}
$w = imagesx($im);
$h = imagesy($im);
$s = $w > $h ? $h : $w;
//Smallest out of height and width
$im2 = imagecreatetruecolor(200, 200);
imagecopyresampled($im2, $im, 0, 0, 0, 0, 200, 200, $s, $s);
$dao = new DAO(false);
//Delete the previous profile picture
$f_name = "../../profile_pictures/" . $user->user_picture;
if (file_exists($f_name)) {
unlink($f_name);
}
$user->user_picture = $user->user_id . "-" . date("U");
$r = imagejpeg($im2, "../../profile_pictures/" . $user->user_picture, 100);
$im3 = imagecreatetruecolor(1, 1);
imagecopyresampled($im3, $im2, 0, 0, 0, 0, 1, 1, 200, 200);
$rgb = imagecolorat($im3, 0, 0);
$colors = imagecolorsforindex($im3, $rgb);
imagedestroy($im);
imagedestroy($im2);
imagedestroy($im3);
$dao->myquery("UPDATE user SET user_picture=\"{$user->user_picture}\" WHERE user_id=\"{$user->user_id}\";");
} else {
redirect($_POST["r"]);
}
} else {
redirect($_POST["r"]);
}
header("Connection: close");
redirect($_POST["r"]);
#!/usr/bin/php -q
<?php
//Scan database for notifications that have not been seen and are ready for departure
include_once "../util/mysql.php";
include "../mail/send.php";
include "../util/constants.php";
// chdir("..");
// error_log("\n\n");
// error_log("PHP_ini_loaded_file: ".php_ini_loaded_file());
// error_log("executable path: ".PHP_BINDIR);
// error_log("user: "******"Beginning to email notifications...");
$dao = new DAO(false);
$part = array("user_id", "user_email", "user_name", "notif_id", "notif_title", "notif_message", "notif_link");
$query = "SELECT user.user_id,user_email,user_name,notif_id,notif_title,notif_message,notif_link \n\t\t\t\tFROM notification \n\t\t\t\tJOIN user ON user.user_id=notification.user_id \n\t\t\t\tWHERE NOT notif_seen AND NOT notif_emailed\n\t\t\t\tAND notif_departure < NOW();";
$dao->myquery($query);
$notifications = $dao->fetch_all_obj();
foreach ($notifications as $notification) {
$body = "<p>Hello " . $notification->user_name . ",</p>\n\t\t<p>" . $notification->notif_message . " <a href=\"" . $SITE_URL . "script/notification/see.php?notif_id=" . $notification->notif_id . "\">Click here to view</a>.</p>\n\t\t<p>Best Wishes,<br>The Unify Team</p>";
mail_message($notification->user_email, $notification->notif_title, $body);
$query = "UPDATE notification SET notif_emailed=\"1\" WHERE notif_id=\"" . $notification->notif_id . "\";";
$dao->myquery($query);
}
error_log("Finished emailing notifications...");
/**
* Select all objects from the database where the WHERE clause is entirely true.
* Every argument will match a value in a column in the database.
* @param DAO $dao a reference to a instance of DAO
* @param string $table the name of the table of the objects
* @param array $keys the associative array naming the properties of these objects for selection
* @param array $where the associative array describing the properties of these objects (used in the WHERE clause)
* @return array An array of DataObject instances with the variables specified in $assoc which can
* be committed to the table $table.
*/
static function select_all($dao, $table, $keys, $where)
{
$obj = new DataObject();
$obj->table = $table;
$obj->dao = $dao;
//Reference to the dao stored
$obj->update = true;
//This will be updated on commit
$objects = array();
$query_where = $obj->key_values($where);
$query_part = implode(",", $keys);
$query = "SELECT " . $query_part . " FROM " . $table . " WHERE " . implode(" AND ", $query_where) . " ORDER BY " . $keys[0] . " DESC;";
$dao->myquery($query);
$query_objects = $dao->fetch_all_part($keys);
//determine primary key and value
$dao->myquery("SHOW index FROM {$obj->table} where Key_name = 'PRIMARY';");
// var_dump($dao->fetch_one_obj());
$obj->primary_key = $dao->fetch_one_obj()->Column_name;
foreach ($query_objects as $query_obj) {
$new_obj = clone $obj;
//Copy the default obj
foreach ($keys as $key) {
$new_obj->{$key} = $query_obj[$key];
}
$new_obj->primary_id = $new_obj->{$new_obj->primary_key};
$objects[] = $new_obj;
}
return $objects;
}
<?php
include_once "../util/mysql.php";
$dao = new DAO(false);
$uni_id = $dao->escape($_GET["university_id"]);
$course = $dao->escape($_GET["course"]);
$course = strtolower($course);
//Take the query and return a json list of courses that might match this one
$dao->myquery("SELECT course_id,course_name FROM course WHERE LOWER(course_name) LIKE '%{$course}%' AND university_id = '{$uni_id}';");
echo $dao->fetch_json_part(array("course_id", "course_name"));
<?php
include_once "../util/mysql.php";
include "../util/session.php";
$dao = new DAO(false);
$name = $dao->escape($_POST["q"]);
$name = trim(strtolower($name));
if ($name != "") {
//Find the select the cohort, course and university of the user
$query = "SELECT cohort.cohort_id,course.course_id,university.university_id FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE user_id=\"{$user->user_id}\";";
$dao->myquery($query);
$row = $dao->fetch_one();
$cohort_id = $row["cohort_id"];
$course_id = $row["course_id"];
$university_id = $row["university_id"];
if (isset($_POST["group_id"])) {
$group_id = $dao->escape($_POST["group_id"]);
$not_in_group = "AND NOT EXISTS(SELECT grouping_id FROM grouping WHERE user.user_id=grouping.user_id AND grouping.group_id=\"{$group_id}\")";
} else {
$not_in_group = "";
}
//Take the query and return a json list of courses that might match this one
$dao->myquery("SELECT user_id,user_name,cohort_start,course_name,university_name,user_picture FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE (cohort.cohort_id=\"{$cohort_id}\" OR " . "course.course_id=\"{$course_id}\" OR " . "university.university_id=\"{$university_id}\") AND " . "LOWER(user_name) LIKE \"%{$name}%\" AND user_id!=\"{$user->user_id}\" {$not_in_group};");
echo $dao->fetch_json();
} else {
echo "[]";
}
<?php
include "../util/session.php";
include_once "../util/mysql.php";
include "../util/redirect.php";
$f = "../img/dp1.jpg";
if (isset($_GET["user_id1"])) {
$dao = new DAO(false);
$user_id1 = $dao->escape($_GET["user_id1"]);
$dao->myquery("SELECT user_picture FROM user WHERE user_id=\"{$user_id1}\";");
$user1 = $dao->fetch_one_obj_part(array("user_picture"));
$f = "../profile_pictures/" . $user1->user_picture;
if (!$user1->user_picture || !file_exists($f)) {
$f = "../img/dp1.jpg";
}
header('Content-Type: image/jpeg');
header("Content-Disposition: inline; filename=\"{$user1->user_picture}\"");
readfile($f);
}
<?php
if (isset($selected_user)) {
unset($selected_user);
}
if ($logged_in && isset($_GET["user_id"])) {
$dao = new DAO(false);
$user_request = $dao->escape($_GET["user_id"]);
$properties = array("user_id", "user_name", "user_picture", "course_name", "university_name");
$dao->myquery("SELECT " . implode(",", $properties) . " FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON course.university_id=university.university_id WHERE user_id=\"{$user_request}\";");
if ($dao->fetch_num_rows() > 0) {
//User exists
$selected_user = $dao->fetch_one_obj_part($properties);
$friends_query = "SELECT * FROM connection WHERE (user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\") OR " . "(user_id2=\"{$user->user_id}\" AND user_id1=\"{$selected_user->user_id}\");";
$dao->myquery($friends_query);
$is_friend = $dao->fetch_num_rows() != 0 || $selected_user->user_id == $user->user_id || $selected_user->user_id == 1;
// I am friends with myself
$selected_user->is_friend = $is_friend;
$dao->myquery("SELECT * FROM friend_request WHERE user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\";");
$selected_user->request_sent = $dao->fetch_num_rows() != 0;
$_SESSION["selected_user"] = $selected_user;
unset($_SESSION["selected_cohort"]);
}
}
<?php
include_once "../util/mysql.php";
include "../util/pwd.php";
$dao = new DAO(true);
$user_password = $dao->escape(salt($_POST["user_password"]));
$user->user_id = $dao->escape($_POST["user_id"]);
$conf_rnd = $dao->escape($_POST["conf_rnd"]);
$query = "SELECT * FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";";
$dao->myquery($query);
if ($dao->fetch_num_rows() == 1) {
$query = "DELETE FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";";
$dao->myquery($query);
$new_password_query = "UPDATE user SET user_password=\"{$user_password}\" WHERE user_id=\"{$user->user_id}\";";
$dao->myquery($new_password_query);
}
?>
<?php
if ($logged_in) {
$dao = new DAO(false);
if (isset($_GET["cohort_id"])) {
$cohort_request = $dao->escape($_GET["cohort_id"]);
if ($cohort_request == $user->cohort_id) {
$dao->myquery("SELECT cohort_id,cohort.group_id,group_name,cohort_start,course.course_name,university.university_name FROM cohort \n\t\t\t\t\tJOIN course ON cohort.course_id=course.course_id \n\t\t\t\t\tJOIN university ON university.university_id=course.university_id\n\t\t\t\t\tJOIN user_group ON cohort.group_id=user_group.group_id WHERE cohort_id=\"{$cohort_request}\";");
$row = $dao->fetch_one_obj();
if ($dao->fetch_num_rows() > 0) {
//It exists
$selected_group = new stdClass();
$selected_group->cohort_id = $row->cohort_id;
$selected_group->course_name = $row->course_name;
$selected_group->university_name = $row->university_name;
$selected_group->group_id = $row->group_id;
$selected_group->group_name = $row->course_name . " at " . $row->university_name . " " . date("Y", strtotime($row->cohort_start));
$selected_group->can_be_added_to = false;
$d = new DateTime($row->cohort_start);
$selected_group->cohort_start = $d->format('jS F Y');
$selected_group->posting_enabled = $selected_group->cohort_id == $user->cohort_id;
$_SESSION["selected_group"] = $selected_group;
unset($_SESSION["selected_user"]);
}
} else {
redirect("../");
}
}
}
<?php
include "../util/session.php";
include "../util/redirect.php";
include "../util/pwd.php";
include_once "../util/mysql.php";
$redirect = "/";
if (isset($_POST["r"]) && $_POST["r"] != "") {
$redirect = htmlspecialchars($_POST["r"]);
}
if (isset($_POST["user_email"]) && isset($_POST["user_password"]) && $_POST["user_email"] != "" && $_POST["user_password"] != "") {
$dao = new DAO();
$user_email = $dao->escape($_POST["user_email"]);
$user_password = $dao->escape(salt($_POST["user_password"]));
$user_query = "SELECT user_id,user_name,user_email,cohort_id,user_picture FROM user WHERE user_email=\"{$user_email}\" AND user_password=\"{$user_password}\";";
$dao->myquery($user_query);
if ($dao->fetch_num_rows() == 1) {
$_SESSION["user"] = $dao->fetch_one_obj_part(array("user_id", "user_name", "user_email", "cohort_id", "user_picture"));
unset($_SESSION["selected_user"]);
redirect($redirect);
//Go to the redirect link
} else {
redirect("../../welcome/?&m=2&r=" . $redirect . "&user_email=" . htmlspecialchars($user_email));
}
} else {
redirect("../../welcome/?m=3" . (isset($_POST["user_email"]) ? "&user_email=" . $_POST["user_email"] : "") . "&r=" . $redirect);
}
$conversation->user_id = $convo_id;
$conversation->user_picture = $user2->user_picture;
$conversations[$convo_id] = $conversation;
} else {
$conversation = $conversations[$convo_id];
}
$conversation->messages[$message->msg_id] = $message;
}
return $conversations;
}
$dao = new DAO(false);
if (isset($_POST["user_id"])) {
if ($_POST["user_id"] == "-1") {
//Get an array of all the conversations
$conversations_query = "(SELECT user_id2 AS user_id FROM chat_msg WHERE user_id1={$user->user_id} GROUP BY user_id2) \n\t\t\t\t\t\t\t\t\tUNION \n\t\t\t\t\t\t\t\t\t(SELECT user_id1 AS user_id FROM chat_msg WHERE user_id2={$user->user_id} GROUP BY user_id1)";
$dao->myquery($conversations_query);
$conversation_requests = $dao->fetch_all_part(array("user_id"));
$conversations = array();
foreach ($conversation_requests as $request) {
$c = get_conversations($dao, $request["user_id"], -1, -1)[$request["user_id"]];
$conversations[$request["user_id"]] = $c;
}
echo json_encode_strip($conversations);
} else {
$conversations = get_conversations($dao, $_POST["user_id"], -1, -1)[$_POST["user_id"]];
echo json_encode_strip($conversations);
}
} else {
$conversation_requests = $_POST;
$conversations = array();
foreach ($conversation_requests as $request) {
include_once "../util/mysql.php";
include "../util/redirect.php";
include "../mail/send.php";
$dao = new DAO(false);
if (isset($_POST["user_name"]) && isset($_POST["user_email"]) && isset($_POST["user_password"]) && isset($_POST["university_id"]) && isset($_POST["course_id"]) && isset($_POST["start_year"]) && isset($_POST["start_month"])) {
$user_name = $dao->escape($_POST["user_name"]);
$user_email = $dao->escape($_POST["user_email"]);
$user_password = $dao->escape(salt($_POST["user_password"]));
$university_id = $dao->escape($_POST["university_id"]);
$course_id = $dao->escape($_POST["course_id"]);
$cohort_start = $dao->escape($_POST["start_year"]) . "-" . $dao->escape($_POST["start_month"]) . "-1";
//Checks
// - Email is unique
// - Email confirmation
// - Cohort exists or not?
$dao->myquery("SELECT user_email FROM user WHERE user_email LIKE \"%{$user_email}\";");
if ($dao->fetch_num_rows() == 0) {
//Insert the user into the database, and retreive the user_id
$cohort = DataObject::select_one($dao, "cohort", array("cohort_id", "group_id"), array("cohort_start" => $cohort_start, "course_id" => $course_id));
if (!$cohort) {
//Cohort does not exist, insert it
$group = DataObject::create($dao, "user_group", array("group_name" => "Cohort {$cohort_id} Group"));
$group->commit();
$group_id = $group->get_primary_id();
$cohort = DataObject::create($dao, "cohort", array("course_id" => $course_id, "group_id" => $group_id, "cohort_start" => $cohort_start));
$cohort->commit();
}
$uncomfirmed = salt($user_email);
$user = DataObject::create($dao, "user", array("cohort_id" => $cohort->get_primary_id(), "user_name" => $user_name, "user_email" => "{$uncomfirmed} {$user_email}", "user_password" => $user_password, "user_picture" => "default"));
if ($user->commit()) {
//Add the user to the cohort's group
<?php
include_once "../util/session.php";
include_once "../util/mysql.php";
$friends_query = "SELECT user_id,user_name,user_picture,course.course_name,university.university_name,cohort.cohort_start FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON university.university_id=course.university_id " . "WHERE (user_id in(SELECT user_id1 FROM connection WHERE user_id2=\"{$user->user_id}\") " . "OR user_id in(SELECT user_id2 FROM connection WHERE user_id1=\"{$user->user_id}\")) ORDER BY user.user_name ASC;";
$dao = new DAO(false);
$dao->myquery($friends_query);
echo $dao->fetch_json();
<?php
include "script/util/mysql.php";
include "script/util/redirect.php";
$dao = new DAO();
$rnd = $dao->escape($_GET["rnd"]);
//Delete the confirmation
//Delete the user
//Find the user id first
$conf_query = "SELECT user_id FROM confirmation WHERE conf_rnd = \"{$rnd}\";";
$dao->myquery($conf_query);
$row = $dao->fetch_one();
$user->user_id = $row["user_id"];
//Then delete the confirmation
$conf_query = "DELETE FROM confirmation WHERE conf_rnd = \"{$rnd}\";";
$dao->myquery($conf_query);
//And delete the user
$user_query = "DELETE FROM user WHERE user_id = \"{$user->user_id}\";";
$dao->myquery($user_query);
redirect("welcome/?m=9");
<?php
include_once "../util/mysql.php";
$dao = new DAO();
$dao->myquery("SELECT * FROM university;");
echo $dao->fetch_json();
