/**
* Returns the number of usages of the given e-mail address.
*/
public static function checkEmail($email)
{
$namedQuery = new NamedQuery(self::$QUERY_CHECK_EMAIL);
$namedQuery->addParam(QueryParam::TYPE_STRING, $email);
$result = CRUDService::getInstance()->fetchNamedQuery($namedQuery);
return $result[0]->number;
}
public function handleRequestInMain()
{
$this->checkAccess();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// get classification, its type and price from POST array
$classification = $_POST["name-classification"];
$type = $_POST["name-type--" . $classification];
$namedQuery = new NamedQuery($this->QUERY_INSERT_PRODUCT);
$namedQuery->addParam(QueryParam::TYPE_STRING, $classification);
$namedQuery->addParam(QueryParam::TYPE_STRING, $type);
$namedQuery->addParam(QueryParam::TYPE_STRING, $_POST["name-price"]);
// insert those information into DB and get the product's ID
$insertId = CRUDService::getInstance()->executeNamedQuery($namedQuery);
// now, we can generate the new file name for the uploaded image
$fileName = $_FILES["name-image"]["name"];
$lastDot = strrpos($fileName, ".");
$imgType = substr($fileName, $lastDot);
// example : ".jpg"
// image name is like : <productType>-<id>.<imageType>
// for example : robot-42.png
$imgName = strtolower($type) . "-" . $insertId . $imgType;
// define the upload directory's relative path
$uploadDir = "./images/products/" . $classification . "/" . strtolower($type) . "/";
// move the uploaded file to the correct image directory
move_uploaded_file($_FILES["name-image"]["tmp_name"], $uploadDir . $imgName);
// now, update the database to set the image name
$nq2 = new NamedQuery($this->QUERY_SET_IMAGE);
$nq2->addParam(QueryParam::TYPE_STRING, $imgName);
$nq2->addParam(QueryParam::TYPE_INTEGER, $insertId);
CRUDService::getInstance()->executeNamedQuery($nq2);
// keys to write : product.<id>.name.<lang> , product.<id>.description.<lang>
$data = 'product.' . $insertId . '.name.de = "' . $_POST["name-name-de"] . '"' . PHP_EOL;
$data .= 'product.' . $insertId . '.name.en = "' . $_POST["name-name-en"] . '"' . PHP_EOL;
$data .= 'product.' . $insertId . '.name.fr = "' . $_POST["name-name-fr"] . '"' . PHP_EOL;
$data .= 'product.' . $insertId . '.description.de = "' . $_POST["name-description-de"] . '"' . PHP_EOL;
$data .= 'product.' . $insertId . '.description.en = "' . $_POST["name-description-en"] . '"' . PHP_EOL;
$data .= 'product.' . $insertId . '.description.fr = "' . $_POST["name-description-fr"] . '"' . PHP_EOL;
// write titles and descriptions into the products.ini file
file_put_contents(Config::DEFAULT_PRODUCT_FILE, $data, FILE_APPEND);
// finally, update the session with the new products.ini file content
LanguageHelper::loadTranslations();
}
}
/**
* Overwrite the abstract function from Superclass.
* If an admin POST-ed a product change, update the database if necessary,
* and also update the key values (language translations) for this product
* in the products.ini file.
*/
public function handleRequestInMain()
{
$this->checkAccess();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$id = intval($_POST["name-id"]);
$_SESSION[Session::PRODUCT_TRANSLATIONS]["product." . $id . ".name.de"] = $_POST["name-name-de"];
$_SESSION[Session::PRODUCT_TRANSLATIONS]["product." . $id . ".name.en"] = $_POST["name-name-en"];
$_SESSION[Session::PRODUCT_TRANSLATIONS]["product." . $id . ".name.fr"] = $_POST["name-name-fr"];
$_SESSION[Session::PRODUCT_TRANSLATIONS]["product." . $id . ".description.de"] = $_POST["name-description-de"];
$_SESSION[Session::PRODUCT_TRANSLATIONS]["product." . $id . ".description.en"] = $_POST["name-description-en"];
$_SESSION[Session::PRODUCT_TRANSLATIONS]["product." . $id . ".description.fr"] = $_POST["name-description-fr"];
// write the edited content from session back into the product's file
file_put_contents(Config::DEFAULT_PRODUCT_FILE, $this->productArrayToString());
LanguageHelper::loadTranslations();
// update the database to set the new price
$nq = new NamedQuery($this->QUERY_SET_PRICE);
$nq->addParam(QueryParam::TYPE_DOUBLE, doubleval($_POST["name-price"]));
$nq->addParam(QueryParam::TYPE_INTEGER, $id);
CRUDService::getInstance()->executeNamedQuery($nq);
// redirect back to the delete.php page
$this->redirect("delete.php");
}
}
/**
* Overwrite the abstract function from Superclass.
* If a user POST-ed login data, check whether the data
* is correct or not.
* In case it's not, show the user a message that the login was not ok.
* Otherwise, set the user's data into the session and redirect to
* the 'Home' page.
*/
public function handleRequestInMain()
{
// handle only POST requests
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// read e-mail from POST and try to load a user by its e-mail
$namedQuery = new NamedQuery($this->QUERY_LOAD_USER);
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-email"]));
$result = CRUDService::getInstance()->fetchNamedQuery($namedQuery, "User");
// if there is no (or more which should not be possible) result, return an error
if (count($result) !== 1) {
$this->getView()->setMessage($this->MSG_ERROR);
return;
}
// now that we really found just 1 user, check its password
$user = $result[0];
if ($user->getPassword() === StringUtils::convertInSha1($_POST["name-password"])) {
// persist user in session and redirect user to the main page
$_SESSION[Session::USER] = serialize($user);
$this->redirect("home.php");
} else {
$this->getView()->setMessage($this->MSG_ERROR);
}
}
}
public function __destruct()
{
self::$dbConn->close();
self::$dbConn = null;
}
/**
* This method executes a NamedQuery with a product's ID which has
* to be deleted.
* @param id id of a product to be deleted
*/
public static function delete($id)
{
CRUDService::getInstance()->executeNativeQuery("DELETE FROM product WHERE id = " . intval($id));
}
/**
* This method is called by 'loadData' and creates the necessary
* SQL Statement for data loading.
*/
private function load($id, $class, $type, $order, $limit)
{
// create a NamedQuery, but don't set the query itself
$namedQuery = new NamedQuery();
// use some booleans to handle the use of WHERE and AND clauses
$hasConditions = $id != null ? true : false;
$hasConditions = $class != null ? true : $hasConditions;
$hasConditions = $type != null ? true : $hasConditions;
$isAndNeccessary = false;
// start with the default query
$query = $this->QUERY_LOAD_PRODUCTS;
// if there are conditions to add, handle them inside this block
if ($hasConditions) {
$query .= $this->CLAUSE_WHERE;
// add the 'id' parameter if valued
if ($id != null) {
$query .= $this->COND_ID;
$namedQuery->addParam(QueryParam::TYPE_INTEGER, $id);
// WHERE clause is used, so mark that next statement has to add AND clause
$isAndNeccessary = true;
}
// add the 'classification' parameter if valued
if ($class != null) {
if ($isAndNeccessary) {
$query .= $this->CLAUSE_AND;
}
$query .= $this->COND_CLASSIFICATION;
$namedQuery->addParam(QueryParam::TYPE_STRING, $class);
// previously added AND is used, so mark that next statement has to add AND again
$isAndNeccessary = true;
}
// add the 'type' parameter if valued
if ($type != null) {
if ($isAndNeccessary) {
$query .= $this->CLAUSE_AND;
}
$query .= $this->COND_TYPE;
$namedQuery->addParam(QueryParam::TYPE_STRING, $type);
}
}
// add the order type to the query
$query .= $this->COND_ORDER_BY . $order;
// if a limit is given, add the limit suffix and the query param
if ($limit > 0) {
$query .= $this->SUFFIX_LIMIT;
$namedQuery->addParam(QueryParam::TYPE_INTEGER, $limit);
}
// at this point, the query is finished and can be set into the NamedQuery
$namedQuery->setNamedQuery($query);
// now, we can call the CRUDService with the finished NamedQuery
return CRUDService::getInstance()->fetchNamedQuery($namedQuery, "Product");
}
<?php
require 'vendor/autoload.php';
require 'service/CRUDService.php';
require 'database/Connection.php';
$app = new \Slim\Slim();
$crud = new CRUDService();
$app->post('/guests', function () use($app, $crud) {
$json = $app->request()->getBody();
$added = $crud->add($json);
$app->response()->header('Content-Type', 'application/json');
echo json_encode($added);
});
$app->delete('/guests/:id', function ($id) use($app, $crud) {
$crud->remove($id);
});
$app->get('/guests', function () use($app, $crud) {
$list = $crud->getList();
$app->response()->header('Content-Type', 'application/json');
echo json_encode($list);
});
$app->run();
/**
* This method reloads the user's data by its ID
* and stores them in the session.
* @param id the ID of the user to be reloaded
*/
private function reloadUser($id)
{
$namedQuery = new NamedQuery($this->QUERY_LOAD_USER);
$namedQuery->addParam(QueryParam::TYPE_INTEGER, $id);
$result = CRUDService::getInstance()->fetchNamedQuery($namedQuery, "User");
$_SESSION[Session::USER] = serialize($result[0]);
}
public function load()
{
$namedQuery = new NamedQuery($this->QUERY_LOAD_USER);
$namedQuery->addParam(QueryParam::TYPE_STRING, $this->email);
$result = CRUDService::getInstance()->fetchNamedQuery($namedQuery, "User");
}
