API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 12th, 2017
125
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.22 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include "admin_session_start_rest.php";
  3. include "admin_database.php";
  4. $userDetails=$_SESSION['user'];
  5. $username=$userDetails['username']; //get post
  6. if(isset($_COOKIE['security_key'])&&!empty($_COOKIE['security_key'])){
  7. $security_key=$_COOKIE['security_key']; // get post
  8. }
  9. else{
  10. exit();
  11. }
  12.  
  13.  
  14. $auth=fnKeyValidator($conn,$username,$security_key);
  15.  
  16.  
  17. if($auth===true&&(isset($_POST["func"])&&!empty($_POST["func"]))){
  18. $func=$_POST["func"];
  19. echo($func);
  20. echo($_POST['crf']);
  21. echo($_SESSION["user"]["crf"]);
  22.  
  23. if((isset($_POST['crf'])&&!empty($_POST['crf']))&&(isset($_SESSION["user"]["crf"])&&!empty($_SESSION["user"]["crf"]))){
  24.  
  25. if($_POST['crf']==$_SESSION["user"]["crf"]){
  26. // correct security key -> all should be fine
  27.  
  28. if($func==="create-user"){ // create user
  29. if((isset($_POST["studentName"])&&!empty($_POST["studentName"]))&&
  30. (isset($_POST["studentEmail"])&&!empty($_POST["studentEmail"]))&&
  31. (isset($_POST["studentProgram"])&&!empty($_POST["studentProgram"]))&&
  32. (isset($_POST["studentPassword"])&&!empty($_POST["studentPassword"]))){
  33. $studentName=$_POST["studentName"];
  34. $studentEmail=$_POST["studentEmail"];
  35. $studentProgram=$_POST["studentProgram"];
  36. $studentPassword=$_POST["studentPassword"];
  37. fnCreateUser($conn,$studentName,$studentEmail,$studentProgram,$studentPassword);
  38. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  39. $seckey=fnGenerateRandomKey();
  40. setcookie("security_key", $seckey,0, '/', "",false,false);
  41. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  42. }
  43.  
  44.  
  45. }
  46. else if($func==="delete-user"){ // delete user
  47. if(isset($_POST["Student_id"])&&!empty($_POST["Student_id"])){
  48. $Student_id=$_POST["Student_id"];
  49. fnDeleteUser($conn,$Student_id);
  50. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  51. $seckey=fnGenerateRandomKey();
  52. setcookie("security_key", $seckey,0, '/', "",false,false);
  53. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  54. }
  55. }
  56. else if($func==="edit-user"){ // edit user
  57. if((isset($_POST["Student_id"])&&!empty($_POST["Student_id"]))&&
  58. (isset($_POST["studentname"])&&!empty($_POST["studentname"]))&&
  59. (isset($_POST["studentemail"])&&!empty($_POST["studentemail"]))&&
  60. (isset($_POST["studentprogram"])&&!empty($_POST["studentprogram"]))){
  61. $Student_id=$_POST["Student_id"];
  62. $studentname=$_POST["studentname"];
  63. $studentemail=$_POST["studentemail"];
  64. $studentprogram=$_POST["studentprogram"];
  65. fnEditUser($conn,$Student_id,$studentname,$studentprogram,$studentemail);
  66. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  67. $seckey=fnGenerateRandomKey();
  68. setcookie("security_key", $seckey,0, '/', "",false,false);
  69. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  70. }
  71.  
  72. }
  73. else if($func==="view-user"){ // view user based on id
  74. fnViewUser($conn,$user_id);
  75. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  76. $seckey=fnGenerateRandomKey();
  77. setcookie("security_key", $seckey,0, '/', "",false,false);
  78. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  79. }
  80. else if($func==="create-class"){ // create class
  81. echo("here");
  82. if((isset($_POST["className"])&&!empty($_POST["className"]))&&
  83. (isset($_POST["study_program_id"])&&!empty($_POST["study_program_id"]))&&
  84. (isset($_POST["teacher_id"])&&!empty($_POST["teacher_id"]))){
  85. $className=$_POST["className"];
  86. $study_program_id=$_POST["study_program_id"];
  87. $teacher_id=$_POST["teacher_id"];
  88. fnCreateClass($conn,$className,$teacher_id,$study_program_id);
  89. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  90. $seckey=fnGenerateRandomKey();
  91. setcookie("security_key", $seckey,0, '/', "",false,false);
  92. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  93. }
  94.  
  95. }
  96. else if($func==="edit-class"){ // edit class
  97. echo("here");
  98. if((isset($_POST["class_id"])&&!empty($_POST["class_id"]))&&
  99. (isset($_POST["className"])&&!empty($_POST["className"]))&&
  100. (isset($_POST["study_program_id"])&&!empty($_POST["study_program_id"]))&&
  101. (isset($_POST["teacher_id"])&&!empty($_POST["teacher_id"]))){
  102. $class_id=$_POST["class_id"];
  103. $className=$_POST["className"];
  104. $study_program_id=$_POST["study_program_id"];
  105. $teacher_id=$_POST["teacher_id"];
  106. fnEditClass($conn,$class_id,$className,$study_program_id,$teacher_id);
  107. echo("here");
  108. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  109. $seckey=fnGenerateRandomKey();
  110. setcookie("security_key", $seckey,0, '/', "",false,false);
  111. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  112. }
  113.  
  114. //fnEditClass($conn,$class_id,$className,$study_program_id,$teacher_id);
  115. }
  116. else if($func==="delete-class"){ // delete class
  117. if(isset($_POST["class_id"])&&!empty($_POST["class_id"])){
  118. $class_id=$_POST["class_id"];
  119. fnDeleteClass($conn,$class_id);
  120. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  121. $seckey=fnGenerateRandomKey();
  122. setcookie("security_key", $seckey,0, '/', "",false,false);
  123. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  124. }
  125.  
  126. }
  127. else if($func==="assign-class"){ // assign student to class
  128. fnAssignClassToStudent($conn,$user_id,$class_id);
  129. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  130. $seckey=fnGenerateRandomKey();
  131. setcookie("security_key", $seckey,0, '/', "",false,false);
  132. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  133. }
  134.  
  135.  
  136.  
  137. else if($func==="unassign-class"){ // assign student to class
  138. fnUnAssignClassToStudent($conn,$user_id,$class_id);
  139. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  140. $seckey=fnGenerateRandomKey();
  141. setcookie("security_key", $seckey,0, '/', "",false,false);
  142. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  143. }
  144.  
  145. else if($func==="create-teacher"){ // assign student to class
  146.  
  147. if((isset($_POST["teachername"])&&!empty($_POST["teachername"]))&&
  148. (isset($_POST["teacherusername"])&&!empty($_POST["teacherusername"]))&&
  149. (isset($_POST["teacheremail"])&&!empty($_POST["teacheremail"]))&&
  150. (isset($_POST["teacherpassword"])&&!empty($_POST["teacherpassword"]))){
  151. $studentName=$_POST["teachername"];
  152. $username=$_POST["teacherusername"];
  153. $email=$_POST["teacheremail"];
  154. $password=$_POST["teacherpassword"];
  155.  
  156. fnCreateTeacher($conn,$studentName,$username,$email,$password);
  157. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  158. $seckey=fnGenerateRandomKey();
  159. setcookie("security_key", $seckey,0, '/', "",false,false);
  160. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  161. }
  162.  
  163. }
  164. else if($func==="edit-teacher"){ // assign student to class
  165. if((isset($_POST["teachername"])&&!empty($_POST["teachername"]))&&
  166. (isset($_POST["teacheremail"])&&!empty($_POST["teacheremail"]))&&
  167. (isset($_POST["Teacher_id"])&&!empty($_POST["Teacher_id"]))){
  168. $teachername=$_POST["teachername"];
  169. $email=$_POST["teacheremail"];
  170. $Teacher_id=$_POST["Teacher_id"];
  171. fnEditTeacher($conn,$Teacher_id,$teachername,$email);
  172. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  173. $seckey=fnGenerateRandomKey();
  174. setcookie("security_key", $seckey,0, '/', "",false,false);
  175. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  176. }
  177.  
  178. }
  179. else if($func==="delete-teacher"){ // delete class
  180. if(isset($_POST["Teacher_id"])&&!empty($_POST["Teacher_id"])){
  181. $Teacher_id=$_POST["Teacher_id"];
  182. fnDeleteTeacher($conn,$Teacher_id);
  183. $_SESSION["user"]["crf"]=fnGenerateRandomKey();
  184. $seckey=fnGenerateRandomKey();
  185. setcookie("security_key", $seckey,0, '/', "",false,false);
  186. fnUpdateAdminSecurityKey($conn,$_SESSION['user']['Name'],$seckey);
  187. }
  188.  
  189. }
  190. else{
  191.  
  192. fnIncorrectCall(); // incorrect call
  193. }
  194. }
  195. }
  196.  
  197. //fnUpdateAdminSecurityKey($conn,$username,fnGenerateRandomKey()); uncomment after done developing
  198.  
  199. }
  200. else{
  201. echo("Bad request"); // incorrect security key -> possible hacking
  202. }
  203.  
  204.  
  205. function fnGenerateRandomKey(){
  206. $randomKey = bin2hex(random_bytes(25));
  207. return $randomKey;
  208. }
  209.  
  210. function fnUpdateAdminSecurityKey($conn,$username,$new_security_key){
  211. $sSqlQuery="UPDATE `admin` SET `security_key`=:new_security_key WHERE Name=:username"; // if exists insert user
  212. $stmt = $conn->prepare($sSqlQuery); // prepare statment
  213. $stmt->bindParam(':username', $username); // bind userinput(fronend) to mysql query string
  214. $stmt->bindParam(':new_security_key', $new_security_key); // bind userinput(fronend) to mysql query string
  215. $stmt->execute();
  216. }
  217.  
  218. function has_presence($value){ // check if variable is not empty
  219. $trimmed_value=trim($value);
  220. return (isset($trimmed_value) && $trimmed_value !=="");
  221. }
  222.  
  223.  
  224. function fnCreateUser($conn,$studentName,$studentEmail,$studentProgram,$studentPassword){
  225. if(is_numeric($studentProgram)===true){ /// should be number ??
  226. $aStudyPrograms=fnGetStudyPrograms($conn); // gets all study programs
  227. for($x=0; $x<sizeof($aStudyPrograms); $x++){ //for loop to find if study program id exists
  228. $study_program_row=$aStudyPrograms[$x]; // asign row to variable
  229. if($study_program_row["Study_Program_id"]==$studentProgram){
  230. $studentPassword=fnPasswordHash($studentPassword);
  231. $sSqlQuery="INSERT INTO `student`(`Name`, `Study_Program_id`, `password`, `email`) VALUES (:studentName,:studentProgram,:studentPassword,:studentEmail)"; // if exists insert user
  232. $stmt = $conn->prepare($sSqlQuery); // prepare statment
  233. $stmt->bindParam(':studentName', $studentName); // bind userinput(fronend) to mysql query string
  234. $stmt->bindParam(':studentEmail', $studentEmail); // bind userinput(fronend) to mysql query string
  235. $stmt->bindParam(':studentProgram', $studentProgram); // bind userinput(fronend) to mysql query string
  236. $stmt->bindParam(':studentPassword', $studentPassword); // bind userinput(fronend) to mysql query string
  237. $stmt->execute(); //
  238. break;
  239. }
  240. else if($x+1==sizeof($aStudyPrograms)){ // incorrect study program id
  241. echo("Incorrect study program");
  242. }
  243. }
  244.  
  245. }
  246. else{
  247. fnIncorrectCall(); // if study program id is not number incorrect call
  248. }
  249.  
  250. }
  251.  
  252. function fnCreateTeacher($conn,$studentName,$username,$email,$password){
  253. try{
  254. $sSqlQuery="INSERT INTO `teacher`(`Name`, `password`, `username`, `email`) VALUES (:studentName,:password,:username,:email)"; // if exists insert user
  255. $stmt = $conn->prepare($sSqlQuery);
  256.  
  257. $password=fnPasswordHash($password); // prepare statment
  258. $stmt->bindParam(':studentName', $studentName); // bind userinput(fronend) to mysql query string
  259. $stmt->bindParam(':username', $username); // bind userinput(fronend) to mysql query string
  260. $stmt->bindParam(':email', $email); // bind userinput(fronend) to mysql query string
  261. $stmt->bindParam(':password', $password); // bind userinput(fronend) to mysql query string
  262. $stmt->execute(); //
  263. }
  264. catch (Exception $e) {
  265. }
  266.  
  267. }
  268.  
  269. function fnEditTeacher($conn,$Teacher_id,$teachername,$email){
  270. try{
  271. $sSqlQuery="UPDATE `teacher` SET `Name`=:teachername,`email`=:email WHERE Teacher_id=:Teacher_id"; // if exists insert user
  272. $stmt = $conn->prepare($sSqlQuery); // prepare statment
  273. $stmt->bindParam(':Teacher_id', $Teacher_id); // bind userinput(fronend) to mysql query string
  274. $stmt->bindParam(':teachername', $teachername); // bind userinput(fronend) to mysql query string
  275. $stmt->bindParam(':email', $email); // bind userinput(fronend) to mysql query string
  276. $stmt->execute(); //
  277. }
  278. catch (Exception $e) {
  279. echo($e);
  280. }
  281. }
  282. function fnPasswordHash($input){
  283. $peper="best project ever!";
  284. $hash= password_hash($input.$peper,PASSWORD_DEFAULT);
  285. return $hash;
  286. }
  287.  
  288. function fnDeleteUser($conn,$user_id){
  289. if(is_numeric($user_id)){
  290. $sSqlQuery="DELETE FROM `student` WHERE student_id=:user_id;"; // query
  291. $stmt = $conn->prepare($sSqlQuery); //prepaer query
  292. $stmt->bindParam(':user_id', $user_id); // bind userinput(fronend) to mysql query string
  293. $stmt->execute(); //execute query
  294. }
  295. else{
  296. fnIncorrectCall();
  297. }
  298.  
  299. }
  300.  
  301. function fnDeleteTeacher($conn,$Teacher_id){
  302. if(is_numeric($Teacher_id)){
  303. $sSqlQuery="DELETE FROM `teacher` WHERE Teacher_id=:Teacher_id;"; // query
  304. $stmt = $conn->prepare($sSqlQuery); //prepaer query
  305. $stmt->bindParam(':Teacher_id', $Teacher_id); // bind userinput(fronend) to mysql query string
  306. $stmt->execute(); //execute query
  307. }
  308. else{
  309. fnIncorrectCall();
  310. }
  311.  
  312. }
  313.  
  314.  
  315. function fnEditUser($conn,$user_id,$studentName,$study_program_id,$email){
  316. if(is_numeric($user_id)&&is_numeric($study_program_id)){
  317. $aStudyPrograms=fnGetStudyPrograms($conn); // gets all study programs
  318. for($x=0; $x<sizeof($aStudyPrograms); $x++){ //for loop to find if study program id exists
  319. $study_program_row=$aStudyPrograms[$x]; // asign row to variable
  320. if($study_program_row["Study_Program_id"]==$study_program_id){
  321. $sSqlQuery="UPDATE `student` SET `Name`=:studentName,`Study_Program_id`=:study_program_id,`email`=:email WHERE student_id=:user_id"; // query
  322. $stmt = $conn->prepare($sSqlQuery); //prepaer query
  323. $stmt->bindParam(':user_id', $user_id); // bind userinput(fronend) to mysql query string
  324. $stmt->bindParam(':studentName', $studentName); // bind userinput(fronend) to mysql query string
  325. $stmt->bindParam(':study_program_id', $study_program_id); // bind userinput(fronend) to mysql query string
  326. $stmt->bindParam(':email', $email); // bind userinput(fronend) to mysql query string
  327. $stmt->execute();
  328. break; // execute
  329. }
  330. else if($x+1==sizeof($aStudyPrograms)){ // incorrect study program id
  331. echo("Incorrect study program");
  332. }
  333. }
  334. }
  335. else{
  336. fnIncorrectCall();
  337. }
  338. }
  339.  
  340. function fnViewUser($conn,$user_id){
  341. if(is_numeric($user_id)){
  342. $sSqlQuery="SELECT * FROM `student` WHERE student_id=:user_id"; // query
  343. $stmt = $conn->prepare($sSqlQuery); //prepaer query
  344. $stmt->bindParam(':user_id', $user_id); // bind userinput(fronend) to mysql query string
  345. $stmt->execute(); // execute
  346. $result = $stmt->fetchAll(PDO::FETCH_ASSOC); // fetch asssoc
  347. return $result; //echo as json
  348. }
  349. else{
  350. fnIncorrectCall();
  351. }
  352.  
  353. }
  354.  
  355.  
  356. function fnCreateClass($conn,$className,$teacher_id,$study_program_id){
  357. if(is_numeric($study_program_id)===true&&is_numeric($teacher_id)===true){ // check if its number
  358. $aStudyPrograms=fnGetStudyPrograms($conn); // gets all study programs
  359. for($x=0; $x<sizeof($aStudyPrograms); $x++){ //for loop to find if study program id exists
  360. $study_program_row=$aStudyPrograms[$x]; // asign every row from db to variable
  361. if($study_program_row["Study_Program_id"]==$study_program_id){ // checks if it matches
  362. $aTeachers=fnGetTeachers($conn); // gets all teachers
  363. for($y=0; $y<sizeof($aTeachers); $y++){ //for loop to find if teacher id exists
  364. $teacher_row=$aTeachers[$y]; // asign every row from db to variable
  365. if($teacher_row["Teacher_id"]==$teacher_id){ // checks if it matches
  366. $sSqlQuery="INSERT INTO `class`(`Name`, `Teacher_id`, `Study_Program_id`) VALUES (:className,:teacher_id,:study_program_id)"; // query
  367. $stmt = $conn->prepare($sSqlQuery); //prepaer query
  368. $stmt->bindParam(':className', $className); // bind userinput(fronend) to mysql query string
  369. $stmt->bindParam(':teacher_id', $teacher_id); // bind userinput(fronend) to mysql query string
  370. $stmt->bindParam(':study_program_id', $study_program_id); // bind userinput(fronend) to mysql query string
  371. $stmt->execute();
  372. break;
  373. }
  374. else if($y+1==sizeof($aTeachers)){ // incorect teacher id
  375. echo("Incorrect teacher id");
  376. }
  377. }
  378. break;
  379. }
  380. else if($x+1==sizeof($aStudyPrograms)){
  381. echo("Incorrect study program"); // incorect study program id
  382. }
  383. }
  384.  
  385. }
  386.  
  387. }
  388.  
  389.  
  390. function fnEditClass($conn,$class_id,$className,$study_program_id,$teacher_id){
  391. if(is_numeric($class_id)&&is_numeric($study_program_id)){
  392. $aStudyPrograms=fnGetStudyPrograms($conn); // gets all study programs
  393. for($x=0; $x<sizeof($aStudyPrograms); $x++){ //for loop to find if study program id exists
  394. $study_program_row=$aStudyPrograms[$x]; // asign row to variable
  395. if($study_program_row["Study_Program_id"]==$study_program_id){
  396. $aTeachers=fnGetTeachers($conn); // gets all teachers
  397. for($y=0; $y<sizeof($aTeachers); $y++){ //for loop to find if teacher id exists
  398. $teacher_row=$aTeachers[$y]; // asign every row from db to variable
  399. if($teacher_row["Teacher_id"]==$teacher_id){
  400. $sSqlQuery="UPDATE `class` SET `Name`=:className,`Study_Program_id`=:study_program_id,`Teacher_id`=:teacher_id WHERE class_id=:class_id"; // query
  401. $stmt = $conn->prepare($sSqlQuery); //prepaer query
  402. $stmt->bindParam(':class_id', $class_id); // bind userinput(fronend) to mysql query string
  403. $stmt->bindParam(':className', $className); // bind userinput(fronend) to mysql query string
  404. $stmt->bindParam(':study_program_id', $study_program_id); // bind userinput(fronend) to mysql query string
  405. $stmt->bindParam(':teacher_id', $teacher_id); // bind userinput(fronend) to mysql query string
  406. $stmt->execute();
  407. break; // execute
  408. }
  409. else if($y+1==sizeof($aTeachers)){ // incorrect teacher program id
  410. echo("Incorrect teacher id");
  411. }
  412. }
  413. break;
  414. }
  415. else if($x+1==sizeof($aStudyPrograms)){ // incorrect study program id
  416. echo("Incorrect study program");
  417. }
  418.  
  419. }
  420. }
  421. else{
  422. fnIncorrectCall();
  423. }
  424. }
  425.  
  426.  
  427.  
  428. function fnDeleteClass($conn,$class_id){
  429. if(is_numeric($class_id)){
  430. $sSqlQuery="DELETE FROM `class` WHERE class_id=:class_id;"; // query
  431. $stmt = $conn->prepare($sSqlQuery); //prepaer query
  432. $stmt->bindParam(':class_id', $class_id); // bind userinput(fronend) to mysql query string
  433. $stmt->execute(); //execute query
  434. }
  435. else{
  436. fnIncorrectCall();
  437. }
  438.  
  439. }
  440.  
  441. function fnGetStudyPrograms($conn){
  442. $sSqlQuery="SELECT * FROM `study_program`"; //query
  443. $stmt = $conn->prepare($sSqlQuery); //prepare stmt
  444. $stmt->execute(); // execute
  445. $result = $stmt->fetchAll(PDO::FETCH_ASSOC); // fetch all
  446. return $result; // return
  447. }
  448.  
  449. function fnGetTeachers($conn){
  450. $sSqlQuery="SELECT * FROM `teacher`"; //query
  451. $stmt = $conn->prepare($sSqlQuery); //prepare stmt
  452. $stmt->execute(); // execute
  453. $result = $stmt->fetchAll(PDO::FETCH_ASSOC); // fetch all
  454. return $result; // return
  455. }
  456.  
  457.  
  458. function fnIncorrectCall(){
  459. echo("Bad request//Incorrect api call");
  460. }
  461.  
  462.  
  463.  
  464. function fnKeyValidator($conn,$username,$security_key){ // check if security_key from frontend matches security_key from database
  465. $Output=false; // basic return value
  466. $sSqlQuery="SELECT * FROM admin WHERE username =:username LIMIT 1"; // mysql query string
  467. $stmt = $conn->prepare($sSqlQuery); // prepare statment
  468. $stmt->bindParam(':username', $username); // bind userinput(fronend) to mysql query string
  469. $stmt->execute(); // executes mysql query string
  470. $result = $stmt->fetchAll(); // fetches all data
  471. if(sizeof($result)!=1){ // checks if there is only 1 record(should be just 1)
  472. $Output=false; // if there is more than 1 // error // returns false//
  473. }
  474. else{
  475. $result=$result[0]; // asign first index of array to variable
  476. $security_key_db=$result["security_key"]; // asign security_key from database to variable
  477. if($security_key===$security_key_db){ // comapre security_key from db with security_key from frontend
  478. $Output=true; // if its same set output to true
  479. }
  480. else{
  481. $Output=false; // if its not same set output to false
  482. }
  483. }
  484. return $Output; //return output
  485. }
  486.  
  487.  
  488. function fnGetAllAdmins($conn){
  489. $sSqlQuery="SELECT * FROM admin";
  490. $stmt = $conn->prepare($sSqlQuery); // prepare statment
  491. $stmt->execute();
  492. $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
  493. return $result;
  494. }
  495. function fnGetClass($conn,$class_id){
  496. if(has_presence($class_id)===true){
  497. $sSqlQuery="SELECT * FROM class WHERE Class_id =:class_id LIMIT 1"; // mysql query string
  498. $stmt = $conn->prepare($sSqlQuery); // prepare statment
  499. $stmt->bindParam(':class_id', $class_id); // bind userinput(fronend) to mysql query string
  500. $stmt->execute();
  501. $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
  502. return $result;
  503. }
  504. }
  505. function fnAssignClassToStudent($conn,$student_id,$class_id){
  506. $student=(fnViewUser($conn,$student_id));
  507. if(empty($student)===false){
  508. $class=fnGetClass($conn,$class_id);
  509. if(empty($class)===false){
  510. $sSqlQuery="INSERT INTO `student_has_class`(`Student_id`, `Class_id`) VALUES (:student_id,:class_id)"; // mysql query string
  511. $stmt = $conn->prepare($sSqlQuery); // prepare statment
  512. $stmt->bindParam(':student_id', $student_id); // bind userinput(fronend) to mysql query string
  513. $stmt->bindParam(':class_id', $class_id); // bind userinput(fronend) to mysql query string
  514. $stmt->execute();
  515. }
  516. }
  517. }
  518.  
  519. function fnUnAssignClassToStudent($conn,$student_id,$class_id){
  520. $student=(fnViewUser($conn,$student_id));
  521. if(empty($student)===false){
  522. $class=fnGetClass($conn,$class_id);
  523. if(empty($class)===false){
  524. $sSqlQuery="DELETE FROM `student_has_class` WHERE Student_id=:student_id and class_id=:class_id"; // mysql query string
  525. $stmt = $conn->prepare($sSqlQuery); // prepare statment
  526. $stmt->bindParam(':student_id', $student_id); // bind userinput(fronend) to mysql query string
  527. $stmt->bindParam(':class_id', $class_id); // bind userinput(fronend) to mysql query string
  528. $stmt->execute();
  529. }
  530. }
  531. }
  532.  
  533.  
  534.  
  535. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!