DFiNE
/
OdenseTrack
Volgen 1
Ster 1
Vork 0
Code Kwesties 3 Pull-aanvragen 0 Publicaties 2 Wiki Activiteit
"OdenseTrack" is a school assignment/project from AspIT https://aspit.dfine.net/odensetrack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 Commits
1 Branch
Tree: f856305e85
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'f856305e85'
${ noResults }
OdenseTrack/classes/alter.class.php

alter.class.php 5.7KB
Geschiedenis Ruw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 
  1. <?php

  2. 

  3. /*

  4.  * Alters information in the database. We use this for signup, administration and more.

  5.  */

  6. 

  7. class Alter {

  8. 

  9.     private function __construct() {

  10.         

  11.     }

  12. 

  13.     public static function addNews($author, $title, $content, $image) {

  14.         $db = new DBClass();

  15.         $time = new DateTime();

  16.         $sql = "INSERT INTO `news` (`id`, `author`, `time`, `title`, `type`, `content`, `img`) VALUES (NULL, '$author', '" . $time->getTimestamp() . "', '$title', '1', '$content', '$image');";

  17.         $db->query($sql);

  18.         header('Location: ' . Config::$sys_url . '?page=newsadmin');

  19.         die("Error, please enable browser-redirects.");

  20.     }

  21. 

  22.     public static function editNews($id, $title, $content, $image) {

  23.         $db = new DBClass();

  24.         if ($image != false) {

  25.             $sql = "UPDATE `news` SET `title` = '$title', `img` = '$image', `content` = '$content' WHERE `news`.`id` = $id;";

  26.         } else {

  27.             $sql = "UPDATE `news` SET `title` = '$title', `content` = '$content' WHERE `news`.`id` = $id;";

  28.         }

  29.         $db->query($sql);

  30.         header('Location: ' . Config::$sys_url . '?page=newsadmin');

  31.         die("Error, please enable browser redirects.");

  32.     }

  33. 

  34.     public static function deleteNews($id) {

  35.         $db = new DBClass();

  36.         $sql = "DELETE FROM `news` WHERE `news`.`id` = $id";

  37.         $db->query($sql);

  38.         header('Location: ' . Config::$sys_url . '?page=newsadmin');

  39.         die("Error, please enable browser redirects.");

  40.     }

  41. 

  42.     /* Event functions */

  43. 

  44.     public static function addEvent($title, $content, $type, $eventdate, $image) {

  45.         $db = new DBClass();

  46.         $sql = "INSERT INTO `events` (`id`, `title`, `img`, `type`, `description`, `time`) VALUES (NULL, '$title', '$image', '$type', '$content', '" . strtotime($eventdate) . "');";

  47.         $db->query($sql);

  48.         header('Location: ' . Config::$sys_url . '?page=eventadmin');

  49.         die("Error, please enable browser-redirects.");

  50.     }

  51. 

  52.     public static function editEvent($id, $title, $content, $type, $eventdate, $image) {

  53.         $db = new DBClass();

  54.         if ($image != false) {

  55.             $sql = "UPDATE `events` SET `title` = '$title', `img` = '$image', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;";

  56.         } else {

  57.             $sql = "UPDATE `events` SET `title` = '$title', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;";

  58.         }

  59.         $db->query($sql);

  60.         header('Location: ' . Config::$sys_url . '?page=eventadmin');

  61.         die("Error, please enable browser redirects.");

  62.     }

  63. 

  64.     public static function deleteEvent($id) {

  65.         $db = new DBClass();

  66.         $sql = "DELETE FROM `events` WHERE `events`.`id` = $id";

  67.         $db->query($sql);

  68.         header('Location: ' . Config::$sys_url . '?page=eventadmin');

  69.         die("Error, please enable browser redirects.");

  70.     }

  71. 

  72.     /* Attendee functions */

  73. 

  74.     public static function attentAdd($user, $event) {

  75.         // Add user to an event. And sanitize as we only want numbers.

  76. 

  77. 

  78.         $event = filter_var(trim($event), FILTER_SANITIZE_NUMBER_INT);

  79.         if (Get::attentDouble($user, $event) != true) {

  80.             $db = new DBClass();

  81.             $time = new DateTime();

  82.             $sql = "INSERT INTO `attendees` (`id`, `eventid`, `userid`, `time`) VALUES (NULL, '$event', '$user', '" . $time->getTimestamp() . "');";

  83.             return $db->query($sql);

  84.         }

  85.         header('Location: ' . Config::$sys_url . '?page=order&error=1');

  86.         die("Error, please enable browser redirects.");

  87.     }

  88.     

  89.     public static function attentDel($user, $event) {

  90.         // Add user to an event. And sanitize as we only want numbers.

  91. 

  92. 

  93.         $event = filter_var(trim($event), FILTER_SANITIZE_NUMBER_INT);

  94.         if (Get::attentDouble($user, $event) != false) {

  95.             $db = new DBClass();

  96.             $sql = "DELETE FROM `attendees` WHERE `attendees`.`userid` = $user AND `eventid` = $event";

  97.             return $db->query($sql);

  98.         }

  99.         header('Location: ' . Config::$sys_url . '?page=order&error=2');

  100.         die("Error, please enable browser redirects.");

  101.     }

  102. 

  103.     /* User functions */

  104. 

  105.     public static function addUser($username, $password, $realname, $mail, $level) {

  106.         if (Get::checkExists($username)) { // check if user exists

  107.             // ERROR USER EXISTS

  108.             return false;

  109.         } elseif (strlen($username) < 3) {

  110.             return false;

  111.         } elseif (strlen($password) < 5) {

  112.             return false;

  113.         } elseif (strlen($realname) < 5) {

  114.             return false;

  115.         } elseif (strlen($mail) < 5) {

  116.             return false;

  117.         } else {

  118.             // Now we know everything contains something.

  119.             // Time to sanitize!

  120. 

  121.             $username = filter_var($username, FILTER_SANITIZE_STRING);

  122.             $realname = filter_var($realname, FILTER_SANITIZE_STRING);

  123.             $mail = filter_var($mail, FILTER_SANITIZE_EMAIL);

  124.             // Gr8, we are sanitized. We dont sanitize password, as we hash it anyway using argon2

  125. 

  126.             $db = new DBClass();

  127.             $sql = "INSERT INTO `users` (`id`, `realname`, `username`, `password`, `email`, `level`) VALUES (NULL, '$realname', '$username', '" . User::hashPass($password) . "', '$mail', '$level');";

  128.             return $db->query($sql);

  129.         }

  130.     }

  131. 

  132.     public static function insertImage($filename, $mime) {

  133.         $db = new DBClass();

  134.         $time = new DateTime();

  135.         $sql = "INSERT INTO `uploads` (`id`, `filename`, `date`, `user`, `mime`) VALUES (NULL, '$filename', '" . $time->getTimestamp() . "', '" . $_SESSION['user'] . "', '" . $mime . "');";

  136.         $db->query($sql);

  137.     }

  138. 

  139. }