getTimestamp() . "', '$title', '$type', '$content', '$image');"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=newsadmin'); die("Error, please enable browser-redirects."); } public static function editNews($id, $title, $content, $image, $type) { $db = new DBClass(); // Sanitize number $type = filter_var(trim($type), FILTER_SANITIZE_NUMBER_INT); if ($image != false) { $sql = "UPDATE `news` SET `title` = '$title', `img` = '$image', `content` = '$content', `type` = '$type' WHERE `news`.`id` = $id;"; } else { $sql = "UPDATE `news` SET `title` = '$title', `content` = '$content', `type` = '$type' WHERE `news`.`id` = $id;"; } $db->query($sql); header('Location: ' . Config::$sys_url . '?page=newsadmin'); die("Error, please enable browser redirects."); } public static function deleteNews($id) { $db = new DBClass(); $sql = "DELETE FROM `news` WHERE `news`.`id` = $id"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=newsadmin'); die("Error, please enable browser redirects."); } /* Event functions */ public static function addEvent($title, $content, $type, $eventdate, $image) { $db = new DBClass(); $sql = "INSERT INTO `events` (`id`, `title`, `img`, `type`, `description`, `time`) VALUES (NULL, '$title', '$image', '$type', '$content', '" . strtotime($eventdate) . "');"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=eventadmin'); die("Error, please enable browser-redirects."); } public static function editEvent($id, $title, $content, $type, $eventdate, $image) { $db = new DBClass(); if ($image != false) { $sql = "UPDATE `events` SET `title` = '$title', `img` = '$image', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;"; } else { $sql = "UPDATE `events` SET `title` = '$title', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;"; } $db->query($sql); header('Location: ' . Config::$sys_url . '?page=eventadmin'); die("Error, please enable browser redirects."); } public static function deleteEvent($id) { $db = new DBClass(); $sql = "DELETE FROM `events` WHERE `events`.`id` = $id"; $db->query($sql); header('Location: ' . Config::$sys_url . '?page=eventadmin'); die("Error, please enable browser redirects."); } /* Attendee functions */ public static function attentAdd($user, $event) { // Add user to an event. And sanitize as we only want numbers. $event = filter_var(trim($event), FILTER_SANITIZE_NUMBER_INT); if (Get::attentDouble($user, $event) != true) { $db = new DBClass(); $time = new DateTime(); $sql = "INSERT INTO `attendees` (`id`, `eventid`, `userid`, `time`) VALUES (NULL, '$event', '$user', '" . $time->getTimestamp() . "');"; return $db->query($sql); } header('Location: ' . Config::$sys_url . '?page=order&error=1'); die("Error, please enable browser redirects."); } public static function attentDel($user, $event) { // Add user to an event. And sanitize as we only want numbers. $event = filter_var(trim($event), FILTER_SANITIZE_NUMBER_INT); if (Get::attentDouble($user, $event) != false) { $db = new DBClass(); $sql = "DELETE FROM `attendees` WHERE `attendees`.`userid` = $user AND `eventid` = $event"; return $db->query($sql); } header('Location: ' . Config::$sys_url . '?page=order&error=2'); die("Error, please enable browser redirects."); } /* User functions */ public static function addUser($username, $password, $realname, $mail, $level) { if (Get::checkExists($username)) { // check if user exists // ERROR USER EXISTS return false; } elseif (strlen($username) < 3) { return false; } elseif (strlen($password) < 5) { return false; } elseif (strlen($realname) < 5) { return false; } elseif (strlen($mail) < 5) { return false; } else { // Now we know everything contains something. // Time to sanitize! $username = filter_var($username, FILTER_SANITIZE_STRING); $realname = filter_var($realname, FILTER_SANITIZE_STRING); $mail = filter_var($mail, FILTER_SANITIZE_EMAIL); // Gr8, we are sanitized. We dont sanitize password, as we hash it anyway using argon2 $db = new DBClass(); $sql = "INSERT INTO `users` (`id`, `realname`, `username`, `password`, `email`, `level`) VALUES (NULL, '$realname', '$username', '" . User::hashPass($password) . "', '$mail', '$level');"; return $db->query($sql); } } public static function insertImage($filename, $mime) { $db = new DBClass(); $time = new DateTime(); $sql = "INSERT INTO `uploads` (`id`, `filename`, `date`, `user`, `mime`) VALUES (NULL, '$filename', '" . $time->getTimestamp() . "', '" . $_SESSION['user'] . "', '" . $mime . "');"; $db->query($sql); } }