public function update() { $db = new Database(); $db->connect(); $returnValue; //if($this->isCreated()){ $where = 'id=' . $this->getId(); $updateInformation = array(); $updateInformation["name"] = $db->escapeString($this->getName()); $updateInformation["description"] = $db->escapeString($this->getDescription()); $updateInformation["display"] = $db->escapeString($this->getDisplay()); date_default_timezone_set('America/Chicago'); $updateInformation["last_updated_timestamp"] = $db->escapeString(date('Y-m-d G:i:s')); $result = $db->update(static::$tableName, $updateInformation, $where); if ($result) { $returnValue = true; } else { $returnValue = false; } $db->disconnect(); //}else{ // $returnValue = false; //} return $returnValue; }
public function update() { $db = new Database(); $db->connect(); $where = 'id=' . $this->getId(); $updateInformation = array(); $updateInformation['name'] = $db->escapeString($this->getName()); $updateInformation['description'] = $db->escapeString($this->getDescription()); $updateInformation["last_updated_timestamp"] = $db->escapeString(date('Y-m-d G:i:s')); $result = $db->update(static::$tableName, $updateInformation, $where); $db->disconnect(); if ($result) { $this->setId($result); return $result; } else { return false; } }
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); if (isset($_POST['submit'])) { $newPass = $database->escapeString($_POST['newPass']); $confPass = $database->escapeString($_POST['confPass']); $code = $database->escapeString($_POST['code']); $hash = password_hash($newPass, PASSWORD_BCRYPT); if ($newPass != $confPass) { redirect($_SERVER['HTTP_REFERER'] . "&error=equals"); } else { if (strlen($newPass) < 6) { redirect($_SERVER['HTTP_REFERER'] . "&error=length"); } else { $user->setId($code); $user->setPassword($hash); if ($user->updatePassword()) { $path = "../logs"; $dateTime = strftime("%Y-%m-%d %H:%M:%S"); $text = "Password changed for user with ID:"; $content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text; $user->setId($_SESSION['USID']); $user->storeLog($content, $path); redirect("../users.php?users=1&pass=succeed"); } else {
<?php require_once 'db/config.php'; $con = new config(DB_HOST, DB_USER, DB_PASS, DB_NAME); $db = new Database($con); $db->openConnection(); $postdata = file_get_contents("php://input"); $jsonHandle = new jsonHandler(); $requestData = $jsonHandle->decode($postdata); $data = array(); $page = $db->escapeString($requestData->page); $innerPage = $db->escapeString($requestData->innerPage); if ($page == "dashboard") { $query = $db->query("SELECT * FROM tbl_hashtag"); /*Overview Page*/ if ($innerPage == "overview") { /*Check whether it contains tha hashtag data or not*/ if ($db->hasRows($query)) { $data['hashtagArray'] = array(); $i = 0; while ($row = $db->fetchAssoc($query)) { $hashtagName = $row['hashtagName']; /*Total Tweet Count*/ $totTweetsQuery = $db->query("SELECT COUNT(DISTINCT tweet_id) FROM tweet_tags WHERE tag = '{$hashtagName}'"); $totalTweets = $db->fetchArray($totTweetsQuery); $data['hashtagArray'][$i]['hashtagName'] = $hashtagName; $data['hashtagArray'][$i]['tweets'] = array(); //$tweetQuery = "SELECT * FROM tweet_tags LEFT JOIN" $data['hashtagArray'][$i]['totalTweets'] = $totalTweets[0]; $data['hashtagArray'][$i]['totalImpressions'] = $i + 2000; $data['hashtagArray'][$i]['profileVisits'] = 3000;
echo $d['id']; ?> " class="btn btn-primary btn-xs">Tindak</a></td> </tr> <?php } ?> </tbody> </table> <div class="alert alert-info" role="alert">Klik pada nama siswa atau NIS untuk melihat daftar peringatan.</div> <?php } else { if (isset($_POST['idtindak'])) { $idtindak = $db->escapeString($_POST['idtindak']); $status = $db->escapeString($_POST['status']); $db->update('tindak', array('tindak' => $status, 'ubah' => wkt(), 'idguru' => $_SESSION['userid']), "id='{$idtindak}'"); echo "Processing..."; eksyen('Data berhasil diubah', '?hal=penindakan'); } $id = mysql_real_escape_string($_GET['detail']); $db->select('tindak', '*', null, "id='{$id}'"); $res = $db->getResult(); foreach ($res as $d) { ?> <div class="col-lg-12"> <h1 class="page-header">Detail Tindakan <small>| <a href="?hal=penindakan">Kembali</a></small></h1> </div> <form action="" method="post">
if (isset($_GET['id'])) { echo '<h1 class="page-header">Ubah Data Sanksi <small>| <a href="?hal=sanksi">Kembali</a></small></h1>'; $id = $_GET['id']; $db->select('sanksi', '*', NULL, "id='{$id}'", null); // Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions $jum = $db->numRows(); if ($jum < 1) { eksyen('Data tidak ditemukan', '?hal=sanksi'); } $d = $db->getResult(); } else { echo '<h1 class="page-header">Tambah Data Sanksi <small>| <a href="?hal=sanksi">Kembali</a></small></h1>'; } if (isset($_POST['nama'])) { echo "Processing..."; $nama = $db->escapeString($_POST['nama']); $minimal = $db->escapeString($_POST['minimal']); $maksimal = $db->escapeString($_POST['maksimal']); if (isset($_POST['id'])) { $id = mysql_real_escape_string($_POST['id']); $db->update('sanksi', array('nama' => $nama, 'minimal' => $minimal, 'maksimal' => $maksimal, 'ubah' => wkt()), 'id="' . $id . '"'); eksyen('Data berhasil diubah', '?hal=sanksi'); } else { $db->insert('sanksi', array('nama' => $nama, 'minimal' => $minimal, 'maksimal' => $maksimal, 'ubah' => wkt())); $res = $db->getResult(); eksyen('Data berhasil diinput', '?hal=sanksi'); } } ?> <form action="" method="POST" class="form-horizontal" role="form"> <?php
<?php include 'class/mysql_crud.php'; $db = new Database(); $db->connect(); $data = $db->escapeString("*****@*****.**"); // Escape any input before insert $db->insert('CRUDClass', array('name' => 'Name 5', 'email' => $data)); // Table name, column names and respective values $res = $db->getResult(); print_r($res);
<?php //header('Access-Control-Allow-Origin: *'); //header('Content-Type: application/json; charset = UTF-8'); //session_start(); require_once 'db/config.php'; $con = new config(DB_HOST, DB_USER, DB_PASS, DB_NAME); $db = new Database($con); $db->openConnection(); $postdata = file_get_contents("php://input"); $jsonHandle = new jsonHandler(); $requestdata = $jsonHandle->decode($postdata); //$requestdata = json_decode($postdata); $userName = $db->escapeString($requestdata->userName); $userPass = $db->escapeString($requestdata->userPass); $data = array(); if (!empty($userName) && !empty($userPass)) { $query = $db->query("SELECT * FROM tbl_admin WHERE admin_user= '******' AND admin_pass = '******'"); if ($db->hasRows($query) > 0) { while ($row = $db->fetchAssoc($query)) { if ($row['admin_status'] == 1) { $_SESSION['user'] = $row['admin_user']; $_SESSION['loggedIn'] = true; $data['adminUser'] = $row['admin_user']; $data['adminType'] = $row['admin_type']; $data['adminMail'] = $row['admin_mail']; $data['adminContactMail'] = $row['admin_contactmail']; $data['loggedIn'] = true; /*Super admin*/ if ($row['admin_type'] == "sadmin") { $data['message'] = "You have successfully connected and too have full access over the data";
/** * Wrapper for the db. * * @param string $string * @return string */ public function escapeString($string) { return $this->db->escapeString($string); }
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); $menu = new Menu(); $links = new Links(); $pages = new Page(); if (isset($_POST['addMenuBtn'])) { $menuName = $database->escapeString($_POST['menuName']); $description = $database->escapeString($_POST['description']); // check if parent is set if (isset($_POST['parent']) && $_POST['parent'] != "" && $_POST['parent'] != null) { $parentLinkId = $database->escapeString($_POST['parent']); $links->setLinkId($parentLinkId); $language = $links->getSubMenusLangId($database); } else { $language = $database->escapeString($_POST['language']); $parentLinkId = 0; } // set values $menu->setLangId($language); $menu->setIsMain(0); $menu->setDescription($description); $menu->setParentLinkId($parentLinkId); $menu->setTitle($menuName); // do not allove a link to have two sub menus
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); $hotel = new Hotel(); $location = new Location(); $media = new Media(); if (isset($_POST['submit'])) { $name = $database->escapeString($_POST['name']); $address = $database->escapeString($_POST['address']); $stars = $database->escapeString($_POST['stars']); $destination = $database->escapeString($_POST['location']); $description = $database->escapeString($_POST['description']); $hotel->setHotelName($name); $hotel->setAddress($address); $hotel->setStars($stars); $hotel->setDescription($description); $hotel->setCityId($destination); if (isset($_POST['hotelId'])) { $hotelId = $database->escapeString($_POST['hotelId']); $hotel->setHotelId($hotelId); $hotel->update($database); } else { $hotelId = $hotel->create($database); } if (count($_FILES) != 0) {
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $user = new User(); $database = new Database(); $pageLayout = new PageLayout(); if (isset($_POST['pageLayoutList']) && $_POST['pageLayoutList'] != null) { foreach ($_POST['pageLayoutList'] as $pageLayoutId) { $pageLayout->setPageLayoutId($database->escapeString($pageLayoutId)); $pageLayout->getById($database); unlink("../" . $pageLayout->getImage()); $pageLayout->delete($database); $path = "../logs"; $dateTime = strftime("%Y-%m-%d %H:%M:%S"); $text = "Deleted page layout with id:" . $pageLayoutId . " and name: " . $pageLayout->getName(); $content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text; $user->setId($_SESSION['USID']); $user->storeLog($content, $path); echo "true"; } } else { echo "false"; }
} $db->select('tipoarticulo', 'idtipoart, descripcion'); // Table name, Column Names, WHERE conditions, ORDER BY conditions $res = $db->getResult(); $ltipoart = ''; foreach ($res as $key => $value) { $ltipoart .= '<option value="' . $value['idtipoart'] . '">' . $value['descripcion'] . '</option>'; } if (isset($_POST['btnguardar'])) { $db->select('articulo', 'max(idarticulo) as id'); // Table name, Column Names, WHERE conditions, ORDER BY conditions $res = $db->getResult(); foreach ($res as $key => $value) { $id = $value['id'] + 1; } $vcodint = $db->escapeString("{$_POST['txtcodint']}"); // Escape any input before insert $vmodelo = $db->escapeString("{$_POST['txtmodelo']}"); $vdescripcion = $db->escapeString("{$_POST['txtdescripcion']}"); $vdesetiqueta = $db->escapeString("{$_POST['txtdesetiqueta']}"); $vdesticket = $db->escapeString("{$_POST['txtdesticket']}"); $vdeslarga = $db->escapeString("{$_POST['txtdeslarga']}"); $vidfotoart = $db->escapeString("{$_POST['txtidfotoart']}"); $vcodbarra = $db->escapeString("{$_POST['txtcodbarra']}"); $vidimpuestos = $db->escapeString("{$_POST['idimpuestos']}"); $vidproveedor = $db->escapeString("{$_POST['txtidproveedor']}"); $vidmarca = $db->escapeString("{$_POST['txtidmarca']}"); $vpreciocosto = $db->escapeString("{$_POST['txtpreciocosto']}"); $vpvp = $db->escapeString("{$_POST['txtpvp']}"); $vmpcosto = $db->escapeString("{$_POST['txtmpcosto']}"); $vfechact = $db->escapeString("{$_POST['txtfechact']}");
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $user = new User(); $database = new Database(); if (isset($_GET['user']) && isset($_GET['active']) && $_GET['user'] != null && $_GET['active'] != null) { $id = $database->escapeString($_GET['user']); $active = $database->escapeString($_GET['active']); $user->setId($id); $user->setActive($active); if ($user->changeActive($database)) { $path = "../logs"; $dateTime = strftime("%Y-%m-%d %H:%M:%S"); $text = "Enabled/Disabled user with id :" . $id; $content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text; $user->setId($_SESSION['USID']); $user->storeLog($content, $path); redirect("../users.php"); } else { } } else { echo "User not set"; }
if (isset($_GET['id'])) { echo '<h1 class="page-header">Ubah Data Tata Tertib <small>| <a href="?hal=tatatertib">Kembali</a></small></h1>'; $id = $_GET['id']; $db->select('tata_tertib', '*', NULL, "id='{$id}'", null); // Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions $jum = $db->numRows(); if ($jum < 1) { eksyen('Data tidak ditemukan', '?hal=tatatertib'); } $d = $db->getResult(); } else { echo '<h1 class="page-header">Tambah Data Tata Tertib <small>| <a href="?hal=tatatertib">Kembali</a></small></h1>'; } if (isset($_POST['nama'])) { echo "Processing..."; $nama = $db->escapeString($_POST['nama']); $poin = $db->escapeString($_POST['poin']); $jenis = $db->escapeString($_POST['jenis']); if (isset($_POST['id'])) { $id = mysql_real_escape_string($_POST['id']); $db->update('tata_tertib', array('nama' => $nama, 'poin' => $poin, 'jenis' => $jenis, 'ubah' => wkt()), 'id="' . $id . '"'); eksyen('Data berhasil diubah', '?hal=tatatertib'); } else { $db->insert('tata_tertib', array('nama' => $nama, 'poin' => $poin, 'jenis' => $jenis, 'ubah' => wkt())); $res = $db->getResult(); eksyen('Data berhasil diinput', '?hal=tatatertib'); } } ?> <form action="" method="POST" class="form-horizontal" role="form"> <?php
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); $post = new Post(); $media = new Media(); if (isset($_POST['submit'])) { //print_r($_FILES['mediaUploads']); $title = $database->escapeString($_POST['title']); $undertitle = $database->escapeString($_POST['undertitle']); $pageId = $database->escapeString($_POST['pageId']); $body = $database->escapeString($_POST['body']); $d = new DateTime(); $date = $d->format('Y-m-d H:i'); $userId = $_SESSION['USID']; $post->setTitle($title); $post->setUnderTitle($undertitle); $post->setPageId($pageId); $post->setBody($body); $post->setDate($date); $post->setUserId($userId); if (isset($_POST['postId'])) { $postId = $database->escapeString($_POST['postId']); $post->setPostId($postId); $post->update($database); $post->deleteCategories($database);
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); $category = new Category(); if ($_POST['category']) { $category->setCategoryId($database->escapeString($_POST['categoryId'])); foreach ($_POST as $key => $value) { if ($key == "categoryId" || $key == "submit") { continue; } $category->update($database, $key, $value); } redirect("../posts.php?posts=4&category={$_POST['categoryId']}"); } else { echo "<h2>Problem in editing category. Try again later or contact your administrator.</h2>"; }
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $user = new User(); $database = new Database(); $page = new Page(); if (isset($_POST['pageList']) && $_POST['pageList'] != null) { foreach ($_POST['pageList'] as $pageId) { $page->setPageId($database->escapeString($pageId)); $page->delete($database); $path = "../logs"; $dateTime = strftime("%Y-%m-%d %H:%M:%S"); $text = "Deleted page with id:" . $pageId; $content = $dateTime . " " . $_SESSION['USNM'] . ": " . $text; $user->setId($_SESSION['USID']); $user->storeLog($content, $path); echo "true"; } } else { echo "false"; }
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); $widget = new Widget(); $menu = new Menu(); $post = new Post(); if (isset($_POST['widgetName'])) { $widgetId = $database->escapeString($_POST['widgetName']); $widgetName = "Widget " . $widgetId; $widget->setWidgetId($widgetId); $widget->setName($widgetName); $widget->setMenuId(0); $widget->setPostId(0); if ($widget->create($database)) { echo "true"; } else { echo "false"; } } else { if (isset($_POST['widgetIds'])) { foreach ($_POST['widgetIds'] as $widgetId) { $widget->setWidgetId($widgetId); $widget->delete($database); } echo "true";
echo $row["active"] . "<br />"; echo "- - - - - <br><br>"; } echo "<br/><br/>"; // Delete Rows echo "Delete Rows"; echo "<br />------------------<br />"; // [Table name], [WHERE] $db->delete('posts', 'id=5'); $response = $db->getResponse(); echo $response[0] == TRUE ? 'TRUE' : 'FALSE'; echo "<br/><br/>"; // Insert Rows echo "Insert Rows"; echo "<br />------------------<br />"; $title = $db->escapeString("Title 5"); // Escape String $content = $db->escapeString("Lorem Ipsum"); // Escape String $db->insert('posts', array('id' => 5, 'title' => $title, 'slug' => 'title-5', 'content' => $content, 'category' => 'Category 5', 'keywords' => 'keyword 1 keyword 2', 'image' => 'image', 'create' => date("Y-m-d H:i:s"), 'update' => NULL, 'active' => TRUE)); $response = $db->getResponse(); echo $response[0] == TRUE ? 'TRUE' : 'FALSE'; echo "<br/><br/>"; // Update Rows echo "Update Rows"; echo "<br />------------------<br />"; // [Table name], [UPDATE Values], [WHERE] $db->update('posts', array('active' => FALSE), 'id=5 AND active=TRUE'); $response = $db->getResponse(); echo $response[0] == TRUE ? 'TRUE' : 'FALSE'; echo "<br/><br/>";
<?php include 'includes.php'; $partController = new PartController(); $categoryId = $_GET['id']; $db = new Database(); $db->connect(); $db->delete("categories", "id=" . $categoryId); $update = array(); $update["parent_id"] = $db->escapeString(null); $db->update("categories", $update, "parent_id=" . $categoryId); $db->delete("category_connector", "category_id=" . $categoryId); header("Location: /admin/categories");
$tags = $_POST['tags']; //Gets array of categories $categories = $_POST['categories']; $db = new Database(); $db->connect(); //CATEGORIES $db->select("category_connector", "category_id", null, "item_id=" . $id); $existingCategories = array_column($db->getResult(), 'category_id'); //GET ALL Grandparent Cats $db->select("categories", "id", null, "parent_id = 0"); $grandparentCats = array_column($db->getResult(), 'id'); foreach ($categories as $key => $categoryId) { $pos = array_search($categoryId, $existingCategories); if ($pos === false) { $sanitizedInformation = array(); $sanitizedInformation["category_id"] = $db->escapeString($categoryId); $sanitizedInformation["item_id"] = $db->escapeString($id); $db->insert("category_connector", $sanitizedInformation); checkForParentCat($categoryId); } else { checkForParentCat($existingCategories[$pos]); unset($existingCategories[$pos]); } } //remove categories that were attached but were removed from the list foreach ($existingCategories as $key => $categoryId) { $result = $db->delete("category_connector", "category_id=" . $categoryId . " AND item_id=" . $id); } function checkForParentCat($catId) { global $existingCategories;
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); if (isset($_POST['privilege']) && isset($_POST['userId'])) { $isOk = false; $userID = $database->escapeString($_POST['userId']); $privilegeId = $database->escapeString($_POST['privilege']); if ($_SESSION['USPRID'] == 1) { $isOk = true; } else { if ($_SESSION['USPRID'] == 2) { $user->setId($userID); $user->getById($database); if ($user->getCompanyId() == $_SESSION['CID']) { $isOk = true; } } } if ($isOk) { $user->setPrivilegeId($privilegeId); $user->setId($userID); if ($user->changePrivilege()) { echo "true"; } else { echo "false";
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); $language = new Language(); if (isset($_GET['langId'])) { $langId = $database->escapeString($_GET['langId']); $language->setId($langId); $language->setDefault(1); if ($language->updateDefault($database)) { redirect("../settings.php?settings=1"); } else { echo "<h2>Default language cannot be change. Contact your administrator</h2>"; } } else { echo "<h2>Try again or contact your administrator</h2>"; }
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $user = new User(); $database = new Database(); $page = new Page(); // check the parameters if (isset($_GET['page']) && isset($_GET['active']) && $_GET['page'] != null && $_GET['active'] != null) { // set page id $pageId = $database->escapeString($_GET['page']); $page->setPageId($pageId); // change the visibility otherwise if ($_GET['active'] == 1) { $visibility = 0; $page->setVisibility($visibility); $page->chageVisibility($database); redirect("../pages.php?pages=1"); } else { if ($_GET['active'] == 0) { $visibility = 1; $page->setVisibility($visibility); $page->chageVisibility($database); redirect("../pages.php?pages=1"); } else { echo "<h1>Go back and try again or contact your Administrator<br>There is something wrong with the visibility value</h1>"; } }
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); $menu = new Menu(); $links = new Links(); $pages = new Page(); if (isset($_GET['menuid']) && $_GET['menuid'] != null) { $menuId = $database->escapeString($_GET['menuid']); $links->setMenuId($menuId); $menu->setMenuId($menuId); // look if this menu is a main menu $isMain = $menu::getMainMenuId($database); // delete menu with his links if ($links->deleteByMenu($database) && $menu->delete($database)) { // make main menu the next top menu if ($isMain == $menuId) { $menu->makeTopMenuToMain($database); } redirect("../pages.php?pages=4"); } else { echo "<h1>Contact your administrator</h1>"; } } else { echo "<h1>DELETION FAILED! Go back and try again or contact your administrator</h1>"; }
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); $category = new Category(); if (isset($_POST['categoryName'])) { $categoryName = $database->escapeString($_POST['categoryName']); $parent = $database->escapeString($_POST['parent']); $category->setCategory($categoryName); $category->setInherit($parent); if ($category->create($database)) { echo "true"; } else { echo "false"; } } else { if (isset($_POST['categoryId'])) { foreach ($_POST['categoryId'] as $categoryId) { $category->setCategoryId($categoryId); $category->delete($database); $category->deleteCategories($database); } echo "true"; } else { echo "Try again later"; }
/** * this function uploads the pdf file from the form to the respective directory papers/course/level/filename.pdf */ function uploader() { /** * the default max_upload_filesize in php is 2 mb * so if a larger file is to be uploaded then go to php.ini inside xampp/apache and change the value of max_upload_filesize as required */ $target_dir = 'C:/xampp/htdocs/QuestionBank/papers/'; //folder where the file is to be stored $conn = new Database(); //creating new connection $conn->connect(); //connecting to the database $info = pathinfo($_FILES['pdf_file']['name']); //filename of uploaded file $ext = '.' . $info['extension']; // get the extension of the file $course_id = $_POST['course']; $level_id = $_POST['level']; $subject_id = $_POST['subject']; $year = $_POST['year']; $sql = "SELECT course_code FROM courses WHERE id = {$course_id}"; //sql command to fetch the course code for determining the name of the course directory $course_code = $conn->query($sql)->fetch_object()->course_code; //gets the course code of the course from course table in the database $target_course_dir = $course_code . '/'; $paper_name = ''; //file name of the pdf paper file // echo 'direcgtoy name:'. dirname(__FILE__); //mkdir($target_dir.$target_course_dir); if (!file_exists($target_dir . $target_course_dir)) { //the course folder doesnot exist... // echo ' <br>1. if (!file_exists(' . $target_dir . $target_course_dir . ') ) {'; if (mkdir($target_dir . $target_course_dir)) { //new folder for courses created... // echo '<br>1.1 from helper: Directory for course created : '. $target_dir . $target_course_dir; $sql = "SELECT level_id FROM levels WHERE id = {$level_id}"; //sql command to fetch the course code for determining the name of the course directory $level_code = $conn->query($sql)->fetch_object()->level_id; //gets the level code of the level from course table in the database $target_level_dir = $level_code . '/'; if (!file_exists($target_dir . $target_course_dir . $level_code)) { //the level folder doesnot exist... // echo '<br>1.1.1 if(!file_exists(' . $target_dir . $target_course_dir . $level_code . ')){}'; if (mkdir($target_dir . $target_course_dir . $target_level_dir)) { //new folder created for the level with level_id = $level_code // echo '<br>1.1.1.1 if(mkdir( '.$target_dir . $target_course_dir . $target_level_dir.' )){'; // echo '<br>Message from helper: Directory for level created : '. $target_dir . $target_course_dir . $target_level_dir; $sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}"; //sql command to fetch the subject code for determining the filename of the new uploaded file $subject_code = $conn->query($sql)->fetch_object()->sub_code; //gets the course code of the course from course table in the database $paper_name = $subject_code . '_' . $year; //name of the pdf file $final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext; //final location of the file $file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext; //path of the file to be stored in the database $sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path; $file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false; if (!$file_exists) { //file is not recorded in the database, i.e. the paper doesnot exist in the database if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) { //file successfully saved to permanent location //now save the file path in the database in location field in table: papers // echo "<br>1.1.1.1 if(move_uploaded_file(" . $_FILES['pdf_file']['tmp_name'] . "," . $target_dir . $target_course_dir . $target_level_dir . $paper_name . "{"; // echo '<br>Message from helper : File successfully added'; $paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year); if ($conn->insert('papers', $paper_details)) { // echo '<br>Message from DB: file saved in database'; $insert_id = $conn->getResult(); //stores the array returned from the database object $conn $return_value = $insert_id[0]; //return value for paper_id return $insert_id[0]; //returning the new id of the paper inserted } else { // echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)'; return false; } } else { // echo ' <br>1.1.2 Error from helper.php: could not save file '; return false; } } else { // echo '<br>Warning from helper: File already present in the database'; } } else { //could not create new directory for levels // echo '<br> Error from helper.php:could not create new level folder'; return false; } } else { //the level folder exists //move the uploaded file to this folder // echo '<br>Message from helper: directory for levels already exists '.$level_code; $final_location = $target_dir . $target_course_dir . $target_level_dir; $sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}"; //sql command to fetch the subject code for determining the filename of the new uploaded file $subject_code = $conn->query($sql)->fetch_object()->sub_code; //gets the course code of the course from course table in the database $paper_name = $subject_code . '_' . $year; // permanent name of the paper $final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext; //final location of the file to be stored in the disk $file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext; //path of the file to be stored in the database $sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path; $file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false; if (!$file_exists) { if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) { //file successfully saved to permanent location //now save the file path in the location field in table: papers // echo "<br>1.1.1.1 if(move_uploaded_file(" . $_FILES['pdf_file']['tmp_name'] . "," . $target_dir . $target_course_dir . $target_level_dir . $paper_name . "{"; // echo '<br>Message from helper : File successfully saved in disk'; $paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year); if ($conn->insert('papers', $paper_details)) { // echo '<br>Message from DB: file saved in database'; $insert_id = $conn->getResult(); //stores the result from the object $conn which is in the form of array $return_value = $insert_array[0]; //return value for paper_id return $insert_id; //returning the new id of the paper inserted } else { // echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)'; return false; } } else { // echo ' <br>1.1.2 Error from helper.php: could not save file in disk'; return false; } } } } else { //the new folder could not be created // echo '<br>Error from helper:could not create directory for course. '.$target_dir.$target_course_dir; return false; } } else { //the course directory already exists... //check if the level directory exists or not // echo '<br>Message from helper : directory for course exists : '. $sql = "SELECT level_id FROM levels WHERE id = {$level_id}"; //sql command to fetch the course code for determining the name of the course directory $level_code = $conn->query($sql)->fetch_object()->level_id; //gets the level code of the level from level table in the database $target_level_dir = $level_code . '/'; //directory name for level if (!file_exists($target_dir . $target_course_dir . $target_level_dir)) { //the level folder doesnot exist if (mkdir($final_location = $target_dir . $target_course_dir . $target_level_dir)) { //new folder created for the level with level_id = $level_code // echo '<br>Directory for level exists.'; $sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}"; //sql command to fetch the subject code for determining the filename of the new uploaded file which then concatenates with the year to give the full filename $subject_code = $conn->query($sql)->fetch_object()->sub_code; //gets the course code of the course from course table in the database $paper_name = $subject_code . '_' . $year; $final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext; $file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext; $sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path; $file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false; if (!$file_exists) { if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) { // echo '<br>Error from helper: file successfully saved in disk'; $paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year); if ($conn->insert('papers', $paper_details)) { // echo '<br>Message from DB: file saved in database'; $insert_id = $conn->getResult(); //stores the result from the database object $conn and is in the form of array $return_value = $insert_id[0]; //return value for paper_id return $return_value; //returning the new id of the paper inserted } else { // echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)'; return false; } } else { // echo '<br>Error from helper : file couldnot be added'; return false; } } else { // echo '<br>Message from DB: couldnot insert record into database(file already exists in the database)'; } } else { // echo '<br>Error from helper:folder could not be created'; return false; } } else { //the level folder exists //move the uploaded file to this folder // echo '<br>Message from helper : directory for level exists : '; $final_location = $target_dir . $target_course_dir . $target_level_dir; $sql = "SELECT sub_code FROM subjects WHERE id = {$subject_id}"; //sql command to fetch the subject code for determining the filename of the new uploaded file $subject_code = $conn->query($sql)->fetch_object()->sub_code; //gets the course code of the course from course table in the database $paper_name .= $subject_code . '_' . $year; $final_location = $target_dir . $target_course_dir . $target_level_dir . $paper_name . $ext; $file_path = 'papers/' . $target_course_dir . $target_level_dir . $paper_name . $ext; $sql = "SELECT location FROM papers WHERE course_id = " . $course_id . " AND level_id = " . $level_id . " AND sub_id = " . $subject_id . "AND location = " . $file_path; $file_exists = $conn->query($sql) ? $conn->query($sql)->fetch_object()->location : false; if (!$file_exists) { if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $final_location)) { // echo '<br>Message from helper: file successfully added'; $paper_details = array('course_id' => $course_id, 'level_id' => $level_id, 'sub_id' => $subject_id, 'location' => $conn->escapeString($file_path), 'year' => $year); if ($conn->insert('papers', $paper_details)) { // echo '<br>Message from DB: file saved in database'; $insert_array = $conn->getResult(); $return_value = $insert_array[0]; return $return_value; //returning the new id of the paper inserted } else { // echo '<br>Message from DB: couldnot insert record into database'; return false; } } else { // echo '<br>Error from helper : file couldnot be added'; return false; } } else { // echo '<br>Message from helper: File already exists in the database'; } } } }
<?php require_once '../model/paths.php'; $session = new Session(); if (!$session->isLogin) { redirect("../login.php"); } $database = new Database(); $user = new User(); $language = new Language(); $category = new Category(); if (isset($_POST['langName'])) { $langName = $database->escapeString($_POST['langName']); $language->setLangName($langName); if ($language->create($database)) { $columnName = strtolower($langName); $category->insertColumnForLanguage($database, $columnName); echo "true"; } else { echo "false"; } } else { if (isset($_POST['languageIds'])) { foreach ($_POST['languageIds'] as $langId) { $language->setId($langId); $language->getById($database); if ($language->getLangName() != "") { $category->deleteColumnForLanguage($database, strtolower($language->getLangName())); } $language->delete($database); }
if (isset($_GET['id'])) { echo '<h1 class="page-header">Ubah Data Kelas <small>| <a href="?hal=kelas">Kembali</a></small></h1>'; $id = $_GET['id']; $db->select('kelas', '*', NULL, "id='{$id}'", null); // Table name, Column Names, JOIN, WHERE conditions, ORDER BY conditions $jum = $db->numRows(); if ($jum < 1) { eksyen('Data tidak ditemukan', '?hal=kelas'); } $d = $db->getResult(); } else { echo '<h1 class="page-header">Tambah Data Kelas <small>| <a href="?hal=kelas">Kembali</a></small></h1>'; } if (isset($_POST['nama'])) { echo "Processing..."; $nama = $db->escapeString($_POST['nama']); $wali = $db->escapeString($_POST['wali']); if (isset($_POST['id'])) { $id = mysql_real_escape_string($_POST['id']); $db->update('kelas', array('nama' => $nama, 'wali_kelas' => $wali, 'ubah' => wkt()), 'id="' . $id . '"'); eksyen('Data berhasil diubah', '?hal=kelas'); } else { $db->insert('kelas', array('nama' => $nama, 'wali_kelas' => $wali, 'buat' => wkt())); $res = $db->getResult(); eksyen('Data berhasil diinput', '?hal=kelas'); } } ?> <form action="" method="POST" class="form-horizontal" role="form"> <?php if (isset($_GET['id'])) {