DFiNE
/
OdenseTrack


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
							<?php

/*
 * Alters information in the database. We use this for signup, administration and more.
 */

class Alter {

    private function __construct() {
        
    }

    public static function addNews($author, $title, $content) {
        $db = new DBClass();
        $time = new DateTime();
        $sql = "INSERT INTO `news` (`id`, `author`, `time`, `title`, `type`, `content`, `img`) VALUES (NULL, '$author', '" . $time->getTimestamp() . "', '$title', '1', '$content', '');";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=newsadmin');
        die("Error, please enable browser-redirects.");
    }

    public static function editNews($id, $title, $content) {
        $db = new DBClass();
        $sql = "UPDATE `news` SET `title` = '$title', `content` = '$content' WHERE `news`.`id` = $id;";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=newsadmin');
        die("Error, please enable browser redirects.");
    }

    public static function deleteNews($id) {
        $db = new DBClass();
        $sql = "DELETE FROM `news` WHERE `news`.`id` = $id";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=newsadmin');
        die("Error, please enable browser redirects.");
    }

    /* Event functions */

    public static function addEvent($title, $content, $type, $eventdate, $image) {
        $db = new DBClass();
        $sql = "INSERT INTO `events` (`id`, `title`, `img`, `type`, `description`, `time`) VALUES (NULL, '$title', '$image', '$type', '$content', '" . strtotime($eventdate) . "');";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=eventadmin');
        die("Error, please enable browser-redirects.");
    }

    public static function editEvent($id, $title, $content, $type, $eventdate, $image) {
        $db = new DBClass();
        if ($image != false) {
            $sql = "UPDATE `events` SET `title` = '$title', `img` = '$image', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;";
        } else {
            $sql = "UPDATE `events` SET `title` = '$title', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;";
        }
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=eventadmin');
        die("Error, please enable browser redirects.");
    }

    public static function deleteEvent($id) {
        $db = new DBClass();
        $sql = "DELETE FROM `events` WHERE `events`.`id` = $id";
        $db->query($sql);
        header('Location: ' . Config::$sys_url . '?page=eventadmin');
        die("Error, please enable browser redirects.");
    }

    public static function addUser($username, $password, $realname, $mail, $level) {
        if (Get::checkExists($username)) { // check if user exists
            // ERROR USER EXISTS
            return false;
        } elseif (strlen($username) < 3) {
            return false;
        } elseif (strlen($password) < 5) {
            return false;
        } elseif (strlen($realname) < 5) {
            return false;
        } elseif (strlen($mail) < 5) {
            return false;
        } else {
            // Now we know everything contains something.
            // Time to sanitize!

            $username = filter_var($username, FILTER_SANITIZE_STRING);
            $realname = filter_var($realname, FILTER_SANITIZE_STRING);
            $mail = filter_var($mail, FILTER_SANITIZE_EMAIL);
            // Gr8, we are sanitized. We dont sanitize password, as we hash it anyway using argon2

            $db = new DBClass();
            $sql = "INSERT INTO `users` (`id`, `realname`, `username`, `password`, `email`, `level`) VALUES (NULL, '$realname', '$username', '" . User::hashPass($password) . "', '$mail', '$level');";
            return $db->query($sql);
        }
    }

    public static function insertImage($filename, $mime) {
        $db = new DBClass();
        $time = new DateTime();
        $sql = "INSERT INTO `uploads` (`id`, `filename`, `date`, `user`, `mime`) VALUES (NULL, '$filename', '" . $time->getTimestamp() . "', '" . $_SESSION['user'] . "', '" . $mime . "');";
        $db->query($sql);
    }

}