public static function getProductById($id, $lang)
{
$res = DB::doQuery("SELECT t.title, t.description, t.pid, p.price FROM translation t INNER JOIN product p ON t.pid = p.id WHERE p.id = '{$id}' AND t.langcode = '{$lang}'");
if ($res) {
$prod = $res->fetch_assoc();
}
return $prod;
}
public static function deleteCourse($id)
{
$sql = sprintf("DELETE FROM course\n WHERE course_id = '%d'", $id);
$res = DB::doQuery($sql);
if (!isset($res) || $res == null) {
return false;
}
return true;
}
public static function create($name, $pw)
{
$name = DB::getInstance()->escape_string($name);
$res = DB::doQuery("SELECT * FROM users WHERE name = '{$name}'");
if ($res->num_rows == 0) {
$pw = DB::getInstance()->escape_string($pw);
$pw = password_hash($pw, PASSWORD_DEFAULT);
DB::doQuery("INSERT INTO users (name, pw) VALUES ('{$name}', '{$pw}')");
return true;
}
return false;
}
public static function getOptionsByProduct($productId)
{
$langCode = $_COOKIE['lang'];
$options = array();
$res = DB::doQuery("SELECT o.options_id AS id, o.opt_values AS 'values' , o.name AS name, o.prices AS prices FROM options o \r\n\t\tWHERE o.lang_code = '{$langCode}' AND o.options_id IN (SELECT p.option_id FROM prod_opt p WHERE p.prod_id = '{$productId}')");
if ($res) {
while ($option = $res->fetch_object(get_class())) {
$option->setValues(explode("|", $option->getValues()));
$option->setPrices(explode("|", $option->getPrices()));
$options[] = $option;
}
}
return $options;
}
public static function checkLogin($email, $password)
{
$sql = sprintf("SELECT * FROM user WHERE email='%s'", $email);
$res = DB::doQuery($sql);
if ($res == null || $res->num_rows == 0) {
return false;
}
$row = $res->fetch_assoc();
$hash = $row['pwd_hash'];
$salt = $row['pwd_salt'];
if (self::getHash($password, $salt) === $hash) {
return true;
} else {
return false;
}
}
public static function getProductsbyCat($cat, $orderBy = "id")
{
$lang_code = $_COOKIE['lang'];
$orderByStr = '';
if (in_array($orderBy, ['id', 'price', 'name', 'description'])) {
$orderByStr = " ORDER BY {$orderBy}";
}
$products = array();
$res = DB::doQuery("SELECT p.*, l.name AS 'name', l.description AS 'description' FROM products p LEFT OUTER JOIN products_lang l ON p.id = l.product_id WHERE p.category = '{$cat}' AND l.lang_code = '{$lang_code}' {$orderByStr}");
if ($res) {
while ($product = $res->fetch_object(get_class())) {
$products[] = $product;
}
}
return $products;
}
public static function parseArguments($argv)
{
$mapinfo = Env::get('mapinfo');
$cache = false;
$args = self::arguments($argv);
if (isset($args['game'])) {
if (!isset($mapinfo[$args['game']])) {
show::Event("ERROR", "Game: " . $args['game'] . " doesn't exists, escaping", 1);
exit;
}
if (isset($args['map'])) {
if (!isset($mapinfo[$args['game']][$args['map']])) {
show::Event("ERROR", "Game: " . $args['game'] . " Map: " . $args['map'] . " doesn't exists, escaping", 1);
exit;
}
$tmp[$args['game']][$args['map']] = $mapinfo[$args['game']][$args['map']];
show::Event("ARGS", "--game=" . $args['game'], 2);
show::Event("ARGS", "--map=" . $args['map'], 2);
} else {
$tmp[$args['game']] = $mapinfo[$args['game']];
show::Event("ARGS", "--game=" . $args['game'], 2);
}
} else {
$visible = '';
$query = "SELECT code FROM hlstats_Games WHERE hidden='0'";
$result = DB::doQuery($query);
if (DB::numRows($result)) {
while ($row = DB::getAssoc($result)) {
foreach ($row as $key => $val) {
if (isset($mapinfo[$val])) {
$visible .= "{$val}, ";
$tmp[$val] = $mapinfo[$val];
}
}
}
}
show::Event("GAMES", substr($visible, 0, -2), 2);
}
if (isset($tmp)) {
$mapinfo = $tmp;
}
if (isset($args['disablecache'])) {
$cache = true;
show::Event("ARGS", "--disable-cache=true", 2);
} else {
$cache = false;
show::Event("ARGS", "--disable-cache=false", 2);
}
if (isset($args['ignoreinfected'])) {
$ignore_infected = true;
show::Event("ARGS", "--ignore-infected=true", 2);
} else {
$ignore_infected = false;
show::Event("ARGS", "--ignore-infected=false", 2);
}
Env::set('mapinfo', $mapinfo);
Env::set('disable_cache', $cache);
Env::set('ignore_infected', $ignore_infected);
}
<?php
require_once '../autoloader.php';
if (isset($_POST['btn-login'])) {
$username = DB::getInstance()->real_escape_string(trim($_POST['user_name']));
$upass = DB::getInstance()->real_escape_string(trim($_POST['password']));
$query = DB::doQuery("SELECT * FROM admin WHERE admin_name='{$username}'");
$row = $query->fetch_array();
if (password_verify($upass, $row['password'])) {
$_SESSION['admin'] = $row['id'];
$_SESSION['adminlogged'] = true;
header("Location: index.php");
} else {
$msg = "fail";
}
}
?>
<!DOCTYPE html>
<html>
<body>
<div>
<div>
<form method="post">
<h2>Admin Login</h2>
<?php
if (isset($msg)) {
echo $msg;
/**
* Realizar una consulta y devolver el resultado sin datos
*
* @param $query string La consulta a realizar
* @param $querySource string La función orígen de la consulta
* @param array $data Los valores de los parámetros de la consulta
* @param $getRawData bool Si se deben de obtener los datos como PDOStatement
* @return bool
*/
public static function getQuery($query, $querySource, array &$data = null, $getRawData = false)
{
if (empty($query)) {
return false;
}
try {
$db = new DB();
$db->_querySource = $querySource;
$db->_stData = $data;
$db->doQuery($query, $querySource, $getRawData);
DB::$lastNumRows = $db->_numRows;
} catch (SPException $e) {
self::logDBException($query, $e->getMessage(), $e->getCode(), $querySource);
self::$txtError = $e->getMessage();
self::$numError = $e->getCode();
return false;
}
return true;
}
public static function update($id, $question, $answerEN, $answerDE)
{
$sql = "UPDATE exercise SET question='" . $question . "', answer_en='" . $answerEN . "', answer_de='" . $answerDE . "' WHERE exercise_id={$id}";
$res = DB::doQuery($sql);
if (!isset($res) || $res == null) {
return false;
}
return true;
}
public static function deleteUser($email)
{
$sql = "DELETE FROM user WHERE email = '{$email}'";
$res = DB::doQuery($sql);
return $res != null;
}
<?php
include_once 'autoloader.php';
include "includes/common.php";
if (isset($_SESSION['userSession']) != "") {
header("Location: index.php");
exit;
}
if (isset($_POST['btn-login'])) {
$username = DB::getInstance()->real_escape_string(trim($_POST['user_name']));
$upass = DB::getInstance()->real_escape_string(trim($_POST['password']));
$query = DB::doQuery("SELECT * FROM users WHERE username='******'");
$row = $query->fetch_array();
if (password_verify($upass, $row['password'])) {
$_SESSION['userSession'] = $row['user_id'];
$_SESSION['logged'] = true;
header("Location: index.php");
} else {
$msg = $lang['LOG_ALERT'];
}
}
include "includes/header.php";
?>
<div class="signin-form">
<div class="container">
<form class="form-signin" method="post" id="login-form">
<h2 class="form-signin-heading"><?php
public static function clearHistoryTasks($params)
{
if (isset($params) && isset($params['clearWhat'])) {
if ($params['clearWhat'] == 'uncomplete') {
$accessUsers = " ";
setHook('historyHTML', $accessUsers);
$historyData = DB::getArray("?:history", "historyID", "status NOT IN ('completed','error','netError') AND " . $accessUsers . " showUser = '******' ");
$error = 'task_cleared';
$errorMsg = 'Task cleared by user';
if (!empty($historyData) && is_array($historyData)) {
foreach ($historyData as $key => $history) {
updateHistory(array("status" => "error", "error" => $error, 'userIDCleared' => $GLOBALS['userID']), $history['historyID'], array("status" => "error", "errorMsg" => $errorMsg));
}
}
} elseif ($params['clearWhat'] == 'searchList') {
$where = "showUser='******'";
if (!empty($params['dates'])) {
$dates = explode('-', $params['dates']);
$fromDate = strtotime(trim($dates[0]));
$toDate = strtotime(trim($dates[1]));
if (!empty($fromDate) && !empty($toDate) && $fromDate != -1 && $toDate != -1) {
$toDate += 86399;
$where .= " AND microtimeAdded >= " . $fromDate . " AND microtimeAdded <= " . $toDate . " ";
}
}
$getKeyword = "";
if (!empty($params['getKeyword'])) {
$keyword = "'" . implode("','", explode(',', $params['getKeyword'])) . "'";
$getKeyword = " AND type IN (" . $keyword . ") ";
}
if (!empty($params['userID'])) {
$where .= " AND userID = '" . $params['userID'] . "' ";
}
$where2 = " ";
if (empty($params['searchByUser'])) {
setHook('historyHTML', $where2);
}
if (trim($where2 . $where . $getKeyword) != "showUser='******'") {
$historyIDs = DB::getFields("?:history", "historyID", $where2 . $where . $getKeyword);
self::clearHistoryByIDs($historyIDs);
// $historyIDs = implode("','", $historyIDs);
// DB::delete("?:history", "historyID IN ('".$historyIDs."')");
// DB::delete("?:history_additional_data", "historyID IN ('".$historyIDs."')");
// DB::delete("?:history_raw_details", "historyID IN ('".$historyIDs."')");
} else {
DB::delete("?:history", "1");
DB::delete("?:history_additional_data", "1");
DB::delete("?:history_raw_details", "1");
DB::doQuery("OPTIMIZE TABLE `?:history`");
DB::doQuery("OPTIMIZE TABLE `?:history_additional_data`");
DB::doQuery("OPTIMIZE TABLE `?:history_raw_details`");
}
} elseif ($params['clearWhat'] == 'autoDeleteLog') {
if (!empty($params['time'])) {
$where = " microtimeAdded <= '" . $params['time'] . "' ";
$accessUsers = " ";
setHook('historyHTML', $accessUsers);
if ($accessUsers != " ") {
$accessUsers = " AND " . $accessUsers;
}
$historyIDs = DB::getFields("?:history", "historyID", $where . $accessUsers);
self::clearHistoryByIDs($historyIDs);
// if(!empty($historyIDs)){
// $historyIDs = implode("','", $historyIDs);
// DB::delete("?:history", "historyID IN ('".$historyIDs."')");
// DB::delete("?:history_additional_data", "historyID IN ('".$historyIDs."')");
// DB::delete("?:history_raw_details", "historyID IN ('".$historyIDs."')");
// DB::doQuery("OPTIMIZE TABLE `?:history`");
// DB::doQuery("OPTIMIZE TABLE `?:history_additional_data`");
// DB::doQuery("OPTIMIZE TABLE `?:history_raw_details`");
// }
if (!empty($params['LastAutoDeleteLogTime'])) {
$now = $params['LastAutoDeleteLogTime'];
} else {
$now = time();
}
updateOption('LastAutoDeleteLogTime', $now);
}
} elseif ($params['clearWhat'] == 'singleAct') {
if (!empty($params['actionID'])) {
$historyIDs = DB::getFields("?:history", "historyID", "actionID='" . $params['actionID'] . "'");
self::clearHistoryByIDs($historyIDs);
}
}
}
}
public static function save($client)
{
if ($client->isBot()) {
// bot client
$sql = "INSERT INTO client_connections (session_id, ip_address, http_user_agent, is_bot) VALUES ('" . $client->getSessionId() . "', '" . $client->getIpAddressLong() . "', '" . $client->getUserAgentPlain() . "', TRUE)";
} else {
// normal client
$clientInfo = $client->getClientInfo();
$osInfo = $client->getOsInfo();
$deviceInfo = $client->getDeviceInfo();
$sql = "INSERT INTO client_connections (session_id, ip_address, country, region, city, latitude, longitude, http_user_agent, is_bot, client_type, client_name, client_version, client_engine, os_name, os_version, device_type, device_brand, device_model) VALUES ('" . $client->getSessionId() . "', '" . $client->getIpAddress() . "', '" . $client->getCountry() . "', '" . $client->getRegion() . "', '" . $client->getCity() . "', '" . $client->getLatitude() . "', '" . $client->getLongitude() . "', '" . $client->getUserAgentPlain() . "', FALSE, '" . $clientInfo['type'] . "', '" . $clientInfo['name'] . "', '" . $clientInfo['version'] . "', '" . $clientInfo['engine'] . "', '" . $osInfo['name'] . "', '" . $osInfo['version'] . "', '" . $deviceInfo['type'] . "', '" . $deviceInfo['brand'] . "', '" . $deviceInfo['model'] . "')";
}
$res = DB::doQuery($sql);
return isset($res) && $res !== null;
}
include "includes/header.php";
if (isset($_POST['btn-signup'])) {
$uname = DB::getInstance()->real_escape_string(trim($_POST['user_name']));
$email = DB::getInstance()->real_escape_string(trim($_POST['user_email']));
$upass = DB::getInstance()->real_escape_string(trim($_POST['password']));
$cupass = DB::getInstance()->real_escape_string(trim($_POST['con_password']));
if ($upass == $cupass) {
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$check_email = DB::doQuery("SELECT email FROM users WHERE email='{$email}'");
$check_usern = DB::doQuery("SELECT username FROM users WHERE username='******'");
$count = $check_email->num_rows;
$countusern = $check_usern->num_rows;
if ($count == 0) {
if ($countusern == 0) {
$query = "INSERT INTO users(username,email,password) VALUES('{$uname}','{$email}','{$new_password}')";
if (DB::doQuery($query)) {
$msg = $lang['ALERT_OK'];
echo "<script type='text/javascript'> swal(\"Wuhuu!\", \"{$msg}\", \"success\");</script>";
} else {
$msg = $lang['ALERT_ERR'];
echo "<script type='text/javascript'> swal(\"Uups!\", \"{$msg}\", \"error\");</script>";
}
} else {
$msg = $lang['ALERT_USER'];
echo "<script type='text/javascript'> swal(\"Uups!\", \"{$msg}\", \"error\");</script>";
}
} else {
$msg = $lang['ALERT_EMAIL'];
echo "<script type='text/javascript'> swal(\"Hmm\", \"{$msg}\", \"error\");</script>";
}
} else {
<?php
require_once 'autoloader.php';
if (isset($_SESSION['userSession'])) {
$userSess = $_SESSION['userSession'];
$user = DB::doQuery("SELECT username FROM users WHERE user_id = '{$userSess}'");
if ($user) {
$username = $user->fetch_assoc();
}
}
if (!isset($_SESSION["cart"])) {
$_SESSION["cart"] = new Cart();
}
$cart = $_SESSION['cart'];
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Lu's Cakes</title>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
<script src="/js/sweetalert.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
<link type="text/css" rel="stylesheet" href="/styles/stylesheet.css">
<link rel="stylesheet" type="text/css" href="/styles/sweetalert.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css">
<link href="favicon.ico" rel="icon" type="image/x-icon" />
</head>
<body>
<header>
<?php
require_once '../autoloader.php';
if (isset($_POST['pid'])) {
$pid = $_POST['pid'];
$title = $_POST['title'];
$description = $_POST['description'];
$langcode = $_POST['langcode'];
$price = $_POST['price'];
DB::doQuery("UPDATE translation SET title='{$title}', description='{$description}' WHERE pid='{$pid}' AND langcode='{$langcode}'");
DB::doQuery("UPDATE product SET price='{$price}' WHERE id='{$pid}'");
header("Location: update.php");
}
<?php
require_once 'autoloader.php';
if (isset($_POST['fname'])) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$street = $_POST['street'];
$nr = $_POST['nr'];
$zip = $_POST['zip'];
$city = $_POST['city'];
$ordertext = $_POST['ordertext'];
DB::doQuery("INSERT INTO cakeorder (fname, lastname, email, street, houseNr, zip, city, cakeorder) VALUES ('{$fname}', '{$lname}', '{$email}', '{$street}', '{$nr}', '{$zip}', '{$city}', '{$ordertext}')");
}
function checkRawHistoryAndDelete()
{
$currentTime = mktime(0, 0, 0, date("n"), date("j"), date("Y"));
$nextSchedule = getOption('deleteRawHistoryNextSchedule');
if ($currentTime > $nextSchedule) {
$nextSchedule = $currentTime + 86400;
$thirtyDaysAgo = $currentTime - 30 * 86400;
$sql = "DELETE HRD FROM `?:history_raw_details` AS HRD INNER JOIN `?:history` AS H ON HRD.historyID = H.historyID WHERE H.microtimeAdded < '" . $thirtyDaysAgo . "'";
$isDeleted = DB::doQuery($sql);
if ($isDeleted) {
updateOption('deleteRawHistoryNextSchedule', $nextSchedule);
}
DB::doQuery("OPTIMIZE TABLE `?:history_raw_details`");
}
}
public static function deleteLesson($id)
{
$sql = sprintf("DELETE FROM lesson\n WHERE lesson_id = '%d'", $id);
$res = DB::doQuery($sql);
if (!isset($res) || $res == null) {
return false;
}
return true;
}
