initial commit
This commit is contained in:
51
models/Articles.php
Executable file
51
models/Articles.php
Executable file
@@ -0,0 +1,51 @@
|
||||
<?php
|
||||
class Articles {
|
||||
|
||||
private $postTable = 'articles';
|
||||
private $categoryTable = 'categories';
|
||||
private $userTable = 'users';
|
||||
private $conn;
|
||||
|
||||
public function __construct($db){
|
||||
$this->conn = $db;
|
||||
}
|
||||
|
||||
public function getArticles(){
|
||||
$query = '';
|
||||
if($this->id) {
|
||||
$query = " AND p.id ='".$this->id."'";
|
||||
}
|
||||
$sqlQuery = "
|
||||
SELECT p.id, p.title, p.message, p.category_id, u.first_name, u.last_name, p.status, p.created, p.updated, c.name as category
|
||||
FROM ".$this->postTable." p
|
||||
LEFT JOIN ".$this->categoryTable." c ON c.id = p.category_id
|
||||
LEFT JOIN ".$this->userTable." u ON u.id = p.userid
|
||||
WHERE p.status ='published' $query ORDER BY p.id DESC";
|
||||
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll();
|
||||
return $result;
|
||||
}
|
||||
|
||||
function formatMessage($string, $wordsreturned) {
|
||||
$retval = $string; // Just in case of a problem
|
||||
$array = explode(" ", $string);
|
||||
if (count($array)<=$wordsreturned){
|
||||
$retval = $string;
|
||||
}else{
|
||||
array_splice($array, $wordsreturned);
|
||||
$retval = implode(" ", $array)." ...";
|
||||
}
|
||||
return $retval;
|
||||
}
|
||||
|
||||
public function totalPost(){
|
||||
$sqlQuery = "SELECT * FROM ".$this->postTable;
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll();
|
||||
return $result->num_rows;
|
||||
}
|
||||
}
|
||||
?>
|
||||
144
models/Category.php
Executable file
144
models/Category.php
Executable file
@@ -0,0 +1,144 @@
|
||||
<?php
|
||||
if (session_id() == "") session_start();
|
||||
class Category {
|
||||
|
||||
private $categoryTable = 'categories';
|
||||
private $conn;
|
||||
|
||||
public function __construct($db){
|
||||
$this->conn = $db;
|
||||
}
|
||||
|
||||
public function getCategoryListing(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
$sqlQuery = "
|
||||
SELECT id, name
|
||||
FROM ".$this->categoryTable."
|
||||
";
|
||||
|
||||
if(!empty($_POST["search"]["value"])){
|
||||
$sqlQuery .= ' name LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
}
|
||||
|
||||
if(!empty($_POST["order"])){
|
||||
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
|
||||
} else {
|
||||
$sqlQuery .= 'ORDER BY id DESC ';
|
||||
}
|
||||
if($_POST["length"] != -1){
|
||||
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
|
||||
}
|
||||
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll();
|
||||
|
||||
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count; FROM ".$this->categoryTable);
|
||||
$stmtTotal->execute();
|
||||
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
|
||||
$allRecords = $allResult['count'];
|
||||
|
||||
$displayRecords = count($result);
|
||||
$categories = array();
|
||||
foreach ($result as $category) {
|
||||
$rows = array();
|
||||
$rows[] = $category['id'];
|
||||
$rows[] = $category['name'];
|
||||
$rows[] = '<a href="add_categories.php?id='.$category["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
|
||||
$rows[] = '<button type="button" name="delete" id="'.$category["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
|
||||
$categories[] = $rows;
|
||||
}
|
||||
|
||||
$output = array(
|
||||
"draw" => intval($_POST["draw"]),
|
||||
"iTotalRecords" => $displayRecords,
|
||||
"iTotalDisplayRecords" => $allRecords,
|
||||
"data" => $categories
|
||||
);
|
||||
|
||||
echo json_encode($output);
|
||||
}
|
||||
|
||||
public function getCategory(){
|
||||
if($this->id) {
|
||||
$sqlQuery = "
|
||||
SELECT id, name
|
||||
FROM ".$this->categoryTable."
|
||||
WHERE id = :id; ";
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->bindParam("id", $this->id);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
$category = $result;
|
||||
return $category;
|
||||
}
|
||||
}
|
||||
|
||||
public function insert(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->name) {
|
||||
|
||||
$stmt = $this->conn->prepare("
|
||||
INSERT INTO ".$this->categoryTable."(`name`)
|
||||
VALUES(:s)");
|
||||
|
||||
$this->name = htmlspecialchars(strip_tags($this->name));
|
||||
$stmt->bindParam("s", $this->name);
|
||||
|
||||
if($stmt->execute()){
|
||||
return $stmt->insert_id;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function update(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->id) {
|
||||
$stmt = $this->conn->prepare("
|
||||
UPDATE ".$this->categoryTable."
|
||||
SET name= :s
|
||||
WHERE id = :i");
|
||||
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
$this->name = htmlspecialchars(strip_tags($this->name));
|
||||
|
||||
$stmt->bindParam("s", $this->name);
|
||||
$stmt->bindParam("i", $this->id);
|
||||
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function delete(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->id) {
|
||||
|
||||
$stmt = $this->conn->prepare("
|
||||
DELETE FROM ".$this->categoryTable."
|
||||
WHERE id = :i");
|
||||
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
|
||||
$stmt->bindParam("i", $this->id);
|
||||
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function totalCategory(){
|
||||
$sqlQuery = "SELECT COUNT(*) as count; FROM ".$this->categoryTable;
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
return $result['count'];
|
||||
}
|
||||
}
|
||||
?>
|
||||
20
models/Database.php
Executable file
20
models/Database.php
Executable file
@@ -0,0 +1,20 @@
|
||||
<?php
|
||||
class Database{
|
||||
|
||||
public function getConnection(){
|
||||
try {
|
||||
|
||||
if (file_exists("./database.sqlite")) {
|
||||
$con = new \PDO("sqlite:./database.sqlite");
|
||||
} else {
|
||||
$con = new \PDO("sqlite:../database.sqlite");
|
||||
}
|
||||
|
||||
return $con;
|
||||
}catch (PDOException $err) {
|
||||
echo $err->getMessage();
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
123
models/ImagesManager.php
Normal file
123
models/ImagesManager.php
Normal file
@@ -0,0 +1,123 @@
|
||||
<?php
|
||||
class ImagesManager {
|
||||
|
||||
const FOLDER = "../public/images/";
|
||||
const MAX_FILE_SIZE = 1024 * 1024 * 4; // 4MB
|
||||
|
||||
protected $message = [];
|
||||
protected $permitted_types = [
|
||||
'image/jpeg',
|
||||
'image/bmp',
|
||||
'image/png',
|
||||
'image/jpg',
|
||||
'image/gif'
|
||||
];
|
||||
private $file_name;
|
||||
private $file_type;
|
||||
private $is_validated;
|
||||
private $temp_name;
|
||||
private $new_name;
|
||||
private $is_name_changed;
|
||||
private $file_error;
|
||||
private $file_size;
|
||||
|
||||
public function __construct () {
|
||||
$this->file_name = $_FILES['imageFile']['name'];
|
||||
$this->file_type = $_FILES['imageFile']['type'];
|
||||
$this->temp_name = $_FILES['imageFile']['tmp_name'];
|
||||
$this->file_error = $_FILES['imageFile']['error'];
|
||||
$this->file_size = $_FILES['imageFile']['size'];
|
||||
$this->is_validated = false;
|
||||
$this->is_name_changed = false;
|
||||
}
|
||||
|
||||
public function validateImage ($newName = null) {
|
||||
if ( strlen($this->file_name) > 255 || strlen($this->file_name) < 1 ) {
|
||||
$this->message[] .= "Change file name and upload again";
|
||||
return;
|
||||
}
|
||||
|
||||
if($newName !== null){
|
||||
$this->file_name = $newName;
|
||||
}
|
||||
|
||||
if ( file_exists(self::FOLDER . $this->file_name) ) {
|
||||
// do not reject file rather keep it.
|
||||
$fullpath = self::FOLDER . $this->file_name;
|
||||
$file_info = pathinfo($fullpath);
|
||||
$this->new_name = $file_info['imageFile'];
|
||||
$this->new_name .= "-". mt_rand(1000, 10000000);
|
||||
$this->new_name .= "." . $file_info['extension'];
|
||||
$this->is_name_changed = true;
|
||||
}
|
||||
|
||||
if ( in_array($this->file_type, $this->permitted_types) ) {
|
||||
$this->is_validated = true;
|
||||
}
|
||||
if ( $this->file_size > self::MAX_FILE_SIZE ) {
|
||||
$this->message[] .= "Images more than 1 MB are not allowed";
|
||||
$this->is_validated = false;
|
||||
}
|
||||
}
|
||||
public function uploadImage () {
|
||||
|
||||
if ( $this->is_validated ) {
|
||||
if ( $this->is_name_changed ) {
|
||||
$result = move_uploaded_file($this->temp_name, self::FOLDER . $this->new_name);
|
||||
if ( $result ) {
|
||||
$this->message[] .= "Image uploaded";
|
||||
}
|
||||
}
|
||||
$is_moved = move_uploaded_file($this->temp_name, self::FOLDER . $this->file_name);
|
||||
if ( !$is_moved ) {
|
||||
$this->message[] .= "Can't move the file to folder";
|
||||
}
|
||||
}
|
||||
else {
|
||||
$this->message[] .= "Not validated";
|
||||
}
|
||||
}
|
||||
|
||||
public function getSavedIages(){
|
||||
$scan = scandir(self::FOLDER);
|
||||
|
||||
$out = array();
|
||||
|
||||
foreach ($scan as $file) {
|
||||
$filePath = self::FOLDER . '/' . $file;
|
||||
if (is_file($filePath)) {
|
||||
$out[] = $file;
|
||||
}
|
||||
}
|
||||
return $out;
|
||||
}
|
||||
|
||||
public function delete($imageName){
|
||||
unlink(self::FOLDER . $imageName);
|
||||
}
|
||||
|
||||
public function getMessage(){
|
||||
return $this->message[0];
|
||||
}
|
||||
|
||||
public function getImagesListing(){
|
||||
$result = $this->getSavedIages();
|
||||
$images = array();
|
||||
foreach ($result as $file) {
|
||||
$rows = array();
|
||||
$rows[0] = $file;
|
||||
$rows[1] = "<a href='".self::FOLDER . $file."' target='blank'><img src=\"" . self::FOLDER . $file . "\" style='max-height:70px;'></a>";
|
||||
$rows[2] = '<button type="button" name="delete" id="'.$file.'" class="btn btn-danger btn-xs delete" >Delete</button>';
|
||||
$images[] = $rows;
|
||||
}
|
||||
|
||||
$output = array(
|
||||
"iTotalRecords" => count($result),
|
||||
"iTotalDisplayRecords" => count($result),
|
||||
"data" => $images
|
||||
);
|
||||
echo json_encode($output);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
243
models/Menu.php
Normal file
243
models/Menu.php
Normal file
@@ -0,0 +1,243 @@
|
||||
<?php
|
||||
if (session_id() == "") session_start();
|
||||
class Menu {
|
||||
|
||||
private $menuTable = 'menu';
|
||||
private $conn;
|
||||
|
||||
public function __construct($db){
|
||||
$this->conn = $db;
|
||||
}
|
||||
|
||||
public function getMenuListing(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
$sqlQuery = "
|
||||
SELECT id,title,link,`order`
|
||||
FROM ".$this->menuTable."
|
||||
";
|
||||
if(!empty($_POST["search"]["value"])){
|
||||
$sqlQuery .= ' title LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
}
|
||||
if(!empty($_POST["order"])){
|
||||
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
|
||||
} else {
|
||||
$sqlQuery .= 'ORDER BY `order` ASC ';
|
||||
}
|
||||
if($_POST["length"] != -1){
|
||||
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
|
||||
}
|
||||
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll();
|
||||
|
||||
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count; FROM ".$this->menuTable);
|
||||
$stmtTotal->execute();
|
||||
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
|
||||
$allRecords = $allResult['count'];
|
||||
|
||||
$displayRecords = count($result);
|
||||
$menu = array();
|
||||
foreach ($result as $m) {
|
||||
$rows = array();
|
||||
$rows[] = $m['order'] . " " .
|
||||
'<button type="button" name="moveup" id="'.$m["id"].'" class="btn btn-success btn-xs moveup" ><span class="glyphicon glyphicon-triangle-top" aria-hidden="true"></span></button>' .
|
||||
'<button type="button" name="movedown" id="'.$m["id"].'" class="btn btn-success btn-xs movedown" ><span class="glyphicon glyphicon-triangle-bottom" aria-hidden="true"></span></button>' ;
|
||||
$rows[] = $m['title'];
|
||||
$rows[] = $m['link'];
|
||||
$rows[] = '<a href="add_menu.php?id='.$m["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
|
||||
$rows[] = '<button type="button" name="delete" id="'.$m["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
|
||||
$menu[] = $rows;
|
||||
}
|
||||
|
||||
$output = array(
|
||||
"draw" => intval($_POST["draw"]),
|
||||
"iTotalRecords" => $displayRecords,
|
||||
"iTotalDisplayRecords" => $allRecords,
|
||||
"data" => $menu
|
||||
);
|
||||
|
||||
echo json_encode($output);
|
||||
}
|
||||
|
||||
public function getMenu(){
|
||||
if($this->id) {
|
||||
$sqlQuery = "
|
||||
SELECT id,link,title
|
||||
FROM ".$this->menuTable."
|
||||
WHERE id = :id ";
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->bindParam("id", $this->id);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetch();
|
||||
$post = $result;
|
||||
return $post;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public function getMenuArray(){
|
||||
$sqlQuery = "
|
||||
SELECT id, `order`,title,link
|
||||
FROM ".$this->menuTable."
|
||||
ORDER BY `order` ASC ";
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function insert(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->title.$this->link) {
|
||||
$maxQuery = $this->conn->prepare("SELECT MAX(`order`) as max FROM ".$this->menuTable."");
|
||||
$maxQuery->execute();
|
||||
$maxResult = $maxQuery->fetch(PDO::FETCH_ASSOC);
|
||||
$max = ($maxResult['max'] * 1) + 1;
|
||||
|
||||
$stmt = $this->conn->prepare("
|
||||
INSERT INTO ".$this->menuTable."(`title`,`link`,`order`)
|
||||
VALUES(:s1,:s2,:s3)");
|
||||
|
||||
$this->title = htmlspecialchars(strip_tags($this->title));
|
||||
$this->link = htmlspecialchars(strip_tags($this->link));
|
||||
|
||||
$stmt->bindParam("s1", $this->title);
|
||||
$stmt->bindParam("s2", $this->link);
|
||||
$stmt->bindParam("s3", $max);
|
||||
|
||||
if($stmt->execute()){
|
||||
return $this->conn->lastInsertId();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function update(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->id) {
|
||||
$stmt = $this->conn->prepare("
|
||||
UPDATE ".$this->menuTable."
|
||||
SET title= :s1, link = :s2
|
||||
WHERE id = :i");
|
||||
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
$this->link = htmlspecialchars(strip_tags($this->link));
|
||||
$this->title = htmlspecialchars(strip_tags($this->title));
|
||||
|
||||
$stmt->bindParam("s1", $this->title);
|
||||
$stmt->bindParam("s2", $this->link);
|
||||
$stmt->bindParam("i", $this->id);
|
||||
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function delete(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->id) {
|
||||
$stmt = $this->conn->prepare("
|
||||
DELETE FROM ".$this->menuTable."
|
||||
WHERE id = :i");
|
||||
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
|
||||
$stmt->bindParam("i", $this->id);
|
||||
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
public function moveUp(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->id) {
|
||||
|
||||
$curOrderQuery = $this->conn->prepare("SELECT `order` as o FROM ".$this->menuTable." WHERE id = :id");
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
$curOrderQuery->bindParam("id", $this->id);
|
||||
$curOrderQuery->execute();
|
||||
$curOrderResult = $curOrderQuery->fetch(PDO::FETCH_ASSOC);
|
||||
$curOrder = ($curOrderResult['o'] * 1);
|
||||
|
||||
if($curOrder == 0) return; //Nižší už nejde
|
||||
|
||||
$q1 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = null WHERE id = :id");
|
||||
$q1->bindParam("id", $this->id);
|
||||
$q1->execute();
|
||||
$q1->execute();
|
||||
|
||||
$replacementOrder = $curOrder - 1;
|
||||
$q2 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = `order` + 1 WHERE `order` = :order");
|
||||
$q2->bindParam("order", $replacementOrder);
|
||||
$q2->execute();
|
||||
$q2->execute();
|
||||
|
||||
$newOrder = ($curOrder-1);
|
||||
$q3 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = :order WHERE id = :id");
|
||||
$q3->bindParam("order", $newOrder);
|
||||
$q3->bindParam("id", $this->id);
|
||||
$q3->execute();
|
||||
$q3->execute();
|
||||
}
|
||||
}
|
||||
|
||||
public function moveDown(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->id) {
|
||||
$curOrderQuery = $this->conn->prepare("SELECT `order` as o FROM ".$this->menuTable." WHERE id = :id");
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
$curOrderQuery->bindParam("id", $this->id);
|
||||
$curOrderQuery->execute();
|
||||
$curOrderResult = $curOrderQuery->fetch(PDO::FETCH_ASSOC);
|
||||
$curOrder = ($curOrderResult['o'] * 1);
|
||||
|
||||
$maxQuery = $this->conn->prepare("SELECT MAX(`order`) as max FROM ".$this->menuTable."");
|
||||
$maxQuery->execute();
|
||||
$maxResult = $maxQuery->fetch(PDO::FETCH_ASSOC);
|
||||
$max = ($maxResult['max'] * 1) + 1;
|
||||
|
||||
if($curOrder >= $max-1) return; //Už jsem na konci
|
||||
|
||||
$q1 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = null WHERE id = :id");
|
||||
$q1->bindParam("id", $this->id);
|
||||
$q1->execute();
|
||||
$q1->execute();
|
||||
|
||||
$replacementOrder = $curOrder + 1;
|
||||
$q2 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = `order` - 1 WHERE `order` = :order");
|
||||
$q2->bindParam("order", $replacementOrder);
|
||||
$q2->execute();
|
||||
$q2->execute();
|
||||
|
||||
$newOrder = ($curOrder+1);
|
||||
$q3 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = :order WHERE id = :id");
|
||||
$q3->bindParam("order", $newOrder);
|
||||
$q3->bindParam("id", $this->id);
|
||||
$q3->execute();
|
||||
$q3->execute();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
?>
|
||||
206
models/Pages.php
Normal file
206
models/Pages.php
Normal file
@@ -0,0 +1,206 @@
|
||||
<?php
|
||||
if (session_id() == "") session_start();
|
||||
class Pages {
|
||||
|
||||
private $pageTable = 'pages';
|
||||
private $menuTable = 'menu';
|
||||
private $conn;
|
||||
|
||||
public function __construct($db){
|
||||
$this->conn = $db;
|
||||
}
|
||||
|
||||
public function getPagesListing(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
$sqlQuery = "
|
||||
SELECT id,link,title,content
|
||||
FROM ".$this->pageTable. " ";
|
||||
|
||||
if(!empty($_POST["search"]["value"])){
|
||||
$sqlQuery .= ' title LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
$sqlQuery .= ' OR link LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
$sqlQuery .= ' OR content LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
}
|
||||
if(!empty($_POST["order"])){
|
||||
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
|
||||
} else {
|
||||
$sqlQuery .= 'ORDER BY id DESC ';
|
||||
}
|
||||
if($_POST["length"] != -1){
|
||||
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
|
||||
}
|
||||
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll();
|
||||
|
||||
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count; FROM ".$this->pageTable);
|
||||
$stmtTotal->execute();
|
||||
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
|
||||
$allRecords = $allResult['count'];
|
||||
|
||||
|
||||
$displayRecords = count($result);
|
||||
$posts = array();
|
||||
foreach ($result as $post) {
|
||||
$rows = array();
|
||||
|
||||
$rows[] = $post['link'];
|
||||
$rows[] = $post['title'];
|
||||
$rows[] = htmlspecialchars($post['content']);
|
||||
$rows[] = '<button type="button" name="add" id="'.$post["id"].'" class="btn btn-success btn-xs add" >Add to menu</button>';
|
||||
$rows[] = '<a href="add_page.php?id='.$post["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
|
||||
$rows[] = '<button type="button" name="delete" id="'.$post["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
|
||||
$posts[] = $rows;
|
||||
}
|
||||
|
||||
$output = array(
|
||||
"draw" => intval($_POST["draw"]),
|
||||
"iTotalRecords" => $displayRecords,
|
||||
"iTotalDisplayRecords" => $allRecords,
|
||||
"data" => $posts
|
||||
);
|
||||
|
||||
echo json_encode($output);
|
||||
}
|
||||
|
||||
public function getPage(){
|
||||
if($this->id) {
|
||||
$sqlQuery = "
|
||||
SELECT id,link,title,content
|
||||
FROM ".$this->pageTable."
|
||||
WHERE id = :id ";
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->bindParam("id", $this->id);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetch();
|
||||
$post = $result;
|
||||
return $post;
|
||||
}
|
||||
}
|
||||
|
||||
public function getPageByLink(){
|
||||
if($this->link) {
|
||||
$sqlQuery = "
|
||||
SELECT id,link,title,content
|
||||
FROM ".$this->pageTable."
|
||||
WHERE link = :link ";
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->bindParam("link", $this->link);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetch();
|
||||
$post = $result;
|
||||
return $post;
|
||||
}
|
||||
}
|
||||
|
||||
public function insert(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->link && $this->title && $this->content) {
|
||||
|
||||
$stmt = $this->conn->prepare("
|
||||
INSERT INTO ".$this->pageTable."(`title`, `link`, `content`)
|
||||
VALUES(:t,:l, :c)");
|
||||
|
||||
$this->title = htmlspecialchars(strip_tags($this->title));
|
||||
$this->link = htmlspecialchars(strip_tags($this->link));
|
||||
|
||||
$stmt->bindParam(":t", $this->title);
|
||||
$stmt->bindParam(":l", $this->link);
|
||||
$stmt->bindParam(":c;", $this->content);
|
||||
|
||||
|
||||
if($stmt->execute()){
|
||||
return $this->conn->lastInsertId();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function update(){
|
||||
if($_SESSION['user_type'] != 2) return;
|
||||
|
||||
if($this->id) {
|
||||
$stmt = $this->conn->prepare("
|
||||
UPDATE ".$this->pageTable."
|
||||
SET `link` = :link, `title` = :title, `content` = :cntnt
|
||||
WHERE id = :id");
|
||||
|
||||
$this->link = htmlspecialchars(strip_tags($this->link));
|
||||
$this->title = htmlspecialchars(strip_tags($this->title));
|
||||
//$this->content = htmlspecialchars(strip_tags($this->content));
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
|
||||
$stmt->bindParam("link", $this->link);
|
||||
$stmt->bindParam("title", $this->title);
|
||||
$stmt->bindParam("cntnt",$this->content);
|
||||
$stmt->bindParam("id", $this->id);
|
||||
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public function delete(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->id) {
|
||||
$stmt = $this->conn->prepare("
|
||||
DELETE FROM ".$this->pageTable."
|
||||
WHERE id = :id;");
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
$stmt->bindParam(":id", $this->id);
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function getPosts(){
|
||||
$sqlQuery = "
|
||||
SELECT id, title, link, content
|
||||
FROM ".$this->pageTable;
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll();
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
||||
public function addToMenu(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->id) {
|
||||
$maxQuery = $this->conn->prepare("SELECT MAX(`order`) as max FROM ".$this->menuTable."");
|
||||
$maxQuery->execute();
|
||||
$maxResult = $maxQuery->fetch(PDO::FETCH_ASSOC);
|
||||
$max = ($maxResult['max'] * 1) + 1;
|
||||
|
||||
$dataQuery = $this->conn->prepare("SELECT title,link FROM ".$this->pageTable."");
|
||||
$dataQuery->execute();
|
||||
$dataResult = $dataQuery->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
|
||||
$stmt = $this->conn->prepare("
|
||||
INSERT INTO ".$this->menuTable."(`title`,`link`,`order`)
|
||||
VALUES(:s1,:s2,:s3)");
|
||||
|
||||
$this->title = htmlspecialchars(strip_tags($dataResult['title']));
|
||||
$this->link = "./page.php?link=" . $dataResult['link'];
|
||||
|
||||
$stmt->bindParam("s1", $this->title);
|
||||
$stmt->bindParam("s2", $this->link);
|
||||
$stmt->bindParam("s3", $max);
|
||||
|
||||
if($stmt->execute()){
|
||||
return $this->conn->lastInsertId();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
?>
|
||||
195
models/Post.php
Executable file
195
models/Post.php
Executable file
@@ -0,0 +1,195 @@
|
||||
<?php
|
||||
if (session_id() == "") session_start();
|
||||
class Post {
|
||||
|
||||
private $postTable = 'articles';
|
||||
private $categoryTable = 'categories';
|
||||
private $userTable = 'users';
|
||||
private $conn;
|
||||
|
||||
public function __construct($db){
|
||||
$this->conn = $db;
|
||||
}
|
||||
|
||||
public function getPostsListing(){
|
||||
|
||||
$whereQuery = '';
|
||||
if($_SESSION['user_type'] == 2) {
|
||||
$whereQuery = "WHERE p.userid ='".$_SESSION['userid']."'";
|
||||
}
|
||||
|
||||
$sqlQuery = "
|
||||
SELECT p.id, p.title, p.category_id, u.first_name, u.last_name, p.status, p.created, p.updated, c.name
|
||||
FROM ".$this->postTable." p
|
||||
LEFT JOIN ".$this->categoryTable." c ON c.id = p.category_id
|
||||
LEFT JOIN ".$this->userTable." u ON u.id = p.userid
|
||||
$whereQuery";
|
||||
|
||||
if(!empty($_POST["search"]["value"])){
|
||||
$sqlQuery .= ' title LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
$sqlQuery .= ' OR message LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
$sqlQuery .= ' OR created LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
$sqlQuery .= ' OR updated LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
}
|
||||
if(!empty($_POST["order"])){
|
||||
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
|
||||
} else {
|
||||
$sqlQuery .= 'ORDER BY p.id DESC ';
|
||||
}
|
||||
if($_POST["length"] != -1){
|
||||
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
|
||||
}
|
||||
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll();
|
||||
|
||||
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count; FROM ".$this->postTable);
|
||||
$stmtTotal->execute();
|
||||
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
|
||||
$allRecords = $allResult['count'];
|
||||
|
||||
|
||||
$displayRecords = count($result);
|
||||
$posts = array();
|
||||
foreach ($result as $post) {
|
||||
$rows = array();
|
||||
$status = '';
|
||||
if($post['status'] == 'published') {
|
||||
$status = '<span class="label label-success">Published</span>';
|
||||
} else if($post['status'] == 'draft') {
|
||||
$status = '<span class="label label-warning">Draft</span>';
|
||||
} else if($post['status'] == 'archived') {
|
||||
$status = '<span class="label label-danger">Archived</span>';
|
||||
}
|
||||
|
||||
$rows[] = ucfirst($post['title']);
|
||||
$rows[] = $post['name'];
|
||||
$rows[] = ucfirst($post['first_name'])." ".$post['last_name'];
|
||||
$rows[] = $status;
|
||||
$rows[] = $post['created'];
|
||||
$rows[] = $post['updated'];
|
||||
$rows[] = '<a href="compose_post.php?id='.$post["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
|
||||
$rows[] = '<button type="button" name="delete" id="'.$post["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
|
||||
$posts[] = $rows;
|
||||
}
|
||||
|
||||
$output = array(
|
||||
"draw" => intval($_POST["draw"]),
|
||||
"iTotalRecords" => $displayRecords,
|
||||
"iTotalDisplayRecords" => $allRecords,
|
||||
"data" => $posts
|
||||
);
|
||||
|
||||
echo json_encode($output);
|
||||
}
|
||||
|
||||
public function getPost(){
|
||||
if($this->id) {
|
||||
$sqlQuery = "
|
||||
SELECT p.id, p.title, p.message, p.category_id, p.status, p.created, p.updated, c.name
|
||||
FROM ".$this->postTable." p
|
||||
LEFT JOIN ".$this->categoryTable." c ON c.id = p.category_id
|
||||
WHERE p.id = :id ";
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->bindParam("id", $this->id);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetch();
|
||||
$post = $result;
|
||||
return $post;
|
||||
}
|
||||
}
|
||||
|
||||
public function insert(){
|
||||
|
||||
if($this->title && $this->message) {
|
||||
|
||||
$stmt = $this->conn->prepare("
|
||||
INSERT INTO ".$this->postTable." (`title`, `message`, `category_id`, `userid`, `status`, `created` , `updated`)
|
||||
VALUES(:t,:m,:c,:ui,:s,:cr,:u)");
|
||||
|
||||
$this->title = htmlspecialchars(strip_tags($this->title));
|
||||
$this->message = htmlspecialchars(strip_tags($this->message));
|
||||
$this->category = htmlspecialchars(strip_tags($this->category));
|
||||
$this->userid = htmlspecialchars(strip_tags($this->userid));
|
||||
$this->status = htmlspecialchars(strip_tags($this->status));
|
||||
$this->created = htmlspecialchars(strip_tags($this->created));
|
||||
$this->updated = htmlspecialchars(strip_tags($this->updated));
|
||||
|
||||
$stmt->bindParam("t", $this->title);
|
||||
$stmt->bindParam("m", $this->message);
|
||||
$stmt->bindParam("c", $this->category);
|
||||
$stmt->bindParam("ui", $this->userid);
|
||||
$stmt->bindParam("s", $this->status);
|
||||
$stmt->bindParam("u", $this->updated);
|
||||
$stmt->bindParam("cr", $this->created);
|
||||
|
||||
if($stmt->execute()){
|
||||
return $this->conn->lastInsertId();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function update(){
|
||||
|
||||
if($this->id) {
|
||||
$stmt = $this->conn->prepare("
|
||||
UPDATE ".$this->postTable."
|
||||
SET title= :t, message = :m, category_id = :c, status= :s, updated = :u
|
||||
WHERE id = :i;");
|
||||
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
$this->title = htmlspecialchars(strip_tags($this->title));
|
||||
$this->message = htmlspecialchars(strip_tags($this->message));
|
||||
$this->category = htmlspecialchars(strip_tags($this->category));
|
||||
$this->status = htmlspecialchars(strip_tags($this->status));
|
||||
$this->updated = htmlspecialchars(strip_tags($this->updated));
|
||||
|
||||
$stmt->bindParam("t", $this->title);
|
||||
$stmt->bindParam("m", $this->message);
|
||||
$stmt->bindParam("c", $this->category);
|
||||
$stmt->bindParam("s", $this->status);
|
||||
$stmt->bindParam("u", $this->updated);
|
||||
$stmt->bindParam("i", $this->id);
|
||||
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public function delete(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->id) {
|
||||
$stmt = $this->conn->prepare("
|
||||
DELETE FROM ".$this->postTable."
|
||||
WHERE id = :id;");
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
$stmt->bindParam(":id", $this->id);
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function getCategories(){
|
||||
$sqlQuery = "
|
||||
SELECT id, name
|
||||
FROM ".$this->categoryTable;
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll();
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function totalPost(){
|
||||
$sqlQuery = "SELECT COUNT(*) as count FROM ".$this->postTable;
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
return $result['count'];
|
||||
}
|
||||
}
|
||||
?>
|
||||
227
models/User.php
Executable file
227
models/User.php
Executable file
@@ -0,0 +1,227 @@
|
||||
<?php
|
||||
if (session_id() == "") session_start();
|
||||
|
||||
class User {
|
||||
|
||||
const SALT = "qwe4165dfh";
|
||||
|
||||
private $userTable = 'users';
|
||||
private $conn;
|
||||
|
||||
public function __construct($db){
|
||||
$this->conn = $db;
|
||||
}
|
||||
|
||||
public function login(){
|
||||
if($this->nick && $this->password) {
|
||||
$hash = crypt($this->password,self::SALT);
|
||||
$sqlQuery = "
|
||||
SELECT * FROM ".$this->userTable."
|
||||
WHERE nick = :nick AND password = :pass";
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
|
||||
|
||||
|
||||
$stmt->bindParam("nick", $this->nick, );
|
||||
$stmt->bindParam("pass", $hash);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
if($result){
|
||||
$user = $result;
|
||||
$_SESSION["userid"] = $user['id'];
|
||||
$_SESSION["user_type"] = $user['type'];
|
||||
$_SESSION["name"] = $user['first_name']." ".$user['last_name'];
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
public function loggedIn (){
|
||||
if(!empty($_SESSION["userid"])) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
public function totalUser(){
|
||||
$sqlQuery = "SELECT COUNT(*) as count FROM ".$this->userTable;
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
return $result['count'];
|
||||
}
|
||||
|
||||
public function getUsersListing(){
|
||||
|
||||
$whereQuery = '';
|
||||
if($_SESSION['user_type'] == 2) {
|
||||
$whereQuery = "WHERE id ='".$_SESSION['userid']."'";
|
||||
}
|
||||
|
||||
$sqlQuery = "
|
||||
SELECT id, first_name, last_name, nick, type, deleted
|
||||
FROM ".$this->userTable."
|
||||
$whereQuery ";
|
||||
|
||||
if(!empty($_POST["search"]["value"])){
|
||||
$sqlQuery .= ' first_name LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
$sqlQuery .= ' OR last_name LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
$sqlQuery .= ' OR nick LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
$sqlQuery .= ' OR type LIKE "%'.$_POST["search"]["value"].'%" ';
|
||||
}
|
||||
if(!empty($_POST["order"])){
|
||||
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
|
||||
} else {
|
||||
$sqlQuery .= 'ORDER BY id DESC ';
|
||||
}
|
||||
if($_POST["length"] != -1){
|
||||
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
|
||||
}
|
||||
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll();
|
||||
|
||||
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count FROM ".$this->userTable);
|
||||
$stmtTotal->execute();
|
||||
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
|
||||
$allRecords = $allResult['count'];
|
||||
|
||||
|
||||
$displayRecords = count($result);
|
||||
$users = array();
|
||||
foreach ($result as $user) {
|
||||
$rows = array();
|
||||
$status = '';
|
||||
if($user['deleted']) {
|
||||
$status = '<span class="label label-danger">Inactive</span>';
|
||||
} else {
|
||||
$status = '<span class="label label-success">Active</span>';
|
||||
}
|
||||
|
||||
$type = '';
|
||||
if($user['type'] == 1){
|
||||
$type = '<span class="label label-danger">Admin</span>';
|
||||
} else if($user['type'] == 2){
|
||||
$type = '<span class="label label-warning">Author</span>';
|
||||
}
|
||||
|
||||
$rows[] = ucfirst($user['first_name'])." ".$user['last_name'];
|
||||
$rows[] = $user['nick'];
|
||||
$rows[] = $type;
|
||||
$rows[] = $status;
|
||||
$rows[] = '<a href="add_users.php?id='.$user["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
|
||||
$rows[] = '<button type="button" name="delete" id="'.$user["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
|
||||
$users[] = $rows;
|
||||
}
|
||||
|
||||
$output = array(
|
||||
"draw" => intval($_POST["draw"]),
|
||||
"iTotalRecords" => $displayRecords,
|
||||
"iTotalDisplayRecords" => $allRecords,
|
||||
"data" => $users
|
||||
);
|
||||
|
||||
echo json_encode($output);
|
||||
}
|
||||
|
||||
public function getUser(){
|
||||
if($this->id) {
|
||||
$sqlQuery = "
|
||||
SELECT id, first_name, last_name, nick, type, deleted
|
||||
FROM ".$this->userTable."
|
||||
WHERE id = :i ";
|
||||
$stmt = $this->conn->prepare($sqlQuery);
|
||||
$stmt->bindParam("i", $this->id);
|
||||
$stmt->execute();
|
||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
|
||||
public function insert(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
if($this->nick && $this->password) {
|
||||
|
||||
$stmt = $this->conn->prepare("
|
||||
INSERT INTO ".$this->userTable."(`first_name`, `last_name`, `nick`, `password`, `type`, `deleted`)
|
||||
VALUES(:f,:l,:e,:p,:t,:d)");
|
||||
|
||||
$this->first_name = htmlspecialchars(strip_tags($this->first_name));
|
||||
$this->last_name = htmlspecialchars(strip_tags($this->last_name));
|
||||
$this->nick = htmlspecialchars(strip_tags($this->nick));
|
||||
$this->password = htmlspecialchars(strip_tags($this->password));
|
||||
$this->type = htmlspecialchars(strip_tags($this->type));
|
||||
$this->deleted = htmlspecialchars(strip_tags($this->deleted));
|
||||
|
||||
$stmt->bindParam("f", $this->first_name);
|
||||
$stmt->bindParam("l", $this->last_name);
|
||||
$stmt->bindParam("e", $this->nick);
|
||||
$stmt->bindParam("p", crypt($this->password,self::SALT));
|
||||
$stmt->bindParam("t", $this->type);
|
||||
$stmt->bindParam("d", $this->deleted);
|
||||
|
||||
|
||||
if($stmt->execute()){
|
||||
return $this->conn->lastInsertId();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function update(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
|
||||
|
||||
if($this->id) {
|
||||
$stmt = $this->conn->prepare("
|
||||
UPDATE ".$this->userTable."
|
||||
SET first_name= :f, last_name = :l, nick = :e, type = :t, deleted= :d
|
||||
WHERE id = :i");
|
||||
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
$this->first_name = htmlspecialchars(strip_tags($this->first_name));
|
||||
$this->last_name = htmlspecialchars(strip_tags($this->last_name));
|
||||
$this->nick = htmlspecialchars(strip_tags($this->nick));
|
||||
$this->type = htmlspecialchars(strip_tags($this->type));
|
||||
$this->deleted = htmlspecialchars(strip_tags($this->deleted));
|
||||
|
||||
$stmt->bindParam("f", $this->first_name);
|
||||
$stmt->bindParam("l", $this->last_name);
|
||||
$stmt->bindParam("e", $this->nick);
|
||||
$stmt->bindParam("t", $this->type);
|
||||
$stmt->bindParam("d", $this->deleted);
|
||||
$stmt->bindParam("i", $this->id);
|
||||
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public function delete(){
|
||||
if($_SESSION['user_type'] != 1) return;
|
||||
if($this->id) {
|
||||
|
||||
$stmt = $this->conn->prepare("
|
||||
DELETE FROM ".$this->userTable."
|
||||
WHERE id = :i");
|
||||
|
||||
$this->id = htmlspecialchars(strip_tags($this->id));
|
||||
|
||||
$stmt->bindParam("i", $this->id);
|
||||
|
||||
if($stmt->execute()){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user