DFiNE
/
OdenseTrack


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
							<?php

/*
 * Alters information in the database. We use this for signup, administration and more.
 */

class Alter {

    private function __construct() {
        
    }

    public static function addNews($author, $title, $content) {
        $db = new DBClass();
        $time = new DateTime();
        $sql = "INSERT INTO `news` (`id`, `author`, `time`, `title`, `type`, `content`, `img`) VALUES (NULL, '$author', '" . $time->getTimestamp() . "', '$title', '1', '$content', '');";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=newsadmin');
        die("Error, please enable browser-redirects.");
    }

    public static function editNews($id, $title, $content) {
        $db = new DBClass();
        $sql = "UPDATE `news` SET `title` = '$title', `content` = '$content' WHERE `news`.`id` = $id;";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=newsadmin');
        die("Error, please enable browser redirects.");
    }

    public static function deleteNews($id) {
        $db = new DBClass();
        $sql = "DELETE FROM `news` WHERE `news`.`id` = $id";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=newsadmin');
        die("Error, please enable browser redirects.");
    }

    
    /* Event functions */
    
    public static function addEvent($title, $content, $type, $eventdate) {
        $db = new DBClass();
        $sql = "INSERT INTO `events` (`id`, `title`, `img`, `type`, `description`, `time`) VALUES (NULL, '$title', 'image', '$type', '$content', '" . strtotime($eventdate) . "');";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=eventadmin');
        die("Error, please enable browser-redirects.");
    }

    public static function editEvent($id, $title, $content, $type, $eventdate) {
        $db = new DBClass();
        $sql = "UPDATE `events` SET `title` = '$title', `img` = 'images', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=eventadmin');
        die("Error, please enable browser redirects.");
    }

    public static function deleteEvent($id) {
        $db = new DBClass();
        $sql = "DELETE FROM `events` WHERE `events`.`id` = $id";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=eventadmin');
        die("Error, please enable browser redirects.");
    }
    
    public static function addUser($username, $password, $realname, $mail, $level) {  
        if (Get::checkExists($username)) { // check if user exists
            // ERROR USER EXISTS
            die();
        }
        
        // lets check the variables
        
        if (strlen($username) < 3) { die(); }
        elseif (strlen($password) < 5) { die(); }
        elseif (strlen($realname) < 5) { die(); }
        elseif (strlen($mail) < 5) { die(); }
        // Now we know everything contains something.
        // Time to sanitize!
        
        $username = filter_var($username, FILTER_SANITIZE_STRING);
        $realname = filter_var($realname, FILTER_SANITIZE_STRING);
        $mail = filter_var($mail, FILTER_SANITIZE_EMAIL);
        // Gr8, we are sanitized. We dont sanitize password, as we hash it anyway using argon2
        
        $db = new DBClass();
        $sql = "INSERT INTO `users` (`id`, `realname`, `username`, `password`, `email`, `level`) VALUES (NULL, '$realname', '$username', '" . User::hashPass($password) . "', '$mail', '$level');";
        return $db->query($sql);
    }

}