Prepare SQL statements
This commit is contained in:
grandeljay
parent
11321542fe
commit
d0f29d227c
16 changed files with 316 additions and 135 deletions
|
|
@ -93,7 +93,10 @@ if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$_SESSION['user']->isLog
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `sessions`
|
FROM `sessions`
|
||||||
WHERE `session` = "' . $_COOKIE[COOKIE_PERSISTENT] . '";'
|
WHERE `session` = :session;',
|
||||||
|
array(
|
||||||
|
'session' => $_COOKIE[COOKIE_PERSISTENT]
|
||||||
|
)
|
||||||
)
|
)
|
||||||
->fetchAll();
|
->fetchAll();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
$count = new Cache\Query(
|
$count = new Cache\Query(
|
||||||
'SELECT COUNT(`id`) AS "count"
|
'SELECT COUNT(`id`) AS "count"
|
||||||
FROM `' . $table . '`;',
|
FROM `' . $table . '`;',
|
||||||
|
array(),
|
||||||
Duration::DAY
|
Duration::DAY
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,11 +50,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
'style' => $_GET['wishlist_style'],
|
'style' => $_GET['wishlist_style'],
|
||||||
);
|
);
|
||||||
$where = array(
|
$where = array(
|
||||||
'priority' => '`priority` = ' . $_GET['wish_priority'],
|
'priority' => '`priority` = :wish_priority',
|
||||||
);
|
);
|
||||||
|
$options['placeholders']['wish_priority'] = $_GET['wish_priority'];
|
||||||
|
|
||||||
if (-1 === intval($_GET['wish_priority'])) {
|
if (-1 === intval($_GET['wish_priority'])) {
|
||||||
unset($where['priority']);
|
unset($where['priority']);
|
||||||
|
unset($options['placeholders']['wish_priority']);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($_GET['wish_priority'])) {
|
if (empty($_GET['wish_priority'])) {
|
||||||
|
|
@ -142,14 +144,24 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
$database
|
$database
|
||||||
->query(
|
->query(
|
||||||
'UPDATE `wishes`
|
'UPDATE `wishes`
|
||||||
SET `wishlist` = ' . $wish->wishlist . ',
|
SET `wishlist` = :wishlist_id,
|
||||||
`title` = ' . $wish_title . ',
|
`title` = :wish_title,
|
||||||
`description` = ' . $wish_description . ',
|
`description` = :wish_description,
|
||||||
`image` = ' . $wish_image . ',
|
`image` = :wish_image,
|
||||||
`url` = ' . $wish_url . ',
|
`url` = :wish_url,
|
||||||
`priority` = ' . $wish_priority . ',
|
`priority` = :wish_priority,
|
||||||
`is_purchasable` = ' . $wish_is_purchasable . '
|
`is_purchasable` = :wish_is_purchasable,
|
||||||
WHERE `id` = ' . $wish->id . ';'
|
WHERE `id` = :wish_id',
|
||||||
|
array(
|
||||||
|
'wishlist_id' => $wish->wishlist,
|
||||||
|
'wish_title' => $wish_title,
|
||||||
|
'wish_description' => $wish_description,
|
||||||
|
'wish_image' => $wish_image,
|
||||||
|
'wish_url' => $wish_url,
|
||||||
|
'wish_priority' => $wish_priority,
|
||||||
|
'wish_is_purchasable' => $wish_is_purchasable,
|
||||||
|
'wish_id' => $wish->id,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -166,9 +178,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
`wish`,
|
`wish`,
|
||||||
`price`
|
`price`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $wish->id . ',
|
:wish_id,
|
||||||
' . $wish_price . '
|
:wish_price
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'wish_id' => $wish_id,
|
||||||
|
'wish_price' => $wish_price,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['lastInsertId'] = $wish->id;
|
$response['lastInsertId'] = $wish->id;
|
||||||
|
|
@ -223,14 +239,23 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
`priority`,
|
`priority`,
|
||||||
`is_purchasable`
|
`is_purchasable`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $wishlist_id . ',
|
:wishlist_id,
|
||||||
' . $wish_title . ',
|
:wish_title,
|
||||||
' . $wish_description . ',
|
:wish_description,
|
||||||
' . $wish_image . ',
|
:wish_image,
|
||||||
' . $wish_url . ',
|
:wish_url,
|
||||||
' . $wish_priority . ',
|
:wish_priority,
|
||||||
' . $wish_is_purchasable . '
|
:wish_is_purchasable
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'wishlist_id' => $wishlist_id,
|
||||||
|
'wish_title' => $wish_title,
|
||||||
|
'wish_description' => $wish_description,
|
||||||
|
'wish_image' => $wish_image,
|
||||||
|
'wish_url' => $wish_url,
|
||||||
|
'wish_priority' => $wish_priority,
|
||||||
|
'wish_is_purchasable' => $wish_is_purchasable,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -247,9 +272,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
`wish`,
|
`wish`,
|
||||||
`price`
|
`price`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $wish_id . ',
|
:wish_id,
|
||||||
' . $wish_price . '
|
:wish_price
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'wish_id' => $wish_id,
|
||||||
|
'wish_price' => $wish_price,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -265,7 +294,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
/**
|
/**
|
||||||
* Update Wish Status
|
* Update Wish Status
|
||||||
*/
|
*/
|
||||||
$status = Sanitiser::getStatus($_PUT['wish_status']);
|
$wish_status = Sanitiser::getStatus($_PUT['wish_status']);
|
||||||
$wish_id = Sanitiser::getNumber($_PUT['wish_id']);
|
$wish_id = Sanitiser::getNumber($_PUT['wish_id']);
|
||||||
|
|
||||||
if (Wish::STATUS_TEMPORARY === $status) {
|
if (Wish::STATUS_TEMPORARY === $status) {
|
||||||
|
|
@ -274,8 +303,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
|
|
||||||
$database->query(
|
$database->query(
|
||||||
'UPDATE `wishes`
|
'UPDATE `wishes`
|
||||||
SET `status` = "' . $status . '"
|
SET `status` = :wish_status,
|
||||||
WHERE `id` = ' . $wish_id . ';'
|
WHERE `id` = :wish_id',
|
||||||
|
array(
|
||||||
|
'wish_status' => $wish_status,
|
||||||
|
'wish_id' => $wish_id,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
|
|
@ -285,8 +318,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
*/
|
*/
|
||||||
$database->query(
|
$database->query(
|
||||||
'UPDATE `wishes`
|
'UPDATE `wishes`
|
||||||
SET `url` = "' . Sanitiser::getURL($_PUT['wish_url_proposed']) . '"
|
SET `url` = :wish_url_proposed,
|
||||||
WHERE `url` = "' . Sanitiser::getURL($_PUT['wish_url_current']) . '";'
|
WHERE `url` = :wish_url_current',
|
||||||
|
array(
|
||||||
|
'wish_url_proposed' => Sanitiser::getURL($_PUT['wish_url_proposed']),
|
||||||
|
'wish_url_current' => Sanitiser::getURL($_PUT['wish_url_current']),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
|
|
@ -299,7 +336,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
if (isset($_DELETE['wish_id'])) {
|
if (isset($_DELETE['wish_id'])) {
|
||||||
$database->query(
|
$database->query(
|
||||||
'DELETE FROM `wishes`
|
'DELETE FROM `wishes`
|
||||||
WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wish_id']) . ';'
|
WHERE `id` = :wish_id',
|
||||||
|
array(
|
||||||
|
'wish_id' => Sanitiser::getNumber($_DELETE['wish_id']),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `wishlists_saved`
|
FROM `wishlists_saved`
|
||||||
WHERE `wishlist` = ' . Sanitiser::getNumber($_POST['wishlist']) . ';'
|
WHERE `wishlist` = :wishlist_id',
|
||||||
|
array(
|
||||||
|
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist'])
|
||||||
|
)
|
||||||
)
|
)
|
||||||
->fetch();
|
->fetch();
|
||||||
|
|
||||||
|
|
@ -38,7 +41,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
$database
|
$database
|
||||||
->query(
|
->query(
|
||||||
'DELETE FROM `wishlists_saved`
|
'DELETE FROM `wishlists_saved`
|
||||||
WHERE `wishlist` = ' . Sanitiser::getNumber($_POST['wishlist']) . ';'
|
WHERE `wishlist` = :wishlist_id',
|
||||||
|
array(
|
||||||
|
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist'])
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['action'] = 'deleted';
|
$response['action'] = 'deleted';
|
||||||
|
|
@ -50,9 +56,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
`user`,
|
`user`,
|
||||||
`wishlist`
|
`wishlist`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $_SESSION['user']->id . ',
|
:user_id,
|
||||||
' . Sanitiser::getNumber($_POST['wishlist']) . '
|
:wishlist_id
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'user_id' => $_SESSION['user']->id,
|
||||||
|
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist']),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['action'] = 'created';
|
$response['action'] = 'created';
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,8 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
* Create
|
* Create
|
||||||
*/
|
*/
|
||||||
$user_id = Sanitiser::getNumber($_SESSION['user']->id);
|
$user_id = Sanitiser::getNumber($_SESSION['user']->id);
|
||||||
$wish_name = Sanitiser::getTitle($_POST['wishlist-name']);
|
$wishlist_name = Sanitiser::getTitle($_POST['wishlist-name']);
|
||||||
|
$wishlist_hash = sha1(time() . $user_id . $wishlist_name);
|
||||||
|
|
||||||
$database->query(
|
$database->query(
|
||||||
'INSERT INTO `wishlists` (
|
'INSERT INTO `wishlists` (
|
||||||
|
|
@ -25,10 +26,15 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
`name`,
|
`name`,
|
||||||
`hash`
|
`hash`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $user_id . ',
|
:user_id,
|
||||||
"' . $wish_name . '",
|
:wishlist_name,
|
||||||
"' . sha1(time() . $user_id . $wish_name) . '"
|
:wishlist_hash
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'user_id' => $user_id,
|
||||||
|
'wishlist_name' => $wishlist_name,
|
||||||
|
'wishlist_hash' => $wishlist_hash,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['data'] = array(
|
$response['data'] = array(
|
||||||
|
|
@ -38,15 +44,18 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
/**
|
/**
|
||||||
* Request more wishes
|
* Request more wishes
|
||||||
*/
|
*/
|
||||||
$wishlistID = Sanitiser::getNumber($_POST['wishlist-id']);
|
$wishlist_id = Sanitiser::getNumber($_POST['wishlist-id']);
|
||||||
|
|
||||||
/** Get last notification time */
|
/** Get last notification time */
|
||||||
$wishlistQuery = $database
|
$wishlistQuery = $database
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `wishlists`
|
FROM `wishlists`
|
||||||
WHERE `id` = ' . $wishlistID . '
|
WHERE `id` = :wishlist_id
|
||||||
AND (`notification_sent` < (CURRENT_TIMESTAMP - INTERVAL 1 DAY) OR `notification_sent` IS NULL);'
|
AND (`notification_sent` < (CURRENT_TIMESTAMP - INTERVAL 1 DAY) OR `notification_sent` IS NULL);',
|
||||||
|
array(
|
||||||
|
'wishlist_id' => $wishlist_id,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$wishlist = $wishlistQuery->fetch();
|
$wishlist = $wishlistQuery->fetch();
|
||||||
|
|
@ -78,7 +87,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
->query(
|
->query(
|
||||||
'UPDATE `wishlists`
|
'UPDATE `wishlists`
|
||||||
SET `notification_sent` = CURRENT_TIMESTAMP
|
SET `notification_sent` = CURRENT_TIMESTAMP
|
||||||
WHERE `id` = ' . $wishlist['id'] . ';'
|
WHERE `id` = :wishlist_id;',
|
||||||
|
array(
|
||||||
|
'wishlist_id' = $wishlist['id'],
|
||||||
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -164,8 +176,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
$database
|
$database
|
||||||
->query(
|
->query(
|
||||||
'UPDATE `wishlists`
|
'UPDATE `wishlists`
|
||||||
SET `name` = "' . Sanitiser::getTitle($_PUT['wishlist_title']) . '"
|
SET `name` = :wishlist_name,
|
||||||
WHERE `id` = ' . Sanitiser::getNumber($_PUT['wishlist_id']) . ';'
|
WHERE `id` = :wishlist_id'
|
||||||
|
array(
|
||||||
|
'wishlist_name' => Sanitiser::getTitle($_PUT['wishlist_title']),
|
||||||
|
'wishlist_id' => Sanitiser::getTitle($_PUT['wishlist_id']),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
|
|
@ -176,7 +192,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
|
|
||||||
$database->query(
|
$database->query(
|
||||||
'DELETE FROM `wishlists`
|
'DELETE FROM `wishlists`
|
||||||
WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wishlist_id']) . ';'
|
WHERE `id` = :wishlist_id;',
|
||||||
|
array(
|
||||||
|
'wishlist_id' => Sanitiser::getNumber($_DELETE['wishlist_id']),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
|
|
|
||||||
6
src/classes/cache/query.php
vendored
6
src/classes/cache/query.php
vendored
|
|
@ -12,11 +12,12 @@ class Query extends Cache
|
||||||
* Private
|
* Private
|
||||||
*/
|
*/
|
||||||
private \wishthis\Database $database;
|
private \wishthis\Database $database;
|
||||||
|
private array $placeholders = array();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Public
|
* Public
|
||||||
*/
|
*/
|
||||||
public function __construct(string $url, int $maxAge = \wishthis\Duration::YEAR)
|
public function __construct(string $url, array $placeholders = array(), int $maxAge = \wishthis\Duration::YEAR)
|
||||||
{
|
{
|
||||||
global $database;
|
global $database;
|
||||||
|
|
||||||
|
|
@ -33,7 +34,8 @@ class Query extends Cache
|
||||||
$response = $this->exists() ? json_decode(file_get_contents($filepath), true) : array();
|
$response = $this->exists() ? json_decode(file_get_contents($filepath), true) : array();
|
||||||
|
|
||||||
if (true === $this->generateCache()) {
|
if (true === $this->generateCache()) {
|
||||||
$pdoStatement = $this->database->query($this->url);
|
$pdoStatement = $this->database
|
||||||
|
->query($this->url, $this->placeholders);
|
||||||
|
|
||||||
if (false !== $pdoStatement) {
|
if (false !== $pdoStatement) {
|
||||||
if (1 === $pdoStatement->rowCount()) {
|
if (1 === $pdoStatement->rowCount()) {
|
||||||
|
|
|
||||||
|
|
@ -34,12 +34,10 @@ class Database
|
||||||
$this->pdo = new \PDO($dsn, $this->user, $this->password, $options);
|
$this->pdo = new \PDO($dsn, $this->user, $this->password, $options);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function query(string $query): \PDOStatement
|
public function query(string $query, array $placeholders = array()): \PDOStatement
|
||||||
{
|
{
|
||||||
$statement = $this->pdo->query(
|
$statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC));
|
||||||
$query,
|
$statement->execute($placeholders);
|
||||||
\PDO::FETCH_ASSOC
|
|
||||||
);
|
|
||||||
|
|
||||||
$this->lastInsertId = $this->pdo->lastInsertId();
|
$this->lastInsertId = $this->pdo->lastInsertId();
|
||||||
|
|
||||||
|
|
@ -78,8 +76,12 @@ class Database
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `INFORMATION_SCHEMA`.`COLUMNS`
|
FROM `INFORMATION_SCHEMA`.`COLUMNS`
|
||||||
WHERE TABLE_NAME = "' . $table_to_check . '"
|
WHERE `TABLE_NAME` = :table_name,
|
||||||
AND COLUMN_NAME = "' . $column_to_check . '"'
|
AND `COLUMN_NAME` = :column_name',
|
||||||
|
array(
|
||||||
|
'table_name' => $table_to_check,
|
||||||
|
'column_name' => $column_to_check,
|
||||||
|
)
|
||||||
)
|
)
|
||||||
->fetch();
|
->fetch();
|
||||||
$exists = false !== $result;
|
$exists = false !== $result;
|
||||||
|
|
|
||||||
|
|
@ -27,9 +27,14 @@ class Options
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$option = $this->database->query(
|
$option = $this->database->query(
|
||||||
'SELECT * FROM `options`
|
'SELECT *
|
||||||
WHERE `key` = "' . Sanitiser::getOption($key) . '";'
|
FROM `options`
|
||||||
)->fetch();
|
WHERE `key` = :option_key',
|
||||||
|
array(
|
||||||
|
'option_key' => Sanitiser::getOption($key),
|
||||||
|
)
|
||||||
|
)
|
||||||
|
->fetch();
|
||||||
|
|
||||||
$value = $option['value'] ?? '';
|
$value = $option['value'] ?? '';
|
||||||
} catch (\Throwable $th) {
|
} catch (\Throwable $th) {
|
||||||
|
|
@ -42,21 +47,37 @@ class Options
|
||||||
public function setOption(string $key, string $value): void
|
public function setOption(string $key, string $value): void
|
||||||
{
|
{
|
||||||
$optionExists = 0 !== $this->database
|
$optionExists = 0 !== $this->database
|
||||||
->query('SELECT *
|
->query(
|
||||||
|
'SELECT *
|
||||||
FROM `options`
|
FROM `options`
|
||||||
WHERE `key` = "' . $key . '";')
|
WHERE `key` = :option_key;',
|
||||||
|
array(
|
||||||
|
'option_key' => $key,
|
||||||
|
)
|
||||||
|
)
|
||||||
->rowCount();
|
->rowCount();
|
||||||
|
|
||||||
if ($optionExists) {
|
if ($optionExists) {
|
||||||
$this->database->query('UPDATE `options`
|
$this->database->query(
|
||||||
SET `value` = "' . $value . '"
|
'UPDATE `options`
|
||||||
WHERE `key` = "' . $key . '"
|
SET `value` = :option_value,
|
||||||
;');
|
WHERE `key` = :option_key;',
|
||||||
|
array(
|
||||||
|
'option_value' => $value,
|
||||||
|
'option_key' => $key,
|
||||||
|
)
|
||||||
|
);
|
||||||
} else {
|
} else {
|
||||||
$this->database->query('INSERT INTO `options`
|
$this->database->query(
|
||||||
(`key`, `value`) VALUES
|
'INSERT INTO `options`
|
||||||
("' . $key . '", "' . $value . '")
|
(`key`, `value`)
|
||||||
;');
|
VALUES
|
||||||
|
(:option_key, :option_value);',
|
||||||
|
array(
|
||||||
|
'option_key' => $key,
|
||||||
|
'option_value' => $value,
|
||||||
|
)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,10 @@ class User
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `users`
|
FROM `users`
|
||||||
WHERE `id` = ' . $user_id
|
WHERE `id` = :user_id',
|
||||||
|
array(
|
||||||
|
'user_id' => $user_id,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
if (false !== $userQuery) {
|
if (false !== $userQuery) {
|
||||||
|
|
@ -139,7 +142,10 @@ class User
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `wishlists`
|
FROM `wishlists`
|
||||||
WHERE `user` = ' . $this->id . ';'
|
WHERE `user` = :user_id;',
|
||||||
|
array(
|
||||||
|
'user_id' => $this->id,
|
||||||
|
)
|
||||||
)
|
)
|
||||||
->fetchAll();
|
->fetchAll();
|
||||||
|
|
||||||
|
|
@ -163,7 +169,10 @@ class User
|
||||||
`w`.`hash`
|
`w`.`hash`
|
||||||
FROM `wishlists_saved` `ws`
|
FROM `wishlists_saved` `ws`
|
||||||
JOIN `wishlists` `w` ON `w`.`id` = `ws`.`wishlist`
|
JOIN `wishlists` `w` ON `w`.`id` = `ws`.`wishlist`
|
||||||
WHERE `ws`.`user` = ' . $this->id . ';'
|
WHERE `ws`.`user` = :user_id;',
|
||||||
|
array(
|
||||||
|
'user_id' => $this->id,
|
||||||
|
)
|
||||||
)
|
)
|
||||||
->fetchAll();
|
->fetchAll();
|
||||||
|
|
||||||
|
|
@ -190,7 +199,10 @@ class User
|
||||||
$persistent = $database
|
$persistent = $database
|
||||||
->query(
|
->query(
|
||||||
'DELETE FROM `sessions`
|
'DELETE FROM `sessions`
|
||||||
WHERE `session` = "' . $_COOKIE[COOKIE_PERSISTENT] . '";'
|
WHERE `session` = :session;',
|
||||||
|
array(
|
||||||
|
'session' => $_COOKIE[COOKIE_PERSISTENT],
|
||||||
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ class Wish
|
||||||
public const SELECT = '`wishes`.*, `products`.`price`';
|
public const SELECT = '`wishes`.*, `products`.`price`';
|
||||||
public const FROM = '`wishes`';
|
public const FROM = '`wishes`';
|
||||||
public const LEFT_JOIN = '`products` ON `wishes`.`id` = `products`.`wish`';
|
public const LEFT_JOIN = '`products` ON `wishes`.`id` = `products`.`wish`';
|
||||||
public const WHERE = '`wishes`.`id` = %d;';
|
public const WHERE = '`wishes`.`id` = :wish_id;';
|
||||||
|
|
||||||
public const NO_IMAGE = '/src/assets/img/no-image.svg';
|
public const NO_IMAGE = '/src/assets/img/no-image.svg';
|
||||||
|
|
||||||
|
|
@ -80,10 +80,13 @@ class Wish
|
||||||
$id = $idOrColumns;
|
$id = $idOrColumns;
|
||||||
$columns = $database
|
$columns = $database
|
||||||
->query(
|
->query(
|
||||||
'SELECT ' . self::SELECT . '
|
' SELECT ' . self::SELECT . '
|
||||||
FROM ' . self::FROM . '
|
FROM ' . self::FROM . '
|
||||||
LEFT JOIN ' . self::LEFT_JOIN . '
|
LEFT JOIN ' . self::LEFT_JOIN . '
|
||||||
WHERE ' . sprintf(self::WHERE, $id)
|
WHERE ' . self::WHERE,
|
||||||
|
array(
|
||||||
|
'wish_id' => $id,
|
||||||
|
)
|
||||||
)
|
)
|
||||||
->fetch();
|
->fetch();
|
||||||
} elseif (is_array($idOrColumns)) {
|
} elseif (is_array($idOrColumns)) {
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,10 @@ class Wishlist
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `wishlists`
|
FROM `wishlists`
|
||||||
WHERE `' . $column . '` = ' . $id_or_hash . ';'
|
WHERE `' . $column . '` = :id_or_hash;',
|
||||||
|
array(
|
||||||
|
'id_or_hash' => $id_or_hash,
|
||||||
|
)
|
||||||
)
|
)
|
||||||
->fetch();
|
->fetch();
|
||||||
|
|
||||||
|
|
@ -54,15 +57,19 @@ class Wishlist
|
||||||
// $this->wishes = $this->getWishes();
|
// $this->wishes = $this->getWishes();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getWishes($sql = array()): array
|
public function getWishes($options = array()): array
|
||||||
{
|
{
|
||||||
global $database;
|
global $database;
|
||||||
|
|
||||||
$SELECT = isset($sql['SELECT']) ? $sql['SELECT'] : Wish::SELECT;
|
if (!isset($options['WHERE'])) {
|
||||||
$FROM = isset($sql['FROM']) ? $sql['FROM'] : Wish::FROM;
|
$options['placeholders']['wishlist_id'] = $this->id;
|
||||||
$LEFT_JOIN = isset($sql['LEFT_JOIN']) ? $sql['LEFT_JOIN'] : Wish::LEFT_JOIN;
|
}
|
||||||
$WHERE = isset($sql['WHERE']) ? $sql['WHERE'] : '`wishlist` = ' . $this->id;
|
|
||||||
$ORDER_BY = isset($sql['ORDER_BY']) ? $sql['ORDER_BY'] : '`priority` DESC, `url` ASC, `title` ASC';
|
$SELECT = isset($options['SELECT']) ? $options['SELECT'] : Wish::SELECT;
|
||||||
|
$FROM = isset($options['FROM']) ? $options['FROM'] : Wish::FROM;
|
||||||
|
$LEFT_JOIN = isset($options['LEFT_JOIN']) ? $options['LEFT_JOIN'] : Wish::LEFT_JOIN;
|
||||||
|
$WHERE = isset($options['WHERE']) ? $options['WHERE'] : '`wishlist` = :wishlist_id';
|
||||||
|
$ORDER_BY = isset($options['ORDER_BY']) ? $options['ORDER_BY'] : '`priority` DESC, `url` ASC, `title` ASC';
|
||||||
|
|
||||||
/** Default to showing available wishes */
|
/** Default to showing available wishes */
|
||||||
$wish_status = ' AND (
|
$wish_status = ' AND (
|
||||||
|
|
@ -92,11 +99,12 @@ class Wishlist
|
||||||
|
|
||||||
$this->wishes = $database
|
$this->wishes = $database
|
||||||
->query(
|
->query(
|
||||||
'SELECT ' . $SELECT . '
|
' SELECT ' . $SELECT . '
|
||||||
FROM ' . $FROM . '
|
FROM ' . $FROM . '
|
||||||
LEFT JOIN ' . $LEFT_JOIN . '
|
LEFT JOIN ' . $LEFT_JOIN . '
|
||||||
WHERE ' . $WHERE . '
|
WHERE ' . $WHERE . '
|
||||||
ORDER BY ' . $ORDER_BY . ';'
|
ORDER BY ' . $ORDER_BY . ';',
|
||||||
|
$options['placeholders']
|
||||||
)
|
)
|
||||||
->fetchAll();
|
->fetchAll();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -43,9 +43,12 @@ $page->navigation();
|
||||||
FROM `wishes`
|
FROM `wishes`
|
||||||
JOIN `wishlists` ON `wishes`.`wishlist` = `wishlists`.`id`
|
JOIN `wishlists` ON `wishes`.`wishlist` = `wishlists`.`id`
|
||||||
JOIN `users` ON `wishlists`.`user` = `users`.`id`
|
JOIN `users` ON `wishlists`.`user` = `users`.`id`
|
||||||
WHERE `users`.`id` = ' . $_SESSION['user']->id . '
|
WHERE `users`.`id` = :user_id
|
||||||
ORDER BY `wishes`.`edited` DESC
|
ORDER BY `wishes`.`edited` DESC
|
||||||
LIMIT 1;'
|
LIMIT 1;',
|
||||||
|
array(
|
||||||
|
'user_id' => $_SESSION['user']->id,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
if (false !== $lastWishlistQuery && 1 === $lastWishlistQuery->rowCount()) {
|
if (false !== $lastWishlistQuery && 1 === $lastWishlistQuery->rowCount()) {
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,10 @@ if (isset($_POST['email'])) {
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `users`
|
FROM `users`
|
||||||
WHERE `email` = "' . $email . '";'
|
WHERE `email` = :user_email;',
|
||||||
|
array(
|
||||||
|
'user_email' => $email,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$success = false !== $userQuery;
|
$success = false !== $userQuery;
|
||||||
|
|
|
||||||
|
|
@ -21,16 +21,24 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
||||||
->query(
|
->query(
|
||||||
'UPDATE `users`
|
'UPDATE `users`
|
||||||
SET `last_login` = NOW()
|
SET `last_login` = NOW()
|
||||||
WHERE `email` = "' . $email . '"
|
WHERE `email` = :user_email,
|
||||||
AND `password` = "' . $password . '";'
|
AND `password` = :user_password;',
|
||||||
|
array(
|
||||||
|
'user_email' => $email,
|
||||||
|
'user_password' => $password,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$fields = $database
|
$fields = $database
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `users`
|
FROM `users`
|
||||||
WHERE `email` = "' . $email . '"
|
WHERE `email` = :user_email,
|
||||||
AND `password` = "' . $password . '";'
|
AND `password` = :user_password;',
|
||||||
|
array(
|
||||||
|
'user_email' => $email,
|
||||||
|
'user_password' => $password,
|
||||||
|
)
|
||||||
)
|
)
|
||||||
->fetch();
|
->fetch();
|
||||||
|
|
||||||
|
|
@ -67,10 +75,15 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
||||||
`session`,
|
`session`,
|
||||||
`expires`
|
`expires`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $_SESSION['user']->id . ',
|
:user_id,
|
||||||
"' . session_id() . '",
|
:session_id,
|
||||||
"' . date('Y-m-d H:i:s', $sessionExpires) . '"
|
:session_expires
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'user_id' => $_SESSION['user']->id,
|
||||||
|
'session_id' => session_id(),
|
||||||
|
'session_expires' => date('Y-m-d H:i:s', $sessionExpires),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
$database->query(
|
$database->query(
|
||||||
|
|
@ -78,9 +91,13 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
||||||
`user`,
|
`user`,
|
||||||
`session`
|
`session`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $_SESSION['user']->id . ',
|
:user_id,
|
||||||
"' . session_id() . '"
|
:session_id
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'user_id' => $_SESSION['user']->id,
|
||||||
|
'session_id' => session_id(),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -108,7 +125,10 @@ if (isset($_POST['reset'], $_POST['email'])) {
|
||||||
->query(
|
->query(
|
||||||
'SELECT *
|
'SELECT *
|
||||||
FROM `users`
|
FROM `users`
|
||||||
WHERE `email` = "' . Sanitiser::getEmail($_POST['email']) . '";'
|
WHERE `email` = :user_email;',
|
||||||
|
array(
|
||||||
|
'user_email' => Sanitiser::getEmail($_POST['email']),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$user = false !== $userQuery ? new User($userQuery->fetch()) : new User();
|
$user = false !== $userQuery ? new User($userQuery->fetch()) : new User();
|
||||||
|
|
@ -120,9 +140,13 @@ if (isset($_POST['reset'], $_POST['email'])) {
|
||||||
$database
|
$database
|
||||||
->query(
|
->query(
|
||||||
'UPDATE `users`
|
'UPDATE `users`
|
||||||
SET `password_reset_token` = "' . $token . '",
|
SET `password_reset_token` = :user_password_reset_token,
|
||||||
`password_reset_valid_until` = "' . date('Y-m-d H:i:s', $validUntil) . '"
|
`password_reset_valid_until` = :user_reset_valid_until
|
||||||
WHERE `id` = ' . $user->id . ';'
|
WHERE `id` = ' . $user->id . ';',
|
||||||
|
array(
|
||||||
|
'user_password_reset_token' => $token,
|
||||||
|
'user_reset_valid_until' => date('Y-m-d H:i:s', $validUntil),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$emailReset = new Email($_POST['email'], __('Password reset link', null, $user), 'default', 'password-reset');
|
$emailReset = new Email($_POST['email'], __('Password reset link', null, $user), 'default', 'password-reset');
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@ if (isset($_POST['user-id'], $_POST['section'])) {
|
||||||
'column' => 'email',
|
'column' => 'email',
|
||||||
'key' => 'user-email',
|
'key' => 'user-email',
|
||||||
'label' => __('Email'),
|
'label' => __('Email'),
|
||||||
)
|
),
|
||||||
);
|
);
|
||||||
$loginRequired = false;
|
$loginRequired = false;
|
||||||
|
|
||||||
|
|
@ -150,7 +150,10 @@ if (isset($_POST['user-id'], $_POST['section'])) {
|
||||||
->query(
|
->query(
|
||||||
'UPDATE `users`
|
'UPDATE `users`
|
||||||
SET ' . implode(',', $set) . '
|
SET ' . implode(',', $set) . '
|
||||||
WHERE `id` = ' . Sanitiser::getNumber($_POST['user-id'])
|
WHERE `id` = :user_id',
|
||||||
|
array(
|
||||||
|
'user_id' => Sanitiser::getNumber($_POST['user-id']),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,12 @@ $buttonSubmit = $passwordReset ? __('Reset') : __('Register');
|
||||||
$page = new Page(__FILE__, $pageTitle);
|
$page = new Page(__FILE__, $pageTitle);
|
||||||
|
|
||||||
if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
$users = $database->query('SELECT * FROM `users`;')->fetchAll();
|
$users = $database
|
||||||
|
->query(
|
||||||
|
'SELECT *
|
||||||
|
FROM `users`;'
|
||||||
|
)
|
||||||
|
->fetchAll();
|
||||||
$emails = array_map(
|
$emails = array_map(
|
||||||
function ($user) {
|
function ($user) {
|
||||||
return $user['email'];
|
return $user['email'];
|
||||||
|
|
@ -67,8 +72,12 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
$userQuery = $database
|
$userQuery = $database
|
||||||
->query(
|
->query(
|
||||||
'SELECT * FROM `users`
|
'SELECT * FROM `users`
|
||||||
WHERE `email` = "' . $user_email . '"
|
WHERE `email` = :user_email,
|
||||||
AND `password_reset_token` = "' . $user_token . '";'
|
AND `password_reset_token` = :user_password_reset_token',
|
||||||
|
array(
|
||||||
|
'user_email' => $user_email,
|
||||||
|
'user_password_reset_token' => $user_token,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
if (false !== $userQuery) {
|
if (false !== $userQuery) {
|
||||||
|
|
@ -78,10 +87,14 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
$database
|
$database
|
||||||
->query(
|
->query(
|
||||||
'UPDATE `users`
|
'UPDATE `users`
|
||||||
SET `password` = "' . User::generatePassword($_POST['password']) . '",
|
SET `password` = :user_password,
|
||||||
`password_reset_token` = NULL,
|
`password_reset_token` = NULL,
|
||||||
`password_reset_valid_until` = NULL
|
`password_reset_valid_until` = NULL
|
||||||
WHERE `id` = ' . $user->id . ';'
|
WHERE `id` = :user_id;',
|
||||||
|
array(
|
||||||
|
'user_password' => User::generatePassword($_POST['password']),
|
||||||
|
'user_id' => $user->id,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$page->messages[] = Page::success(
|
$page->messages[] = Page::success(
|
||||||
|
|
@ -105,10 +118,14 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
`password`,
|
`password`,
|
||||||
`power`
|
`power`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
"' . $user_email . '",
|
:user_email,
|
||||||
"' . User::generatePassword($_POST['password']) . '",
|
:user_password,
|
||||||
100
|
100
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'user_email' => $user_email,
|
||||||
|
'user_password' => User::generatePassword($_POST['password']),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
$userRegistered = true;
|
$userRegistered = true;
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -123,9 +140,13 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
`email`,
|
`email`,
|
||||||
`password`
|
`password`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
"' . $user_email . '",
|
:user_email,
|
||||||
"' . User::generatePassword($_POST['password']) . '"
|
:user_password
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'user_email' => $user_email,
|
||||||
|
'user_password' => User::generatePassword($_POST['password']),
|
||||||
|
)
|
||||||
);
|
);
|
||||||
$userRegistered = true;
|
$userRegistered = true;
|
||||||
|
|
||||||
|
|
@ -138,8 +159,9 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
* Insert default wishlist
|
* Insert default wishlist
|
||||||
*/
|
*/
|
||||||
if ($userRegistered) {
|
if ($userRegistered) {
|
||||||
$userID = $database->lastInsertID();
|
$user_id = $database->lastInsertID();
|
||||||
$wishlistName = Sanitiser::getTitle(__('My hopes and dreams'));
|
$wishlist_name = Sanitiser::getTitle(__('My hopes and dreams'));
|
||||||
|
$wishlist_hash = sha1(time() . $user_id . $wishlist_name);
|
||||||
|
|
||||||
$database
|
$database
|
||||||
->query(
|
->query(
|
||||||
|
|
@ -148,10 +170,15 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
`name`,
|
`name`,
|
||||||
`hash`
|
`hash`
|
||||||
) VALUES (
|
) VALUES (
|
||||||
' . $userID . ',
|
:wishlist_user_id,
|
||||||
"' . $wishlistName . '",
|
:wishlist_name,
|
||||||
"' . sha1(time() . $userID . $wishlistName) . '"
|
:wishlist_hash
|
||||||
);'
|
);',
|
||||||
|
array(
|
||||||
|
'wishlist_user_id' => $user_id,
|
||||||
|
'wishlist_name' => $wishlist_name,
|
||||||
|
'wishlist_hash' => $wishlist_hash,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue