DFiNE
/
OdenseTrack
关注 1
点赞 1
派生 0
代码 工单 3 合并请求 0 版本发布 2 百科 动态
"OdenseTrack" is a school assignment/project from AspIT https://aspit.dfine.net/odensetrack
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
66 提交
1 分支
目录树: 983f7b3db9
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '983f7b3db9'
${ noResults }
OdenseTrack/classes/alter.class.php

alter.class.php 5.8KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141 
  1. <?php

  2. 

  3. /*

  4.  * Alters information in the database. We use this for signup, administration and more.

  5.  */

  6. 

  7. class Alter {

  8. 

  9.     private function __construct() {

  10.         

  11.     }

  12. 

  13.     public static function addNews($author, $title, $content, $image, $type) {

  14.         $db = new DBClass();

  15.         $time = new DateTime();

  16.         $type = filter_var(trim($type), FILTER_SANITIZE_NUMBER_INT);

  17.         $sql = "INSERT INTO `news` (`id`, `author`, `time`, `title`, `type`, `content`, `img`) VALUES (NULL, '$author', '" . $time->getTimestamp() . "', '$title', '$type', '$content', '$image');";

  18.         $db->query($sql);

  19.         header('Location: ' . Config::$sys_url . '?page=newsadmin');

  20.         die("Error, please enable browser-redirects.");

  21.     }

  22. 

  23.     public static function editNews($id, $title, $content, $image, $type) {

  24.         $db = new DBClass();

  25.         $type = filter_var(trim($type), FILTER_SANITIZE_NUMBER_INT);

  26.         if ($image != false) {

  27.             $sql = "UPDATE `news` SET `title` = '$title', `img` = '$image', `content` = '$content', `type` = '$type' WHERE `news`.`id` = $id;";

  28.         } else {

  29.             $sql = "UPDATE `news` SET `title` = '$title', `content` = '$content', `type` = '$type' WHERE `news`.`id` = $id;";

  30.         }

  31.         $db->query($sql);

  32.         header('Location: ' . Config::$sys_url . '?page=newsadmin');

  33.         die("Error, please enable browser redirects.");

  34.     }

  35. 

  36.     public static function deleteNews($id) {

  37.         $db = new DBClass();

  38.         $sql = "DELETE FROM `news` WHERE `news`.`id` = $id";

  39.         $db->query($sql);

  40.         header('Location: ' . Config::$sys_url . '?page=newsadmin');

  41.         die("Error, please enable browser redirects.");

  42.     }

  43. 

  44.     /* Event functions */

  45. 

  46.     public static function addEvent($title, $content, $type, $eventdate, $image) {

  47.         $db = new DBClass();

  48.         $sql = "INSERT INTO `events` (`id`, `title`, `img`, `type`, `description`, `time`) VALUES (NULL, '$title', '$image', '$type', '$content', '" . strtotime($eventdate) . "');";

  49.         $db->query($sql);

  50.         header('Location: ' . Config::$sys_url . '?page=eventadmin');

  51.         die("Error, please enable browser-redirects.");

  52.     }

  53. 

  54.     public static function editEvent($id, $title, $content, $type, $eventdate, $image) {

  55.         $db = new DBClass();

  56.         if ($image != false) {

  57.             $sql = "UPDATE `events` SET `title` = '$title', `img` = '$image', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;";

  58.         } else {

  59.             $sql = "UPDATE `events` SET `title` = '$title', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;";

  60.         }

  61.         $db->query($sql);

  62.         header('Location: ' . Config::$sys_url . '?page=eventadmin');

  63.         die("Error, please enable browser redirects.");

  64.     }

  65. 

  66.     public static function deleteEvent($id) {

  67.         $db = new DBClass();

  68.         $sql = "DELETE FROM `events` WHERE `events`.`id` = $id";

  69.         $db->query($sql);

  70.         header('Location: ' . Config::$sys_url . '?page=eventadmin');

  71.         die("Error, please enable browser redirects.");

  72.     }

  73. 

  74.     /* Attendee functions */

  75. 

  76.     public static function attentAdd($user, $event) {

  77.         // Add user to an event. And sanitize as we only want numbers.

  78. 

  79. 

  80.         $event = filter_var(trim($event), FILTER_SANITIZE_NUMBER_INT);

  81.         if (Get::attentDouble($user, $event) != true) {

  82.             $db = new DBClass();

  83.             $time = new DateTime();

  84.             $sql = "INSERT INTO `attendees` (`id`, `eventid`, `userid`, `time`) VALUES (NULL, '$event', '$user', '" . $time->getTimestamp() . "');";

  85.             return $db->query($sql);

  86.         }

  87.         header('Location: ' . Config::$sys_url . '?page=order&error=1');

  88.         die("Error, please enable browser redirects.");

  89.     }

  90.     

  91.     public static function attentDel($user, $event) {

  92.         // Add user to an event. And sanitize as we only want numbers.

  93. 

  94. 

  95.         $event = filter_var(trim($event), FILTER_SANITIZE_NUMBER_INT);

  96.         if (Get::attentDouble($user, $event) != false) {

  97.             $db = new DBClass();

  98.             $sql = "DELETE FROM `attendees` WHERE `attendees`.`userid` = $user AND `eventid` = $event";

  99.             return $db->query($sql);

  100.         }

  101.         header('Location: ' . Config::$sys_url . '?page=order&error=2');

  102.         die("Error, please enable browser redirects.");

  103.     }

  104. 

  105.     /* User functions */

  106. 

  107.     public static function addUser($username, $password, $realname, $mail, $level) {

  108.         if (Get::checkExists($username)) { // check if user exists

  109.             // ERROR USER EXISTS

  110.             return false;

  111.         } elseif (strlen($username) < 3) {

  112.             return false;

  113.         } elseif (strlen($password) < 5) {

  114.             return false;

  115.         } elseif (strlen($realname) < 5) {

  116.             return false;

  117.         } elseif (strlen($mail) < 5) {

  118.             return false;

  119.         } else {

  120.             // Now we know everything contains something.

  121.             // Time to sanitize!

  122. 

  123.             $username = filter_var($username, FILTER_SANITIZE_STRING);

  124.             $realname = filter_var($realname, FILTER_SANITIZE_STRING);

  125.             $mail = filter_var($mail, FILTER_SANITIZE_EMAIL);

  126.             // Gr8, we are sanitized. We dont sanitize password, as we hash it anyway using argon2

  127. 

  128.             $db = new DBClass();

  129.             $sql = "INSERT INTO `users` (`id`, `realname`, `username`, `password`, `email`, `level`) VALUES (NULL, '$realname', '$username', '" . User::hashPass($password) . "', '$mail', '$level');";

  130.             return $db->query($sql);

  131.         }

  132.     }

  133. 

  134.     public static function insertImage($filename, $mime) {

  135.         $db = new DBClass();

  136.         $time = new DateTime();

  137.         $sql = "INSERT INTO `uploads` (`id`, `filename`, `date`, `user`, `mime`) VALUES (NULL, '$filename', '" . $time->getTimestamp() . "', '" . $_SESSION['user'] . "', '" . $mime . "');";

  138.         $db->query($sql);

  139.     }

  140. 

  141. }