<?php if ($logged_in) { $dao = new DAO(false); if (isset($_GET["cohort_id"])) { $cohort_request = $dao->escape($_GET["cohort_id"]); if ($cohort_request == $user->cohort_id) { $dao->myquery("SELECT cohort_id,cohort.group_id,group_name,cohort_start,course.course_name,university.university_name FROM cohort \n\t\t\t\t\tJOIN course ON cohort.course_id=course.course_id \n\t\t\t\t\tJOIN university ON university.university_id=course.university_id\n\t\t\t\t\tJOIN user_group ON cohort.group_id=user_group.group_id WHERE cohort_id=\"{$cohort_request}\";"); $row = $dao->fetch_one_obj(); if ($dao->fetch_num_rows() > 0) { //It exists $selected_group = new stdClass(); $selected_group->cohort_id = $row->cohort_id; $selected_group->course_name = $row->course_name; $selected_group->university_name = $row->university_name; $selected_group->group_id = $row->group_id; $selected_group->group_name = $row->course_name . " at " . $row->university_name . " " . date("Y", strtotime($row->cohort_start)); $selected_group->can_be_added_to = false; $d = new DateTime($row->cohort_start); $selected_group->cohort_start = $d->format('jS F Y'); $selected_group->posting_enabled = $selected_group->cohort_id == $user->cohort_id; $_SESSION["selected_group"] = $selected_group; unset($_SESSION["selected_user"]); } } else { redirect("../"); } } }
/** * Select all objects from the database where the WHERE clause is entirely true. * Every argument will match a value in a column in the database. * @param DAO $dao a reference to a instance of DAO * @param string $table the name of the table of the objects * @param array $keys the associative array naming the properties of these objects for selection * @param array $where the associative array describing the properties of these objects (used in the WHERE clause) * @return array An array of DataObject instances with the variables specified in $assoc which can * be committed to the table $table. */ static function select_all($dao, $table, $keys, $where) { $obj = new DataObject(); $obj->table = $table; $obj->dao = $dao; //Reference to the dao stored $obj->update = true; //This will be updated on commit $objects = array(); $query_where = $obj->key_values($where); $query_part = implode(",", $keys); $query = "SELECT " . $query_part . " FROM " . $table . " WHERE " . implode(" AND ", $query_where) . " ORDER BY " . $keys[0] . " DESC;"; $dao->myquery($query); $query_objects = $dao->fetch_all_part($keys); //determine primary key and value $dao->myquery("SHOW index FROM {$obj->table} where Key_name = 'PRIMARY';"); // var_dump($dao->fetch_one_obj()); $obj->primary_key = $dao->fetch_one_obj()->Column_name; foreach ($query_objects as $query_obj) { $new_obj = clone $obj; //Copy the default obj foreach ($keys as $key) { $new_obj->{$key} = $query_obj[$key]; } $new_obj->primary_id = $new_obj->{$new_obj->primary_key}; $objects[] = $new_obj; } return $objects; }
<!DOCTYPE> <html><head><style>*{font-family: Arial,sans-serif}</style></head><body> <?php include "../script/util/mysql.php"; include "../script/util/redirect.php"; if (isset($_POST["user_email"])) { include "../script/mail/send.php"; $dao = new DAO(false); $user_email = $dao->escape($_POST["user_email"]); $query = "SELECT user_email,user_id,user_name FROM user WHERE user_email=\"{$user_email}\";"; $dao->myquery($query); if ($dao->fetch_num_rows() == 1) { //Store intent to reset in the database with a checksum as the old password? $user = $dao->fetch_one_obj(); $names = explode(" ", $user->user_name); if (count($names) == 0) { $user_first_name = $user->user_name; } else { $user_first_name = $names[0]; } $conf_rnd = md5("lsdfuh.uh3" . rand(0, 10000000) . "g.adugi213y"); $query = "INSERT INTO reset_request VALUES (NULL,\"{$user->user_id}\",\"{$conf_rnd}\")" . "ON DUPLICATE KEY UPDATE conf_rnd=\"{$conf_rnd}\";"; $dao->myquery($query); $body = "<p>Hello {$user_first_name},</p>" . "<p>It appears you are having trouble remembering your password for Unify. " . "As such, someone (hopefully you) has requested that you reset your password. " . "If you have no idea what's going on, feel free to take no further action, " . "it's possible someone entered your email by mistake or is dillberately trying to " . "confuse you. However, if you really do want to reset your password, click the " . "link below!</p>" . "<p><a href=\"http://unify.lukebarnard.co.uk/reset-password/confirm.php?user_id={$user->user_id}&conf_rnd={$conf_rnd}\">RESET YOUR PASSWORD</a></p>" . "<p>Best Wishes,<br>" . "The Unify Team</p>"; if (mail_message($user_email, "Password Reset", $body)) { echo "A message has been sent to your email account. When you get the email, click on the link it contains and you will be taken to a page where you can reset your password. "; } else { echo "Something has gone wrong when trying to email you. <a href=\".\">Try again?</a>"; } } else { echo "Your email could not be found in our database. Perhaps you made a mistake when typing it? <a href=\".\">Try again?</a>";