initial commit

This commit is contained in:
jan.skoda
2024-01-10 12:26:54 +01:00
commit c65052e5c4
62 changed files with 4307 additions and 0 deletions

51
models/Articles.php Executable file
View File

@@ -0,0 +1,51 @@
<?php
class Articles {
private $postTable = 'articles';
private $categoryTable = 'categories';
private $userTable = 'users';
private $conn;
public function __construct($db){
$this->conn = $db;
}
public function getArticles(){
$query = '';
if($this->id) {
$query = " AND p.id ='".$this->id."'";
}
$sqlQuery = "
SELECT p.id, p.title, p.message, p.category_id, u.first_name, u.last_name, p.status, p.created, p.updated, c.name as category
FROM ".$this->postTable." p
LEFT JOIN ".$this->categoryTable." c ON c.id = p.category_id
LEFT JOIN ".$this->userTable." u ON u.id = p.userid
WHERE p.status ='published' $query ORDER BY p.id DESC";
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll();
return $result;
}
function formatMessage($string, $wordsreturned) {
$retval = $string; // Just in case of a problem
$array = explode(" ", $string);
if (count($array)<=$wordsreturned){
$retval = $string;
}else{
array_splice($array, $wordsreturned);
$retval = implode(" ", $array)." ...";
}
return $retval;
}
public function totalPost(){
$sqlQuery = "SELECT * FROM ".$this->postTable;
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll();
return $result->num_rows;
}
}
?>

144
models/Category.php Executable file
View File

@@ -0,0 +1,144 @@
<?php
if (session_id() == "") session_start();
class Category {
private $categoryTable = 'categories';
private $conn;
public function __construct($db){
$this->conn = $db;
}
public function getCategoryListing(){
if($_SESSION['user_type'] != 1) return;
$sqlQuery = "
SELECT id, name
FROM ".$this->categoryTable."
";
if(!empty($_POST["search"]["value"])){
$sqlQuery .= ' name LIKE "%'.$_POST["search"]["value"].'%" ';
}
if(!empty($_POST["order"])){
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
} else {
$sqlQuery .= 'ORDER BY id DESC ';
}
if($_POST["length"] != -1){
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
}
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll();
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count; FROM ".$this->categoryTable);
$stmtTotal->execute();
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
$allRecords = $allResult['count'];
$displayRecords = count($result);
$categories = array();
foreach ($result as $category) {
$rows = array();
$rows[] = $category['id'];
$rows[] = $category['name'];
$rows[] = '<a href="add_categories.php?id='.$category["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
$rows[] = '<button type="button" name="delete" id="'.$category["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
$categories[] = $rows;
}
$output = array(
"draw" => intval($_POST["draw"]),
"iTotalRecords" => $displayRecords,
"iTotalDisplayRecords" => $allRecords,
"data" => $categories
);
echo json_encode($output);
}
public function getCategory(){
if($this->id) {
$sqlQuery = "
SELECT id, name
FROM ".$this->categoryTable."
WHERE id = :id; ";
$stmt = $this->conn->prepare($sqlQuery);
$stmt->bindParam("id", $this->id);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$category = $result;
return $category;
}
}
public function insert(){
if($_SESSION['user_type'] != 1) return;
if($this->name) {
$stmt = $this->conn->prepare("
INSERT INTO ".$this->categoryTable."(`name`)
VALUES(:s)");
$this->name = htmlspecialchars(strip_tags($this->name));
$stmt->bindParam("s", $this->name);
if($stmt->execute()){
return $stmt->insert_id;
}
}
}
public function update(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$stmt = $this->conn->prepare("
UPDATE ".$this->categoryTable."
SET name= :s
WHERE id = :i");
$this->id = htmlspecialchars(strip_tags($this->id));
$this->name = htmlspecialchars(strip_tags($this->name));
$stmt->bindParam("s", $this->name);
$stmt->bindParam("i", $this->id);
if($stmt->execute()){
return true;
}
}
}
public function delete(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$stmt = $this->conn->prepare("
DELETE FROM ".$this->categoryTable."
WHERE id = :i");
$this->id = htmlspecialchars(strip_tags($this->id));
$stmt->bindParam("i", $this->id);
if($stmt->execute()){
return true;
}
}
}
public function totalCategory(){
$sqlQuery = "SELECT COUNT(*) as count; FROM ".$this->categoryTable;
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return $result['count'];
}
}
?>

20
models/Database.php Executable file
View File

@@ -0,0 +1,20 @@
<?php
class Database{
public function getConnection(){
try {
if (file_exists("./database.sqlite")) {
$con = new \PDO("sqlite:./database.sqlite");
} else {
$con = new \PDO("sqlite:../database.sqlite");
}
return $con;
}catch (PDOException $err) {
echo $err->getMessage();
exit;
}
}
}
?>

123
models/ImagesManager.php Normal file
View File

@@ -0,0 +1,123 @@
<?php
class ImagesManager {
const FOLDER = "../public/images/";
const MAX_FILE_SIZE = 1024 * 1024 * 4; // 4MB
protected $message = [];
protected $permitted_types = [
'image/jpeg',
'image/bmp',
'image/png',
'image/jpg',
'image/gif'
];
private $file_name;
private $file_type;
private $is_validated;
private $temp_name;
private $new_name;
private $is_name_changed;
private $file_error;
private $file_size;
public function __construct () {
$this->file_name = $_FILES['imageFile']['name'];
$this->file_type = $_FILES['imageFile']['type'];
$this->temp_name = $_FILES['imageFile']['tmp_name'];
$this->file_error = $_FILES['imageFile']['error'];
$this->file_size = $_FILES['imageFile']['size'];
$this->is_validated = false;
$this->is_name_changed = false;
}
public function validateImage ($newName = null) {
if ( strlen($this->file_name) > 255 || strlen($this->file_name) < 1 ) {
$this->message[] .= "Change file name and upload again";
return;
}
if($newName !== null){
$this->file_name = $newName;
}
if ( file_exists(self::FOLDER . $this->file_name) ) {
// do not reject file rather keep it.
$fullpath = self::FOLDER . $this->file_name;
$file_info = pathinfo($fullpath);
$this->new_name = $file_info['imageFile'];
$this->new_name .= "-". mt_rand(1000, 10000000);
$this->new_name .= "." . $file_info['extension'];
$this->is_name_changed = true;
}
if ( in_array($this->file_type, $this->permitted_types) ) {
$this->is_validated = true;
}
if ( $this->file_size > self::MAX_FILE_SIZE ) {
$this->message[] .= "Images more than 1 MB are not allowed";
$this->is_validated = false;
}
}
public function uploadImage () {
if ( $this->is_validated ) {
if ( $this->is_name_changed ) {
$result = move_uploaded_file($this->temp_name, self::FOLDER . $this->new_name);
if ( $result ) {
$this->message[] .= "Image uploaded";
}
}
$is_moved = move_uploaded_file($this->temp_name, self::FOLDER . $this->file_name);
if ( !$is_moved ) {
$this->message[] .= "Can't move the file to folder";
}
}
else {
$this->message[] .= "Not validated";
}
}
public function getSavedIages(){
$scan = scandir(self::FOLDER);
$out = array();
foreach ($scan as $file) {
$filePath = self::FOLDER . '/' . $file;
if (is_file($filePath)) {
$out[] = $file;
}
}
return $out;
}
public function delete($imageName){
unlink(self::FOLDER . $imageName);
}
public function getMessage(){
return $this->message[0];
}
public function getImagesListing(){
$result = $this->getSavedIages();
$images = array();
foreach ($result as $file) {
$rows = array();
$rows[0] = $file;
$rows[1] = "<a href='".self::FOLDER . $file."' target='blank'><img src=\"" . self::FOLDER . $file . "\" style='max-height:70px;'></a>";
$rows[2] = '<button type="button" name="delete" id="'.$file.'" class="btn btn-danger btn-xs delete" >Delete</button>';
$images[] = $rows;
}
$output = array(
"iTotalRecords" => count($result),
"iTotalDisplayRecords" => count($result),
"data" => $images
);
echo json_encode($output);
}
}

243
models/Menu.php Normal file
View File

@@ -0,0 +1,243 @@
<?php
if (session_id() == "") session_start();
class Menu {
private $menuTable = 'menu';
private $conn;
public function __construct($db){
$this->conn = $db;
}
public function getMenuListing(){
if($_SESSION['user_type'] != 1) return;
$sqlQuery = "
SELECT id,title,link,`order`
FROM ".$this->menuTable."
";
if(!empty($_POST["search"]["value"])){
$sqlQuery .= ' title LIKE "%'.$_POST["search"]["value"].'%" ';
}
if(!empty($_POST["order"])){
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
} else {
$sqlQuery .= 'ORDER BY `order` ASC ';
}
if($_POST["length"] != -1){
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
}
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll();
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count; FROM ".$this->menuTable);
$stmtTotal->execute();
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
$allRecords = $allResult['count'];
$displayRecords = count($result);
$menu = array();
foreach ($result as $m) {
$rows = array();
$rows[] = $m['order'] . " &nbsp;&nbsp;" .
'<button type="button" name="moveup" id="'.$m["id"].'" class="btn btn-success btn-xs moveup" ><span class="glyphicon glyphicon-triangle-top" aria-hidden="true"></span></button>' .
'<button type="button" name="movedown" id="'.$m["id"].'" class="btn btn-success btn-xs movedown" ><span class="glyphicon glyphicon-triangle-bottom" aria-hidden="true"></span></button>' ;
$rows[] = $m['title'];
$rows[] = $m['link'];
$rows[] = '<a href="add_menu.php?id='.$m["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
$rows[] = '<button type="button" name="delete" id="'.$m["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
$menu[] = $rows;
}
$output = array(
"draw" => intval($_POST["draw"]),
"iTotalRecords" => $displayRecords,
"iTotalDisplayRecords" => $allRecords,
"data" => $menu
);
echo json_encode($output);
}
public function getMenu(){
if($this->id) {
$sqlQuery = "
SELECT id,link,title
FROM ".$this->menuTable."
WHERE id = :id ";
$stmt = $this->conn->prepare($sqlQuery);
$stmt->bindParam("id", $this->id);
$stmt->execute();
$result = $stmt->fetch();
$post = $result;
return $post;
}
}
public function getMenuArray(){
$sqlQuery = "
SELECT id, `order`,title,link
FROM ".$this->menuTable."
ORDER BY `order` ASC ";
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $result;
}
public function insert(){
if($_SESSION['user_type'] != 1) return;
if($this->title.$this->link) {
$maxQuery = $this->conn->prepare("SELECT MAX(`order`) as max FROM ".$this->menuTable."");
$maxQuery->execute();
$maxResult = $maxQuery->fetch(PDO::FETCH_ASSOC);
$max = ($maxResult['max'] * 1) + 1;
$stmt = $this->conn->prepare("
INSERT INTO ".$this->menuTable."(`title`,`link`,`order`)
VALUES(:s1,:s2,:s3)");
$this->title = htmlspecialchars(strip_tags($this->title));
$this->link = htmlspecialchars(strip_tags($this->link));
$stmt->bindParam("s1", $this->title);
$stmt->bindParam("s2", $this->link);
$stmt->bindParam("s3", $max);
if($stmt->execute()){
return $this->conn->lastInsertId();
}
}
}
public function update(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$stmt = $this->conn->prepare("
UPDATE ".$this->menuTable."
SET title= :s1, link = :s2
WHERE id = :i");
$this->id = htmlspecialchars(strip_tags($this->id));
$this->link = htmlspecialchars(strip_tags($this->link));
$this->title = htmlspecialchars(strip_tags($this->title));
$stmt->bindParam("s1", $this->title);
$stmt->bindParam("s2", $this->link);
$stmt->bindParam("i", $this->id);
if($stmt->execute()){
return true;
}
}
}
public function delete(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$stmt = $this->conn->prepare("
DELETE FROM ".$this->menuTable."
WHERE id = :i");
$this->id = htmlspecialchars(strip_tags($this->id));
$stmt->bindParam("i", $this->id);
if($stmt->execute()){
return true;
}
}
}
public function moveUp(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$curOrderQuery = $this->conn->prepare("SELECT `order` as o FROM ".$this->menuTable." WHERE id = :id");
$this->id = htmlspecialchars(strip_tags($this->id));
$curOrderQuery->bindParam("id", $this->id);
$curOrderQuery->execute();
$curOrderResult = $curOrderQuery->fetch(PDO::FETCH_ASSOC);
$curOrder = ($curOrderResult['o'] * 1);
if($curOrder == 0) return; //Nižší už nejde
$q1 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = null WHERE id = :id");
$q1->bindParam("id", $this->id);
$q1->execute();
$q1->execute();
$replacementOrder = $curOrder - 1;
$q2 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = `order` + 1 WHERE `order` = :order");
$q2->bindParam("order", $replacementOrder);
$q2->execute();
$q2->execute();
$newOrder = ($curOrder-1);
$q3 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = :order WHERE id = :id");
$q3->bindParam("order", $newOrder);
$q3->bindParam("id", $this->id);
$q3->execute();
$q3->execute();
}
}
public function moveDown(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$curOrderQuery = $this->conn->prepare("SELECT `order` as o FROM ".$this->menuTable." WHERE id = :id");
$this->id = htmlspecialchars(strip_tags($this->id));
$curOrderQuery->bindParam("id", $this->id);
$curOrderQuery->execute();
$curOrderResult = $curOrderQuery->fetch(PDO::FETCH_ASSOC);
$curOrder = ($curOrderResult['o'] * 1);
$maxQuery = $this->conn->prepare("SELECT MAX(`order`) as max FROM ".$this->menuTable."");
$maxQuery->execute();
$maxResult = $maxQuery->fetch(PDO::FETCH_ASSOC);
$max = ($maxResult['max'] * 1) + 1;
if($curOrder >= $max-1) return; //Už jsem na konci
$q1 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = null WHERE id = :id");
$q1->bindParam("id", $this->id);
$q1->execute();
$q1->execute();
$replacementOrder = $curOrder + 1;
$q2 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = `order` - 1 WHERE `order` = :order");
$q2->bindParam("order", $replacementOrder);
$q2->execute();
$q2->execute();
$newOrder = ($curOrder+1);
$q3 = $this->conn->prepare("UPDATE ".$this->menuTable." SET `order` = :order WHERE id = :id");
$q3->bindParam("order", $newOrder);
$q3->bindParam("id", $this->id);
$q3->execute();
$q3->execute();
}
}
}
?>

206
models/Pages.php Normal file
View File

@@ -0,0 +1,206 @@
<?php
if (session_id() == "") session_start();
class Pages {
private $pageTable = 'pages';
private $menuTable = 'menu';
private $conn;
public function __construct($db){
$this->conn = $db;
}
public function getPagesListing(){
if($_SESSION['user_type'] != 1) return;
$sqlQuery = "
SELECT id,link,title,content
FROM ".$this->pageTable. " ";
if(!empty($_POST["search"]["value"])){
$sqlQuery .= ' title LIKE "%'.$_POST["search"]["value"].'%" ';
$sqlQuery .= ' OR link LIKE "%'.$_POST["search"]["value"].'%" ';
$sqlQuery .= ' OR content LIKE "%'.$_POST["search"]["value"].'%" ';
}
if(!empty($_POST["order"])){
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
} else {
$sqlQuery .= 'ORDER BY id DESC ';
}
if($_POST["length"] != -1){
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
}
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll();
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count; FROM ".$this->pageTable);
$stmtTotal->execute();
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
$allRecords = $allResult['count'];
$displayRecords = count($result);
$posts = array();
foreach ($result as $post) {
$rows = array();
$rows[] = $post['link'];
$rows[] = $post['title'];
$rows[] = htmlspecialchars($post['content']);
$rows[] = '<button type="button" name="add" id="'.$post["id"].'" class="btn btn-success btn-xs add" >Add to menu</button>';
$rows[] = '<a href="add_page.php?id='.$post["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
$rows[] = '<button type="button" name="delete" id="'.$post["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
$posts[] = $rows;
}
$output = array(
"draw" => intval($_POST["draw"]),
"iTotalRecords" => $displayRecords,
"iTotalDisplayRecords" => $allRecords,
"data" => $posts
);
echo json_encode($output);
}
public function getPage(){
if($this->id) {
$sqlQuery = "
SELECT id,link,title,content
FROM ".$this->pageTable."
WHERE id = :id ";
$stmt = $this->conn->prepare($sqlQuery);
$stmt->bindParam("id", $this->id);
$stmt->execute();
$result = $stmt->fetch();
$post = $result;
return $post;
}
}
public function getPageByLink(){
if($this->link) {
$sqlQuery = "
SELECT id,link,title,content
FROM ".$this->pageTable."
WHERE link = :link ";
$stmt = $this->conn->prepare($sqlQuery);
$stmt->bindParam("link", $this->link);
$stmt->execute();
$result = $stmt->fetch();
$post = $result;
return $post;
}
}
public function insert(){
if($_SESSION['user_type'] != 1) return;
if($this->link && $this->title && $this->content) {
$stmt = $this->conn->prepare("
INSERT INTO ".$this->pageTable."(`title`, `link`, `content`)
VALUES(:t,:l, :c)");
$this->title = htmlspecialchars(strip_tags($this->title));
$this->link = htmlspecialchars(strip_tags($this->link));
$stmt->bindParam(":t", $this->title);
$stmt->bindParam(":l", $this->link);
$stmt->bindParam(":c;", $this->content);
if($stmt->execute()){
return $this->conn->lastInsertId();
}
}
}
public function update(){
if($_SESSION['user_type'] != 2) return;
if($this->id) {
$stmt = $this->conn->prepare("
UPDATE ".$this->pageTable."
SET `link` = :link, `title` = :title, `content` = :cntnt
WHERE id = :id");
$this->link = htmlspecialchars(strip_tags($this->link));
$this->title = htmlspecialchars(strip_tags($this->title));
//$this->content = htmlspecialchars(strip_tags($this->content));
$this->id = htmlspecialchars(strip_tags($this->id));
$stmt->bindParam("link", $this->link);
$stmt->bindParam("title", $this->title);
$stmt->bindParam("cntnt",$this->content);
$stmt->bindParam("id", $this->id);
if($stmt->execute()){
return true;
}
}
}
public function delete(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$stmt = $this->conn->prepare("
DELETE FROM ".$this->pageTable."
WHERE id = :id;");
$this->id = htmlspecialchars(strip_tags($this->id));
$stmt->bindParam(":id", $this->id);
if($stmt->execute()){
return true;
}
}
}
public function getPosts(){
$sqlQuery = "
SELECT id, title, link, content
FROM ".$this->pageTable;
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll();
return $result;
}
public function addToMenu(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$maxQuery = $this->conn->prepare("SELECT MAX(`order`) as max FROM ".$this->menuTable."");
$maxQuery->execute();
$maxResult = $maxQuery->fetch(PDO::FETCH_ASSOC);
$max = ($maxResult['max'] * 1) + 1;
$dataQuery = $this->conn->prepare("SELECT title,link FROM ".$this->pageTable."");
$dataQuery->execute();
$dataResult = $dataQuery->fetch(PDO::FETCH_ASSOC);
$stmt = $this->conn->prepare("
INSERT INTO ".$this->menuTable."(`title`,`link`,`order`)
VALUES(:s1,:s2,:s3)");
$this->title = htmlspecialchars(strip_tags($dataResult['title']));
$this->link = "./page.php?link=" . $dataResult['link'];
$stmt->bindParam("s1", $this->title);
$stmt->bindParam("s2", $this->link);
$stmt->bindParam("s3", $max);
if($stmt->execute()){
return $this->conn->lastInsertId();
}
}
}
}
?>

195
models/Post.php Executable file
View File

@@ -0,0 +1,195 @@
<?php
if (session_id() == "") session_start();
class Post {
private $postTable = 'articles';
private $categoryTable = 'categories';
private $userTable = 'users';
private $conn;
public function __construct($db){
$this->conn = $db;
}
public function getPostsListing(){
$whereQuery = '';
if($_SESSION['user_type'] == 2) {
$whereQuery = "WHERE p.userid ='".$_SESSION['userid']."'";
}
$sqlQuery = "
SELECT p.id, p.title, p.category_id, u.first_name, u.last_name, p.status, p.created, p.updated, c.name
FROM ".$this->postTable." p
LEFT JOIN ".$this->categoryTable." c ON c.id = p.category_id
LEFT JOIN ".$this->userTable." u ON u.id = p.userid
$whereQuery";
if(!empty($_POST["search"]["value"])){
$sqlQuery .= ' title LIKE "%'.$_POST["search"]["value"].'%" ';
$sqlQuery .= ' OR message LIKE "%'.$_POST["search"]["value"].'%" ';
$sqlQuery .= ' OR created LIKE "%'.$_POST["search"]["value"].'%" ';
$sqlQuery .= ' OR updated LIKE "%'.$_POST["search"]["value"].'%" ';
}
if(!empty($_POST["order"])){
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
} else {
$sqlQuery .= 'ORDER BY p.id DESC ';
}
if($_POST["length"] != -1){
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
}
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll();
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count; FROM ".$this->postTable);
$stmtTotal->execute();
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
$allRecords = $allResult['count'];
$displayRecords = count($result);
$posts = array();
foreach ($result as $post) {
$rows = array();
$status = '';
if($post['status'] == 'published') {
$status = '<span class="label label-success">Published</span>';
} else if($post['status'] == 'draft') {
$status = '<span class="label label-warning">Draft</span>';
} else if($post['status'] == 'archived') {
$status = '<span class="label label-danger">Archived</span>';
}
$rows[] = ucfirst($post['title']);
$rows[] = $post['name'];
$rows[] = ucfirst($post['first_name'])." ".$post['last_name'];
$rows[] = $status;
$rows[] = $post['created'];
$rows[] = $post['updated'];
$rows[] = '<a href="compose_post.php?id='.$post["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
$rows[] = '<button type="button" name="delete" id="'.$post["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
$posts[] = $rows;
}
$output = array(
"draw" => intval($_POST["draw"]),
"iTotalRecords" => $displayRecords,
"iTotalDisplayRecords" => $allRecords,
"data" => $posts
);
echo json_encode($output);
}
public function getPost(){
if($this->id) {
$sqlQuery = "
SELECT p.id, p.title, p.message, p.category_id, p.status, p.created, p.updated, c.name
FROM ".$this->postTable." p
LEFT JOIN ".$this->categoryTable." c ON c.id = p.category_id
WHERE p.id = :id ";
$stmt = $this->conn->prepare($sqlQuery);
$stmt->bindParam("id", $this->id);
$stmt->execute();
$result = $stmt->fetch();
$post = $result;
return $post;
}
}
public function insert(){
if($this->title && $this->message) {
$stmt = $this->conn->prepare("
INSERT INTO ".$this->postTable." (`title`, `message`, `category_id`, `userid`, `status`, `created` , `updated`)
VALUES(:t,:m,:c,:ui,:s,:cr,:u)");
$this->title = htmlspecialchars(strip_tags($this->title));
$this->message = htmlspecialchars(strip_tags($this->message));
$this->category = htmlspecialchars(strip_tags($this->category));
$this->userid = htmlspecialchars(strip_tags($this->userid));
$this->status = htmlspecialchars(strip_tags($this->status));
$this->created = htmlspecialchars(strip_tags($this->created));
$this->updated = htmlspecialchars(strip_tags($this->updated));
$stmt->bindParam("t", $this->title);
$stmt->bindParam("m", $this->message);
$stmt->bindParam("c", $this->category);
$stmt->bindParam("ui", $this->userid);
$stmt->bindParam("s", $this->status);
$stmt->bindParam("u", $this->updated);
$stmt->bindParam("cr", $this->created);
if($stmt->execute()){
return $this->conn->lastInsertId();
}
}
}
public function update(){
if($this->id) {
$stmt = $this->conn->prepare("
UPDATE ".$this->postTable."
SET title= :t, message = :m, category_id = :c, status= :s, updated = :u
WHERE id = :i;");
$this->id = htmlspecialchars(strip_tags($this->id));
$this->title = htmlspecialchars(strip_tags($this->title));
$this->message = htmlspecialchars(strip_tags($this->message));
$this->category = htmlspecialchars(strip_tags($this->category));
$this->status = htmlspecialchars(strip_tags($this->status));
$this->updated = htmlspecialchars(strip_tags($this->updated));
$stmt->bindParam("t", $this->title);
$stmt->bindParam("m", $this->message);
$stmt->bindParam("c", $this->category);
$stmt->bindParam("s", $this->status);
$stmt->bindParam("u", $this->updated);
$stmt->bindParam("i", $this->id);
if($stmt->execute()){
return true;
}
}
}
public function delete(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$stmt = $this->conn->prepare("
DELETE FROM ".$this->postTable."
WHERE id = :id;");
$this->id = htmlspecialchars(strip_tags($this->id));
$stmt->bindParam(":id", $this->id);
if($stmt->execute()){
return true;
}
}
}
public function getCategories(){
$sqlQuery = "
SELECT id, name
FROM ".$this->categoryTable;
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll();
return $result;
}
public function totalPost(){
$sqlQuery = "SELECT COUNT(*) as count FROM ".$this->postTable;
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return $result['count'];
}
}
?>

227
models/User.php Executable file
View File

@@ -0,0 +1,227 @@
<?php
if (session_id() == "") session_start();
class User {
const SALT = "qwe4165dfh";
private $userTable = 'users';
private $conn;
public function __construct($db){
$this->conn = $db;
}
public function login(){
if($this->nick && $this->password) {
$hash = crypt($this->password,self::SALT);
$sqlQuery = "
SELECT * FROM ".$this->userTable."
WHERE nick = :nick AND password = :pass";
$stmt = $this->conn->prepare($sqlQuery);
$stmt->bindParam("nick", $this->nick, );
$stmt->bindParam("pass", $hash);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if($result){
$user = $result;
$_SESSION["userid"] = $user['id'];
$_SESSION["user_type"] = $user['type'];
$_SESSION["name"] = $user['first_name']." ".$user['last_name'];
return 1;
} else {
return 0;
}
} else {
return 0;
}
}
public function loggedIn (){
if(!empty($_SESSION["userid"])) {
return 1;
} else {
return 0;
}
}
public function totalUser(){
$sqlQuery = "SELECT COUNT(*) as count FROM ".$this->userTable;
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return $result['count'];
}
public function getUsersListing(){
$whereQuery = '';
if($_SESSION['user_type'] == 2) {
$whereQuery = "WHERE id ='".$_SESSION['userid']."'";
}
$sqlQuery = "
SELECT id, first_name, last_name, nick, type, deleted
FROM ".$this->userTable."
$whereQuery ";
if(!empty($_POST["search"]["value"])){
$sqlQuery .= ' first_name LIKE "%'.$_POST["search"]["value"].'%" ';
$sqlQuery .= ' OR last_name LIKE "%'.$_POST["search"]["value"].'%" ';
$sqlQuery .= ' OR nick LIKE "%'.$_POST["search"]["value"].'%" ';
$sqlQuery .= ' OR type LIKE "%'.$_POST["search"]["value"].'%" ';
}
if(!empty($_POST["order"])){
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
} else {
$sqlQuery .= 'ORDER BY id DESC ';
}
if($_POST["length"] != -1){
$sqlQuery .= 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length'];
}
$stmt = $this->conn->prepare($sqlQuery);
$stmt->execute();
$result = $stmt->fetchAll();
$stmtTotal = $this->conn->prepare("SELECT COUNT(*) as count FROM ".$this->userTable);
$stmtTotal->execute();
$allResult = $stmtTotal->fetch(PDO::FETCH_ASSOC);
$allRecords = $allResult['count'];
$displayRecords = count($result);
$users = array();
foreach ($result as $user) {
$rows = array();
$status = '';
if($user['deleted']) {
$status = '<span class="label label-danger">Inactive</span>';
} else {
$status = '<span class="label label-success">Active</span>';
}
$type = '';
if($user['type'] == 1){
$type = '<span class="label label-danger">Admin</span>';
} else if($user['type'] == 2){
$type = '<span class="label label-warning">Author</span>';
}
$rows[] = ucfirst($user['first_name'])." ".$user['last_name'];
$rows[] = $user['nick'];
$rows[] = $type;
$rows[] = $status;
$rows[] = '<a href="add_users.php?id='.$user["id"].'" class="btn btn-warning btn-xs update">Edit</a>';
$rows[] = '<button type="button" name="delete" id="'.$user["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
$users[] = $rows;
}
$output = array(
"draw" => intval($_POST["draw"]),
"iTotalRecords" => $displayRecords,
"iTotalDisplayRecords" => $allRecords,
"data" => $users
);
echo json_encode($output);
}
public function getUser(){
if($this->id) {
$sqlQuery = "
SELECT id, first_name, last_name, nick, type, deleted
FROM ".$this->userTable."
WHERE id = :i ";
$stmt = $this->conn->prepare($sqlQuery);
$stmt->bindParam("i", $this->id);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
return $user;
}
}
public function insert(){
if($_SESSION['user_type'] != 1) return;
if($this->nick && $this->password) {
$stmt = $this->conn->prepare("
INSERT INTO ".$this->userTable."(`first_name`, `last_name`, `nick`, `password`, `type`, `deleted`)
VALUES(:f,:l,:e,:p,:t,:d)");
$this->first_name = htmlspecialchars(strip_tags($this->first_name));
$this->last_name = htmlspecialchars(strip_tags($this->last_name));
$this->nick = htmlspecialchars(strip_tags($this->nick));
$this->password = htmlspecialchars(strip_tags($this->password));
$this->type = htmlspecialchars(strip_tags($this->type));
$this->deleted = htmlspecialchars(strip_tags($this->deleted));
$stmt->bindParam("f", $this->first_name);
$stmt->bindParam("l", $this->last_name);
$stmt->bindParam("e", $this->nick);
$stmt->bindParam("p", crypt($this->password,self::SALT));
$stmt->bindParam("t", $this->type);
$stmt->bindParam("d", $this->deleted);
if($stmt->execute()){
return $this->conn->lastInsertId();
}
}
}
public function update(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$stmt = $this->conn->prepare("
UPDATE ".$this->userTable."
SET first_name= :f, last_name = :l, nick = :e, type = :t, deleted= :d
WHERE id = :i");
$this->id = htmlspecialchars(strip_tags($this->id));
$this->first_name = htmlspecialchars(strip_tags($this->first_name));
$this->last_name = htmlspecialchars(strip_tags($this->last_name));
$this->nick = htmlspecialchars(strip_tags($this->nick));
$this->type = htmlspecialchars(strip_tags($this->type));
$this->deleted = htmlspecialchars(strip_tags($this->deleted));
$stmt->bindParam("f", $this->first_name);
$stmt->bindParam("l", $this->last_name);
$stmt->bindParam("e", $this->nick);
$stmt->bindParam("t", $this->type);
$stmt->bindParam("d", $this->deleted);
$stmt->bindParam("i", $this->id);
if($stmt->execute()){
return true;
}
}
}
public function delete(){
if($_SESSION['user_type'] != 1) return;
if($this->id) {
$stmt = $this->conn->prepare("
DELETE FROM ".$this->userTable."
WHERE id = :i");
$this->id = htmlspecialchars(strip_tags($this->id));
$stmt->bindParam("i", $this->id);
if($stmt->execute()){
return true;
}
}
}
}
?>