function addBloggsAndPagesToNavbar()
{
//connnect to database
global $urbax;
$db = new CDatabase($urbax['database']);
//defalut navigaion items
$arr = array(new CMenuItem('CTextFilter', '?p=ctextfilter'), new CMenuItem('CContent ->', '?p=contentreset'), array(new CMenuItem('Återställ', '?p=contentreset'), new CMenuItem('Nytt innehåll', '?p=contentadd'), new CMenuItem('Editera innehåll', '?p=contentedit'), new CMenuItem('Radera', '?p=contentdelete')), new CMenuItem('CPage', '?p=contentpage'), new CMenuItem('CBlogg', '?p=contentblogg'));
//fetch pages
$pages = $db->ExecuteSelectQueryAndFetchAll("SELECT title, url FROM Content WHERE type='page' AND deleted IS NULL");
//add pages to navigation
if (count($pages) > 0) {
$pagesNavItem = new CMenuItem('Webbsidor ->', '?p=contentpage');
$subPages = null;
foreach ($pages as $navItem) {
//get text
$text = ucfirst($navItem->title);
//and shorten it if needed...
if (strlen($text) > 20) {
$text = substr($text, 0, 17) . '...';
}
//get url
$url = $navItem->url;
//add to array
$subPages[] = new CMenuItem($text, '?p=contentpage&url=' . $url);
}
//add 'headline'
$arr[] = $pagesNavItem;
//add subpages
$arr[] = $subPages;
}
//fetch blogposts
$posts = $db->ExecuteSelectQueryAndFetchAll("SELECT title, slug FROM Content WHERE type='post' AND deleted IS NULL");
//add pages to navigation
if (count($posts) > 0) {
$postsNavItem = new CMenuItem('Bloggposter ->', '?p=contentblogg');
$subPages = null;
foreach ($posts as $navItem) {
//get text
$text = ucfirst($navItem->title);
//and shorten it if needed...
if (strlen($text) > 20) {
$text = substr($text, 0, 17) . '...';
}
//get slug
$slug = $navItem->slug;
//add to array
$subPages[] = new CMenuItem($text, '?p=contentblogg&slug=' . $slug);
}
//add 'headline'
$arr[] = $postsNavItem;
//add subpages
$arr[] = $subPages;
}
return $arr;
}
public function __construct($options, $url, $urlSql)
{
$dbh = new CDatabase($options);
$textfilter = new CTextFilter();
// Get content
$sql = "SELECT * FROM Content WHERE type = 'page' AND {$urlSql} AND published <= NOW() AND deleted IS NULL;";
$res = $dbh->ExecuteSelectQueryAndFetchAll($sql, array($url));
if ($urlSql == 1) {
$data = '';
foreach ($res as $row) {
$title = "Alla sidor:";
// Sanitize content before using it.
$data .= "<a href='?p=contentpage&url={$row->url}'>" . htmlentities($row->title, null, 'UTF-8') . "</a><br/>";
}
$html = <<<PAGECONT
<article>
<h2>{$title}</h2>
<p>{$data}</p>
</article>
PAGECONT;
$this->html = $html;
} else {
$data = $res[0];
// Sanitize content before using it.
$title = htmlentities($data->title, null, 'UTF-8');
$data = $textfilter->doFilter(htmlentities($data->data, null, 'UTF-8'), $data->filter);
$data .= "<p> </p><hr style='margin-bottom:10px;'><p><a href='?p=contentpage' class='aButton'>Visa alla</a></p>";
$html = <<<PAGECONT
<article>
<h2>{$title}</h2>
{$data}
</article>
PAGECONT;
$this->html = $html;
}
}
$params = array("%{$title}%");
} else {
// prepare SQL to show all
$sql = "SELECT id,title,image,year FROM Movie";
$params = null;
}
?>
<form method="post">
<p><label>Titel (eller del av titel): <input type='search' autofocus="autofocus" name='title' value='<?php
echo $title;
?>
'/></label></p>
</form>
<p><a href='?p=movietitlesearch' class='aButton'>Visa alla</a></p>
<table class='table'>
<tr><th>Rad</th><th>Id</th><th>Bild</th><th>Titel</th><th>År</th></tr>
<?php
$res = $db->ExecuteSelectQueryAndFetchAll($sql, $params);
foreach ($res as $i => $row) {
echo "<tr><td>{$i}</td><td>{$row->id}</td><td><img src='{$row->image}' alt='bild på film' width='100' height='50'></td><td>{$row->title}</td><td>{$row->year}</td></tr>";
}
?>
</table>
<h1 class="center">Koppla upp php PDO mot MySQL</h1>
<p class="center">Alla filmer i databasen:</p>
<?php
$db = new CDatabase($urbax['database']);
$sql = "SELECT id,title,image,year FROM Movie";
$res = $db->ExecuteSelectQueryAndFetchAll($sql);
?>
<table class='table'>
<tr><th>Rad</th><th>Id</th><th>Bild</th><th>Titel</th><th>År</th></tr>
<?php
foreach ($res as $i => $row) {
echo "<tr><td>{$i}</td><td>{$row->id}</td><td><img src='{$row->image}' alt='bild på film' width='100' height='50'></td><td>{$row->title}</td><td>{$row->year}</td></tr>";
}
?>
</table>
public function uppdatemovie($urbax)
{
$db = new CDatabase($urbax['database']);
// Get parameters
$id = isset($_POST['id']) ? strip_tags($_POST['id']) : (isset($_GET['id']) ? strip_tags($_GET['id']) : null);
$title = isset($_POST['title']) ? strip_tags($_POST['title']) : null;
$director = isset($_POST['director']) ? strip_tags($_POST['director']) : null;
$length = isset($_POST['length']) ? strip_tags($_POST['length']) : null;
$plot = isset($_POST['plot']) ? strip_tags($_POST['plot']) : null;
$year = isset($_POST['year']) ? strip_tags($_POST['year']) : null;
$subtext = isset($_POST['subtext']) ? strip_tags($_POST['subtext']) : null;
$speech = isset($_POST['speech']) ? strip_tags($_POST['speech']) : null;
$format = isset($_POST['format']) ? strip_tags($_POST['format']) : null;
$quality = isset($_POST['quality']) ? strip_tags($_POST['quality']) : null;
$imdblink = isset($_POST['imdblink']) ? strip_tags($_POST['imdblink']) : null;
$youtubetrailer = isset($_POST['youtubetrailer']) ? strip_tags($_POST['youtubetrailer']) : null;
$image = isset($_POST['image']) ? strip_tags($_POST['image']) : null;
$genre = isset($_POST['genre']) ? $_POST['genre'] : array();
$nextpage = isset($_POST['nextpage']) ? true : false;
$save = isset($_POST['save']) ? true : false;
$acronym = isset($_SESSION['user']) ? $_SESSION['user']->acronym : null;
// if user is NOT authenticated.
if ($acronym == null) {
$out = <<<EOD
<div style=" border: 1px solid #777; border-radius: 3px; padding: 10px 20px;">
<h2 style="margin-top: 0;">Du måste vara inloggad för att få editera</h2>
<p>Använd menyn uppe till höger på denna sida.</p>
</div>
EOD;
echo $out;
} else {
if ($id != null) {
$sql = "SELECT M.id as id, M.title as title, M.rentalprice as rentalprice,\n M.director as director, M.length as length, M.plot as plot,\n M.year as year, M.subtext as subtext, M.imdblink as imdblink,\n M.youtubetrailer as youtubetrailer,\n M.quality as quality, M.speech as speech, M.format as format,\n GROUP_CONCAT(G.name) AS genre FROM oophp0710_movie AS M\n LEFT OUTER JOIN oophp0710_movie2genre AS M2G\n ON M.id = M2G.idMovie\n INNER JOIN oophp0710_genre AS G\n ON M2G.idGenre = G.id\n GROUP BY M.id";
$res = $db->ExecuteSelectQueryAndFetchAll($sql);
$movie = null;
foreach ($res as $mov) {
if ($mov->id == $id) {
$movie = $mov;
}
}
if (!$movie) {
die("CHECK: invalid id");
}
if ($nextpage) {
//first save data
$this->saveToDB($title, $director, $length, $year, $plot, $subtext, $speech, $format, $quality, $imdblink, $youtubetrailer, $id, $db, $movie);
//then redirect to image-select-page
//header("Location:?p=imageselect&path=movie&movieid=$id");
$page = "?p=imageselect&path=movie&movieid={$id}";
echo "<script> location.replace('{$page}'); </script>";
}
if ($save && isset($title) && isset($year)) {
$this->saveToDB($title, $director, $length, $year, $plot, $subtext, $speech, $format, $quality, $imdblink, $youtubetrailer, $id, $db, $movie);
} else {
//output edit form
$categories = $db->ExecuteSelectQueryAndFetchAll("SELECT * FROM oophp0710_genre");
$user = CUser::Instance();
//var_dump($user->isAdmin());
$disabled = '';
$info = '';
if (!$user->isAdmin()) {
$disabled = "disabled";
$info = "<p> Du kan inte editera eftersom du inte är administratör.</p>";
}
echo <<<EEE
<form method=post id="movieinfoform">
<h1 style="margin-top: 0;">Ange filminformation</h1>
<div id='movieinfoformrow1'>
<input type='hidden' name='id' value='{$movie->id}'/>
<div>
<p><label>Titel:<br/><input type='text' name='title' value='{$movie->title}' {$disabled}/></label></p>
</div>
<div>
<p><label>Hyrespris:<br/><input type='number' name='rentalprice' value='{$movie->rentalprice}' {$disabled}/></label></p>
</div>
<div>
<p><label>Ressigör:<br/><input type='text' name='director' value='{$movie->director}' {$disabled}/></label></p>
</div>
<div>
<p><label>Längd:<br/><input type='number' name='length' value='{$movie->length}' {$disabled}/></label></p>
</div>
</div>
<p><label>Handling:<br/><textarea name='plot' {$disabled}/>{$movie->plot}</textarea></label></p>
<div id="movieinfoformrow3">
<div>
<p><label>År:<br/><input type='number' name='year' value='{$movie->year}' {$disabled}/></label></p>
</div>
EEE;
echo "<div><p><label>Textning:<br/>" . CHtmlUi::generateSelectList(array('SV', 'EN', 'FR', 'IT', 'ES'), 'subtext', $movie->subtext, $disabled);
echo "</div><div><p><label>Tal:<br/>" . CHtmlUi::generateSelectList(array('SV', 'EN', 'FR', 'IT', 'ES'), 'speech', $movie->speech, $disabled);
echo "</div><div><p><label>Format:<br/>" . CHtmlUi::generateSelectList(array('DVD', 'VHS', 'BLR'), 'format', $movie->format, $disabled);
echo "</div><div><p><label>Kvalité:<br/>" . CHtmlUi::generateSelectList(array(10, 20, 30, 40, 50, 50, 70, 80, 90, 100), 'quality', intval($movie->quality), $disabled);
echo <<<EEE
</div><div>
<p><label>IMDB-länk:<br/><input type='text' name='imdblink' value='{$movie->imdblink}' {$disabled}/></label></p>
</div>
<div>
<p><label>Youtube-trailer:<br/><input type='text' name='youtubetrailer' value='{$movie->youtubetrailer}' {$disabled}/></label></p>
</div>
</div>
<div>
Kategori (en eller flera):
<div style='padding:10px 0;'>
EEE;
foreach ($categories as $cate) {
$css = null;
$checked = null;
if (in_array($cate->name, explode(',', $movie->genre))) {
$css = "checkedbox";
$checked = "checked='checked'";
}
if ($cate->id == 1) {
$class = "nocat";
} else {
$class = "hascat";
}
echo "<div style='display:inline-block; margin:0 10px 15px 0;'>";
echo "<label class='chtoggle {$css} {$class}'><input type='checkbox' {$checked} name='category[]' value={$cate->id}>";
echo "<span class='chtogglebox'></span>";
echo "<span>{$cate->name}</span>";
echo "</label></div>";
}
echo <<<EEE
</div>
</div>
<p class='uppdateNavigationButtons'>
<input type='submit' name='save' value='Spara' {$disabled}/>
<input type='reset' class='aButton' value='Återställ' {$disabled}/>
<a class='aButton' href='?p=updatemovie'>Avbryt</a>
EEE;
if (!$disabled == 'disabled') {
echo "<input type='submit' class='aButton' style='float:right;' name='nextpage' id='gotoConnectImage2Movie' value='Koppla bilder till film'>";
}
echo "</p>\n </form>\n {$info}";
}
} else {
echo "<h1 class='center'>Välj och uppdatera filminformation</h1>";
echo "<table class='table'>\n <tr><th></th><th>Titel</th><th>Bild</th><th>År</th><th width='10%'>Skapad</th></tr>";
//
$sql = "SELECT M.id as id,M.title as title, I.image as image, year,creationdate as tid \n FROM oophp0710_movie AS M\n INNER JOIN oophp0710_movie2image AS M2I\n ON M2I.movie_id = M.id\n INNER JOIN oophp0710_images AS I\n ON M2I.image_id = I.id\n GROUP BY M.id\n ORDER BY tid DESC";
$res = $db->ExecuteSelectQueryAndFetchAll($sql);
foreach ($res as $i => $row) {
echo "<tr>" . "<td width='5%' style='text-align:center;'><a class='aButton' href='?p=updatemovie&id={$row->id}'>editera</a></td>" . "<td><strong>{$row->title}</strong></td>" . "<td><img src='{$row->image}' alt='bild på film' width='100' height='50'></td>" . "<td>{$row->year}</td>" . "<td>{$row->tid}</td>" . "</tr>";
}
echo "</table>";
}
}
}
$title = isset($_POST['title']) ? strip_tags($_POST['title']) : null;
$type = isset($_POST['type']) ? strip_tags($_POST['type']) : null;
$acronym = isset($_SESSION['user']) ? $_SESSION['user']->acronym : null;
$cont = new CContent($urbax['database']);
if ($acronym == null) {
echo <<<EOD
<div style=" border: 1px solid #777; border-radius: 3px; padding: 10px 20px;">
<h2 style="margin-top: 0;">Du måste vara inloggad för att få redigera innehåll...</h2>
<p><a href="?p=clogin" class="aButton">Logga in</a></p>
</div>
EOD;
} else {
//Do we have a valid id-value?
if (!$cont->validContentId($id)) {
$dbc = new CDatabase($urbax['database']);
$resultset = $dbc->ExecuteSelectQueryAndFetchAll('SELECT id, title FROM Content WHERE deleted IS NULL');
echo "<h2>Välj post att redigera:</h2>";
echo "<table class='table'>";
echo "<tr><th style='width:100px;'></th><th>Id</th><th>Titel</th></tr>";
foreach ($resultset as $res) {
echo "<tr><td><a href='?p=contentedit&id={$res->id}' class='aButton' style='width:50px; margin:0 auto; display:block;'>Editera</a></td><td>{$res->id}</td><td>{$res->title}</td></tr>";
}
echo "</table>";
} else {
if ($uppdate) {
// Get parameters
$id = isset($_POST['id']) ? strip_tags($_POST['id']) : (isset($_GET['id']) ? strip_tags($_GET['id']) : null);
$title = isset($_POST['title']) ? $_POST['title'] : null;
$slug = isset($_POST['slug']) ? $_POST['slug'] : null;
$url = isset($_POST['url']) ? strip_tags($_POST['url']) : null;
$data = isset($_POST['data']) ? $_POST['data'] : array();
/**
* Function to get category name by id, id by name.
* If no parameter is given, an array with all categories will be returned.
*
* @param mixed $get Determines which categories to get.
* @return string|int|array Name of category in a string, category id as int or names of categories in an array.
*/
private function GetCategory($get = null)
{
// SQL to get categorynames to an array
$sql = "SELECT catId, catName FROM rm_BlogCategory";
foreach (parent::ExecuteSelectQueryAndFetchAll($sql) as $val) {
$categories[$val->catId] = $val->catName;
}
// Return name for a specific category id
if (is_numeric($get) && isset($categories[$get])) {
return $categories[$get];
}
// Find id for a category name
$catSearch = array_search($get, $categories);
// Return found id or whole array
return $catSearch ? $catSearch : $categories;
}
/**
* Function to get genres
*
* @param mixed $get Determines which genres to get.
* @return array Genres of choice.
*/
private function GetGenres($get = null)
{
// SQL to get all genres in use
$sql = "SELECT DISTINCT G.name FROM rm_Genre AS G\r\n INNER JOIN rm_Movie2Genre AS M2G ON G.id = M2G.idGenre";
// SQL to get genre(s) for a movie
if (is_numeric($get)) {
$sql = "SELECT DISTINCT G.name FROM rm_Movie2Genre AS M2G\r\n INNER JOIN rm_Genre AS G ON M2G.idGenre = G.id\r\n WHERE M2G.idMovie = {$get}";
} elseif ($get == "all") {
$sql = "SELECT name FROM rm_Genre";
}
$res = parent::ExecuteSelectQueryAndFetchAll($sql);
foreach ($res as $val) {
$genres[] = $val->name;
}
return $genres;
}
// ------------------------------- ÖVNINGAR ----------------------------------------------------------------- // 1. Skapar objekt av klassen CDatabase: $dbh = new CDatabase($urbax['database']); // 2. Läste om funktionen ExecuteSelectQueryAndFetchAll (som jag skrivit in tidigare) // 2.1 ExecuteSelectQueryAndFetchAll tar maximalt fem parametrar (jag har utökat funktonen med ytterligare två) // den första är SQL-strängen (dvs SQL-frågan som skall köaras) med ev ? som skall kopplas till frågan // näta parmeter är en array med de värden som skall 'bindas'/kopplas till sql-strängen (default är en tom array) // tredje parametern är en bool som anger ifall sql-frågan skall skrivas ut eller ej (default är false) // frärde parametern $asHTMLtable anger iifall resultatet från frågan skall returneras som en HTML-tabell (default är false) // femte paramentern $tableCSSid anger ev.css id för styling av tabellen (default är detta en tom sträng) // 2.2 Det är endast första parametern som är obligatorisk - de övriga fyra är optionella // 2.3 Metoden kan returnera ett mixed resultset eller en html-tabell beroende på vad jag sätter parametern $asHTMLtabl till // 3 Skapar en fråga för att hämta alla filmer $qry = 'SELECT * from Movie'; // 4. Kör frågan $res = $dbh->ExecuteSelectQueryAndFetchAll($qry); // 5. Dumpa resultatet dump($res); // 6. Antalet filmer som ligger i filmdatabasen är för närvarande fem (5). // detta antal kan förändras - men man kan alltid få fram aktuellt antal via kommandot count($res)... // 7. ID:t för res[4] är fyra (4). // kan erhållas med kommandot: echo $res[3]->id; // 8. Aropar rowcCount echo "rowCount: " . $dbh->RowCount(); // 8.1 Row cont returnerade 5. // 8.2 Siffran referarar garanterat till antalet rader som påverkades av INSERT, DELETE och UPPDATE // samt för vissa databaser även SELECT - men det är pålitlig (enligt manualen) // 9. Läste om ExecuteQuery // 9.1 Parametrarna är: // En sträng med SQL-frågan (med ?) // En array med parametrar som har argumenten som skall ersätta eventuella ?
/**
* Constructor
*
*/
public function __construct($dbOptions)
{
// Connect to a MySQL database using PHP PDO
$db = new CDatabase($dbOptions);
// Get parameters
$title = isset($_GET['title']) ? $_GET['title'] : null;
$genre = isset($_GET['genre']) ? $_GET['genre'] : null;
$hits = isset($_GET['hits']) ? $_GET['hits'] : 8;
$page = isset($_GET['page']) ? $_GET['page'] : 1;
$year1 = isset($_GET['year1']) && !empty($_GET['year1']) ? $_GET['year1'] : null;
$year2 = isset($_GET['year2']) && !empty($_GET['year2']) ? $_GET['year2'] : null;
$orderby = isset($_GET['orderby']) ? strtolower($_GET['orderby']) : 'id';
$order = isset($_GET['order']) ? strtolower($_GET['order']) : 'asc';
$id = isset($_POST['id']) ? strip_tags($_POST['id']) : (isset($_GET['id']) ? strip_tags($_GET['id']) : null);
// Check that incoming parameters are valid
is_numeric($hits) or die('Check: Hits must be numeric.');
is_numeric($page) or die('Check: Page must be numeric.');
is_numeric($year1) || !isset($year1) or die('Check: Year must be numeric or not set.');
is_numeric($year2) || !isset($year2) or die('Check: Year must be numeric or not set.');
// Get all genres that are active
$sql = '
SELECT DISTINCT G.name
FROM `rm_genre` AS G
INNER JOIN `rm_movie2genre` AS M2G
ON G.id = M2G.idGenre
';
$res = $db->ExecuteSelectQueryAndFetchAll($sql);
$_SESSION['genres'] = $res;
$genres = null;
foreach ($res as $val) {
if ($val->name == $genre) {
$genres .= "{$val->name} ";
} else {
$genres .= "<a href='" . CFunc::getQueryString(array('genre' => $val->name)) . "'>{$val->name}</a> ";
}
}
$genreOptions = "<option value=''>Select genre</option>\n";
foreach ($res as $val) {
$selected = $val->name == $genre ? 'selected' : null;
$genreOptions .= "<option value='{$val->name}' {$selected}>{$val->name}</option>\n";
}
// Prepare the query based on incoming arguments
$sqlOrig = '
SELECT
M.*,
GROUP_CONCAT(G.name) AS genre
FROM `rm_movie` AS M
LEFT OUTER JOIN `rm_movie2genre` AS M2G
ON M.id = M2G.idMovie
LEFT OUTER JOIN `rm_genre` AS G
ON M2G.idGenre = G.id
';
$where = null;
$groupby = ' GROUP BY M.id';
$limit = null;
$sort = " ORDER BY {$orderby} {$order}";
$params = array();
// Select by title
if ($title) {
$where .= ' AND title LIKE ?';
$params[] = $title;
}
// Select by year
if ($year1) {
$where .= ' AND year >= ?';
$params[] = $year1;
}
if ($year2) {
$where .= ' AND year <= ?';
$params[] = $year2;
}
// Select by genre
if ($genre) {
$where .= ' AND G.name = ?';
$params[] = $genre;
}
// Select by id
if ($id) {
$where .= ' AND M.id = ?';
$params[] = $id;
}
// Pagination
if ($hits && $page) {
$limit = " LIMIT {$hits} OFFSET " . ($page - 1) * $hits;
}
// Complete the sql statement
$where = $where ? " WHERE 1 {$where}" : null;
$sql = $sqlOrig . $where . $groupby . $sort . $limit;
$this->res = $db->ExecuteSelectQueryAndFetchAll($sql, $params);
// Get max pages for current query, for navigation
$sql = "\n SELECT\n COUNT(id) AS rows\n FROM \n (\n {$sqlOrig} {$where} {$groupby}\n ) AS Movie\n ";
$res = $db->ExecuteSelectQueryAndFetchAll($sql, $params);
$this->rows = $res[0]->rows;
}
$title = isset($_POST['title']) ? strip_tags($_POST['title']) : null;
$type = isset($_POST['type']) ? strip_tags($_POST['type']) : null;
$acronym = isset($_SESSION['user']) ? $_SESSION['user']->acronym : null;
$cont = new CContent($urbax['database']);
if ($acronym == null) {
echo <<<EOD
<div style=" border: 1px solid #777; border-radius: 3px; padding: 10px 20px;">
<h2 style="margin-top: 0;">Du måste vara inloggad för att få redigera innehåll...</h2>
<p><a href="?p=clogin" class="aButton">Logga in</a></p>
</div>
EOD;
} else {
//Do we have a valid id-value?
if (!$cont->validContentId($id)) {
$dbc = new CDatabase($urbax['database']);
$resultset = $dbc->ExecuteSelectQueryAndFetchAll("SELECT id, title FROM oophp0710_content WHERE deleted IS NULL and type='post'");
echo "<h2>Välj post att redigera:</h2>";
echo "<table class='table'>";
echo "<tr><th style='width:100px;'></th><th>Id</th><th>Titel</th></tr>";
foreach ($resultset as $res) {
echo "<tr><td><a href='?p=uppdatecontent&id={$res->id}' class='aButton' style='width:50px; margin:0 auto; display:block;'>Editera</a></td><td>{$res->id}</td><td>{$res->title}</td></tr>";
}
echo "</table>";
} else {
if ($uppdate) {
// Get parameters
$id = isset($_POST['id']) ? strip_tags($_POST['id']) : (isset($_GET['id']) ? strip_tags($_GET['id']) : null);
$title = isset($_POST['title']) ? $_POST['title'] : null;
$category = isset($_POST['category']) ? $_POST['category'] : null;
$slug = isset($_POST['slug']) ? $_POST['slug'] : null;
$url = isset($_POST['url']) ? strip_tags($_POST['url']) : null;
/**
* Constructor
*
*/
public function __construct($dbOptions)
{
$db = new CDatabase($dbOptions);
$id = isset($_GET['id']) ? $_GET['id'] : null;
$name = isset($_GET['name']) ? $_GET['name'] : null;
$acronym = isset($_GET['acronym']) ? $_GET['acronym'] : null;
$role = isset($_GET['role']) ? $_GET['role'] : null;
$hits = isset($_GET['hits']) ? $_GET['hits'] : 8;
$page = isset($_GET['page']) ? $_GET['page'] : 1;
$orderby = isset($_GET['orderby']) ? strtolower($_GET['orderby']) : 'id';
$order = isset($_GET['order']) ? strtolower($_GET['order']) : 'asc';
// Check that incoming parameters are valid
is_numeric($hits) or die('Check: Hits must be numeric.');
is_numeric($page) or die('Check: Page must be numeric.');
// Prepare the query based on incoming arguments
$sqlOrig = '
SELECT * FROM rm_user
';
$where = null;
$limit = null;
$sort = " ORDER BY {$orderby} {$order}";
$params = array();
// Select by name
if ($name) {
$where .= ' AND name LIKE ?';
$params[] = $name;
}
// Select by acronym
if ($acronym) {
$where .= ' AND acronym LIKE ?';
$params[] = $acronym;
}
// Select by type
if ($role) {
$where .= ' AND role LIKE ?';
$params[] = $role;
}
// Select by id
if ($id) {
$where .= ' AND id = ?';
$params[] = $id;
}
// Pagination
if ($hits && $page) {
$limit = " LIMIT {$hits} OFFSET " . ($page - 1) * $hits;
}
// Complete the sql statement
$where = $where ? " WHERE 1 {$where}" : null;
$sql = $sqlOrig . $where . $sort . $limit;
$this->res = $db->ExecuteSelectQueryAndFetchAll($sql, $params);
// Get max pages for current query, for navigation
$sql = "\n SELECT\n COUNT(id) AS rows\n FROM \n (\n {$sqlOrig} {$where}\n ) AS Movie\n ";
$res = $db->ExecuteSelectQueryAndFetchAll($sql, $params);
$this->rows = $res[0]->rows;
$userSelected = $role == 'user' ? 'selected' : null;
$adminSelected = $role == 'admin' ? 'selected' : null;
$this->form = <<<EOD
<form class='usersearch'>
<fieldset>
<legend>Sök profil</legend>
<input type=hidden name=hits value='{$hits}'/>
<input type=hidden name=page value='1'/>
<p><label>Namn (använd % som *)<input type='text' name='name' value='{$name}' /></label><br>
<label>Akronym (använd % som *)<input type='text' name='acronym' value='{$acronym}' /> </label><br>
<p><select name='role'>
<option value=''>Select role</option>>
<option {$userSelected}>user</option>>
<option {$adminSelected}>admin</option>>
</select>
<input type='submit' name='submit' value='Sök'/> <a href='?'>Visa Alla</a></p>
</fieldset>
</form>
EOD;
}
private function getMonthMovie($id, $dbSettings)
{
$sql = "SELECT M.title as titel, M.youtubetrailer as film\n FROM oophp0710_movie AS M\n WHERE M.monthmovie=?\n LIMIT 1";
$param = array($id);
$dbh = new CDatabase($dbSettings);
$res = $dbh->ExecuteSelectQueryAndFetchAll($sql, $param);
return $res;
}
