public function authAccount() { $status = true; if (isset($_POST['email']) and isset($_POST['password'])) { $email = $_POST['email']; $password = $_POST['password']; //compare password against bcrypt hash $result = mysqli_query(parent::getDb(), "SELECT * FROM `user` WHERE user_email='{$email}'"); $count = mysqli_num_rows($result); // Double check that only one result is returned $row = mysqli_fetch_assoc($result); $password_hash = password_hash($password, PASSWORD_BCRYPT); var_dump($password_hash); // We use bcrypt hash for verifcation if ($count == 1 && password_verify($password, $row['user_password_hash'])) { $_SESSION['loggedin'] = true; $_SESSION['user_id'] = $row['user_id']; header('Location: ' . realpath() . '/index.php'); } else { $status = false; } } else { $status = false; } return $status; }
public function getRecordList($page) { if (is_null($page)) { $page = 0; } $page = mysqli_real_escape_string(parent::getDb(), $page); $qRecord = mysqli_real_escape_string(parent::getDb(), $this->qRecord); $qBand = mysqli_real_escape_string(parent::getDb(), $this->qBand); $qGenre = mysqli_real_escape_string(parent::getDb(), $this->qGenre); $qPerformer = mysqli_real_escape_string(parent::getDb(), $this->qPerformer); $start_index = $page * NUM_OF_RESULTS; if ($qPerformer === '') { $query = "SELECT DISTINCT record.record_id, record.record_name, \n \t\t\t\trecord.record_artwork, band.band_name \n\t\t\t\tFROM record\n\t\t\t\tLEFT OUTER JOIN band\n\t\t\t\tON record.band_id = band.band_id\n\t\t\t\tLEFT OUTER JOIN genre\n\t\t\t\tON record.genre_id = genre.genre_id\n\t\t\t\tWHERE record.record_name LIKE '%{$qRecord}%' AND COALESCE(genre.genre_name,'') LIKE '%{$qGenre}%'\n\t\t\t\tAND band.band_name LIKE '%{$qBand}%' \n\t\t\t\tORDER BY record.record_id"; } else { $query = "SELECT DISTINCT record.record_id, record.record_name, \n \t\t\t\trecord.record_artwork, band.band_name \n\t\t\t\tFROM record\n\t\t\t\tLEFT OUTER JOIN band\n\t\t\t\tON record.band_id = band.band_id\n\t\t\t\tLEFT OUTER JOIN genre\n\t\t\t\tON record.genre_id = genre.genre_id\n\t\t\t\tLEFT OUTER JOIN bandmate\n\t\t\t\tON record.band_id = bandmate.band_id\n\t\t\t\tLEFT OUTER JOIN performer\n\t\t\t\tON bandmate.performer_id = performer.performer_id\n\t\t\t\tWHERE record.record_name LIKE '%{$qRecord}%' AND COALESCE(genre.genre_name,'') LIKE '%{$qGenre}%' \n\t\t\t\tAND band.band_name LIKE '%{$qBand}%' \n\t\t\t\tAND performer.performer_name LIKE '%{$qPerformer}%'\n\t\t\t\tORDER BY record.record_id"; } $countRows = mysqli_query(parent::getDb(), $query); $this->countResults = mysqli_num_rows($countRows); $result = mysqli_query(parent::getDb(), $query . " DESC LIMIT {$start_index}, " . NUM_OF_RESULTS); $list = null; if ($result) { while ($data = $result->fetch_assoc()) { $list[] = $data; } } if (sizeof($list) !== 0) { $this->foundResults = true; } else { $this->foundResults = false; } return isset($list) ? $list : null; }
private function setUserDataByApiKey($api_key) { $result = mysqli_query(parent::getDb(), "SELECT * FROM `user` WHERE user_api_key='{$api_key}'"); $this->count = mysqli_num_rows($result); var_dump(mysqli_error(parent::getDb())); if ($this->count === 1) { $this->data = mysqli_fetch_assoc($result); $this->user_id = self::getUserId(); } else { $this->data = NULL; } $result->close(); }
private function setGenreDataByGenreId($genre_id) { $genre_id = mysqli_real_escape_string(parent::getDb(), $genre_id); $result = mysqli_query(parent::getDb(), "SELECT * FROM `genre` WHERE genre_id='{$genre_id}'"); $this->count = mysqli_num_rows($result); // This is just for error checking, since we want to obtain a single unique label entry if ($this->count === 1) { $this->data = mysqli_fetch_assoc($result); $this->genre_id = $this->data['genre_id']; // here we set our internal data var, now we can just use it like a array dictionary // i.e. $this->data['label_id'] will return the integer value of the label_id } else { $this->data = NULL; // This is important, as this will be used to check whether we were able to find an associated label } $result->close(); // not 100% why we do this... But I did notice it in some docs one time. }
private function setUserDataByApiKey($user_api_key) { $user_api_key = mysqli_real_escape_string(parent::getDb(), $user_api_key); $result = mysqli_query(parent::getDb(), "SELECT * FROM `user` WHERE user_api_key='{$user_api_key}'"); $this->count = mysqli_num_rows($result); if ($this->count === 1) { $this->data = mysqli_fetch_assoc($result); $this->user_id = self::getUserId(); } else { $this->data = NULL; } $result->close(); }
private function setRecordDataByRecordId($record_id) { $record_id = mysqli_real_escape_string(parent::getDb(), $record_id); $query = "SELECT *\n\t\t\t\t\t FROM record\n\t\t\t\t\t JOIN band ON record.band_id=band.band_id\n\t\t\t\t\t LEFT OUTER JOIN genre ON record.genre_id= genre.genre_id\n\t\t\t\t\t WHERE record_id = '{$record_id}'"; $result = mysqli_query(parent::getDb(), $query); $this->count = mysqli_num_rows($result); // This is just for error checking, since we want to obtain a single unique label entry if ($this->count === 1) { $this->data = mysqli_fetch_assoc($result); $this->record_id = $this->data['record_id']; // here we set our internal data var, now we can just use it like a array dictionary // i.e. $this->data['label_id'] will return the integer value of the label_id } else { $this->data = NULL; // This is important, as this will be used to check whether we were able to find an associated label } }
<?php require_once __DIR__ . "/bourbon/record.php"; require_once __DIR__ . "/bourbon/libs/Mandrill.php"; //Not required with Composer $b = new Bourbon(); $mandrill = new Mandrill('BNc02m60hJyYEe-ADC-aEg'); $r = new Record(); $r->init(WEB::_get('record_id')); $email = WEB::_get('email'); $name = WEB::_get('name'); // Dispatch Email using Mandrill if (filter_var($email, FILTER_VALIDATE_EMAIL) && $r->valid()) { $query = "SELECT user_email \n\t\t\t \t FROM user\n\t\t\t\t WHERE user_notify = TRUE;"; $result = mysqli_query($b->getDb(), $query); if ($result) { while ($data = $result->fetch_assoc()) { $users[] = $data; } } $recName = $r->getRecordName(); try { for ($i = 0; $i < count($users); $i++) { $user_email = "" . $users[$i]['user_email']; // Send Email $message = new stdClass(); $message->html = "Hi!<br><br><strong>{$name}</strong> just inquired about: <strong>{$recName}</strong>.<br><br>Email them at: {$email}."; $message->subject = "[Bourbon] New Record Inquiry - {$recName}"; $message->from_email = "{$email}"; $message->from_name = "{$name}"; $message->to = array(array("email" => "{$user_email}"));