public function refresh(DBObject $db, $table = 'userinfo', $fields = ['userid'], $status = 'status') { $sql = "SELECT * FROM {$table} WHERE {$fields[0]} = {$_SESSION[$fields[0]]}"; if (($result = $db->query($sql)) && mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); if ($row[$status] == 0) { return false; } foreach ($fields as $field) { $_SESSION[$field] = $row[$field]; } return true; } else { // echo $db->getError(); error_log($db->getError()); return false; } }
function refresh_session() { $db = new DBObject(CURRENT_DB); $sql = "SELECT * FROM userinfo WHERE userid = {$_SESSION['userid']}"; if (($result = $db->query($sql)) && mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); if ($row['status'] == 0) { return false; } $_SESSION['userid'] = $row['userid']; $_SESSION['username'] = $row['username']; $_SESSION['status'] = $row['status']; $_SESSION['admin'] = $row['admin']; return true; } else { echo $db->getError(); return false; } }
$numbers = array('Age', 'offhours', 'onhours', 'HasPhoto', 'HasCert', 'HasEvalForm', 'schoolyear', 'semester'); $bools = array('HasPhoto' => 'rp', 'HasCert' => 'rc', 'HasEvalForm' => 're'); foreach ($_POST as $key => $value) { if ($key == 'sid' || $key == 'onid' || $key == 'offid') { ctype_digit($value) or die('Error: record does not exist.'); $id = $value; $col = $db->escape($key); } else { $key = in_array($key, $bools) ? array_search($key, $bools) : $db->escape($key); $value = $key === 'Bday' ? date('Y-m-d', strtotime(trim($value))) : $db->escape($value); if (strstr($key, '-') === false) { $value = in_array($key, $numbers) ? $value : "'{$value}'"; $sql = "UPDATE students SET {$key} = {$value} WHERE {$col} = {$id}"; } else { $arrkey = explode('-', $key); $value = in_array($arrkey[1], $numbers) ? "{$value}" : "'{$value}'"; if (empty($col)) { $sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value}"; } else { $sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value} WHERE {$col} = {$id}"; } } echo "{$sql}. "; if ($db->query($sql) && $db->getAffected() > 0) { echo "Saved."; } else { echo $db->getError(); } } } }
\t) EOSQL; if ($db->query($sql)) { // $sid = $db->getLastID(); // $tables = array('students'); // $rows = array('sid'); // $values = array($sid); // // $sql = "INSERT INTO offcampus (student) VALUES ($sid)"; // $db->query($sql) or die(deleteLast($tables, $rows, $values, $db->getError())); // $offid = $db->getLastID(); // $tables[] = 'offcampus'; // $rows[] = 'offid'; // $values[] = $offid; // // $sql = "INSERT INTO oncampus (student) VALUES ($sid)"; // $db->query($sql) or die(deleteLast($tables, $rows, $values, $db->getError())); // $onid = $db->getLastID(); echo "Record added!"; } else { die('There was an error running the query[' . $db->getError() . ']'); } function deleteLast($tables, $rows, $values, $error) { global $db; for ($i = 0; $i < count($tables); $i++) { $sql = "DELETE FROM {$tables[$i]} WHERE {$rows[$i]} = {$values[$i]}"; $db->query($sql); } return $error; }
die(json_encode($json)); } $db = new DBObject(CURRENT_DB); $username = $db->escape($_POST['username']); $timestamp = Crypto::get_timestamp(); $encpass = Crypto::encrypt_password($_POST['userpass'], $timestamp[0]); $regdate = Crypto::create_microdate($timestamp); // $sql = "INSERT INTO userinfo(username, userpass, regdate) VALUES(?, ?, ?)"; $sql = "INSERT INTO userinfo(username, userpass, regdate) VALUES(?username:s, ?userpass:s, ?regdate:s)"; sleep(1); // $query = $db->prepare($sql); // $query->bind_param('sss', $username, $encpass, $regdate); // $db->execute($query); $db->prepare($sql); $db->bind(array("username" => $username, "userpass" => $encpass, "regdate" => $regdate)); $db->execute(); if ($db->hasErrno(0)) { $json['status'] = 0; $json['response'] = 'Registration successful!'; // } else if ($db->getErrno() == 1062) { } else { if ($db->hasErrno(1062)) { $json['status'] = 1; $json['response'] = 'Username already exists in the database!'; } else { $json['status'] = 3; $json['response'] = $db->getError(); } } die(json_encode($json)); }
<?php chdir('..'); date_default_timezone_set('Asia/Manila'); require_once 'includes/classDB.php'; require_once 'includes/constants.php'; if (!empty($_POST['username']) && !empty($_POST['userpass'])) { $db = new DBObject(CURRENT_DB); $username = $db->escape($_POST['username']); $hashpass = hash('md5', $_POST['userpass']); $sql = "INSERT INTO userinfo(username, userpass) VALUES('{$username}', '{$hashpass}')"; sleep(1); if ($db->query($sql) && $db->getAffected() > 0) { echo 'Registration successful!'; } else { die('Error: ' . $db->getError()); } } else { die('Username/password field is empty.'); }
case 3: case 5: case 6: $ans[0] = "evaluation.q{$quest}e1 as ans1"; $ans[1] = "evaluation.q{$quest}e2 as ans2"; break; default: $ans[0] = "evaluation.q{$quest}e1 as ans1"; break; } $ans2 = join(', ', $ans); $question = $questions[$quest - 1]; $json['quest'] = $question; $where = $type ? '' : "AND schoolyear = {$year} AND semester = {$sem}"; $sql = <<<EOSQL SELECT evaluation.schoolyear, evaluation.semester, evaluation.student, {$ans2}, students.lname, students.fname, students.mname FROM evaluation INNER JOIN students ON evaluation.student = students.sid WHERE reqcode = 'OK' {$where} ORDER BY schoolyear DESC, semester DESC, id DESC EOSQL; if ($result = $db->query($sql)) { while ($row = mysqli_fetch_assoc($result)) { $fullname = create_name($row['fname'], $row['lname'], $row['mname']); $answer2 = isset($row['ans2']) || !empty($row['ans2']) ? $row['ans2'] : null; $json['ans'][] = array('answer' => $row['ans1'], 'answer2' => $answer2, 'sid' => $row['student'], 'fullname' => $fullname, 'year' => $row['schoolyear'], 'sem' => $row['semester']); } echo json_encode($json); } else { die("Error: {$db->getError()} -- {$sql}"); } }