/** * The function uses prepared statements. * Replacement params in mysqli format * Makes binding and query. * * * @param mysqli_connect $dbConnect Connection to database * * @param string $query SQL-query to database * Query can use ?i, ?d, ?s, ?b, ?a types for params * * @return mysqli_result Database result */ function Database_query($dbConnect, $query) { // getting variables for sql-query from function's arguments // 2 - skip first two params of function $args = array_slice(func_get_args(), 2); // getting types of variables in sql-query // ?i - integer // ?d - double // ?s - string // ?b - blob // ?a - array of strings $matches_count = preg_match_all('/\\?([idsba])/', $query, $matches); if (sizeof($matches) < 2) { return false; } // getting params for binding $params = [NULL, '']; // [ $stmt, $types ] $types = ''; foreach ($matches[1] as $i => $type) { if ($type != 'a') { $types .= $type; $params[] =& $args[$i]; } else { // array transform if (!array_key_exists($i, $args)) { return false; } if (!is_array($args[$i])) { $args[$i] = [$args[$i]]; } foreach ($args[$i] as $k => &$v) { $params[] =& $v; } $length = sizeof($args[$i]); $types .= str_repeat('s', $length); $replace = substr(str_repeat('?,', $length), 0, -1); if ($replace === false) { $replace = "''"; } $query = preg_replace('/\\?a/', $replace, $query, 1); } } // prepare statement // array already transformed $query = preg_replace('/\\?([idsb])/', '?', $query); if (!($stmt = mysqli_prepare($dbConnect, $query))) { trigger_error(mysqli_error($dbConnect)); return false; } // first two params $params[0] = $stmt; $params[1] = $types; // mysqli binding if ($types !== '') { call_user_func_array("mysqli_stmt_bind_param", $params); } mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); Database_affectedRows(mysqli_affected_rows($dbConnect)); Database_insertID(mysqli_insert_id($dbConnect)); mysqli_stmt_close($stmt); return $result; }
/** * Create and authorizes user with cookies * Cookie save login for identification * and hash of ($id + $hashed_password) for authentication * * @param string('customer'|'performer') $type Type of user * * @param int $lifetime Session lifetime in seconds * */ function User_register($login, $password, $confirm, $type, $lifetime) { if (!User_isValidLogin($login)) { return getError('wrong_login'); } if (User_isExistsLogin($login)) { return getError('login_already_exists'); } if ($password != $confirm) { var_dump(getError('wrong_confirm_password')); return getError('wrong_confirm_password'); } if (!in_array($type, User_getUserTypes())) { return getError('unknown_user_type'); } $parts = explode("@", $login); $username = $parts[0]; $time = time(); $hpass = User_hashPassword($password); $q = "INSERT INTO Users \n\t\t\t\tSET type = ?s,\n\t\t\t\t\t\tlogin\t= ?s,\n\t\t\t\t\t\tpassword = ?s"; $result = Database_query(User_db(), $q, $type, $login, $hpass); $id = Database_insertID(); if (!$id) { return getError('database_error'); } $sid = User_createSID($id, $hpass); $hsid = User_hashSID($sid); if (!User_setSID($hsid, $id)) { return getError('set_sid_error'); } User_setCookie($login, $sid, $lifetime); return $id; }
/** * Money transaction */ function Orders_makeTransaction($user_id, $order_id, $value) { $q = "INSERT INTO Transactions\n\t\t\t\t(order_id, user_id, value)\n\t\t\t\tVALUES \n\t\t\t\t(?i, ?i, ?d)"; $result = Database_query(Orders_db(), $q, $order_id, $user_id, $value); $id = Database_insertID(); $q = "UPDATE Users\n\t\t\t\tSET account = account + ?d\n\t\t\t\tWHERE id = ?i"; $result = Database_query(Orders_db(), $q, $value, $user_id); $count = Database_affectedRows(); if (!$id || $count == 0) { Database_rollbackTransaction(Orders_db()); Database_rollbackTransaction(Orders_transactions_db()); return getError('database_error'); } return $id; }