function process_image()
{
global $target_path;
global $clickFlag;
global $con;
global $dUsername;
global $dFullname;
$clickFlag = "You did not upload any file";
if (isset($_FILES["passport"]["name"])) {
$file_name = $_FILES["passport"]["name"];
if ($_FILES["passport"]["error"] > 0) {
echo "Error in the following file " . $file_name . ":" . $_FILES["passport"]["error"] . "<br />";
} elseif ($_FILES["passport"]["error"] <= 0) {
$temp_name = $_FILES["passport"]["tmp_name"];
$imgtype = $_FILES["passport"]["type"];
$ext = getImageExtension($imgtype);
$imgname = $dFullname . $ext;
$target_path = "upload/" . $imgname;
$insert_picture = "UPDATE user_profile SET Passport = '" . mysqli_escape_string($con, $target_path) . "' WHERE Username = '******'";
if (!mysqli_query($con, $insert_picture)) {
echo mysqli_error($con);
}
if (move_uploaded_file($temp_name, $target_path)) {
return true;
}
} else {
return false;
}
} else {
global $NoFileError;
$NoFileError = "You did not upload any file";
}
}
function save_kmeans_data($result_kmeans, $user)
{
$insert = null;
$link = (require 'MySQL/ConnectionDB.php');
mysqli_query($link, "DELETE FROM Kmeans_Data WHERE user_id = {$user}");
$query = "INSERT INTO Kmeans_Data (user_id, centroid, ctg_id, number_likes) VALUES";
foreach ($result_kmeans as $ctg => $category) {
foreach ($category as $cnt => $value) {
foreach ($value as $key => $num) {
$insert .= "('" . mysqli_escape_string($link, $user) . "', " . "'" . mysqli_escape_string($link, $cnt) . "', " . "'" . mysqli_escape_string($link, $num[0]) . "', " . "'" . mysqli_escape_string($link, $num[1]) . "'),";
}
}
}
if ($insert != "") {
$insert = substr($insert, 0, strlen($insert) - 1);
$insert .= ";";
}
$query .= $insert;
if ($insert) {
$entry = mysqli_query($link, $query);
if (!$entry) {
die('Could not entered data k-means' . mysql_error());
}
}
mysqli_close($link);
}
public function loginAction($twig, $params)
{
if (is_authorized()) {
header("Location: /");
} else {
if (empty($_POST['confirm'])) {
$_POST['confirm'] = 0;
}
if ($_POST['confirm'] == 1) {
if (!empty($_POST['login'])) {
$login = mysqli_escape_string($this->dbConnect, $_POST['login']);
$password = md5($_POST['password']);
$query = mysqli_query($this->dbConnect, "select id, login, smena from users where login = '******' and passwd = '{$password}'");
if (mysqli_num_rows($query) > 0) {
$result = mysqli_fetch_assoc($query);
$_SESSION['user_id'] = $result['id'];
$_SESSION['user_fio'] = $result['login'];
$_SESSION['user_smena'] = $result['smena'];
header("Location: /");
} else {
echo $twig->render('login.html.twig', array('error' => 'Bad credentials'));
}
} else {
echo $twig->render('login.html.twig', array('error' => 'Login is empty'));
}
} else {
echo $twig->render('login.html.twig');
}
}
}
function check_game($dbc, $Game = '')
{
$errors = array();
//Game Name validation, Gamename cannot be left empty, and must be between 4 and 40 characters in length
if (empty($Game)) {
$errors[] = "The game name field is empty.</br>";
} else {
if (strlen($Game) > 40) {
$errors[] = "The game name is too long, it must be between 3 and 40 characters in length. If longer than 40 characters, please either abbreviate or use an acronym.</br>";
} else {
if (strlen($Game) < 3) {
$errors[] = "The game is too short, it must be between 3 and 40 characters in length.</br>";
} else {
$G = mysqli_escape_string($dbc, trim($Game));
}
}
}
if (empty($errors)) {
$qGame = "INSERT INTO game (GameName) VALUES ('{$G}')";
$result = mysqli_query($dbc, $qGame);
if ($result) {
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
return array(true, $row);
} else {
$errors[] = "Insertion of the game could not complete, please try again.</br>";
}
}
return array(false, $errors);
}
function check_publisher($dbc, $Publisher = '')
{
$errors = array();
//publisher validation, the publisher cannot be left empty, and must be between 4 and 40 characters in length
if (empty($Publisher)) {
$errors[] = "The Publisher Field is Empty.</br>";
} else {
if (strlen($Publisher) > 40) {
$errors[] = "The Publishers name is too long, it must be between 3 and 40 characters in length. If longer than 40 characters, please either abbreviate or use an acronym.</br>";
} else {
if (strlen($Publisher) < 3) {
$errors[] = "The Publisher is too short, it must be between 3 and 40 characters in length.</br>";
} else {
$U = mysqli_escape_string($dbc, trim($Publisher));
}
}
}
if (empty($errors)) {
$qPub = "INSERT INTO publisher (Publisher) VALUES ('{$U}')";
$result = mysqli_query($dbc, $qPub);
if ($result) {
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
return array(true, $row);
} else {
$errors[] = "Insertion of the publisher could not complete, please try again.</br>";
}
}
return array(false, $errors);
}
public function addGroupAction($twig, $params)
{
if ($this->getRole() == 1 or $this->getRole() == 2 or $this->getRole() == 3) {
$name = mysqli_escape_string($this->dbConnect, $_POST['name']);
if (!empty($name)) {
$field = '';
if ($this->getRole() == 2 or $this->getRole() == 3) {
$field = ", parrent = {$this->user}";
}
$query = mysqli_query($this->dbConnect, "insert into groups set name = '{$name}' {$field}");
$rezz = mysqli_query($this->dbConnect, "SELECT last_insert_id()");
$lastId = mysqli_fetch_row($rezz);
foreach ($_POST['fid'] as $key => $val) {
if (empty($_POST['enabled'][$val])) {
$enabl = 1;
} else {
$enabl = 0;
}
$query = mysqli_query($this->dbConnect, "insert into prices set fid = '{$val}', parrent_group = '{$lastId[0]}', price = '{$_POST['price'][$val]}', enabled = '{$enabl}'");
}
if ($query) {
header("Location: /groups/");
}
} else {
header("Location: /groups/");
}
}
}
public function BuildQuery()
{
$csvfile = str_replace('\\', '/', tempnam(sys_get_temp_dir(), "mys") . ".csv");
$fp = fopen($csvfile, "w");
$value = '';
// Collect rows and build csv file contents
$index = 0;
foreach ($this->Rows as $row) {
$first_field = true;
$index++;
foreach ($this->FieldNames as $field_name) {
if (!$first_field) {
$value .= ';';
} else {
$first_field = false;
}
// Check that the current field name has been specified for this row
if (isset($row['columns'][$field_name])) {
$value .= '"' . mysqli_escape_string($this->Database, $row['columns'][$field_name]) . '"';
} else {
throw new RuntimeException("DbBufferedLoadFile : row #{$index} missing column '{$field_name}'.");
}
}
$value .= "\n";
}
fwrite($fp, $value);
fclose($fp);
// Build the query
$query = "\r\n\t\t\t\t\tLOAD DATA LOCAL INFILE '{$csvfile}'\r\n\t\t\t\t\tINTO TABLE {$this->TableName}\r\n\t\t\t\t\tFIELDS TERMINATED BY ';' \r\n\t\t\t\t\t\tOPTIONALLY ENCLOSED BY '\"'\r\n\t\t\t\t\t\tESCAPED BY '\"'\r\n\t\t\t\t\tLINES TERMINATED BY '\\n'\r\n\t\t\t\t ";
$query .= '(' . implode(',', $this->FieldNames) . ')';
// Remember the generated csv file for later cleaning
$this->CsvFile = $csvfile;
return $query;
}
public function insertignore($rows)
{
foreach ($rows as $key => $value) {
$f .= '`' . $key . '`, ';
$v .= "'" . mysqli_escape_string($this->_database, $value) . "', ";
}
return 'insert ignore into ' . $this->table_send . ' (' . rtrim($f, ', ') . ') values (' . rtrim($v, ', ') . ')';
}
public function __construct($table_name, $comment = '', $database = null, $recreate = false)
{
global $Database;
$this->Name = $table_name;
$this->Database = $database ? $database : $Database;
$this->Comment = mysqli_escape_string($this->Database, $comment);
$this->EnsureExists($recreate);
}
public function set($k, $v)
{
$k = $this->table . '.' . $k;
$this->del($k);
$query = "REPLACE INTO infosdb SET data_key = '{$k}', data_value = '" . mysqli_escape_string($this->db, serialize($v)) . "'";
$result = mysqli_query($this->db, $query);
return $this;
}
/**
* Handles quatation of the string variables from the query
* @param string $string
* @return string
*/
function addQuotes($string)
{
if (!is_numeric($string)) {
$connection = $this->_getConnection('master');
$string = mysqli_escape_string($connection, $string);
}
return $string;
}
function login($connection, $email, $senha)
{
$email = mysqli_escape_string($connection, $email);
$senhaMd5 = md5($senha);
$query = "SELECT * FROM Usuario WHERE email = '{$email}' AND senha = '{$senhaMd5}'";
$result = mysqli_query($connection, $query);
return mysqli_fetch_assoc($result);
}
public function getUserData($username)
{
$username = mysqli_escape_string($this->conn, $username);
$query = "SELECT Username,Password FROM member WHERE Username = '******'";
$result = $this->conn->query($query);
$row = $result->fetch_array(MYSQLI_ASSOC);
return isset($row) ? array("username" => $row['Username'], "password" => $row['Password']) : null;
}
function buscaUsuario($conexao, $email, $senha)
{
$senhamd5 = md5($senha);
$email = mysqli_escape_string($conexao, $email);
$query = "select * from usuarios where email='{$email}' and senha='{$senhamd5}'";
$resultado = mysqli_query($conexao, $query);
return mysqli_fetch_assoc($resultado);
}
public function executeWithArgs($sql, $vars)
{
foreach ($vars as $identifier => $value) {
// Components::getInstance()->get('logger')->log('$identifier', $identifier);
$sql = str_replace(':' . $identifier, mysqli_escape_string($this->connection, $value), $sql);
}
// Components::getInstance()->get('logger')->log('$sql', $sql);
$this->executeNoArgs($sql);
}
function insereProduto($conexao, $nome, $preco, $descricao, $categoria_id, $usado)
{
$nome = mysqli_escape_string($conexao, $nome);
$preco = mysqli_escape_string($conexao, $preco);
$descricao = mysqli_escape_string($conexao, $descricao);
$query = "INSERT INTO produtos (nome, preco, descricao, categoria_id, usado) values ('{$nome}','{$preco}', '{$descricao}', '{$categoria_id}','{$usado}')";
$resultadoDaInsercao = mysqli_query($conexao, $query);
return $resultadoDaInsercao;
}
public function quote($string)
{
if (function_exists('mysqli_real_escape_string')) {
$string = mysqli_real_escape_string($this->getLink(), $string);
} elseif (function_exists('mysqli_escape_string')) {
$string = mysqli_escape_string($string);
}
return '"' . addslashes($string) . '"';
}
function SQL_escape_string($arr)
{
// pas bonnnnn car ne sert à rien !
if (function_exists("mysqli_real_escape_string")) {
@mysqli_real_escape_string($arr);
} elseif (function_exists("mysqli_escape_string")) {
@mysqli_escape_string($arr);
}
return $arr;
}
function escape($string)
{
return addslashes($string);
// Disable rest for now, causing problems
if (!$this->dbh || version_compare(phpversion(), '4.3.0') == '-1') {
return mysqli_escape_string($string);
} else {
return mysqli_real_escape_string($string, $this->dbh);
}
}
public function db_update($table, $where, $data = array())
{
$sql_tmp = '';
foreach ($data as $key => $val) {
$sql_tmp .= $key . '=' . '\'' . mysqli_escape_string($conn, $val) . '\',';
}
$sql = 'UPDATE ' . $table . ' SET ' . trim($sql_tmp, ',') . ' WHERE ' . $where;
$result = $this->Get_query($sql);
return $result;
}
function SQL_escape_string($arr)
{
// pas bonnnnn car ne sert à rien ! de plus la fonction DOIT avoir deux arguments !!
if (function_exists("mysqli_real_escape_string")) {
@mysqli_real_escape_string($arr);
} elseif (function_exists("mysqli_escape_string")) {
@mysqli_escape_string($arr);
}
return $arr;
}
public function escape($sql)
{
if (function_exists('mysqli_real_escape_string')) {
return mysqli_real_escape_string($this->connection, $sql);
} elseif (function_exists('mysqli_escape_string')) {
return mysqli_escape_string($this->connection, $sql);
} else {
return addslashes($sql);
}
}
function escape_data($data, $c = NULL)
{
if (function_exists('mysqli_real_escape_string')) {
$data = mysqli_real_escape_string($c, trim($data));
$data = strip_tags($data);
} else {
$data = mysqli_escape_string(trim($data));
$data = strip_tags($data);
}
return $data;
}
/**
* Handles quatation of the string variables from the query
* @param string $string
* @return string
*/
function addQuotes($string)
{
if (version_compare(PHP_VERSION, "5.4.0", "<") && get_magic_quotes_gpc()) {
$string = stripslashes(str_replace("\\", "\\\\", $string));
}
if (!is_numeric($string)) {
$connection = $this->_getConnection('master');
$string = mysqli_escape_string($connection, $string);
}
return $string;
}
public static function addContact($formData)
{
$link = UserUtility::getDefaultConnection();
$name = mysqli_escape_string($link, $formData['myname']);
$email_address = mysqli_escape_string($link, $formData['myemail']);
$subject = mysqli_escape_string($link, $formData['subject']);
$comment = mysqli_escape_string($link, $formData['mycomments']);
$query = "insert into contact set name = '{$name}'," . " email='{$email_address}'," . " subject='{$subject}'," . " comment='{$comment}'";
$ok = mysqli_query($link, $query);
return $ok;
}
function getAllAlbums($connection)
{
$user = $_SESSION['user'];
$sql = "select a.id, a.key, a.stickercount, au.iduser from album a left outer join albumuser au on a.id=au.idalbum and au.iduser="******" order by iduser asc";
$sql_result = mysqli_query($connection, $sql) or exit("Sql Error" . mysqli_error($connection));
$albumInfos = array();
while ($sql_row = mysqli_fetch_array($sql_result)) {
$albumInfos[] = array('albumId' => $sql_row[0], 'albumKey' => $sql_row[1], 'albumStickerCount' => $sql_row[2], 'userid' => $sql_row[3]);
}
return $albumInfos;
}
function escape_data($data)
{
if (function_exists('mysqli_real_escape_string')) {
global $dbc;
$data = mysqli_real_escape_string($dbc, trim($data));
$data = strip_tags($data);
} else {
$data = mysqli_escape_string($trim($data));
$data = strip_tags($data);
}
return $data;
}
function insertNote($conn)
{
if (isset($_POST["note"]) and $_POST["note"] != "") {
$note = mysqli_escape_string($conn, $_POST["note"]);
$noteNoQuery = mysqli_query($conn, "SELECT MAX(noteNo) FROM notes;");
// note number is maximum note number plus one
$noteNoResult = mysqli_fetch_row($noteNoQuery);
$noteNo = $noteNoResult[0] + 1;
//echo "<p> {$noteNo} </p>" ;
$insertQuery = "INSERT INTO notes VALUES(\n '{$note}',\n '{$noteNo}'\n ); ";
$insertData = mysqli_query($conn, $insertQuery);
}
}
function set_login_cookie($id)
{
$plain = $id . "" . microtime();
$token = crypt($plain, ESCARGOT_SALT);
$safe_id = mysqli_escape_string(db(), $id);
$safe_token = mysqli_escape_string(db(), $token);
$sql = <<<RGDM
insert into login_cookie (user_id, token) values ({$safe_id}, '{$safe_token}');
RGDM;
$rs = mysqli_query(db(), $sql);
diesql($rs, $sql);
setcookie("LoginCookie", $token, time() + 10 * 365 * 24 * 60 * 60);
}
function updateNote($conn, $noteNo)
{
if (isset($_POST["note"]) and $_POST["note"] != "" and (isset($_POST["noteNo"]) and $_POST["noteNo"] != "" and ctype_digit($_POST["noteNo"]))) {
$noteNo = $_POST["noteNo"];
$note = mysqli_escape_string($conn, $_POST["note"]);
if ($noteQuery = mysqli_query($conn, "UPDATE `notes` SET note='{$note}' WHERE noteNo={$noteNo}")) {
echo "ok";
} else {
echo "failed - updating";
}
} else {
echo "failed - validation";
}
}