public function delete_unused_urls() { Database::begin(); try { Database::sql('DELETE FROM post_link WHERE post_id NOT IN (SELECT id FROM post)'); Database::sql('DELETE FROM post_update_link WHERE update_id NOT IN (SELECT id FROM post_update)'); Database::sql('DELETE FROM post_link_url WHERE link_id NOT IN (SELECT id FROM post_link)'); Database::sql('DELETE FROM post_update_link_url WHERE link_id NOT IN (SELECT id FROM post_update_link)'); Database::sql('DELETE FROM post_url WHERE id NOT IN (SELECT url_id FROM post_link_url) AND id NOT IN (SELECT url_id FROM post_update_link_url)'); $count = Database::count_affected(); if ($count > self::MAX_LINK_DELETIONS) { Database::rollback(); throw new Error_Cron('Too many post urls pending for deletion'); } Database::commit(); } catch (PDOException $e) { Database::rollback(); throw new Error_Cron('Error with database, while deleting post urls'); } }
function edittag() { Check::rights(); if (query::$post['old_alias'] != query::$post['alias']) { $params = array( '|'.query::$post['old_alias'].'|', '|'.query::$post['alias'].'|', ); Database::sql('update post set tag = replace(tag,?,?)', $params); Database::sql('update video set tag = replace(tag,?,?)', $params); Database::sql('update art set tag = replace(tag,?,?)', $params); } $variants = array_unique(array_filter(explode(' ',str_replace(',', ' ', query::$post['variants'])))); if (!empty($variants)) { $variants = '|'.implode('|',$variants).'|'; } else { $variants = '|'; } Database::update('tag', array( 'alias' => query::$post['alias'], 'name' => query::$post['name'], 'variants' => $variants, 'color' => query::$post['color'] ), query::$post['id']); }
function myplugin_activate() { $db = new Database(); $db->connect(); // Create Items Table $filesTableExists = $db->select("items"); if (!$filesTableExists) { $sql = "CREATE TABLE items (\n\t\t\t\t\tid INT NOT NULL AUTO_INCREMENT PRIMARY KEY,\n\t\t\t\t\tname VARCHAR(200) NOT NULL,\n\t\t\t\t\tuploaded_timestamp timestamp,\n\t\t\t\t\tlast_updated_timestamp timestamp\n\t\t\t\t)"; $result = $db->sql($sql); if ($result) { echo "Items Table created.<br>"; } else { echo "Error When Creating Items Table<br>"; } } else { echo "Items Table already exists.<br>"; } // Create Files Table $filesTableExists = $db->select("files"); if (!$filesTableExists) { //change on uploaded attr $sql = "CREATE TABLE files (\n\t\t\t\t\tid INT NOT NULL AUTO_INCREMENT PRIMARY KEY,\n\t\t\t\t\tfileName VARCHAR(300) NOT NULL,\n\t\t\t\t\tname VARCHAR(200) NOT NULL,\n\t\t\t\t\tpath VARCHAR(200) NOT NULL,\n\t\t\t\t\tviews INT NOT NULL,\n\t\t\t\t\tuploadedTimestamp timestamp,\n\t\t\t\t\tlastUpdatedTimestamp timestamp\n\t\t\t\t)"; $result = $db->sql($sql); if ($result) { echo "Files Table created.<br>"; } else { echo "Error When Creating Files Table<br>"; } } else { echo "Files Table already exists.<br>"; } // Create File Connector Table $fileConnectorTableExists = $db->select("file_connector"); if (!$fileConnectorTableExists) { $sql = "CREATE TABLE file_connector (\n\t\t\t\t\tid INT NOT NULL AUTO_INCREMENT PRIMARY KEY,\n\t\t\t\t\tfile_id INT NOT NULL,\n\t\t\t\t\titem_id INT NOT NULL,\n\t\t\t\t\tlabel VARCHAR(50) NOT NULL,\n\t\t\t\t\tfeatured_image INT NOT NULL,\n\t\t\t\t\tdisplay INT NOT NULL\n\n\t\t\t\t)"; $result = $db->sql($sql); if ($result) { echo "Category Connector Table created.<br>"; } else { echo "Error When Creating Category Connector Table<br>"; } } else { echo "Category Connector Table already exists.<br>"; } }
/** * * creating new implementation of mysqli, with Database configuration * * @param string $db_name name of the database * * @return bool */ static function createSql($db_name) { self::$sql = new mysqli(DB_HOST, DB_USER, DB_PASS, $db_name); if (!self::$sql) { return false; } self::$sql->set_charset('utf8'); return true; }
public static function get_asignado($usuario) { //DB Conection $db = new Database(); $db->connect(); $sql = "SELECT CONCAT_WS(' ', IF(nombre != '', nombre, ''), IF(apellido != '', apellido, '')) AS nombre_completo, email, HEX(uuid_usuario) as uuid_usuario FROM usuarios WHERE uuid_usuario IN('" . $usuario . "')\n\t\t\t\tAND status = 'Activo'"; $db->sql($sql); $results = $db->getResult(); return array('nombre_completo' => $results[0]['nombre_completo'], 'uuid_usuario' => $results[0]['uuid_usuario']); }
public function getByEmail($email) { $db = new Database(); $db->sql("select s.id,u.Email,u.FirstName,u.LastName,s.Project,s.Location, case when(select GradesPosted from Settings) = 1 then s.Grade else null end as Grade\nfrom Users as u inner join Students as s on u.StudentId = s.id\nwhere u.Email = '" . $email . "'"); $res = $db->getResult(); if (count($res) == 0) { return null; } return $res; }
public static function add(&$data) { // Fields $SessionId = md5(microtime()); $Ip = Database::escape($_SERVER['REMOTE_ADDR']); $UserAgent = Database::escape($_SERVER['HTTP_USER_AGENT']); $Created = time(); $Data = Database::escape(serialize($data)); $sql = "INSERT INTO `SystemSession` (`id`, `__timestamp__`, `__operation__`, `SessionId`, `Ip`, `UserAgent`, `Created`, `Data`) VALUES (NULL, " . time() . ", 'INSERT', '{$SessionId}', '{$Ip}', '{$UserAgent}', '{$Created}', '{$Data}')"; // Run query $result = Database::sql($sql); $id = Database::getInsertId(); return self::ROW($id); }
public function getContact($email) { $db = new Database(); $db->sql('select FirstName, LastName, Email from Users where Email = \'' . $email . '\''); $res = $db->getResult(); $total = 0; if (array_key_exists('LastName', $res)) { $res = array($res); $total = count($res); } else { $res = $email; } return array('total' => $total, 'data' => $res); }
function profile($req, $res) { try { $id = $req->id; $data = Database::sql("select * from students where id = {$id}"); } catch (Exception $e) { exit($e->getMessage()); } if (!$data) { $res->code(404); echo 'Not Found'; } else { $res->header('Content-Type', 'application/json'); echo json_encode($data); } }
public function setAccept($judgeId, $studentId, $acceptance) { $db = new Database(); $success = $db->update('JudgeStudentGrade', array('Accepted' => $acceptance ? 1 : 0), 'JudgeId = ' . $judgeId . ' and StudentId = ' . $studentId); $msg = $db->getResult(); if (!$success) { return array('success' => false, 'msg' => $msg); } $db->select('JudgeStudentGrade', 'Grade, Accepted', null, 'StudentId = ' . $studentId); $res = $db->getResult(); if (array_key_exists('Grade', $res)) { $res = array($res); } $grade = 0; $reviewed = 0; $accepted = 0; $total = 0; foreach ($res as $judge) { $total++; if (is_null($judge['Accepted'])) { continue; } if (intval($judge['Accepted']) === 1) { $accepted++; $grade += intval($judge['Grade']); } $reviewed++; } if ($total == $reviewed && $accepted > 0) { $grade /= $accepted; $db->update('Students', array('Grade' => $grade), 'id = ' . $studentId); return array('success' => true, 'grade' => $grade); } else { $db->sql('UPDATE Students SET Grade = NULL WHERE id = ' . $studentId . ';'); return array('success' => true, 'grade' => null); } }
private static function getUsuarios($user_info) { //DB Conection $db = new Database(); $db->connect(); $sql = "SELECT usr.id_usuario, HEX(uuid_usuario) as uuid_usuario, HEX(ucat.uuid_categoria) as uuid_categoria, reporta_rol, reporta_usuario, id_rol, ucat.key\n\t\t\t\tFROM usuarios AS usr\n\t\t\t\tLEFT JOIN usuario_rol as urol ON urol.id_usuario = usr.id_usuario\n\t\t\t\tLEFT JOIN usuarios_categoria as ucat ON ucat.uuid_categoria = usr.uuid_categoria\n\t\t\t\tWHERE reporta_rol = " . $user_info[0]["id_rol"]; if (!empty($user_info[0]["key"]) && $user_info[0]["key"] != 'admin') { $sql .= " AND HEX(ucat.uuid_categoria) = " . $user_info[0]["uuid_categoria"]; } $sql .= " AND reporta_usuario = 0 OR reporta_usuario = " . $user_info[0]["id_usuario"]; $db->sql($sql); $result = $db->getResult(); if (!empty($result) && count($result) > 0) { foreach ($result as $usuario) { array_push(self::$array_helper, $usuario["uuid_usuario"]); if (!in_array($usuario["uuid_usuario"], self::$array_helper, true)) { self::getUsuarios(self::$array_helper, $usuario); } } } else { array_push(self::$array_helper, $user_info[0]["uuid_usuario"]); } return self::$array_helper; }
"<?php } ?> maxlength="9" required="required" aria-describedby="helpBlock"> <span id="helpBlock" class="help-block">Format: 2000/2000</span> </div> </div> <div class="form-group"> <label for="inputProgram" class="col-sm-2 control-label">Program:</label> <div class="col-sm-10"> <select name="program" id="inputProgram" class="form-control" required="required"> <?php $dp = new Database(); $dp->connect(); $dp->sql('select id,nama from program union select id,nama from programs'); $dp = $dp->getResult(); foreach ($dp as $dp) { ?> <option value="<?php echo $dp['id']; ?> " <?php if (isset($_GET['id'])) { echo selek($dp['id'], $d[0]['idprogram']); } ?> ><?php echo $dp['nama']; ?> </option>
<?php include '../inc.common.php'; ob_end_clean(); $news = Database::get_full_vector('news'); Database::sql('ALTER TABLE `news` ADD `extension` VARCHAR( 16 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `image`'); foreach ($news as $id => $item) { rename(IMAGES . SL . 'full' . SL . $item['image'], IMAGES . SL . 'news' . SL . 'full' . SL . $item['image']); rename(IMAGES . SL . 'thumbs' . SL . $item['image'], IMAGES . SL . 'news' . SL . 'thumb' . SL . preg_replace('/\\.[a-z]+$/ui', '.jpg', $item['image'])); Database::update('news', array('image' => preg_replace('/\\.[a-z]+$/ui', '', $item['image']), 'extension' => preg_replace('/^.*\\./ui', '', $item['image'])), $id); Database::update('comment', array('post_id' => $id), 'post_id = ?', $item['url']); } Database::sql('ALTER TABLE `news` DROP `url`;'); Database::sql('ALTER TABLE `news` ADD `author` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `extension` , ADD `category` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `author`;'); Database::sql('update news set category = \'|website|\' where 1;'); Database::sql('update news set author = \'|nameless|\' where 1;'); Database::sql('update news set pretty_text = \'\' where 1;'); Database::sql('INSERT INTO `category` (`id` ,`alias` ,`name` ,`area`)VALUES (NULL , \'website\', \'Новости сайта\', \'|news|\');'); Database::sql('INSERT INTO `category` (`id` ,`alias` ,`name` ,`area`)VALUES (NULL , \'otaku\', \'Новости индустрии\', \'|news|\');');
public function DELETE($physical = true) { if ($physical) { $sql = "DELETE FROM `Comment` WHERE id='" . $this->id . "'"; unset(self::$data[$this->id]); } else { $sql = "UPDATE `Comment` SET `__timestamp__` = " . time() . ", `__operation__` = 'DELETE' WHERE `id`='" . $this->id . "'"; } Database::sql($sql); }
public function setTitle($value) { $this->row['Title'] = $value; $value = Database::escape($value); $timestamp = time(); $sql = "UPDATE `Blog` SET `Title`='{$value}',`__timestamp__` = {$timestamp}, `__operation__` = 'UPDATE' WHERE `id`='{$this->id}'"; Database::sql($sql); }
public function setName($value) { $this->row['Name'] = $value; $value = Database::escape($value); $timestamp = time(); $sql = "UPDATE `GraphicSlideshow` SET `Name`='{$value}',`__timestamp__` = {$timestamp}, `__operation__` = 'UPDATE' WHERE `id`='{$this->id}'"; Database::sql($sql); }
public function setResult($value) { $value = str_replace(',', '.', $value); $this->row['Result'] = $value; $value = Database::escape($value); $timestamp = time(); $sql = "UPDATE `EmailerLog` SET `Result`='{$value}', `__timestamp__` = {$timestamp}, `__operation__` = 'UPDATE' WHERE `id`='{$this->id}'"; Database::sql($sql); }
public function setEnabled($value) { $value = str_replace(',', '.', $value); $this->row['Enabled'] = $value; $value = Database::escape($value); $timestamp = time(); $sql = "UPDATE `GraphicSlideshowItem` SET `Enabled`='{$value}', `__timestamp__` = {$timestamp}, `__operation__` = 'UPDATE' WHERE `id`='{$this->id}'"; Database::sql($sql); }
public function setImage($value) { if (is_object($value) && $value->getClassName() == 'Image') { $id = $value->getId(); $sql = "UPDATE `DocumentPart` SET `Image`='" . $id . "',\t`__timestamp__` = " . time() . " WHERE `id`='" . $this->id . "'"; Database::sql($sql); $this->row['Image'] = $id; } else { if ($value === null) { $sql = "UPDATE `DocumentPart` SET `Image`='0', `__timestamp__` = " . time() . " WHERE `id`='" . $this->id . "'"; Database::sql($sql); $this->row['Image'] = 0; } } }
public function setGroups($value) { $this->row['Groups'] = $value; $value = Database::escape($value); $timestamp = time(); $sql = "UPDATE `SystemUser` SET `Groups`='{$value}',`__timestamp__` = {$timestamp}, `__operation__` = 'UPDATE' WHERE `id`='{$this->id}'"; Database::sql($sql); }
public function setTag($value) { if (is_object($value) && $value->getClassName() == 'BlogTag') { $id = $value->getId(); $sql = "UPDATE `BlogPostTags` SET `Tag`='" . $id . "',\t`__timestamp__` = " . time() . " WHERE `id`='" . $this->id . "'"; Database::sql($sql); $this->row['Tag'] = $id; } else { if ($value === null) { $sql = "UPDATE `BlogPostTags` SET `Tag`='0', `__timestamp__` = " . time() . " WHERE `id`='" . $this->id . "'"; Database::sql($sql); $this->row['Tag'] = 0; } } }
public function setImage($value) { $this->row['Image'] = $value; $value = Database::escape($value); $timestamp = time(); $sql = "UPDATE `ImageInstance` SET `Image`='{$value}',`__timestamp__` = {$timestamp}, `__operation__` = 'UPDATE' WHERE `id`='{$this->id}'"; Database::sql($sql); }
public function reset() { $db = new Database(); $db->delete('History', 'Term = (SELECT Term FROM Settings)'); $db->sql('INSERT INTO History (Term,Email,FirstName,LastName,Grade,Response) SELECT x.Term, u.Email, u.FirstName, u.LastName, s.Grade, NULL AS Response FROM Students AS s LEFT OUTER JOIN Users AS u ON u.StudentId = s.id AND u.StudentId IS NOT NULL INNER JOIN Settings AS x UNION SELECT x.Term, i.Email, COALESCE(u.FirstName,i.FirstName) AS FirstName, COALESCE(u.LastName,i.LastName) AS LastName, NULL AS Grade, i.Response FROM JudgeInvitations AS i LEFT OUTER JOIN Users u ON u.Email = i.Email AND u.JudgeId IS NOT NULL INNER JOIN Settings AS x'); $db->delete('JudgeStudentGrade', '1=1'); $db->delete('JudgeStudentConflicts', '1=1'); $db->delete('Users', 'NOT(StudentId IS NULL AND JudgeId IS NULL) AND Email != "admin"'); $db->delete('Judges', '1=1'); $db->delete('JudgeInvitations', '1=1'); //$db->delete('Questions','1=1'); $db->delete('Students', '1=1'); return true; }
echo "<br/><br/>"; $db->disconnect(); $db->connect(); // Get all Tables in your Database echo "Get all Tables in your Database"; echo "<br />------------------<br />"; $db->tables(); $response = $db->getResponse(); for ($x = 0; $x < count($response); $x++) { echo $response[$x] . "<br/>"; } echo "<br/><br/>"; // Get Full Table echo "Get Full Table"; echo "<br />------------------<br />"; $db->sql('SELECT * FROM users'); $response = $db->getResponse(); foreach ($response as $row) { echo $row["username"] . "<br />"; echo $row["email"] . "<br />"; echo $row["first_name"] . "<br />"; echo $row["last_name"] . "<br />"; } echo "<br/><br/>"; // Get Last ID echo "Get Last ID"; echo "<br />------------------<br />"; $db->sql('SELECT MAX(id) FROM users'); $response = $db->getResponse(); echo $response[0]["MAX(id)"]; echo "<br/><br/>";
public function setUser($value) { if (is_object($value) && $value->getClassName() == 'Users') { $id = $value->getId(); $sql = "UPDATE `Feedback` SET `User`='" . $id . "',\t`__timestamp__` = " . time() . " WHERE `id`='" . $this->id . "'"; Database::sql($sql); $this->row['User'] = $id; } else { if ($value === null) { $sql = "UPDATE `Feedback` SET `User`='0', `__timestamp__` = " . time() . " WHERE `id`='" . $this->id . "'"; Database::sql($sql); $this->row['User'] = 0; } } }
$user->showLogin("Your login session has been revoked for security reasons<br />Maybe you switched to another wifi?<br />Please login again.."); die; } } } if (isset($_GET['user']) && $_GET['user'] == "logout") { $user->LogoutUser(); header("location: index.php"); die; } ////////////////////////////////// //Decide stuff here $admin = new Administrator($db); //This is the interfase template designers talk to //Load modules $result = $db->sql("SELECT foldername,backend FROM " . $db->tb_prefix . "modules"); while ($v = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($v['backend'] == "") { continue; } //Possible rfi //and defintly a lfi //but won't really matter as it would be better to attack from the module file included.. //although if someone gains write access to db, they could comprimise the whole site. $path = "../modules/" . $v['foldername'] . "/" . $v['backend']; include $path; } mysql_free_result($result); $text = ""; $error = ""; $success = "";
public function setNumResponses($value) { $value = str_replace(',', '.', $value); $this->row['NumResponses'] = $value; $value = Database::escape($value); $timestamp = time(); $sql = "UPDATE `Forum` SET `NumResponses`='{$value}', `__timestamp__` = {$timestamp}, `__operation__` = 'UPDATE' WHERE `id`='{$this->id}'"; Database::sql($sql); }
public function getApprovedStudent($StudentId) { $db = new Database(); $db->sql('select s.id, avg(j.grade) as Grade, u.FirstName, u.LastName FROM JudgeStudentGrade as j inner join Users as u on j.StudentId = u.StudentId inner join Students as s on s.id = j.StudentId where j.Accepted = 1 AND j.StudentId = ' . $StudentId . ' group by j.StudentId'); $res = $db->getResult(); if (array_key_exists('id', $res)) { $res = array($res); } return array('total' => count($res), 'data' => $res); }
public function register($data) { $db = new Database(); $db->update('JudgeInvitations', array('Replied' => date('Y-m-d H:i:s'), 'Response' => 1), "id ='" . $data->id . "'"); $res = $db->getResult(); if ($res[0] !== 1) { return "Invalid invitation link."; } $db->insert('Judges', array('Title' => $data->Title, 'Affiliation' => $data->Affiliation)); $res = $db->getResult(); $id = $res[0]; foreach ($data->Conflicts as $studentId) { $db->insert('JudgeStudentConflicts', array('JudgeId' => $id, 'StudentId' => $studentId)); } $db->select('Settings', 'StudentsPerJudge,Subject,Date,Time,Location'); $res = $db->getResult(); $maxStudents = $res['StudentsPerJudge']; $db->sql('insert into JudgeStudentGrade (JudgeId, StudentId) select ' . $id . ' as JudgeId, s.id as StudentId from Students as s left outer join JudgeStudentGrade as g on g.StudentId = s.id where s.id not in (select StudentId from JudgeStudentConflicts where JudgeId = ' . $id . ') group by s.id order by count(g.JudgeId), rand() limit ' . $maxStudents); $db->select('Users', 'Email,FirstName,LastName,StudentId,JudgeId,Roles,DefaultRole', null, "Email ='" . $data->Email . "'"); $studentUser = $db->getResult(); if (count($studentUser) > 0) { $newRoles = ""; $defaultRole = "judge"; if ($studentUser['Roles'] == "admin;student") { $newRoles = "admin;judge;student"; } else { if ($studentUser['Roles'] == "student") { $newRoles = "judge;student"; } else { if ($studentUser['Roles'] == "") { $newRoles = "judge"; } } } $success = $db->update('Users', array('Roles' => $newRoles), "Email ='" . $data->Email . "';"); if (!$success) { return "Roles update failed"; } $success = $db->update('Users', array('DefaultRole' => $defaultRole), "Email ='" . $data->Email . "';"); if (!$success) { return "Default update failed"; } $success = $db->sql("UPDATE Users SET Password=password('" . $data->Password . "') WHERE Email ='" . $data->Email . "';"); // and Password=NULL;"); if (!$success) { return "Password update failed"; } $success = $db->update('Users', array('JudgeId' => ".{$id}."), "Email ='" . $data->Email . "';"); if (!$success) { return "ID update failed"; } } else { $db->sql("insert into Users (Email, FirstName, LastName, Password, JudgeId, Roles, DefaultRole) VALUES ('" . $data->Email . "', '" . $data->FirstName . "', '" . $data->LastName . "', password('" . $data->Password . "'), " . $id . ", 'judge', 'judge');"); } $date = date_format(DateTime::createFromFormat('Y-m-d', $res['Date']), "l, F j"); $sent = mail($data->Email, 'Confirmation: ' . $res['Subject'], '<html> <body> <div style="width: 600px; border: 2px solid #E9EBF6; margin: auto; font-size: 16px; color: #555555;"> <h1 style="margin: 0; padding: 8px; background-color: #E9EBF6; text-align: center;"> Dear ' . $data->FirstName . ' ' . $data->LastName . ', </h1> <div style="overflow: hidden; padding: 8px; padding-top: 0; background-color: #F5F6FB;"> <p>We are pleased to confirm your participation in the FIU Computer Science Senior Project Event!</p> <p>The day of the event will be ' . $date . ' ' . $res['Time'] . ' at ' . $res['Location'] . '.<br /> You will be able to login on this <a href="' . Invites::getRSVPUrl() . '">Web Application</a> with the following credentials:</p> <p>Username: '******' <br />Password: '******' <p> <p>Keep this information safe for the day of the event.</p> <br /> <p>Sincerely,</p> <p>Masoud Sadjadi</p> </div> </div> </body> </html>', "From: Masoud Sadjadi <*****@*****.**>\r\nMIME-Version: 1.0\r\nContent-type: text/html; charset=iso-8859-1\r\n"); return $sent; }
} else { if (!function_exists("sqlconfig")) { header("Location: install/index.php"); die; } } //Check if install folder still is there //Warn user that it still there.. //Maybe delete it? require_once "includes/includes.php"; $db = new Database(sqlconfig()); $cms = new JuliCMS($db); //This is the interfase template designers talk to //Todo: accesslevels $accesslevel = 0; //Everybody //Load modules $result = $db->sql("SELECT foldername,frontend FROM " . $db->tb_prefix . "modules"); while ($v = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($v['frontend'] == "") { continue; } //Possible rfi //and defintly a lfi //but won't really matter as it would be better to attack from the module file included.. //although if someone gains write access to db, they could comprimise the whole site. $path = "modules/" . $v['foldername'] . "/" . $v['frontend']; include $path; } mysql_free_result($result); require_once $cms->templatepath . "/theme.php";