public function add($releaseId, $releaseType, $searchTerm, $releaseTitle, $releaseYear, $artistName) { $userId = UsersController::getUserIdByHash(); DB::insert('INSERT INTO ' . T_SAVED_ALBUMS . ' (user_id, id, type, search_term, title, year, artist_name) VALUES (?, ?, ?, ?, ?, ?, ?)', [$userId, $releaseId, $releaseType, $searchTerm, $releaseTitle, $releaseYear, $artistName]); return DB::getPDO()->lastInsertId(); }
public function __construct($db = false) { if (!$db) { $this->db = \DB::getPDO(); } else { $this->db = $db; } }
public function __construct() { //get a persistent database connection $this->db = \DB::getPDO(); // set our custom session functions. session_set_save_handler(array($this, 'open'), array($this, 'close'), array($this, 'read'), array($this, 'write'), array($this, 'destroy'), array($this, 'gc')); // This line prevents unexpected effects when using objects as save handlers. register_shutdown_function('session_write_close'); }
public static function insert($options) { if (CODO_DEBUG) { //file_put_contents('logs/file.log', $options['message'], FILE_APPEND | LOCK_EX); $db = \DB::getPDO(); $qry = 'INSERT INTO codo_logs (uid,log_type,message,severity,trace,log_time) ' . 'VALUES(:uid,:log_type,:message,:severity,:trace,:log_time)'; $stmt = $db->prepare($qry); $stmt->execute($options); } }
function get_roles() { $db = \DB::getPDO(); $query = "SELECT * FROM " . PREFIX . "codo_roles"; $res = $db->query($query); $roles = $res->fetchAll(); $sroles = array(); foreach ($roles as $role) { $sroles[$role['rid']] = $role['rname']; } return $sroles; }
public function connect_db() { $localPDO = \DB::getPDO(); $capsule = new Capsule(); $capsule->addConnection($this->_DB, 'remote'); $connection = $capsule->getConnection('remote'); $remotePDO = $connection->getPdo(); $class = '\\CODOF\\Importer\\Drivers\\' . $this->importer; $this->fetch = new $class($remotePDO); $this->connected = true; //\CODOF\DB::$connected ? true : false; $this->fetch->max_rows = $this->max_rows; $this->fetch->set_prefix($this->_DB['prefix']); $this->im = new Import($localPDO, $this->fetch); }
public function showRepliesQueue() { $mod = new \CODOF\Forum\Moderation(\DB::getPDO()); $topics = $mod->getReplies(); $this->smarty->assign('mod_queue', \CODOF\HB\Render::tpl('moderation/queue', array("topics" => $topics))); $num_topics = $mod->getNumTopics(); $num_replies = $mod->getNumReplies(); if ($num_replies === 0) { $this->smarty->assign('present', false); } else { $this->smarty->assign('present', true); } $this->smarty->assign('num_topics', $num_topics ? $num_topics : '0 '); $this->smarty->assign('num_replies', $num_replies ? $num_replies : '0 '); $this->css_files = array('moderation'); $this->smarty->assign('tab_option', 'replies'); $this->smarty->assign('reply_head', 'codo_active_head_item'); $this->smarty->assign('topic_head', ''); $this->view = 'moderation/moderation'; \CODOF\Store::set('sub_title', _t('Moderation queue')); }
if (\CODOF\Access\Request::valid($_POST['token'])) { //$id = $_POST['uid']; $user = $_POST['sso']; $posted_token = $user['token']; $secret = CODOF\Util::get_opt('sso_secret'); if (!empty($user)) { unset($user['token']); $sso_token = md5(urlencode(json_encode($user)) . $secret . $_POST['timestamp']); } $username = $user['name']; $mail = $user['mail']; if ($sso_token != $posted_token) { echo 'error'; exit; } $db = DB::getPDO(); if (!CODOF\User\User::mailExists($mail)) { //this user does not have an account in codoforum $reg = new \CODOF\User\Register($db); if (\CODOF\User\User::usernameExists($username)) { $username .= time(); } $reg->username = $username; $reg->name = $username; $reg->mail = $mail; $reg->user_status = 1; $ret = $reg->register_user(); $reg->login(); if (!empty($ret)) { echo "error"; }
/** * pdo 执行多条insert update delete语句 * @param string $sqlParamsArr, 传递过来的sql和参数数组 * array ( * array('sql' => 'sql string', 'params' => array('placeholder' => 'paramValue')) 或者 array('sql string', array('placeholder' => 'paramValue')) , * array(), * ... * ) * @return boolean ,执行成功返回真,执行失败返回flase * */ public function multipleExecute($sqlParamsArr) { if (!(is_array($sqlParamsArr) && count($sqlParamsArr))) { EException::throwException('the second arguemnts of fetchOne() function is not correct'); } $pdo = DB::getPDO(); $pdo->beginTransaction(); foreach ($sqlParamsArr as $sqlParams) { if (!(is_array($sqlParams) && count($sqlParams))) { EException::throwException('the second arguemnts of fetchOne() function is not correct'); } $stmt = $pdo->prepare($sqlParams['sql']); if (is_array($sqlParams['params']) && count($sqlParams)) { foreach ($sqlParams['params'] as $key => $value) { $stmt->bindValue($key, $value); //bindValue和bindParam的区别!bindValue()直接将变量的值绑定到语句中, 而bindParam将变量作为引用进行绑定,并只在 PDOStatement::execute() 被调用的时候才取其值。 //多个参数循环后赋给第一个参数的值变成了后面的绑定变量的值从而导致类型出错导致sql执行出错 //同一组参数内多个占位符进行赋值的时候用bindValue(),针对不同组但组的类型相同时则用bindParam } } $stmt->execute(); //$stmt->debugDumpParams(); if (!$stmt->rowCount()) { $pdo->rollBack(); //某一条语句执行失败,回滚 return false; //并返回false } $stmt->closeCursor(); //关闭游标 } $pdo->commit(); return true; }
function __construct() { $this->db = \DB::getPDO(); }
/** * pdo 执行多条insert update delete语句 * @param string $sqlParamsArr, 传递过来的sql和参数数组 * array ( * array('sql' => 'sql string', ['params' => array('placeholder' => 'paramValue')]) , * array(), * ... * ) * @return boolean ,执行成功返回真,执行失败返回flase * */ public function multipleExecute($sqlParamsArr, $rollBack = true, &$errorRowArr = array(), &$affectedRows = 0) { if (!(is_array($sqlParamsArr) && count($sqlParamsArr))) { EException::throwException('the first arguemnts of multipleExecute() function is not correct'); } $pdo = DB::getPDO(); $pdo->beginTransaction(); foreach ($sqlParamsArr as $sqlParams) { if (!(is_array($sqlParams) && count($sqlParams))) { EException::throwException('the second arguemnts of multipleExecute() function is not correct'); } $stmt = $pdo->prepare($sqlParams['sql']); if (isset($sqlParams['params']) && is_array($sqlParams['params']) && count($sqlParams)) { foreach ($sqlParams['params'] as $key => $value) { $stmt->bindValue($key, $value); //bindValue和bindParam的区别!bindValue()直接将变量的值绑定到语句中, 而bindParam将变量作为引用进行绑定, //并只在 PDOStatement::execute() 被调用的时候才取其值。 //多个参数循环后赋给第一个参数的值变成了后面的绑定变量的值从而导致类型出错导致sql执行出错 //同一组参数内多个占位符进行赋值的时候用bindValue(),针对不同组但组的类型相同时则用bindParam } } $stmt->execute(); //$stmt->debugDumpParams(); if (!$stmt->rowCount() && $sqlParams['userFlag'] == false) { //开启多条语句出错回滚机制 if (!$rollBack) { $errorRowArr[] = array('sql' => $sqlParams['sql'], 'sheetName' => $sqlParams['sheetName'], 'row' => $sqlParams['row']); } else { $pdo->rollBack(); //某一条语句执行失败,回滚 return false; //并返回false } } else { if ($sqlParams['userFlag'] == false) { $affectedRows = $affectedRows + 1; } } $stmt->closeCursor(); //关闭游标 } $pdo->commit(); return true; }
/** * Saves permissions of all roles from the database */ private static function getPermissions() { $db = \DB::getPDO(); $user = \CODOF\User\User::get(); $uid = $user->id; $rids = $user->rids; $qry = 'SELECT * FROM codo_permissions WHERE rid IN (' . implode(",", $rids) . ')'; $obj = $db->query($qry); $result = $obj->fetchAll(); $permissions = self::$permissions; foreach ($result as $res) { if (isset($permissions[$uid][$res['permission']][$res['cid']][$res['tid']])) { if ($res['granted'] == '1') { //change only if higher priority i.e Granted $permissions[$uid][$res['permission']][$res['cid']][$res['tid']] = 1; } } else { $permissions[$uid][$res['permission']][$res['cid']][$res['tid']] = (int) $res['granted']; } } self::$permissions = $permissions; }
/** * Adds role to the roles table * @param string $rname * @return int */ public function addRole($rname) { \DB::table(PREFIX . 'codo_roles')->insert(array('rname' => $rname)); return \DB::getPDO()->lastInsertId('rid'); }
/* * @CODOLICENSE */ if (!isset($_SESSION)) { define('_JEXEC', 'JOO'); defined('_JEXEC') or die; session_start(); require 'connector.php'; if (md5($_GET['id'] . codopm::$secret) != $_GET['xhash']) { die("CODOPM SAYS: Invalid X=hash"); } codopm::$table['mail_column'] = 'email'; codopm::$upload_path = "../"; codopm_do_route(); } else { codopm::$db = \DB::getPDO(); dispatch('codopm', 'codopm_do_route'); dispatch_post('codopm', function () { codopm_do_route(); }); } class response { public $has_error = false; public $msg = ""; } function pexecute($query, $variable_array = array()) { $sth = codopm::$db->prepare($query); $sth->execute($variable_array); return $sth;
public function __construct() { $this->db = \DB::getPDO(); $conf = get_codo_db_conf(); $this->isMySQL = in_array($conf['driver'], array('mysql', 'mysqli')); }
/** * Logs the user in by setting the SESSION and last login time in database * @param string $value * @param string $col * @return boolean */ protected static function _login($value, $col) { $qry = "SELECT id FROM " . PREFIX . "codo_users WHERE {$col}=:value"; $db = \DB::getPDO(); $obj = $db->prepare($qry); $obj->execute(array('value' => $value)); $res = $obj->fetch(); if ($res) { $id = $res['id']; session_regenerate_id(true); $_SESSION[UID . 'USER']['id'] = $id; self::setLoginTime($id, $db); return true; } return false; }
<?php $smarty = \CODOF\Smarty\Single::get_instance(); $smarty->assign('msg', ''); global $CONF; if (isset($_GET['logout'])) { session_destroy(); $smarty->assign('logged_in', 'no'); $smarty->assign('A_username', 'Hello'); } if (isset($_POST['username'])) { $login = new \CODOF\User\Login(\DB::getPDO()); $login->username = $_POST['username']; $login->password = $_POST['password']; $result = $login->process_login(); $uobj = json_decode($result); if ($uobj->msg == 'success') { $user = CODOF\User\User::get(); if (!$user->hasRoleId(ROLE_ADMIN)) { $smarty->assign('msg', 'You do not have enough permissions'); } else { $avatar = str_replace("admin/", "", $user->avatar); $_SESSION[UID . 'A_loggedin_created'] = date("F j, Y", $user->created); $_SESSION[UID . 'A_loggedin_avatar'] = $avatar; $_SESSION[UID . 'A_loggedin_username'] = $login->username; $_SESSION[UID . 'A_loggedin'] = 'admin'; //($_SESSION[UID.'USER']['id']); //var_dump($_SESSION); header("Location: index.php"); } } else {
public static function deletePicture($id) { $pdo = DB::getPDO(); $pic = self::getPicture($id); $st = $pdo->prepare("DELETE FROM pictures WHERE id=:id"); $st->execute(array('id' => $id)); $path = dirname(__FILE__) . '/pictures/' . $pic['path']; @unlink($path); }
public function deleteReply($_tid) { $db = \DB::getPDO(); $pid = (int) $_tid; $qry = 'SELECT p.post_status, p.cat_id, p.topic_id,p.uid, p.imessage FROM ' . PREFIX . 'codo_posts AS p' . ' WHERE p.post_id=' . $pid; $res = $db->query($qry); if ($res) { $row = $res->fetch(); $status = $row['post_status']; $cid = $row['cat_id']; $text = $row['imessage']; $user = \CODOF\User\User::get(); if ($user->can('moderate posts', $cid)) { $qry = 'UPDATE ' . PREFIX . 'codo_posts SET post_status=' . \CODOF\Forum\Forum::DELETED . ' WHERE post_id=' . $pid; $db->query($qry); if ($status == \CODOF\Forum\Forum::PRE_MODERATION) { $filter = new \CODOF\SpamFilter(); $filter->spam($text); } } } }
public static function is_field_present($value, $field) { $db = \DB::getPDO(); //no need for limit because the fields are always checked for uniqueness $qry = "SELECT id FROM codo_users WHERE {$field}=:value"; $obj = $db->prepare($qry); $obj->execute(array("value" => $value)); $res = $obj->fetch(); if (!empty($res)) { return $res['id']; } return false; }
public function __construct() { $this->smarty = \CODOF\Smarty\Single::get_instance(); $this->db = \DB::getPDO(); }
function delete_category($id, $delete_children) { $cids = array(); if ($delete_children === 'yes') { $category = new CODOF\Forum\Category(\DB::getPDO()); $cats_tree = $category->generate_tree($category->get_categories()); $children = $category->get_sub_categories($cats_tree, $id); $cids = get_cids($children); if ($cids !== NULL) { DB::table(PREFIX . 'codo_categories')->whereIn('cat_id', $cids)->delete(); } else { $cids = array(); } } else { DB::table(PREFIX . 'codo_categories')->where('cat_pid', '=', $id)->update(array('cat_pid' => 0)); } DB::table(PREFIX . 'codo_categories')->where('cat_id', $id)->delete(); //delete all topics if ($delete_children !== 'yes') { $ids = array($id); } else { $ids = array_merge(array($id), $cids); } DB::table(PREFIX . 'codo_topics')->whereIn('cat_id', $ids)->delete(); DB::table(PREFIX . 'codo_unread_topics')->whereIn('cat_id', $ids)->delete(); DB::table(PREFIX . 'codo_unread_categories')->whereIn('cat_id', $ids)->delete(); //DB::table(PREFIX . 'codo_tags AS g') // ->join(PREFIX . 'codo_topics AS t', 't.topic_id', '=', 'g.topic_id') // ->whereIn('t.cat_id', $ids)->delete(); $q = 'DELETE codo_tags FROM ' . PREFIX . 'codo_tags ' . ' LEFT JOIN ' . PREFIX . 'codo_topics ON ' . PREFIX . 'codo_tags.topic_id=' . PREFIX . 'codo_topics.topic_id ' . ' WHERE ' . PREFIX . 'codo_topics.cat_id IN (' . implode(',', $ids) . ')'; \DB::delete($q); DB::table(PREFIX . 'codo_notify_subscribers')->whereIn('cid', $ids)->delete(); DB::table(PREFIX . 'codo_permissions')->whereIn('cid', $ids)->delete(); $qry = 'UPDATE ' . PREFIX . 'codo_users AS u,' . PREFIX . 'codo_posts As p SET no_posts=no_posts-' . '(SELECT COUNT(post_id) FROM codo_posts WHERE cat_id=' . $id . ' AND post_status <> 0 AND uid=u.id) WHERE p.cat_id=' . $id . ' AND u.id=p.uid'; DB::getPDO()->query($qry); DB::table(PREFIX . 'codo_posts')->whereIn('cat_id', $ids)->delete(); }
*/ dispatch_get('uni_login/login/:name', function ($name) { // config and includes $config = SYSPATH . 'Ext/hybridauth/config.php'; require_once SYSPATH . "Ext/hybridauth/Hybrid/Auth.php"; try { // hybridauth EP $hybridauth = new Hybrid_Auth($config); // automatically try to login with Twitter $adapter = $hybridauth->authenticate($name); // get the user profile $user_profile = $adapter->getUserProfile(); // var_dump($user_profile); //oauth identifier $oauth_id = md5($name . $user_profile->identifier); $db = \DB::getPDO(); $qry = 'SELECT id, username, avatar FROM ' . PREFIX . 'codo_users WHERE oauth_id=:oauth_id'; $stmt = $db->prepare($qry); $stmt->execute(array(":oauth_id" => $oauth_id)); $username = CODOF\Filter::clean_username($user_profile->displayName); $profile = $stmt->fetch(); if (!empty($profile)) { if ($username != $profile['username'] || $user_profile->photoURL != $profile['avatar']) { //profile has been updated remotely $qry = 'UPDATE ' . PREFIX . 'codo_users SET username=:name,avatar=:avatar WHERE oauth_id=:id'; $stmt = $db->prepare($qry); $stmt->execute(array(":name" => $username, ":avatar" => $user_profile->photoURL, ":id" => $oauth_id)); } CODOF\User\User::login($profile['id']); } else { //no local copy of this profile yet
dispatch_get('Ajax/cron/run/:name', function ($name) { $user = CODOF\User\User::get(); if (Request::valid($_GET['token']) && $user->hasRoleId(ROLE_ADMIN)) { $cron = new \CODOF\Cron\Cron(); if (!$cron->run($name)) { echo 'Unable to run cron ' . $name . ' because another cron is already running'; } } //exit; }); //-------------PAGES-------------------------- dispatch_get('/page/:id/:url', function ($id, $url) { $pid = (int) $id; $user = \CODOF\User\User::get(); $qry = 'SELECT title, content FROM ' . PREFIX . 'codo_pages p ' . ' LEFT JOIN ' . PREFIX . 'codo_page_roles r ON r.pid=p.id ' . ' WHERE (r.rid IS NULL OR (r.rid IS NOT NULL AND r.rid IN (' . implode($user->rids) . ')))' . ' AND p.id=' . $pid; $res = \DB::getPDO()->query($qry); $row = $res->fetch(); if ($row) { $title = $row['title']; $content = $row['content']; $smarty = CODOF\Smarty\Single::get_instance(); $smarty->assign('contents', $content); \CODOF\Store::set('sub_title', $title); \CODOF\Smarty\Layout::load('page'); \CODOF\Hook::call('on_page_load', array($id)); } else { $page = \DB::table(PREFIX . 'codo_pages')->where('id', $id)->first(); if ($page == null) { \CODOF\Smarty\Layout::not_found(); } else { \CODOF\Smarty\Layout::access_denied();