DFiNE
/
OdenseTrack


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
							<?php

/*
 * Gets various items from the database - Used on basically all pages.
 */

class Get {

    private function __construct() {
        
    }

    public static function NewsArticle($id) {
        /* Here we sanitize the userinput. We only allow numbers here.
         * - Filter the variable to remove anything but numbers (plusses and minusses)
         * However, the filter_var needs us to trim the output first, as we dont want nullbytes.
         */

        $newsitem = filter_var(trim($id), FILTER_SANITIZE_NUMBER_INT);

        $db = new DBClass();
        $sql = "SELECT news.*,users.realname FROM `news` JOIN users ON news.author = users.id WHERE news.id = $newsitem";

        // Does the newsitem exist? If not, we redirect.

        if ($db->numRows($db->query($sql)) != 1) {
            header('Location: ' . Config::$sys_url . '?page=error');
            die("This newsitem doesnt exist.");
        }
        // It did, yay! - Lets fetch it, and return it.
        return $db->fetchAll($db->query($sql))[0];
    }

    public static function NewsList() {
        // newsadmin
        $db = new DBClass();
        $sql = "SELECT news.*,users.realname FROM `news` JOIN users ON news.author = users.id ORDER BY `id` DESC";
        return $db->fetchAll($db->query($sql));
    }

    public static function publicNewsList() {
        $db = new DBClass();
        $sql = "SELECT news.*,users.realname FROM `news` JOIN users ON news.author = users.id ORDER BY `id` DESC LIMIT 5";
        return $db->fetchAll($db->query($sql));
    }

    /* Event functions */

    public static function ViewEvent($id) {
        /* Here we sanitize the userinput. We only allow numbers here.
         * - Filter the variable to remove anything but numbers (plusses and minusses)
         * However, the filter_var needs us to trim the output first, as we dont want nullbytes.
         */
        $eventitem = filter_var(trim($id), FILTER_SANITIZE_NUMBER_INT);

        // Get the news

        $db = new DBClass();
        $sql = "SELECT * FROM `events` WHERE `id` = $eventitem";
        // Check if this eventitem exists - If not, we 404
        if ($db->numRows($db->query($sql)) != 1) {
            header('Location: ' . Config::$sys_url . '?page=error');
            die("This newsitem doesnt exist.");
        }
        // It did, yay! - Lets fetch it, and return it.
        return $db->fetchAll($db->query($sql))[0];
    }

    public static function EventList() {
        // eventadmin
        $db = new DBClass();
        $sql = "SELECT * FROM `events` ORDER BY `id` DESC";
        return $db->fetchAll($db->query($sql));
    }

    public static function publicEventList() {
        $db = new DBClass();
        $sql = "SELECT * FROM `events` ORDER BY `id` DESC LIMIT 5";
        return $db->fetchAll($db->query($sql));
    }
    
    
    /* Login and user functions */

    public static function checkExists($name) {
        // Checks if username already is in db, if not return false, if it exists return true
        $db = new DBClass();
        $sql = "SELECT * FROM `" . Config::$db_tableusers . "` WHERE `username` = '$name'";
        if ($db->numRows($db->query($sql)) != 1) { return false; } else { return true; }
    }
    
    /* File/Upload functions */
    
    public static function getImages($limit) {
        // Returns all images in database.
        $db = new DBClass();
        $sql = "SELECT * FROM `uploads` WHERE `mime` LIKE 'image%'";
        return $db->fetchAll($db->query($sql));
    }
    
}