Exemplo n.º 1
40
function mySqlUpit($upit, $tip)
{
    $konekcija = mysqli_connect("localhost", "root", "", "0007cinevision");
    $konekcija->set_charset("utf8");
    if (mysqli_connect_errno()) {
        printf("Konekcija nije uspela: %s\n", mysqli_connect_error());
        exit;
    }
    $rezultat = mysqli_query($konekcija, $upit);
    if (!$rezultat) {
        printf("Greska: %s\n", mysqli_error($konekcija));
        exit;
    }
    if ($tip == 0) {
        return 0;
    }
    if ($tip == 1) {
        $rez = mysqli_fetch_array($rezultat, MYSQLI_NUM);
        $konekcija->close();
    } else {
        if ($tip == 2) {
            $rez = array();
            $i = 0;
            while (($red = mysqli_fetch_array($rezultat)) != NULL) {
                $rez[$i++] = $red;
            }
        }
    }
    if (!empty($rez)) {
        return $rez;
    }
    return -1;
}
Exemplo n.º 2
14
function check_user($uid, $link)
{
    $query = "SELECT sid FROM " . USERS_TABLE . " WHERE uid='{$uid}';";
    $result = mysqli_query($link, $query) or die(mysqli_error());
    $row = mysqli_fetch_assoc($result);
    return $row["sid"] == SID ? true : false;
}
 public function bajaEmpleo($id)
 {
     $conexion = new Conexion();
     $sql = "delete from empleos_anteriores where id={$id}";
     mysqli_query($conexion->link, $sql) or die("Error: " . mysqli_error($conexion->link));
     echo "Empleo borrado correctamente";
 }
Exemplo n.º 4
0
 /**
  * @param $sql string
  * // todo: add fetch types
  * @param string $fetch_type string [assoc, object, ...]
  * @return array
  */
 public function query($sql, $fetch_type = 'assoc')
 {
     // todo: check sql string
     $this->mysqli->query($sql);
     $rows = array();
     $result = $this->mysqli->query($sql);
     if (!$result) {
         $this->loger->addLog(LOG_ERR, mysqli_error($this->mysqli));
         // todo: goto html output
         die;
     }
     switch ($fetch_type) {
         default:
         case 'assoc':
             while ($row = $result->fetch_assoc()) {
                 $rows[] = $row;
             }
             break;
         case 'object':
             while ($row = $result->fetch_object()) {
                 $rows[] = $row;
             }
             break;
     }
     return $rows;
 }
Exemplo n.º 5
0
 public function open_connection()
 {
     $this->connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_DBNAME);
     if (!$this->connection) {
         die("Database Connection Failed " . mysqli_error());
     }
 }
Exemplo n.º 6
0
function getDatosAnteriores($nombreUsuario)
{
    $datos = array();
    if ($connect = mysqli_connect("localhost", "root", "", "prueba1")) {
        $sql_select = sprintf("select Nombre,Apellidos,Fecha_Nacimiento,DNI,Localidad,Provincia,CP,Telefono from datos_usuarios\r\n\t\t\t\t\t\t\tinner join credenciales on datos_usuarios.ID_Credenciales=credenciales.idCredenciales\r\n\t\t\t\t\t\t\twhere credenciales.Usuario= '%s';", $nombreUsuario);
        //echo $sql_select."</br>";
        $resultado_queryDatos = mysqli_query($connect, $sql_select);
        if ($resultado_queryDatos == FALSE) {
            echo "Error al ejecutar la consulta:</br>";
            echo mysqli_error($resultado_queryDatos) . "</br>";
        } else {
            if (mysqli_num_rows($resultado_queryDatos) == 1) {
                $i = 0;
                $registro = mysqli_fetch_row($resultado_queryDatos);
                while ($i <= 7) {
                    //echo $i." ".$registro[$i]."</br>";
                    $datos[$i] = $registro[$i];
                    $i++;
                }
                return $datos;
            } else {
                echo "El resultado es diferente uno";
                return false;
            }
        }
    } else {
        echo "Error al conectar con BBDD </br>";
        return false;
    }
}
Exemplo n.º 7
0
 public static function queryToArray($sql)
 {
     global $my_user, $my_pass, $my_host, $my_db, $config_enable_cache;
     $link = Database::getLink();
     $db_selected = mysqli_select_db($link, $my_db);
     if (!$db_selected) {
         die('Can\'t use ' . $my_db . ' : ' . mysqli_error($link));
     }
     // Perform Query
     $result = mysqli_query($link, $sql);
     $id = mysqli_insert_id($link);
     if ($id > 0) {
         // we did an insert, just return the id
         return $id;
     }
     //echo ("\ndatabase qtoa before proc id is $id");
     if (!$result) {
         $message = 'Invalid query: ' . mysqli_error($link) . "\n";
         $message .= 'Whole query: ' . $sql;
         die($message);
     }
     if ($result === true) {
         // probably an insert..
         return false;
     }
     $rows = array();
     while ($row = mysqli_fetch_assoc($result)) {
         $rows[] = $row;
     }
     return $rows;
 }
Exemplo n.º 8
0
 public function query($sql, $unbuffered = false)
 {
     if (defined('FEATHER_SHOW_QUERIES')) {
         $q_start = get_microtime();
     }
     $this->query_result = @mysqli_query($this->link_id, $sql);
     if ($this->query_result) {
         if (defined('FEATHER_SHOW_QUERIES')) {
             $this->saved_queries[] = array($sql, sprintf('%.5f', get_microtime() - $q_start));
         }
         ++$this->num_queries;
         return $this->query_result;
     } else {
         if (defined('FEATHER_SHOW_QUERIES')) {
             $this->saved_queries[] = array($sql, 0);
         }
         $this->error_no = @mysqli_errno($this->link_id);
         $this->error_msg = @mysqli_error($this->link_id);
         // Rollback transaction
         if ($this->in_transaction) {
             mysqli_query($this->link_id, 'ROLLBACK');
         }
         --$this->in_transaction;
         return false;
     }
 }
 function onSQLReady($db_sock)
 {
     $db_res = $this->busy_pool[$db_sock];
     $mysqli = $db_res['mysqli'];
     $fd = $db_res['fd'];
     echo __METHOD__ . ": client_sock={$fd}|db_sock={$db_sock}\n";
     if ($result = $mysqli->reap_async_query()) {
         $ret = var_export($result->fetch_all(MYSQLI_ASSOC), true) . "\n";
         //var_dump($ret);
         $this->serv->send($fd, $ret);
         if (is_object($result)) {
             mysqli_free_result($result);
         }
     } else {
         $this->serv->send($fd, sprintf("MySQLi Error: %s\n", mysqli_error($mysqli)));
     }
     //release mysqli object
     $this->idle_pool[] = $db_res;
     unset($this->busy_pool[$db_sock]);
     //这里可以取出一个等待请求
     if (count($this->wait_queue) > 0) {
         $idle_n = count($this->idle_pool);
         for ($i = 0; $i < $idle_n; $i++) {
             $req = array_shift($this->wait_queue);
             $this->doQuery($req['fd'], $req['sql']);
         }
     }
 }
 /**
  * @param $login
  * @param $pass
  * @return bool|mysqli_result
  */
 public function autorization($login, $pass)
 {
     //method to check user login data in database
     //db_connect() - connect to database - method from parent class Config_db
     $query = mysqli_query($this->db_connect(), "SELECT * FROM user_reg WHERE login='******' AND pass='******'") or die(mysqli_error($this->db_connect()));
     return $query;
 }
Exemplo n.º 11
0
function getRank($a, $b, $c)
{
    include 'config.php';
    $con = mysqli_connect($IP, $user, $pass, $db);
    //		echo "select `idCategory` from Placed where `idBid`=$c and `idAuction`=$a";
    //		echo "select `idCategory` from Placed where `idBid`=$c and `idAuction`=$a";
    //echo "select `idCategory` from Placed where `idBid`=$c and `idAuction`=$a";
    //    	$result=mysqli_query($con,"select `idCategory` from Placed where `idBid`=$c and `idAuction`=$a") or die(mysqli_error($con));
    $result = mysqli_query($con, "select `idCategory` from Placed where `idBid`={$c} and `idAuction`={$a}") or die(mysqli_error($con));
    //		echo "select count(*)+1 as rank from Placed where `Price`>$b and `idAuction`=$a and `status` =  'A'";
    //		echo json_encode($result);
    //		echo mysqli_num_rows($result);
    $row = mysqli_fetch_assoc($result);
    $c = $row['idCategory'];
    //        echo $c.'sdf';
    if (empty($c)) {
        return 0;
    }
    //		echo "select count(*)+1 as rank from Placed where `Price`>$b and `idCategory`=$c and `idAuction`=$a and `status` =  'A'";
    //echo "select count(*)+1 as rank from Placed where `Price`>$b and `idCategory`=$c and `idAuction`=$a and `status` =  'A'";
    $result = mysqli_query($con, "select count(*)+1 as rank from Placed where `Price`>{$b} and `idCategory`={$c} and `idAuction`={$a} and `status` =  'A'") or die("Error" . mysqli_error($con));
    $output = [];
    while ($row = mysqli_fetch_assoc($result)) {
        return $row['rank'];
    }
}
Exemplo n.º 12
0
 public function trans()
 {
     if (!\mysqli_begin_transaction($this->connection, MYSQLI_TRANS_START_WITH_CONSISTENT_SNAPSHOT)) {
         throw new \Exception('Could not start Transaction: ' . \mysqli_error($this->connection));
     }
     return true;
 }
Exemplo n.º 13
0
 public function delete($id)
 {
     $Blog = new Blog($this->plural_resource);
     $sql = $Blog->destroy($id);
     mysqli_query($this->db, $sql) or die(mysqli_error($this->db));
     header("Location: ../index");
 }
Exemplo n.º 14
0
function check_db($dbhost, $dbuser, $dbpw, $dbname, $tablepre)
{
    if (!function_exists('mysql_connect') && !function_exists('mysqli_connect')) {
        show_msg('undefine_func', 'mysql_connect', 0);
    }
    $mysqlmode = function_exists('mysql_connect') ? 'mysql' : 'mysqli';
    $link = $mysqlmode == 'mysql' ? @mysql_connect($dbhost, $dbuser, $dbpw) : new mysqli($dbhost, $dbuser, $dbpw);
    if (!$link) {
        $errno = $mysqlmode == 'mysql' ? mysql_errno() : mysqli_errno();
        $error = $mysqlmode == 'mysql' ? mysql_error() : mysqli_error();
        if ($errno == 1045) {
            show_msg('database_errno_1045', $error, 0);
        } elseif ($errno == 2003) {
            show_msg('database_errno_2003', $error, 0);
        } else {
            show_msg('database_connect_error', $error, 0);
        }
    } else {
        if ($query = $mysqlmode == 'mysql' ? @mysql_query("SHOW TABLES FROM {$dbname}") : $link->query("SHOW TABLES FROM {$dbname}")) {
            if (!$query) {
                return false;
            }
            while ($row = $mysqlmode == 'mysql' ? mysql_fetch_row($query) : $query->fetch_row()) {
                if (preg_match("/^{$tablepre}/", $row[0])) {
                    return false;
                }
            }
        }
    }
    return true;
}
Exemplo n.º 15
0
 function login($username, $password)
 {
     $sql = mysqli_query($this->connect, "SELECT * FROM `register` WHERE `username`='{$username}' and `password`='{$password}'") or die(mysqli_error());
     if (mysqli_num_rows($sql) > 0) {
         return true;
     }
 }
Exemplo n.º 16
0
function player($pid)
{
    global $con;
    $result = mysqli_query($con, "SELECT * from players Where player_id='{$pid}'") or die(mysqli_error($con));
    $row1 = mysqli_fetch_array($result);
    return $row1['name'];
}
Exemplo n.º 17
0
 public function conexion()
 {
     if (!isset($this->con)) {
         $this->con = mysqli_connect("localhost", "root", "", "inventiba") or die(mysqli_error());
         //echo "Conexion exitosa";
     }
 }
Exemplo n.º 18
0
function generateDataLayer($result, $p, $view, $genre, $category, $sort, $searchName)
{
    require 'includes/connect.php';
    $dataLayerString = "[{'page':'homePage',";
    //movie
    $movieString = "'movies':[";
    while ($row = mysqli_fetch_array($result)) {
        $movieId = mysqli_real_escape_string($conn, $row['movieId']);
        $movieName = mysqli_real_escape_string($conn, $row['name']);
        if ($p == "rating") {
            $averageRatingQuery = "SELECT average FROM `averagerating` WHERE movieId = '" . $movieId . "'";
            $averageRatingResult = mysqli_query($conn, $averageRatingQuery);
            $averageRatingRow = mysqli_fetch_array($averageRatingResult);
            if (!$averageRatingRow) {
                printf("Error: %s\n", mysqli_error($conn));
                //exit();
            }
            $average = $averageRatingRow['average'];
            $movieString .= "{ 'movieId':'{$movieId}', 'movieName':'{$movieName}', 'averageRating':'{$average}' },";
        } else {
            if ($p == "sentiment") {
                $sentCount = "";
                if ($sentSort == "pos") {
                    $sentCount = $row['positive'];
                    $sentType = "positive";
                } else {
                    $sentCount = $row['negative'];
                    $sentType = "negative";
                }
                $movieString .= "{ 'movieId':'{$movieId}', 'movieName':'{$movieName}', '{$sentType}':'{$sentCount}' },";
            }
        }
    }
    $movieString = rtrim($movieString, ",");
    $movieString .= "]";
    $dataLayerString .= $movieString;
    //metric (rating or sentiment)
    $pString = ", 'metric': '{$p}'";
    $dataLayerString .= $pString;
    //view
    $viewString = ", 'view': '{$view}'";
    $dataLayerString .= $viewString;
    //genre
    $genreString = ", 'genre': '{$genre}'";
    $dataLayerString .= $genreString;
    //all/theatre/recent
    $categoryString = ", 'category': '{$category}'";
    $dataLayerString .= $categoryString;
    //sort
    $sortString = ", 'sort': '{$sort}'";
    $dataLayerString .= $sortString;
    //search
    if (!empty($searchName)) {
        $searchString = ", 'searchValue': '{$searchName}'";
        $dataLayerString .= $searchString;
    }
    $dataLayerString .= "}]";
    //echo "datalayer".$dataLayerString;
    return $dataLayerString;
}
function addData($name, $code, $price, $description)
{
    //print "Ready to add data";
    include "dbinfo.php";
    $picture = checkPicture();
    $sql = "INSERT INTO product2 VALUES (null,'7','{$picture}','{$name}','{$code}','{$price}','{$description}')";
    $result = mysqli_query($conn, $sql) or die(mysqli_error($conn));
    if (true === $result) {
        printf("no error: %s\n", mysqli_error($conn));
    } else {
        echo 'done.';
    }
    include "header.php";
    print <<<HERE
\t\t\t<br><br><br><br><br>
\t<h1>The following has been added:</h1>
\t<ul>
\t<li>Picture: <img src='images/Accessories/{$picture}' /></li>
\t<li>Type: 7</li>
\t<li>Name: {$name}</li>
\t<li>Code: {$code}</li>
\t<li>Price: {$price}</li>
\t<li>Description: {$description}</li>
\t</ul>
HERE;
}
Exemplo n.º 20
0
function checkExist($name)
{
    global $link;
    $query = "SELECT COUNT(*) AS cnt FROM twebm WHERE cName = '{$name}'";
    $result = $link->query($query) or die(mysqli_error($link));
    return mysqli_fetch_array($result, MYSQLI_ASSOC);
}
 function team($abbr)
 {
     global $con;
     $result = mysqli_query($con, "SELECT * from teamnames Where abbr='{$abbr}'") or die(mysqli_error($con));
     $row1 = mysqli_fetch_array($result);
     return $row1['name'];
 }
Exemplo n.º 22
0
    /**
     * Analyze and sends an error.
     *
     * @param string $string
     * @throws DatabaseException If a SQL fails
     * @return type
     */
    protected function sendError($string)
    {
        $mysql_error = mysqli_error($this->con);
        $mysql_errno = mysqli_errno($this->con);
        // 1016: Can't open file '....MYI'
        // 2013: Lost connection to server during query.
        if (in_array($mysql_errno, array(1016, 2013)) && $this->second_try) {
            $this->second_try = false;
            // Try to repair the table and run the query again.
            if ($mysql_errno == 1016 && preg_match('~(?:\'([^\\.\']+)~', $mysql_error, $match) != 0 && !empty($match[1])) {
                mysqli_query($this->con, "\n\t\t\t\t\tREPAIR TABLE {$match['1']}");
            }
            return $this->query($string, false);
        }
        $action_url = $this->buildActionUrl();
        throw new DatabaseException('
				<b>Unsuccessful!</b><br />
				This query:<blockquote>' . nl2br(htmlspecialchars(trim($string))) . ';</blockquote>
				Caused the error:<br />
				<blockquote>' . nl2br(htmlspecialchars($mysql_error)) . '</blockquote>
				<form action="' . $action_url . '" method="post">
					<input type="submit" value="Try again" />
				</form>
			</div>');
    }
Exemplo n.º 23
0
function transaksi()
{
    include "config.php";
    $conn = connect_database();
    if (userCheck($conn, $_POST['id'])) {
        $kodealat = mysqli_real_escape_string($conn, $_POST["kode-alat"]);
        $tanggal = date("Y-m-d", time());
        if (isset($_POST["tanggal-pinjam"])) {
            $tanggal = $_POST["tanggal-pinjam"];
        }
        if (!isAvailable($conn, $kodealat, $tanggal, $_POST["tanggal-kembali"])) {
            echo "Maaf, alat pada hari tersebut tidak dapat dipinjam </br>";
        } else {
            if (strcmp($_POST["jenis"], "peminjaman") == 0) {
                $sql = "INSERT INTO `peminjaman` (`id_user`, `id_alat`, `tanggal_rencana_pengembalian`) VALUES ('{$_POST['id']}','{$kodealat}','" . str_replace('T', ' ', $_POST["tanggal-kembali"]) . ":00')";
            } else {
                //booking
                $sql = "INSERT INTO `booking` (`id_user`, `id_alat`, `tanggal_rencana_peminjaman`, `tanggal_rencana_pengembalian`) VALUES ('{$_POST['id']}','{$kodealat}','" . str_replace('T', ' ', $_POST["tanggal-pinjam"]) . ":00','" . str_replace('T', ' ', $_POST["tanggal-kembali"]) . ":00')";
            }
            if (mysqli_query($conn, $sql)) {
                echo "Data anda berhasil disimpan</br>";
            } else {
                echo mysqli_error($conn);
            }
        }
    } else {
        //tidak ada user dengan id tersebut
        echo "Maaf, user dengan ID sekian belum terdaftar. Mohon daftarkan diri Anda terlebih dahulu!";
    }
    echo '<a href="../index.php"> Kembali ke halaman Transaksi</a>';
}
Exemplo n.º 24
0
function Modificar()
{
    global $connect;
    $query = "UPDATE product SET name='{$_POST['name']}', price='{$_POST['price']}', stock='{$_POST['stock']}',\n\t category = '{$_POST['idFkCategory']}', brand='{$_POST['idFkBrand']}' idFkSize = '{$_POST['idFkSize']}',\n\t idFkColor='{$_POST['idFkColor']}' WHERE DNI='{$_POST['id']}';";
    mysqli_query($connect, $query) or die(mysqli_error($connect));
    mysqli_close($connect);
}
Exemplo n.º 25
0
 private function throw_sql_exception($class)
 {
     $errno = mysqli_errno($this->cn);
     $error = mysqli_error($this->cn);
     $msg = $error . "<br /><br /><b>Error number:</b> " . $errno;
     throw new Exception($msg);
 }
Exemplo n.º 26
0
function validarLogin($login, $pass)
{
    $con = mysqli_connect("*********", "**********", "**********", "************");
    #Se comprueba la conexion
    if (mysqli_connect_errno()) {
        echo 'Error de conexion: ' . mysqli_connect_error();
        exit;
    }
    #Se quitan posibles caracteres especiales [NUL (ASCII 0), \n, \r, \, ', ", y Control-Z] (sql injection)
    $login = mysqli_real_escape_string($con, $login);
    $pass = mysqli_real_escape_string($con, $pass);
    #Se comprueban login y pass hasheada
    $usuario = mysqli_query($con, "SELECT login, pwd FROM Usuario WHERE login = '******'");
    #Se comprueba que se han devuelto resultados
    if (!$usuario) {
        echo 'Error en la consulta: ' . mysqli_error($con);
        exit;
    }
    #Se coge el resultado
    $result = mysqli_fetch_row($usuario);
    #Si coincide, se devuelve la lista de bichos de ese usuario
    if ($result[0] == $login && $result[1] == $pass) {
        return true;
    } else {
        return false;
    }
}
Exemplo n.º 27
0
function Global_Init()
{
    //session_start();
    Load_Configs();
    if (!strnatcasecmp(trim($GLOBALS['db']['type']), "LB")) {
        require_once 'inc/dbmodule_LB.php';
    }
    if (!strnatcasecmp(trim($GLOBALS['db']['type']), "GD")) {
        require_once 'inc/dbmodule_GD.php';
    }
    //echo "GLOBALS: <BR>"; print_r($GLOBALS['db']); echo "<BR>";
    $source_db_ok = SQL_DB_OK("source");
    if ($source_db_ok['error'] === false) {
        $GLOBALS['db']['s_resource'] = @mysql_connect($GLOBALS['db']['s_host'], $GLOBALS['db']['s_user'], $GLOBALS['db']['s_pass']) or die($_SERVER["SCRIPT_FILENAME"] . "Could not connect to Source MySQL Server. : " . mysql_error());
        @mysql_selectdb($GLOBALS['db']['s_base']) or die("Could not connect to Source database [" . $GLOBALS['db']['s_base'] . "] : " . mysql_error());
        $GLOBALS['db']['x_resource'] = @mysql_connect($GLOBALS['db']['x_host'], $GLOBALS['db']['x_user'], $GLOBALS['db']['x_pass']) or die($_SERVER["SCRIPT_FILENAME"] . "Could not connect to X-Ray  MySQL Server. : " . mysql_error());
        @mysql_selectdb($GLOBALS['db']['x_base']) or die("Could not connect to X-Ray database [" . $GLOBALS['db']['x_base'] . "] : " . mysql_error());
        $GLOBALS['db']['s_link'] = mysqli_connect($GLOBALS['db']['s_host'], $GLOBALS['db']['s_user'], $GLOBALS['db']['s_pass'], $GLOBALS['db']['s_base']) or die($_SERVER["SCRIPT_FILENAME"] . "Could not connect to Source MySQL Server (multilink). : " . mysqli_error($GLOBALS['db']['s_link']));
        mysqli_select_db($GLOBALS['db']['s_link'], $GLOBALS['db']['s_base']) or die("Could not connect to Source database (multilink) [" . $GLOBALS['db']['s_base'] . "] : " . mysqli_error($GLOBALS['db']['s_link']));
        $GLOBALS['db']['x_link'] = mysqli_connect($GLOBALS['db']['x_host'], $GLOBALS['db']['x_user'], $GLOBALS['db']['x_pass'], $GLOBALS['db']['x_base']) or die($_SERVER["SCRIPT_FILENAME"] . "Could not connect to X-Ray MySQL Server (multilink). : " . mysqli_error($GLOBALS['db']['x_link']));
        mysqli_select_db($GLOBALS['db']['x_link'], $GLOBALS['db']['x_base']) or die("Could not connect to X-Ray database (multilink) [" . $GLOBALS['db']['x_base'] . "] : " . mysqli_error($GLOBALS['db']['x_link']));
    } else {
        $config_error .= $source_db_ok['message'] . "<BR>";
    }
    //	array_key_exists('form', $_POST) && $_POST['form']!="" ? $_GET = $_POST : NULL;
    //	array_key_exists('force', $_GET) && $_GET['force']!="" ? $_POST = $_GET : NULL;
    if (count($_GET) > 0) {
        $_POST = $_GET;
    }
    //	if($_POST['form']!=""){$_GET = $_POST;}
    //	if($_GET['force']!=""){$_POST = $_GET;}
    if (!FixOutput_Bool($GLOBALS['config_settings']['settings']['first_setup'], true, false, true)) {
        $GLOBALS['worlds'] = Get_Worlds_Enabled();
    }
}
Exemplo n.º 28
0
function passwordExists($dbConn, $username, $password)
{
    $isValid = false;
    $dbQuery = "SELECT Password FROM USERS WHERE Username = '******' LIMIT 1";
    FB::info('passwordExists() query: ' . $dbQuery);
    $dbRows = mysqli_query($dbConn, $dbQuery);
    $dbValues = mysqli_fetch_assoc($dbRows);
    $dbPassword = $dbValues['Password'];
    if (password_verify($password, $dbPassword)) {
        $isValid = true;
        FB::log('Password is valid!');
        // Check if the password needs a rehash.
        if (password_needs_rehash($dbPassword, PASSWORD_DEFAULT)) {
            FB::log('Rehashing password!');
            $dbPassword = password_hash($password, PASSWORD_DEFAULT);
            $dbQuery = "UPDATE USERS SET Password = '******' WHERE Username = '******'";
            FB::info('Password rehash query: ' . $dbQuery);
            $dbRows = mysqli_query($dbConn, $dbQuery);
            if ($dbRows) {
                FB::log('Password rehash successful!');
            } else {
                FB::error('Password rehash failed: ' . mysqli_error($dbConn));
            }
        }
    }
    return $isValid;
}
Exemplo n.º 29
-1
function login($username, $passwd)
{
    //check username and password with db
    //if yes return true
    //else throw exception
    //connect to db
    include 'db_fns.php';
    if (!$conn) {
        die . mysqli_error();
    } else {
        $username = $_POST['username'];
        $passwd = $_POST['passwd'];
        $username = stripslashes($username);
        $passwd = stripslashes($passwd);
        $username = mysqli_real_escape_string($conn, $username);
        $passwd = mysqli_real_escape_string($conn, $passwd);
        //check if username is unique
        $result = mysqli_query($conn, "SELECT username, passwd FROM usertable WHERE username='******' AND passwd=sha1( '" . $passwd . "') ") or die("Query failed." . mysqli_error());
        $row = mysqli_num_rows($result);
        if ($row == 1) {
            session_start();
            $_SESSION['valid_user'] = $username;
            ob_end_clean();
            header("Location: member.php");
            exit;
        } else {
            die('Could not log you in. Username invalid.');
            do_html_URL('index.php', 'Login');
            exit;
        }
    }
}
Exemplo n.º 30
-1
function createNewPrediction()
{
    define('DB_HOST', getenv('OPENSHIFT_MYSQL_DB_HOST'));
    define('DB_USER', getenv('OPENSHIFT_MYSQL_DB_USERNAME'));
    define('DB_PASS', getenv('OPENSHIFT_MYSQL_DB_PASSWORD'));
    define('DB_NAME', getenv('OPENSHIFT_GEAR_NAME'));
    $conn = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die("Error: Couldn't connect" . DB_HOST . DB_USER . DB_PASS . DB_PORT . DB_NAME . mysqli_error($mysqlCon));
    $response = array();
    $bloodgroup = $_POST["Blood_group"];
    $location = $_POST["Location"];
    $available = $_POST["Available"];
    $username = $_POST["name"];
    $contact = $_POST["Contact_number"];
    $nic = $_POST["Contact_number"];
    $age = $_POST["Contact_number"];
    $db = new DbConnect();
    // mysql query
    $sql = "UPDATE Donor_details\n                SET Blood_group={$bloodgroup},Location={$location},Available={$available},name={$username} WHERE Contact_number={$contact}";
    $result = $conn->query($sql);
    if ($result) {
        $response["error"] = false;
        $response["message"] = "Prediction added successfully!";
    } else {
        $response["error"] = true;
        $response["message"] = "Failed to add donor_details!";
    }
    // echo json response
    echo json_encode($response);
}