-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgetevent.php
152 lines (137 loc) · 3.79 KB
/
getevent.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
require 'database.php';
?>
<?php
ini_set("session.cookie_httponly", 1);
session_start();
if (!(isset($_SESSION["userID"]))){
echo json_encode(array(
"success" => false,
"user" => false
));
exit;
} else {
header("Content-Type: application/json"); // Since we are sending a JSON response here (not an HTML document), set the MIME Type to application/json
//Because you are posting the data via fetch(), php has to retrieve it elsewhere.
$json_str = file_get_contents('php://input');
//This will store the data into an associative array
$json_obj = json_decode($json_str, true);
//Variables can be accessed as such:
$day = htmlentities($json_obj['day']);
$month = htmlentities($json_obj['month']);
$year = htmlentities($json_obj['year']);
$userID = htmlentities($_SESSION["userID"]);
$token = htmlentities($json_obj['token']);
$timearray = array();
$titlearray = array();
if(strcmp($token,$_SESSION['token']) != 0){
echo json_encode(array(
"success" => false,
"message" => "You may be getting hacked, CSRF token did not match"
));
exit;
}
//If NONE IS NULL
$stmt = $mysqli->prepare("SELECT timestring, title from events where user_id = ? AND day = ? AND month = ? AND year = ?;");
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->bind_param('iiii',$userID, $day, $month, $year);
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->execute();
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$result = $stmt->get_result();
while($row = $result->fetch_assoc()){
array_push($timearray,$row['timestring']);
array_push($titlearray,$row['title']);
}
//If NONE IS NULL^
//If DAY IS NULL
$stmt = $mysqli->prepare("SELECT timestring, title from events where user_id = ? AND day = 0 AND month = ? AND year = ?;");
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->bind_param('iii',$userID, $month, $year);
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->execute();
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$result = $stmt->get_result();
while($row = $result->fetch_assoc()){
array_push($timearray,$row['timestring']);
array_push($titlearray,$row['title']);
}
//If DAY IS NULL^
//If MONTH IS NULL
$stmt = $mysqli->prepare("SELECT timestring, title from events where user_id = ? AND day = ? AND month = 0 AND year = ?;");
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->bind_param('iii',$userID, $day, $year);
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->execute();
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$result = $stmt->get_result();
while($row = $result->fetch_assoc()){
array_push($timearray,$row['timestring']);
array_push($titlearray,$row['title']);
}
//If MONTH IS NULL^
//If YEAR IS NULL
$stmt = $mysqli->prepare("SELECT timestring, title from events where user_id = ? AND day = ? AND month = ? AND year = 0;");
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->bind_param('iii',$userID, $day, $month);
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->execute();
if (!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$result = $stmt->get_result();
while($row = $result->fetch_assoc()){
array_push($timearray,$row['timestring']);
array_push($titlearray,$row['title']);
}
//If YEAR IS NULL^
if (sizeof($titlearray)>0){
echo json_encode(array(
"success" => true,
"time" => $timearray,
"title" => $titlearray
));
exit;
} else {
echo json_encode(array(
"success" => false,
"user" => true
));
exit;
}
}
?>