getTimestamp() . "', '$title', '1', '$content', '');"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=newsadmin'); die("Error, please enable browser-redirects."); } public static function editNews($id, $title, $content) { $db = new DBClass(); $sql = "UPDATE `news` SET `title` = '$title', `content` = '$content' WHERE `news`.`id` = $id;"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=newsadmin'); die("Error, please enable browser redirects."); } public static function deleteNews($id) { $db = new DBClass(); $sql = "DELETE FROM `news` WHERE `news`.`id` = $id"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=newsadmin'); die("Error, please enable browser redirects."); } /* Event functions */ public static function addEvent($title, $content, $type, $eventdate) { $db = new DBClass(); $sql = "INSERT INTO `events` (`id`, `title`, `img`, `type`, `description`, `time`) VALUES (NULL, '$title', 'image', '$type', '$content', '" . strtotime($eventdate) . "');"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=eventadmin'); die("Error, please enable browser-redirects."); } public static function editEvent($id, $title, $content, $type, $eventdate) { $db = new DBClass(); $sql = "UPDATE `events` SET `title` = '$title', `img` = 'images', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=eventadmin'); die("Error, please enable browser redirects."); } public static function deleteEvent($id) { $db = new DBClass(); $sql = "DELETE FROM `events` WHERE `events`.`id` = $id"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=eventadmin'); die("Error, please enable browser redirects."); } public static function addUser($username, $password, $realname, $mail, $level) { if (Get::checkExists($username)) { // check if user exists // ERROR USER EXISTS return false; } elseif (strlen($username) < 3) { return false; } elseif (strlen($password) < 5) { return false; } elseif (strlen($realname) < 5) { return false; } elseif (strlen($mail) < 5) { return false; } else { // Now we know everything contains something. // Time to sanitize! $username = filter_var($username, FILTER_SANITIZE_STRING); $realname = filter_var($realname, FILTER_SANITIZE_STRING); $mail = filter_var($mail, FILTER_SANITIZE_EMAIL); // Gr8, we are sanitized. We dont sanitize password, as we hash it anyway using argon2 $db = new DBClass(); $sql = "INSERT INTO `users` (`id`, `realname`, `username`, `password`, `email`, `level`) VALUES (NULL, '$realname', '$username', '" . User::hashPass($password) . "', '$mail', '$level');"; return $db->query($sql); } } }