public function view($page_name) { $page_name = sqlSafe($page_name); $data = $this->Program->getProgram($page_name); $this->set("title", $data['pages_title']); $this->set("program", $data); }
function error_logger($name = "Error", $message = "") { $sName = sqlSafe($name); $sMsg = sqlSafe($message); $sDate = sqlSafe(date("Y-m-d H:i:s")); $query = "INSERT INTO error_log (`timestamp`,`error_name`,`error_description`) VALUES ({$sDate},{$sName},{$sMsg});"; writeQuery($query); }
function saveStats($stats, $id, $type) { $date = sqlSafe(date("Y-m-d H:i:s")); $followers = sqlSafe($stats['followers']); $id = sqlSafe($id); $type = sqlSafe($type); $query = "INSERT INTO account_stats (`user_id`, `act_type`, `record_date`, `followers`)\n VALUES ({$id}, {$type}, {$date}, {$followers})"; print $query; $result = writeQuery($query); }
/** * Remove the category * * @param String $name The name of the category to be removed */ function remove($name) { $this->set("title", "Remove category"); $name = sqlSafe($name); if ($this->Categorie->removeCategory($name) == false) { $this->set("message", "Unable to remove category"); } else { $this->set("message", "Category removed"); } }
function createAccount($email, $name) { $query = "INSERT INTO accounts (`email`, `fullname`) VALUES (" . sqlSafe($email) . ", " . sqlSafe($name) . ")"; if (writeQuery($query)) { authorize($email); return true; } else { var_dump(getSQLerrors()); return false; } }
function getFollowers($id, $timestamp) { $day = 24 * 60 * 60; $sdate = sqlSafe(date('Y-m-d H:i:s', $timestamp - $day / 2)); $edate = sqlSafe(date('Y-m-d H:i:s', $timestamp + $day / 2)); $id = sqlSafe($id); $query = "SELECT followers FROM account_stats WHERE user_id = {$id} AND (record_date BETWEEN {$sdate} AND {$edate})"; //print $query; $result = readQuery($query); if ($result) { if ($row = $result->fetch_row()) { return $row[0]; } } return null; }
function createProject() { $account = getAccount(); $projdue = tryRetrieve($_POST, 'projDue'); $projtime = strtotime($projdue); $duedate = sqlsafe(date("Y-m-d H:i:s", $projtime)); $title = sqlSafe(tryRetrieve($_POST, 'projName')); //$notes = sqlSafe(tryRetrieve($_POST, 'projNotes')); $query = "INSERT INTO projects (account_id, duedate, title) VALUES ({$account}, {$duedate}, {$title})"; if (writeQuery($query)) { $id = getInsertID(); //Now give the project a hash $hash = sqlSafe(hash('adler32', $id)); $query = "UPDATE projects SET hash={$hash} where id='{$id}'"; if (writeQuery($query)) { $_SESSION['project'] = $id; return getProjectInfo(); } } return null; }
/** * Prepare the Mail for sending * * @param String $to The address of the recipient * @param String $subject The subject of the mail * @param String $content The content of the mail * * @returns void */ function prepareMail($to, $subject, $content) { $this->to = $to; $this->subject = $subject; $this->content = sqlSafe($content); }
/** * Create new page */ function newpage() { initiateSession(); if (!isset($_SESSION['admin_hash'])) { header("LOCATION: /admins/index"); } $this->set("title", "New Page"); if (isset($_POST['post_page'])) { if (!isset($_POST['post_title'])) { $this->set("message", "Title is required"); return; } else { if (!isset($_POST['post_category'])) { $this->set("message", "Page category is required"); } else { if (!isset($_FILES['featured_image']) && !isset($_FILES['multiple_image'])) { $this->set("message", "A feature image and supporting images must be uploaded"); } else { $title = sqlSafe($_POST['post_title']); if (isset($_POST['post_description'])) { $description = sqlSafe($_POST['post_description']); } else { $description = null; } $category = sqlSafe($_POST['post_category']); $date = date("Y-m-d H:i:s"); $status = "published"; $image = new Media($_FILES['featured_image']); if ($image->validate() == false) { $this->set("message", "Media File format not supported"); } else { if ($image->setUploadPath(ROOT . DS . 'public' . DS . 'uploads' . DS . 'pages') == false) { $this->set("message", "path error"); return; } if ($image->moveUploadedMedia() == false) { $this->set("message", "Unable to upload media"); return; } else { $imageData = $image->getUploadData(); $imagePath = $imageData['upload_path']; } $moreImages = $this->uploadMultipleImage($_FILES['multiple_image']); //echo $moreImages; } if ($this->Admin->newPage($title, $description, $category, $imagePath, $date, $status, $moreImages) == false) { $this->set("message", "Unable to add new page"); } else { $this->set("message", "New Page added successfully"); } } } } } }
function getChildren($irn) { $irn = sqlSafe($irn); $query = "SELECT c.irn, c.title, c.accession_no, c.location_barcode, c.location_name, c.barcode FROM children c LEFT JOIN objects o ON (o.irn = c.parent_irn) WHERE c.parent_irn = {$irn} AND (c.location_name != o.location_name OR o.location_name is null) order by c.accession_no"; $result = readQuery($query); //var_dump($query); $child = array(); while ($row = $result->fetch_assoc()) { array_push($child, $row); } return $child; }
/** * Remove the post from the database * * @param Int $id The ID of the post to be removed */ function remove($id) { $this->set("title", "Blog"); initiateSession(); if (!isset($_SESSION['user_id'])) { $this->set("message", "No permission to remove post"); } else { if ($this->Blog->removePost(sqlSafe($id)) == false) { $this->set("message", "Unable to remove post"); } else { $this->set("message", "Post removed"); } } }
function SDticket($project) { $results = genSD($project); if (isset($results)) { $query = "UPDATE projects SET `SDurl` = " . sqlSafe($results['url']) . " WHERE id = " . sqlSafe($project); writeQuery($query); print json_encode(array("url" => $results['url'])); } }
/** * Reset Password * * @param String $username The username for password reset * @param String $activationhash The reset code * */ function reset($username, $activationhash) { $this->set("title", "IEEE NIEC | New Password"); $username = sqlSafe($username); $activationhash = sqlSafe($activationhash); $hash = $this->User->getUserPassword($username); if ($hash == false) { $this->set("message", "Invalid account"); } else { if ($activationhash == md5($hash)) { $this->User->updateStatus($username, 1); $this->set("message", "Reset Your password"); } else { $this->set("message", "Invalid activation hash"); } } }
/** * Remove Image * * @param Int $id The ID of the image to be removed */ function remove($id) { initiateSession(); if (!isset($_SESSION['user_id'])) { $this->set("message", "User not logged in"); } else { $id = sqlSafe($id); if ($this->Picture->removePicture($id) == false) { $this->set("message", "Unable to remove picture"); } else { $this->set("message", "Picture removed"); } } }
function attachObject($record) { $project = $_SESSION['project']; $object = $record['irn']; $query = "INSERT INTO `emuProjects`.`objectProject` (`project_id`, `object_irn`, object_holder) VALUES (" . sqlSafe($project) . "," . sqlSafe($object) . "," . sqlSafe($record['is_holder']) . ")"; writeQuery($query); }
function deleteProject($project) { // To make this more secure check the account in the session field to ensure the account has access to the project $query = "DELETE FROM projects WHERE id=" . sqlSafe($project); writeQuery($query); }