/** * @Get * @Route("Categories/{category:string}/{start:int}/{end:int}") */ public function show() { $category = $this->input->getForDb(1); $skip = $this->input->get(2); $take = $this->input->get(3) - $skip; $this->db->prepare("SELECT\n p.id, p.name, p.description, p.price, p.quantity, c.name as category\n FROM products p\n JOIN products_categories pc\n ON p.id = pc.productId\n JOIN categories c\n ON pc.categoryId = c.id\n WHERE quantity > 0 AND c.name LIKE ?\n ORDER BY p.id\n LIMIT {$take}\n OFFSET {$skip}", array($category)); $response = $this->db->execute()->fetchAllAssoc(); $products = array(); foreach ($response as $p) { $productId = Normalizer::normalize($p['id'], 'noescape|int'); $this->db->prepare("SELECT\n percentage\n FROM promotions\n WHERE productId = ? AND NOW() < endDate", array($productId)); $promos = $this->db->execute()->fetchAllAssoc(); $bestPromo = 0; foreach ($promos as $promo) { $currentPromo = Normalizer::normalize($promo['percentage'], 'noescape|double'); if ($currentPromo > $bestPromo) { $bestPromo = $currentPromo; } } $product = new ProductViewModel(Normalizer::normalize($p['id'], 'noescape|int'), $p['name'], $p['description'], Normalizer::normalize($p['price'], 'noescape|double'), Normalizer::normalize($p['quantity'], 'noescape|int'), $p['category'], $bestPromo); $products[] = $product; } // Escaped one $category = $this->input->get(1); $this->view->appendToLayout('header', 'header'); $this->view->appendToLayout('meta', 'meta'); $this->view->appendToLayout('body', new ShowViewModel($products, $skip, $take + $skip, $category)); $this->view->appendToLayout('footer', 'footer'); $this->view->displayLayout('Layouts.products'); }
/** * @Delete * @Route("review/{id:int}/delete") * @Role("Moderator") */ public function remove() { $id = $this->input->get(1); $this->db->prepare("SELECT productId\n FROM reviews\n WHERE id = ?", array($id)); $response = $this->db->execute()->fetchRowAssoc(); $productId = Normalizer::normalize($response['productId'], 'noescape|int'); $this->db->prepare("DELETE FROM reviews\n WHERE id = ?", array($id))->execute(); $this->redirect("/product/{$productId}/show"); }
/** * @Get * @Route("editor/promotions/all") * @Role("Editor") */ public function all() { $response = $this->db->prepare("SELECT pr.name, p.name as product, pr.percentage, pr.endDate\n FROM promotions pr\n JOIN products p\n ON pr.productId = p.id")->execute()->fetchAllAssoc(); $promotions = array(); foreach ($response as $p) { $promotions[] = new PromotionViewModel($p['name'], $p['product'], Normalizer::normalize($p['percentage'], 'noescape|double'), $p['endDate']); } $this->view->appendToLayout('header', 'header'); $this->view->appendToLayout('meta', 'meta'); $this->view->appendToLayout('body', new AllViewModel($promotions)); $this->view->appendToLayout('footer', 'footer'); $this->view->displayLayout('Layouts.Editor.home'); }
/** * @Authorize * @Post * @Route("cart/checkout") */ public function checkout() { $cart = $this->session->cart; if (!$cart) { throw new \Exception('Cart is empty!', 400); } $totalPrice = 0; $products = array(); foreach ($cart as $itemId) { $this->db->prepare("SELECT\n p.price, p.name, p.id\n FROM products p\n JOIN products_categories pc\n ON p.id = pc.productId\n JOIN categories c\n ON pc.categoryId = c.id\n WHERE p.id = ?", array($itemId)); $response = $this->db->execute()->fetchRowAssoc(); $price = Normalizer::normalize($response['price'], 'noescape|double'); $this->db->prepare("SELECT\n percentage\n FROM promotions\n WHERE productId = ? AND NOW() < endDate", array($itemId)); $promos = $this->db->execute()->fetchAllAssoc(); $bestPromo = 0; foreach ($promos as $promo) { $currentPromo = Normalizer::normalize($promo['percentage'], 'noescape|double'); if ($currentPromo > $bestPromo) { $bestPromo = $currentPromo; } } $price = $price * (1 - $bestPromo / 100); $products[] = new Product(Normalizer::normalize($response['id'], 'noescape|int'), $response['name'], $price); $totalPrice += $price; } $this->db->prepare("SELECT\n Cash\n FROM users\n WHERE id = ? AND username = ?", array($this->session->_login, $this->session->_username)); $response = $this->db->execute()->fetchRowAssoc(); $money = Normalizer::normalize($response['Cash'], 'noescape|double'); if ($money - $totalPrice < 0) { $diff = $totalPrice - $money; throw new \Exception("You don't have enough money for this purchase. Needed {$diff} more!", 400); } $boughtProducts = array(); $outOfStockProducts = array(); foreach ($products as $p => $product) { $this->db->prepare("UPDATE products\n SET quantity = quantity - 1\n WHERE id = ? AND quantity > 0", array($product->getId())); $response = $this->db->execute()->affectedRows(); if ($response) { $this->db->prepare("UPDATE users\n SET Cash = Cash - ?\n WHERE id = ? AND username = ?", array($product->getPrice(), $this->session->_login, $this->session->_username)); $this->db->execute(); $boughtProducts[] = $product; } else { $outOfStockProducts[] = $product; } } if (count($outOfStockProducts) !== 0) { $viewModel = new CheckoutViewModel('Not all items bought!', $outOfStockProducts); } else { $viewModel = new CheckoutViewModel('All items bought!', array()); } $this->session->cart = array(); $this->view->appendToLayout('header', 'header'); $this->view->appendToLayout('meta', 'meta'); $this->view->appendToLayout('body', $viewModel); $this->view->appendToLayout('footer', 'footer'); $this->view->displayLayout('Layouts.checkout'); }
public static function hasRole($role) { $col = 'is' . ucfirst($role); try { $statement = self::$database->prepare("SELECT {$col}\n FROM users\n WHERE username = ? AND id = ?"); $statement->bindColumn(1, $col); $statement->bindParam(1, App::getInstance()->getSession()->_username); $statement->bindParam(2, App::getInstance()->getSession()->_login); $statement->execute(); $response = $statement->fetch(\PDO::FETCH_ASSOC); $response = $response['is' . ucfirst($role)]; } catch (\PDOException $ex) { throw new \Exception("Check your db, missing role '{$col}'"); } if ($response) { return Normalizer::normalize($response, 'bool'); } return false; }
/** * @Route("users/all/{start:int}/{end:int}") * @Get */ public function allUsers() { $skip = $this->input->get(2); $take = $this->input->get(3) - $skip; $this->db->prepare("SELECT\n username,isAdmin, isEditor, isModerator\n FROM users\n ORDER BY username\n LIMIT {$take}\n OFFSET {$skip}"); $response = $this->db->execute()->fetchAllAssoc(); $users = array(); foreach ($response as $u) { $users[] = new User($u['username'], Normalizer::normalize($u['isAdmin'], 'noescape|bool'), Normalizer::normalize($u['isEditor'], 'noescape|bool'), Normalizer::normalize($u['isModerator'], 'noescape|bool')); } $this->view->appendToLayout('header', 'header'); $this->view->appendToLayout('meta', 'meta'); $this->view->appendToLayout('body', new AllUsersViewModel($users, $skip, $take + $skip)); $this->view->appendToLayout('footer', 'footer'); $this->view->displayLayout('Layouts.home'); }
/** * @param mixed $percentage */ public function setPercentage($percentage) { $this->percentage = Normalizer::normalize($percentage, 'noescape|double'); }
/** * @param mixed $price */ public function setPrice($price) { $this->price = Normalizer::normalize($price, 'noescape|double'); }
/** * @param mixed $quantity */ public function setQuantity($quantity) { $this->quantity = Normalizer::normalize($quantity, 'noescape|int'); }