API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 31st, 2017
81
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 28.92 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. if(file_exists('./config/config.php'))
  4. {
  5.     require_once './config/config.php';
  6. }
  7. else
  8. {
  9.     require_once '../config/config.php';
  10. }
  11.  
  12. class Database
  13. {
  14.     var $conn;
  15.    
  16.     function __construct()
  17.     {  
  18.         $this->conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT);
  19.         if (mysqli_connect_errno())
  20.         {
  21.             die('Error connecting to database');
  22.         }
  23.     }
  24.    
  25.     function __construct1($dbhost, $dbuser, $dbpass, $dbname, $dbport=DB_PORT)
  26.     {  
  27.         $this->conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname, $dbport);
  28.         if (mysqli_connect_errno())
  29.         {
  30.             die('Error connecting to database');
  31.         }
  32.     }
  33.  
  34.     function close_db()
  35.     {
  36.         $this->conn->close();
  37.     }
  38.  
  39.     function query($query)
  40.     {
  41.         return $this->conn->query($query);
  42.     }
  43.  
  44.     /*
  45.      * Checks whether the input string is banned.
  46.      * This will check for:
  47.      * 1. IP Addresses
  48.      * 2. Usernames
  49.      * 3. Email Addresses
  50.      * Returns bool
  51.      *
  52.      * $option is the user's userid, username, ip address or email.
  53.      */
  54.     function is_banned($option)
  55.     {
  56.         if($this->is_exempt($option))
  57.         {
  58.             return false;
  59.         }
  60.         $option = $this->conn->real_escape_string($option);
  61.         $query = "SELECT ban_id FROM `bans` WHERE user_id=(SELECT user_id FROM `users` WHERE username='$option') or ip_address='$option' or email='$option'";
  62.         $result = $this->query($query);
  63.         if(!$result or $result->num_rows < 1)
  64.         {
  65.             return false;
  66.         }
  67.         return true;
  68.     }
  69.    
  70.     function is_exempt($option)
  71.     {
  72.         $option = $this->conn->real_escape_string($option);
  73.         $query = "SELECT exempt_id FROM `exempts` WHERE user_id=(SELECT user_id FROM `users` WHERE username='$option') or ip_address='$option' or email='$option'";
  74.         $result = $this->query($query);
  75.         if(!$result or $result->num_rows < 1)
  76.         {
  77.             return false;
  78.         }
  79.         return true;
  80.     }
  81.  
  82.     /*
  83.      * Checks to see if a user's pin is defined.
  84.      * Return true if yes
  85.      * Return false if no
  86.      */
  87.     function pin_exists($pin)
  88.     {
  89.         $pin = $this->conn->real_escape_string($pin);
  90.         $query = "SELECT user_id FROM `users` WHERE pin='$pin'";
  91.         $result = $this->query($query);
  92.         if(!$result or $result->num_rows < 1)
  93.         {
  94.             return false;
  95.         }
  96.         return true;
  97.     }
  98.  
  99.     /*
  100.      * Checks to see if a user's pin is banned.
  101.      * Return true if yes
  102.      * Return false if no
  103.      */
  104.     function pin_is_banned($pin)
  105.     {
  106.         $pin = $this->conn->real_escape_string($pin);
  107.         $query = "SELECT ban_id FROM `bans` WHERE user_id=(SELECT user_id FROM `users` WHERE pin='$pin')";
  108.         $result = $this->query($query);
  109.         if(!$result or $result->num_rows < 1)
  110.         {
  111.             return false;
  112.         }
  113.         return true;
  114.     }
  115.  
  116.     /*
  117.      * Checks to see if a user's pin is valid (it exists and isn't banned).
  118.      * Return true if yes
  119.      * Return false if no
  120.      */
  121.     function pin_is_valid($pin)
  122.     {
  123.         return (bool)($this->pin_exists($pin) && !$this->pin_is_banned($pin));
  124.     }
  125.  
  126.     //DOCUMENTATION IS COMING SOON FOR THE FUNCTIONS BELOW
  127.     function username_exists($username)
  128.     {
  129.         $username = $this->conn->real_escape_string($username);
  130.         $query = "SELECT user_id FROM `users` WHERE username='$username'";
  131.         $result = $this->query($query);
  132.         if(!$result or $result->num_rows < 1)
  133.         {
  134.             return false;
  135.         }
  136.         return true;
  137.     }
  138.    
  139.     function user_id_exists($user_id)
  140.     {
  141.         $user_id = $this->conn->real_escape_string($user_id);
  142.         $query = "SELECT username FROM `users` WHERE user_id='$user_id'";
  143.         $result = $this->query($query);
  144.         if(!$result or $result->num_rows < 1)
  145.         {
  146.             return false;
  147.         }
  148.         return true;
  149.     }
  150.  
  151.     function get_inviter_id_from_invite_code($code)
  152.     {
  153.         $code = $this->conn->real_escape_string($code);
  154.         $query = "SELECT creator_id FROM `invites` WHERE invite_code=$code";
  155.         $result = $this->query($query);
  156.         if($result->num_rows > 0)
  157.         {
  158.             $row = $result->fetch_assoc();
  159.             return $row['creator_id'];
  160.         }
  161.     }
  162.  
  163.     function create_user($first, $last, $username, $password, $email, $sec_quest, $sec_ans, $inviter_id, $privilege_level)
  164.     {
  165.         $first = $this->conn->real_escape_string($first);
  166.         $last = $this->conn->real_escape_string($last);
  167.         $salt = $this->create_salt();
  168.         $username = $this->conn->real_escape_string($username);
  169.         $password = hash('sha256', $salt. hash('sha256', $password));
  170.         $email = $this->conn->real_escape_string($email);
  171.         $sec_quest = $this->conn->real_escape_string($sec_quest);
  172.         $sec_ans = hash('sha256', $salt. hash('sha256', $sec_ans));
  173.         $inviter_id = $this->conn->real_escape_string($inviter_id);
  174.         $privilege_level = $this->conn->real_escape_string($privilege_level);
  175.         $pin = $this->generate_pin();
  176.         $date = date('Y-m-d H:i:s');
  177.     require_once './includes/database.php';
  178.         $query = "INSERT INTO `users` VALUES(NULL,'$first','$last','$username','$password','$email','$sec_quest','$sec_ans','$inviter_id','$privilege_level','$date','$pin','0','0','2','$salt','0')";
  179.         return $this->query($query);
  180.     }
  181.  
  182.     private function create_salt()
  183.     {
  184.         $string = md5(uniqid(rand(), true));
  185.         return substr($string, 0, 4);
  186.     }
  187.  
  188.     private function generate_pin()
  189.     {
  190.         $num = rand(1000000000,9999999999);
  191.         while($this->pin_exists($num))
  192.         {
  193.             $num = rand(1000000000,9999999999);
  194.         }
  195.         return $num;
  196.     }
  197.  
  198.     function disable_invite_code($code)
  199.     {
  200.         $code = $this->conn->real_escape_string($code);
  201.         $query = "ALTER `invites` SET used='TRUE' WHERE invite_code='$code'";
  202.         return $this->query($query);
  203.     }
  204.  
  205.     function get_salt_from_username($username)
  206.     {
  207.         $username = $this->conn->real_escape_string($username);
  208.         $query = "SELECT salt FROM `users` WHERE username='$username'";
  209.         $result = $this->query($query);
  210.         if($result->num_rows > 0)
  211.         {
  212.             $row = $result->fetch_assoc();
  213.             return $row['salt'];
  214.         }
  215.     }
  216.  
  217.     function check_password($username, $password)
  218.     {
  219.         $password = hash('sha256', $this->get_salt_from_username($username) . $password);
  220.         $username = $this->conn->real_escape_string($username);
  221.         $query = "SELECT user_id FROM `users` WHERE (username='$username' AND pass='$password')";
  222.         $result = $this->query($query);
  223.         if(!$result or $result->num_rows < 1)
  224.         {
  225.             return false;
  226.         }
  227.         return true;
  228.     }
  229.  
  230.     function user_approval_denied($username)
  231.     {
  232.         $username = $this->conn->real_escape_string($username);
  233.         $query = "SELECT approval_denied FROM `users` WHERE username='$username'";
  234.         $result = $this->query($query);
  235.         if($result->num_rows > 0)
  236.         {
  237.             $row = $result->fetch_assoc();
  238.             return ($row['approval_denied'] == true);
  239.         }
  240.     }
  241.  
  242.  
  243.     function user_is_approved($username)
  244.     {
  245.         $username = $this->conn->real_escape_string($username);
  246.         $query = "SELECT privilege_level FROM `users` WHERE username='$username'";
  247.         $result = $this->query($query);
  248.         if($result->num_rows > 0)
  249.         {
  250.             $row = $result->fetch_assoc();
  251.             return ($row['privilege_level'] > 0);
  252.         }
  253.     }
  254.  
  255.     function sec_ans_is_correct($username, $sec_ans)
  256.     {
  257.         $username = $this->conn->real_escape_string($username);
  258.         $sec_ans = $this->conn->real_escape_string($sec_ans);
  259.         $query = "SELECT user_id FROM `users` WHERE sec_answer='$sec_ans' AND username='$username'";
  260.         $result = $this->query($query);
  261.         if(!$result or $result->num_rows < 1)
  262.         {
  263.             return false;
  264.         }
  265.         return true;
  266.     }
  267.  
  268.     function change_username_password($username, $password)
  269.     {
  270.         $password = hash('sha256', $this->get_salt_from_username($username) . hash('sha256', $password));
  271.         $username = $this->conn->real_escape_string($username);
  272.         $query = "UPDATE `users` SET pass='$password' WHERE username='$username'";
  273.         $result = $this->query($query);
  274.         return $result;
  275.     }
  276.  
  277.     function get_email_from_username($username)
  278.     {
  279.         $username = $this->conn->real_escape_string($username);
  280.         $query = "SELECT email FROM `users` WHERE username='$username'";
  281.         $result = $this->query($query);
  282.         if(!$result or $result->num_rows < 1)
  283.         {
  284.             return NULL;
  285.         }
  286.         $row = $result->fetch_assoc();
  287.         return $row['email'];
  288.     }
  289.  
  290.     function get_pin_from_username($username)
  291.     {
  292.         $username = $this->conn->real_escape_string($username);
  293.         $query = "SELECT pin FROM `users` WHERE username='$username'";
  294.         $result = $this->query($query);
  295.         if($result->num_rows > 0)
  296.         {
  297.             $row = $result->fetch_assoc();
  298.        
  299.             $pin = $row['pin'];
  300.             return $pin;
  301.         }
  302.         return 0;
  303.     }
  304.  
  305.     function get_sec_quest_from_username($username)
  306.     {
  307.         $username = $this->conn->real_escape_string($username);
  308.         $query = "SELECT sec_question FROM `users` WHERE username='$username'";
  309.         $result = $this->query($query);
  310.         if($result && $result->num_rows > 0)
  311.         {
  312.             $row = $result->fetch_assoc();
  313.        
  314.             $quest = $row['sec_question'];
  315.             return $quest;
  316.         }
  317.     }
  318.    
  319.     function email_exists($email)
  320.     {
  321.         $email = $this->conn->real_escape_string($email);
  322.         $query = "SELECT user_id FROM `users` WHERE email='$email'";
  323.         $result = $this->query($query);
  324.         if(!$result or $result->num_rows < 1)
  325.         {
  326.             return false;
  327.         }
  328.         return true;
  329.     }
  330.    
  331.     function get_username_from_email($email)
  332.     {
  333.         $email = $this->conn->real_escape_string($email);
  334.         $query = "SELECT username FROM `users` WHERE email='$email'";
  335.         $result = $this->query($query);
  336.         if($result && $result->num_rows > 0)
  337.         {
  338.             $row = $result->fetch_assoc();
  339.        
  340.             $username = $row['username'];
  341.             return $username;
  342.         }
  343.     }
  344.    
  345.     function get_user_id_from_username($username)
  346.     {
  347.         $username = $this->conn->real_escape_string($username);
  348.         $query = "SELECT user_id FROM `users` WHERE username='$username'";
  349.         $result = $this->query($query);
  350.         if($result && $result->num_rows > 0)
  351.         {
  352.             $row = $result->fetch_assoc();
  353.        
  354.             $user_id = $row['user_id'];
  355.             return $user_id;
  356.         }
  357.     }
  358.    
  359.     function get_privilege_level_from_user_id($user_id)
  360.     {
  361.         $user_id = $this->conn->real_escape_string($user_id);
  362.         $query = "SELECT privilege_level FROM `users` WHERE user_id='$user_id'";
  363.         $result = $this->query($query);
  364.         if($result && $result->num_rows > 0)
  365.         {
  366.             $row = $result->fetch_assoc();
  367.        
  368.             $privilege_level = $row['privilege_level'];
  369.             return $privilege_level;
  370.         }
  371.     }
  372.    
  373.     function cookie_is_valid($cookie)
  374.     {
  375.         $cookie = $this->conn->real_escape_string($cookie);
  376.         $query = "SELECT cookie_id FROM `cookies` WHERE value='$cookie'";
  377.         $result = $this->query($query);
  378.         if(!$result or $result->num_rows < 1)
  379.         {
  380.             return false;
  381.         }
  382.         return true;
  383.     }
  384.    
  385.     function get_username_from_cookie($cookie)
  386.     {
  387.         $cookie = $this->conn->real_escape_string($cookie);
  388.         $query = "SELECT username FROM `cookies` WHERE value='$cookie'";
  389.         $result = $this->query($query);
  390.         if($result->num_rows > 0)
  391.         {
  392.             $row = $result->fetch_assoc();
  393.             return $row['username'];
  394.         }
  395.     }
  396.    
  397.     function add_cookie($cookie, $username)
  398.     {
  399.         $cookie = $this->conn->real_escape_string($cookie);
  400.         $username = $this->conn->real_escape_string($username);
  401.         $query = "INSERT INTO `cookies` VALUES(NULL, '$username', '$cookie')";
  402.         return $this->query($query);
  403.     }
  404.    
  405.     function delete_cookie($cookie)
  406.     {
  407.         $cookie = $this->conn->real_escape_string($cookie);
  408.         $query = "DELETE FROM `cookies` WHERE value='$cookie'";
  409.         return $this->query($query);
  410.     }
  411.    
  412.     function record_user_login($user_id, $ip_address, $user_agent)
  413.     {
  414.         $user_id = $this->conn->real_escape_string($user_id);
  415.         $ip_address = $this->conn->real_escape_string($ip_address);
  416.         $date = $this->conn->real_escape_string(date('Y-m-d H:i:s'));
  417.         $user_agent = $this->conn->real_escape_string($user_agent);
  418.         $query = "INSERT INTO `logins` VALUES(NULL,'$user_id','$ip_address','$date','$user_agent')";
  419.         return $this->query($query);
  420.     }
  421.    
  422.     function get_login_id($user_id, $datetime) //useful for matching a pageview with a login session
  423.     {
  424.         $user_id = $this->conn->real_escape_string($user_id);
  425.         $datetime = $this->conn->real_escape_string($datetime);
  426.         $query = "SELECT login_id FROM `logins` ORDER BY date DESC WHERE (user_id='$user_id' AND datediff(ss,date,'$date')>0) LIMIT 1";
  427.         $result = $this->query($query);
  428.         if($result->num_rows > 0)
  429.         {
  430.             $row = $result->fetch_assoc();
  431.             return $row['login_id'];
  432.         }
  433.     }
  434.    
  435.     function record_page_view($user_id, $page_url)
  436.     {
  437.         $user_id = $this->conn->real_escape_string($user_id);
  438.         $page_url = $this->conn->real_escape_string($page_url);
  439.         $date = $this->conn->real_escape_string(date('Y-m-d H:i:s'));
  440.         $query = "INSERT INTO `page_views` VALUES(NULL, '$user_id', '$date', '$page_url')";
  441.         return $result = $this->query($query);
  442.     }
  443.  
  444.     function upload_image($imagename, $description, $user_id)
  445.     {
  446.         $imagename = $this->conn->real_escape_string($imagename);
  447.         $description = $this->conn->real_escape_string(strip_tags($description));
  448.         $user_id = $this->conn->real_escape_string($user_id);
  449.         $ip = $this->conn->real_escape_string($_SERVER['REMOTE_ADDR']);
  450.         $date = $this->conn->real_escape_string(date("Y-m-d H:i:s", $_SERVER['REQUEST_TIME']));
  451.        
  452.         $query = "INSERT INTO images VALUES (NULL, '$user_id', '$ip', '$date', '$imagename', '$description', 0)";
  453.         return $this->query($query);
  454.     }
  455.    
  456.     function invite_code_exists($code)
  457.     {
  458.            $code = $this->conn->real_escape_string($code);
  459.            $query = "SELECT invite_id FROM `invites` WHERE invite_code='$code'";
  460.            $result = $this->query($query);
  461.            if(!$result or $result->num_rows < 1)
  462.            {
  463.                return false;
  464.            }
  465.            return true;
  466.     }
  467.    
  468.     function invite_code_used($code)
  469.     {
  470.            $code = $this->conn->real_escape_string($code);
  471.            $query = "SELECT used FROM `invites` WHERE invite_code='$code'";
  472.            $result = $this->query($query);
  473.            if(!$result or $result->num_rows < 1)
  474.            {
  475.                return true;
  476.            }
  477.            return false;
  478.    }
  479.    
  480.    function invite_code_expired($code)//add constant to avoid magic number
  481.    {
  482.            $code = $this->conn->real_escape_string($code);
  483.            $query = "SELECT date FROM `invites` WHERE invite_code='$code'";
  484.            $result = $this->query($query);
  485.            if($result->num_rows > 0)
  486.         {
  487.             $row = $result->fetch_assoc();
  488.             $date = $row['date'];
  489.         }
  490.        
  491.            $date = DateTime($date);
  492.         $interval = $date->diff(date('Y-m-d H:i:s'));
  493.         if(((int)$interval->d) <= 3)
  494.         {
  495.             return false;
  496.         }
  497.         return true;
  498.        }
  499.    
  500.        function get_article_info_from_invite($code)
  501.        {
  502.         $code = $this->conn->real_escape_string($code);
  503.         $query = "SELECT article_url,article_title FROM `invites` WHERE invite_code='$code'";
  504.         $result = $this->query($query);
  505.         if($result->num_rows > 0)
  506.         {
  507.             $row = $result->fetch_assoc();
  508.             return $row;
  509.         }
  510.        }
  511.    
  512.        function email_matches_invite($email, $invite)
  513.        {
  514.            $email = $this->conn->real_escape_string($email);
  515.         $invite = $this->conn->real_escape_string($invite);
  516.         $query = "SELECT invite_id FROM `invites` WHERE emailed_to='$email' AND invite_code='$invite'";
  517.         $result = $this->query($query);
  518.         if($result->num_rows > 0)
  519.         {
  520.             return true;
  521.         }
  522.         return false;
  523.        }
  524.    
  525.        function invite_created_from_ip($ip)
  526.        {
  527.            $ip = $this->conn->real_escape_string($ip);
  528.         $query = "SELECT invite_id FROM `invites` WHERE ip_created='$ip'";
  529.         $result = $this->query($query);
  530.         if($result->num_rows > 0)
  531.         {
  532.             return true;
  533.         }
  534.         return false;
  535.    }
  536.    
  537.    function image_id_exists($id)
  538.    {
  539.            $id = $this->conn->real_escape_string($id);
  540.         $query = "SELECT image_id FROM `images` WHERE image_id='$id'";
  541.         $result = $this->query($query);
  542.         if($result->num_rows > 0)
  543.         {
  544.             return true;
  545.         }
  546.         return false;
  547.    }
  548.    
  549.    function get_image_score($image_id)
  550.    {
  551.            $image_id = $this->conn->real_escape_string($image_id);
  552.            $query = "SELECT image_id='$image_id',SUM(vote) as vote_score FROM `image_votes` WHERE image_id='$image_id'";
  553.            $result = $this->query($query);
  554.            if($result->num_rows > 0)
  555.         {
  556.             $row = $result->fetch_assoc();
  557.             if($row['vote_score'])
  558.             {
  559.                 return $row['vote_score'];
  560.             }
  561.             else
  562.             {
  563.                 return 0;
  564.             }
  565.         }
  566.    }
  567.    
  568.    function get_image_info($image_id)
  569.    {
  570.            $image_id = $this->conn->real_escape_string($image_id);
  571.            $query = "SELECT * FROM `images` WHERE image_id='$image_id'";
  572.            $result = $this->query($query);
  573.            if($result->num_rows > 0)
  574.         {
  575.             $row = $result->fetch_assoc();
  576.             return $row;
  577.         }
  578.    }
  579.    
  580.    function get_image_views($image_id)
  581.    {
  582.            $image_id = $this->conn->real_escape_string($image_id);
  583.            $query = "SELECT COUNT(view_id) page_views FROM `page_views` WHERE url LIKE '%/image.php?%id=$image_id%'";
  584.            $result = $this->query($query);
  585.            if($result->num_rows > 0)
  586.         {
  587.             $row = $result->fetch_assoc();
  588.             return $row['page_views'];
  589.         }
  590.    }
  591.    
  592.    function delete_image($image_id)
  593.    {
  594.            $image_id = $this->conn->real_escape_string($image_id);
  595.            $query = "UPDATE `images` SET deleted=TRUE WHERE image_id='$image_id'";
  596.            return $this->query($query);
  597.    }
  598.    
  599.    function undelete_image($image_id)
  600.    {
  601.            $image_id = $this->conn->real_escape_string($image_id);
  602.            $query = "UPDATE `images` SET deleted=FALSE WHERE image_id='$image_id'";
  603.            return $this->query($query);
  604.    }
  605.    
  606.    function change_image_vote($image_id, $user_id, $vote)
  607.    {
  608.            $image_id = $this->conn->real_escape_string($image_id);
  609.            $user_id = $this->conn->real_escape_string($user_id);
  610.            $vote = $this->conn->real_escape_string($vote);
  611.            $query = "UPDATE `image_votes` SET vote='$vote' WHERE (image_id='$image_id' AND user_id='$user_id')";
  612.            return $this->query($query);
  613.    }
  614.    
  615.    function add_image_vote($image_id, $user_id, $vote)
  616.    {
  617.            $image_id = $this->conn->real_escape_string($image_id);
  618.            $user_id = $this->conn->real_escape_string($user_id);
  619.            $vote = $this->conn->real_escape_string($vote);
  620.            $date = $this->conn->real_escape_string(date('Y-m-d H:i:s'));
  621.            $query = "INSERT INTO `image_votes` VALUES(NULL,'$user_id','$vote','$image_id', '$date')";
  622.            return $this->query($query);
  623.    }
  624.    
  625.    function image_vote_exists($image_id, $user_id)
  626.    {
  627.            $image_id = $this->conn->real_escape_string($image_id);
  628.            $user_id = $this->conn->real_escape_string($user_id);
  629.            $query = "SELECT vote_id FROM `image_votes` WHERE image_id='$image_id' AND user_id='$user_id'";
  630.            $result = $this->query($query);
  631.            if($result->num_rows > 0)
  632.         {
  633.             return true;
  634.         }
  635.         return false;
  636.    }
  637.    
  638.    function user_has_up_voted($image_id, $user_id)
  639.    {
  640.            $image_id = $this->conn->real_escape_string($image_id);
  641.            $user_id = $this->conn->real_escape_string($user_id);
  642.            $query = "SELECT vote_id FROM `image_votes` WHERE (image_id='$image_id' AND user_id='$user_id') AND vote='1'";
  643.            $result = $this->query($query);
  644.            if($result->num_rows > 0)
  645.         {
  646.             return true;
  647.         }
  648.         return false;
  649.    }
  650.    
  651.    function user_has_down_voted($image_id, $user_id)
  652.    {
  653.            $image_id = $this->conn->real_escape_string($image_id);
  654.            $user_id = $this->conn->real_escape_string($user_id);
  655.            $query = "SELECT vote_id FROM `image_votes` WHERE (image_id='$image_id' AND user_id='$user_id') AND vote='-1'";
  656.            $result = $this->query($query);
  657.            if($result->num_rows > 0)
  658.         {
  659.             return true;
  660.         }
  661.         return false;
  662.    }
  663.    
  664.    function user_has_reported_image($image_id, $user_id)
  665.    {
  666.            $image_id = $this->conn->real_escape_string($image_id);
  667.            $user_id = $this->conn->real_escape_string($user_id);
  668.            $query = "SELECT report_id FROM `image_reports` WHERE image_id='$image_id' AND user_id='$user_id'";
  669.            $result = $this->query($query);
  670.            if($result->num_rows > 0)
  671.         {
  672.             return true;
  673.         }
  674.         return false;
  675.    }
  676.    
  677.    function add_image_report($image_id, $user_id, $reason=NULL)
  678.    {
  679.         $image_id = $this->conn->real_escape_string($image_id);
  680.            $user_id = $this->conn->real_escape_string($user_id);
  681.            $reason = $this->conn->real_escape_string($reason);
  682.            $date = $this->conn->real_escape_string(date('Y-m-d H:i:s'));
  683.            $query = "INSERT INTO `image_reports` VALUES(NULL,'$user_id','$image_id', '$reason', '$date', 0, NULL)";
  684.            return $this->query($query);
  685.    }
  686.    
  687.     function get_number_images()
  688.     {
  689.         $query = "SELECT COUNT(*) AS image_count FROM `images` WHERE deleted=FALSE";
  690.         $result = $this->query($query);
  691.         if($result->num_rows > 0)
  692.         {
  693.             $row = $result->fetch_assoc();
  694.             return $row['image_count'];
  695.         }
  696.     }
  697.  
  698.     function submit_comment($commenter_id, $comment, $image_id)
  699.     {
  700.         $d = date("Y-m-d H:i:s", $_SERVER['REQUEST_TIME']);
  701.         $commenter_id = $this->conn->real_escape_string($commenter_id);
  702.         $comment = $this->conn->real_escape_string(strip_tags($comment));
  703.         $image_id = $this->conn->real_escape_string($image_id);
  704.         $query = "INSERT INTO comments VALUES (NULL, '$commenter_id', '$comment', 0, '$d', '$image_id')";
  705.         return $this->query($query);
  706.     }
  707.    
  708.     function get_comments($image_id)
  709.     {
  710.            $image_id = $this->conn->real_escape_string($image_id);
  711.            $query = "SELECT * FROM `comments` WHERE image_id='$image_id'";
  712.            $result = $this->query($query);
  713.         $results = array();
  714.         while ($temp = $result->fetch_assoc())
  715.         {
  716.             $results[] = $temp;
  717.         }
  718.         return array_reverse($results); // newest comments first
  719.     }
  720.    
  721.     function get_user_invite_count($user_id)
  722.     {
  723.         $user_id = $this->conn->real_escape_string($user_id);
  724.         $query = "SELECT current_number_invites FROM `users` WHERE user_id='$user_id'";
  725.         $result = $this->query($query);
  726.         if($result->num_rows > 0)
  727.         {
  728.             $row = $result->fetch_assoc();
  729.             return $row['current_number_invites'];
  730.         }
  731.     }
  732.    
  733.     function add_invite($invite, $user_id, $ip_created, $date, $send_to, $article_title, $article_url)
  734.     {
  735.         $invite = $this->conn->real_escape_string($invite);
  736.         $ip_created = $this->conn->real_escape_string($ip_created);
  737.         $date = $this->conn->real_escape_string($date);
  738.         $send_to = $this->conn->real_escape_string($send_to);
  739.         $article_title = $this->conn->real_escape_string($article_title);
  740.         $article_url = $this->conn->real_escape_string($article_url);
  741.         $user_id = $this->conn->real_escape_string($user_id);
  742.         $query = "INSERT INTO `invites` VALUES(NULL,'$user_id','$invite','$send_to','$date','0','$article_url','$article_title','$ip_created')";
  743.         return $this->query($query);
  744.     }
  745.    
  746.     function subtract_from_invite_count($user_id)
  747.     {
  748.         $user_id = $this->conn->real_escape_string($user_id);
  749.         $query = "ALTER `users` SET current_number_invites=(current_number_invites - 1) WHERE user_id='$user_id'";
  750.         return $this->query($query);
  751.     }
  752.    
  753.     function comment_id_exists($id)
  754.    {
  755.            $id = $this->conn->real_escape_string($id);
  756.         $query = "SELECT comment_id FROM `comments` WHERE comment_id='$id'";
  757.         $result = $this->query($query);
  758.         if($result->num_rows > 0)
  759.         {
  760.             return true;
  761.         }
  762.         return false;
  763.    }
  764.    
  765.    function get_comment_info($comment_id)
  766.    {
  767.            $comment_id = $this->conn->real_escape_string($comment_id);
  768.            $query = "SELECT * FROM `comments` WHERE comment_id='$comment_id'";
  769.            $result = $this->query($query);
  770.            if($result->num_rows > 0)
  771.         {
  772.             $row = $result->fetch_assoc();
  773.             return $row;
  774.         }
  775.    }
  776.    
  777.    function delete_comment($comment_id)
  778.    {
  779.            $comment_id = $this->conn->real_escape_string($comment_id);
  780.            $query = "UPDATE `comments` SET deleted=TRUE WHERE comment_id='$comment_id'";
  781.            return $this->query($query);
  782.    }
  783.    
  784.    function edit_comment($comment_id,$comment)
  785.    {
  786.            $comment_id = $this->conn->real_escape_string($comment_id);
  787.            $comment = $this->conn->real_escape_string($comment);
  788.            $query = "UPDATE `comments` SET comment='$comment' WHERE comment_id='$comment_id'";
  789.            return $this->query($query);
  790.    }
  791.    
  792.    function add_comment_report($comment_id, $user_id, $reason=NULL)
  793.    {
  794.         $comment_id = $this->conn->real_escape_string($comment_id);
  795.            $user_id = $this->conn->real_escape_string($user_id);
  796.            $reason = $this->conn->real_escape_string($reason);
  797.            $date = $this->conn->real_escape_string(date('Y-m-d H:i:s'));
  798.            $query = "INSERT INTO `comment_reports` VALUES(NULL,'$user_id','$comment_id', '$reason', '$date', 0, NULL)";
  799.            return $this->query($query);
  800.    }
  801.    
  802.    function get_number_comments($id, $id_type)
  803.    {
  804.            $id = $this->conn->real_escape_string($id);
  805.            if($id_type == 'user_id')
  806.            {
  807.                $query = "SELECT COUNT(*) AS comment_count FROM `comments` WHERE (commenter_id='$id' AND deleted=FALSE)";
  808.            }
  809.            elseif($id_type == 'image_id')
  810.            {
  811.                $query = "SELECT COUNT(*) AS comment_count FROM `comments` WHERE (image_id='$id' AND deleted=FALSE)";
  812.            }
  813.            else
  814.            {
  815.                throw new Exception($id_type .' is not a valid $id_type');
  816.            }
  817.            
  818.          $result = $this->query($query);
  819.         if($result->num_rows > 0)
  820.         {
  821.             $row = $result->fetch_assoc();
  822.             return $row['comment_count'];
  823.         }
  824.    }
  825.    
  826.    function get_username_from_user_id($user_id)
  827.     {
  828.         $user_id = $this->conn->real_escape_string($user_id);
  829.         $query = "SELECT username FROM `users` WHERE user_id='$user_id'";
  830.         $result = $this->query($query);
  831.         if($result && $result->num_rows > 0)
  832.         {
  833.             $row = $result->fetch_assoc();
  834.        
  835.             $user_id = $row['username'];
  836.             return $user_id;
  837.         }
  838.     }
  839.    
  840.     function user_has_reported_comment($comment_id, $user_id)
  841.    {
  842.            $comment_id = $this->conn->real_escape_string($comment_id);
  843.            $user_id = $this->conn->real_escape_string($user_id);
  844.            $query = "SELECT report_id FROM `comment_reports` WHERE comment_id='$comment_id' AND user_id='$user_id'";
  845.            $result = $this->query($query);
  846.            if($result->num_rows > 0)
  847.         {
  848.             return true;
  849.         }
  850.         return false;
  851.    }
  852. }
  853.  
  854. /* End of file database.php */
  855. /* Location: ./includes/database.php */
  856.  
  857. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!