kurs-app/Model/UserModel.php
2025-07-10 11:32:32 +02:00

264 lines
8.3 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace Blog\Model;
use Blog\Model\Database;
use PDOException;
use Random\RandomException;
class UserModel extends Database
{
/**
* @throws RandomException
*/
public function createUser($values){
$salt = bin2hex(random_bytes(16));
$hash = hash('sha256', $values["password"] . $salt);
$guid = $this->createUUID();
$pdo = $this->linkDB();
$sql = "INSERT INTO user (`id`, `name`,`vorname`,`email`,`passwort`,`salt`,`role`)
VALUES (:guid, :name, :firstname, :email, :password, :salt, :role)";
try {
$sth = $pdo->prepare($sql);
$sth->execute([
":guid" => $guid,
":name" => $values["lastname"],
":firstname" => $values["name"],
":email" => $values["email"],
":password" => $hash,
":salt" => $salt,
":role" => $values["role"]
]);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
die;
}
return true;
}
public function getUserByEmail($email){
$pdo = $this->linkDB();
$sql = "SELECT * FROM user WHERE email = :email";
$sth = $pdo->prepare($sql);
$sth->execute([":email" => $email]);
return $sth->fetch();
}
public function getUserById($id){
$pdo = $this->linkDB();
$sql = "SELECT * FROM user WHERE id = :id";
$sth = $pdo->prepare($sql);
$sth->execute([":id" => $id]);
return $sth->fetch();
}
public function deleteUser($id){
$pdo = $this->linkDB();
$sql = "DELETE FROM user WHERE id = :id";
$sth = $pdo->prepare($sql);
$sth->bindParam(":id", $id);
$sth->execute();
}
public function updateUserData($id, $values){
$pdo = $this->linkDB();
$fields = [];
$params = [':id' => $id];
if(!empty($values["password"])){
$salt = bin2hex(random_bytes(16));
$hash = hash('sha256', $values["password"] . $salt);
$fields["password"] = "´passwort´ = :password";
$fields["salt"] = "´salt´ = :salt";
$params[":password"] = $hash;
$params[":salt"] = $salt;
}
foreach (['name','vorname','email'] as $col) {
if (isset($values[$col])) {
$fields[] = "`{$col}` = :{$col}";
$params[":{$col}"] = $values[$col];
}
}
$sql = "UPDATE user
SET " . implode(", ", $fields) . "
where id = :id";
try {
$sth = $pdo->prepare($sql);
$sth->execute($params);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);
die;
}
}
private function writeNewAddress($values) {
$guid = $this->createUUID();
$sql = "INSERT INTO ort (`id`, `stadt`, `strasse`, `plz`) VALUES (
:guid, :stadt, :strasse, :plz);";
$pdo = $this->linkDB();
try {
$sth = $pdo->prepare($sql);
$sth->execute(array(":guid" => $guid,
":stadt" => $values["stadt"],
":strasse" => $values["strasse"],
":plz" => $values["plz"],
));
return $guid;
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
die;
}
}
public function writeNewCourse($values, $kursleiterId)
{
// Bleibt übrig wenn Adresse erstellt wird aber Kurs nicht weil Error
$addressId = $this->writeNewAddress($values);
$guid = $this->createUUID();
$sql = "INSERT INTO kurs (`id`, `name`, `preis`, `dauer`, `rabatt`, `kategorie`, `beschreibung`, `kurseleiter`, `ort_id`) VALUES (
:guid, :name, :preis, :dauer, :rabatt, :kategorie, :beschreibung, :kurseleiter, :ort_id);";
$pdo = $this->linkDB();
try {
$sth = $pdo->prepare($sql);
$sth->execute(array(":guid" => $guid,
":name" => $values["name"],
":preis" => $values["preis"],
":dauer" => $values["dauer"],
":rabatt" => $values["rabatt"],
":kategorie" => $values["kategorie"],
":beschreibung" => $values["beschreibung"],
":kurseleiter" => $kursleiterId,
"ort_id" => $addressId
));
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
die;
}
return true;
}
public function getMyCourses() {
$personId = $_SESSION["user_id"];
$isKursleiter = $_SESSION["user_role"] === "leiter";
$pdo = $this->linkDB();
if ($isKursleiter) {
$sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, k.ort_id,
o.stadt, o.strasse, o.plz, b.note, b.kommentar
FROM kurs AS k
JOIN ort AS o ON o.id = k.ort_id
LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
WHERE k.kursleiter = :personId
ORDER BY k.name";
} else {
$sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, k.ort_id,
o.stadt, o.strasse, o.plz, b.note, b.kommentar
FROM kurs_user AS ku
JOIN kurs AS k ON k.id = ku.kurs_id
JOIN ort AS o ON o.id = k.ort_id
LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
WHERE ku.user_id = :personId
ORDER BY k.name";
}
try {
$sth = $pdo->prepare($sql);
$sth->execute([':personId' => $personId]);
return $sth->fetchAll(\PDO::FETCH_ASSOC);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Lesen der Daten.", $e);
die;
}
}
public function updateCourse($course) {
$pdo = $this->linkDB();
try {
if (isset($course['ort_id'])) {
$this->updateAddress($course);
$addressId = $course['ort_id'];
} else {
$addressId = $this->writeNewAddress($course);
}
$sql = "UPDATE kurs SET
`name` = :name,
`preis` = :preis,
`dauer` = :dauer,
`rabatt` = :rabatt,
`kategorie` = :kategorie,
`beschreibung` = :beschreibung,
`ort_id` = :ort_id
WHERE `id` = :id";
$sth = $pdo->prepare($sql);
$sth->execute([
':id' => $course['id'],
':name' => $course['name'],
':preis' => $course['preis'],
':dauer' => $course['dauer'],
':rabatt' => $course['rabatt'],
':kategorie' => $course['kategorie'],
':beschreibung' => $course['beschreibung'],
':ort_id' => $addressId
]);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren des Kurses.", $e);
die;
}
return true;
}
public function updateAddress($data) {
$pdo = $this->linkDB();
if (!isset($data['ort_id'])) {
throw new \Exception("Keine Adress-ID vorhanden zum Aktualisieren.");
}
$sql = "UPDATE ort SET
`strasse` = :strasse,
`stadt` = :stadt,
`plz` = :plz
WHERE `id` = :id";
try {
$sth = $pdo->prepare($sql);
$sth->execute([
':id' => $data['ort_id'],
':strasse' => $data['strasse'],
':stadt' => $data['stadt'],
':plz' => $data['plz']
]);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Adresse.", $e);
die;
}
return true;
}
}