/** * Run method with main page logic * * Populate template and display form for creating a new page entry. For POST request, * validate form data and save information to database. Available to admins only * @access public */ public function run() { $session = Session::getInstance(); $user = $session->getUser(); if (!$user || !$user->isAdmin()) { $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR); header("Location: " . BASE_URL); return; } $pageDAO = PageDAO::getInstance(); $page = null; $form_errors = array(); $form_values = array("id" => "", "title" => "", "content" => "", "published" => false, "template" => ""); if (!empty($_POST)) { $form_values["id"] = isset($_POST["id"]) && is_numeric($_POST["id"]) ? intval($_POST["id"]) : ""; $form_values["title"] = isset($_POST["title"]) ? trim($_POST["title"]) : ""; $form_values["content"] = isset($_POST["content"]) ? trim($_POST["content"]) : ""; $form_values["published"] = isset($_POST["published"]) ? trim($_POST["published"]) : ""; $form_values["template"] = isset($_POST["template"]) ? trim($_POST["template"]) : ""; if (empty($form_values["title"])) { $form_errors["title"] = "No title specified"; } if (empty($form_values["content"])) { $form_errors["content"] = "No content specified"; } if (empty($form_values["published"])) { $form_errors["published"] = "Published status not specified"; } else { if (strcmp($form_values["published"], "true") != 0 && strcmp($form_values["published"], "false") != 0) { $form_errors["published"] = "Published must be a boolean value"; } } if (empty($form_errors)) { $page = new PageModel(); $page->setTitle($form_values["title"]); $page->setContent($form_values["content"]); $page->setUserId($user->id); $pub_value = strcmp($form_values["published"], "true") == 0 ? true : false; $page->setPublished($pub_value); if (!empty($form_values["template"])) { $page->setTemplate($form_values["template"]); } if ($pageDAO->insert($page)) { $session->setMessage("Page saved"); header("Location: edit_page.php?id={$page->id}"); return; } else { $session->setMessage("Page not saved"); } } } $this->template->render(array("title" => "Create Page", "session" => $session, "main_page" => "create_page_tpl.php", "page" => $page, "form_values" => $form_values, "form_errors" => $form_errors)); }
/** * Run method with main page logic * * Populate template and display confirmation for page deletion. For POST requests, * check user credentials, check if page exists and then delete entry from database. * Available to admins only. * @access public */ public function run() { $session = Session::getInstance(); $user = $session->getUser(); if (!$user || !$user->isAdmin()) { $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR); header("Location: " . BASE_URL); return; } $pageDAO = PageDAO::getInstance(); $delete_page = null; $form_errors = array(); $form_values = array("id" => ""); if (!empty($_POST)) { $id = isset($_POST["id"]) ? trim($_POST["id"]) : ""; if (empty($id)) { header("Location: " . BASE_URL); return; } else { if (is_numeric($id)) { $delete_page = $pageDAO->load($id); if ($delete_page) { if ($pageDAO->delete($delete_page)) { $session->setMessage("Page deleted"); header("Location: " . BASE_URL); return; } else { $session->setMessage("Could not delete page", Session::MESSAGE_ERROR); } } } } } else { if (!empty($_GET)) { $id = isset($_GET["id"]) ? trim($_GET["id"]) : ""; if (empty($id)) { header("Location: " . BASE_URL); return; } else { if (is_numeric($id)) { $delete_page = $pageDAO->load($id); if ($delete_page) { $form_values["id"] = $delete_page->getId(); } } } } else { header("Location: " . BASE_URL); return; } } $this->template->render(array("title" => "Admin - Delete Page", "main_page" => "delete_page_tpl.php", "user" => $user, "session" => $session, "delete_page" => $delete_page, "form_errors" => $form_errors, "form_values" => $form_values)); }
/** * Run method with main page logic * * Read in pages from the database. Populate template and display an interface to * administer page data for allowing bulk deletion of pages, deletion of a single * page, links to editing each page entry. Available to admins only * @access public */ public function run() { $PAGINATION_LIMIT = 10; $session = Session::getInstance(); $user = $session->getUser(); if (!$user || !$user->isAdmin()) { $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR); header("Location: " . BASE_URL); return; } $page = isset($_GET["page"]) && is_numeric($_GET["page"]) ? intval($_GET["page"]) : 1; if ($page < 1) { $page = 1; } $action = isset($_GET["action"]) ? trim($_GET["action"]) : ""; $pageDAO = PageDAO::getInstance(); $page_array = $paginator_page = null; $content_title = "Page Options"; if (!empty($_POST) && !empty($_POST["ids"]) && !empty($_POST["action"])) { $action = isset($_POST["action"]) ? trim($_POST["action"]) : ""; if (!strcmp($action, "delete") == 0) { header("Location: " . BASE_URL); return; } $status = $pageDAO->deleteByIds($_POST["ids"]); if ($status) { $session->setMessage("Selected pages deleted"); header("Location: {$_SERVER["PHP_SELF"]}"); return; } else { $session->setMessage("Deletion failed", Session::MESSAGE_ERROR); header("Location: {$_SERVER["PHP_SELF"]}"); return; } } else { if (strcmp($action, "delete") == 0 && !empty($_GET["ids"])) { $content_title = "Delete Pages"; $page_array = $pageDAO->allByIds($_GET["ids"]); } else { if (strcmp($action, "delete") == 0) { } else { $count = $pageDAO->count(); $paginator = new Paginator($count, $PAGINATION_LIMIT); $paginator_page = $paginator->getPage($page); $page_array = $pageDAO->all(array("limit" => $paginator_page)); } } } $this->template->render(array("title" => "Admin - {$content_title}", "main_page" => "page_options_tpl.php", "session" => $session, "page_array" => $page_array, "paginator_page" => $paginator_page, "action" => $action, "content_title" => $content_title)); }
/** * Delete instances of a User entities with the ids specified in the ids array. LEFT JOIN clauses will be added to delete any associated attendance records, pages, articles and events * * @access public * @param array $ids Array containing int ids of User entities to delete * @param array $options (Optional) Read documentation on parseOptions for details * @return bool Return status of PDOStatement execute method */ public function deleteByIds($ids, $options = null) { if (!is_array($ids)) { throw new InvalidArgumentException("Must pass array of ids as the first parameter"); } // Import associated DAOs require_once "Attendance.php"; require_once "Page.php"; require_once "Article.php"; require_once "Event.php"; $attendDAO = AttendanceDAO::getInstance(); $pagesDAO = PageDAO::getInstance(); $articlesDAO = ArticleDAO::getInstance(); $eventsDAO = EventDAO::getInstance(); $str = ""; for ($i = 0; $i < count($ids) - 1; $i++) { $str .= "?,"; } $str .= "?"; // Use LEFT JOIN in case user does not have some entries $query = "DELETE FROM {$this->tableName}, {$attendDAO->getTableName()}, {$pagesDAO->getTableName()}, {$articlesDAO->getTableName()}, {$eventsDAO->getTableName()} USING {$this->tableName} LEFT JOIN {$attendDAO->getTableName()} ON {$this->tableName}.id = {$attendDAO->getTableName()}.userId LEFT JOIN {$pagesDAO->getTableName()} ON {$this->tableName}.id = {$pagesDAO->getTableName()}.userId LEFT JOIN {$articlesDAO->getTableName()} ON {$this->tableName}.id = {$articlesDAO->getTableName()}.userId LEFT JOIN {$eventsDAO->getTableName()} ON {$this->tableName}.id = {$eventsDAO->getTableName()}.userId WHERE {$this->tableName}.id IN ({$str})"; //echo $query; $stmt = self::$dbh->prepare($query); $params = $ids; $status = $stmt->execute($params); return $status; }
/** * Run method with main page logic * * Populate template and display form for editing an page entry. For POST requests, * check user credentials, check if page exists and then update entry in database. * Available to admins only * @access public */ public function run() { $session = Session::getInstance(); $user = $session->getUser(); if (!$user || !$user->isAdmin()) { $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR); header("Location: " . BASE_URL); return; } $form_errors = array(); $form_values = array("id" => "", "title" => "", "content" => "", "published" => false, "template" => ""); $pageDAO = PageDAO::getInstance(); $page = null; if (!empty($_POST)) { $form_values["id"] = isset($_POST["id"]) && is_numeric($_POST["id"]) ? intval($_POST["id"]) : ""; $form_values["title"] = isset($_POST["title"]) ? trim($_POST["title"]) : ""; $form_values["content"] = isset($_POST["content"]) ? trim($_POST["content"]) : ""; $form_values["published"] = isset($_POST["published"]) ? trim($_POST["published"]) : ""; $form_values["template"] = isset($_POST["template"]) ? trim($_POST["template"]) : ""; if (empty($form_values["id"])) { $form_errors["id"] = "No id specified"; } if (empty($form_values["title"])) { $form_errors["title"] = "No title specified"; } if (empty($form_values["content"])) { $form_errors["content"] = "No content specified"; } if (empty($form_values["published"])) { $form_errors["published"] = "Published status not specified"; } else { if (strcmp($form_values["published"], "true") != 0 && strcmp($form_values["published"], "false") != 0) { $form_errors["published"] = "Published must be a boolean value"; } } if (empty($form_errors)) { $page = $pageDAO->load($form_values["id"]); if ($page && ($user->isAdmin() || $page->userId == $user->id)) { $page->setTitle($form_values["title"]); $page->setContent($form_values["content"]); $page->setUserId($user->id); $pub_value = strcmp($form_values["published"], "true") == 0 ? true : false; $page->setPublished($pub_value); if (!empty($form_values["template"])) { $page->setTemplate($form_values["template"]); } if ($pageDAO->save($page)) { $session->setMessage("Page saved"); header("Location: {$_SERVER["PHP_SELF"]}?id={$page->id}"); return; } else { $session->setMessage("Page not saved"); } } else { $session->setMessage("Do not have permission to edit page", Session::MESSAGE_ERROR); header("Location: " . BASE_URL); return; } } else { if (empty($form_errors["id"])) { $page = $pageDAO->load($form_values["id"]); } } } else { if (!empty($_GET)) { $form_values["id"] = isset($_GET["id"]) ? $_GET["id"] : ""; if (empty($form_values["id"])) { header("Location: " . BASE_URL); return; } else { $page = $pageDAO->load($form_values["id"]); // Page does not exist if (!$page) { } else { if (!$user->isAdmin() && $page->userId != $user->id) { $session->setMessage("Do not have permission to edit page", Session::MESSAGE_ERROR); header("Location: " . BASE_URL); return; } else { $form_values["id"] = $page->getId(); $form_values["title"] = $page->getTitle(); $form_values["content"] = $page->getContent(); $form_values["published"] = $page->getPublished() == true ? "true" : "false"; $form_values["template"] = $page->getTemplate(); } } } } } $this->template->render(array("title" => "Edit Page", "main_page" => "edit_page_tpl.php", "session" => $session, "page" => $page, "form_values" => $form_values, "form_errors" => $form_errors)); }