protected function login() { try { if ($this->method == 'POST') { $username = $this->request['username']; $password = $this->request['password']; if (isset($username) && isset($password)) { if (isset($_SESSION['Token'])) { return $_SESSION['Token']; } else { $user_authenticated = MyDB::getInstance()->authenticateUser($username, $password); if ($user_authenticated) { //$this->User->loadUser($username, $password); $_SESSION['Token'] = uniqid(); return array('token' => $_SESSION['Token'], 'user_name' => $username); } else { throw new Exception('Invalid user credentials'); } } } else { throw new Exception('Missing username or password'); } } else { throw new Exception('Wrong request type'); } } catch (Exception $e) { header('401 Not Authorized'); return $e->getMessage(); } }
protected function get_token() { if ($this->method == 'POST') { $username = $this->request['username']; $password = $this->request['password']; if (isset($username) && isset($password)) { if (isset($_SESSION[$username])) { return $_SESSION[$username]; } else { $user_authenticated = MyDB::getInstance()->authenticateUser($username, $password); if ($user_authenticated) { //$this->User->loadUser($username, $password); $_SESSION[$username] = uniqid(); return $_SESSION[$username]; } else { return 'Invalid user credentials'; } } } else { return 'Missing username/password'; } } else { return "Only accepts POST requests"; } }
function change_pwd($oldpwd, $newpwd, $newpwd_r) { if ($newpwd != $newpwd_r) { return 1; } return MyDB::getInstance()->change_passwd($_SESSION['u_login'], $oldpwd, $newpwd) == TRUE ? 0 : 1; }
function getXmlNews() { $d = new DomDocument('1.0', 'utf-8'); $root_e = $d->createElement('news'); foreach (MyDB::getInstance()->getResults(MyDB::getQuery(SELECT_NEWS)) as $row) { $item_e = $d->createElement('item', $row['obsah']); $item_e->setAttribute('date', $row['datum']); $root_e->appendChild($item_e); } $d->appendChild($root_e); return $d->saveXML(); }
function getXmlUsers() { $d = new DomDocument('1.0', 'utf-8'); $root_e = $d->createElement('users'); foreach (MyDB::getInstance()->getResults("SELECT id, login, jmeno, telefon, mail, role FROM uzivatele;") as $user) { $user_e = $d->createElement('user'); $user_e->setAttribute('id', $user['id']); $user_e->setAttribute('login', $user['login']); $user_e->setAttribute('jmeno', $user['jmeno']); $user_e->setAttribute('telefon', $user['telefon']); $user_e->setAttribute('mail', $user['mail']); $user_e->setAttribute('role', $user['role']); $root_e->appendChild($user_e); } $d->appendChild($root_e); return $d->saveXML(); }
function login($uname, $upwd) { if (!preg_match('/^[-._@0-9a-zA-Z]+$/', $uname)) { return false; } $authz = MyDB::getInstance()->authenticate($uname, $upwd); if (empty($authz)) { return false; } session_regenerate_id(true); $_SESSION['u_login'] = $authz['login']; $_SESSION['u_id'] = $authz['id']; $_SESSION['u_jmeno'] = $authz['jmeno']; $_SESSION['u_telefon'] = $authz['telefon']; $_SESSION['u_mail'] = $authz['mail']; $_SESSION['u_role'] = $authz['role']; return true; }
function getToken() { $username = $this->username; $password = $this->password; if (isset($username) && isset($password)) { if (isset($_SESSION[$username])) { return $_SESSION[$username]; } else { $user = MyDB::getInstance()->getUser($username, $password); if ($user) { $_SESSION[$username] = uniqid(); return $_SESSION[$username]; } else { return 'Invalid user credentials'; } } } else { return 'Missing username/password'; } }
<?php /* * install.php: Restaurace (IIS 2012) * * Author(s): Marie Kratochvilova <*****@*****.**> * Radek Sevcik <*****@*****.**> * * Date: Thu, 4 Feb 2016 01:46:54 +0100 * * This file is part of iis12_restaurace. */ require_once 'config.inc.php'; function render_head() { } function render_body() { } MyDB::getInstance()->initDb(); header('Location: index.php');
function getFood() { $res = MyDB::getInstance()->getResults('SELECT * FROM kategorie ORDER BY nazev'); $result = ''; foreach ($res as $v) { $result .= '<optgroup label="' . strenc_topage($v['nazev']) . '">'; $res2 = MyDB::getInstance()->getResults('SELECT * FROM jidelni_listek WHERE viditelnost = 1 AND id_kategorie = ' . $v['id']); foreach ($res2 as $v2) { $result .= '<option value="' . $v2['id'] . '">' . strenc_topage($v2['nazev']) . '</option>'; } $result .= '</optgroup>'; } return $result; }
function displayReservations() { $res = MyDB::getInstance()->getResults('SELECT R.*, S.cislo_stolu FROM rezervace R JOIN stoly S ON R.id_stolu = S.id ORDER BY R.datum DESC'); $result = ''; foreach ($res as $v) { $result .= '<tr> <td>' . strenc_topage($v['jmeno']) . '</td> <td>' . $v['cislo_stolu'] . '</td> <td>' . $v['pocet_lidi_u_stolu'] . '</td> <td>' . $v['datum'] . '</td> <td>' . $v['stav'] . '</td> <td> <a href="rezervace.php?action=zrusit&id=' . $v['id'] . '"><img src="images/cross.png"></a> <a href="rezervace.php?action=potvrdit&id=' . $v['id'] . '"><img src="images/accept.png"></a> </td> </tr>'; } return $result; }
<?php date_default_timezone_set('America/New_York'); require_once 'includes/MyDB.php'; $db = MyDB::getInstance(); //writelog($_REQUEST); require_once 'MyAPI.php'; // Requests from the same server don't have a HTTP_ORIGIN header if (!array_key_exists('HTTP_ORIGIN', $_SERVER)) { $_SERVER['HTTP_ORIGIN'] = $_SERVER['SERVER_NAME']; } try { $API = new MyAPI($_REQUEST['request'], $_SERVER['HTTP_ORIGIN']); echo $API->processAPI(); } catch (Exception $e) { echo json_encode(array('error' => $e->getMessage())); } function writelog($message) { $file = fopen("api.log", "a"); $date = new DateTime('NOW'); $date = $date->format("Y M d D h:g:i a"); if (is_array($message) || is_object($message)) { fwrite($file, '[' . $date . '] ' . print_r($message, true)); } else { fwrite($file, '[' . $date . '] ' . $message); } fwrite($file, PHP_EOL); fclose($file); }
function add_item($val, $kat_id, &$row_id) { $val = MyDB::escape($val); $kat_id = MyDB::escape($kat_id); return MyDB::getInstance()->exec("INSERT INTO jidelni_listek (id_kategorie, nazev, popis, cena, viditelnost) VALUES " . "( '{$kat_id}', '{$val}', '', 0, 0 );", $row_id); }