public function execute() { // Check if logged in user has enough permissions to run command $authenticationCenter = LTAuthenticationCenter::sharedCenter(); if (!$authenticationCenter->validate() || 1 > LTAuthenticationCenter::user()->level()) { throw new Exception('You do not have permissions to execute this command'); } $title = strtolower(trim(strip_tags(urldecode(stripslashes($_POST['title']))))); $body = strtolower(trim(strip_tags(urldecode(stripslashes($_POST['body']))))); // Test Title // Test Body $db = new LTMySQL(); $db->connect(LTRWDBConfig::HOST, LTRWDBConfig::USER, LTRWDBConfig::PASS); $db->selectdb(LTRWDBConfig::DB); $db->query('insert into ehead set author=\'' . LTAuthenticationCenter::user()->id() . '\',title=\'' . $title . '\',added=unix_timestamp(),edit=unix_timestamp();'); if (1 !== $db->numrows()) { throw new RuntimeException('Failed to add message. Try later.'); } // Get ID of newly created entry $id = $db->insertid(); $db->query("insert into entry set id={$id},body='{$body}';"); if (1 !== $db->numrows()) { $db->query("delete from ehead where id={$id};"); throw new RuntimeException('Failed to add message. Try later.'); } return new LTJsonMessage('Entry was successfully added.'); }
* index.php * Latte * * Created by Samvel Khalatian on January 5, 2010. * Copyright 2009, Your Company All rights reserved. */ define("TLDIR_INDEX", $_SERVER['DOCUMENT_ROOT']); @(include_once TLDIR_INDEX . '/php/LTConfig.php'); @(include_once TLDIR_INDEX . '/php/LTMySQL.php'); $pass = trim(strip_tags(urldecode(stripslashes($_GET['pass'])))); try { if (!preg_match('/[a-z0-9]{32}/', $pass)) { throw new RuntimeException('Invalid PASS.'); } $mysql = new LTMySQL(); if (!$mysql->connect(LTRWDBConfig::HOST, LTRWDBConfig::USER, LTRWDBConfig::PASS)) { throw new Exception('DB Connection Failed. Can not register user at the moment. Try later.'); } $mysql->selectdb(LTRWDBConfig::DB); $pass = mysql_real_escape_string($pass, $mysql->link()); $res = $mysql->query("select name,login,email from candidate where pass='******';"); if (!$mysql->numrows()) { throw new RuntimeException('Link is not valid any more.'); } $row = mysql_fetch_assoc($res); if (!$row) { throw new RuntimeException('Failed to find user in DB. Try to re-register.'); } $mysql->query("delete from candidate where pass='******';"); // Generate password for user. $pass = uniqid();
public function execute() { $mysql = new LTMySQL(); if (!$mysql->connect(LTRODBConfig::HOST, LTRODBConfig::USER, LTRODBConfig::PASS)) { throw new Exception('DB Connection Failed. Can not read user at the moment. Try later.'); } $mysql->selectdb(LTRODBConfig::DB); $this->uid = mysql_real_escape_string($this->uid, $mysql->link()); $res = $mysql->query("select name,added from uinfo where id='{$this->uid}';"); if (!$mysql->numrows()) { throw new Exception('User does not exist.'); } $row = mysql_fetch_assoc($res); if (!$row) { throw new RuntimeException('Failed to read user from DB. Try later.'); } return json_encode(array('name' => $_row['name'], 'added' => $_row['added'])); }