-
Notifications
You must be signed in to change notification settings - Fork 0
/
useful-mysqli.php
207 lines (168 loc) · 7.47 KB
/
useful-mysqli.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
<?php
// Load the database configuration.
require_once 'config.php';
// Checks the _SESSION variable to decide whether the user has logged in.
function logged_in() {
return isset($_SESSION['authorized']) && $_SESSION['authorized'] == true;
}
// To validate whether the user name and the password matches. Used in the login page.
function login_validate($uname, $pword) {
// Avoid SQL injection by filtering special characters.
$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);
// Create connection to the database or report error.
$db = mysqli_connect(DB_SERVER, DB_UNAME, DB_PWORD, DB_NAME) or die("Cannot connect to the database." . mysqli_connect_error($db));
// Query to the database or report error.
$query = "SELECT * FROM Users WHERE Username = '" . $uname . "'";
$result = mysqli_query($db, $query) or die ("Query is not successfuly.");
if (mysqli_num_rows($result) > 0) {
// There exists a user with this username in the database.
$result_row = mysqli_fetch_assoc($result);
// To check whether the password matches with this username.
// PHP secured password verify function is used (single-way hashed with bcrypt algorithm).
if (password_verify($pword, $result_row['Password'])) {
// Register this dialog in the _SESSION to save related information.
$_SESSION['authorized'] = true;
$_SESSION['username'] = $result_row['Username'];
if ($result_row['UserType'] == 0) {
$_SESSION['usertype'] = "admin";
} elseif ($result_row['UserType'] == 1) {
$_SESSION['usertype'] = "student";
}
// Close the database connection.
mysqli_close($db);
// Return true and re-direct to the homepage.
return true;
}
}
// Close the database connection.
mysqli_close($db);
// The validation fails. Return false and prompt false information on the page.
return false;
}
// Clear all the _SESSION variables. Used in the logout page.
function log_out() {
// Empty the whole _SESSION array.
$_SESSION = array();
// Clear the session ID saved in the local cookie if necessary.
if(isset($_COOKIE[session_name()])) {
setcookie(session_name(), "", time() - 1, "/");
}
// Clear the data stored on the server.
session_destroy();
}
// To store the uploaded file locally and keep a record in the database. Used in the upload page.
function file_upload($fileInfo, $desiredName, $author, $description) {
// Avoid SQL injection by filtering special characters.
$desiredName = htmlspecialchars($desiredName);
$author = htmlspecialchars($author);
$description = htmlspecialchars($description);
// Avoid uploaded files with the same name.
$path = get_stored_path($fileInfo['name']);
// Try to store the uploaded file locally on the server.
if(move_uploaded_file($fileInfo['tmp_name'], $path)) {
// Create connection to the database or report error.
$db = mysqli_connect(DB_SERVER, DB_UNAME, DB_PWORD, DB_NAME) or die("Cannot connect to the database.");
// Make a query to the database to keep a record or report error.
$query = "INSERT INTO Files (FileName, Author, Description, FilePath) VALUES ('" . $desiredName . "', '" . $author . "', '" . $description . "', '" . $path . "')";
$result = mysqli_query($db, $query) or die ("Query is not successfuly.");
// Close the database connection.
mysqli_close($db);
// Successful in storing the file on the server.
return true;
} else {
// Close the database connection.
mysqli_close($db);
// Not successful in storing the file on the server.
return false;
}
}
// Encrypt the path where the uploaded is stored on the server.
function get_stored_path($fname) {
// Pre-process the file name.
$fname = htmlspecialchars($fname);
$fname = pathinfo($fname)['filename'];
$fname_new = 1;
// Transform the string name into the product of the ASCII codes of all characters in the string.
for($i = 0; $i < strlen($fname); $i++) {
$fname_new *= ord($fname[$i]);
}
// Return the path accordingly.
return "./upload/" . $fname_new . time() . rand() . ".pdf";
}
// Get the information for all files stored on the server. Used in the homepage.
function get_all_files() {
// Create connection to the database or report error.
$db = mysqli_connect(DB_SERVER, DB_UNAME, DB_PWORD, DB_NAME) or die("Cannot connect to the database.");
// Make a query to the database to keep a record or report error.
$query = "SELECT * FROM Files ORDER BY UploadTime DESC";
$result = mysqli_query($db, $query) or die ("Query is not successfuly.");
// Get the 2nd-dimensional associate array for all the files. Each row represents a single file.
// $result_rows = mysqli_fetch_all($result, MYSQLI_ASSOC);
// Bug fixed, some verions of PHP do not support mysqli_fetch_all, we have to get rid of it by using a for loop.
$result_rows = array();
for ($i = 0; $i < mysqli_num_rows($result); $i++) {
$result_rows[$i] = mysqli_fetch_assoc($result);
}
// Close the database connection.
mysqli_close($db);
return $result_rows;
}
// Download a single file according to the file unique identifier. Used in the homepage.
function file_download($id) {
// Create connection to the database or report error.
$db = mysqli_connect(DB_SERVER, DB_UNAME, DB_PWORD, DB_NAME) or die("Cannot connect to the database.");
// Query to the database to get the file path.
$query = "SELECT FilePath,FileName FROM Files WHERE Id = " . $id;
$result = mysqli_query($db, $query) or die ("Query is not successfuly.");
if (mysqli_num_rows($result) > 0) {
// hange the query result into an associate array and get the file path.
$result_row = mysqli_fetch_assoc($result);
$path = $result_row['FilePath'];
$fname = $result_row['FileName'] . ".pdf";
// Close the database connection.
mysqli_close($db);
if(!$path) {
die("The file does not exist on the server.");
} else {
// Let the browser to prompt the download window.
header('Content-Disposition: attachment; filename=' . $fname);
// Set the transmission method to be binary without compression.
header('Content-Transfer-Encoding: binary');
// Tell the browser about the type of the file.
header('Content-Type: application/pdf');
// Set the expiry time of the page to be 0.
header('Expires: 0');
// Ask the browser to not save any cookies.
header('Cache-Control: must-revalidate');
// Tell the browser about the type of the data transferred.
header('Accept-Ranges: bytes');
// Read (download) the whole file.
readfile($path);
return true;
}
}
}
// Delete a single file
function file_delete($id) {
// Create connection to the database or report error.
$db = mysqli_connect(DB_SERVER, DB_UNAME, DB_PWORD, DB_NAME) or die("Cannot connect to the database.");
// Avoid SQL injection by filtering special characters.
$id = htmlspecialchars($id);
// Query to the database to get the file path.
$query = "SELECT * FROM Files LIMIT 1 OFFSET " . $id;
$result = mysqli_query($db, $query) or die ("Query is not successfuly.");
// To verify the record exists in the database.
if (mysqli_num_rows($result) == 1) {
// Change the query result into an associate array.
$result_row = mysqli_fetch_assoc($result);
// Tries to delete this row from the database.
$query = "DELETE FROM Files WHERE Id = " . $result_row['Id'];
mysqli_query($db, $query) or die ("Query is not successfuly.");
} else {
return false;
}
// Notice that we do not delete the file locally.
return true;
}
?>