278 lines
7.8 KiB
PHP
278 lines
7.8 KiB
PHP
<?php
|
|
ini_set('display_errors', 0);
|
|
ini_set('display_startup_errors', 0);
|
|
error_reporting(E_ALL);
|
|
class Data{
|
|
function __construct(){
|
|
$this->link_database();
|
|
$this->em_check_database();
|
|
$this->read_variables();
|
|
date_default_timezone_set('Europe/Berlin');
|
|
}
|
|
|
|
function read_variables() {
|
|
//reads all GET and POST variables into the object, addslashing both
|
|
if (count($_POST)) {
|
|
foreach ($_POST as $key => $val){
|
|
$key=addslashes("r_".$key);
|
|
if (is_array($val)) {
|
|
for ($z=0;$z<count($val);$z++) {
|
|
$val[$z]=addslashes($val[$z]);
|
|
}
|
|
}
|
|
else {
|
|
$val=addslashes($val);
|
|
}
|
|
$this->$key=$val;
|
|
}
|
|
}
|
|
if (count($_GET)) {
|
|
foreach ($_GET as $key => $val){
|
|
$key=addslashes("r_".$key);
|
|
if (is_array($val)) {
|
|
for ($z=0;$z<count($val);$z++) {
|
|
$val[$z]=addslashes($val[$z]);
|
|
}
|
|
}
|
|
else {
|
|
$val=addslashes($val);
|
|
}
|
|
|
|
$this->$key=$val;
|
|
}
|
|
}
|
|
}//end of function read variables
|
|
|
|
|
|
function link_database() {
|
|
$this->databaselink = new mysqli(DB_HOST,DB_USER,DB_PW,DB_DATABASE);
|
|
$this->databaselink->set_charset('utf8');
|
|
if ($this->databaselink->connect_errno) {
|
|
return "Datenbank nicht erreichbar: (" . $this->databaselink->connect_errno . ") " . $this->databaselink->connect_error;
|
|
}
|
|
else{
|
|
$this->databasename=DB_DATABASE;
|
|
$this->databaselink->query("SET SQL_MODE = '';");
|
|
return True;
|
|
}
|
|
}
|
|
|
|
function em_check_database() {
|
|
/*
|
|
params:
|
|
None
|
|
returns:
|
|
None
|
|
This function compares the database structure to a predefined structure which is saved in db_array_config.php
|
|
and adds missing structures. Makes installation+updates easy
|
|
*/
|
|
$aTable=array();
|
|
//Alle Tabellen in Array lesen, inklusive aller Eigenschaften
|
|
$result=$this->databaselink->query("show tables from ".DB_DATABASE);
|
|
while($row = $result->fetch_array(MYSQLI_BOTH)){
|
|
$aTable[]=$row[0];
|
|
}
|
|
$aData=array();
|
|
$database_structure_path = __DIR__."/config/db_array.inc.php";
|
|
include($database_structure_path);
|
|
foreach($aData as $table=>$fields){
|
|
if(!in_array($table,$aTable)) {
|
|
//Add table to database
|
|
$mCounter=0;
|
|
$sCommand="CREATE TABLE IF NOT EXISTS `".$table."` (";
|
|
foreach($fields as $fieldname=>$properties){
|
|
$extra = "";
|
|
if($mCounter==0) {
|
|
$key="KEY `".$fieldname."` (`".$fieldname."`)";
|
|
}
|
|
if($properties["size"]!="") {
|
|
$size="(".$properties["size"].")";
|
|
}
|
|
else {
|
|
$size="";
|
|
}
|
|
if((isset($properties["unique"])) and ($properties['unique']==true)) {
|
|
$unique="UNIQUE KEY `".$fieldname."_2` (`".$fieldname."`),";}
|
|
else {
|
|
$unique="";
|
|
}
|
|
if((isset($properties["extra"])) and ($properties != "")){
|
|
$extra = $properties['extra'];
|
|
}
|
|
$sCommand .= "`".$fieldname."` ".$properties["type"].$size." ".$properties["standard"]." ".$extra.",";
|
|
$mCounter++;
|
|
|
|
}
|
|
$sCommand.=$unique.$key.") ENGINE=InnoDB ;";
|
|
$this->last_query[]=$sCommand;
|
|
$updateresult=$this->databaselink->query($sCommand);
|
|
}
|
|
else {
|
|
//Felder checken und Tabelle updaten
|
|
$resultField=$this->databaselink->query("show fields from ".DB_DATABASE.".".$table);
|
|
while($aRowF = $resultField->fetch_array(MYSQLI_BOTH)){
|
|
$aTableFields[]=$aRowF[0];
|
|
}
|
|
foreach($fields as $fieldname=>$properties) {
|
|
if(!in_array($fieldname,$aTableFields)) {
|
|
if((isset($properties["size"]) and ($properties['size']!=""))) {
|
|
$size="(".$properties["size"].")";
|
|
}
|
|
else {
|
|
$size="";
|
|
}
|
|
$sCommand="ALTER TABLE `".$table."` ADD `".$fieldname."` ".$properties["type"].$size." ".$properties["standard"];
|
|
$this->last_query[]=$sCommand;
|
|
$updateresult=$this->databaselink->query($sCommand);
|
|
}
|
|
}
|
|
}
|
|
unset($aTableFields);
|
|
unset($aFields);
|
|
unset($properties);
|
|
}
|
|
unset($aData);
|
|
}
|
|
|
|
function store_data($sTable,$aFields,$sKey_ID,$mID) {
|
|
//updates or inserts data
|
|
//returns ID or -1 if fails
|
|
$i=0; $returnID = 0;
|
|
|
|
if(($mID>0) or ($mID!="") or ($mID != null)) {
|
|
//search for it
|
|
$aCheckFields=array($sKey_ID=>$mID);
|
|
$aRow=$this->select_row($sTable,$aCheckFields);
|
|
$returnID=$aRow[$sKey_ID];
|
|
}
|
|
if(($returnID>0) or ($returnID!="")) {
|
|
$sQuery="update ".$sTable." set ";
|
|
foreach($aFields as $key=>$value) {
|
|
$sQuery.=$key."='".$value."'";
|
|
$i++;
|
|
if($i<count($aFields)) {
|
|
$sQuery.=",";
|
|
}
|
|
}
|
|
$sQuery.=" where ".$sKey_ID."='".$mID."'";
|
|
$mDataset_ID=$returnID;
|
|
}
|
|
else {
|
|
$sKeys = ""; $sValues = "";
|
|
$sQuery="insert into ".$sTable." (";
|
|
foreach($aFields as $sKey=>$value) {
|
|
$sKeys.=$sKey;
|
|
$sValues.="'".$value."'";
|
|
$i++;
|
|
if($i<count($aFields)) {
|
|
$sKeys.=",";
|
|
$sValues.=",";
|
|
}
|
|
}
|
|
$sQuery.=$sKeys.") values (".$sValues.")";
|
|
}
|
|
$this->last_query[]=$sQuery;
|
|
if ($pResult = $this->databaselink->query($sQuery)) {
|
|
if(($returnID>0) or ($returnID!="")) {
|
|
return $returnID;
|
|
}
|
|
else {
|
|
return $this->databaselink->insert_id;
|
|
}
|
|
}
|
|
else {
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
function save_user($aUser){
|
|
/*
|
|
args:
|
|
Array $aUser
|
|
Array of user information which will be saved.
|
|
e.g. array(
|
|
'forename' => String $forname,
|
|
'surname' => String $surname,
|
|
'email' => String $email,
|
|
'UID' => String $UID,
|
|
'language' => String $language,
|
|
'admin' => Bool $admin,
|
|
'password' => String md5(str_rev($password)), #deprecated, do not use!
|
|
'password_hash' => password_hash(String $password, PASSWORD_DEFAULT)
|
|
);
|
|
|
|
returns:
|
|
None
|
|
Function will save user Information given in $aUser. If user exists it will
|
|
overwrite existing data but not delete not-specified data
|
|
*/
|
|
|
|
$aFields = $aUser;
|
|
if ((isset($this->r_user_ID))and ($this->r_user_ID != "")){
|
|
$this->ID=$this->store_data(TABLE_USER, $aFields, 'user_ID' , $this->r_user_ID);
|
|
}
|
|
else{
|
|
$this->ID=$this->store_data(TABLE_USER, $aFields, NULL , NULL);
|
|
}
|
|
}
|
|
|
|
function get_view($Datei) {
|
|
ob_start(); //startet Buffer
|
|
include($Datei);
|
|
$output=ob_get_contents(); //Buffer wird geschrieben
|
|
ob_end_clean(); //Buffer wird gelöscht
|
|
return $output;
|
|
}
|
|
}
|
|
|
|
//end of class
|
|
|
|
session_start();
|
|
|
|
|
|
include ("config/config.inc.php");
|
|
|
|
|
|
$oObject = new Data;
|
|
|
|
$oObject->output = "";
|
|
switch ($oObject->r_ac){
|
|
case 'user_save':
|
|
$aUser = array();
|
|
if(isset($oObject->r_user_ID)){
|
|
$aUser['user_ID'] = $oObject->r_user_ID;
|
|
}
|
|
if(isset($oObject->r_name)){
|
|
$aUser['name'] = $oObject->r_name;
|
|
}
|
|
if(isset($oObject->r_email)){
|
|
$aUser['email'] = $oObject->r_email;
|
|
}
|
|
if(isset($oObject->r_email)){
|
|
$aUser['signalmessenger'] = $oObject->r_signalmessenger;
|
|
}
|
|
if(isset($oObject->r_email)){
|
|
$aUser['sms'] = $oObject->r_sms;
|
|
}
|
|
if(isset($oObject->r_email)){
|
|
$aUser['telegram'] = $oObject->r_telegram;
|
|
}
|
|
if(isset($oObject->r_email)){
|
|
$aUser['threema'] = $oObject->r_threema;
|
|
}
|
|
$oObject->save_user($aUser);
|
|
$oObject->output .= "Erfolgreich gespeichert";
|
|
break;
|
|
default:
|
|
$oObject->output = $oObject->get_view("views/user_form.php");
|
|
break;
|
|
}
|
|
function output($oObject){
|
|
echo $oObject->get_view("views/head.php");
|
|
echo $oObject->get_view("views/body.php");
|
|
}
|
|
output($oObject);
|
|
|
|
|
|
?>
|