Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * All the classes involved in accessing the database.
- * This file contains the entire database abstraction layer.
- * @author Max Ward
- * @version 1.0
- */
- //constants used to connect to database.
- //NOTE: I will probably change this to a better method
- //for now its easy to test with
- const SERVER = "localhost";
- const USERNAME = "root";
- const PASSWORD = "";
- const DATABASE = "toast";
- /**
- * The database class is used by other objects, and potentially the controller
- * to access the database.
- */
- class Database
- {
- //Connection object to the database
- private static $connection;
- //gets a connection to the database
- //makes sure there is only ever on connection to a given database
- //this is useful as we dont waste server resources
- private static function getConnection()
- {
- if (!self::$connection)
- {
- self::$connection = mysql_connect(SERVER, USERNAME, PASSWORD);
- mysql_select_db(DATABASE, self::$connection);
- }
- return self::$connection;
- }
- /**
- * Queries the database.
- * @param string $query The query to try on the database
- * @return mysql_result The result of that query. Or null if unseccessful.
- */
- public static function dbQuery($query)
- {
- //try to query the database
- //if successful return the result
- $result = mysql_query($query, self::getConnection());
- if (!$result)
- {
- echo "A database error has occured<br/>";
- echo "The query was: ".$query."<br />";
- return null;
- }
- else return $result;
- }
- /*
- * Cleans a string for use in a database query.
- * @param string $string The string to clean.
- * @return string The cleaned string.
- */
- public static function cleanString($string)
- {
- //clean the string of sql injection chars, and html tag chars
- return mysql_real_escape_string(htmlspecialchars($string));
- }
- }
- class Member
- {
- //NOTE: We can be sure these are clean for database queries.
- private $name;
- private $password;
- private $userId;
- private $signature;
- private $avatar;
- private $dateJoined;
- //getter functions
- public function getName() { return $this->name; }
- public function getPassword() { return $this->password; }
- public function getUserId() { return $this->userId; }
- public function getSignature() { return $this->signature; }
- public function getAvatar() { return $this->avatar; }
- public function getDateJoined() { return $this->dateJoined; }
- public function __construct($name, $password = null)
- {
- //NOTE: Since php doesnt support overloading methods, I've faked it
- //this is done by using defaults and auto setting the password to null
- //clean strings to be inserted to prevent XSS and SQL inject
- $name = Database::cleanString($name);
- $passowrd = Database::cleanString($password);
- //if the password isn't set, create that member
- //otherwise, create a new member and return that
- if(!$password)
- {
- $temp = mysql_fetch_object($result);
- $this->name = $temp->name;
- $this->password = $temp->password;
- $this->userId = $temp->userId;
- $this->signature = $temp->signature;
- $this->avatar = $temp->avatar;
- $this->dateJoined = $temp->dateJoined;
- } else {
- //salt the password
- //salting makes a rainbow table hard to generate
- //in addition we mix encoding methods to make it even
- //harder to generate
- $password = sha1(md5($name).md5($password));
- //insert into new member into database
- Database::dbQuery("INSERT INTO Member VALUES
- ('$name',null,'$password','','',CURRENT_TIMESTAMP);");
- //set correct values
- $temp = Member::getMemberByName($name); //generate the member
- //assign all the values of our new member
- $this->name = $temp->name;
- $this->password = $temp->password;
- $this->userId = $temp->userId;
- $this->signature = $temp->signature;
- $this->avatar = $temp->avatar;
- $this->dateJoined = $temp->dateJoined;
- }
- }
- public static function getMemberById($userId)
- {
- //check if userId is valid
- $userId = Database::cleanString($userId);
- //get the member from the database
- $result = Database::dbQuery("SELECT * FROM Member WHERE userId = '$userId'");
- //make sure its an actual member
- if (mysql_num_rows($result) != 1 )
- die("Incorrect argument '$userId' to construct member. User does not exist");
- //construct the new member object and return it
- return new Member(mysql_fetch_object($result)->name);
- }
- public static function getMemberByName($name)
- {
- //check if name is valid
- $name = Database::cleanString($name);
- //get the member from the database
- $result = Database::dbQuery("SELECT * FROM Member WHERE name = '$name'");
- //make sure its an actual member
- if (mysql_num_rows($result) != 1 )
- die("Incorrect argument '$name' to construct member. User does not exist");
- //construct the new member object and return it
- return new Member(mysql_fetch_object($result)->name);
- }
- }
- class Section
- {
- }
- class Skin
- {
- }
- //testing
- $n = new Member('a', 'asd');
- $ha = Member::getMemberById($n->getUserId());
- echo $ha->getName();
- ?>
Add Comment
Please, Sign In to add comment