/** * @Route("PhoneNumber/edit") * @Authorize error:("Error message") * @Post * @param EditPhoneNumberBindingModel $model * @throws \Exception */ public function edit(EditPhoneNumberBindingModel $model) { $this->db->prepare("SELECT id\n FROM phoneNumber\n WHERE number = ?", array($model->getPhoneNumber())); $response = $this->db->execute()->fetchRowAssoc(); $id = $response['id']; if ($id !== null) { $phonenumber = $model->getPhoneNumber(); $_SESSION['error'] = "Phone number '{$phonenumber}' already exists!"; $_SESSION['errornumber'] = 400; $this->redirect("/PhoneNumber/editPhoneNumber/" . $_SESSION['PhoneNumberToEdit'] . "/edit"); throw new \Exception("Phone number '{$phonenumber}' already exists!", 400); } if (strlen($model->getName()) <= 2 || $model->getName() === null) { $_SESSION['error'] = 'Invalid name!'; $_SESSION['errornumber'] = 400; $this->redirect("/PhoneNumber/editPhoneNumber/" . $_SESSION['PhoneNumberToEdit'] . "/edit"); throw new \Exception("Invalid name!", 400); } if (!preg_match('/\\b\\d{3}[-.]?\\d{3}[-.]?\\d{4}\\b/', $model->getPhoneNumber())) { $_SESSION['error'] = 'Invalid phone number format!'; $_SESSION['errornumber'] = 400; $this->redirect("/PhoneNumber/editPhoneNumber/" . $_SESSION['PhoneNumberToEdit'] . "/edit"); throw new \Exception("Invalid phone number format!", 400); } $this->db->prepare("UPDATE phoneNumber\n SET name = ?, number = ?\n WHERE id = ?", array($model->getName(), $model->getPhoneNumber(), $_SESSION['PhoneNumberToEdit'])); $this->db->execute(); $this->db->prepare("SELECT\n id\n FROM phoneNumber\n WHERE name = ? AND number = ?", array($model->getName(), $model->getPhoneNumber())); $response = $this->db->execute()->fetchRowAssoc(); $PhoneNumberId = Normalizer::normalize($response['id'], 'noescape|int'); $this->redirect("/PhoneNumber"); }
public static function isAdmin() : bool { $statement = self::$database->prepare("SELECT u.id\n FROM user_roles ur\n JOIN users u\n ON u.id = ur.user_id\n WHERE (u.username = ? AND u.id = ?) AND ur.role_id = 2"); $statement->bindParam(1, App::getInstance()->getSession()->_username); $statement->bindParam(2, App::getInstance()->getSession()->_login); $statement->execute(); $response = $statement->fetch(\PDO::FETCH_ASSOC); if ($response) { $id = Normalizer::normalize($response['isAdmin'], 'bool'); return true; } return false; }