DFiNE
/
OdenseTrack
关注 1
点赞 1
派生 0
代码 工单 3 合并请求 0 版本发布 2 百科 动态
"OdenseTrack" is a school assignment/project from AspIT https://aspit.dfine.net/odensetrack
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
1 提交
1 分支
目录树: 9ce532d7fe
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '9ce532d7fe'
${ noResults }
OdenseTrack/classes/get.class.php

get.class.php 2.8KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. <?php

  2. 

  3. /*

  4.  * Gets various items from the database - Used on basically all pages.

  5.  */

  6. 

  7. class Get {

  8. 

  9.     private function __construct() {

  10.         

  11.     }

  12. 

  13.     public static function NewsArticle($id) {

  14.         /* Here we sanitize the userinput. We only allow numbers here.

  15.          * - Filter the variable to remove anything but numbers (plusses and minusses)

  16.          * However, the filter_var needs us to trim the output first, as we dont want nullbytes.

  17.          */

  18. 

  19.         $newsitem = filter_var(trim($id), FILTER_SANITIZE_NUMBER_INT);

  20. 

  21.         $db = new DBClass();

  22.         $sql = "SELECT news.*,users.realname FROM `news` JOIN users ON news.author = users.id WHERE news.id = $newsitem";

  23. 

  24.         // Does the newsitem exist? If not, we redirect.

  25. 

  26.         if ($db->numRows($db->query($sql)) != 1) {

  27.             header('Location: ' . Config::$sys_url . '?page=error');

  28.             die("This newsitem doesnt exist.");

  29.         }

  30.         // It did, yay! - Lets fetch it, and return it.

  31.         return $db->fetchAll($db->query($sql))[0];

  32.     }

  33. 

  34.     public static function NewsList() {

  35.         // newsadmin

  36.         $db = new DBClass();

  37.         $sql = "SELECT news.*,users.realname FROM `news` JOIN users ON news.author = users.id ORDER BY `id` DESC";

  38.         return $db->fetchAll($db->query($sql));

  39.     }

  40. 

  41.     public static function publicNewsList() {

  42.         $db = new DBClass();

  43.         $sql = "SELECT news.*,users.realname FROM `news` JOIN users ON news.author = users.id ORDER BY `id` DESC LIMIT 5";

  44.         return $db->fetchAll($db->query($sql));

  45.     }

  46. 

  47.     /* Event functions */

  48. 

  49.     public static function ViewEvent($id) {

  50.         /* Here we sanitize the userinput. We only allow numbers here.

  51.          * - Filter the variable to remove anything but numbers (plusses and minusses)

  52.          * However, the filter_var needs us to trim the output first, as we dont want nullbytes.

  53.          */

  54.         $eventitem = filter_var(trim($id), FILTER_SANITIZE_NUMBER_INT);

  55. 

  56.         // Get the news

  57. 

  58.         $db = new DBClass();

  59.         $sql = "SELECT * FROM `events` WHERE `id` = $eventitem";

  60.         // Check if this eventitem exists - If not, we 404

  61.         if ($db->numRows($db->query($sql)) != 1) {

  62.             header('Location: ' . Config::$sys_url . '?page=error');

  63.             die("This newsitem doesnt exist.");

  64.         }

  65.         // It did, yay! - Lets fetch it, and return it.

  66.         return $db->fetchAll($db->query($sql))[0];

  67.     }

  68. 

  69.     public static function EventList() {

  70.         // eventadmin

  71.         $db = new DBClass();

  72.         $sql = "SELECT * FROM `events` ORDER BY `id` DESC";

  73.         return $db->fetchAll($db->query($sql));

  74.     }

  75. 

  76.     public static function publicEventList() {

  77.         $db = new DBClass();

  78.         $sql = "SELECT * FROM `events` ORDER BY `id` DESC LIMIT 5";

  79.         return $db->fetchAll($db->query($sql));

  80.     }

  81. 

  82. }