function booleanReturn($query) { if (preparedStatement($query)) { return true; } else { return false; } }
function addUser($username, $password) { // insert into users $query = "insert into `users` (`name`) values (\"{$username}\") "; if (preparedStatement($query)) { // get new user id $userId = getUserId($username); // hash password // insert into pass $query = "insert into `pass` (`user`, `word`) "; $query .= "values (" . $userId . ",\"" . $password . "\")"; // return true or false return booleanReturn($query); } else { // something went wrong // delete user name from db? return false; } }
if (empty($studentName)) { returnError($output, 'Invalid student name'); } $studentCourse = filter_var($_POST['course'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => '/[\\w -]+$/']]); if (empty($studentCourse)) { returnError($output, 'Invalid course'); } $studentGrade = filter_var($_POST['grade'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => '/^(?:100(?:\\.(?:0))?|[0-9]{1,2}(?:\\.(?:[0-9])?)?)$/']]); if (empty($studentGrade)) { returnError($output, 'Invalid student grade'); } // Get rows from database that match api_key $response = preparedStatement($conn, 'SELECT id, insert_own FROM user_table WHERE api_key=(?)', ['s', $apiKey], ['userId', 'insertOwn']); if (empty($response['success'])) { returnError($output, $response['error_msg']); } // If set of rows returned is empty or no insert permissions, throw access denied error if (empty($response['data'][0]['insertOwn'])) { returnError($output, 'Access Denied'); } // Else get all available grades from the database $response = preparedStatement($conn, 'INSERT INTO grade_table(grade, student_name, course_name, user_id) VALUES ((?), (?), (?), (?))', ['sssi', $studentGrade, $studentName, $studentCourse, $response['data'][0]['userId']], []); if (!empty($response['error_msg'])) { returnError($output, $response['error_msg']); } foreach ($response as $key => $value) { $output[$key] = $value; } // Output to client $output['success'] = true; print json_encode($output);
function updateContact($user) { $userContactId = $_POST["sid"]; $fname = $_POST["fname"]; $lname = $_POST["lname"]; $email = $_POST["email"]; $phone = $_POST["phone"]; $facebook = $_POST["facebook"]; $linkedin = $_POST["linkedin"]; $github = $_POST["github"]; // check if other users are tracking this contact, safe to update if not $contactId = getContactIdFromUserContactId($userContactId); $trackers = countUsersTrackingContactId($contactId); // if other users are tracking this contact, need to make a new contact if ($trackers < 2) { // safe to update contact $query = "update contacts "; $query .= "set fname = \"{$fname}\", "; $query .= " lname = \"{$lname}\", "; $query .= " email = \"{$email}\", "; $query .= " phone = \"{$phone}\", "; $query .= " facebook = \"{$facebook}\", "; $query .= " linkedin = \"{$linkedin}\", "; $query .= " github = \"{$github}\" "; $query .= "where id = {$contactId}"; if (preparedStatement($query) !== true) { return "error updating contact {$contactId} from uc {$userContactId} {$trackers}"; } else { return true; } } else { // remove old connection if (removeUserContact($user, $userContactId) !== true) { return "error removing user contact "; } // add new contact if (addContact($fname, $lname, $email, $phone, $facebook, $linkedin, $github) !== true) { return "error adding new contact "; } $contactId = getContactIdFromValues($fname, $lname, $email, $phone, $facebook, $linkedin, $github); // connect new contact if (addUserContact($user, $contactId) !== true) { return "error adding new user contact"; } else { return true; } } }
<?php if (empty($INTERNAL_LOAD) || $INTERNAL_LOAD !== true) { http_response_code(403); exit; } // Get rows from database that match api_key $response = preparedStatement($conn, 'SELECT id, read_own, read_all FROM user_table WHERE api_key=(?)', ['s', $apiKey], ['userId', 'readOwn', 'readAll']); if (!empty($response['error_msg'])) { returnError($output, $response['error_msg']); } // If set of rows returned is empty or no read permissions, throw access denied error if (empty($response['data'][0]['readOwn'])) { returnError($output, 'Access Denied'); } // If read permissions are limited to self, only query own entries if (empty($response['data'][0]['readAll'])) { $response = preparedStatement($conn, 'SELECT course_name, grade, id, student_name FROM grade_table WHERE user_id=(?)', ['i', $response['data'][0]['userId']], ['course', 'grade', 'id', 'name']); } else { // Else get all available grades from the database $response = preparedStatement($conn, 'SELECT course_name, grade, id, student_name FROM grade_table', [], ['course', 'grade', 'id', 'name']); } if (empty($response['success'])) { returnError($output, $response['error_msg']); } foreach ($response as $key => $value) { $output[$key] = $value; } // Output to client $output['success'] = true; print json_encode($output);