$results = mysqli_query($c, $sql);
if (mysqli_num_rows($results) >= 1) {
$row = mysqli_fetch_array($results);
} else {
$sql = "INSERT INTO credentials (userid, profile, password) VALUES ('" . $_REQUEST['userid'] . "','" . $_REQUEST['profile'] . "','" . $_REQUEST['password'] . "');";
mysqli_query($c, $sql);
$sql = "SELECT id FROM credentials WHERE userid = '" . $_REQUEST['userid'] . "' AND profile = '" . $_REQUEST['profile'] . "' AND password = '******'password'] . "';";
$credentialsresults = mysqli_query($c, $sql);
$row = mysqli_fetch_array($credentialsresults);
}
setcookie('credential_id', encryptCookie($row['id']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('custom_custid', encryptCookie($_REQUEST['userid']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('custom_password', encryptCookie($_REQUEST['password']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('custom_profile', encryptCookie($_REQUEST['profile']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
$_SESSION['sessionToken']['profile'] = $_REQUEST['profile'];
setcookie('login', encryptCookie($_REQUEST['profile']), 0, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
header("Location:vtest.php?userid=" . $_REQUEST['userid'] . "&password="******"&profile=" . $_REQUEST['profile']);
} else {
$errors = 0;
$errorlog = '';
$errorlog .= '<p>TestMySQLConnection - ';
if (!$c) {
$errorlog .= 'Failed</p>';
$errors++;
} else {
$errorlog .= 'Passed</p>';
}
include 'rest/EBSCOAPI.php';
$errorlog .= '<p>TestMySQLPrivileges - ';
$sql = 'INSERT INTO readings (listid, authorid, an, db, url, title, priority, type) VALUES (1,1,"testing-an", "testing-db","none ","Circumstances Surrounding the Community Needle-Stick Injuries in Georgia.",1,1);';
$results = mysqli_query($c, $sql);
function generate_token($objUser, $token_type)
{
return encryptCookie($objUser->user_id . $token_type . time());
}
die("It looks like the application was unable to connect to your MySQL server, or had trouble looking for the reading list. Here is the MySQL error: 4");
}
// add this instructor to the authors list for this reading list
$sql = "INSERT INTO authorlists (authorid, listid) VALUES (?,?)";
$stmt = $c->prepare($sql);
$stmt->bind_param('ii', $authorID, $row['id']);
$stmt->execute();
$added = TRUE;
} else {
$authorIDfetch = mysqli_fetch_array($authorresults);
$authorID = $authorIDfetch['id'];
}
} else {
die("It looks like the application was unable to connect to your MySQL server, or had trouble looking for the reading list. Here is the MySQL error: 5");
}
setcookie('currentAuthorId', encryptCookie($authorID), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
}
$foundCopy = FALSE;
if ($newlist && (isset($customparams['copylist']) && $customparams['copylist'] == 'y')) {
if (substr_count($clean['roles'], "Instructor") > 0) {
$sql = "SELECT id, linklabel, course, linkid FROM lists WHERE (id IN (SELECT listid FROM authorlists WHERE authorid = ?) AND linklabel = ? AND linkid != ? AND credentialconsumerid = ?) OR (private = 0 AND credentialconsumerid = ? AND linklabel = ?) ORDER BY private, last_access DESC;";
$stmt = $c->prepare($sql);
$stmt->bind_param('issiis', $authorID, $clean['resource_link_title'], $clean['resource_link_id'], $clean['credential_consumer_id'], $clean['credential_consumer_id'], $clean['resource_link_title']);
} else {
$sql = "SELECT id, linklabel, course, linkid FROM lists WHERE private = 0 AND credentialconsumerid = ? AND linklabel = ? ORDER BY private, last_access DESC";
$stmt = $c->prepare($sql);
$stmt->bind_param('is', $clean['credential_consumer_id'], $clean['resource_link_title']);
}
$stmt->execute();
$results = $stmt->get_result();
if (substr_count($clean['roles'], "Instructor") > 0 && mysqli_num_rows($results) > 0) {
<style type="text/css">
#currentList { display: none; }
</style>
<?php
$time = 0;
// store for session only
if (!isset($_COOKIE['logged_in_cust_id'])) {
setcookie('message', encryptCookie("You must be logged in to access that service, please login"), $time, '/');
setcookie('forward_to_admin', encryptCookie(" "), $time, '/');
header("admin.php2");
}
$clean = strip_tags_deep($_REQUEST);
/* if (isInstructor()) { */
?>
<div class="readingListLink"><h3 style="color:red;">Warning: you are about to delete the following lists permanently. This action cannot be undone. Any instructor that tries to access these lists from their course will find an empty list.</h3><?php
if (isset($clean['listid'])) {
?>
<form action="process_delete.php" method="get">
<?php
$id_list = join(",", $clean['listid']);
//create a comma delimited list of all the ids to be deleted
$count = 0;
foreach ($clean['listid'] as $id_list) {
//form and execute the mysqli
$sql = $c->prepare("SELECT id, course, linklabel, private, last_access FROM lists WHERE id = ?;");
$sql->bind_param('i', $id_list);
$sql->execute();
$sql->bind_result($lists_id, $lists_course, $lists_linklabel, $lists_private, $lists_last_access);
//$results = mysqli_query($c,$sql);
//create a hidden input in our form for each of the items to be deleted
while ($sql->fetch()) {
$c->next_result();
mysqli_close($c);
header("Location:admin2.php");
}
} else {
setcookie('logged_in_cust_id', encryptCookie("none"), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('forward_to_admin', encryptCookie("y"), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
$c->next_result();
mysqli_close($c);
header("Location:admin2.php");
}
}
if (!isset($cust_id)) {
setcookie('logged_in_cust_id', encryptCookie("none"), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
}
setcookie('forward_to_admin', encryptCookie("y"), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
$c->next_result();
mysqli_close($c);
header("Location:admin2.php");
}
if (!isset($_COOKIE['logged_in_cust_id'])) {
$message = "Login failed";
}
}
?>
<strong>
<?php
//display message, if one has been generated
if (isset($message)) {
echo $message;
$titlecount = count($titles);
$ANcount = count($ANs);
$DBcount = count($DBs);
if ($titlecount != $ANcount || $titlecount != $DBcount || $ANcount != $DBcount || $titlecount == 0) {
?>
<div class="readingListLink"> <h3><?php
echo "Oops! An error occurred. The data for one or more records is incomplete. Please try again, being sure to include the entire record for each reading.";
?>
</h3></div><?php
} else {
for ($i = 0; $i < $titlecount; $i++) {
$sql = $c->prepare("INSERT INTO readings (listid, authorid, an, db, title, priority, url, type) VALUES (?,?,?,?,?,1,'none',1);");
$sql->bind_param('iisss', decryptCookie($_COOKIE['currentListId']), decryptCookie($_COOKIE['currentAuthorId']), $ANs[$i], $DBs[$i], $titles[$i]);
$sql->execute();
}
if ($titlecount == 1) {
setcookie('import_folder_message', encryptCookie("1 reading added"), $time, '/');
} else {
setcookie('import_folder_message', encryptCookie("{$titlecount} readings added"), $time, '/');
}
header("Location:reading_list.php");
}
//Add statement saying how many items added to reading list.
}
?>
<div class="readingListLink"><h2> Enter bibliographic info from the list into this box:</h2>
<form action="import_folder.php" id="EBSCOFolderForm" method="post">
<textarea name="BiblioInfo" form="EBSCOFolderForm" rows="6" cols="50"></textarea></br>
<input type="submit" value="Generate list">
</form></div>
function createCookie($id, $user, $pass)
{
//call encryption function
$cookie_value = encryptCookie($id, $user, $pass);
//set the cookie
setcookie(ADMIN_COOKIE, $cookie_value, time() + 2592000, APP_WEB_PATH, SITE_DOMAIN);
}
$count = 0;
while ($sql->fetch()) {
$count++;
$consumeridsArray['logged_in_consumerid'][$count] = $result;
}
if (!isset($consumeridsArray)) {
$consumeridsArray = array();
}
setcookie('consumeridsArray', encryptCookie($consumeridsArray), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
if ($c->more_results()) {
$c->next_result();
}
$customparams = loadCustomParams($c, $key);
$variables['consumeridsArray'] = $consumeridsArray;
$variables['customparams'] = $customparams;
ebsco_render('admin.html', 'layout.html', $variables);
} else {
if (isset($_COOKIE['forward_to_admin']) && decryptCookie($_COOKIE['forward_to_admin']) == "n") {
if (isset($_POST['admin_key'])) {
$clean = strip_tags_deep($_POST);
setcookie('admin_key', encryptCookie($clean['admin_key']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('admin_secret', encryptCookie($clean['admin_secret']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
$variables['admin_key'] = $clean['admin_key'];
$variables['admin_secret'] = $clean['admin_secret'];
}
ebsco_render('sign_on.html', 'layout.html', $variables);
} else {
ebsco_render('sign_on.html', 'layout.html', $variables);
}
}
}
/**
* Get session token for a profile
* If session token is not available
* a new session token will be generated
*
* @param Authentication token, Profile
* @access public
*/
public function getSessionToken($authenToken, $invalid = 'n')
{
$token = '';
// Check user's login status
if (isset($_COOKIE['login'])) {
if ($invalid == 'y') {
$profile = self::$cust_profile;
$_SESSION['debug'] .= "--GetSession with INVALID is YES--";
$sessionToken = $this->apiSessionToken($authenToken, $profile, 'n');
$_SESSION['debug'] .= "---apiSessionToken got " . var_export($sessionToken, TRUE) . "---";
$time = 0;
// store for session only //store cookie for one hour
setcookie('sessionToken', encryptCookie($sessionToken), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
$_SESSION['sessionToken'] = $sessionToken;
} else {
if (isset($_SESSION['sessionToken'])) {
$sessionToken = $_SESSION['sessionToken'];
$_SESSION['debug'] .= "---Using EXISTING session token from SESSION var: " . var_export($sessionToken, TRUE) . "---";
} else {
$sessionToken = decryptCookie($_COOKIE['sessionToken']);
$_SESSION['debug'] .= "---Using EXISTING session token from Cookie var: " . var_export($sessionToken, TRUE) . "---";
}
}
$token = $sessionToken['sessionToken'];
} else {
die("The reading list tool requires the use of cookies. Please insure you allow cookies from this site.");
}
return $token;
}
$customparams = loadCustomParams($c, $cookieDCd);
$profile = $customparams['profile'];
try {
$api = new EBSCOAPI($c, $customparams);
} catch (Exception $e) {
die("It looks like your user id and password for your EDS API profile are incorrect. Please check your settings in the <a href='http://curriculumbuilder.ebscohost.com/admin.php' target='_top'>admin panel</a>.<p style='display:none;'>" . var_export($customparams, TRUE) . "</p>");
}
try {
$_SESSION['debug'] .= "<p>Using AuthToken " . $api->getAuthToken() . "</p>";
$newSessionToken = $api->apiSessionToken($api->getAuthToken(), $profile, 'n');
} catch (Exception $e) {
echo "<div style='display:none;'>" . $_SESSION['debug'] . "</div>";
die("It looks like your profile id for your EDS API profile is incorrect. Please check your settings in the <a href='http://curriculumbuilder.ebscohost.com/admin.php' target='_top'>admin panel</a>.<p style='display:none;'>" . var_export($customparams, TRUE) . "</p><p style='display:none;'>" . $e->getMessage() . "</p>");
}
setcookie('sessionToken', encryptCookie($newSessionToken), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('login', encryptCookie($profile), 0, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
if (isset($_COOKIE['Guest'])) {
setcookie('Guest', '', time() - 3600);
}
if (isset($clean['path'])) {
$path = $clean['path'];
} else {
$path = "default";
}
if (isset($clean['copyid'])) {
if ($clean['copyid'] == '0') {
} else {
copyList($c, $clean['copyid'], decryptCookie($_COOKIE['currentListId']));
$path = "reading_list";
}
}