DFiNE
/
OdenseTrack
Слідкувати 1
В обрані 1
Форк 0
Код Проблеми 3 Запити на злиття 0 Релізи 2 Вікі Активність
"OdenseTrack" is a school assignment/project from AspIT https://aspit.dfine.net/odensetrack
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
70 Коміти
1 Гілка
Дерево: rls1
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'rls1'
${ noResults }
OdenseTrack/classes/alter.class.php

alter.class.php 5.9KB
Постійне посилання Історія Неформатований

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 
  1. <?php

  2. 

  3. /*

  4.  * Alters information in the database. We use this for signup, administration and more.

  5.  */

  6. 

  7. class Alter {

  8. 

  9.     private function __construct() {

  10.         

  11.     }

  12. 

  13.     public static function addNews($author, $title, $content, $image, $type) {

  14.         $db = new DBClass();

  15.         $time = new DateTime();

  16.         // Sanitize number

  17.         $type = filter_var(trim($type), FILTER_SANITIZE_NUMBER_INT);

  18.         $sql = "INSERT INTO `news` (`id`, `author`, `time`, `title`, `type`, `content`, `img`) VALUES (NULL, '$author', '" . $time->getTimestamp() . "', '$title', '$type', '$content', '$image');";

  19.         $db->query($sql);

  20.         header('Location: ' . Config::$sys_url . '?page=newsadmin');

  21.         die("Error, please enable browser-redirects.");

  22.     }

  23. 

  24.     public static function editNews($id, $title, $content, $image, $type) {

  25.         $db = new DBClass();

  26.         // Sanitize number

  27.         $type = filter_var(trim($type), FILTER_SANITIZE_NUMBER_INT);

  28.         if ($image != false) {

  29.             $sql = "UPDATE `news` SET `title` = '$title', `img` = '$image', `content` = '$content', `type` = '$type' WHERE `news`.`id` = $id;";

  30.         } else {

  31.             $sql = "UPDATE `news` SET `title` = '$title', `content` = '$content', `type` = '$type' WHERE `news`.`id` = $id;";

  32.         }

  33.         $db->query($sql);

  34.         header('Location: ' . Config::$sys_url . '?page=newsadmin');

  35.         die("Error, please enable browser redirects.");

  36.     }

  37. 

  38.     public static function deleteNews($id) {

  39.         $db = new DBClass();

  40.         $sql = "DELETE FROM `news` WHERE `news`.`id` = $id";

  41.         $db->query($sql);

  42.         header('Location: ' . Config::$sys_url . '?page=newsadmin');

  43.         die("Error, please enable browser redirects.");

  44.     }

  45. 

  46.     /* Event functions */

  47. 

  48.     public static function addEvent($title, $content, $type, $eventdate, $image) {

  49.         $db = new DBClass();

  50.         $sql = "INSERT INTO `events` (`id`, `title`, `img`, `type`, `description`, `time`) VALUES (NULL, '$title', '$image', '$type', '$content', '" . strtotime($eventdate) . "');";

  51.         $db->query($sql);

  52.         header('Location: ' . Config::$sys_url . '?page=eventadmin');

  53.         die("Error, please enable browser-redirects.");

  54.     }

  55. 

  56.     public static function editEvent($id, $title, $content, $type, $eventdate, $image) {

  57.         $db = new DBClass();

  58.         if ($image != false) {

  59.             $sql = "UPDATE `events` SET `title` = '$title', `img` = '$image', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;";

  60.         } else {

  61.             $sql = "UPDATE `events` SET `title` = '$title', `type` = '$type', `time` = '" . strtotime($eventdate) . "', `description` = '$content' WHERE `events`.`id` = $id;";

  62.         }

  63.         $db->query($sql);

  64.         header('Location: ' . Config::$sys_url . '?page=eventadmin');

  65.         die("Error, please enable browser redirects.");

  66.     }

  67. 

  68.     public static function deleteEvent($id) {

  69.         $db = new DBClass();

  70.         $sql = "DELETE FROM `events` WHERE `events`.`id` = $id";

  71.         $db->query($sql);

  72.         header('Location: ' . Config::$sys_url . '?page=eventadmin');

  73.         die("Error, please enable browser redirects.");

  74.     }

  75. 

  76.     /* Attendee functions */

  77. 

  78.     public static function attentAdd($user, $event) {

  79.         // Add user to an event. And sanitize as we only want numbers.

  80. 

  81. 

  82.         $event = filter_var(trim($event), FILTER_SANITIZE_NUMBER_INT);

  83.         if (Get::attentDouble($user, $event) != true) {

  84.             $db = new DBClass();

  85.             $time = new DateTime();

  86.             $sql = "INSERT INTO `attendees` (`id`, `eventid`, `userid`, `time`) VALUES (NULL, '$event', '$user', '" . $time->getTimestamp() . "');";

  87.             return $db->query($sql);

  88.         }

  89.         header('Location: ' . Config::$sys_url . '?page=order&error=1');

  90.         die("Error, please enable browser redirects.");

  91.     }

  92.     

  93.     public static function attentDel($user, $event) {

  94.         // Add user to an event. And sanitize as we only want numbers.

  95. 

  96. 

  97.         $event = filter_var(trim($event), FILTER_SANITIZE_NUMBER_INT);

  98.         if (Get::attentDouble($user, $event) != false) {

  99.             $db = new DBClass();

  100.             $sql = "DELETE FROM `attendees` WHERE `attendees`.`userid` = $user AND `eventid` = $event";

  101.             return $db->query($sql);

  102.         }

  103.         header('Location: ' . Config::$sys_url . '?page=order&error=2');

  104.         die("Error, please enable browser redirects.");

  105.     }

  106. 

  107.     /* User functions */

  108. 

  109.     public static function addUser($username, $password, $realname, $mail, $level) {

  110.         if (Get::checkExists($username)) { // check if user exists

  111.             // ERROR USER EXISTS

  112.             return false;

  113.         } elseif (strlen($username) < 3) {

  114.             return false;

  115.         } elseif (strlen($password) < 5) {

  116.             return false;

  117.         } elseif (strlen($realname) < 5) {

  118.             return false;

  119.         } elseif (strlen($mail) < 5) {

  120.             return false;

  121.         } else {

  122.             // Now we know everything contains something.

  123.             // Time to sanitize!

  124. 

  125.             $username = filter_var($username, FILTER_SANITIZE_STRING);

  126.             $realname = filter_var($realname, FILTER_SANITIZE_STRING);

  127.             $mail = filter_var($mail, FILTER_SANITIZE_EMAIL);

  128.             // Gr8, we are sanitized. We dont sanitize password, as we hash it anyway using argon2

  129. 

  130.             $db = new DBClass();

  131.             $sql = "INSERT INTO `users` (`id`, `realname`, `username`, `password`, `email`, `level`) VALUES (NULL, '$realname', '$username', '" . User::hashPass($password) . "', '$mail', '$level');";

  132.             return $db->query($sql);

  133.         }

  134.     }

  135. 

  136.     public static function insertImage($filename, $mime) {

  137.         $db = new DBClass();

  138.         $time = new DateTime();

  139.         $sql = "INSERT INTO `uploads` (`id`, `filename`, `date`, `user`, `mime`) VALUES (NULL, '$filename', '" . $time->getTimestamp() . "', '" . $_SESSION['user'] . "', '" . $mime . "');";

  140.         $db->query($sql);

  141.     }

  142. 

  143. }