static function executeSQL($db, $sql, $bindings = null, $types = null) { if ($statement = $db->prepare($sql)) { if (isset($bindings)) { $reset_types = false; if (!isset($types)) { $types = ''; $reset_types = true; } $bindings_ref = []; foreach ($bindings as $key => $value) { $bindings_ref[] =& $bindings[$key]; if ($reset_types) { $types .= SqlQuery::getTypeChar($value); } } array_unshift($bindings_ref, $types); call_user_func_array(array($statement, 'bind_param'), $bindings_ref); } if ($statement->execute()) { return $statement; } else { dbErr('query', 'execute', $sql, $db->error); } } else { dbErr('query', 'prepare', $sql, $db->error); } }
} //If the user is 'sure', delete the task if (isset($_POST['sure']) && $_POST['sure'] == 'yes') { //Delete the input files linked to this task's questions; the questions will be automatically deleted from database thanks to 'ON DELETE CASCADE' option. $query = $db->query("SELECT input FROM question WHERE id_task={$_GET['id']}") or dbErr($db); while ($result = $query->fetch_assoc()) { $input = $result['input']; if ($input != NULL) { unlink($input); } } //Delete the task $query = $db->query("DELETE FROM task WHERE id={$_GET['id']}") or dbErr($db); $db->close(); exit('Task correctly deleted.<br/><a href="?page=index">Go back to the index.</a>'); } //Warn the user if this task already has contributions $query = $db->query("SELECT current FROM task WHERE id={$_GET['id']}") or dbErr($db); $count = $query->fetch_assoc()['current']; if ($count != 0) { echo "Be careful, this task already has {$count} contributions !<br/>"; } ?> <form method='post'> Confirm that you want to delete this task :<br/> <input type="radio" class="radio" name="sure" value='yes'>Yes</input><br/> <input type="radio" class="radio" name="sure" value='no' checked>No</input><br/> <input type="submit"/> </form>
error('The task id provided is incorrect.', $db); } //initialize the sql query $sql = "INSERT INTO contribution(id_worker,id_answer,id_question) VALUES "; $question = $query->fetch_assoc(); if (!isset($_POST["ans-{$question['id']}"])) { error('The data sent by your browser is incorrect or incomplete.', $db); } $sql = $sql . "({$userid}," . $_POST["ans-{$question['id']}"] . ",{$question['id']})"; //Complete the query iteratively while ($question = $query->fetch_assoc()) { if (!isset($_POST["ans-{$question['id']}"])) { error('The data sent by your browser is incorrect or incomplete.', $db); } $sql = $sql . ", ({$userid}," . $_POST["ans-{$question['id']}"] . ",{$question['id']})"; } //execute the query $db->query($sql) or dbErr($db); //remove the assignment if existing $db->query("DELETE FROM assignment WHERE id_task={$_GET['task']} AND id_worker={$userid}") or dbErr($db); //Increment the current number of contributions of the task $db->query("UPDATE task SET current=current+1 WHERE id={$_GET['task']}"); //Change the task state to "completed" if the target number of contributions is reached $db->query("UPDATE task SET status='completed' WHERE id={$_GET['task']} AND current>=target"); //Transfer the reward from the requester to the Worker $db->query("UPDATE worker,task SET balance=balance+reward WHERE task.id={$_GET['task']} AND worker.id={$userid}") or dbErr($db); $db->query("UPDATE requester,task SET balance=balance-reward WHERE task.id={$_GET['task']} AND requester.id=task.id_requester") or dbErr($db); ?> <p>Contribution successfully registered.</p> <a class='button' href='?page=index'>Return to the index</a>
$sql1 = $sql1 . ',description'; $sql2 = $sql2 . ',"' . str_replace(array("\r\n", "\r", "\n"), '<br/>', $_POST['description']) . '"'; } //Complete the query and execute it $sql1 = $sql1 . ')'; $sql2 = $sql2 . ')'; $query = $db->query($sql1 . $sql2) or dbErr($db); ?> <p>Task successfully inserted into database.</p> <a class='button' href='?page=newQuestion'>Add a question to this task</a><br/> <?php } } //if not, display the form $query = $db->query("SELECT balance FROM requester WHERE id={$_SESSION['userid']}") or dbErr($db); $balance = $query->fetch_assoc()['balance']; ?> <form method='post' onkeyup="addVal(this)"> Task name : <input type="text" name="taskName" maxlength="64" /><br/> <textarea name="description" rows="5" cols="50" maxlenght="512">Task description</textarea><hr/> Assignment type : <select name="assignment"> <option>open</option> <option>waiting</option> </select> if "waiting", you can specify here parameters for an external assignment algorithm : <input type="text" name="extparams" maxlength="128" /><br/> Target number of contributions : <input type="text" name="target"/> Integer value, -1 for manual or external algorithm.<br/> Individual reward for this task : <input type="text" name="reward"/> Total cost : <b id='total'>0</b> — Current balance : <b id='balance'><?php echo $balance; ?>
public function loadChildren() { $sql = 'SELECT * FROM viewCategories WHERE category_parent_id = ? ORDER BY category_name'; if ($statement = $this->db->prepare($sql)) { $statement->bind_param('i', $this->val('category_id')); if ($statement->execute()) { $result = $statement->get_result(); $this->children = []; while ($row = $result->fetch_assoc()) { $cat = new Category(); $cat->setData($row); $this->children[] = $cat; } $statement->close(); } else { dbErr($this->table_name, 'execute', $sql, $this->db->error); } } else { dbErr($this->table_name, 'prepare', $sql, $this->db->error); } }
<h2>Login</h2> <?php //If a session is already set, exit this script if (isset($_SESSION['usermode'])) { exit("It looks like you're already connected.<br/> Do you want to <a href='.?page=logout'>logout</a> ?"); } //====================================================================================================================== //if the login form has already been submitted, check the entered login data if (isset($_POST['logtype'])) { $query = $db->query("SELECT id,password,username FROM " . $_POST['logtype'] . " WHERE username='******'login'] . "';") or dbErr($db); $result = $query->fetch_assoc(); if ($result != NULL) { if (password_verify($_POST['pass'], $result['password'])) { $_SESSION['usermode'] = $_POST['logtype']; $_SESSION['userid'] = $result['id']; $_SESSION['username'] = $result['username']; header('location: .?page=index'); $db->close(); exit; } } ?> <p color='red'>Incorrect login information.</p> <?php } //====================================================================================================================== //else, or if the data is incorrect, echo the login form ?> <form action="" method="post" accept-charset="utf-8"> Login as : <select name="logtype"><option >worker</option><option>requester</option><option>admin</option></select><br/>
} ?> <p>Question successfully added</p> <a href=''>Add a new question</a> <a href='?page=index'>return to the index</a> <?php $db->close(); exit; } } } ?> <form method='post' enctype="multipart/form-data"> <?php //Take the list of the user's tasks from the db and generate a choice list in the form $query = $db->query("SELECT id,name FROM task WHERE id_requester={$_SESSION['userid']}") or dbErr($db); if ($query->num_rows == 0) { error('No tasks linked to your account were found. <a href="?page=newTask">Create a task</a>', $db); } echo "Choose the task linked to this question : <select name='taskid'>"; while ($result = $query->fetch_assoc()) { echo "<option value='{$result['id']}'"; if (isset($_GET['task']) && $_GET['task'] == $result['id']) { echo ' selected'; } echo ">" . $result['name'] . "</option>"; } ?> </select> <br/> Question : <textarea name="question" cols="50" rows="1" maxlenght='256'></textarea><br/>
<p><b>Task description :</b><?php echo $task['description']; ?> </p> <form action="?page=contribute&task=<?php echo $_GET['id']; ?> " method="post" accept-charset="utf-8"> <?php //Get the task questions $query = $db->query("SELECT * FROM question WHERE id_task={$_GET['id']}") or dbErr($db); //Display each question while ($question = $query->fetch_assoc()) { echo "<h3>{$question['question']}</h3>"; //if existing, display the input file if (file_exists($question['input']) && (include "inputTypes/{$question['inputType']}.php")) { $type = new $question['inputType']($question['input']); $type->display(); echo "<br/>"; } //Get all the possible answers for the question $query2 = $db->query("SELECT id,answer FROM answer WHERE id_question={$question['id']}") or dbErr($db); //Display all the answers while ($answer = $query2->fetch_assoc()) { echo "<input type='radio' name='ans-{$question['id']}' value='{$answer['id']}'/> {$answer['answer']}<br/>"; } } ?> <input type="submit"/> </form>
</td> <td><?php echo $result['reward']; ?> </td> </tr> <?php } ?> </tbody> </table> </p> <?php } //get available tasks where the user has not already contributed. $query = $db->query("SELECT id,name,description,reward FROM task WHERE status='open'\n\t\t\t\t\t\tAND id NOT IN (\n\t\t\t\t\t\tSELECT id_task FROM contribution,question WHERE contribution.id_question=question.id AND id_worker={$_SESSION['userid']}\n\t\t\t\t\t\t)\n\t\t\t\t\t\tAND task.id IN (SELECT DISTINCT id_task FROM question)") or dbErr($db); if ($query->num_rows != 0) { ?> <h3>Open tasks :</h3> <p> <table> <thead> <tr> <th>Task name</th> <th>Task description</th> <th>Reward</th> </tr> </thead> <tbody> <?php while ($result = $query->fetch_assoc()) {
<h3>Questions linked to this task:</h3> <p> <table> <thead> <tr> <th>Question</th> <th>Answers</th> <th>Get results</th> <th>Delete</th> </tr> </thead> <tbody> <?php //For each question, get the answers linked to it while ($question = $query->fetch_assoc()) { $query2 = $db->query('SELECT answer FROM answer WHERE id_question=' . $question['id']) or dbErr($db); ?> <tr> <td> <?php echo $question['question']; ?> </td> <td> <?php while ($ans = $query2->fetch_assoc()) { echo $ans['answer'] . '<br/>'; } ?> </td> <td>
foreach ($input->request->fields->worker as $field) { if (is_string($field)) { $sql = $sql . $field . ","; } } if ($sql == "SELECT ") { $sql = $sql . "*"; } else { $sql = rtrim($sql, ','); } //Remove the last (and excedentary) coma. } else { $sql = $sql . "*"; } $sql = $sql . " FROM worker WHERE id={$row['id_worker']}"; $query2 = $db->query($sql) or dbErr($db); $row['worker'] = $query2->fetch_assoc(); unset($row['id_worker']); } unset($query2); } //=================================================================================================================== $result[] = $row; } //Check the return size $max = 10000000; if (isset($input->request->max_size) && is_numeric($input->request->max_size) && $input->request->max_size > 0) { $max = $input->request->max_size; } if (memory_get_usage() - $memory > $max) { error('Return size greater than specified maximum.', 10, $db);
<?php //Check if the input is correct if (!isset($input->delete->id) || !isset($input->delete->type)) { error('Json query syntax incorrect', 9, $db); } $delete = $input->delete; $db->query("DELETE FROM {$delete->type} WHERE id={$delete->id}") or dbErr($db); $ans = new stdClass(); $ans->code = 0; $ans->message = "row successfully deleted"; echo json_encode($ans, JSON_PRETTY_PRINT);
<h2>List of your tasks</h2> <?php $query = $db->query("SELECT * FROM requester,task WHERE id_requester=requester.id") or dbErr($db); ?> <p> <table> <thead> <tr> <th>Task name</th> <th>Task description</th> <th>requester</th> <th>Task status</th> <th>Contributions/target</th> <th>reward</th> <th>Delete</th> </tr> </thead> <tbody> <?php while ($result = $query->fetch_assoc()) { ?> <tr> <td><a href='?page=viewTask&id=<?php echo $result['id']; ?> '><?php echo $result['name']; ?> </a></td> <td><?php echo $result['description'];
<h2>List of the platform requesters</h2> <?php //Connect to database. $query = $db->query("SELECT username,id FROM requester") or dbErr($db); echo "<div class='content'><ul>\n"; while ($requester = $query->fetch_assoc()) { echo "<li><a href='?page=viewRequester&id={$requester['id']}'>{$requester['username']}</a></li>\n"; } echo "</ul></div>\n";
<h2>Register</h2> <?php if (isset($_POST['regUN'])) { //If the register form has already be submitted, treat the data //Check if the username and password are correct if ($_POST['regUN'] == '' || $_POST['pass'] == '') { echo 'Please enter a username and a password.'; } elseif ($_POST['pass'] != $_POST['pass2']) { echo "The two passwords don't match"; } elseif (strpos($_POST['regUN'], ';') !== FALSE || strpos($_POST['regUN'], "'") !== FALSE || strpos($_POST['regUN'], '"') !== FALSE) { echo "You must not use ; ' or \" in the username."; } else { //if everything is ok $db->query("INSERT INTO admin(username,password) VALUES ('{$_POST['regUn']}','" . password_hash($_POST['pass'], PASSWORD_DEFAULT) . "')") or dbErr($db); } } //====================================================================================================================================================== ?> <form action=".?page=register" method="post" accept-charset="utf-8"> Chose a username : <input type="text" name="regUN"/><br/> Chose a password and confirm : <input type="password" name="pass"/> <input type="password" name="pass2"/><br/> <input type="submit"/> </form>
<?php $config = (require 'config.php'); $home_dir = $config['home_dir']; require_once $home_dir . 'classes/functions.php'; require_once $home_dir . 'classes/log.php'; require_once $home_dir . 'models/base.m.php'; if (_g('security_token') == $config['security_token']) { $db = new mysqli($config['db_host'], $config['db_login'], $config['db_password'], $config['db_name']); $db->set_charset('utf8'); $job = _g('job'); if ($db->connect_errno == 0) { include $home_dir . 'jobs/' . $job . '.j.php'; } else { dbErr($db->erorr); } } else { die('Wrong security token.'); }
public function deleteById($id = null) { if (!isset($id)) { $id = $this->val($this->id_name); } $sql = sprintf('DELETE FROM %s WHERE %s = ?', $this->table_name, $this->id_name); if ($statement = $this->db->prepare($sql)) { $statement->bind_param('i', $id); if ($statement->execute()) { $statement->close(); $this->is_loaded = false; $this->data = []; return true; } else { dbErr($this->table_name, 'execute', $sql, $this->db->error); } } else { dbErr($this->table_name, 'prepare', $sql, $this->db->error); } }
?> " maxlenght='16'/><br/> Password : <input type="text" name="password" placeholder="Enter new password"/><input type="text" name="password2" placeholder="Confirm new password"/><br/> Balance : <input type="text" value="<?php echo $requester['balance']; ?> " name='balance'/><br/> Warning : as an admin, you won't be warned if you set a balance lower than needed for the requester's current tasks. It is therefore advised to only increase a requester's balance, except if you're sure of yourself. <input type="submit"/> </form> <h2>Requester's tasks :</h2> <?php //get the tasks linked to the requester $query = $db->query("SELECT * FROM task WHERE id_requester={$_GET['id']}") or dbErr(); if ($query->num_rows == 0) { echo "<p>No tasks found</p>"; } else { ?> <p> <table> <thead> <tr> <th>Task name</th> <th>Task description</th> <th>Status</th> <th>Contributions/target</th> <th>Reward</th> <th>Delete</th> </tr>
break; } } } } $sql->sql = $sql->sql . ' WHERE id=' . $_SESSION['userid']; if ($sql->ok) { $query = $db->query($sql->sql) or dbErr($db); echo 'Profile successfully updated !'; echo "<br/>"; } } } //====================================================================================================================== //Get the user info from the database $query = $db->query("SELECT * FROM " . $_SESSION['usermode'] . " WHERE id=" . $_SESSION['userid']) or dbErr($db); $user = $query->fetch_assoc(); //Echo the form prefilled with the user data ?> <form method="post" accept-charset="utf-8"> Username : <input type="text" name="regUN" value="<?php echo $user['username']; ?> "/><br/> Password and confirm : <input type="password" name="pass"/> <input type="password" name="pass2"/><br/> <?php if ($_SESSION['usermode'] == 'worker') { //For workers, add the form lines for the features $features = scandir("features"); foreach ($features as $filename) {
?> Current number of contributions : <?php echo $total; ?> </p> <?php //get the answers linked to the question $query = $db->query("SELECT * FROM answer WHERE id_question={$question['id']}") or dbErr($db); ?> <table border='1'> <thead> <tr> <th>Answer</th> <th>Number</th> <th>Percentage</th> </tr> </thead> <tbody> <?php //For each answer, get the number of contributions while ($ans = $query->fetch_assoc()) { echo "<tr>\n<td>{$ans['answer']}</td>\n"; $query2 = $db->query("SELECT count(*) FROM contribution WHERE id_answer={$ans['id']}") or dbErr($db); $number = $query2->fetch_assoc()['count(*)']; $percent = $number / max($total, 1) * 100; //max($total,1) is used to avoid division by zero in the case of $total=0 echo "<td>{$number}</td>\n<td>{$percent} %</td>\n</tr>"; } ?> </tbody> </table>
error('Question id missing', $db); } //If the user is 'sure', delete the question if (isset($_POST['sure']) && $_POST['sure'] == 'yes') { //Delete the input file linked to the question $query = $db->query("SELECT input FROM question WHERE id={$_GET['id']}") or dbErr($db); $input = $query->fetch_assoc()['input']; if ($input != NULL) { unlink($input); } //Delete the question from the database $query = $db->query("DELETE FROM question WHERE id={$_GET['id']}") or dbErr($db); $db->close(); exit('Question correctly deleted.<br/><a href="?page=index">Go back to the index.</a>'); } //Warn the user if the question already has contributions from workers $query = $db->query("SELECT count(*) FROM contribution WHERE id_question={$_GET['id']}") or dbErr($db); $count = $query->fetch_assoc()['count(*)']; if ($count != 0) { echo "Be careful, this question already has {$count} contributions !<br/>"; } ?> <form method='post'> Confirm that you want to delete this question :<br/> <input type="radio" name="sure" value='yes'/>Yes<br/> <input type="radio" name="sure" value='no' checked/>No<br/> <input type="submit"/> </form>
<?php //Check the input data if (!isset($input->login->id, $input->login->password)) { error('id or password fields not found in the input data', 3, $db); } //query the database $query = $db->query("SELECT id,password FROM admin WHERE username='******'") or dbErr($db); $result = $query->fetch_assoc(); if ($result == NULL || !password_verify($input->login->password, $result['password'])) { error('Incorrect login information.', 3, $db); } unset($result);
include 'features/' . $filename; } $feat = new $class(); $sql = $feat->getForm($_POST, $sql); if (!$sql->ok) { echo $sql->err; break; } } } } if ($sql->ok) { //Insert the data $sql->sql1 = $sql->sql1 . ')'; $sql->sql2 = $sql->sql2 . ')'; $query = $db->query($sql->sql1 . $sql->sql2) or dbErr($db); ?> <p>Account succesfully created !</p> <a class="button" href='.?page=login'>Go back to the login page</a> <?php $db->close(); exit; } } } //====================================================================================================================================================== if (isset($_POST['regType'])) { //treat the data from the first form, and generate the adapted form for requesters or workers ?> <form action=".?page=register" method="post" accept-charset="utf-8"> Chose a username : <input type="text" name="regUN" maxlength="16" /><br/>