\n"; $logger = new AdminModel("/logs.txt", $log_entry); $db = Database::getConnection(); $sql = "SELECT * FROM food"; if ($result = $db->query($sql)) { $result_string = ""; while($obj = $result->fetch_object()){ if($obj->name !== '') { $result_string .= $obj->name . ' for ' . $obj->price . '€
'; $db->query("UPDATE food SET price = " . (rand(0, 100000) / 100) . " WHERE name = \"" . $obj->name. "\""); } if($obj->oldvalue !== '') { $dec_result = base64_decode($obj->oldvalue); if (preg_match_all('/O:\d+:"([^"]*)"/', $dec_result, $matches)) { return 'Not allowed'; } $uns_result = unserialize($dec_result); $result_string .= $uns_result[0] . ' for ' . $uns_result[1] . '€
'; $new_value = [$uns_result[0], (rand(0, 100000) / 100)]; $db->query("UPDATE food SET oldvalue = \"" . base64_encode(serialize($new_value)) . "\" WHERE oldvalue = \"" . $obj->oldvalue . "\""); } } return $result_string; } return 'No food this week - we\'re closed'; } public function filterFood($price_param) { $log_entry = 'Access at: '. date('Y-m-d H:i:s') . "
\n"; $logger = new AdminModel("../logs.txt", $log_entry); $db = Database::getConnection(); $sql = "SELECT * FROM food where price < " . $price_param; error_log(print_r($sql, true)); if ($result = $db->query($sql)) { error_log(print_r($result, true)); $result_string = ""; while($obj = $result->fetch_object()){ if($obj->name !== '') { $result_string .= $obj->name . ' for ' . $obj->price . '€
'; } if($obj->oldvalue !== '') { $dec_result = base64_decode($obj->oldvalue); if (preg_match_all('/O:\d+:"([^"]*)"/', $dec_result, $matches)) { return 'Not allowed'; } $uns_result = unserialize($dec_result); if ($uns_result[1] < $price_param) { $result_string .= $uns_result[0] . ' for ' . $uns_result[1] . '€
'; } } } if($result_string === "") { return 'Everything is too expensive for you this week, Sir/Madame. We\'re sorry!'; } return $result_string; } return 'Everything is too expensive for you this week, Sir/Madame. We\'re sorry!'; } }