public function __construct()
{
$this->system = getSystem();
@($this->conection = parent::__construct(getenv('DB_HOST'), getenv('DB_USER'), getenv('DB_PSW'), getenv('DB_NAME')));
if (mysqli_connect_errno()) {
$this->system->getRender()->error(500, 'Error connecting to database: ' . mysqli_connect_error());
die;
}
parent::set_charset("utf8");
}
public function loginAction($params = null)
{
if (isset($_POST['doLogin'])) {
$auth = getSystem()->getAuth();
try {
if ($auth->authenticate($_POST['user'], $_POST['password'])) {
$auth->persist();
getSystem()->redirect('admin');
} else {
getSystem()->render('loginForm', array('loginError' => true));
}
} catch (\Exception $e) {
getSystem()->getRender()->error(500, 'Failed when trying to authenticate', $e);
}
}
}
public function error($err, $msg = null, \Exception $e = null)
{
if (getSystem()->isAjaxRequest()) {
if (!$e) {
$this->status($err)->say($msg);
} else {
$this->status($err)->say($msg . " (" . $e->getMessage() . ")");
}
} else {
if (!empty($msg)) {
$msgVars = array('errorMessage' => $msg);
} else {
$msgVars = array('errorMessage' => 'Unknown error');
}
if (getenv('DEBUG') && $e) {
$msgVars['exception'] = $e;
$msgVars['backtrace'] = print_r(debug_backtrace(), TRUE);
}
$this->status($err)->render($err, $msgVars);
}
}
public function authenticate($user, $password)
{
$db = getSystem()->getDb();
$userCheck = $db->prepare('SELECT id, user FROM users WHERE user = ? AND password = ?');
if (!$userCheck) {
throw new \Exception("Error preparing authentication (" . $db->errno . "): " . $db->error);
}
$userCheck->bind_param('ss', $user, $this->generatePassword($user, $password));
$userCheck->execute();
if (!$userCheck) {
throw new \Exception("Error when authenticating (" . $db->errno . "): " . $db->error);
}
$userCheck->bind_result($userId, $userName);
$userCheck->store_result();
if ($userCheck->num_rows === 1) {
$this->userName = $userName;
$this->userId = $userId;
return true;
} else {
return false;
}
}
public static function indexAction($params)
{
getSystem()->render('about');
}
public static function search($name)
{
$db = getSystem()->getDb();
$stmt = $db->prepare("SELECT * FROM persons WHERE name LIKE ?");
if (!$stmt) {
throw new \Exception("Could not prepare search query (" . $db->errno . ") " . $db->error);
}
$stmt->bind_param("s", $name);
$stmt->execute();
if (!$stmt) {
throw new \Exception("Could not execute search query (" . $db->errno . ") " . $db->error);
}
$result = $stmt->get_result();
return $result->fetch_all(MYSQLI_ASSOC);
}
private function testDb()
{
$db = getSystem()->getDb();
$db->query("SELECT * FROM quotes");
}
public static function listSuggestedQuotes()
{
$db = getSystem()->getDb();
$sq = $db->query("SELECT *, DATE_FORMAT(submitDate, '%d/%c %H:%i') as formattedSubmitDate FROM suggestedQuotes WHERE deleted = 0 ORDER BY submitDate DESC");
if (!$sq) {
throw new \Exception("Error fetching list of suggested quotes (" . $db->errno . "): " . $db->error);
}
$arr = $sq->fetch_all(MYSQLI_ASSOC);
$sq->free();
$db->close();
return $arr;
}
public function quotesDeletePostAction($params)
{
$quote = new \App\Quote();
try {
$quote->load($params['qId']);
//$quote->setParams(array('id' => $params['qId']));
$quote->delete();
} catch (\Exception $e) {
getSystem()->getRender()->error(500, 'Could not delete quote: ' . $e->getMessage(), $e);
}
}
public static function getRandomQuoteId()
{
$db = getSystem()->getDb();
$q = $db->query("SELECT id FROM quotes ORDER BY RAND() LIMIT 1");
if (!$q) {
throw new \Exception("Error fetching random quote ID (" . $db->errno . "): " . $db->error);
}
$arr = $q->fetch_all(MYSQLI_ASSOC);
$q->free();
return $arr[0]['id'];
}
