static function executeSQL($db, $sql, $bindings = null, $types = null)
{
if ($statement = $db->prepare($sql)) {
if (isset($bindings)) {
$reset_types = false;
if (!isset($types)) {
$types = '';
$reset_types = true;
}
$bindings_ref = [];
foreach ($bindings as $key => $value) {
$bindings_ref[] =& $bindings[$key];
if ($reset_types) {
$types .= SqlQuery::getTypeChar($value);
}
}
array_unshift($bindings_ref, $types);
call_user_func_array(array($statement, 'bind_param'), $bindings_ref);
}
if ($statement->execute()) {
return $statement;
} else {
dbErr('query', 'execute', $sql, $db->error);
}
} else {
dbErr('query', 'prepare', $sql, $db->error);
}
}
}
//If the user is 'sure', delete the task
if (isset($_POST['sure']) && $_POST['sure'] == 'yes') {
//Delete the input files linked to this task's questions; the questions will be automatically deleted from database thanks to 'ON DELETE CASCADE' option.
$query = $db->query("SELECT input FROM question WHERE id_task={$_GET['id']}") or dbErr($db);
while ($result = $query->fetch_assoc()) {
$input = $result['input'];
if ($input != NULL) {
unlink($input);
}
}
//Delete the task
$query = $db->query("DELETE FROM task WHERE id={$_GET['id']}") or dbErr($db);
$db->close();
exit('Task correctly deleted.<br/><a href="?page=index">Go back to the index.</a>');
}
//Warn the user if this task already has contributions
$query = $db->query("SELECT current FROM task WHERE id={$_GET['id']}") or dbErr($db);
$count = $query->fetch_assoc()['current'];
if ($count != 0) {
echo "Be careful, this task already has {$count} contributions !<br/>";
}
?>
<form method='post'>
Confirm that you want to delete this task :<br/>
<input type="radio" class="radio" name="sure" value='yes'>Yes</input><br/>
<input type="radio" class="radio" name="sure" value='no' checked>No</input><br/>
<input type="submit"/>
</form>
error('The task id provided is incorrect.', $db);
}
//initialize the sql query
$sql = "INSERT INTO contribution(id_worker,id_answer,id_question) VALUES ";
$question = $query->fetch_assoc();
if (!isset($_POST["ans-{$question['id']}"])) {
error('The data sent by your browser is incorrect or incomplete.', $db);
}
$sql = $sql . "({$userid}," . $_POST["ans-{$question['id']}"] . ",{$question['id']})";
//Complete the query iteratively
while ($question = $query->fetch_assoc()) {
if (!isset($_POST["ans-{$question['id']}"])) {
error('The data sent by your browser is incorrect or incomplete.', $db);
}
$sql = $sql . ", ({$userid}," . $_POST["ans-{$question['id']}"] . ",{$question['id']})";
}
//execute the query
$db->query($sql) or dbErr($db);
//remove the assignment if existing
$db->query("DELETE FROM assignment WHERE id_task={$_GET['task']} AND id_worker={$userid}") or dbErr($db);
//Increment the current number of contributions of the task
$db->query("UPDATE task SET current=current+1 WHERE id={$_GET['task']}");
//Change the task state to "completed" if the target number of contributions is reached
$db->query("UPDATE task SET status='completed' WHERE id={$_GET['task']} AND current>=target");
//Transfer the reward from the requester to the Worker
$db->query("UPDATE worker,task SET balance=balance+reward WHERE task.id={$_GET['task']} AND worker.id={$userid}") or dbErr($db);
$db->query("UPDATE requester,task SET balance=balance-reward WHERE task.id={$_GET['task']} AND requester.id=task.id_requester") or dbErr($db);
?>
<p>Contribution successfully registered.</p>
<a class='button' href='?page=index'>Return to the index</a>
$sql1 = $sql1 . ',description';
$sql2 = $sql2 . ',"' . str_replace(array("\r\n", "\r", "\n"), '<br/>', $_POST['description']) . '"';
}
//Complete the query and execute it
$sql1 = $sql1 . ')';
$sql2 = $sql2 . ')';
$query = $db->query($sql1 . $sql2) or dbErr($db);
?>
<p>Task successfully inserted into database.</p>
<a class='button' href='?page=newQuestion'>Add a question to this task</a><br/>
<?php
}
}
//if not, display the form
$query = $db->query("SELECT balance FROM requester WHERE id={$_SESSION['userid']}") or dbErr($db);
$balance = $query->fetch_assoc()['balance'];
?>
<form method='post' onkeyup="addVal(this)">
Task name : <input type="text" name="taskName" maxlength="64" /><br/>
<textarea name="description" rows="5" cols="50" maxlenght="512">Task description</textarea><hr/>
Assignment type : <select name="assignment">
<option>open</option>
<option>waiting</option>
</select>
if "waiting", you can specify here parameters for an external assignment algorithm : <input type="text" name="extparams" maxlength="128" /><br/>
Target number of contributions : <input type="text" name="target"/> Integer value, -1 for manual or external algorithm.<br/>
Individual reward for this task : <input type="text" name="reward"/>
Total cost : <b id='total'>0</b> — Current balance : <b id='balance'><?php
echo $balance;
?>
public function loadChildren()
{
$sql = 'SELECT * FROM viewCategories WHERE category_parent_id = ? ORDER BY category_name';
if ($statement = $this->db->prepare($sql)) {
$statement->bind_param('i', $this->val('category_id'));
if ($statement->execute()) {
$result = $statement->get_result();
$this->children = [];
while ($row = $result->fetch_assoc()) {
$cat = new Category();
$cat->setData($row);
$this->children[] = $cat;
}
$statement->close();
} else {
dbErr($this->table_name, 'execute', $sql, $this->db->error);
}
} else {
dbErr($this->table_name, 'prepare', $sql, $this->db->error);
}
}
<h2>Login</h2>
<?php
//If a session is already set, exit this script
if (isset($_SESSION['usermode'])) {
exit("It looks like you're already connected.<br/> Do you want to <a href='.?page=logout'>logout</a> ?");
}
//======================================================================================================================
//if the login form has already been submitted, check the entered login data
if (isset($_POST['logtype'])) {
$query = $db->query("SELECT id,password,username FROM " . $_POST['logtype'] . " WHERE username='******'login'] . "';") or dbErr($db);
$result = $query->fetch_assoc();
if ($result != NULL) {
if (password_verify($_POST['pass'], $result['password'])) {
$_SESSION['usermode'] = $_POST['logtype'];
$_SESSION['userid'] = $result['id'];
$_SESSION['username'] = $result['username'];
header('location: .?page=index');
$db->close();
exit;
}
}
?>
<p color='red'>Incorrect login information.</p>
<?php
}
//======================================================================================================================
//else, or if the data is incorrect, echo the login form
?>
<form action="" method="post" accept-charset="utf-8">
Login as : <select name="logtype"><option >worker</option><option>requester</option><option>admin</option></select><br/>
}
?>
<p>Question successfully added</p>
<a href=''>Add a new question</a> <a href='?page=index'>return to the index</a>
<?php
$db->close();
exit;
}
}
}
?>
<form method='post' enctype="multipart/form-data">
<?php
//Take the list of the user's tasks from the db and generate a choice list in the form
$query = $db->query("SELECT id,name FROM task WHERE id_requester={$_SESSION['userid']}") or dbErr($db);
if ($query->num_rows == 0) {
error('No tasks linked to your account were found. <a href="?page=newTask">Create a task</a>', $db);
}
echo "Choose the task linked to this question : <select name='taskid'>";
while ($result = $query->fetch_assoc()) {
echo "<option value='{$result['id']}'";
if (isset($_GET['task']) && $_GET['task'] == $result['id']) {
echo ' selected';
}
echo ">" . $result['name'] . "</option>";
}
?>
</select>
<br/>
Question : <textarea name="question" cols="50" rows="1" maxlenght='256'></textarea><br/>
<p><b>Task description :</b><?php
echo $task['description'];
?>
</p>
<form action="?page=contribute&task=<?php
echo $_GET['id'];
?>
" method="post" accept-charset="utf-8">
<?php
//Get the task questions
$query = $db->query("SELECT * FROM question WHERE id_task={$_GET['id']}") or dbErr($db);
//Display each question
while ($question = $query->fetch_assoc()) {
echo "<h3>{$question['question']}</h3>";
//if existing, display the input file
if (file_exists($question['input']) && (include "inputTypes/{$question['inputType']}.php")) {
$type = new $question['inputType']($question['input']);
$type->display();
echo "<br/>";
}
//Get all the possible answers for the question
$query2 = $db->query("SELECT id,answer FROM answer WHERE id_question={$question['id']}") or dbErr($db);
//Display all the answers
while ($answer = $query2->fetch_assoc()) {
echo "<input type='radio' name='ans-{$question['id']}' value='{$answer['id']}'/> {$answer['answer']}<br/>";
}
}
?>
<input type="submit"/>
</form>
</td>
<td><?php
echo $result['reward'];
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</p>
<?php
}
//get available tasks where the user has not already contributed.
$query = $db->query("SELECT id,name,description,reward FROM task WHERE status='open'\n\t\t\t\t\t\tAND id NOT IN (\n\t\t\t\t\t\tSELECT id_task FROM contribution,question WHERE contribution.id_question=question.id AND id_worker={$_SESSION['userid']}\n\t\t\t\t\t\t)\n\t\t\t\t\t\tAND task.id IN (SELECT DISTINCT id_task FROM question)") or dbErr($db);
if ($query->num_rows != 0) {
?>
<h3>Open tasks :</h3>
<p>
<table>
<thead>
<tr>
<th>Task name</th>
<th>Task description</th>
<th>Reward</th>
</tr>
</thead>
<tbody>
<?php
while ($result = $query->fetch_assoc()) {
<h3>Questions linked to this task:</h3>
<p>
<table>
<thead>
<tr>
<th>Question</th>
<th>Answers</th>
<th>Get results</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php
//For each question, get the answers linked to it
while ($question = $query->fetch_assoc()) {
$query2 = $db->query('SELECT answer FROM answer WHERE id_question=' . $question['id']) or dbErr($db);
?>
<tr>
<td>
<?php
echo $question['question'];
?>
</td>
<td>
<?php
while ($ans = $query2->fetch_assoc()) {
echo $ans['answer'] . '<br/>';
}
?>
</td>
<td>
foreach ($input->request->fields->worker as $field) {
if (is_string($field)) {
$sql = $sql . $field . ",";
}
}
if ($sql == "SELECT ") {
$sql = $sql . "*";
} else {
$sql = rtrim($sql, ',');
}
//Remove the last (and excedentary) coma.
} else {
$sql = $sql . "*";
}
$sql = $sql . " FROM worker WHERE id={$row['id_worker']}";
$query2 = $db->query($sql) or dbErr($db);
$row['worker'] = $query2->fetch_assoc();
unset($row['id_worker']);
}
unset($query2);
}
//===================================================================================================================
$result[] = $row;
}
//Check the return size
$max = 10000000;
if (isset($input->request->max_size) && is_numeric($input->request->max_size) && $input->request->max_size > 0) {
$max = $input->request->max_size;
}
if (memory_get_usage() - $memory > $max) {
error('Return size greater than specified maximum.', 10, $db);
<?php
//Check if the input is correct
if (!isset($input->delete->id) || !isset($input->delete->type)) {
error('Json query syntax incorrect', 9, $db);
}
$delete = $input->delete;
$db->query("DELETE FROM {$delete->type} WHERE id={$delete->id}") or dbErr($db);
$ans = new stdClass();
$ans->code = 0;
$ans->message = "row successfully deleted";
echo json_encode($ans, JSON_PRETTY_PRINT);
<h2>List of your tasks</h2>
<?php
$query = $db->query("SELECT * FROM requester,task WHERE id_requester=requester.id") or dbErr($db);
?>
<p>
<table>
<thead>
<tr>
<th>Task name</th>
<th>Task description</th>
<th>requester</th>
<th>Task status</th>
<th>Contributions/target</th>
<th>reward</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php
while ($result = $query->fetch_assoc()) {
?>
<tr>
<td><a href='?page=viewTask&id=<?php
echo $result['id'];
?>
'><?php
echo $result['name'];
?>
</a></td>
<td><?php
echo $result['description'];
<h2>List of the platform requesters</h2>
<?php
//Connect to database.
$query = $db->query("SELECT username,id FROM requester") or dbErr($db);
echo "<div class='content'><ul>\n";
while ($requester = $query->fetch_assoc()) {
echo "<li><a href='?page=viewRequester&id={$requester['id']}'>{$requester['username']}</a></li>\n";
}
echo "</ul></div>\n";
<h2>Register</h2>
<?php
if (isset($_POST['regUN'])) {
//If the register form has already be submitted, treat the data
//Check if the username and password are correct
if ($_POST['regUN'] == '' || $_POST['pass'] == '') {
echo 'Please enter a username and a password.';
} elseif ($_POST['pass'] != $_POST['pass2']) {
echo "The two passwords don't match";
} elseif (strpos($_POST['regUN'], ';') !== FALSE || strpos($_POST['regUN'], "'") !== FALSE || strpos($_POST['regUN'], '"') !== FALSE) {
echo "You must not use ; ' or \" in the username.";
} else {
//if everything is ok
$db->query("INSERT INTO admin(username,password) VALUES ('{$_POST['regUn']}','" . password_hash($_POST['pass'], PASSWORD_DEFAULT) . "')") or dbErr($db);
}
}
//======================================================================================================================================================
?>
<form action=".?page=register" method="post" accept-charset="utf-8">
Chose a username : <input type="text" name="regUN"/><br/>
Chose a password and confirm : <input type="password" name="pass"/> <input type="password" name="pass2"/><br/>
<input type="submit"/>
</form>
<?php
$config = (require 'config.php');
$home_dir = $config['home_dir'];
require_once $home_dir . 'classes/functions.php';
require_once $home_dir . 'classes/log.php';
require_once $home_dir . 'models/base.m.php';
if (_g('security_token') == $config['security_token']) {
$db = new mysqli($config['db_host'], $config['db_login'], $config['db_password'], $config['db_name']);
$db->set_charset('utf8');
$job = _g('job');
if ($db->connect_errno == 0) {
include $home_dir . 'jobs/' . $job . '.j.php';
} else {
dbErr($db->erorr);
}
} else {
die('Wrong security token.');
}
public function deleteById($id = null)
{
if (!isset($id)) {
$id = $this->val($this->id_name);
}
$sql = sprintf('DELETE FROM %s WHERE %s = ?', $this->table_name, $this->id_name);
if ($statement = $this->db->prepare($sql)) {
$statement->bind_param('i', $id);
if ($statement->execute()) {
$statement->close();
$this->is_loaded = false;
$this->data = [];
return true;
} else {
dbErr($this->table_name, 'execute', $sql, $this->db->error);
}
} else {
dbErr($this->table_name, 'prepare', $sql, $this->db->error);
}
}
?>
" maxlenght='16'/><br/>
Password : <input type="text" name="password" placeholder="Enter new password"/><input type="text" name="password2" placeholder="Confirm new password"/><br/>
Balance : <input type="text" value="<?php
echo $requester['balance'];
?>
" name='balance'/><br/>
Warning : as an admin, you won't be warned if you set a balance lower than needed for the requester's current tasks. It is therefore advised to only increase
a requester's balance, except if you're sure of yourself.
<input type="submit"/>
</form>
<h2>Requester's tasks :</h2>
<?php
//get the tasks linked to the requester
$query = $db->query("SELECT * FROM task WHERE id_requester={$_GET['id']}") or dbErr();
if ($query->num_rows == 0) {
echo "<p>No tasks found</p>";
} else {
?>
<p>
<table>
<thead>
<tr>
<th>Task name</th>
<th>Task description</th>
<th>Status</th>
<th>Contributions/target</th>
<th>Reward</th>
<th>Delete</th>
</tr>
break;
}
}
}
}
$sql->sql = $sql->sql . ' WHERE id=' . $_SESSION['userid'];
if ($sql->ok) {
$query = $db->query($sql->sql) or dbErr($db);
echo 'Profile successfully updated !';
echo "<br/>";
}
}
}
//======================================================================================================================
//Get the user info from the database
$query = $db->query("SELECT * FROM " . $_SESSION['usermode'] . " WHERE id=" . $_SESSION['userid']) or dbErr($db);
$user = $query->fetch_assoc();
//Echo the form prefilled with the user data
?>
<form method="post" accept-charset="utf-8">
Username : <input type="text" name="regUN" value="<?php
echo $user['username'];
?>
"/><br/>
Password and confirm : <input type="password" name="pass"/> <input type="password" name="pass2"/><br/>
<?php
if ($_SESSION['usermode'] == 'worker') {
//For workers, add the form lines for the features
$features = scandir("features");
foreach ($features as $filename) {
?>
Current number of contributions : <?php
echo $total;
?>
</p>
<?php
//get the answers linked to the question
$query = $db->query("SELECT * FROM answer WHERE id_question={$question['id']}") or dbErr($db);
?>
<table border='1'>
<thead>
<tr>
<th>Answer</th>
<th>Number</th>
<th>Percentage</th>
</tr>
</thead>
<tbody>
<?php
//For each answer, get the number of contributions
while ($ans = $query->fetch_assoc()) {
echo "<tr>\n<td>{$ans['answer']}</td>\n";
$query2 = $db->query("SELECT count(*) FROM contribution WHERE id_answer={$ans['id']}") or dbErr($db);
$number = $query2->fetch_assoc()['count(*)'];
$percent = $number / max($total, 1) * 100;
//max($total,1) is used to avoid division by zero in the case of $total=0
echo "<td>{$number}</td>\n<td>{$percent} %</td>\n</tr>";
}
?>
</tbody>
</table>
error('Question id missing', $db);
}
//If the user is 'sure', delete the question
if (isset($_POST['sure']) && $_POST['sure'] == 'yes') {
//Delete the input file linked to the question
$query = $db->query("SELECT input FROM question WHERE id={$_GET['id']}") or dbErr($db);
$input = $query->fetch_assoc()['input'];
if ($input != NULL) {
unlink($input);
}
//Delete the question from the database
$query = $db->query("DELETE FROM question WHERE id={$_GET['id']}") or dbErr($db);
$db->close();
exit('Question correctly deleted.<br/><a href="?page=index">Go back to the index.</a>');
}
//Warn the user if the question already has contributions from workers
$query = $db->query("SELECT count(*) FROM contribution WHERE id_question={$_GET['id']}") or dbErr($db);
$count = $query->fetch_assoc()['count(*)'];
if ($count != 0) {
echo "Be careful, this question already has {$count} contributions !<br/>";
}
?>
<form method='post'>
Confirm that you want to delete this question :<br/>
<input type="radio" name="sure" value='yes'/>Yes<br/>
<input type="radio" name="sure" value='no' checked/>No<br/>
<input type="submit"/>
</form>
<?php
//Check the input data
if (!isset($input->login->id, $input->login->password)) {
error('id or password fields not found in the input data', 3, $db);
}
//query the database
$query = $db->query("SELECT id,password FROM admin WHERE username='******'") or dbErr($db);
$result = $query->fetch_assoc();
if ($result == NULL || !password_verify($input->login->password, $result['password'])) {
error('Incorrect login information.', 3, $db);
}
unset($result);
include 'features/' . $filename;
}
$feat = new $class();
$sql = $feat->getForm($_POST, $sql);
if (!$sql->ok) {
echo $sql->err;
break;
}
}
}
}
if ($sql->ok) {
//Insert the data
$sql->sql1 = $sql->sql1 . ')';
$sql->sql2 = $sql->sql2 . ')';
$query = $db->query($sql->sql1 . $sql->sql2) or dbErr($db);
?>
<p>Account succesfully created !</p>
<a class="button" href='.?page=login'>Go back to the login page</a>
<?php
$db->close();
exit;
}
}
}
//======================================================================================================================================================
if (isset($_POST['regType'])) {
//treat the data from the first form, and generate the adapted form for requesters or workers
?>
<form action=".?page=register" method="post" accept-charset="utf-8">
Chose a username : <input type="text" name="regUN" maxlength="16" /><br/>
