static function changePassword($userToChange, $dirtyUpdatedPassword) { //Recieves new password. hashes with Salt. Updates database with new password. $mysqli = DB::getInstance(); $cleanUpdatedPassword = Cleaner::cleanVar($dirtyUpdatedPassword); //creates long, random salt: $size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB); $newSalt = mcrypt_create_iv($size); //hashes our cleaned password with added salt: $safeUpdatedPassword = hash("sha512", "{$newSalt}" . "{$cleanUpdatedPassword}"); $queryChangePassword = "******" . $safeUpdatedPassword . "', salt='" . $newSalt . "'\n\t\tWHERE users.id=" . $userToChange . ";\n\t\t"; $mysqli->query($queryChangePassword); }
static function showSingleGoal($dirtyGoalID, $dirtyUserID) { // takes POST about goalID and session userID and shows goal that contains both from database. $cleanGoalID = Cleaner::cleanVar($dirtyGoalID); $cleanUserID = Cleaner::cleanVar($dirtyUserID); $mysqli = DB::getInstance(); $query = "\n\t\t\tSELECT content.*, goals_use_content.id as 'connection_id', goals.id as 'goal_id', goals.goal, goals.subject as 'goal_subject', goals.year as 'goal_year', goals.user_id as 'goal_user_id'\n\t\t\tfrom goals\n\t\t\tleft join goals_use_content\n\t\t\ton goals.id = goals_use_content.goal_id\n\t\t\tleft join content\n\t\t\ton goals_use_content.content_id = content.id\n\t\t\twhere goals.user_id = '" . $cleanUserID . "'\n\t\t\tand goals.id = '" . $cleanGoalID . "'\n\t\t"; $result = $mysqli->query($query); $array = array(); while ($row = $result->fetch_assoc()) { $array[] = $row; } return ['items' => $array, 'goal' => $array[0]['goal'], 'goal_subject' => $array[0]['goal_subject'], 'goal_year' => $array[0]['goal_year'], 'goal_id' => $array[0]['goal_id']]; }
static function showConnectedContent($dirtyGoalID, $dirtyUserID) { // takes POST about goalID and userID and shows the content that has both values $cleanGoalID = Cleaner::cleanVar($dirtyGoalID); $cleanUserID = Cleaner::cleanVar($dirtyUserID); $mysqli = DB::getInstance(); $queryConnections = "\n\t\tSELECT *\n\t\tFROM content, goals_use_content\n\t\tWHERE content.id = goals_use_content.content_id\n\t\tAND goals_use_content.goal_id = '" . $cleanGoalID . "'\n\t\tHAVING goals_use_content.user_id = '" . $cleanUserID . "'\n\t\tORDER BY content.timestamp DESC\n\t\t"; $resultConnections = $mysqli->query($queryConnections); $array = array(); while ($rowConnections = $resultConnections->fetch_assoc()) { $array[] = $rowConnections; } return $array; }
function rating($dirtyContentID, $dirtyUserId, $dirtyRating) { // takes contentID, userID and rating containing 1 or -1 and insert it into database. // it checks if that userID has rated on that content before. if no, it will insert rating into database. $cleanContentID = Cleaner::cleanVar($dirtyContentID); $cleanUserId = Cleaner::cleanVar($dirtyUserId); $cleanRating = Cleaner::cleanVar($dirtyRating); $mysqli = DB::getInstance(); $query = "SELECT EXISTS(SELECT * FROM rating WHERE content_id = '{$cleanContentID}' and users_id = '{$cleanUserId}') as ratingExists"; $result = $mysqli->query($query); $array = array(); while ($row = $result->fetch_assoc()) { if ($row['ratingExists'] == 0) { $query = "\n\t\t\t\t\tINSERT INTO rating (content_id, users_id, rating)\n\t\t\t\t\tVALUES ('{$cleanContentID}', '{$cleanUserId}', '{$cleanRating}')\n\t\t\t\t"; $mysqli->query($query); } } }