function findUserByUsernameOrEmail($usernameOrEmail) { $table = getTableQuote("users"); $query = "SELECT * FROM {$table} WHERE (username='******' OR email='{$usernameOrEmail}') AND active=1;"; $queryReturn = runQuery($query); $possibleUser = count($queryReturn) == 1 ? $queryReturn[0] : null; return $possibleUser; }
function getInviteKey($email) { $table = "invitations"; $sentInviteKey = runQuery("SELECT inviteKey FROM " . getTableQuote($table) . " WHERE email='{$email}';"); if (count($sentInviteKey) == 1) { $inviteKey = $sentInviteKey[0]['inviteKey']; } else { $inviteKey = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); } return $inviteKey; }
function getJoin($table1, $table2, $joinOn, $t1_constraints, $t2_constraints) { $t1_q = getTableQuote($table1); $t2_q = getTableQuote($table2); $jo = getJoinOn($table1, $table2, $joinOn); $tables = []; $tables[$table1] = $t1_constraints; $tables[$table2] = $t2_constraints; $con = getConstraintsWithTables($tables); $t2_columns = arrayToString(getColumnNamesWithTable($table2)); $query = "SELECT {$t1_q}.*, {$t2_columns} FROM {$t1_q} INNER JOIN {$t2_q} ON {$jo} {$con};"; return $query; }
function getJoin($table1, $table2, $joinOn, $t1_constraints, $t2_constraints) { $t1_q = getTableQuote($table1); $t2_q = getTableQuote($table2); $jo = getJoinOn($table1, $table2, $joinOn); $tables = []; $tables[$table1] = $t1_constraints; $tables[$table2] = $t2_constraints; $con = getConstraintsWithTables($tables); $t2_columns = arrayToString(getColumnNamesWithTable($table2)); $query = "SELECT " . $t1_q . ".*, " . $t2_columns . " FROM " . $t1_q . " INNER JOIN " . $t2_q . " ON " . $jo . " " . $con . ";"; return $query; }
<?php include_once '../config/config.php'; include_once $serverPath . 'utils/db_get.php'; $table = 'events'; if (!empty($_GET['id'])) { $id = $_GET['id']; echo json_encode(findById($table, $id)); } if (!empty($_GET['startDate']) && !empty($_GET['endDate'])) { $startDate = $_GET['startDate']; $endDate = $_GET['endDate']; $query = "Select * FROM " . getTableQuote($table) . " WHERE active='Yes' AND ((startDate <= {$endDate} AND endDate >= {$startDate}) \n\t\t\t\tOR (startDate=0 AND endDate >= {$startDate}) OR (startDate <= {$endDate} AND endDate=0) OR (startDate=0 AND endDate=0));"; echo json_encode(runQuery($query)); }
<?php session_start(); include_once '../config/config.php'; include_once $serverPath . 'utils/db/db_get.php'; $login_ok = false; if (!empty($_POST)) { if (!empty($_POST['username']) && !empty($_POST['password'])) { $table = "users"; $query = "SELECT * FROM " . getTableQuote($table) . " WHERE (username='******'username'] . "' OR email='" . $_POST['username'] . "')"; $user = runQuery($query); if (count($user) == 1) { $user = $user[0]; } if (isset($user['salt']) && isset($user['password']) && isset($user['username'])) { $check_password = hash('sha256', $_POST['password'] . $user['salt']); for ($round = 0; $round < 65536; $round++) { $check_password = hash('sha256', $check_password . $user['salt']); } if ($check_password === $user['password']) { // If they do, then we flip this to true $login_ok = true; } if ($login_ok) { unset($user['salt']); unset($user['password']); $_SESSION['user'] = $user; header("Location: " . $baseURL); die("Redirecting to: admin page"); } else { sendErrorMessage("Username not found or password is incorrect");
$stopFirewall = 'true'; $table = 'users'; if (empty($_GET['inviteKey'])) { header("Location: " . $baseURL); } $users = runQuery("SELECT email FROM " . getTableQuote('invitations') . " WHERE inviteKey='" . $_GET['inviteKey'] . "';"); if (count($users) > 0) { $email = $users[0]['email']; } else { header("Location: " . $baseURL); } if (!empty($_POST)) { $username = $_POST['username']; $password = $_POST['password']; if (!empty($email) && !empty($username) && !empty($password)) { $query = "SELECT username FROM " . getTableQuote($table) . " WHERE `username`='{$username}' OR `email`='{$email}';"; if (count(runQuery($query)) == 0) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { die("Invalid E-Mail Address"); } $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); $password = hash('sha256', $_POST['password'] . $salt); for ($round = 0; $round < 65536; $round++) { $password = hash('sha256', $password . $salt); } $data = ['email' => $email, 'password' => $password, 'salt' => $salt, 'username' => $username]; insert($table, $data); $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From:' . $webmasterMail . ' <' . $webmasterMail . '>' . "\r\n"; $message = "\n\t\t\t<html>\n\t\t\t<body>\n\t\t\t<p>Your account has been created for the Linger Martini Bar.</p>\n\t\t\t\t\t\n\t\t\t<p>Username: {$username}</p>\n\t\t\t\n\t\t\t</body>\n\t\t\t\n\t\t\t</html>\n\t\t\t";
<?php include_once '../../config/config.php'; include_once $serverPath . 'utils/db_post.php'; if (!empty($_GET['faceBookID'])) { $table = "photos"; $insert = "DELETE FROM " . getTableQuote($table) . " WHERE faceBookID=" . $_GET['faceBookID'] . ";"; runInsert($insert); } if (!empty($_GET['carousel_image_id'])) { $table = "carousel_images"; deleteFrom($table, $_GET['carousel_image_id']); }
<?php include_once '../config/config.php'; include_once $serverPath . 'utils/security/requireLogin.php'; include_once $serverPath . 'utils/db/db_get.php'; if (!empty($_GET['get'])) { $get = $_GET['get']; $table = "users"; if ($get == "myData") { $data = runQuery("SELECT first_name, last_name, id, admin, protected, username, email, assestDefaultAccess FROM " . getTableQuote($table) . " WHERE id='" . $_SESSION['user']['id'] . "';"); if (count($data) == 1) { echo json_encode($data[0]); } } else { if ($get == "defaultAccess") { $data = runQuery("SELECT assestDefaultAccess FROM " . getTableQuote($table) . " WHERE id='" . $_SESSION['user']['id'] . "';"); if (count($data) == 1) { echo json_encode($data[0]); } } } }
<?php include_once '../../config/config.php'; include_once $serverPath . 'admin/login/requireAdmin.php'; include_once $serverPath . 'utils/db_get.php'; echo json_encode(runQuery("SELECT id, username, email FROM " . getTableQuote('users') . " WHERE username='******'user']['username'] . "';"));
<?php include_once '../../config/config.php'; include_once $serverPath . 'admin/login/requireAdmin.php'; include_once $serverPath . 'utils/db_get.php'; $table = 'users'; if (!empty($_GET['get'])) { $get = $_GET['get']; if ($get == 'grid') { $query = "SELECT id, username, email, active FROM " . getTableQuote($table) . " WHERE protected != 1;"; echo json_encode(runQuery($query)); } }
function deleteFrom($table, $id) { $insert = "DELETE FROM " . getTableQuote($table) . " WHERE id=" . $id . ";"; runInsert($insert); }
function getConstraintsWithTable($table, $constraints) { $q_table = getTableQuote($table); foreach ($constraints as $columnName => $value) { $constraints[$q_table . "." . $columnName] = $value; unset($constraints[$columnName]); } return getConstraintBody($constraints); }
<?php include_once '../../config/config.php'; include_once $serverPath . 'admin/login/requireAdmin.php'; include_once $serverPath . 'utils/db_post.php'; include_once $serverPath . 'utils/db_get.php'; $table = 'users'; $_POST = json_decode(file_get_contents('php://input'), true); if (!empty($_POST)) { if (!empty($_POST['email']) && !empty($_POST['id']) && $_POST['id'] != $_SESSION['user']['id'] && ($_POST['active'] == 1 || $_POST['active'] == 0)) { $user = findById($table, $_POST['id']); if ($user['protected'] != '1') { $update = "Update " . getTableQuote($table) . " SET active=" . $_POST['active'] . " WHERE id=" . $_POST['id'] . ";"; runInsert($update); $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From:' . $webmasterMail . ' <' . $webmasterMail . '>' . "\r\n"; $activated = $_POST['active'] == 0 ? 'deactivated' : 'activated'; $link = $_POST['active'] == 1 ? '<p>Click here to login: <a href="' . $externalLink . 'admin/login/">Login</a></p>' : ''; $message = "\n\t\t\t\t\t<html>\n\t\t\t\t\t\t<body>\n\t\t\t\t\t\t<p>Your account has been {$activated}</p>\n\t\t\t\t\t\t{$link}\n\t\t\t\n\t\t\t\t\t</body>\n\t\t\t\n\t\t\t\t\t</html>\n\t\t\t\t\t"; $subject = "Your account has been {$activated} for The Linger Martini Bar"; mail($_POST['email'], $subject, $message, $headers); } } }
function getConstraintsWithTable($table, $constraints) { $q_table = getTableQuote($table); $constraint = ""; foreach ($constraints as $columnName => $value) { $c = getTableQuote($columnName); $constraint .= "{$q_table}.{$c} = {$value} AND "; } return cutString($constraint, 5); }