177 lines
5.4 KiB
PHP
177 lines
5.4 KiB
PHP
<?php
|
||
|
||
namespace Blog\Model;
|
||
|
||
use Blog\Model\Database;
|
||
use PDOException;
|
||
use Random\RandomException;
|
||
|
||
class UserModel extends Database
|
||
{
|
||
/**
|
||
* @throws RandomException
|
||
*/
|
||
public function createUser($values){
|
||
|
||
$salt = bin2hex(random_bytes(16));
|
||
|
||
$hash = hash('sha256', $values["password"] . $salt);
|
||
|
||
$guid = $this->createUUID();
|
||
|
||
$pdo = $this->linkDB();
|
||
|
||
$sql = "INSERT INTO user (`id`, `name`,`vorname`,`email`,`passwort`,`salt`,`role`)
|
||
VALUES (:guid, :name, :firstname, :email, :password, :salt, :role)";
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute([
|
||
":guid" => $guid,
|
||
":name" => $values["lastname"],
|
||
":firstname" => $values["name"],
|
||
":email" => $values["email"],
|
||
":password" => $hash,
|
||
":salt" => $salt,
|
||
":role" => $values["role"]
|
||
]);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
|
||
die;
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
public function getUserByEmail($email){
|
||
$pdo = $this->linkDB();
|
||
$sql = "SELECT * FROM user WHERE email = :email";
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute([":email" => $email]);
|
||
return $sth->fetch();
|
||
}
|
||
|
||
public function getUserById($id){
|
||
$pdo = $this->linkDB();
|
||
$sql = "SELECT * FROM user WHERE id = :id";
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute([":id" => $id]);
|
||
return $sth->fetch();
|
||
}
|
||
|
||
public function deleteUser($id){
|
||
$pdo = $this->linkDB();
|
||
$sql = "DELETE FROM user WHERE id = :id";
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->bindParam(":id", $id);
|
||
$sth->execute();
|
||
}
|
||
|
||
public function updateUserData($id, $values){
|
||
$pdo = $this->linkDB();
|
||
$fields = [];
|
||
$params = [':id' => $id];
|
||
|
||
if(!empty($values["password"])){
|
||
$salt = bin2hex(random_bytes(16));
|
||
$hash = hash('sha256', $values["password"] . $salt);
|
||
$fields["password"] = "´passwort´ = :password";
|
||
$fields["salt"] = "´salt´ = :salt";
|
||
$params[":password"] = $hash;
|
||
$params[":salt"] = $salt;
|
||
}
|
||
|
||
foreach (['name','vorname','email'] as $col) {
|
||
if (isset($values[$col])) {
|
||
$fields[] = "`{$col}` = :{$col}";
|
||
$params[":{$col}"] = $values[$col];
|
||
}
|
||
}
|
||
|
||
$sql = "UPDATE user
|
||
SET " . implode(", ", $fields) . "
|
||
where id = :id";
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute($params);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);
|
||
die;
|
||
}
|
||
|
||
}
|
||
|
||
private function writeNewAddress($values) {
|
||
$guid = $this->createUUID();
|
||
|
||
$sql = "INSERT INTO ort (`id`, `stadt`, `strasse`, `plz`) VALUES (
|
||
:guid, :stadt, :strasse, :plz);";
|
||
|
||
$pdo = $this->linkDB();
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute(array(":guid" => $guid,
|
||
":stadt" => $values["stadt"],
|
||
":strasse" => $values["strasse"],
|
||
":plz" => $values["plz"],
|
||
));
|
||
return $guid;
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
|
||
die;
|
||
}
|
||
}
|
||
|
||
public function writeNewCourse($values, $kursleiterId)
|
||
{
|
||
// Bleibt übrig wenn Adresse erstellt wird aber Kurs nicht weil Error
|
||
$addressId = $this->writeNewAddress($values);
|
||
|
||
$guid = $this->createUUID();
|
||
|
||
$sql = "INSERT INTO kurs (`id`, `name`, `preis`, `dauer`, `rabatt`, `kategorie`, `beschreibung`, `kurseleiter`, `ort_id`) VALUES (
|
||
:guid, :name, :preis, :dauer, :rabatt, :kategorie, :beschreibung, :kurseleiter, :ort_id);";
|
||
|
||
$pdo = $this->linkDB();
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute(array(":guid" => $guid,
|
||
":name" => $values["name"],
|
||
":preis" => $values["preis"],
|
||
":dauer" => $values["dauer"],
|
||
":rabatt" => $values["rabatt"],
|
||
":kategorie" => $values["kategorie"],
|
||
":beschreibung" => $values["beschreibung"],
|
||
":kurseleiter" => $kursleiterId,
|
||
"ort_id" => $addressId
|
||
));
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
|
||
die;
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
public function getMyCourses() {
|
||
$sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, o.stadt, o.strasse, o.plz, b.note, b.kommentar
|
||
FROM kurs AS k
|
||
JOIN ort AS o ON o.id = k.ort_id
|
||
LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
|
||
ORDER BY k.name;";
|
||
|
||
$pdo = $this->linkDB();
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute();
|
||
return $sth->fetchAll(\PDO::FETCH_ASSOC);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Lesen der Daten.", $e);
|
||
die;
|
||
}
|
||
}
|
||
} |