function register_user()
{
// get passwordHash library for backwards compatability.
require 'password.php';
// get database connection object
require 'dbConnector.php';
$db = loadDatabase();
// Get check_user function
require 'check_user_db.php';
// get user submitted form
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$email = stripslashes($_POST['email']);
// Check if username exists using check_user()
if (check_user($db, $username)) {
$message = "Username '{$username}' already exists.";
} else {
// hash and salt password
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
// Prepared statement to insert a user
$stmt = $db->prepare("INSERT INTO user (username, email, password)\n VALUES (:username, :email, :passwordHash);");
$stmt->bindValue(':username', $username);
$stmt->bindValue(':passwordHash', $passwordHash);
$stmt->bindValue(':email', $email);
$stmt->execute();
$_SESSION['logged_user'] = $username;
$message = "{$username}, you are now registered.";
}
return $message;
}
function add_product($code, $name, $price, $description, $img)
{
$db = loadDatabase();
$img = '/media/products/' . $img;
$query = 'INSERT INTO products
(productCode, productName, listPrice, description, img)
VALUES
(:code, :name, :price, :description, :img)';
$statement = $db->prepare($query);
$statement->bindValue(':code', $code);
$statement->bindValue(':name', $name);
$statement->bindValue(':price', $price);
$statement->bindValue(':description', $description);
$statement->bindValue(':img', $img);
$statement->execute();
$statement->closeCursor();
}
function edit_user($current_username, $new_username, $new_email)
{
$db = loadDatabase();
$query = 'UPDATE user SET username = :new_username, email = :new_email
WHERE username = :username';
$statement = $db->prepare($query);
$statement->bindValue(':username', $current_username);
$statement->bindValue(':new_username', $new_username);
$statement->bindValue(':new_email', $new_email);
$statement->execute();
if ($statement->rowCount() > 0) {
$_SESSION['logged_user'] = $new_username;
$message = 'User was succesfully updated.';
} else {
$message = 'User could not be updated.';
}
return $message;
}
function login_user()
{
$db = loadDatabase();
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$stmt = $db->prepare('SELECT * FROM user WHERE username = :username');
$stmt->bindValue(':username', $username);
$stmt->execute();
$user = $stmt->fetch();
// Check if user is in database
if ($user['username'] and password_verify($password, $user['password'])) {
// echo $user['username'], $user['password'];
// User is in DB, log them in.
$_SESSION['logged_user'] = $user['username'];
$message = $user['username'] . ' You are now logged in!';
// Check admin status and set session to reflect.
if ($user['admin'] == true) {
$_SESSION['admin_user'] = true;
}
} else {
$message = "The Username or Password entered was not found in our database.";
}
return $message;
}
<?php
session_start();
// Calling with a POST?
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$result = "";
// Is everything set correctly?
if (isset($_POST["oPassword"]) && isset($_POST["nPassword"]) && isset($_POST["rnPassword"]) && isset($_POST["username"])) {
// Right person logged in?
if ($_POST["username"] === $_SESSION["user"]) {
require '../database/password.php';
require '../database/databaseConnect.php';
$db = loadDatabase();
$result = "DB LOADED";
$user = $db->query("SELECT * FROM users WHERE user_name = '" . $_SESSION["user"] . "' LIMIT 1");
if ($user === false || $user->rowCount() === 0) {
$result = "User doesn't not exist.";
} else {
$user->setFetchMode(PDO::FETCH_ASSOC);
$user = $user->fetch();
$result = "USER FETCHED";
// Password correct?
if (password_verify($_POST["oPassword"], $user["user_pass"])) {
// Password not the same?
if ($_POST["nPassword"] !== $_POST["rnPassword"]) {
$result = "Passwords don't match!";
} else {
if ($_POST["nPassword"] === $_POST["oPassword"]) {
$result = "Old and new passwords cannot be the same.";
} else {
// Update password!
<?php
require 'dbConnector.php';
try {
echo "testing1";
$db = loadDatabase("notes");
echo "testing 2";
echo "testing 3";
} catch (PDOException $ex) {
echo 'Errors!: ' . $ex->getMessage();
die;
}
foreach ($db->query('select username, password from user') as $row) {
echo 'user: '******'username'];
echo ' password: '******'password'];
echo '<br />';
}
/*
$stmt = $db->prepare('select * from table where id=:id and name=:name');
$stmt->bindValue(':id', $id, PDO::PARAM_INT);
$stmt->bindValue(':name', $name, PDO::PARAM_STR);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
*/
require_once $sourcedir . '/Errors.php';
require_once $sourcedir . '/Load.php';
require_once $sourcedir . '/Security.php';
require_once $sourcedir . '/Subs-Portal.php';
// Using an pre-PHP 5.1 version?
if (@version_compare(PHP_VERSION, '5.1') == -1) {
require_once $sourcedir . '/Subs-Compat.php';
}
// If $maintenance is set specifically to 2, then we're upgrading or something.
if (!empty($maintenance) && $maintenance == 2) {
db_fatal_error();
}
// Create a variable to store some SMF specific functions in.
$smcFunc = array();
// Initate the database connection and define some database functions to use.
loadDatabase();
// Load the settings from the settings table, and perform operations like optimizing.
reloadSettings();
// Clean the request variables, add slashes, etc.
cleanRequest();
$context = array();
// Seed the random generator.
if (empty($modSettings['rand_seed']) || mt_rand(1, 250) == 69) {
smf_seed_generator();
}
// Before we get carried away, are we doing a scheduled task? If so save CPU cycles by jumping out!
if (isset($_GET['scheduled'])) {
require_once $sourcedir . '/ScheduledTasks.php';
AutoTask();
}
// Check if compressed output is enabled, supported, and not already being done.
<?php
session_start();
require '../dbConnector.php';
try {
$db = loadDatabase("fhe_ideas");
} catch (PDOException $theError) {
echo 'Error: ' . $theError->getMessage();
die;
}
?>
<html>
<head>
<title> Delete Idea </title>
<script>
// Return to the display page by pushing the cancel button
function cancel() {
window.location="FHE_Ideas.php";
}
</script>
</head>
<body style="background-image:url(Images/IdahoFalls2.png); background-attachment:fixed; background-size: 100% 100% ;background-repeat:no-repeat" >
<h1 style="text-align:center"> Remove an Idea </h1>
<form action="remove_from_database.php" method="POST">
<div style = "margin: 40px; padding:20px; background-color:rgba(250,250,250,0.8); border-radius:25px">
<?php
function loadDatabase($db_file)
{
$row = 1;
$d = array();
if (($handle = fopen($db_file, "r")) !== FALSE) {
while (($data = fgetcsv($handle, 100000, ",")) !== FALSE) {
$num = count($data);
$row++;
$vals = array();
for ($c = 0; $c < $num; $c++) {
$vals[$c] = $data[$c];
}
$d[$row] = $vals;
}
fclose($handle);
}
return $d;
}
$d = loadDatabase("dbfile.txt");
$str = "";
foreach ($d as $line) {
if (strlen($str) > 0) {
$str = $str . ",";
}
$str = $str . "{ \"lat\": \"" . $line[0] . "\", \"lng\": \"" . $line[1] . "\", \"zoom\": \"" . $line[2] . "\", \"keyview\": \"" . $line[3] . "\" }";
}
echo "[" . $str . "]";
return;
// add address
$sql = "INSERT INTO address (street, city, state, zip)" . "VALUES(" . '\'' . $_POST['street_address'] . "', '" . $_POST['city'] . "', '" . $_POST['state'] . "', " . $_POST['zip'] . ")";
$_SESSION['insert'] = $sql;
$db = insertDatabase();
$address_id = $db->lastInsertId();
//CREATE user with last created address
$sql = "INSERT INTO user (user_name, email, address_id, phone_number, display_name, password, access_id)" . "VALUES ('{$user_name}', '{$email}', {$address_id}, {$phone_number}, '{$display_name}', '{$password}', 4)";
$_SESSION['insert'] = $sql;
$db = insertDatabase();
//create client connected to last user
$client_user_id = $db->lastInsertId();
$sql = "INSERT INTO client (user_id)" . "VALUES({$client_user_id})";
$_SESSION['insert'] = $sql;
$db = insertDatabase();
require 'db_connection/openshift_db_connection.php';
$employee = loadDatabase();
$statement = $employee->query("SELECT j.id AS job_id, e.id AS employee_id, c.id AS client_id FROM job AS j, employee AS e, client AS c, employeejob AS ej WHERE ej.employee_id=e.id AND ej.job_id=j.id");
$employee = $statement->fetchAll(PDO::FETCH_ASSOC);
for ($i = 0; $i < count($employee); $i++) {
if ($employee[$i]['employee_id']) {
$employee_id = $employee[$i]['employee_id'];
}
if ($employee[$i]['job_id']) {
$job_id = $employee[$i]['job_id'];
}
if ($employee[$i]['client_id']) {
$client_id = $employee[$i]['client_id'];
}
}
echo "employee_id: {$employee_id} <br/>" . "job_id: {$job_id} <br/>" . "client_id: {$client_id} <br/>";
// create job
function loadSettings()
{
global $convert_data, $from_prefix, $to_prefix, $convert_dbs, $command_line, $smcFunc;
global $db_persist, $db_connection, $db_server, $db_user, $db_passwd, $modSettings;
global $db_type, $db_name, $ssi_db_user, $ssi_db_passwd, $sourcedir, $db_prefix;
foreach ($convert_data['defines'] as $define) {
$define = explode('=', $define);
define($define[0], isset($define[1]) ? $define[1] : '1');
}
foreach ($convert_data['globals'] as $global) {
global ${$global};
}
define('PATH_CACHE', 'PATH_CACHE');
if (!empty($convert_data['eval'])) {
eval($convert_data['eval']);
}
// Cannot find Settings.php?
if (!$command_line && !file_exists($_POST['path_to'] . '/Settings.php')) {
template_convert_above();
return doStep0('This converter was unable to find SMF in the path you specified.<br /><br />Please double check the path, and that it is already installed there.');
} elseif ($command_line && !file_exists($_POST['path_to'] . '/Settings.php')) {
return print_error('This converter was unable to find SMF in the path you specified.<br /><br />Please double check the path, and that it is already installed there.', true);
}
$found = empty($convert_data['settings']);
foreach ($convert_data['settings'] as $file) {
$found |= file_exists($_POST['path_from'] . $file);
}
/*
Check if open_basedir is enabled. If it's enabled and the converter file was not found then that means
that the user hasn't moved the files to the public html dir. With this enabled and the file not found, we can't go anywhere from here.
*/
if (!$command_line && @ini_get('open_basedir') != '' && !$found) {
template_convert_above();
return doStep0('The converter detected that your host has open_basedir enabled on this server. Please ask your host to disable this setting or try moving the contents of your ' . $convert_data['name'] . ' to the public html folder of your site.');
} elseif ($command_line && @ini_get('open_basedir') != '' && !$found) {
return print_error('The converter detected that your host has open_basedir enabled on this server. Please ask your host to disable this setting or try moving the contents of your ' . $convert_data['name'] . ' to the public html folder of your site.', true);
}
if (!$command_line && !$found) {
template_convert_above();
return doStep0('Unable to find the settings for ' . $convert_data['name'] . '. Please double check the path and try again.');
} elseif (!$command_line && !$found) {
return print_error('Unable to find the settings for ' . $convert_data['name'] . '. Please double check the path and try again.', true);
}
// Any parameters to speak of?
if (!empty($convert_data['parameters']) && !empty($_SESSION['convert_parameters'])) {
foreach ($convert_data['parameters'] as $param) {
if (isset($_POST[$param['id']])) {
$_SESSION['convert_parameters'][$param['id']] = $_POST[$param['id']];
}
}
// Should already be global'd.
foreach ($_SESSION['convert_parameters'] as $k => $v) {
${$k} = $v;
}
} elseif (!empty($convert_data['parameters'])) {
$_SESSION['convert_parameters'] = array();
foreach ($convert_data['parameters'] as $param) {
if (isset($_POST[$param['id']])) {
$_SESSION['convert_parameters'][$param['id']] = $_POST[$param['id']];
} else {
$_SESSION['convert_parameters'][$param['id']] = null;
}
}
foreach ($_SESSION['convert_parameters'] as $k => $v) {
${$k} = $v;
}
}
// Everything should be alright now... no cross server includes, we hope...
require $_POST['path_to'] . '/Settings.php';
require $sourcedir . '/QueryString.php';
require $sourcedir . '/Subs.php';
require $sourcedir . '/Errors.php';
require $sourcedir . '/Load.php';
require $sourcedir . '/Security.php';
// PHP4 users compatibility
if (@version_compare(PHP_VERSION, '5') == -1) {
require_once $sourcedir . '/Subs-Compat.php';
}
$GLOBALS['boardurl'] = $boardurl;
$modSettings['disableQueryCheck'] = true;
// !!! Do we really need this?
if (!$command_line && $_SESSION['convert_db_pass'] != $db_passwd) {
template_convert_above();
return doStep0('The database password you entered was incorrect. Please make sure you are using the right password (for the SMF user!) and try it again. If in doubt, use the password from Settings.php in the SMF installation.');
} elseif ($command_line && $_SESSION['convert_db_pass'] != $db_passwd) {
return print_error('The database password you entered was incorrect. Please make sure you are using the right password (for the SMF user!) and try it again. If in doubt, use the password from Settings.php in the SMF installation.', true);
}
// Check the steps that we have decided to go through.
if (!$command_line && isset($_POST['do_steps']) && empty($_POST['do_steps'])) {
template_convert_above();
return doStep0('You must select at least one step to convert.');
} elseif (!$command_line && isset($_POST['do_steps'])) {
unset($_SESSION['do_steps']);
foreach ($_POST['do_steps'] as $next_step_line => $step) {
//$explode = explode(',', $step);
//$_SESSION['do_steps'][$key] = array(
// 'cur_step_line' => $explode[0],
// 'prev_step_line' => $explode[1],
// 'next_prev_line' => $explode[2],
//);
$_SESSION['do_steps'][$next_step_line] = $step;
}
}
if (isset($_SESSION['convert_parameters']['database_type']) && !isset($convert_data['database_type'])) {
$convert_data['database_type'] = $_SESSION['convert_parameters']['database_type'];
}
if (isset($convert_data['database_type']) && (function_exists($convert_data['database_type'] . '_query') || function_exists($convert_data['database_type'] . '_exec') || $convert_data['database_type'] == 'ado' && class_exists('com'))) {
$convert_dbs = $convert_data['database_type'];
if (isset($convert_data['connect_string'])) {
$connect_string = eval('return "' . $convert_data['connect_string'] . '";');
} elseif (isset($_SESSION['convert_parameters']['connect_string'])) {
$connect_string = $_SESSION['convert_parameters']['connect_string'];
}
if ($convert_dbs == 'odbc') {
$GLOBALS['odbc_connection'] = odbc_connect($connect_string, '', '');
} elseif ($convert_dbs == 'ado') {
$GLOBALS['ado_connection'] = new COM('ADODB.Connection');
$GLOBALS['ado_connection']->Open($connect_string);
register_shutdown_function(create_function('', '$GLOBALS[\'ado_connection\']->Close();'));
}
} elseif (!$command_line && isset($convert_data['database_type'])) {
template_convert_above();
return doStep0('PHP doesn\'t support the database type this converter was written for, \'' . $convert_data['database_type'] . '\'.');
} elseif ($command_line && isset($convert_data['database_type'])) {
return print_error('PHP doesn\'t support the database type this converter was written for, \'' . $convert_data['database_type'] . '\'.', true);
} else {
$convert_dbs = 'smf_db';
}
// Create a connection to the SMF database.
loadDatabase();
db_extend('packages');
// Currently SQLite and PostgreSQL do not have support for cross database work.
if ($command_line && in_array($smcFunc['db_title'], array('SQLite', 'PostgreSQL'))) {
return print_error('The converter detected that you are using ' . $smcFunc['db_title'] . '. The SMF Converter does not currently support this database type.', true);
} elseif (in_array($smcFunc['db_title'], array('SQLite', 'PostgreSQL'))) {
template_convert_above();
return doStep0('The converter detected that you are using ' . $smcFunc['db_title'] . '. The SMF Converter does not currently support this database type.');
}
// Does this converter support the current database type being used?
if ($command_line && !in_array(strtolower($smcFunc['db_title']), $convert_data['database_support'])) {
return print_error('The converter detected that you are using ' . $smcFunc['db_title'] . '. This converter only supports ' . explode(', ', $convert_data['database_support']) . '.', true);
} elseif (!in_array(strtolower($smcFunc['db_title']), $convert_data['database_support'])) {
template_convert_above();
return print_error('The converter detected that you are using ' . $smcFunc['db_title'] . '. This converter only supports ' . explode(', ', $convert_data['database_support']) . '.', true);
}
// UTF8
$charset = findSupportedCharsets();
$charset = array_flip($charset);
$charset = isset($_POST['charsets']) && isset($charset[$_POST['charsets']]) ? $_POST['charsets'] : '';
$charset = !empty($charset) ? $charset : (isset($db_character_set) && preg_match('~^\\w+$~', $db_character_set) === 1 ? $db_character_set : '');
if (!empty($charset)) {
$smcFunc['db_query']('', "SET NAMES {$charset}", 'security_override');
}
if (strpos($db_prefix, '.') === false) {
$to_prefix = is_numeric(substr($db_prefix, 0, 1)) ? $db_name . '.' . $db_prefix : '`' . $db_name . '`.' . $db_prefix;
} else {
$to_prefix = $db_prefix;
}
// Keep in mind our important variables, we don't want them swept away by the code we're running
$smf_db_prefix = $db_prefix;
$smf_db_type = $db_type;
foreach ($convert_data['variable'] as $eval_me) {
eval($eval_me);
}
foreach ($convert_data['settings'] as $file) {
if (file_exists($_POST['path_from'] . $file) && empty($convert_data['flatfile'])) {
require_once $_POST['path_from'] . $file;
}
}
if (isset($convert_data['from_prefix'])) {
$from_prefix = eval('return "' . fixDbPrefix($convert_data['from_prefix'], $smcFunc['db_title']) . '";');
}
if (preg_match('~^`[^`]+`.\\d~', $from_prefix) != 0) {
$from_prefix = strtr($from_prefix, array('`' => ''));
}
// recall our variables in case the software we're converting from defines one itself...
$db_prefix = $smf_db_prefix;
$db_type = $smf_db_type;
if ($_REQUEST['start'] == 0 && empty($_GET['substep']) && empty($_GET['cstep']) && ($_GET['step'] == 1 || $_GET['step'] == 2) && isset($convert_data['table_test'])) {
$result = convert_query("\n\t\t\tSELECT COUNT(*)\n\t\t\tFROM " . eval('return "' . $convert_data['table_test'] . '";'), true);
if (!$command_line && $result === false) {
template_convert_above();
doStep0('Sorry, the database connection information used in the specified installation of SMF cannot access the installation of ' . $convert_data['name'] . '. This may either mean that the installation doesn\'t exist, or that the Database account used does not have permissions to access it.<br /><br />The error that was received from the Database was: ' . $smcFunc['db_error']());
} elseif ($command_line && $result === false) {
print_error("Sorry, the database connection information used in the specified installation of SMF cannot access the installation of " . $convert_data['name'] . ". This may either mean that the installation doesn\\'t exist, or that the Database account used does not have permissions to access it.\n\nThe error that was received from the Database: " . $smcFunc['db_error'](), true);
}
convert_free_result($result);
}
// Attempt to allow big selects, only for mysql so far though.
if ($smcFunc['db_title'] == 'MySQL') {
$results = $smcFunc['db_query']('', "SELECT @@SQL_BIG_SELECTS, @@SQL_MAX_JOIN_SIZE", 'security_override');
list($big_selects, $sql_max_join) = $smcFunc['db_fetch_row']($results);
// Only waste a query if its worth it.
if (empty($big_selects) || $big_selects != 1 && $big_selects != '1') {
$smcFunc['db_query']('', "SET @@SQL_BIG_SELECTS = 1", 'security_override');
}
// Lets set MAX_JOIN_SIZE to something we should
if (empty($sql_max_join) || $sql_max_join == '18446744073709551615' && $sql_max_join == '18446744073709551615') {
$smcFunc['db_query']('', "SET @@SQL_MAX_JOIN_SIZE = 18446744073709551615", 'security_override');
}
}
// Since we use now the attachment functions in Subs.php, we'll need this:
$result = convert_query("\n\t\t\tSELECT value\n\t\t\tFROM {$to_prefix}settings\n\t\t\tWHERE variable = 'attachmentUploadDir'\n\t\t\tLIMIT 1");
list($attachmentUploadDir) = $smcFunc['db_fetch_row']($result);
$modSettings['attachmentUploadDir'] = $attachmentUploadDir;
$smcFunc['db_free_result']($result);
}
