/** * @param string $query * @param array $parameters * * @return string */ public static function querySingleOne($query, $parameters = []) { try { $result = Db::queryOne($query, $parameters); return $result[0]; } catch (PDOException $e) { self::reportProblem($e); return false; } }
public function trySendLink($email, $year, $language) { //inkredintions are correctly set if (!isset($email, $year)) { return ['s' => 'error', 'cs' => 'Nepovedlo se získat data. Zkus to znovu prosím', 'en' => 'We didn\'t catch data correctly - please try it again']; } //correct year in antispam if ($year != date("Y") - 1) { return ['s' => 'error', 'cs' => 'Bohužel, antispam byl tentokrát mocnější než ty', 'en' => 'Nothing happend, antispam was stronger than you']; } $result = Db::queryOne('SELECT `email` FROM `users` WHERE `email` = ?', [$_POST['email']]); //skip all when email ins't the same as typed if ($email == $result[0]) { $randomHash = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); if (!Db::queryModify('INSERT INTO `restart_password` (`validation_string`, `email`, `active`, `timestamp`) VALUES (?, ?, 1, NOW())', [$randomHash, $result[0]])) { $this->newTicket('problem', $_SESSION['id_user'], 'nepovedlo se zapsat do restart_password ve funkci register'); return ['s' => 'chyba', 'cs' => 'Pokus se nepovedl uložit; zkus to prosím znovu za pár minut', 'en' => 'We failed on saving data. Try it again please after couple of minutes']; } $subject = ['cs' => NAME . ' Paralelní Polis - žádost o restart hesla', 'en' => NAME . ' Paralell Polis - change password request']; $activeLink = ROOT . '/' . $language . '/RestartPasswordByLink/' . $randomHash; $message = ['cs' => 'Zdravím!<br/> <br/> Na stránce <a href="' . ROOT . '/' . $language . '">' . ROOT . '</a> jsme registrovali žádost o restart hesla.<br/> <br/> Heslo si můžeš změnit klikem na odkaz <a href="' . $activeLink . '">' . $activeLink . '</a>. Platnost odkazu je <b>' . round(CHANGE_PASS_TIME_VALIDITY / 60) . '</b> minut.<br/> <br/> Pokud tento mail neočekáváš, stačí ho ignorovat. Pokud by ti přesto přišel podezřelý nebo vícekrát za sebou, prosím konkatuj správce stránek na <a href="' . ROOT . '/' . $language . '/contact">' . ROOT . '/' . $language . '/contact</a><br/>', 'en' => 'Hello!<br/> <br/> We are register request about password change on the page <a href="' . ROOT . '/' . $language . '">' . ROOT . '</a>.<br/> <br/> You can change your password by clicking on this link: <a href="' . $activeLink . '">' . $activeLink . '</a>. Time validity of this link is <b>' . round(CHANGE_PASS_TIME_VALIDITY / 60) . '</b> minutes.<br/> <br/> If you don\'t awaiting for this mail, just ignore it. But if you want to know what to do next, please contact our webmaster on this page: <a href="' . ROOT . '/' . $language . '/contact">' . ROOT . '/' . $language . '/contact</a><br/>']; if (!$this->sendEmail(EMAIL, $email, $subject[$language], $message[$language])) { $this->newTicket('problem', $_SESSION['id_user'], 'nepovedlo se odeslat email'); return ['s' => 'error', 'cs' => 'Nepovedlo se odeslat email s aktivačním linkem; zkus to prosím za pár minut znovu', 'en' => 'We failed in sending email with activation link; try it again please after couple of minutes']; } $this->newTicket('restartHesla', $email, 'poslan mail s linkem'); } else { //check if we can grab who is logged - serve as primitive honeypot if (isset($_SESSION['username'])) { $loggedUser = $_SESSION['username']; } else { $loggedUser = "******"; } $this->newTicket("restartHesla", $loggedUser, 'neplatny pokus restartu hesla pro uzivatele: ' . $_POST['email']); } return ['s' => 'success', 'cs' => 'Ozvali jsme se na zadaný email', 'en' => 'We send as email on desired address']; }
public function validateForceActivationData($tariffId, $startDate) { if ($startDate != date('Y-m-d', strtotime($startDate))) { $this->newTicket('error', 'function validateForceActivationData in Activation', '\\$_POST[startDate] is in bad format'); return ['s' => 'error', 'cs' => 'Špatný formát zadání prvního dne', 'en' => 'Bad format of starting date']; } $result = Db::queryOne('SELECT `id_tariff` FROM `tariffs` WHERE id_tariff = ?', [$tariffId]); if ($result) { return ['s' => 'success']; } else { return ['s' => 'error', 'cs' => 'Špatně jsme zachytili vybraný tarif', 'en' => 'We didn\'t recognize your choosed tariff']; } }
public function checkKeyReturnEmail($key) { if ($key == null) { return ['s' => 'error', 'cs' => 'Brutforce klíč je prázdný', 'en' => 'Brutforce key is blank']; } $result = Db::queryOne('SELECT `validation_string`,`email` FROM `restart_brutforce` WHERE `active` = 1 && `validation_string` = ?', [$key]); if ($result[0] == null) { return ['s' => 'error', 'cs' => 'Bohužel nesouhlasí aktivační klíč', 'en' => 'Activation key is not valid']; } else { return $result['email']; } }
public function validateData($data) { if (!is_numeric($data['ic'])) { return ['s' => 'error', 'cs' => 'IČ musí být číslo', 'en' => 'VAT number must be a number']; } $attempt = Db::queryOne('SELECT `password`,`salt` FROM `users` WHERE `email` = ?', [$_SESSION['username']]); $userPassword = hash('sha512', $data['p'] . $attempt['salt']); if ($userPassword != $attempt['password']) { return ['s' => 'error', 'cs' => 'Současné heslo bylo zadáno nesprávně', 'en' => 'Incorrect password']; } return ['s' => 'success']; }
public function validateData($data) { if (empty($data['email'])) { return ['s' => 'error', 'cs' => 'Prosím vyplň svůj přihlašovací email', 'en' => 'Please enter your login email']; } if (empty($data['tariff'])) { $this->newTicket('error', 'function validateData in Registration', '\\$_POST[place] is empty'); return ['s' => 'error', 'cs' => 'Nepodařilo se zachytit vybraný tarif. Zkus to prosím znovu', 'en' => 'Unable to capture the selected tariff. Please try again.']; } if (empty($data['firstname'])) { return ['s' => 'error', 'cs' => 'Prosím vyplň křestní jméno', 'en' => 'Please fill in your first name']; } if (empty($data['surname'])) { return ['s' => 'error', 'cs' => 'Prosím vyplň příjmení', 'en' => 'Please enter your surname']; } if (!empty($data['telephone']) && !preg_match('/^\\+?[\\d ]+$/', $data['telephone'])) { return ['s' => 'error', 'cs' => 'Telefoní číslo musí být číslo (volitelně i s národní předvolbou)', 'en' => 'Telephone number must be a number (optionally with country prefix)']; } if (!empty($data['ic'])) { if (!is_numeric($data['ic'])) { return ['s' => 'error', 'cs' => 'IČ musí být číslo', 'en' => 'VAT must be a number']; } } if (strlen($data['address']) > 120) { return ['s' => 'error', 'cs' => 'Adresa by měla být dlouhá max. 120 znaků', 'en' => 'Address should be long maximum of 120 characters']; } if ($data['startDate'] != date('Y-m-d', strtotime($data['startDate']))) { $this->newTicket('error', 'function validateData in Registration', '\\$_POST[startDate] is in bad format'); return ['s' => 'error', 'cs' => 'Špatný formát zadání prvního dne', 'en' => 'Bad format of starting date']; } if ($data['tariff'] == 'X') { return ['s' => 'error', 'cs' => 'Prosím vyber svůj tarif', 'en' => 'Please select your tariff']; } if (strlen($data['p']) != 128) { $this->newTicket('error', 'function validateData in Registration', 'Something wrong with \'p\' in registration; p=' . $_POST['p'] . ',strlen($p)=' . strlen($data['p'])); return ['s' => 'error', 'cs' => 'Nepovedlo se správně zachytit heslo - zkus to prosím znovu', 'en' => 'Failed to properly capture the password - please try again']; } $attempt = Db::queryOne('SELECT `id_user`,`email`,`password`,`salt` FROM `users` WHERE `email` = ?', [$data['email']]); //if in DB is found that email if ($attempt[0] != null) { return ['s' => 'error', 'cs' => 'Tento email už registrovaný je. <a href="' . ROOT . '/cs/login">Přihlásit se?</a>', 'en' => 'This email has already been registred. <a href="' . ROOT . '/en/login">Log in?</a>']; } //success return ['s' => 'success']; }
public function getUserData($userId) { $user = Db::queryOne('SELECT `id_user`,`first_name`,`last_name`,`telephone`,`address`,`ic`,`active`,`email`,`name`,`tariffCZE`,`tariffENG`,`invoicing_start_date` FROM `users` JOIN `tariffs` ON `id_tariff` = `user_tariff` JOIN `places` ON `place_id` = `places`.`id` WHERE `id_user` = ?', [$userId]); $tariff = Db::queryOne('SELECT `id_tariff`, `priceCZK`,`tariffCZE`,`tariffENG` FROM `users` JOIN `tariffs` ON `users`.`user_tariff` = `tariffs`.`id_tariff` JOIN `places` ON `place_id` = `places`.`id` WHERE `id_user` = ?', [$userId]); $payments = Db::queryAll('SELECT `id_payment`,`bitcoinpay_payment_id`,`id_payer`,`payed_price_BTC`,`payment_first_date`,`status`,`tariff_id`,`price_CZK`,`invoice_fakturoid_id` FROM `payments` WHERE `id_payer` = ? ORDER BY `payment_first_date` DESC', [$userId]); return ['user' => $user, 'tariff' => $tariff, 'payments' => $payments]; }
public function validateData($data) { if (!empty($data['telephone']) && !preg_match('/^\\+?[\\d ]+$/', $data['telephone'])) { return ['s' => 'error', 'cs' => 'Telefoní číslo musí být číslo (volitelně i s národní předvolbou)', 'en' => 'Telephone number must be a number (optionally with country prefix)']; } if (!empty($data['ic'])) { if (!is_numeric($data['ic'])) { return ['s' => 'error', 'cs' => 'IČ musí být číslo', 'en' => 'VAT number must be a number']; } } $attempt = Db::queryOne('SELECT `password`,`salt` FROM `users` WHERE `email` = ?', [$_SESSION['username']]); $userPassword = hash('sha512', $data['p'] . $attempt['salt']); if ($userPassword != $attempt['password']) { return ['s' => 'error', 'cs' => 'Současné heslo bylo zadáno nesprávně', 'en' => 'Incorrect password']; } return ['s' => 'success']; }
public function checkForm($link, $p) { $result = Db::queryOne('SELECT `validation_string`,`users`.`email` FROM `restart_password` JOIN `users` WHERE `users`.`email` = `restart_password`.`email` && `validation_string` = ?', [$link]); //password must be 128 chars long after user-side hashing if (strlen($p) != 128) { $this->newTicket('problem', $link, 'hash ve funkci zkontrolovatFormular nemá delku 128 znaků - link: ' . $link . ' a možná přihlášený uživatel: ' . $_SESSION['username']); return ['s' => 'error', 'cs' => 'Stalo se něco divného v hashování hesla. Prosím zkuste to znovu', 'en' => 'Something wierd happend in password hashing. Please try it again']; } $randomSalt = $this->getRandomHash(); $saltedPassword = hash('sha512', $p . $randomSalt); if (!Db::queryModify('UPDATE `users` SET `password` = ? , `salt` = ? WHERE email = ?', [$saltedPassword, $randomSalt, $result['email']])) { return ['s' => 'error', 'cs' => 'Nepovedlo se uložení do databáze. Zkuste to prosím znovu', 'en' => 'We failed at database save. Try it again please']; } //success $this->invalidateAttemptsForMail($result['email']); return ['s' => 'success', 'cs' => 'Heslo bylo úspěšně změněno', 'en' => 'Password was changed successfully']; }
<li class="active">Agencies</li> <?php } elseif ($getPage == 'results') { ?> <li class="active">Properties</li> <?php } elseif ($getPage == 'item-detail') { $item = Db::queryOne('SELECT title FROM items_table WHERE item_id=?', $_GET['item']); ?> <li class="active"><?php echo $item['title']; ?> </li> <?php } elseif ($getPage == 'company-detail') { $company = Db::queryOne('SELECT company_title FROM companies_table WHERE company_id=?', $_GET['company']); ?> <li class="active"><?php echo $company['company_title']; ?> </li> <?php } else { ?> <li class="active"><?php echo $page; ?> </li> <?php } ?>
private function getPaymentData($paymentId) { $payment = Db::queryOne('SELECT `id_payer`,`email`,`priceCZK`,`invoice_fakturoid_number` FROM `payments` JOIN `users` ON `users`.`id_user` = `payments`.`id_payer` JOIN `tariffs` ON `users`.`user_tariff` = `tariffs`.`id_tariff` WHERE `id_payment` = ?', [$paymentId]); //add sum of all extras $extras = Db::queryAll('SELECT `priceCZK` FROM `extras` WHERE `payment_id` = ?', [$paymentId]); $extrasSum = 0; foreach ($extras as $e) { $extrasSum += $e['priceCZK']; } $payment['priceCZK'] += $extrasSum; return $payment; }
<?php $includePath = ''; include_once 'Db.php'; include_once 'connect_db.php'; $count = Db::queryOne('SELECT counter FROM faq_table WHERE faq_id=?', $_POST['id']); if ($_POST['action'] == 'no') { echo 'This answer was helpful for ' . '<strong>' . $count['counter'] . '</strong>' . ' people'; } elseif ($_POST['action'] == 'yes') { Db::query('UPDATE faq_table SET counter=? WHERE faq_id=?', $count['counter'] + 1, $_POST['id']); echo 'This answer was helpful for ' . '<strong>' . ($count['counter'] + 1) . '</strong>' . ' people'; }
public function tryLogin($data, $language) { $attempt = Db::queryOne('SELECT `id_user`,`email`,`password`,`salt` FROM `users` WHERE `email` = ?', [$data['login']]); $userPassword = hash('sha512', $data['p'] . $attempt['salt']); //if user doesn't exists if ($attempt == null) { return ['s' => 'error', 'cs' => 'Bohužel, uživatel není v databázi. <br/><a href="' . ROOT . '/cs/registration">Nechceš se registrovat?</a>', 'en' => 'Sorry, this user is not in our database. <br/><a href="' . ROOT . '/en/registration">Maybe you want to register instead?</a>']; } //account is not locked if ($this->checkBrute($data['login']) == false) { //password is different! if ($userPassword != $attempt['password']) { //write it into brutcheck Db::queryModify('INSERT INTO `login_attempts` (`login`,`success`,`timestamp`) VALUES (?, 0, NOW())', [$data['login']]); return ['s' => 'error', 'cs' => 'Bohužel, heslo není správně. <br/><a href="' . ROOT . '/cz/GetLinkForNewPassword">Nepotřebuješ si nechat zaslat nové?</a>', 'en' => 'Sorry, password is not correct. <br/><a href="' . ROOT . '/en/GetLinkForNewPassword">Don\'t you need a new one?</a>']; //corrent both login and password - success! } else { //store information about newly logged user $_SESSION['id_user'] = $attempt['id_user']; $_SESSION['username'] = $data['login']; $_SESSION['login_string'] = hash('sha512', $userPassword . $_SERVER['HTTP_USER_AGENT']); Db::queryModify('INSERT INTO `login_attempts` (`login`,`success`,`timestamp`) VALUES (?, 1, NOW())', [$data['login']]); return ['s' => 'success', 'cs' => 'Přihlášeno, vítejte zpět!', 'en' => 'Logged in, welcome back!']; } //account is locked by bruteforce } else { //check if need to send unlock mail $timeOfAttempt = date("Y-m-d H:i:s", time() - BRUTEFORCE_LOCKED_TIME); $unlockMailCheck = Db::queryOne('SELECT `timestamp` FROM `restart_brutforce` WHERE `timestamp` > ? && `email` = ? ORDER BY `timestamp` DESC', [$timeOfAttempt, $data['login']]); //when email has been already sent if ($unlockMailCheck[0] != null) { return ['s' => 'error', 'cs' => 'Už byl poslán mail s odblokováním - jestli nedorazil, konktatuj prosím správce.', 'en' => 'Mail with unblock was already sent - if you did\'t recieve anything, please contact our webmaster']; } //wirte into DB about unblocking key... $randomHash = $this->getRandomHash(); Db::queryModify('INSERT INTO `restart_brutforce` (`validation_string`, `email`, `active`, `timestamp`) VALUES (?, ?, TRUE, NOW())', [$randomHash, $data['login']]); //...and send email $activeLink = ROOT . '/' . $language . '/unlockBrutforce/' . $randomHash; $subject = ['cs' => NAME . ' Paralelní polis - příliš neúspěšných přihlášení', 'en' => NAME . ' Paralell polis - too many login attemps']; $message = ['cs' => 'Ahoj! <br/> <br/> Někdo se pokusil na tento email přihlásit pod tímto emailem více než ' . BRUTEFORCE_NUMBER_OF_ATTEMPTS . ' krát do ' . NAME . ' Paralelního Polisu.<br/> <br/> <a href="' . ROOT . '/cs/contact">Pokud jsi to nebyl ty, měl by ses ozvat správci.</a><br/> <br/> Kliknutí na tento link ti odemkne dalších pět pokusů: <a href="' . $activeLink . '">' . $activeLink . '</a><br/>', 'en' => 'Hi! <br/> <br/> Someone has tried to log in from this email more than ' . BRUTEFORCE_NUMBER_OF_ATTEMPTS . ' times into' . NAME . ' from Paralell polis.<br/> <br/> <a href="' . ROOT . '/en/contact">If it wasn\'t you, you should contact the webmaster.</a><br/> <br/> Clicking on this link will unlock ' . BRUTEFORCE_NUMBER_OF_ATTEMPTS . ' more tries: <a href="' . $activeLink . '">' . $activeLink . '</a><br/>']; $this->sendEmail(EMAIL, $data['login'], $subject[$language], $message[$language]); $dataForTicket = ['sentUnlockBruteforce', $data['login'], 'mail with unlocking link is sent']; Db::queryModify('INSERT INTO `tickets` (`type`, `title`, `message`, `timestamp`) VALUES (?,?,?, NOW())', $dataForTicket); return ['s' => 'error', 'cs' => 'Zkusil jsi se přihlásit ' . BRUTEFORCE_NUMBER_OF_ATTEMPTS . 'krát za sebou.<br/> Počkej ' . round(BRUTEFORCE_LOCKED_TIME / 60) . ' minut nebo klikni v emailu na odemykací link, který jsme ti teď poslali', 'en' => 'You\'ve tried to login ' . BRUTEFORCE_NUMBER_OF_ATTEMPTS . ' times.<br/> Wait ' . round(BRUTEFORCE_LOCKED_TIME / 60) . ' minutes or click on the link to unlock, which we have sent you on mail just now']; } }
public static function getOne($id) { $db = new Db(); $query = "SELECT * FROM " . static::$table . " WHERE id = " . $id; return $db->queryOne($query, static::$class); }
<?php include_once $includePath . 'Db.php'; Db::connect('localhost', 'adonata', 'root', '501062'); $config = Db::queryOne('SELECT * FROM configuration_table'); if (isset($_SESSION['user_id'])) { $user = Db::queryOne('SELECT account_type, is_admin, agency_admin, person_name FROM persons_table WHERE person_id=?', $_SESSION['user_id']); }
public function getUserPlaceFromId($userID) { $result = Db::queryOne('SELECT places.id FROM places JOIN tariffs ON tariffs.place_id = places.id JOIN users ON users.user_tariff = tariffs.id_tariff WHERE id_user = ?', [$userID]); return $result['id']; }
include_once 'connect_db.php'; include_once 'messages.php'; if ($_POST) { $header = 'From:' . $_POST['email']; $header .= "\nMIME-Version: 1.0\n"; $header .= "Content-Type: text/html; charset=\"utf-8\"\n"; $address = ''; $message = ''; if ($_POST['action'] == 'contact') { $address = '*****@*****.**'; $subject = $messageEmailContactForm; $message = $_POST['message']; } if ($_POST['action'] == 'person') { $person = Db::queryOne('SELECT email FROM persons_table WHERE person_id=?', $_POST['person']); $item = Db::queryOne('SELECT title FROM items_table WHERE item_id=?', $_POST['item_number']); $address = $person['email']; $subject = $messageEmailAgentContactItemDetail . $item['title']; $message = $messageEmailAgentContactItemDetailItemTitle . $item['title']; $message .= "<br>"; $message .= $messageEmailAgentContactItemDetailItemNumber . $_POST['item_number']; $message .= '<br><br>'; $message .= $_POST['message']; } $success = mb_send_mail($address, $subject, $message, $header); if ($success) { echo 'Email has been sent!'; } else { echo 'Unable to send an email. Please check the inputs.'; } }
<?php session_start(); $includePath = ''; include_once 'connect_db.php'; include_once 'messages.php'; if (isset($_SESSION['user_id'])) { $person = Db::queryOne('SELECT person_password FROM persons_table WHERE person_id=?', $_SESSION['user_id']); if ($_POST) { if ($_POST['current_password'] && $_POST['new_password'] && $_POST['confirm_new_password']) { if (SHA1($_POST['current_password'] . "R^jblgfdr#") == $person['person_password']) { if (SHA1($_POST['new_password'] . "R^jblgfdr#") != $person['person_password'] && SHA1($_POST['confirm_new_password'] . "R^jblgfdr#") != $person['person_password']) { if ($_POST['new_password'] == $_POST['confirm_new_password']) { Db::query('UPDATE persons_table SET person_password=SHA1(?) WHERE person_id=? AND person_password=?', $_POST['new_password'] . "R^jblgfdr#", $_SESSION['user_id'], $person['person_password']); $person = Db::queryOne('SELECT person_password FROM persons_table WHERE person_id=SHA1(?)', $_SESSION['user_id']); echo 'Done'; } else { echo $messagePasswordNotMatch; } } else { echo $messagePasswordNewAsOld; } } else { echo $messagePasswordDifferent; } } else { echo $messagePasswordFillInputs; } } }
private function getPaymentData($paymentId) { return Db::queryOne('SELECT `id_payer`,`email`,`priceCZK`,`invoice_fakturoid_number` FROM `payments` JOIN `users` ON `users`.`id_user` = `payments`.`id_payer` JOIN `tariffs` ON `users`.`user_tariff` = `tariffs`.`id_tariff` WHERE `id_payment` = ?', [$paymentId]); }
?> </li></a> <?php } ?> </ul> <div class="subheading"> <h2>create your own set</h2> <a href="set.php?add_set"> <span class="plus-set"></span> </a> </div> <?php } elseif (!empty($_GET['view_id'])) { $set_id = $_GET['view_id']; $set = Db::queryOne("SELECT * FROM set_names WHERE id=?", $set_id); $pairs = Db::queryAll("SELECT * FROM key_to_values WHERE set_id=?", $set_id); ?> <div class='heading'> <h1><?php echo $set['set_name']; ?> </h1> </div> <table id='pair-table'> <thead> <tr> <th>Key</th> <th>Values</th> </tr> </thead>
var _latitude = <?php echo $config['map_latitude']; ?> ; var _longitude = <?php echo $config['map_longitude']; ?> ; <?php } elseif ($_GET['page'] == 'edit-item') { ?> <?php $includePath = 'assets/inc/'; include_once $includePath . 'Db.php'; include_once $includePath . 'connect_db.php'; $item = Db::queryOne('SELECT latitude, longitude FROM items_table WHERE item_id=?', $_GET['item']); ?> var _latitude = <?php echo $item['latitude']; ?> ; var _longitude = <?php echo $item['longitude']; ?> ; <?php } ?> google.maps.event.addDomListener(window, 'load', initSubmitMap(_latitude,_longitude)); function initSubmitMap(_latitude,_longitude){ var mapCenter = new google.maps.LatLng(_latitude,_longitude);