<?php require_once("../../includes/initialize.php"); ?><?php //if (!$session->i

1. <?php require_once("../../includes/initialize.php"); ?>
2. <?php //if (!$session->is_logged_in()) {redirect_to("login.php");} ?>
3. <?php confirm_logged_in(); ?>
4.  
5. <?php
6. $admin_set = User::find_all();
7. $message = "";
8. ?>
9.  
10. <?php $layout_context = "admin"; ?>
11. <?php include("../layouts/admin_header.php"); ?>
12. <div id="main">
13. <div id="navigation">
14. <br />
15. <a href="index.php">&laquo; Main menu</a><br />
16. </div>
17. <div id="page">
18. <?php echo output_message($message); ?>
19. <h2>Manage Admins</h2>
20. <table style="border: 1px solid #000; color:#000;">
21. <tr>
22. <th style="text-align: left; width: 200px;">Username</th>
23. <th style="text-align: left; width: 200px;">User Id</th>
24. <th colspan="2" style="text-align: left;">Actions</th>
25. </tr>
26. <?php foreach($admin_set as $admin) : ?>
27. <tr>
28. <td><?php echo $admin->username; ?></td>
29. <td><?php echo $admin->id; ?></td>
30. <td><a href="edit_admin.php?id=<?php $admin->id; ?>">Edit</a></td>
31. <td><a href="delete_admin.php?id=<?php $admin->id; ?>" onclick="return confirm('Are you sure you want to delete <?php echo $admin->id?>?');">Delete</a></td>
32. </tr>
33. <?php endforeach ?>
34. </table>
35. <br />
36. <a href="new_admin.php">Add new admin</a>
37. </div>
38. </div>
39. <?php include("../layouts/footer.php"); ?>
40.  
41. <?php require_once("../../includes/initialize.php"); ?>
42. <?php if (!$session->is_logged_in()) { redirect_to("login.php"); } ?>
43.  
44. <?php
45. //$admin_set = User::find_all();//This works, var_dump shows me the users are
46. //being returned
47. //var_dump($admin_set);
48.  
49. $admin = User::find_by_id($_GET['id']);//This returns database query failed.
50. var_dump($admin);
51. ?>
52.  
53. <?php
54. // If it's going to need the database, then it's
55. // probably smart to require it before we start.
56. require_once(LIB_PATH.DS.'database.php');
57.  
58. class User extends DatabaseObject {
59.  
60. protected static $table_name="admins";
61. protected static $db_fields = array('id', 'username', 'password', 'first_name', 'last_name');
62.  
63. public $id;
64. public $username;
65. public $password;
66. public $first_name;
67. public $last_name;
68.  
69. public function full_name() {
70. if(isset($this->first_name) && isset($this->last_name)) {
71. return $this->first_name . " " . $this->last_name;
72. } else {
73. return "";
74. }
75. }
76.  
77. public static function authenticate($username="", $password="") {
78. global $database;
79. $username = $database->escape_value($username);
80. $password = $database->escape_value($password);
81.  
82. $sql = "SELECT * FROM users ";
83. $sql .= "WHERE username = '{$username}' ";
84. $sql .= "AND password = '{$password}' ";
85. $sql .= "LIMIT 1";
86. $result_array = self::find_by_sql($sql);
87. return !empty($result_array) ? array_shift($result_array) : false;
88. }
89.  
90. // Common Database Methods
91. public static function find_all() {
92. return self::find_by_sql("SELECT * FROM ".self::$table_name);
93. }
94.  
95. public static function find_by_id($id=0) {
96. $result_array = self::find_by_sql("SELECT * FROM ".self::$table_name." WHERE id={$id} LIMIT 1");
97. return !empty($result_array) ? array_shift($result_array) : false;
98. }
99.  
100. public static function find_by_sql($sql="") {
101. global $database;
102. $result_set = $database->query($sql);
103. $object_array = array();
104. while ($row = $database->fetch_array($result_set)) {
105. $object_array[] = self::instantiate($row);
106. }
107. return $object_array;
108. }
109.  
110. public static function count_all() {
111. global $database;
112. $sql = "SELECT COUNT(*) FROM ".self::$table_name;
113. $result_set = $database->query($sql);
114. $row = $database->fetch_array($result_set);
115. return array_shift($row);
116. }
117.  
118. private static function instantiate($record) {
119. // Could check that $record exists and is an array
120. $object = new self;
121. // Simple, long-form approach:
122. // $object->id = $record['id'];
123. // $object->username = $record['username'];
124. // $object->password = $record['password'];
125. // $object->first_name = $record['first_name'];
126. // $object->last_name = $record['last_name'];
127.  
128. // More dynamic, short-form approach:
129. foreach($record as $attribute=>$value){
130. if($object->has_attribute($attribute)) {
131. $object->$attribute = $value;
132. }
133. }
134. return $object;
135. }
136.  
137. private function has_attribute($attribute) {
138. // We don't care about the value, we just want to know if the key exists
139. // Will return true or false
140. return array_key_exists($attribute, $this->attributes());
141. }
142.  
143. protected function attributes() {
144. // return an array of attribute names and their values
145. $attributes = array();
146. foreach(self::$db_fields as $field) {
147. if(property_exists($this, $field)) {
148. $attributes[$field] = $this->$field;
149. }
150. }
151. return $attributes;
152. }
153.  
154. protected function sanitized_attributes() {
155. global $database;
156. $clean_attributes = array();
157. // sanitize the values before submitting
158. // Note: does not alter the actual value of each attribute
159. foreach($this->attributes() as $key => $value){
160. $clean_attributes[$key] = $database->escape_value($value);
161. }
162. return $clean_attributes;
163. }
164.  
165. public function save() {
166. // A new record won't have an id yet.
167. return isset($this->id) ? $this->update() : $this->create();
168. }
169.  
170. public function create() {
171. global $database;
172. // Don't forget your SQL syntax and good habits:
173. // - INSERT INTO table (key, key) VALUES ('value', 'value')
174. // - single-quotes around all values
175. // - escape all values to prevent SQL injection
176. $attributes = $this->sanitized_attributes();
177. $sql = "INSERT INTO ".self::$table_name." (";
178. $sql .= join(", ", array_keys($attributes));
179. $sql .= ") VALUES ('";
180. $sql .= join("', '", array_values($attributes));
181. $sql .= "')";
182. if($database->query($sql)) {
183. $this->id = $database->insert_id();
184. return true;
185. } else {
186. return false;
187. }
188. }
189.  
190. public function update() {
191. global $database;
192. // Don't forget your SQL syntax and good habits:
193. // - UPDATE table SET key='value', key='value' WHERE condition
194. // - single-quotes around all values
195. // - escape all values to prevent SQL injection
196. $attributes = $this->sanitized_attributes();
197. $attribute_pairs = array();
198. foreach($attributes as $key => $value) {
199. $attribute_pairs[] = "{$key}='{$value}'";
200. }
201. $sql = "UPDATE ".self::$table_name." SET ";
202. $sql .= join(", ", $attribute_pairs);
203. $sql .= " WHERE id=". $database->escape_value($this->id);
204. $database->query($sql);
205. return ($database->affected_rows() == 1) ? true : false;
206. }
207.  
208. public function delete() {
209. global $database;
210. // Don't forget your SQL syntax and good habits:
211. // - DELETE FROM table WHERE condition LIMIT 1
212. // - escape all values to prevent SQL injection
213. // - use LIMIT 1
214. $sql = "DELETE FROM ".self::$table_name;
215. $sql .= " WHERE id=". $database->escape_value($this->id);
216. $sql .= " LIMIT 1";
217. $database->query($sql);
218. return ($database->affected_rows() == 1) ? true : false;
219.  
220. // NB: After deleting, the instance of User still
221. // exists, even though the database entry does not.
222. // This can be useful, as in:
223. // echo $user->first_name . " was deleted";
224. // but, for example, we can't call $user->update()
225. // after calling $user->delete().
226. }
227.  
228. }
229.  
230. ?>
231.  
232. <?php
233. require_once(LIB_PATH.DS."config.php");
234.  
235. class MySQLDatabase{
236. private $connection;
237.  
238. function __construct(){
239. $this->open_connection();
240. }
241.  
242. public function open_connection(){
243. $this->connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS,DB_NAME);
244. if(mysqli_connect_errno()) {
245. die("Database connections failed: " .
246. mysqli_connect_error() .
247. " (" . mysqli_connect_errno() . ")"
248. );
249. }
250. }
251.  
252. public function close_connection(){
253. if(isset($this->connection)){
254. mysqli_close($this->connection);
255. unset($this->connection);
256. }
257. }
258.  
259. public function query($sql){
260. $result = mysqli_query($this->connection, $sql);
261. $this->confirm_query($result);
262. return $result;
263. }
264.  
265. private function confirm_query($result_set) {
266.  
267. if (!$result_set) {
268. die("Database query failed yo.");
269. }
270. }
271.  
272. public function escape_value($string) {
273. $escaped_string = mysqli_real_escape_string($this->connection, $string);
274. return $escaped_string;
275. }
276. //database neutral functions
277. public function fetch_array($result_set){
278. return mysqli_fetch_array($result_set);
279. }
280.  
281. public function num_rows($result_set){
282. return mysqli_num_rows($result_set);
283. }
284.  
285. public function insert_id(){
286. return mysqli_insert_id($this->connection);
287. }
288.  
289. public function affected_rows(){
290. return mysqli_affected_rows($this->connection);
291. }
292. }//End class MySQLDatabase
293. $database = new MySQLDatabase();
294. ?>