Untitled

<?php
/**
 * All the classes involved in accessing the database.
 * This file contains the entire database abstraction layer.
 * @author Max Ward
 * @version 1.0
 */

//constants used to connect to database.
//NOTE: I will probably change this to a better method
//for now its easy to test with
const SERVER = "localhost";
const USERNAME = "root";
const PASSWORD = "";
const DATABASE = "toast";

/**
 * The database class is used by other objects, and potentially the controller
 * to access the database.
 */
class Database
{
    //Connection object to the database
    private static $connection;

    //gets a connection to the database
    //makes sure there is only ever on connection to a given database
    //this is useful as we dont waste server resources
    private static function getConnection()
    {
        if (!self::$connection)
        {
            self::$connection = mysql_connect(SERVER, USERNAME, PASSWORD);
            mysql_select_db(DATABASE, self::$connection);
        }
        return self::$connection;
    }

    /**
     * Queries the database.
     * @param string $query The query to try on the database
     * @return mysql_result The result of that query. Or null if unseccessful.
     */
    public static function dbQuery($query)
    {
        //try to query the database
        //if successful return the result
        $result = mysql_query($query, self::getConnection());
        if (!$result)
        {
            echo "A database error has occured<br/>";
            echo "The query was: ".$query."<br />";
            return null;
        }
        else return $result;
    }

    /*
     * Cleans a string for use in a database query.
     * @param string $string The string to clean.
     * @return string The cleaned string.
     */
    public static function cleanString($string)
    {
        //clean the string of sql injection chars, and html tag chars
        return mysql_real_escape_string(htmlspecialchars($string));
    }
}

class Member
{
    //NOTE: We can be sure these are clean for database queries.
    private $name;
    private $password;
    private $userId;
    private $signature;
    private $avatar;
    private $dateJoined;

    //getter functions
    public function getName() { return $this->name; }
    public function getPassword() { return $this->password; }
    public function getUserId() { return $this->userId; }
    public function getSignature() { return $this->signature; }
    public function getAvatar() { return $this->avatar; }
    public function getDateJoined() { return $this->dateJoined; }

    public function __construct($name, $password = null)
    {
        //NOTE: Since php doesnt support polymorphism, I've faked it
        //this is done by using defaults and auto setting the password to null


        //clean strings to be inserted to prevent XSS and SQL inject
        $name = Database::cleanString($name);
        $passowrd = Database::cleanString($password);

        //if the password isn't set, create that member
        //otherwise, create a new member and return that
        if(!$password)
        {
            $temp = mysql_fetch_object($result);
            $this->name = $temp->name;
            $this->password = $temp->password;
            $this->userId = $temp->userId;
            $this->signature = $temp->signature;
            $this->avatar = $temp->avatar;
            $this->dateJoined = $temp->dateJoined;
        } else {
            //salt the password
            //salting makes a rainbow table hard to generate
            //in addition we mix encoding methods to make it even
            //harder to generate
            $password = sha1(md5($name).md5($password));

            //insert into new member into database
            Database::dbQuery("INSERT INTO Member VALUES
                ('$name',null,'$password','','',CURRENT_TIMESTAMP);");
            //set correct values
            $temp = Member::getMemberByName($name); //generate the member
            //assign all the values of our new member
            $this->name = $temp->name;
            $this->password = $temp->password;
            $this->userId = $temp->userId;
            $this->signature = $temp->signature;
            $this->avatar = $temp->avatar;
            $this->dateJoined = $temp->dateJoined;
        }
    }


    public static function getMemberById($userId)
    {
        //check if userId is valid
        $userId = Database::cleanString($userId);
        //get the member from the database
        $result = Database::dbQuery("SELECT * FROM Member WHERE userId = '$userId'");
        //make sure its an actual member
        if (mysql_num_rows($result) != 1 )
                die("Incorrect argument '$userId' to construct member. User does not exist");
        //construct the new member object and return it
        return new Member(mysql_fetch_object($result)->name);
    }

    public static function getMemberByName($name)
    {
        //check if userId is valid
        $name = Database::cleanString($name);
        //get the member from the database
        $result = Database::dbQuery("SELECT * FROM Member WHERE name = '$name'");
        //make sure its an actual member
        if (mysql_num_rows($result) != 1 )
                die("Incorrect argument '$name' to construct member. User does not exist");
        //construct the new member object and return it
        return new Member(mysql_fetch_object($result)->name);
    }
}

class Section
{
}

class Skin
{

}
//testing
$n = new Member('a', 'asd');
$ha = Member::getMemberById($n->getUserId());
echo $ha->getName();
?>