function set_login_cookie($id) { $plain = $id . "" . microtime(); $token = crypt($plain, ESCARGOT_SALT); $safe_id = mysqli_escape_string(db(), $id); $safe_token = mysqli_escape_string(db(), $token); $sql = <<<RGDM insert into login_cookie (user_id, token) values ({$safe_id}, '{$safe_token}'); RGDM; $rs = mysqli_query(db(), $sql); diesql($rs, $sql); setcookie("LoginCookie", $token, time() + 10 * 365 * 24 * 60 * 60); }
<?php include_once 'globals.php'; include_once 'db.php'; include_once 'tables.php'; session_start(); if (isset($_COOKIE["LoginCookie"])) { $safe_token = mysqli_escape_string(db(), $_COOKIE["LoginCookie"]); $sql = "select user_id from login_cookie where token = '{$safe_token}';"; $rs = mysqli_query(db(), $sql); diesql($rs, $sql); $found = false; while ($row = mysqli_fetch_array($rs)) { $found = true; $id = $row['user_id']; $_SESSION[SESSION_LOGGED_IN_KEY] = $id; $_SESSION[SESSION_ADMIN_KEY] = false; $_SESSION[SESSION_BUDGET_ID] = Budgets::budget_for_user_id($id); if (!isset($_SESSION[SESSION_MONTH_ID])) { $month = Months::current_month(); $_SESSION[SESSION_MONTH_ID] = $month->id; $_SESSION[SESSION_MONTH_NAME] = $month->name; } } if (!$found) { header("location: profile.php"); die; } } if (!isset($_SESSION[SESSION_LOGGED_IN_KEY])) { header("location: profile.php");
public static function write_projection($projection) { $update = isset($projection->id); if ($update) { $sql = <<<RGDM update budget_projection set folder_id = {$projection->folder_id}; amount = {$projection->amount}, spent = {$projection->spent}, paid = {$projection->paid}, deleted = 0, updated = now() where id = {$projection->id} RGDM; $rs = mysqli_query(db(), $sql); diesql($rs, $sql); } else { $sql = <<<RGDM insert into budget_projection (month_id,budget_id,folder_id,amount,spent,paid,updated,deleted) values ( {$projection->month_id}, {$projection->budget_id}, {$projection->folder_id}, {$projection->amount}, {$projection->spent}, {$projection->paid}, now(), 0 ) RGDM; mysqli_query(db(), $sql); $id = mysqli_insert_id(db()); $projection->id = $id; } }