function createExtFile($type)
{
$pathOfExt = "C:/data/ext/";
$pathOfDatabase = "C:/data/database/";
$t = time();
$temp_id = array();
$con = mysqli_connect("localhost", "root", "1212312121", "proj4d");
mysqli_set_charset($con, "utf8");
$query = "SELECT id FROM " . $type . "_detail WHERE isValid = 1";
$statement = mysqli_prepare($con, $query);
$success = mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $id);
$path = $pathOfExt . $type . $t . ".ext";
$myfile = fopen($path, "w") or die("Unable to open file!");
while (mysqli_stmt_fetch($statement)) {
array_push($temp_id, $id);
}
$i = 0;
for ($i; $i < sizeof($temp_id) - 1; $i++) {
$id = $temp_id[$i];
$txt = $pathOfDatabase . $type . "/" . $id . "/1.png;" . $id . PHP_EOL;
fwrite($myfile, $txt);
$txt = $pathOfDatabase . $type . "/" . $id . "/2.png;" . $id . PHP_EOL;
fwrite($myfile, $txt);
}
$id = $temp_id[$i];
$txt = $pathOfDatabase . $type . "/" . $id . "/1.png;" . $id . PHP_EOL;
fwrite($myfile, $txt);
$txt = $pathOfDatabase . $type . "/" . $id . "/2.png;" . $id;
fwrite($myfile, $txt);
fclose($myfile);
return $type . $t . ".ext";
}
function registrator($link)
{
//Функция регистрации пользователя (Взято из интернета "редактированно")
if (!empty($_POST["submit"])) {
if (!preg_match("/^[a-zA-Z0-9]+\$/", $_POST['login'])) {
$err[] = "Логин может состоять только из букв английского алфавита и цифр<br>";
}
if (strlen($_POST['login']) < 3 or strlen($_POST['login']) > 30) {
$err[] = "Логин должен быть не меньше 3-х символов и не больше 30<br>";
}
$query = "SELECT COUNT(user_id) FROM users WHERE user_login='******'login']) . "'";
if ($stmt = mysqli_prepare($link, $query)) {
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $user_id);
mysqli_stmt_store_result($stmt);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
}
if (!$user_id == 0) {
$err[] = "Пользователь с таким логином уже существует в базе данных<br>";
}
if (count($err) == 0) {
$login = $_POST['login'];
$password = md5(md5(trim($_POST['password'])));
mysqli_query($link, "INSERT INTO users SET user_login='******', user_password='******'");
header("Location: login.php");
exit;
} else {
print "<b>При регистрации произошли следующие ошибки:</b><br>";
foreach ($err as $error) {
print $error . "<br>";
}
}
}
}
function update_vote($image_id)
{
//get number of votes and update
global $link;
$data = array();
$stmt = mysqli_prepare($link, "SELECT `amount` FROM `votes_amount` WHERE `imageID`=?;");
mysqli_stmt_bind_param($stmt, 'i', $image_id);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $num);
while (mysqli_stmt_fetch($stmt)) {
$amount['amount'] = $num;
}
mysqli_stmt_close($stmt);
$new_amount = $amount['amount'] + 1;
$stmt = mysqli_prepare($link, "UPDATE `votes_amount` SET `amount`=" . $new_amount . " WHERE `imageID`=?;") or die(mysqli_error($link));
mysqli_stmt_bind_param($stmt, 'i', $image_id);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
//return ajax data
if (isset($_SESSION['id']) && !isset($_POST['action']) && !isset($_POST['votePic'])) {
$data = array('new_amount' => $new_amount, 'imageID' => $image_id);
} elseif (isset($_POST['action']) && $_POST['action'] == 'anonymous_voting') {
//get another two images
$result = mysqli_query($link, "SELECT * FROM `image` ORDER BY RAND() LIMIT 2;") or die(mysqli_error($link));
//$data = array();
while ($row = mysqli_fetch_assoc($result)) {
$data[] = $row;
}
}
mysqli_close($link);
return $data;
}
function isInQueue()
{
// Reference Global Variables
global $globalHostName;
global $globalUserName;
global $globalPassword;
global $globalDatabase;
// MySQL Connection
$connection = mysqli_connect($globalHostName, $globalUserName, $globalPassword, $globalDatabase);
// Connection Error Handling
if ($connection->connect_error) {
// Kill the Connection
die("Could Not Connect to the Database");
}
// MySQL Injection Neutralized Email Variable
$safeEmail = mysqli_real_escape_string($connection, $_REQUEST['inputEmail']);
// Query Preparation
$query = mysqli_prepare($connection, 'SELECT COUNT(*) as total FROM users WHERE email = ?');
$query->bind_param('s', $safeEmail);
// Query Execution
mysqli_stmt_execute($query);
// Query Result Analysis
mysqli_stmt_bind_result($query, $total);
$data = mysqli_stmt_fetch($query);
//-----
$connection->close();
// If That Email is Already Registered...
if ($total > 0) {
echo "true";
return true;
} else {
echo "false";
return false;
}
}
function login()
{
include_once 'database_conn.php';
// check is form filled
if (isFormFilled()) {
// if not filled, stop
return;
}
$uid = sanitizeData($_POST['username']);
$pswd = sanitizeData($_POST['password']);
$columnLengthSql = "\n\t\t\tSELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH\n\t\t\tFROM INFORMATION_SCHEMA.COLUMNS\n\t\t\tWHERE TABLE_NAME = 'te_users'\n\t\t\tAND (column_name = 'username'\n\t\t\tOR column_name = 'passwd')";
$COLUMN_LENGTH = getColumnLength($conn, $columnLengthSql);
$isError = false;
$errMsg[] = validateStringLength($uid, $COLUMN_LENGTH['username']);
//uid
$errMsg[] = validateStringLength($pswd, $COLUMN_LENGTH['passwd']);
//pswd
for ($i = 0; $i < count($errMsg); $i++) {
if (!($errMsg[$i] === true)) {
echo "{$errMsg[$i]}";
$isError = true;
}
}
//if contain error, halt continue executing the code
if ($isError) {
return;
}
// check is uid exist
$checkUIDSql = "SELECT passwd, salt FROM te_users WHERE username = ?";
$stmt = mysqli_prepare($conn, $checkUIDSql);
mysqli_stmt_bind_param($stmt, "s", $uid);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) <= 0) {
echo "Sorry we don't seem to have that username.";
return;
}
mysqli_stmt_bind_result($stmt, $getHashpswd, $getSalt);
while (mysqli_stmt_fetch($stmt)) {
$hashPswd = $getHashpswd;
$salt = $getSalt;
}
// if exist, then get salt and db hashed password
// create hash based on password
// hash pswd using sha256 algorithm
// concat salt in db by uid
// hash using sha256 algorithm
$pswd = hash("sha256", $salt . hash("sha256", $pswd));
// check does it match with hased password from db
if (strcmp($pswd, $hashPswd) === 0) {
echo "Success login<br/>";
// add session
$_SESSION['logged-in'] = $uid;
// go to url
$url = $_SERVER['REQUEST_URI'];
header("Location: {$url}");
} else {
echo "Fail login<br/>";
}
}
function checkCredentials($username, $password)
{
$link = retrieve_mysqli();
//Test to see if their credentials are valid
$queryString = 'SELECT salt, hashed_password FROM user WHERE username = ?';
if ($stmt = mysqli_prepare($link, $queryString)) {
//Get the stored salt and hash as $dbSalt and $dbHash
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $dbSalt, $dbHash);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
// close prepared statement
mysqli_close($link);
/* close connection */
//Generate the local hash to compare against $dbHash
$localhash = generateHash($dbSalt . $password);
//Compare the local hash and the database hash to see if they're equal
if ($localhash == $dbHash) {
return true;
}
// password hashes matched, this is a valid user
}
return false;
// password hashes did not match or username didn't exist
}
public function Get_Safe_Item($table, $field, $var_type, $field_like, $like = FALSE)
{
// Подготавливаем sql-строку и предварительный запрос
$sign = $like ? "LIKE" : "=";
$sql = "SELECT `{$field}` FROM `{$table}` WHERE `{$field}` {$sign} ?";
$statement = mysqli_prepare($this->db_connector, $sql);
// Связываем параметр с меткой и выполняем запрос
switch ($var_type) {
case "string":
$var = "s";
break;
case "integer":
$var = "i";
break;
case "double":
$var = "d";
break;
default:
$var = "b";
break;
}
$field_value = $like ? $field_like . "%" : $field_like;
mysqli_stmt_bind_param($statement, $var, $field_value);
mysqli_stmt_execute($statement);
// Связываем переменную со значением результата запроса и получаем значение результата
mysqli_stmt_bind_result($statement, $safe_value);
if (mysqli_stmt_fetch($statement)) {
return $safe_value;
} else {
return NULL;
}
}
/**
*
* @param type $user_id
* @return GameCompInfo
*/
function getGameCompInfo($user_id)
{
//Add user query
$get_comp_info_q = "SELECT `comp_code`, `score` WHERE `id` = ?";
/* @var $stmt ClassName */
if (!($stmt = $this->mysqli->prepare($get_comp_info_q))) {
$this->throwDBExceptionOnError($this->mysqli->error, $this->mysqli->errno);
}
if (!$stmt->bind_param('i', $user_id)) {
$this->throwDBExceptionOnError($this->mysqli->error, $this->mysqli->errno);
}
if (!$stmt->execute()) {
$this->throwDBExceptionOnError($this->mysqli->error, $this->mysqli->errno);
}
$comp_code = null;
$score = null;
if (!$stmt->bind_result($stmt, $comp_code, $score)) {
$this->throwDBExceptionOnError($this->mysqli->error, $this->mysqli->errno);
}
mysqli_stmt_fetch($stmt);
$stmt->free_result();
$stmt->close();
$this->mysqli->close();
$info = new GameCompInfo($user_id, $comp_code, $score);
return $info;
}
function mysqli_fetch_array_large($offset, $link, $package_size)
{
/* we are aiming for maximum compression to test MYSQLI_CLIENT_COMPRESS */
$random_char = str_repeat('a', 255);
$sql = "INSERT INTO test(label) VALUES ";
while (strlen($sql) < $package_size - 259) {
$sql .= sprintf("('%s'), ", $random_char);
}
$sql = substr($sql, 0, -2);
$len = strlen($sql);
assert($len < $package_size);
if (!@mysqli_query($link, $sql)) {
if (1153 == mysqli_errno($link) || 2006 == mysqli_errno($link) || stristr(mysqli_error($link), 'max_allowed_packet')) {
/*
myslqnd - [1153] Got a packet bigger than 'max_allowed_packet' bytes
libmysql -[2006] MySQL server has gone away
*/
return false;
}
printf("[%03d + 1] len = %d, [%d] %s\n", $offset, $len, mysqli_errno($link), mysqli_error($link));
return false;
}
/* buffered result set - let's hope we do not run into PHP memory limit... */
if (!($res = mysqli_query($link, "SELECT id, label FROM test"))) {
printf("[%03d + 2] len = %d, [%d] %s\n", $offset, $len, mysqli_errno($link), mysqli_error($link));
return false;
}
while ($row = mysqli_fetch_assoc($res)) {
if ($row['label'] != $random_char) {
printf("[%03d + 3] Wrong results - expecting '%s' got '%s', len = %d, [%d] %s\n", $offset, $random_char, $row['label'], $len, mysqli_errno($link), mysqli_error($link));
return false;
}
}
mysqli_free_result($res);
if (!($stmt = mysqli_prepare($link, "SELECT id, label FROM test"))) {
printf("[%03d + 4] len = %d, [%d] %s\n", $offset, $len, mysqli_errno($link), mysqli_error($link));
return false;
}
/* unbuffered result set */
if (!mysqli_stmt_execute($stmt)) {
printf("[%03d + 5] len = %d, [%d] %s, [%d] %s\n", $offset, $len, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt), mysqli_errno($link), mysqli_error($link));
return false;
}
$id = $label = NULL;
if (!mysqli_stmt_bind_result($stmt, $id, $label)) {
printf("[%03d + 6] len = %d, [%d] %s, [%d] %s\n", $offset, $len, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt), mysqli_errno($link), mysqli_error($link));
return false;
}
while (mysqli_stmt_fetch($stmt)) {
if ($label != $random_char) {
printf("[%03d + 7] Wrong results - expecting '%s' got '%s', len = %d, [%d] %s\n", $offset, $random_char, $label, $len, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
}
mysqli_stmt_free_result($stmt);
mysqli_stmt_close($stmt);
return true;
}
public function Get_Safe_Rows($table, $field, $var_type, $field_like, $like = FALSE, $sql_end = "")
{
// Подготавливаем безопасный запрос в базу данных MyISAM и старых версий MySQL
/*
$field_value = mysqli_real_escape_string($this->db_connector, $field_like);
if ($field_value != $field_like) { return FALSE; }
$sign = ($like) ? "LIKE" : "=";
$field_value = ($like) ? $field_value."%" : $field_value;
$sql = "SELECT `id` FROM `$table` WHERE `$field` $sign '$field_value'";
if ($sql_end != "") {
$sql .= " AND ".$sql_end;
}
$temp_arr = $this->GetMultiItemsBySql($sql, array("id"));
$temp_num = count($temp_arr);
for ($i=0; $i<$temp_num; $i++) {
$arr_of_ids[$i] = $temp_arr[$i]["id"];
}
return $arr_of_ids;
*/
// Подготавливаем sql-строку и предварительный запрос в базу данных InnoDB и современных версий MySQL
$sign = $like ? "LIKE" : "=";
$sql = "SELECT `id` FROM `{$table}` WHERE `{$field}` {$sign} ?";
if ($sql_end != "") {
$sql .= " AND " . $sql_end;
}
$statement = mysqli_prepare($this->db_connector, $sql);
// Связываем параметр с меткой и выполняем запрос
switch ($var_type) {
case $var_type == "string" || $var_type == "str" || $var_type == "s":
$var = "s";
break;
case $var_type == "integer" || $var_type == "int" || $var_type == "i":
$var = "i";
break;
case $var_type == "double" || $var_type == "float" || $var_type == "d" || $var_type == "f":
$var = "d";
break;
default:
$var = "b";
break;
}
$field_value = $like ? "%" . $field_like . "%" : $field_like;
mysqli_stmt_bind_param($statement, $var, $field_value);
mysqli_stmt_execute($statement);
// Связываем переменную со значением результата запроса и получаем значение результата
mysqli_stmt_bind_result($statement, $id);
$arr_of_ids = array();
if (mysqli_stmt_fetch($statement)) {
$arr_of_ids[] = $id;
}
if (!empty($arr_of_ids)) {
return $arr_of_ids;
} else {
return NULL;
}
}
function isValid($inputEmail)
{
// Reference Global Variables
global $globalHostName;
global $globalUserName;
global $globalPassword;
global $globalDatabase;
if (empty($inputEmail) || !isset($inputEmail) || is_null($inputEmail) || str_replace(" ", "", $inputEmail) == "") {
echo "false";
return false;
}
if (stristr(strtolower($inputEmail), "@sharklasers") || stristr(strtolower($inputEmail), "@guerrillamail") || stristr(strtolower($inputEmail), "@grr") || stristr(strtolower($inputEmail), "@spam4") || stristr(strtolower($inputEmail), "@trbvm.") || stristr(strtolower($inputEmail), "@mailinator") || stristr(strtolower($inputEmail), "@throam")) {
echo "false";
return false;
}
// Gmail Additional Validation
$emailPieces = explode("@", $inputEmail);
// Check if the Address is a Gmail Address
if (stristr(strtolower($emailPieces[1]), "gmail")) {
// If There are Periods or Plus Signs in the First Part of the Email, Notify the User to Remove Them
if (stristr(strtolower($emailPieces[0]), "+")) {
echo "false";
return false;
}
if (stristr(strtolower($emailPieces[0]), ".")) {
echo "false";
return false;
}
}
// MySQL Connection
$connection = mysqli_connect($globalHostName, $globalUserName, $globalPassword, $globalDatabase);
// Connection Error Handling
if ($connection->connect_error) {
// Kill the Connection
die("Could Not Connect to the Database");
}
// MySQL Injection Neutralized Email Variable
$safeEmail = mysqli_real_escape_string($connection, $inputEmail);
// Query Preparation
$query = mysqli_prepare($connection, 'SELECT COUNT(*) as total FROM users WHERE email = ?');
$query->bind_param('s', $safeEmail);
// Query Execution
mysqli_stmt_execute($query);
// Query Result Analysis
mysqli_stmt_bind_result($query, $total);
$data = mysqli_stmt_fetch($query);
//-----
$connection->close();
// If That Email is Already Registered...
if ($total < 1) {
echo "true";
return true;
} else {
echo "false";
return false;
}
}
/**
* @return array
*/
public function selectAllAuthors()
{
$authors = [];
$stmt = mysqli_prepare($this->connection, 'SELECT author_id, author_name FROM authors');
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $authorID, $author);
while (mysqli_stmt_fetch($stmt)) {
$authors[$authorID] = $author;
}
return $authors;
}
public function getBook()
{
$books = [];
$stmt = mysqli_prepare($this->connection, 'SELECT book_id,book_title FROM books');
mysqli_stmt_bind_result($stmt, $bookId, $bookName);
mysqli_stmt_execute($stmt);
while (mysqli_stmt_fetch($stmt)) {
$books[$bookId] = $bookName;
}
return $books;
}
public function next($object = false, $result_type = MYSQL_BOTH)
{
if (\mysqli_stmt_fetch($this->res)) {
foreach ($this->binds as $key => $value) {
$row[substr($key, strpos($key, '.') + 1)] = $value;
}
//fix for ambiguous fieldnames
return $row;
}
return NULL;
}
public function verify_sql($code)
{
$sql = "SELECT " . $this->column1 . "," . $this->column3 . ", " . $this->column4 . " FROM `" . $this->table . "` WHERE " . $this->column4 . "=?";
$stmt = mysqli_prepare($this->con, $sql);
mysqli_stmt_bind_param($stmt, "s", $code);
$this->querystate = mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $nick, $email, $verurl);
mysqli_stmt_fetch($stmt);
$this->dataar = array("nick" => $nick, "email" => $email, "verurl" => $verurl);
$returner = array("sqldata" => $this->dataar, "querychecker" => $this->querystate);
return $returner;
}
function getGenres()
{
global $db;
$stmt = mysqli_prepare($db, 'SELECT id, name FROM genres');
mysqli_stmt_execute($stmt);
mysqli_store_result($db);
mysqli_stmt_bind_result($stmt, $id, $genre);
while (mysqli_stmt_fetch($stmt)) {
$genres[$id] = $genre;
}
return $genres;
}
function test_format($link, $format, $from, $order_by, $expected, $offset)
{
if (!($stmt = mysqli_stmt_init($link))) {
printf("[%03d] Cannot create PS, [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
if ($order_by) {
$sql = sprintf('SELECT %s AS _format FROM %s ORDER BY %s', $format, $from, $order_by);
} else {
$sql = sprintf('SELECT %s AS _format FROM %s', $format, $from);
}
if (!mysqli_stmt_prepare($stmt, $sql)) {
printf("[%03d] Cannot prepare PS, [%d] %s\n", $offset + 1, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_execute($stmt)) {
printf("[%03d] Cannot execute PS, [%d] %s\n", $offset + 2, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_store_result($stmt)) {
printf("[%03d] Cannot store result set, [%d] %s\n", $offset + 3, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!is_array($expected)) {
$result = null;
if (!mysqli_stmt_bind_result($stmt, $result)) {
printf("[%03d] Cannot bind result, [%d] %s\n", $offset + 4, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_fetch($stmt)) {
printf("[%03d] Cannot fetch result,, [%d] %s\n", $offset + 5, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if ($result !== $expected) {
printf("[%03d] Expecting %s/%s got %s/%s with %s - %s.\n", $offset + 6, gettype($expected), $expected, gettype($result), $result, $format, $sql);
}
} else {
$order_by_col = $result = null;
if (!mysqli_stmt_bind_result($stmt, $order_by_col, $result)) {
printf("[%03d] Cannot bind result, [%d] %s\n", $offset + 7, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
reset($expected);
while ((list($k, $v) = each($expected)) && mysqli_stmt_fetch($stmt)) {
if ($result !== $v) {
printf("[%03d] Row %d - expecting %s/%s got %s/%s [%s] with %s - %s.\n", $offset + 8, $k, gettype($v), $v, gettype($result), $result, $order_by_col, $format, $sql);
}
}
}
mysqli_stmt_free_result($stmt);
mysqli_stmt_close($stmt);
return true;
}
/**
* @return array
*/
public function GetBooksAndAuthors()
{
$booksAndAuthors = [];
$stmt = mysqli_prepare($this->connection, 'SELECT * FROM books AS b INNER JOIN books_authors AS ba
ON ba.book_id = b.book_id INNER JOIN authors AS a ON ba.author_id = a.author_id');
mysqli_stmt_bind_result($stmt, $bookId, $bookTitle, $ba_bid, $ba_aid, $authorId, $authorName);
mysqli_stmt_execute($stmt);
while (mysqli_stmt_fetch($stmt)) {
$booksAndAuthors[$bookTitle][] = $authorName;
//$booksAndAuthors[$bookTitle][$authorName]= $authorId;
}
return $booksAndAuthors;
}
function getUserData($uid)
{
global $db;
$stmt = mysqli_prepare($db, "SELECT\n username,\n firstname,\n lastname,\n email,\n profileimg,\n UNIX_TIMESTAMP( registertime )\n FROM users\n WHERE uid = ?\n LIMIT 1\n ");
mysqli_stmt_bind_param($stmt, "s", $uid);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
mysqli_stmt_bind_result($stmt, $username, $firstname, $lastname, $email, $img, $time);
if (mysqli_stmt_fetch($stmt) == NULL) {
return false;
}
$retData = ['userid' => $uid, 'username' => $username, 'firstname' => $firstname, 'lastname' => $lastname, 'email' => $email, 'img' => $img, 'registerTime' => $time];
return $retData;
}
public function execute()
{
$boundParams = $this->getBoundParams();
foreach ($boundParams as $param => $value) {
$this->query = str_replace($param, $value, $this->query);
}
$statement = mysqli_prepare($this->connection, $this->query);
$result = mysqli_stmt_execute($statement);
$return = mysqli_stmt_fetch($statement);
$return = mysqli_stmt_($statement);
var_dump($return);
die;
return $return;
}
function model_load()
{
global $link;
$query = 'SELECT Id, Nimetus, Kogus FROM kleemets_kaubad ORDER BY Nimetus ASC';
$stmt = mysqli_prepare($link, $query);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $id, $nimetus, $kogus);
$rows = array();
while (mysqli_stmt_fetch($stmt)) {
$rows[] = array('Id' => $id, 'Nimetus' => $nimetus, 'Kogus' => $kogus);
}
mysqli_stmt_close($stmt);
return $rows;
}
public function Autenticar($user, $password)
{
$mysqli = $this->mysqli;
$stmt = \mysqli_prepare($mysqli, "CALL AUTENTICAR_ADMIN(?,?)");
\mysqli_stmt_bind_param($stmt, 'ss', $user, $password);
\mysqli_execute($stmt);
$r1 = 0;
$r2 = '';
\mysqli_stmt_bind_result($stmt, $r1, $r2);
while (\mysqli_stmt_fetch($stmt)) {
return true;
}
\mysqli_stmt_close($stmt);
}
function findUserByEmail($connection, $email)
{
$email = strtolower($email);
$sql = 'SELECT id, name, email, hashed_password FROM users WHERE email = ? LIMIT 1';
$statement = mysqli_prepare($connection, $sql);
mysqli_stmt_bind_param($statement, 's', $email);
mysqli_stmt_execute($statement);
mysqli_stmt_bind_result($statement, $id, $name, $email, $hp);
mysqli_stmt_fetch($statement);
mysqli_stmt_close($statement);
if (isset($id, $name, $email, $hp)) {
return ['id' => $id, 'name' => $name, 'email' => $email, 'hashed_password' => $hp];
}
return null;
}
function model_user_get($kasutaja, $parool)
{
global $link;
$query = 'SELECT Id, Parool FROM kleemets_kasutajad WHERE Kasutajanimi=? LIMIT 1';
$stmt = mysqli_prepare($link, $query);
mysqli_stmt_bind_param($stmt, 's', $kasutaja);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $id, $hash);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
if (password_verify($parool, $hash)) {
return $id;
} else {
return false;
}
}
function model_user_get($kasutajanimi, $parool)
{
global $l;
$query = 'SELECT Id, Parool FROM areinman__kasutajad WHERE Kasutajanimi=? LIMIT 1';
$stmt = mysqli_prepare($l, $query);
if (mysqli_error($l)) {
echo mysqli_error($l);
exit;
}
mysqli_stmt_bind_param($stmt, 's', $kasutajanimi);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $id, $hash);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
return password_verify($parool, $hash) ? $id : false;
}
function obtenerCantidadPorDNI($dni)
{
$conect = conectar();
$sql = "SELECT COUNT(prod.id) as cantidad\n FROM persona as per\n INNER JOIN producto as prod ON (prod.persona_id = per.id)\n WHERE per.dni = ?\n GROUP BY per.dni";
$stmt = $conect->prepare($sql);
$stmt->bind_param('i', $dni);
$stmt->execute();
$stmt->bind_result($cantidad);
$stmt->store_result();
if (mysqli_stmt_num_rows($stmt) > 0) {
$row = mysqli_stmt_fetch($stmt);
$result = array('estado' => true, 'cantidad' => $cantidad);
} else {
$result = array('estado' => false);
}
return $result;
}
function insertPersoon($Naam, $AdresID)
{
$link = connect();
$stmt = mysqli_prepare($link, "INSERT INTO Persoon(Naam, Adresid) VALUES(?, ?);");
mysqli_stmt_bind_param($stmt, "si", $Naam, $AdresID);
mysqli_stmt_execute($stmt);
mysqli_stmt_free_result($stmt);
mysqli_stmt_close($stmt);
$stmt = mysqli_prepare($link, "SELECT MAX(PersoonID) FROM Persoon WHERE Naam = \"{$Naam}\" AND Adresid = \"{$AdresID}\" ");
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $PersoonID);
mysqli_stmt_fetch($stmt);
mysqli_stmt_free_result($stmt);
mysqli_stmt_close($stmt);
mysqli_close($link);
return $PersoonID;
}
function getPageInfoByNewsPoster($con, $page_id)
{
$result_array = array();
$query_case_list = "SELECT key_value_latin, key_value FROM page WHERE page_id = ?";
if (!($stmt = mysqli_prepare($con, $query_case_list))) {
#echo "Prepare failed: (" . mysqli_connect_errno() . ") " . mysqli_connect_error()."<br>";
}
//set values
#echo "set value...";
$id = 1;
if (!mysqli_stmt_bind_param($stmt, "s", $page_id)) {
#echo "Binding parameters failed: (" . mysqli_connect_errno() . ") " . mysqli_connect_error()."<br>";
}
#echo "execute...";
if (!mysqli_stmt_execute($stmt)) {
#echo "Execution failed: (" . mysqli_connect_errno() . ") " . mysqli_connect_error()."<br>";
}
/* instead of bind_result: */
#echo "get result...";
if (!mysqli_stmt_bind_result($stmt, $key_value_latin, $key_value)) {
#echo "Getting results failed: (" . mysqli_connect_errno() . ") " . mysqli_connect_error()."<br>";
}
if (mysqli_stmt_fetch($stmt)) {
$result_array = array("key_value_latin" => $key_value_latin, "key_value" => $key_value);
} else {
#echo "Fetching results failed: (" . mysqli_connect_errno() . ") " . mysqli_connect_error()."<br>";
print_r(error_get_last());
}
mysqli_stmt_close($stmt);
return $result_array;
}
function getRequests($senterId, $receiverId)
{
global $db;
$query = 'SELECT
transactions.uid,
transactions.bcid,
transactions.state,
transactions.time,
bcopies.bcid
FROM
transactions CROSS
JOIN bcopies ON bcopies.bcid = transactions.bcid
WHERE
transactions.uid = ? AND
bcopies.uid = ? AND
transactions.state = "request"
ORDER BY
transactions.time DESC
';
$stmt = mysqli_prepare($db, $query);
mysqli_stmt_bind_param($stmt, 'ii', $senterId, $receiverId);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
mysqli_stmt_bind_result($stmt, $uid, $bcid, $state, $time, $bcid);
$requests = [];
while (mysqli_stmt_fetch($stmt)) {
$request['uid'] = $uid;
$request['bcid'] = $bcid;
$request['state'] = $state;
$request['time'] = $time;
$request['bcid'] = $bcid;
$requests[] = $request;
}
return $requests;
}
function logi_sisse()
{
if (isset($_POST['username'], $_POST['password'])) {
global $link;
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = mysqli_prepare($link, "SELECT kasutajanimi, parool, kasutaja_id FROM mario_kasutajad WHERE kasutajanimi = ? AND parool = SHA1(?)");
$bind = mysqli_stmt_bind_param($stmt, "ss", $username, $password);
$exce = mysqli_stmt_execute($stmt);
//true v false
$bind_r = mysqli_stmt_bind_result($stmt, $r['kasutajanimi'], $r['parool'], $r['kasutaja_id']);
var_dump(mysqli_stmt_fetch($stmt));
if ($exce) {
session_start();
session_regenerate_id();
$_SESSION['kasutaja1'] = $r['kasutajanimi'];
$_SESSION['kasutaja'] = $r['kasutaja_id'];
$nimi = $r['kasutajanimi'];
header('Location: Toad.php');
exit;
} else {
echo "Vale kasutajanimi või parool!";
}
mysqli_close($link);
}
}