public function fetchImages()
{
if (!file_exists($this->fullPath)) {
throw new Exception('Gallery path does not exist: ' . $this->fullPath);
}
$sql = 'SELECT i.id, i.filename, i.published FROM images i WHERE i.gallery = :gallery';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':gallery', $this->id);
$stmt->execute();
$databaseImages = assignKeys($stmt->fetchAll(), 'filename');
$privViewUnpublished = Session::hasPriv('GALLERY_VIEW_UNPUBLISHED');
$images = array();
foreach (scandir($this->fullPath) as $filename) {
if (strpos($filename, '.') == 0) {
continue;
}
$potentialImage = array('filename' => $filename, 'published' => true);
$dbEntry =& $databaseImages[$filename];
$dbEntry = is_array($dbEntry) ? $dbEntry : array();
$imageMerged = array_merge($potentialImage, $dbEntry);
if ($imageMerged['published'] || !$imageMerged['published'] && $privViewUnpublished) {
$images[] = $imageMerged;
}
}
return $images;
}
public static function isEmpty()
{
$sql = 'SELECT bi.id FROM basket_items bi WHERE bi.basketOwner = :userId';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':userId', Session::getUser()->getId());
$stmt->execute();
return $stmt->numRows() == 0;
}
public function process()
{
$sql = 'INSERT INTO finance_accounts (title) VALUES (:title) ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':title', $this->getElementValue('title'));
$stmt->execute();
redirect('listFinanceAccounts.php', 'Created');
}
public function getEvents()
{
$sql = 'SELECT e.id, e.name FROM events e WHERE e.venue = :vid ORDER BY e.date ASC';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':vid', $this->getId());
$stmt->execute();
return $stmt->fetchAll();
}
public function process()
{
$sql = 'INSERT INTO galleries (title, status, folderName) VALUES (:title, "Open", :folderName)';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue('title', $this->getElementValue('title'));
$stmt->bindValue(':folderName', $this->getElementValue('folderPath'));
$stmt->execute();
}
public function process()
{
$sql = 'UPDATE permissions SET description = :description WHERE `key` = :key';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':key', $this->getElementValue('id'));
$stmt->bindValue(':description', $this->getElementValue('description'));
$stmt->execute();
}
public function process()
{
$sql = 'INSERT INTO basket_items (user, event, basketOwner) VALUES (:user, :event, :basketOwner)';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', $this->user->getId());
$stmt->bindValue(':event', $this->getElementValue('event'));
$stmt->bindValue(':basketOwner', Session::getUser()->getId());
$stmt->execute();
}
public function process()
{
$sql = 'UPDATE seatingplans SET layout = :layout, seatCount = :seatCount WHERE id = :id';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':layout', $this->getElementValue('layout'));
$stmt->bindValue(':seatCount', $this->getElementValue('seatCount'));
$stmt->bindValue(':id', $this->getElementValue('id'));
$stmt->execute();
}
public function process()
{
$sql = 'INSERT INTO finance_transactions (amount, description, account) VALUES (:amount, :description, :account) ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':amount', $this->getElementValue('amount'));
$stmt->bindValue(':description', $this->getElementValue('description'));
$stmt->bindValue(':account', $this->getElementValue('account'));
$stmt->execute();
redirect('viewFinanceAccount.php?id=' . $this->getElementValue('account'), 'Finance entry created.');
}
public function process()
{
$sql = 'UPDATE finance_accounts SET title = :title, assigned_to = :assignedTo WHERE id = :id';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':id', $this->getElementValue('id'));
$stmt->bindValue(':title', $this->getElementValue('title'));
$stmt->bindValue(':assignedTo', $this->getElementValue('assignedTo'));
$stmt->execute();
redirect('listFinanceAccounts.php', 'Updated');
}
function getAuthenticatedMachines($user, $event)
{
$sql = 'SELECT a.id FROM authenticated_machines a WHERE a.user = :user AND a.event = :event';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', $user);
$stmt->bindValue(':event', $event);
$stmt->execute();
$authenticatedMachines = $stmt->fetchAll();
return $authenticatedMachines;
}
private function getElementVenues($id)
{
$el = $this->addElement(new ElementSelect('venue', 'Venue', $id));
$sql = 'SELECT v.id, v.name FROM venues v';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->execute();
foreach ($stmt->fetchAll() as $itemVenue) {
$el->addOption($itemVenue['name'], $itemVenue['id']);
}
return $el;
}
public function process()
{
$sql = 'UPDATE images SET promo = :promo, caption = :caption, published = :published WHERE filename = :filename AND gallery = :gallery ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':promo', $this->getElementValue('promo'));
$stmt->bindValue(':caption', $this->getElementValue('caption'));
$stmt->bindValue(':filename', $this->getElementValue('filename'));
$stmt->bindValue(':published', $this->getElementValue('published'));
$stmt->bindValue(':gallery', $this->getElementValue('gallery'));
$stmt->execute();
}
function deleteSeatsForUser($eventId, $userId = null)
{
if (empty($userId)) {
$userId = Session::getUser()->getId();
}
$sql = 'DELETE FROM seatingplan_seat_selections WHERE event = :event AND user = :user ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':event', $eventId);
$stmt->bindValue(':user', $userId);
$stmt->execute();
}
public function process()
{
$sql = 'INSERT INTO finance_transactions (amount, description, timestamp, account) VALUES (:amount, :title, now(), :account) ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
foreach (Basket::getContents() as $basketItem) {
$stmt->bindValue(':amount', $basketItem['cost']);
$stmt->bindValue(':title', '(given cash) ' . $basketItem['title'] . ' ticket for ' . $basketItem['username']);
$stmt->bindValue(':account', $this->getElementValue('username'));
$stmt->execute();
Events::setSignupStatus($basketItem['userId'], $basketItem['eventId'], 'CASH_IN_POST');
}
}
public function process()
{
$sql = 'DELETE FROM finance_account_allocations';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->execute();
$sql = 'INSERT INTO finance_account_allocations (identifier, account) values (:paymentType, :account)';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
foreach ($this->allocatedPaymentTypes as $account) {
$stmt->bindValue(':paymentType', $account['paymentType']);
$stmt->bindValue(':account', $this->getElementValue($account['paymentType']));
$stmt->execute();
}
}
function setUserInSeat($eventId, $seatId, $userId = null)
{
if (empty($userId)) {
$userId = Session::getUser()->getId();
}
logActivity('_u_' . ' selected seat ' . $seatId . ' for event _e_', null, array('user' => $userId, 'event' => $eventId));
$sql = 'INSERT INTO seatingplan_seat_selections (seat, event, user) VALUES (:seat, :event, :user1) ON DUPLICATE KEY UPDATE user = :user2';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':seat', $seatId);
$stmt->bindValue(':event', $eventId);
$stmt->bindValue(':user1', $userId);
$stmt->bindValue(':user2', $userId);
$stmt->execute();
}
public function commit()
{
$sql = 'UPDATE ' . $this->table . ' SET ';
$updates = array();
foreach ($this->cache as $field => $value) {
$updates[] = ' ' . $field . ' = :' . $field . 'Value ';
}
$sql .= implode($updates, ',');
$sql .= ', id = id WHERE id = :id';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
foreach ($this->cache as $field => $value) {
$stmt->bindValue($field . 'Value', $value);
}
$stmt->bindValue(':id', $this->id);
$stmt->execute();
}
public function getSetting($key)
{
if (empty($this->settings)) {
$sql = 'SELECT * FROM `settings`';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->execute();
foreach ($stmt->fetchAll() as $setting) {
$this->settings[$setting['key']] = $setting['value'];
}
}
if (isset($this->settings[$key])) {
return $this->settings[$key];
} else {
throw new Exception('Tried to access game setting "' . $key . '", which does not exist.');
}
}
private function removeEventsAlreadySignedupFor($events)
{
$sql = 'SELECT s.event, s.status FROM signups s WHERE s.user = :user AND s.status != "SIGNEDUP" ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', Session::getUser()->getId());
$stmt->execute();
$eventIds = array();
foreach ($stmt->fetchAll() as $event) {
$eventIds[] = $event['event'];
}
foreach ($events as $key => $event) {
if (in_array($event['id'], $eventIds)) {
unset($events[$key]);
}
}
return $events;
}
public function process()
{
foreach ($this->parseEmails() as $email) {
$sql = 'SELECT u.id, u.email, u.username FROM users u WHERE u.email = :email LIMIT 1';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':email', $email);
$stmt->execute();
$user = $stmt->fetchRow();
if (!empty($user)) {
echo 'Flagged email ' . $user['email'] . ' that belongs to ' . $user['username'] . '<br />';
$sql = 'UPDATE users u SET u.emailFlagged = 1 WHERE u.id = :uid';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':uid', $user['id']);
$stmt->execute();
}
}
echo '<a href = "account.php">return to account</a>';
}
public function process()
{
$filename = uniqid() . '.png';
$this->getElement('file')->destinationFilename = 'full/' . $filename;
$this->getElement('file')->savePng();
$this->getElement('file')->resize(100, 100);
$this->getElement('file')->destinationFilename = 'thumb/' . $filename;
$this->getElement('file')->savePng();
$gal = intval(str_replace('gallery', null, $this->getElementValue('dir')));
if ($gal != null) {
$sql = 'INSERT INTO images (filename, gallery, caption, published, user_uploaded) values (:filename, :gallery, :caption, 0, :user)';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':filename', $filename);
$stmt->bindValue(':gallery', $gal);
$stmt->bindValue(':caption', 'Uploaded by: ' . Session::getUser()->getUsername());
$stmt->bindValue(':user', Session::getUser()->getId());
$stmt->execute();
}
logActivity(Session::getUser()->getUsername() . ' uploaded image ' . $filename . ' to gallery: ' . $this->getElement('file')->destinationDir);
redirect('account.php', 'Image has been uploaded, thanks!');
}
<?php
require_once 'includes/common.php';
require_once 'libAllure/FormHandler.php';
use libAllure\FormHandler;
use libAllure\DatabaseFactory;
$sql = 'SELECT v.id FROM venues v';
$venuesCount = count(DatabaseFactory::getInstance()->query($sql)->fetchAll());
if ($venuesCount == 0) {
redirect('account.php', 'There are 0 venues. Create a venue first.');
}
$h = new FormHandler('FormEventCreate');
$f = new FormEventCreate();
if ($f->validate()) {
$f->process();
redirect('listEvents.php', 'Event created');
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$tpl->displayForm($f);
require_once 'includes/widgets/footer.php';
<link rel = stylesheet href = includes/widgets/style.css>
<title>Do activity.</title>
</head>
<body class = "noBgImage">
<?php
$activity = $_GET['activity'];
$stmt = DatabaseFactory::getInstance()->prepare("SELECT * FROM activitys WHERE name = '" . $activity . "' LIMIT 1");
$stmt->execute();
foreach ($stmt->fetchAll() as $row) {
echo "<strong>";
echo $row['name'];
echo "</strong><hr>";
if (isset($_GET['action'])) {
$sql = "UPDATE `users` SET `gold` = (`gold` + " . $row['gold'] . "), `usedturns` = (`usedturns` + " . $row['turns'] . ") WHERE `username` = '" . $userdata['username'] . "' LIMIT 1";
$result2 = DatabaseFactory::getInstance()->prepare($sql);
if ($result2) {
echo "Thanks for doing the " . $row['name'] . ".";
} else {
message(TYPE_ERROR_SQL, "Cannot update user table.");
}
} else {
$turns = get_turns($_SESSION['username']);
$turns = $turns['turns'];
if ($turns >= $row['turns']) {
echo "This will take " . $row['turns'] . " turns, you will earn " . $row['gold'] . " gold.";
echo "<br /><br /><div align = right><form><input type = hidden name = activity value = '" . $activity . "'><input type = submit name = action value = 'do it'></form></div>";
} else {
echo "You dont have enough turns avalible to do this!";
}
}
public static function getByGalleryId($id)
{
$sql = 'SELECT e.id FROM events e WHERE e.gallery = :galleryId';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':galleryId', $id);
$stmt->execute();
$event = $stmt->fetchRowNotNull();
return self::getById($event['id']);
}
function getSingleUserSignupsWithStatuses($statuses, $user = null)
{
if ($user == null) {
$user = Session::getUser()->getId();
}
array_walk($statuses, array(DatabaseFactory::getInstance(), 'quote'));
array_walk($statuses, 'addQuotes');
$statusString = implode(", ", $statuses);
$sql = 'SELECT s.id, e.id AS eventId, e.name, s.status FROM signups s LEFT JOIN events e ON s.event = e.id WHERE s.user = :user AND s.status IN (' . $statusString . ')';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', $user);
$stmt->execute();
return $stmt->fetchAll();
}
function db_query($sql)
{
$stmt = \libAllure\DatabaseFactory::getInstance()->prepare($sql);
$stmt->execute();
if (strpos("SELECT", $sql) !== FALSE) {
return $stmt->fetchAll();
}
}
if (!is_numeric($_GET['gold'])) {
$title = "Add shop item";
require_once "includes/widgets/header.php";
message(TYPE_ERROR, "Invalid gold field.");
}
if (!is_numeric($_GET['turns'])) {
$title = "Add shop item";
require_once "includes/widgets/header.php";
message(TYPE_ERROR, "Invalid turns field.");
}
if ($_GET['type'] == "SLAVE") {
$sql = "INSERT INTO `slaves` (`name`, `gold` ) VALUES ('" . $_GET['name'] . "', '" . $_GET['gold'] . "')";
} else {
$sql = "INSERT INTO `shop` (`type`, `name`, `gold`, `turns`, `description`) VALUES ('" . $_GET['type'] . "', '" . $_GET['name'] . "', '" . $_GET['gold'] . "', '" . $_GET['turns'] . "', '" . $_GET['type'] . "' )";
}
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->execute();
$core->redirect('admin.php', "Item added successfully.");
}
$title = "Add shop item";
require_once "includes/widgets/header.php";
startBox($title, BOX_GREEN);
?>
<form action = "adminShopAddItem.php">
<label>Type <select name = "type">
<option>BUSINESS</option>
<option>SLAVE</option>
<option>ACCESSORY</option>
</select></label><br /><br />
<label>Name <input name = "name" /></label><br /><br />
set_include_path(get_include_path() . PATH_SEPARATOR . 'src/main/php/' . PATH_SEPARATOR . '/usr/share/php/' . PATH_SEPARATOR . 'vendor/jwread/lib-allure/src/main/php/');
date_default_timezone_set('Europe/London');
function __autoload($class)
{
$class = DIRECTORY_SEPARATOR . $class . '.php';
foreach (explode(PATH_SEPARATOR, get_include_path()) as $path) {
if (file_exists($path . $class)) {
require_once $path . $class;
return;
}
}
}
require_once 'includes/functions.php';
require_once 'libAllure/Exceptions.php';
require_once 'libAllure/ErrorHandler.php';
require_once 'libAllure/Database.php';
require_once 'libAllure/Form.php';
require_once 'libAllure/Logger.php';
require_once 'libAllure/User.php';
require_once 'libAllure/Inflector.php';
require_once 'libAllure/Session.php';
require_once 'libAllure/AuthBackend.php';
require_once 'libAllure/AuthBackendDatabase.php';
require_once 'libAllure/HtmlLinksCollection.php';
require_once 'config.php';
\libAllure\ErrorHandler::getInstance()->beGreedy();
$db = new \libAllure\Database(CFG_DB_DSN, CFG_DB_USER, CFG_DB_PASS);
\libAllure\DatabaseFactory::registerInstance($db);
\libAllure\AuthBackend::setBackend(new \libAllure\AuthBackendDatabase());
\libAllure\Session::checkCredentials('SYSTEM', '');
<?php
require_once 'includes/widgets/header.php';
use libAllure\DatabaseFactory;
use libAllure\AuthBackend;
use libAllure\HtmlLinksCollection;
$db = DatabaseFactory::getInstance();
$sql = 'SELECT count(u.id) AS count FROM users u';
$stmt = $db->prepare($sql);
$stmt->execute();
$countUsers = $stmt->fetchRow();
$countUsers = $countUsers['count'];
$setupLinks = new HtmlLinksCollection();
if ($countUsers == 1 || isset($_REQUEST['recreate'])) {
$sql = 'DELETE FROM users WHERE username = "******"';
$stmt = $db->prepare($sql)->execute();
$adminPassword = uniqid();
$sql = 'INSERT INTO users (username, password, `group`) VALUES (:username, :password, 1)';
$stmt = $db->prepare($sql);
$stmt->bindValue(':username', 'admin');
$stmt->bindValue(':password', AuthBackend::getInstance()->hashPassword($adminPassword));
$stmt->execute();
$tpl->assign('message', 'User account created. Your username is <strong>admin</strong> and your password is <strong>' . $adminPassword . '</strong>');
$setupLinks->add('login.php', 'Login');
} else {
$tpl->assign('message', 'Admin account already exists.');
$setupLinks->add('login.php', 'Login');
$setupLinks->add('?recreate', 'Recreate');
}
$tpl->assign('links', $setupLinks);
$tpl->display('notification.tpl');
