function has_permission($user, $permission) { $mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database()); $stmt = $mysqli->prepare("SELECT permission.permission FROM `user`, `group`, `user_group`, `permission` WHERE user.id = ? AND user_group.group_id = group.id AND user_group.user_id = user.id AND permission.group_id = group.id AND permission.permission = ?"); $stmt->bind_param("is", $user->get_id(), $permission); $stmt->execute(); $res = $stmt->get_result(); if ($res->num_rows > 0) { return true; } else { return false; } }
public function draw_post($post_id) { $thread_id = $this->get_id(); $mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database()); $stmt = $mysqli->prepare("SELECT post.id AS post_id, post.user AS user_id, post.text AS post_text, user.name AS user_name, user.email AS user_email FROM post, user WHERE post.id = ? AND post.user = user.id ORDER BY timestamp DESC"); $stmt->bind_param("i", $post_id); $stmt->execute(); $res = $stmt->get_result(); while ($post = $res->fetch_array(MYSQL_ASSOC)) { $gravatar_url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($post['user_email']))) . "?s=64"; echo '<table class="post">'; echo '<tr>'; echo '<td class="post-userinfo"><img src="' . $gravatar_url . '"><br /><a href="/profile/?id=' . $post['user_id'] . '">' . $post['user_name'] . '</a></td>'; echo '<td class="post-content">' . $post['post_text'] . '</td>'; echo '</tr>'; if (isset($_SESSION['user'])) { echo '<tr>'; echo '<td class="post-buttons" colspan=2>'; echo '<a href="/forum/thread/reply/?thread_id=' . $this->get_id() . '&post_id=' . $post_id . '"><span class="fa fa-reply post-button"></span></a>'; echo '</td>'; echo '</tr>'; } echo '</table>'; $repliesstmt = $mysqli->prepare("SELECT id FROM post WHERE reply_to = ?"); $repliesstmt->bind_param("i", $post_id); $repliesstmt->execute(); $repliesres = $repliesstmt->get_result(); if ($repliesres->num_rows > 0) { echo '<div class="replies">'; while ($reply = $repliesres->fetch_array(MYSQL_ASSOC)) { $this->draw_post($reply['id']); } echo '</div>'; } $repliesstmt->close(); } $stmt->close(); }
/** Get PDO from the loaded database core module */ public static function getPDO($uid = null) { // Set uid to logged user if ($uid === null) { $uid = get_user_id(); } // Return cached pdo if same uid if (PDOBuilder::$pdo !== null && $uid === PDOBuilder::$pdoUid) { return PDOBuilder::$pdo; } $dsn = null; switch (get_db_type($uid)) { case 'mysql': $dsn = "mysql:dbname=" . get_db_name($uid) . ";host=" . get_db_host($uid) . ";port=" . get_db_port($uid); $options = array(\PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES \'UTF8\''); $attributes = array(\PDO::ATTR_CASE => \PDO::CASE_UPPER); break; case 'postgresql': $dsn = "pgsql:dbname=" . get_db_name($uid) . ";host=" . get_db_host($uid) . ";port=" . get_db_port($uid); $options = array(); $attributes = array(\PDO::ATTR_CASE => \PDO::CASE_UPPER); break; default: die("Config error"); } try { PDOBuilder::$pdo = new \PDO($dsn, get_db_user($uid), get_db_password($uid), $options); foreach ($attributes as $key => $value) { PDOBuilder::$pdo->setAttribute($key, $value); } PDOBuilder::$pdoUid = $uid; return PDOBuilder::$pdo; } catch (\PDOException $e) { die("Connexion error " . $e); } }
function create_user($name, $email, $password) { if (is_null(get_user_by_name($name))) { $user = new User(); $user->set_name($name)->set_email($email)->set_password($password); $mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database()); $stmt = $mysqli->prepare("INSERT INTO user(name, email, password_hash) VALUES (?, ?, ?)"); $stmt->bind_param("sss", $user->get_name(), $user->get_email(), $user->get_password_hash()); $stmt->execute(); $stmt->close(); } }
function create_post($thread, $user, $text, $reply_to = NULL) { $mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database()); if (is_null($reply_to)) { $stmt = $mysqli->prepare("INSERT INTO post(thread, user, text) VALUES (?, ?, ?)"); $stmt->bind_param("iis", $thread->get_id(), $user->get_id(), $text); $stmt->execute(); $stmt->close(); } else { $stmt = $mysqli->prepare("INSERT INTO post(thread, reply_to, user, text) VALUES (?, ?, ?, ?)"); $stmt->bind_param("iiis", $thread->get_id(), $reply_to->get_id(), $user->get_id(), $text); $stmt->execute(); $stmt->close(); } return $mysqli->insert_id; }
function print_profile_post($profile_post) { $profile_id = $profile_post->get_profile()->get_id(); $mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database()); $stmt = $mysqli->prepare("SELECT profile_post.id AS post_id, profile_post.user AS user_id, profile_post.text AS post_text, user.name AS user_name, user.email AS user_email FROM profile_post, user WHERE profile_post.id = ? AND profile_post.user = user.id ORDER BY timestamp"); $stmt->bind_param("i", $profile_post->get_id()); $stmt->execute(); $res = $stmt->get_result(); while ($post = $res->fetch_array(MYSQL_ASSOC)) { $gravatar_url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($post['user_email']))) . "?s=64"; echo '<table class="post">'; echo '<tr>'; echo '<td class="post-userinfo"><img src="' . $gravatar_url . '"><br />' . $post['user_name'] . '</td>'; echo '<td class="post-content">' . $post['post_text'] . '</td>'; echo '</tr>'; if (isset($_SESSION['user'])) { echo '<tr>'; echo '<td class="post-buttons" colspan=2>'; echo '<form action="/profile/processpost/?id=' . $profile_id . '" method="POST">'; echo '<textarea class="profile-reply" name="post"></textarea><br />'; echo '<input value="Reply" type="submit"><br />'; echo '<input type="hidden" name="reply_to" value="' . $post['post_id'] . '">'; echo '</form>'; echo '</td>'; echo '</tr>'; } echo '</table>'; $repliesstmt = $mysqli->prepare("SELECT id FROM profile_post WHERE reply_to = ?"); $repliesstmt->bind_param("i", $profile_post->get_id()); $repliesstmt->execute(); $repliesres = $repliesstmt->get_result(); if ($repliesres->num_rows > 0) { echo '<div class="replies">'; while ($reply = $repliesres->fetch_array(MYSQL_ASSOC)) { print_profile_post(get_profile_post_by_id($reply['id'])); } echo '</div>'; } $repliesstmt->close(); } $stmt->close(); }
function create_topic($title, $parent = NULL) { $mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database()); if (is_null($parent)) { $stmt = $mysqli->prepare("INSERT INTO topic(title) VALUES (?)"); $stmt->bind_param("s", $title); $stmt->execute(); $stmt->close(); } else { $stmt = $mysqli->prepare("INSERT INTO topic(title, parent) VALUES (?, ?)"); $stmt->bind_param("si", $title, $parent->get_id()); $stmt->execute(); $stmt->close(); } return $mysqli->insert_id; }
?> </head> <body> <div id="main"> <?php include '../../includes/logo.php'; if (isset($_SESSION['user'])) { include '../../includes/navigation.php'; } else { include '../../includes/navigation_beforelogin.php'; } $id = NULL; if (isset($_GET['id'])) { $id = $_GET['id']; } $mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database()); $stmt = NULL; if (is_null($id)) { $stmt = $mysqli->prepare("SELECT id, title FROM topic WHERE parent IS NULL"); } else { echo '<div class="path">' . "\n"; get_topic_by_id($id)->print_path(); echo '</div>'; $stmt = $mysqli->prepare("SELECT id, title FROM topic WHERE parent = ?"); $stmt->bind_param("i", $id); } $stmt->execute(); $res = $stmt->get_result(); echo '<h1>Topics</h1>'; if (isset($_SESSION['user'])) { if (!is_null($id)) {