264 lines
8.3 KiB
PHP
264 lines
8.3 KiB
PHP
<?php
|
||
|
||
namespace Blog\Model;
|
||
|
||
use Blog\Model\Database;
|
||
use PDOException;
|
||
use Random\RandomException;
|
||
|
||
class UserModel extends Database
|
||
{
|
||
/**
|
||
* @throws RandomException
|
||
*/
|
||
public function createUser($values){
|
||
|
||
$salt = bin2hex(random_bytes(16));
|
||
|
||
$hash = hash('sha256', $values["password"] . $salt);
|
||
|
||
$guid = $this->createUUID();
|
||
|
||
$pdo = $this->linkDB();
|
||
|
||
$sql = "INSERT INTO user (`id`, `name`,`vorname`,`email`,`passwort`,`salt`,`role`)
|
||
VALUES (:guid, :name, :firstname, :email, :password, :salt, :role)";
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute([
|
||
":guid" => $guid,
|
||
":name" => $values["lastname"],
|
||
":firstname" => $values["name"],
|
||
":email" => $values["email"],
|
||
":password" => $hash,
|
||
":salt" => $salt,
|
||
":role" => $values["role"]
|
||
]);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
|
||
die;
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
public function getUserByEmail($email){
|
||
$pdo = $this->linkDB();
|
||
$sql = "SELECT * FROM user WHERE email = :email";
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute([":email" => $email]);
|
||
return $sth->fetch();
|
||
}
|
||
|
||
public function getUserById($id){
|
||
$pdo = $this->linkDB();
|
||
$sql = "SELECT * FROM user WHERE id = :id";
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute([":id" => $id]);
|
||
return $sth->fetch();
|
||
}
|
||
|
||
public function deleteUser($id){
|
||
$pdo = $this->linkDB();
|
||
$sql = "DELETE FROM user WHERE id = :id";
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->bindParam(":id", $id);
|
||
$sth->execute();
|
||
}
|
||
|
||
public function updateUserData($id, $values){
|
||
$pdo = $this->linkDB();
|
||
$fields = [];
|
||
$params = [':id' => $id];
|
||
|
||
if(!empty($values["password"])){
|
||
$salt = bin2hex(random_bytes(16));
|
||
$hash = hash('sha256', $values["password"] . $salt);
|
||
$fields["password"] = "´passwort´ = :password";
|
||
$fields["salt"] = "´salt´ = :salt";
|
||
$params[":password"] = $hash;
|
||
$params[":salt"] = $salt;
|
||
}
|
||
|
||
foreach (['name','vorname','email'] as $col) {
|
||
if (isset($values[$col])) {
|
||
$fields[] = "`{$col}` = :{$col}";
|
||
$params[":{$col}"] = $values[$col];
|
||
}
|
||
}
|
||
|
||
$sql = "UPDATE user
|
||
SET " . implode(", ", $fields) . "
|
||
where id = :id";
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute($params);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);
|
||
die;
|
||
}
|
||
|
||
}
|
||
|
||
private function writeNewAddress($values) {
|
||
$guid = $this->createUUID();
|
||
|
||
$sql = "INSERT INTO ort (`id`, `stadt`, `strasse`, `plz`) VALUES (
|
||
:guid, :stadt, :strasse, :plz);";
|
||
|
||
$pdo = $this->linkDB();
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute(array(":guid" => $guid,
|
||
":stadt" => $values["stadt"],
|
||
":strasse" => $values["strasse"],
|
||
":plz" => $values["plz"],
|
||
));
|
||
return $guid;
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
|
||
die;
|
||
}
|
||
}
|
||
|
||
public function writeNewCourse($values, $kursleiterId)
|
||
{
|
||
// Bleibt übrig wenn Adresse erstellt wird aber Kurs nicht weil Error
|
||
$addressId = $this->writeNewAddress($values);
|
||
|
||
$guid = $this->createUUID();
|
||
|
||
$sql = "INSERT INTO kurs (`id`, `name`, `preis`, `dauer`, `rabatt`, `kategorie`, `beschreibung`, `kurseleiter`, `ort_id`) VALUES (
|
||
:guid, :name, :preis, :dauer, :rabatt, :kategorie, :beschreibung, :kurseleiter, :ort_id);";
|
||
|
||
$pdo = $this->linkDB();
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute(array(":guid" => $guid,
|
||
":name" => $values["name"],
|
||
":preis" => $values["preis"],
|
||
":dauer" => $values["dauer"],
|
||
":rabatt" => $values["rabatt"],
|
||
":kategorie" => $values["kategorie"],
|
||
":beschreibung" => $values["beschreibung"],
|
||
":kurseleiter" => $kursleiterId,
|
||
"ort_id" => $addressId
|
||
));
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
|
||
die;
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
public function getMyCourses() {
|
||
$personId = $_SESSION["user_id"];
|
||
$isKursleiter = $_SESSION["user_role"] === "leiter";
|
||
|
||
$pdo = $this->linkDB();
|
||
|
||
if ($isKursleiter) {
|
||
$sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, k.ort_id,
|
||
o.stadt, o.strasse, o.plz, b.note, b.kommentar
|
||
FROM kurs AS k
|
||
JOIN ort AS o ON o.id = k.ort_id
|
||
LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
|
||
WHERE k.kursleiter = :personId
|
||
ORDER BY k.name";
|
||
} else {
|
||
$sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, k.ort_id,
|
||
o.stadt, o.strasse, o.plz, b.note, b.kommentar
|
||
FROM kurs_user AS ku
|
||
JOIN kurs AS k ON k.id = ku.kurs_id
|
||
JOIN ort AS o ON o.id = k.ort_id
|
||
LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
|
||
WHERE ku.user_id = :personId
|
||
ORDER BY k.name";
|
||
}
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute([':personId' => $personId]);
|
||
return $sth->fetchAll(\PDO::FETCH_ASSOC);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Lesen der Daten.", $e);
|
||
die;
|
||
}
|
||
}
|
||
|
||
|
||
public function updateCourse($course) {
|
||
$pdo = $this->linkDB();
|
||
|
||
try {
|
||
if (isset($course['ort_id'])) {
|
||
$this->updateAddress($course);
|
||
$addressId = $course['ort_id'];
|
||
} else {
|
||
$addressId = $this->writeNewAddress($course);
|
||
}
|
||
|
||
$sql = "UPDATE kurs SET
|
||
`name` = :name,
|
||
`preis` = :preis,
|
||
`dauer` = :dauer,
|
||
`rabatt` = :rabatt,
|
||
`kategorie` = :kategorie,
|
||
`beschreibung` = :beschreibung,
|
||
`ort_id` = :ort_id
|
||
WHERE `id` = :id";
|
||
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute([
|
||
':id' => $course['id'],
|
||
':name' => $course['name'],
|
||
':preis' => $course['preis'],
|
||
':dauer' => $course['dauer'],
|
||
':rabatt' => $course['rabatt'],
|
||
':kategorie' => $course['kategorie'],
|
||
':beschreibung' => $course['beschreibung'],
|
||
':ort_id' => $addressId
|
||
]);
|
||
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren des Kurses.", $e);
|
||
die;
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
public function updateAddress($data) {
|
||
$pdo = $this->linkDB();
|
||
|
||
if (!isset($data['ort_id'])) {
|
||
throw new \Exception("Keine Adress-ID vorhanden zum Aktualisieren.");
|
||
}
|
||
|
||
$sql = "UPDATE ort SET
|
||
`strasse` = :strasse,
|
||
`stadt` = :stadt,
|
||
`plz` = :plz
|
||
WHERE `id` = :id";
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute([
|
||
':id' => $data['ort_id'],
|
||
':strasse' => $data['strasse'],
|
||
':stadt' => $data['stadt'],
|
||
':plz' => $data['plz']
|
||
]);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Adresse.", $e);
|
||
die;
|
||
}
|
||
|
||
return true;
|
||
}
|
||
} |