<?php //出力をUTF-8に設定 // mb_http_output ( 'UTF-8' ); require_once "_common.php"; $sObjectKind = $_POST['sObjectKind']; $sModifyObjectName = $_POST['sModifyObjectName']; $sSql = $_POST['sSql']; $sSqlErr = ""; //エスケープ文字変換 $sSql = stripslashes($sSql); $mysqlLink = dbCon($sDbHostName, $sDbUserName, $sDbPassword, $sDbName); if ($sModifyObjectName != "" && $sObjectKind != "View") { //PROCEDUREとFUNCTIONは、先にDROP文を実行する if ($sObjectKind == "Stored Procedure") { $sDropSql = "DROP PROCEDURE IF EXISTS " . $sModifyObjectName . ";"; } else { if ($sObjectKind = "Stored Function") { $sDropSql = "DROP FUNCTION IF EXISTS " . $sModifyObjectName . ";"; } } $rs = mysqli_query($mysqlLink, $sDropSql); if (!$rs) { $sSqlErr = mysqli_errno($mysqlLink) . ":" . mysqli_error($mysqlLink) . "\n"; } } $rs = mysqli_query($mysqlLink, $sSql); if (!$rs) { $sSqlErr .= mysqli_errno($mysqlLink) . ":" . mysqli_error($mysqlLink); } mysqli_close($mysqlLink);
<!DOCTYPE html> <html> <head> <title>Migrant Help Desk - Home</title> <?php require 'include/functions.inc'; ?> </head> <body> <?php require 'include/header.inc'; if (isset($_SESSION['userID'])) { header('Location: landing.php'); } ?> <div id="content"> <?php $pdo = dbCon(); ?> <form method='POST' id= 'loginForm' action=login.php name='login' > <input class='box' type='text' name='loginEmail' id='loginEmail' placeholder='Email'><br> <input class='box' type='password' name='loginPwd' id='loginPwd' placeholder='Password'><br> <input type='submit' value='Login'> </form> </div> </body> </html>
<?php require_once 'hortapp.dbLib.php'; require_once 'hortapp.events.utils.php'; // Short-circuit if the client did not give us a date range. if (!isset($_POST['start']) || !isset($_POST['end'])) { die("Please provide a date range."); } $range_start = parseDateTime($_POST['start']); $range_end = parseDateTime($_POST['end']); $conexion = dbCon(2); $res = array(); // sleep(1000); $sql = "SELECT * FROM events WHERE user = "******""; /** ***************************************************************** to-do: add WHERE start > request.start AND start < request.end start: 2015-05-06 request.start: 2015-05-31 request.end: 2015-07-12 formats compatibles!? ****************************************************************/ if ($events = query_escaped($conexion, $sql)) { // echo "into if"; while ($event = mysqli_fetch_array($events)) { $event = new Event($event); if ($event->isWithinDayRange($range_start, $range_end)) { $res[] = $event->toArray();
function getFieldName($sHostName, $sUserName, $sPassword, $sDbName, $sTableName) { $mysqlLink = dbCon($sHostName, $sUserName, $sPassword, $sDbName); $rs = mysqli_query($mysqlLink, D_SHOW_COLUMNS . $sTableName); if (!$rs) { print '<br><br>' . mysqli_errno($mysqlLink) . ':' . mysqli_error($mysqlLink) . '<br><br>'; die('SQLエラーが発生しました。'); } else { while ($rec = mysqli_fetch_assoc($rs)) { $arsName[] = $rec['Field']; } } mysqli_free_result($rs); mysqli_close($mysqlLink); return $arsName; }
/** * Return JSON object with all of user's events, with * - id * - parcela * - title * - start * - detalls * - realitzada * - user * * @param int $user user id whose events will be returned * * @return JSON array with events parameters, or error detail if fail. */ function getCultius($user) { if ($user == 0) { $conexion = dbCon(2); } else { $conexion = dbCon(1); } $res = array(); $cultius = query_escaped($conexion, "SELECT id, planta, data_ini, data_fi, parcela, user FROM cultiu WHERE user = {$user};"); if (mysqli_num_rows($cultius)) { // echo "into if"; while ($cultiu = mysqli_fetch_array($cultius)) { $data_ini = date('d/m/Y', strtotime($cultiu['data_ini'])); $data_fi = date('d/m/Y', strtotime($cultiu['data_fi'])); $res[$cultiu['id']] = array('id' => $cultiu['id'], 'planta' => $cultiu['planta'], 'data_ini' => $data_ini, 'data_fi' => $data_fi, 'parcela' => $cultiu['parcela']); } } else { $res["error"] = "No hi ha cultius de l'usuari {$user} a la BBDD"; } mysqli_close($conexion); return $res; }
/** * * return negative values for errors, 0 for success, and >0 for other * **/ function login($login, $password) { $return = -1; //error not captured if ($dbAdmin = dbCon(0)) { $pas = hash('sha256', mysqli_real_escape_string($dbAdmin, $password)); $exists = query_escaped($dbAdmin, "SELECT id, login FROM user WHERE login = '******' AND password = '******' LIMIT 1;"); if (mysqli_num_rows($exists) == 1) { $user = mysqli_fetch_assoc($exists); if (session_start()) { if (isset($_SESSION['login'])) { //error session already started $return = -4; } else { $_SESSION['login'] = $user['login']; $_SESSION['id'] = $user['id']; $return = 0; //success login } } else { $return = -5; //error session can't be started } } else { $return = -3; //usuari no existent } } else { $return = -2; //error dbCon } return $return; }
/** * Receive validated and password and check it on DB. If success, set $_SESSION parameters and send user's workspace * * @param string $login new user's login * @param string $password new user's password * * @return int|array if success, array with user's workspace. If error, returns [-4, -1] */ function login($login, $password) { $return = -1; //error not captured if ($dbAdmin = dbCon(0)) { $pas = hash('sha256', mysqli_real_escape_string($dbAdmin, $password)); $exists = query_escaped($dbAdmin, "SELECT id, login FROM user WHERE login = '******' AND password = '******' LIMIT 1;"); if (mysqli_num_rows($exists) == 1) { $user = mysqli_fetch_assoc($exists); if (isset($_SESSION['login'])) { //error session already started $return = -4; } else { $_SESSION['login'] = $user['login']; $_SESSION['id'] = $user['id']; $return = getUserWS($user['id']); //success login } } else { $return = -3; //usuari o contrassenya incorrectes o no existents a la BD } mysqli_close($dbAdmin); } else { $return = -2; //error dbCon } return $return; }