function dolog($json_array)
{
$GLOBALS['conn'] = null;
createConnection("localhost", "access_log", "C148aADhCs7FMWgXs4V5", "sswd", $json_array);
$ip = $_SERVER['REMOTE_ADDR'];
if (isset($_GET['key'])) {
$key = $_GET['key'];
} else {
if (isset($_POST['key'])) {
$key = $_POST['key'];
} else {
$key = "";
}
}
$result = $json_array['success'];
$message = "";
$auser = $json_array['auth_user'];
if (isset($_GET['api'])) {
$api = $_GET['api'];
} else {
$api = "";
}
foreach ($json_array['message'] as $msg) {
if (is_array($msg)) {
$message .= json_encode($msg) . ";";
} else {
$message .= $msg . ";";
}
}
$stmt = $GLOBALS['conn']->prepare("INSERT INTO access_log (log_ip, log_api, log_key, log_result, log_message, log_auth_user) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssiss", $ip, $api, $key, $result, $message, $auser);
$stmt->execute();
$GLOBALS['conn'] = null;
}
function letzteBestellungenExtended($benutzer)
{
//$con = mysql_connect('localhost','root','');
//mysql_select_db('ebertspizzapalace', $con);
createConnection();
$sql = "SELECT p.Name, xpo.Amount, group_concat(i.Name) AS Zutaten, o.ID\n\t\tFROM Customers c, Orders o, xProductOrder xpo, Products p, xProductIngredient xpi, Ingredients i \n\t\tWHERE c.ID = o.CustomerID \n\t\tAND o.ID = xpo.OrderID \n\t\tAND xpo.ProductID = p.ID \n\t\tAND p.ID = xpi.ProductID \n\t\tAND xpi.IngredientID = i.ID \n\t\tAND c.Login = '******'\n\t\tGROUP BY p.ID, o.ID";
$results = mysql_query($sql);
//mysql_close($con);
closeConnection();
return $results;
}
function BenutzernameCheck($inputBenutzername)
{
createConnection();
//$con = mysql_connect('localhost','root','');
//mysql_select_db('ebertspizzapalace', $con);
$sql = "SELECT Login FROM Customers WHERE Login = '******'";
$result = mysql_query($sql, $con);
$count = mysql_num_rows($result);
closeConnection();
//mysql_close($con);
return $count;
}
function executeQueryString($queryString)
{
$conn = createConnection();
if ($conn->query($queryString) === TRUE) {
//echo "<br>New record created successfully<br>";
return true;
} else {
echo "Error: " . $queryString . "<br>" . $conn->error;
return false;
}
closeConnection($conn);
}
function warenkorbGesamtpreis($anzahl, $produkt)
{
//$con = mysql_connect('localhost','root','');
//mysql_select_db('ebertspizzapalace', $con);
createConnection();
$sql = "SELECT Price FROM Products WHERE ID = '{$produkt}'";
$result = mysql_query($sql);
$price = mysql_result($result, 0, 0);
//mysql_close($con);
closeConnection();
$zahl = $price * $anzahl;
return $zahl;
}
function insertData($data)
{
$conn = createConnection();
$tableName = "TvPrices";
$productInfoList = $data['productInfoList'];
if (sizeof($productInfoList) > 0) {
// not required;
foreach ($productInfoList as $list) {
$prodIdentifier = $list['productBaseInfo']['productIdentifier'];
$prodAttr = $list['productBaseInfo']['productAttributes'];
$ItemId = $prodIdentifier['productId'];
$ItemTitle = $prodAttr['title'];
$ItemMRP = $prodAttr['maximumRetailPrice']['amount'];
$ItemSP = $prodAttr['sellingPrice']['amount'];
$ItemURL = $prodAttr['productUrl'];
$ItemBrand = $prodAttr['productBrand'];
$variable = $prodAttr['imageUrls'];
foreach ($variable as $key => $imageUrl) {
break;
}
$ItemImage = $imageUrl;
// echo '<br>'.$ItemId;
// echo '<br>'.$ItemTitle;
// echo '<br>'.$ItemMRP;
// echo '<br>'.$ItemSP;
// echo '<br>'.$ItemURL;
// echo '<br>'.$ItemBrand;
// echo '<br>'.$ItemImage;
echo '<hr>';
$columns = 'id, title, mrp, sp, url, brand, image';
$values = "'" . $ItemId . "'" . ',' . "'" . $ItemTitle . "'" . ',' . $ItemMRP . ',' . $ItemSP . ',' . "'" . $ItemURL . "'" . ',' . "'" . $ItemBrand . "'" . ',' . "'" . $ItemImage . "'";
// echo $values;
$sql = "INSERT INTO " . $tableName . "(" . $columns . ") VALUES (" . $values . ")";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
// row is already exists.
$sql = "UPDATE " . $tableName . " SET mrp=" . $ItemMRP . ", sp=" . $ItemSP . ", url=" . "'" . $ItemURL . "'" . " where id='" . $ItemId . "'";
if ($conn->query($sql) === TRUE) {
echo "row updated successfully";
} else {
echo "Error updating table" . $conn->error;
}
}
}
}
$conn->close();
}
function loeschen($benutzer, $passwort)
{
//$con = mysql_connect('localhost','root','');
//mysql_select_db('ebertspizzapalace', $con);
createConnection();
$sql = "SELECT Password FROM Customers WHERE Login = '******'";
$result = mysql_query($sql);
$passwortDB = mysql_result($result, 0, 0);
//mysql_close($con);
closeConnection();
if (crypt($passwort, $passwortDB) == $passwortDB) {
$con = mysql_connect('localhost', 'root', '');
mysql_select_db('ebertspizzapalace', $con);
$sql = "UPDATE Customers SET IsDeleted = '1' WHERE Login = '******'";
$result = mysql_query($sql);
mysql_close($con);
session_destroy();
echo '
<script type="text/javascript">
window.location.href=\'index.php\';
</script>
';
} else {
echo '
<div id="myModal2" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title">Account ' . $benutzer . ' löschen</h4>
</div>
<div class="modal-body">
<p>Löschen des Accounts: ' . $benutzer . ' nicht möglich.</p>
<p>Fehler: Falsches Passwort</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button>
</div>
</div>
</div>
</div>
<script>
$(\'#myModal2\').modal( \'show\');
</script>
';
}
}
function getMenuHeaderStrings()
{
$retArray = array();
createConnection();
//create statement
$statement = "SELECT ID,Name FROM Categories WHERE SuperCategoryID = 0 AND IsDeleted = 0";
//query db
$result = mysql_query($statement);
//if there are any results fill retArray
if ($result) {
//add all results to retArray
while ($row = mysql_fetch_array($result)) {
array_push($retArray, array($row["ID"], htmlentities($row["Name"])));
}
}
closeConnection();
return $retArray;
}
createConnection("localhost", "sswd", "EVF3mYZgGrh9Mnis7J2m", "sswd");
// prepare sql for search
$stmt = $GLOBALS['conn']->prepare("SELECT mem_id, mem_name, mem_role, mem_nickname, mem_short_description, mem_long_description, mem_short_skills, mem_long_skills FROM `sswd`.`members`");
$stmt->execute();
$stmt->bind_result($mem_id, $mem_name, $mem_role, $mem_nickname, $mem_short_description, $mem_long_description, $mem_short_skills, $mem_long_skills);
while ($stmt->fetch()) {
$json_array[$mem_id] = array('real_name' => $mem_name, 'role' => $mem_role, 'nickname' => $mem_nickname, 'short_description' => $mem_short_description, 'long_description' => $mem_long_description, 'short_skills' => $mem_short_skills, 'long_skills' => $mem_long_skills);
}
}
}
}
if (isset($_GET['memid'])) {
$memid = (int) $_GET['memid'];
if ($memid > 0) {
//Connect only after it's confirmed what they want and it's safe to proceed
createConnection("localhost", "sswd", "EVF3mYZgGrh9Mnis7J2m", "sswd");
// prepare sql for search
$stmt = $GLOBALS['conn']->prepare("SELECT mem_id, mem_name, mem_role, mem_nickname, mem_short_description, mem_long_description, mem_short_skills, mem_long_skills FROM `sswd`.`members` WHERE mem_id = ? LIMIT 1");
$stmt->bind_param("d", $memid);
$stmt->execute();
$stmt->bind_result($mem_id, $mem_name, $mem_role, $mem_nickname, $mem_short_description, $mem_long_description, $mem_short_skills, $mem_long_skills);
$stmt->fetch();
if ($mem_name != null) {
$json_array[$mem_id] = array('real_name' => $mem_name, 'role' => $mem_role, 'nickname' => $mem_nickname, 'short_description' => $mem_short_description, 'long_description' => $mem_long_description, 'short_skills' => $mem_short_skills, 'long_skills' => $mem_long_skills);
} else {
$json_array = array('error' => "The input memid parameter returned no members");
}
} else {
$json_array = array('error' => "Please enter a valid memid");
}
}
<?php
include 'connectdb.php';
# check: code and api_url preset as query parameters
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (!(empty($_GET["code"]) || empty($_GET["api_url"]))) {
$conn = createConnection();
$secrets = getSecrets($conn);
$access_token = getAccessToken($_GET['code'], $secrets['client_id'], $secrets['client_secret'], $_GET["access_token_url"]);
$sql = "SELECT * FROM shops where api_url = '{$_GET['api_url']}'";
$result = $conn->query($sql);
# if installing first time or updating existing token
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$sql = "UPDATE shops SET access_token='{$access_token}' WHERE id= {$row['id']}";
} else {
$sql = "INSERT INTO shops (code, api_url, return_url, access_token)\n VALUES ('{$_GET['code']}', '{$_GET['api_url']}', '{$_GET['return_url']}','{$access_token}')";
}
# insert token into database
if (!$conn->query($sql) === TRUE) {
echo "Error: " . $sql . "<br>" . $conn->error;
}
closeConnection($conn);
# redirect to the return_url
header("Location: {$_GET['return_url']}");
die;
}
}
function getAccessToken($code, $client_id, $client_secret, $url)
{
$curl_post_data = array('code' => $code, 'client_id' => $client_id, 'client_secret' => $client_secret);
$json = curl_post($url, $curl_post_data);
$stmt->bind_param("s", $_GET['user']);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($post_id, $post_user, $post_date, $post_news, $post_alert, $post_warning, $post_global, $post_hidden, $post_edited, $post_title, $post_text, $post_tags);
while ($stmt->fetch()) {
$Parsedown = new Parsedown();
$json_array['message']['post'][$post_id] = array('username' => $post_user, 'date' => $post_date, 'isnews' => $post_news, 'isalert' => $post_alert, 'iswarning' => $post_warning, 'isglobal' => $post_global, 'ishidden' => $post_hidden, 'isedited' => $post_edited, 'title' => $post_title, 'body' => nl2br(str_replace("\n", "", $Parsedown->text($post_text))), 'tags' => $post_tags);
}
} else {
$json_array['success'] = false;
$json_array['message'][] = "Username was provided in the incorrect format";
}
} else {
if ($sb == "pid") {
if ((int) $_GET['id'] > 0) {
createConnection("localhost", "blog", "oKU9DIeWLJIEDrIhTIJJ", "sswd");
$stmt = $GLOBALS['conn']->prepare("SELECT post_id, post_user, post_date, post_news, post_alert, post_warning, post_global, post_hidden, post_edited, post_title, post_text, post_tags FROM `sswd`.`blog` WHERE post_id = ? LIMIT 30");
$stmt->bind_param("i", $_GET['id']);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($post_id, $post_user, $post_date, $post_news, $post_alert, $post_warning, $post_global, $post_hidden, $post_edited, $post_title, $post_text, $post_tags);
$stmt->fetch();
if ($post_user != null) {
$Parsedown = new Parsedown();
$json_array['message']['post'][$post_id] = array('username' => $post_user, 'date' => $post_date, 'isnews' => $post_news, 'isalert' => $post_alert, 'iswarning' => $post_warning, 'isglobal' => $post_global, 'ishidden' => $post_hidden, 'isedited' => $post_edited, 'title' => $post_title, 'body' => nl2br(str_replace("\n", "", $Parsedown->text($post_text))), 'tags' => $post_tags);
} else {
$json_array['success'] = false;
$json_array['message'][] = "No user found with that id";
}
} else {
$json_array['success'] = false;
function aenderungenVerarbeiten($FirstName, $LastName, $Street, $Zip, $City, $inputAltesPasswort, $inputPasswortNeu, $inputPasswortNeuW, $benutzer)
{
$aenderungen = array();
if (!empty($FirstName)) {
array_push($aenderungen, "FirstName");
}
if (!empty($LastName)) {
array_push($aenderungen, "LastName");
}
if (!empty($Street)) {
array_push($aenderungen, "Street");
}
if (!empty($Zip)) {
array_push($aenderungen, "Zip");
}
if (!empty($City)) {
array_push($aenderungen, "City");
}
$result = compact("event", "nothing_here", $aenderungen);
foreach ($result as $key => $value) {
//$con = mysql_connect('localhost','root','');
//mysql_select_db('ebertspizzapalace', $con);
createConnection();
$sql = "UPDATE Customers SET {$key} = '{$value}' WHERE Login = '******'";
$result = mysql_query($sql, $con);
//mysql_close($con);
closeConnection();
}
if (!empty($inputAltesPasswort) and !empty($inputPasswortNeu) and !empty($inputPasswortNeuW)) {
//$con = mysql_connect('localhost','root','');
//mysql_select_db('ebertspizzapalace', $con);
createConnection();
$sql = "SELECT Password FROM Customers WHERE Login = '******'";
$result = mysql_query($sql, $con);
$passwortAenderung = mysql_result($result, 0, 0);
//mysql_close($con);
closeConnection();
echo $passwortAenderung;
echo crypt($inputAltesPasswort, $passwortAenderung);
if (crypt($inputAltesPasswort, $passwortAenderung) == $passwortAenderung) {
if ($inputPasswortNeu == $inputPasswortNeuW) {
$salt1 = '$2a$07$R.gJb2U2N.FmZ4hPp1y2CN$';
$passwortUpdate = crypt($inputPasswortNeu, $salt1);
//$con = mysql_connect('localhost','root','');
//mysql_select_db('ebertspizzapalace', $con);
createConnection();
$sql = "UPDATE Customers SET Password = '******' WHERE Login = '******'";
$result = mysql_query($sql, $con);
//mysql_close($con);
closeConnection();
session_destroy();
echo '
<script type="text/javascript">
window.location.href=\'index.php\';
</script>
';
} else {
echo '
<div id="fehlerNeuesPasswort" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title">Fehler neues Passwort</h4>
</div>
<div class="modal-body">
<p>Fehler: Beim neuen Passwort ist ein Fehler aufgetreten.</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button>
</div>
</div>
</div>
</div>
<script>
$(\'#fehlerNeuesPasswort\').modal( \'show\');
</script>
';
}
} else {
echo '
<div id="fehlerAltesPasswort" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title">Fehler altes Passwort</h4>
</div>
<div class="modal-body">
<p>Fehler: Altes Passwort nicht korrekt.</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button>
</div>
</div>
</div>
</div>
<script>
$(\'#fehlerAltesPasswort\').modal( \'show\');
</script>
';
}
}
}
function getTopMenues($limit)
{
$retArray = array();
createConnection();
$statement = "SELECT m.Name, SUM(mo.Amount) AS 'Count' FROM xMenueOrder mo INNER JOIN Orders o ON mo.OrderID = o.ID INNER JOIN Invoices i ON o.ID = i.OrderID INNER JOIN Menues m ON mo.MenueID = m.ID GROUP BY mo.MenueID ORDER BY COUNT(mo.MenueID) LIMIT " . $limit . ";";
$result = mysql_query($statement);
while ($row = mysql_fetch_array($result)) {
array_push($retArray, array($row["Name"], htmlentities($row["Count"])));
}
closeConnection();
return $retArray;
}
function query($sql, &$conn)
{
global $conn, $socket;
if (!isset($conn) || !mysql_ping($conn)) {
print "Warning - connection to mysql lost, recreating\n";
$conn = createConnection();
}
$result = @mysql_query($sql, $conn);
if (!$result) {
print "Query failure on socket {$socket}\n";
print "Query: {$sql}\n";
print "ERROR: " . mysql_error($conn) . "\n";
return false;
}
return $result;
}
function registrieren($inputVorname, $inputNachname, $inputStrasse, $inputPLZ, $inputOrt, $inputBenutzername, $inputPasswortRegi, $inputPasswortRegiW)
{
$passwortCheck = true;
$benutzerCheck = true;
if (!($inputPasswortRegi == $inputPasswortRegiW)) {
echo '
<div id="myModal3" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title">Registrieren</h4>
</div>
<div class="modal-body">
<p>Fehler: Die Passwörter stimmen nicht überein</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button>
</div>
</div>
</div>
</div>
<script>
$(\'#myModal3\').modal( \'show\');
</script>
';
$passwortCheck = false;
}
if (BenutzernameCheck($inputBenutzername) != 0) {
echo '
<div id="myModal4" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title">Registrieren</h4>
</div>
<div class="modal-body">
<p>Fehler: Der Benutzername ist bereits vorhanden, bitte wählen sie einen anderen</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button>
</div>
</div>
</div>
</div>
<script>
$(\'#myModal4\').modal( \'show\');
</script>
';
$benutzerCheck = false;
}
if ($passwortCheck and $benutzerCheck) {
$salt = '$2a$07$R.gJb2U2N.FmZ4hPp1y2CN$';
$passwort = crypt($inputPasswortRegi, $salt);
//$con = mysql_connect('localhost','root','');
//mysql_select_db('ebertspizzapalace', $con);
createConnection();
$sql = "INSERT INTO Customers (FirstName, Lastname, Street, Zip, City, Login, Password) VALUES ('{$inputVorname}', '{$inputNachname}', '{$inputStrasse}', '{$inputPLZ}', '{$inputOrt}', '{$inputBenutzername}', '{$passwort}')";
$result = mysql_query($sql);
//mysql_close($con);
closeConnection();
echo '
<div id="myModal5" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title">Registrieren</h4>
</div>
<div class="modal-body">
<p>Erfolgreich registriert!</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Schließen</button>
</div>
</div>
</div>
</div>
<script>
$(\'#myModal5\').modal( \'show\');
</script>
';
}
}
<?php
/*
Router, all requests sent to api directory forwarded here.
URLs of type api/data/args converted to array.
Determine method then data. Call functions in dbLib* to process commands
*/
include_once "setUp.php";
include_once "utils.php";
include_once "databaseFunctions.php";
if (!isset($db)) {
$db = createConnection();
}
$urlParameters = explodeQuery($_SERVER['QUERY_STRING']);
switch ($_SERVER['REQUEST_METHOD']) {
case "POST":
// Creation
/* echo "<strong><code>Post</code></strong>: <br>"; */
post($db, $urlParameters);
break;
case "GET":
//Retrieval
/* echo "<p><strong><code>Get</code></strong>:</p>"; */
get($db, $urlParameters);
break;
case "DELETE":
/* echo "<strong><code>Delete</code></strong>: <br>"; */
break;
default:
echo "<strong>Error: unexpected method. Can handle <code>POST</code>, <code>GET</code>, <code>DELETE</code></strong>";
http_response_code(405);
