OdenseTrack/classes/get.class.php

<?php

/*
 * Gets various items from the database - Used on basically all pages.
 */

class Get {

    private function __construct() {
        
    }

    public static function NewsArticle($id) {
        /* Here we sanitize the userinput. We only allow numbers here.
         * - Filter the variable to remove anything but numbers (plusses and minusses)
         * However, the filter_var needs us to trim the output first, as we dont want nullbytes.
         */

        $newsitem = filter_var(trim($id), FILTER_SANITIZE_NUMBER_INT);

        $db = new DBClass();
        $sql = "SELECT news.*,users.realname FROM `news` JOIN users ON news.author = users.id WHERE news.id = $newsitem";

        // Does the newsitem exist? If not, we redirect.

        if ($db->numRows($db->query($sql)) != 1) {
            header('Location: ' . Config::$sys_url . '?page=error');
            die("This newsitem doesnt exist.");
        }
        // It did, yay! - Lets fetch it, and return it.
        return $db->fetchAll($db->query($sql))[0];
    }

    public static function NewsList() {
        // newsadmin
        $db = new DBClass();
        $sql = "SELECT news.*,users.realname FROM `news` JOIN users ON news.author = users.id ORDER BY `id` DESC";
        return $db->fetchAll($db->query($sql));
    }

    public static function publicNewsList() {
        $db = new DBClass();
        $sql = "SELECT news.*,users.realname FROM `news` JOIN users ON news.author = users.id ORDER BY `id` DESC LIMIT 5";
        return $db->fetchAll($db->query($sql));
    }

    /* Event functions */

    public static function ViewEvent($id) {
        /* Here we sanitize the userinput. We only allow numbers here.
         * - Filter the variable to remove anything but numbers (plusses and minusses)
         * However, the filter_var needs us to trim the output first, as we dont want nullbytes.
         */
        $eventitem = filter_var(trim($id), FILTER_SANITIZE_NUMBER_INT);

        // Get the news

        $db = new DBClass();
        $sql = "SELECT * FROM `events` WHERE `id` = $eventitem";
        // Check if this eventitem exists - If not, we 404
        if ($db->numRows($db->query($sql)) != 1) {
            header('Location: ' . Config::$sys_url . '?page=error');
            die("This newsitem doesnt exist.");
        }
        // It did, yay! - Lets fetch it, and return it.
        return $db->fetchAll($db->query($sql))[0];
    }

    public static function EventList() {
        // eventadmin
        $db = new DBClass();
        $sql = "SELECT * FROM `events` ORDER BY `id` DESC";
        return $db->fetchAll($db->query($sql));
    }

    public static function publicEventList() {
        $db = new DBClass();
        $time = new DateTime();
        $sql = "SELECT * FROM `events` WHERE `time` > ".$time->getTimestamp()." ORDER BY `time` ASC";
        return $db->fetchAll($db->query($sql));
    }
    
    public static function publicOldEventList() {
        $db = new DBClass();
        $time = new DateTime();
        $sql = "SELECT * FROM `events` WHERE `time` < ".$time->getTimestamp()." ORDER BY `time` ASC";
        return $db->fetchAll($db->query($sql));
    }
    
    public static function publicEventListHome($limit) {
        $db = new DBClass();
        $time = new DateTime();
        $sql = "SELECT * FROM `events` WHERE `time` > ".$time->getTimestamp()." ORDER BY `time` ASC LIMIT $limit";
        return $db->fetchAll($db->query($sql));
    }
    
    public static function EventTrackList($limit) {
        $db = new DBClass();
        $sql = "SELECT * FROM `events` WHERE `type` = '2' ORDER BY `time` ASC LIMIT $limit";
        return $db->fetchAll($db->query($sql));
    }
    
    /* Attend functions */

    public static function attentEventList() {
        // Get list of events that havent already started
        $db = new DBClass();
        $time = new DateTime();
        $sql = "SELECT * FROM `events` WHERE `time` > ".$time->getTimestamp()." AND `type` = 1 ORDER BY `time` ASC";
        return $db->fetchAll($db->query($sql));
    }
    
    public static function attentDouble($user,$event) {
        // Checks if username already is in db, if not return false, if it exists return true
        $db = new DBClass();
        $sql = "SELECT * FROM `attendees` WHERE `userid` = $user AND `eventid` = $event";
        if ($db->numRows($db->query($sql)) != 1) { return false; } else { return true; }
    }
    
    public static function attendees($event) {
        // Checks if username already is in db, if not return false, if it exists return true
        $db = new DBClass();
        $sql = "SELECT * FROM `attendees` WHERE `eventid` = $event";
        return $db->numRows($db->query($sql));
    }
    
    /* Login and user functions */

    public static function checkExists($name) {
        // Checks if username already is in db, if not return false, if it exists return true
        $db = new DBClass();
        $sql = "SELECT * FROM `" . Config::$db_tableusers . "` WHERE `username` = '$name'";
        if ($db->numRows($db->query($sql)) != 1) { return false; } else { return true; }
    }
    
    /* File/Upload functions */
    
    public static function getImages($limit) {
        // Returns all images in database.
        $db = new DBClass();
        $sql = "SELECT * FROM `uploads` WHERE `mime` LIKE 'image%'";
        return $db->fetchAll($db->query($sql));
    }
    
}