function validateToken($token, $id)
{
$query = "select user_id from tokens where token = '" . dbEsc($token) . "' AND computer_id = " . dbEsc($id) . ";";
$result = mysql_query($query);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
return $row['user_id'];
}
function logPing($token, $id, $version)
{
$query = "UPDATE tokens SET last_seen = NOW() WHERE token = '" . dbEsc($token) . "' AND computer_id = " . dbEsc($id);
$result = mysql_query($query);
if ($result) {
echo $version;
} else {
echo $version;
}
}
function dbQuery($querySPrintF, $args = NULL)
{
$db = new Database();
$arg_list = func_get_args();
unset($arg_list[0]);
foreach ($arg_list as &$item) {
if (is_string($item)) {
$item = dbEsc($item);
}
}
$res = $db->link->query(vsprintf($querySPrintF, $arg_list));
if (!$res) {
echo $db->link->error;
}
return $res;
}
<?php
$version = 1;
require_once 'connection.php';
$token = $_POST['token'];
$id = $_POST['id'];
$tank_name = $_POST['tank_name'];
$fluid_type = $_POST['fluid_type'];
$percent = $_POST['percent'];
$fluid_type = htmlspecialchars($fluid_type);
$tank_name = htmlspecialchars($tank_name);
$percent = htmlspecialchars($percent);
$query = "UPDATE tokens SET last_seen = NOW() WHERE token = '" . dbEsc($token) . "' AND computer_id = " . dbEsc($id);
$result = mysql_query($query);
if ($result) {
$query2 = "UPDATE tanks SET tank_name = '" . dbEsc($tank_name) . "', fluid_type = '" . dbEsc($fluid_type) . "', percent = '" . dbEsc($percent) . "' WHERE token = '" . dbEsc($token) . "'";
$result2 = mysql_query($query2);
echo $version;
} else {
echo 'error: token update query failed.';
}
function dbEsc($theString)
{
$theString = mysql_real_escape_string($theString);
return $theString;
}
function getComments($dbconn, $xmlDoc, $post_id)
{
$parentNode = $xmlDoc->createElement('comments');
$query = "select * from comments where post_id = " . dbEsc($post_id) . " order by date DESC";
$result = mysql_query($query);
if (!$result) {
$statusNode = $xmlDoc->createElement('getComments_status', $query);
dbError($xmlDoc, $parentNode, mysql_error());
} else {
$statusNode = $xmlDoc->createElement('query_status', 'success');
}
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$query2 = "SELECT username FROM users WHERE user_id = " . $row['user_id'];
$result2 = mysql_query($query2);
$row2 = mysql_fetch_array($result2, MYSQL_ASSOC);
$theChildNode = $xmlDoc->createElement('comment');
$theChildNode->setAttribute('username', $row2['username']);
$theChildNode->setAttribute('comment', $row['comment']);
$theChildNode->setAttribute('date', $row['date']);
$parentNode->appendChild($theChildNode);
}
$parentNode->appendChild($statusNode);
return $parentNode;
}
$emptyMsgEN = true;
}
if (empty($_POST['msg_gr'])) {
$emptyMsgGR = true;
}
if (empty($_POST['link'])) {
$emptyLink = true;
}
if (!$emptyDate && !preg_match("/^(19|20)[0-9]{2}[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])\$/i", $_POST['date'])) {
$dateError = true;
}
$errors = $emptyDate || $empdtyMsgEN || $emptyMsgGR || $emptyLink || $dateError;
if (!$errors) {
$mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES));
$connection = dbConnect();
$query = sprintf("UPDATE events SET web_admins_username='******', date='%s', msg_en='%s', msg_gr='%s', link='%s' WHERE id=%s", $_SESSION['username'], $_POST['date'], dbEsc($_POST['msg_en']), dbEsc($_POST['msg_gr']), dbEsc($_POST['link']), $mid);
dbUpdate($query, $connection);
dbLog('edit event ' . $mid, $connection);
header('Location: manageevents.php');
}
} else {
if (isset($_GET['action']) && $_GET['action'] === 'delete') {
$mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES));
$connection = dbConnect();
$query = sprintf("UPDATE events SET deleted=true WHERE id=%s", $mid);
dbUpdate($query, $connection);
dbLog('delete event ' . $mid, $connection);
header('Location: manageevents.php');
} else {
if (isset($_GET['action']) && $_GET['action'] === 'update') {
$connection = dbConnect();
function createEnergyEntry($dbConn, $token, $id)
{
$query = "INSERT INTO energy_storage (token, computer_id) VALUES ('" . dbEsc($token) . "', " . dbEsc($id) . ")";
$result = mysql_query($query);
}
function removeEvent($dbconn, $xmlDoc, $event_id)
{
$recordDataNode = $xmlDoc->createElement('recorddata');
$query2 = "DELETE FROM redstone_events WHERE event_id = '" . dbEsc($event_id) . "'";
$result2 = mysql_query($query2);
if (!$result2) {
$statusNode = $xmlDoc->createElement('status', $query);
dbError($xmlDoc, $recordDataNode, mysql_error());
} else {
$statusNode = $xmlDoc->createElement('status', 'success');
}
$recordDataNode->appendChild($statusNode);
return $recordDataNode;
}
header('Location: admincp.php');
}
$emptyName = false;
$emptyPass = false;
$valid_err = false;
// LOGIN
if (isset($_POST['loginForm'])) {
if (empty($_POST['username'])) {
$emptyName = true;
}
if (empty($_POST['pass'])) {
$emptyPass = true;
}
if (!$emptyName && !$emptyPass) {
$connection = dbConnect();
$query = sprintf("SELECT * FROM web_admins WHERE username='******'", dbEsc($_POST['username']));
$res = dbQuery($query, $connection);
if (crypt($_POST['pass'], $res[0]['pass']) == $res[0]['pass']) {
$_SESSION['loggedIn'] = true;
$_SESSION['username'] = $res[0]['username'];
$_SESSION['postLang'] = 'gr';
$_SESSION['feedLang'] = 'gr';
dbLog('login', $connection);
header('Location: admincp.php');
} else {
dbLog('failed login', $connection);
$valid_err = true;
}
}
}
$title = 'Foss UoA - Κοινότητα Ανοιχτού Λογισμικού Καποδιστριακού Πανεπιστημίου Αθηνών - Admin Login';
} else {
if (isset($_POST['editFeedForm'])) {
if (empty($_POST['title'])) {
$emptyTitle = true;
}
if (empty($_POST['link'])) {
$emptyLink = true;
}
if (empty($_POST['desc'])) {
$emptyDesc = true;
}
$errors = $emptyTitle || $emptyLink || $emptyDesc;
if (!$errors) {
$mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES));
$connection = dbConnect();
$query = sprintf("UPDATE feeds SET web_admins_username='******', title='%s', link='%s', description='%s', date='%s', type='%s', lang='%s' WHERE id=%s", $_SESSION['username'], dbEsc($_POST['title']), dbEsc($_POST['link']), dbEsc($_POST['desc']), date("Y-m-d"), $_POST['feedType'], $_SESSION['feedLang'], $mid);
dbUpdate($query, $connection);
dbLog('edit feed entry ' . $mid, $connection);
header('Location: managefeeds.php');
}
} else {
if (isset($_GET['action']) && $_GET['action'] === "delete") {
$mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES));
$connection = dbConnect();
$query = sprintf("UPDATE feeds SET deleted=true WHERE id=%s", $mid);
dbUpdate($query, $connection);
dbLog('delete feed entry ' . $mid, $connection);
header('Location: managefeeds.php');
} else {
if (isset($_GET['action']) && $_GET['action'] === "update" && isset($_GET['type'])) {
$type = $_GET['type'] == 'generalRSS' ? 'General RSS' : 'Meetings RSS';
<?php
$version = 1;
require_once 'connection.php';
$token = $_POST['token'];
$id = $_POST['id'];
$bat_name = $_POST['bat_name'];
$energy_type = $_POST['energy_type'];
$percent = $_POST['percent'];
$energy_type = htmlspecialchars($energy_type);
$bat_name = htmlspecialchars($bat_name);
$percent = htmlspecialchars($percent);
$query = "UPDATE tokens SET last_seen = NOW() WHERE token = '" . dbEsc($token) . "' AND computer_id = " . dbEsc($id);
$result = mysql_query($query);
if ($result) {
$query2 = "UPDATE energy_storage SET bat_name = '" . dbEsc($bat_name) . "', energy_type = '" . dbEsc($energy_type) . "', percent = '" . dbEsc($percent) . "' WHERE token = '" . dbEsc($token) . "'";
$result2 = mysql_query($query2);
echo $version;
} else {
echo 'error: token update query failed.';
}
function dbEsc($theString)
{
$theString = mysql_real_escape_string($theString);
return $theString;
}
function checkEvents($token)
{
$query = "SELECT * from redstone_events WHERE redstone_token = '" . dbEsc($token) . "'";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$query2 = "SELECT * FROM tanks WHERE token = '" . $row['storage_token'] . "'";
$result2 = mysql_query($query2);
$row2 = mysql_fetch_array($result2, MYSQL_ASSOC);
$side = '';
if ($row['side'] == 'top_side') {
$side = 'top';
}
if ($row['side'] == 'bottom_side') {
$side = 'bottom';
}
if ($row['side'] == 'front_side') {
$side = 'front';
}
if ($row['side'] == 'back_side') {
$side = 'back';
}
if ($row['event_type'] == '1') {
if (intval($row2['percent']) > intval($row['trigger_value'])) {
$query3 = "UPDATE redstone_controls SET " . $side . " = " . $row['output'];
$result3 = mysql_query($query3);
}
}
if ($row['event_type'] == '2') {
if (intval($row2['percent']) < intval($row['trigger_value'])) {
$query3 = "UPDATE redstone_controls SET " . $side . " = " . $row['output'];
$result3 = mysql_query($query3);
}
}
$query2 = "SELECT * FROM energy_storage WHERE token = '" . $row['storage_token'] . "'";
$result2 = mysql_query($query2);
$row2 = mysql_fetch_array($result2, MYSQL_ASSOC);
$side = '';
if ($row['side'] == 'top_side') {
$side = 'top';
}
if ($row['side'] == 'bottom_side') {
$side = 'bottom';
}
if ($row['side'] == 'front_side') {
$side = 'front';
}
if ($row['side'] == 'back_side') {
$side = 'back';
}
if ($row['event_type'] == '1') {
if (intval($row2['percent']) > intval($row['trigger_value'])) {
$query3 = "UPDATE redstone_controls SET " . $side . " = " . $row['output'];
$result3 = mysql_query($query3);
}
}
if ($row['event_type'] == '2') {
if (intval($row2['percent']) < intval($row['trigger_value'])) {
$query3 = "UPDATE redstone_controls SET " . $side . " = " . $row['output'];
$result3 = mysql_query($query3);
}
}
}
}
dbLog('new post', $connection);
header('Location: manageposts.php');
}
} else {
if (isset($_POST['editPostForm'])) {
if (empty($_POST['title'])) {
$emptyTitle = true;
}
if (empty($_POST['body'])) {
$emptyBody = true;
}
$errors = $emptyTitle || $emptyBody;
if (!$errors && !isset($_POST['preview'])) {
$mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES));
$connection = dbConnect();
$query = sprintf("UPDATE posts SET web_admins_username='******', title='%s', edit_date='%s', body='%s', lang='%s' WHERE id=%s", $_SESSION['username'], dbEsc($_POST['title']), date("Y-m-d"), dbEsc($_POST['body']), $_SESSION['postLang'], $mid);
dbUpdate($query, $connection);
dbLog('edit post ' . $mid, $connection);
header('Location: manageposts.php');
}
} else {
if (isset($_GET['action']) && $_GET['action'] === "delete") {
$mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES));
$connection = dbConnect();
$query = sprintf("UPDATE posts SET deleted=true WHERE id=%s", $mid);
dbUpdate($query, $connection);
dbLog('delete post ' . $mid, $connection);
header('Location: manageposts.php');
}
}
}
