/**
* Create a new object for future insertion. Each argument is a value for a column in the database.
* @param DAO $dao a reference to a instance of DAO
* @param string $table the name of the table of this object
* @param array $assoc the associative array describing the properties of this object
* @return DataObject A new DataObject instance with the variables specified in $assoc which can
* be committed to the table $table.
*/
static function create($dao, $table, $assoc)
{
$obj = new DataObject();
$obj->table = $table;
$obj->dao = $dao;
//Reference to the dao stored
$obj->update = false;
//This will be inserted on commit
foreach ($assoc as $key => $arg) {
$obj->{$key} = $dao->escape($arg);
}
return $obj;
}
<?php
include "script/util/mysql.php";
include "script/util/redirect.php";
$dao = new DAO(false);
$rnd = $dao->escape($_GET["rnd"]);
//Delete the confirmation
//Fix the users email!
//Find the user id first
$confirmation = DataObject::select_one($dao, "confirmation", array("conf_id", "user_id"), array("conf_rnd" => $rnd));
if ($confirmation != NULL) {
$user_id = $confirmation->user_id;
//Then delete the confirmation
if ($confirmation->delete()) {
//Find the user that it relates to
$user = DataObject::select_one($dao, "user", array("user_id", "user_email"), array("user_id" => $user_id));
if ($user != NULL) {
$user_email = $user->user_email;
//Correct their email to enable login
$space_pos = strpos($user_email, " ") + 1;
$user_email = substr($user_email, $space_pos);
//Take everything after space
//Change and commit
$user->user_email = $user_email;
if ($user->commit()) {
redirect("welcome/?m=10");
} else {
//Faliure to change the user's email
//User should be deleted so they can register again
$user->delete();
redirect("welcome/?m=6");
<?php
include "../util/session.php";
include "../util/session_var.php";
include_once "../util/mysql.php";
//Return posts from a certain cohort
$query = "";
$dao = new DAO(false);
$page_from = "0";
if (!(isset($_POST["post_id"]) || isset($_POST["comment_id"]))) {
$page_from = $dao->escape($_POST["page_from"]);
$page_to = $dao->escape($_POST["page_to"]);
$PAGE_LENGTH = 10;
$limit = "LIMIT " . $page_from * $PAGE_LENGTH . "," . ($page_to - $page_from) * $PAGE_LENGTH;
}
$hidden = "(post.post_id in(SELECT post_id FROM hidden_post WHERE user_id=\"{$user->user_id}\"))";
$can_vote = "!(post.post_id in(SELECT post_id FROM post_vote WHERE user_id=\"{$user->user_id}\"))";
$properties = "post.post_id,user.user_id,post.post_time,post.post_content,post.post_rating_up,post.post_rating_dn,user.user_name,user.user_picture,{$hidden} AS post_is_hidden,{$can_vote} AS can_vote";
if (isset($_POST["comment_id"])) {
$comment = DataObject::select_one($dao, "comment", array("comment_id", "post_id"), array("comment_id" => $_POST["comment_id"]));
if ($comment) {
$post_id = $comment->post_id;
}
$query = "SELECT {$properties} FROM post JOIN user ON user.user_id=post.user_id WHERE post_id=\"{$post_id}\" ORDER BY post_time;";
} else {
if (isset($_POST["post_id"])) {
$post_id = $dao->escape($_POST["post_id"]);
$query = "SELECT {$properties} FROM post JOIN user ON user.user_id=post.user_id WHERE post_id=\"{$post_id}\" ORDER BY post_time;";
} else {
if (isset($selected_user)) {
$query = "SELECT {$properties} FROM post JOIN user ON user.user_id=post.user_id WHERE post.group_id=\"-1\" AND post.user_id=\"{$selected_user->user_id}\" ORDER BY post_time DESC {$limit};";
<?php
//Get all the members of a group given a group_id
include_once "../util/mysql.php";
$dao = new DAO(false);
$group_id = $dao->escape($_POST["group_id"]);
$query = "SELECT user.user_id,user.user_picture,user.user_name FROM grouping JOIN user ON user.user_id=grouping.user_id WHERE grouping.group_id=\"{$group_id}\";";
$dao->myquery($query);
echo $dao->fetch_json_part(array("user_id", "user_picture", "user_name"));
<?php
include_once "../util/mysql.php";
$dao = new DAO(false);
$uni_id = $dao->escape($_GET["university_id"]);
$course = $dao->escape($_GET["course"]);
$course = strtolower($course);
//Take the query and return a json list of courses that might match this one
$dao->myquery("SELECT course_id,course_name FROM course WHERE LOWER(course_name) LIKE '%{$course}%' AND university_id = '{$uni_id}';");
echo $dao->fetch_json_part(array("course_id", "course_name"));
<?php
//Confirm password reset and display reset form
//If the checksum matches, then the user is presented a password reset dialogue for them to enter a new one.
// The password is reset and they are directed to the login page.
//Otherwise
// Send back to login page
include "../script/util/constants.php";
include "../script/util/mysql.php";
include "../script/util/redirect.php";
include "../script/mail/send.php";
$dao = new DAO(false);
$user = new stdClass();
$user->user_id = $dao->escape($_GET["user_id"]);
$conf_rnd = $dao->escape($_GET["conf_rnd"]);
?>
<!DOCTYPE HMTL>
<html>
<head>
<style>
* {
font-family: Arial, sans-serif;
font-size:14px;
}
</style>
<script type="text/javascript" src="../jquery.js"></script>
<script type="text/javascript">
function id(element) {
return document.getElementById(element);
}
<?php
include "../util/session.php";
include_once "../util/mysql.php";
include "../util/redirect.php";
$f = "../img/dp1.jpg";
if (isset($_GET["user_id1"])) {
$dao = new DAO(false);
$user_id1 = $dao->escape($_GET["user_id1"]);
$dao->myquery("SELECT user_picture FROM user WHERE user_id=\"{$user_id1}\";");
$user1 = $dao->fetch_one_obj_part(array("user_picture"));
$f = "../profile_pictures/" . $user1->user_picture;
if (!$user1->user_picture || !file_exists($f)) {
$f = "../img/dp1.jpg";
}
header('Content-Type: image/jpeg');
header("Content-Disposition: inline; filename=\"{$user1->user_picture}\"");
readfile($f);
}
<?php
//Unhide a post that has been hidden
include "../util/session.php";
include_once "../util/mysql.php";
include "../util/status.php";
$dao = new DAO(false);
if (isset($_GET["post_id"])) {
$post_id = $dao->escape($_GET["post_id"]);
$hidden_post = DataObject::select_one($dao, "hidden_post", array("hide_id"), array("post_id" => $post_id, "user_id" => $user->user_id));
if ($hidden_post) {
$result = $hidden_post->delete();
if ($result) {
echo Status::json(0, "Post unhidden");
} else {
echo Status::json(1, "Post could not be unhidden");
}
} else {
echo Status::json(2, "Post not hidden");
}
} else {
echo Status::json(3, "No post id");
}
<?php
include_once "../util/mysql.php";
include "../util/session.php";
$dao = new DAO(false);
$name = $dao->escape($_POST["q"]);
$name = trim(strtolower($name));
if ($name != "") {
//Find the select the cohort, course and university of the user
$query = "SELECT cohort.cohort_id,course.course_id,university.university_id FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE user_id=\"{$user->user_id}\";";
$dao->myquery($query);
$row = $dao->fetch_one();
$cohort_id = $row["cohort_id"];
$course_id = $row["course_id"];
$university_id = $row["university_id"];
if (isset($_POST["group_id"])) {
$group_id = $dao->escape($_POST["group_id"]);
$not_in_group = "AND NOT EXISTS(SELECT grouping_id FROM grouping WHERE user.user_id=grouping.user_id AND grouping.group_id=\"{$group_id}\")";
} else {
$not_in_group = "";
}
//Take the query and return a json list of courses that might match this one
$dao->myquery("SELECT user_id,user_name,cohort_start,course_name,university_name,user_picture FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE (cohort.cohort_id=\"{$cohort_id}\" OR " . "course.course_id=\"{$course_id}\" OR " . "university.university_id=\"{$university_id}\") AND " . "LOWER(user_name) LIKE \"%{$name}%\" AND user_id!=\"{$user->user_id}\" {$not_in_group};");
echo $dao->fetch_json();
} else {
echo "[]";
}
<?php
if (isset($selected_user)) {
unset($selected_user);
}
if ($logged_in && isset($_GET["user_id"])) {
$dao = new DAO(false);
$user_request = $dao->escape($_GET["user_id"]);
$properties = array("user_id", "user_name", "user_picture", "course_name", "university_name");
$dao->myquery("SELECT " . implode(",", $properties) . " FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON course.university_id=university.university_id WHERE user_id=\"{$user_request}\";");
if ($dao->fetch_num_rows() > 0) {
//User exists
$selected_user = $dao->fetch_one_obj_part($properties);
$friends_query = "SELECT * FROM connection WHERE (user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\") OR " . "(user_id2=\"{$user->user_id}\" AND user_id1=\"{$selected_user->user_id}\");";
$dao->myquery($friends_query);
$is_friend = $dao->fetch_num_rows() != 0 || $selected_user->user_id == $user->user_id || $selected_user->user_id == 1;
// I am friends with myself
$selected_user->is_friend = $is_friend;
$dao->myquery("SELECT * FROM friend_request WHERE user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\";");
$selected_user->request_sent = $dao->fetch_num_rows() != 0;
$_SESSION["selected_user"] = $selected_user;
unset($_SESSION["selected_cohort"]);
}
}
<?php
include_once "../util/mysql.php";
include "../util/pwd.php";
$dao = new DAO(true);
$user_password = $dao->escape(salt($_POST["user_password"]));
$user->user_id = $dao->escape($_POST["user_id"]);
$conf_rnd = $dao->escape($_POST["conf_rnd"]);
$query = "SELECT * FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";";
$dao->myquery($query);
if ($dao->fetch_num_rows() == 1) {
$query = "DELETE FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";";
$dao->myquery($query);
$new_password_query = "UPDATE user SET user_password=\"{$user_password}\" WHERE user_id=\"{$user->user_id}\";";
$dao->myquery($new_password_query);
}
?>
<?php
include "../util/session.php";
include "../util/redirect.php";
include "../util/pwd.php";
include_once "../util/mysql.php";
$redirect = "/";
if (isset($_POST["r"]) && $_POST["r"] != "") {
$redirect = htmlspecialchars($_POST["r"]);
}
if (isset($_POST["user_email"]) && isset($_POST["user_password"]) && $_POST["user_email"] != "" && $_POST["user_password"] != "") {
$dao = new DAO();
$user_email = $dao->escape($_POST["user_email"]);
$user_password = $dao->escape(salt($_POST["user_password"]));
$user_query = "SELECT user_id,user_name,user_email,cohort_id,user_picture FROM user WHERE user_email=\"{$user_email}\" AND user_password=\"{$user_password}\";";
$dao->myquery($user_query);
if ($dao->fetch_num_rows() == 1) {
$_SESSION["user"] = $dao->fetch_one_obj_part(array("user_id", "user_name", "user_email", "cohort_id", "user_picture"));
unset($_SESSION["selected_user"]);
redirect($redirect);
//Go to the redirect link
} else {
redirect("../../welcome/?&m=2&r=" . $redirect . "&user_email=" . htmlspecialchars($user_email));
}
} else {
redirect("../../welcome/?m=3" . (isset($_POST["user_email"]) ? "&user_email=" . $_POST["user_email"] : "") . "&r=" . $redirect);
}
<?php
if ($logged_in) {
$dao = new DAO(false);
if (isset($_GET["cohort_id"])) {
$cohort_request = $dao->escape($_GET["cohort_id"]);
if ($cohort_request == $user->cohort_id) {
$dao->myquery("SELECT cohort_id,cohort.group_id,group_name,cohort_start,course.course_name,university.university_name FROM cohort \n\t\t\t\t\tJOIN course ON cohort.course_id=course.course_id \n\t\t\t\t\tJOIN university ON university.university_id=course.university_id\n\t\t\t\t\tJOIN user_group ON cohort.group_id=user_group.group_id WHERE cohort_id=\"{$cohort_request}\";");
$row = $dao->fetch_one_obj();
if ($dao->fetch_num_rows() > 0) {
//It exists
$selected_group = new stdClass();
$selected_group->cohort_id = $row->cohort_id;
$selected_group->course_name = $row->course_name;
$selected_group->university_name = $row->university_name;
$selected_group->group_id = $row->group_id;
$selected_group->group_name = $row->course_name . " at " . $row->university_name . " " . date("Y", strtotime($row->cohort_start));
$selected_group->can_be_added_to = false;
$d = new DateTime($row->cohort_start);
$selected_group->cohort_start = $d->format('jS F Y');
$selected_group->posting_enabled = $selected_group->cohort_id == $user->cohort_id;
$_SESSION["selected_group"] = $selected_group;
unset($_SESSION["selected_user"]);
}
} else {
redirect("../");
}
}
}
<?php
include "../util/pwd.php";
include_once "../util/mysql.php";
include "../util/redirect.php";
include "../mail/send.php";
$dao = new DAO(false);
if (isset($_POST["user_name"]) && isset($_POST["user_email"]) && isset($_POST["user_password"]) && isset($_POST["university_id"]) && isset($_POST["course_id"]) && isset($_POST["start_year"]) && isset($_POST["start_month"])) {
$user_name = $dao->escape($_POST["user_name"]);
$user_email = $dao->escape($_POST["user_email"]);
$user_password = $dao->escape(salt($_POST["user_password"]));
$university_id = $dao->escape($_POST["university_id"]);
$course_id = $dao->escape($_POST["course_id"]);
$cohort_start = $dao->escape($_POST["start_year"]) . "-" . $dao->escape($_POST["start_month"]) . "-1";
//Checks
// - Email is unique
// - Email confirmation
// - Cohort exists or not?
$dao->myquery("SELECT user_email FROM user WHERE user_email LIKE \"%{$user_email}\";");
if ($dao->fetch_num_rows() == 0) {
//Insert the user into the database, and retreive the user_id
$cohort = DataObject::select_one($dao, "cohort", array("cohort_id", "group_id"), array("cohort_start" => $cohort_start, "course_id" => $course_id));
if (!$cohort) {
//Cohort does not exist, insert it
$group = DataObject::create($dao, "user_group", array("group_name" => "Cohort {$cohort_id} Group"));
$group->commit();
$group_id = $group->get_primary_id();
$cohort = DataObject::create($dao, "cohort", array("course_id" => $course_id, "group_id" => $group_id, "cohort_start" => $cohort_start));
$cohort->commit();
}
$uncomfirmed = salt($user_email);
<?php
if ($logged_in) {
$dao = new DAO(false);
if (isset($_GET["group_id"])) {
$group_request = $dao->escape($_GET["group_id"]);
$user_in_group = NULL != DataObject::select_one($dao, "grouping", array("grouping_id"), array("group_id" => $group_request, "user_id" => $user->user_id));
if ($user_in_group) {
$row = DataObject::select_one($dao, "user_group", array("group_id", "group_name"), array("group_id" => $group_request));
if ($row) {
$selected_group = new stdClass();
$selected_group->group_id = $row->group_id;
$selected_group->group_name = stripslashes($row->group_name);
$selected_group->posting_enabled = true;
$selected_group->can_be_added_to = true;
$_SESSION["selected_group"] = $selected_group;
unset($_SESSION["selected_user"]);
} else {
redirect("../");
}
} else {
redirect("../");
}
}
}
<!DOCTYPE>
<html><head><style>*{font-family: Arial,sans-serif}</style></head><body>
<?php
include "../script/util/mysql.php";
include "../script/util/redirect.php";
if (isset($_POST["user_email"])) {
include "../script/mail/send.php";
$dao = new DAO(false);
$user_email = $dao->escape($_POST["user_email"]);
$query = "SELECT user_email,user_id,user_name FROM user WHERE user_email=\"{$user_email}\";";
$dao->myquery($query);
if ($dao->fetch_num_rows() == 1) {
//Store intent to reset in the database with a checksum as the old password?
$user = $dao->fetch_one_obj();
$names = explode(" ", $user->user_name);
if (count($names) == 0) {
$user_first_name = $user->user_name;
} else {
$user_first_name = $names[0];
}
$conf_rnd = md5("lsdfuh.uh3" . rand(0, 10000000) . "g.adugi213y");
$query = "INSERT INTO reset_request VALUES (NULL,\"{$user->user_id}\",\"{$conf_rnd}\")" . "ON DUPLICATE KEY UPDATE conf_rnd=\"{$conf_rnd}\";";
$dao->myquery($query);
$body = "<p>Hello {$user_first_name},</p>" . "<p>It appears you are having trouble remembering your password for Unify. " . "As such, someone (hopefully you) has requested that you reset your password. " . "If you have no idea what's going on, feel free to take no further action, " . "it's possible someone entered your email by mistake or is dillberately trying to " . "confuse you. However, if you really do want to reset your password, click the " . "link below!</p>" . "<p><a href=\"http://unify.lukebarnard.co.uk/reset-password/confirm.php?user_id={$user->user_id}&conf_rnd={$conf_rnd}\">RESET YOUR PASSWORD</a></p>" . "<p>Best Wishes,<br>" . "The Unify Team</p>";
if (mail_message($user_email, "Password Reset", $body)) {
echo "A message has been sent to your email account. When you get the email, click on the link it contains and you will be taken to a page where you can reset your password. ";
} else {
echo "Something has gone wrong when trying to email you. <a href=\".\">Try again?</a>";
}
} else {
echo "Your email could not be found in our database. Perhaps you made a mistake when typing it? <a href=\".\">Try again?</a>";
