($fileid)) { $fileid++; } $query = "insert into {$GLOBALS['tablePrefix']}filesystem set id=\"{$fileid}\",filename=\"{$filename}\",path=\"{$folderpath}\",rpath=\"{$realitivePath}\",type=\"{$type}\",size=\"{$size}\""; $result = mysql_query($query, $database) or die(mysql_error()); chmod($folderpath . '/' . $filename, 0755); touch($folderpath . '/' . $filename, $fileid); }
} } $mes = 'データを編集しました'; // 新規登録 } else { // データなし if (is_array($data) && count($data) == 0) { $registKey = 1; } else { // 最新ID取得 if (count($data) > 1) { usort($data, 'cmpByIdDesc'); } $registKey = (int) $data[0][0] + 1; // ID重複チェック(連続投稿対策) if (checkId($registKey) === false) { $err['file'] = '連続投稿はできません'; break; } // 内容重複チェック if (checkValue($form) === false) { $err['file'] = '日付と内容が同じデータが既に入力されています'; break; } $data[] = array($registKey, $form['date'], $form['body']); $mes = 'データを登録しました'; } } // データ保存 if ($res = putData($data)) { $err['file'] = $res;