function getSettings()
{
$db = new DBObject('cdc');
$sql = "SELECT schoolyear, semester FROM settings LIMIT 1";
if ($res = $db->query($sql)) {
$settings = mysqli_fetch_assoc($res);
return array('year' => intval($settings['schoolyear']), 'sem' => intval($settings['semester']));
} else {
return false;
}
}
public function refresh(DBObject $db, $table = 'userinfo', $fields = ['userid'], $status = 'status')
{
$sql = "SELECT * FROM {$table} WHERE {$fields[0]} = {$_SESSION[$fields[0]]}";
if (($result = $db->query($sql)) && mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
if ($row[$status] == 0) {
return false;
}
foreach ($fields as $field) {
$_SESSION[$field] = $row[$field];
}
return true;
} else {
// echo $db->getError();
error_log($db->getError());
return false;
}
}
$numbers = array('Age', 'offhours', 'onhours', 'HasPhoto', 'HasCert', 'HasEvalForm', 'schoolyear', 'semester');
$bools = array('HasPhoto' => 'rp', 'HasCert' => 'rc', 'HasEvalForm' => 're');
foreach ($_POST as $key => $value) {
if ($key == 'sid' || $key == 'onid' || $key == 'offid') {
ctype_digit($value) or die('Error: record does not exist.');
$id = $value;
$col = $db->escape($key);
} else {
$key = in_array($key, $bools) ? array_search($key, $bools) : $db->escape($key);
$value = $key === 'Bday' ? date('Y-m-d', strtotime(trim($value))) : $db->escape($value);
if (strstr($key, '-') === false) {
$value = in_array($key, $numbers) ? $value : "'{$value}'";
$sql = "UPDATE students SET {$key} = {$value} WHERE {$col} = {$id}";
} else {
$arrkey = explode('-', $key);
$value = in_array($arrkey[1], $numbers) ? "{$value}" : "'{$value}'";
if (empty($col)) {
$sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value}";
} else {
$sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value} WHERE {$col} = {$id}";
}
}
echo "{$sql}. ";
if ($db->query($sql) && $db->getAffected() > 0) {
echo "Saved.";
} else {
echo $db->getError();
}
}
}
}
$sql = <<<EOSQL
INSERT INTO
\tstudents(
\t\tlname, fname, mname,
\t\tcourse, year, address,
\t\tContact, Bday, Age, Gender, CivStat, Father, FatherPhone, Mother, MotherPhone,
\t\tHasPhoto
\t)
\tVALUES(
\t\t'{$lname}', '{$fname}', '{$mname}',
\t\t'{$course}', '{$year}', '{$address}',
\t\t'{$Contact}', '{$Bday}', {$Age}, '{$Gender}', '{$CivStat}', '{$Father}', '{$FatherPhone}', '{$Mother}', '{$MotherPhone}',
\t\t{$HasPhoto}
\t)
EOSQL;
if ($db->query($sql)) {
// $sid = $db->getLastID();
// $tables = array('students');
// $rows = array('sid');
// $values = array($sid);
//
// $sql = "INSERT INTO offcampus (student) VALUES ($sid)";
// $db->query($sql) or die(deleteLast($tables, $rows, $values, $db->getError()));
// $offid = $db->getLastID();
// $tables[] = 'offcampus';
// $rows[] = 'offid';
// $values[] = $offid;
//
// $sql = "INSERT INTO oncampus (student) VALUES ($sid)";
// $db->query($sql) or die(deleteLast($tables, $rows, $values, $db->getError()));
// $onid = $db->getLastID();
private function check_db($table, $name, $file)
{
$db = new DBObject('newspum');
// $sql = "SELECT * FROM images WHERE originalmd5 = '{$this->imagehash}'";
$sql = sprintf("SELECT * FROM {$table} WHERE originalmd5 = '%s'", $this->imagehash);
$result = $db->query($sql);
if ($row = mysqli_fetch_array($result)) {
$this->imagehash = $row['originalmd5'];
$this->newfname = $row[$file];
//default row['imagefile']
$this->newfile = $this->folderpath . $this->newfname;
$temp = explode('.', $row[$file]);
$this->thumbfile = $this->thumbfolder . 't' . $temp[0] . '.' . $this->thumbext;
$this->dbname = $db->escape(trim($row[$name]));
//default row['imagename']
$this->existing = true;
} else {
$this->dbname = $db->escape(trim($this->image['name']));
$this->existing = false;
}
}
<?php
chdir('..');
date_default_timezone_set('Asia/Manila');
require_once 'includes/classDB.php';
require_once 'includes/functions.php';
if (!empty($_POST['username']) && !empty($_POST['userpass'])) {
$db = new DBObject(CURRENT_DB);
$username = $db->escape($_POST['username']);
$hashpass = hash('md5', $_POST['userpass']);
$sql = "SELECT * FROM userinfo WHERE userpass = '******' AND username = '******'";
$time = rand(1000 * 1000, 1000 * 500);
usleep($time);
// sleep(1);
if (($result = $db->query($sql)) && mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
if ($row['status']) {
init_session();
init_my_cookie();
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['status'] = $row['status'];
$_SESSION['admin'] = $row['admin'];
extend_timeout();
echo "Welcome back, {$row['username']}!";
} else {
echo "This account has not yet been activated.";
}
} else {
die('Invalid username/password.');
}
extend_timeout();
//print_r($_POST);
$db = new DBObject(CURRENT_DB);
$sql = '1';
//die('sample');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['start'])) {
$startstring = "{$_POST['start']} {$_POST['start-hour']}:{$_POST['start-minute']} {$_POST['start-ampm']}";
$start = date_format(date_create_from_format('m/d/Y h:i a', $startstring), 'Y-m-d H:i:s');
$endstring = "{$_POST['end']} {$_POST['end-hour']}:{$_POST['end-minute']} {$_POST['end-ampm']}";
$end = date_format(date_create_from_format('m/d/Y h:i a', $endstring), 'Y-m-d H:i:s');
$actid = intval($_POST['actid']);
$type = $db->escape($_POST['type']);
$sql = "INSERT INTO actdates(actid, type, start, end) VALUES({$actid}, '{$type}', '{$start}', '{$end}')";
// echo $sql;
if ($db->query($sql)) {
echo "Record added!";
} else {
die('Error: ' . $db->getError());
}
} else {
if (isset($_POST['delete'])) {
$dateid = intval($_POST['delete']);
$sql = "DELETE FROM actdates WHERE dateid = {$dateid}";
echo $sql;
if ($db->query($sql)) {
echo "Record deleted!";
} else {
die('Error: ' . $db->getError());
}
} else {
case 3:
case 5:
case 6:
$ans[0] = "evaluation.q{$quest}e1 as ans1";
$ans[1] = "evaluation.q{$quest}e2 as ans2";
break;
default:
$ans[0] = "evaluation.q{$quest}e1 as ans1";
break;
}
$ans2 = join(', ', $ans);
$question = $questions[$quest - 1];
$json['quest'] = $question;
$where = $type ? '' : "AND schoolyear = {$year} AND semester = {$sem}";
$sql = <<<EOSQL
SELECT evaluation.schoolyear, evaluation.semester, evaluation.student, {$ans2}, students.lname, students.fname, students.mname
FROM evaluation
INNER JOIN students ON evaluation.student = students.sid
WHERE reqcode = 'OK' {$where} ORDER BY schoolyear DESC, semester DESC, id DESC
EOSQL;
if ($result = $db->query($sql)) {
while ($row = mysqli_fetch_assoc($result)) {
$fullname = create_name($row['fname'], $row['lname'], $row['mname']);
$answer2 = isset($row['ans2']) || !empty($row['ans2']) ? $row['ans2'] : null;
$json['ans'][] = array('answer' => $row['ans1'], 'answer2' => $answer2, 'sid' => $row['student'], 'fullname' => $fullname, 'year' => $row['schoolyear'], 'sem' => $row['semester']);
}
echo json_encode($json);
} else {
die("Error: {$db->getError()} -- {$sql}");
}
}
