Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php require_once("../../includes/initialize.php"); ?>
- <?php //if (!$session->is_logged_in()) {redirect_to("login.php");} ?>
- <?php confirm_logged_in(); ?>
- <?php
- $admin_set = User::find_all();
- $message = "";
- ?>
- <?php $layout_context = "admin"; ?>
- <?php include("../layouts/admin_header.php"); ?>
- <div id="main">
- <div id="navigation">
- <br />
- <a href="index.php">« Main menu</a><br />
- </div>
- <div id="page">
- <?php echo output_message($message); ?>
- <h2>Manage Admins</h2>
- <table style="border: 1px solid #000; color:#000;">
- <tr>
- <th style="text-align: left; width: 200px;">Username</th>
- <th style="text-align: left; width: 200px;">User Id</th>
- <th colspan="2" style="text-align: left;">Actions</th>
- </tr>
- <?php foreach($admin_set as $admin) : ?>
- <tr>
- <td><?php echo $admin->username; ?></td>
- <td><?php echo $admin->id; ?></td>
- <td><a href="edit_admin.php?id=<?php $admin->id; ?>">Edit</a></td>
- <td><a href="delete_admin.php?id=<?php $admin->id; ?>" onclick="return confirm('Are you sure you want to delete <?php echo $admin->id?>?');">Delete</a></td>
- </tr>
- <?php endforeach ?>
- </table>
- <br />
- <a href="new_admin.php">Add new admin</a>
- </div>
- </div>
- <?php include("../layouts/footer.php"); ?>
- <?php require_once("../../includes/initialize.php"); ?>
- <?php if (!$session->is_logged_in()) { redirect_to("login.php"); } ?>
- <?php
- //$admin_set = User::find_all();//This works, var_dump shows me the users are
- //being returned
- //var_dump($admin_set);
- $admin = User::find_by_id($_GET['id']);//This returns database query failed.
- var_dump($admin);
- ?>
- <?php
- // If it's going to need the database, then it's
- // probably smart to require it before we start.
- require_once(LIB_PATH.DS.'database.php');
- class User extends DatabaseObject {
- protected static $table_name="admins";
- protected static $db_fields = array('id', 'username', 'password', 'first_name', 'last_name');
- public $id;
- public $username;
- public $password;
- public $first_name;
- public $last_name;
- public function full_name() {
- if(isset($this->first_name) && isset($this->last_name)) {
- return $this->first_name . " " . $this->last_name;
- } else {
- return "";
- }
- }
- public static function authenticate($username="", $password="") {
- global $database;
- $username = $database->escape_value($username);
- $password = $database->escape_value($password);
- $sql = "SELECT * FROM users ";
- $sql .= "WHERE username = '{$username}' ";
- $sql .= "AND password = '{$password}' ";
- $sql .= "LIMIT 1";
- $result_array = self::find_by_sql($sql);
- return !empty($result_array) ? array_shift($result_array) : false;
- }
- // Common Database Methods
- public static function find_all() {
- return self::find_by_sql("SELECT * FROM ".self::$table_name);
- }
- public static function find_by_id($id=0) {
- $result_array = self::find_by_sql("SELECT * FROM ".self::$table_name." WHERE id={$id} LIMIT 1");
- return !empty($result_array) ? array_shift($result_array) : false;
- }
- public static function find_by_sql($sql="") {
- global $database;
- $result_set = $database->query($sql);
- $object_array = array();
- while ($row = $database->fetch_array($result_set)) {
- $object_array[] = self::instantiate($row);
- }
- return $object_array;
- }
- public static function count_all() {
- global $database;
- $sql = "SELECT COUNT(*) FROM ".self::$table_name;
- $result_set = $database->query($sql);
- $row = $database->fetch_array($result_set);
- return array_shift($row);
- }
- private static function instantiate($record) {
- // Could check that $record exists and is an array
- $object = new self;
- // Simple, long-form approach:
- // $object->id = $record['id'];
- // $object->username = $record['username'];
- // $object->password = $record['password'];
- // $object->first_name = $record['first_name'];
- // $object->last_name = $record['last_name'];
- // More dynamic, short-form approach:
- foreach($record as $attribute=>$value){
- if($object->has_attribute($attribute)) {
- $object->$attribute = $value;
- }
- }
- return $object;
- }
- private function has_attribute($attribute) {
- // We don't care about the value, we just want to know if the key exists
- // Will return true or false
- return array_key_exists($attribute, $this->attributes());
- }
- protected function attributes() {
- // return an array of attribute names and their values
- $attributes = array();
- foreach(self::$db_fields as $field) {
- if(property_exists($this, $field)) {
- $attributes[$field] = $this->$field;
- }
- }
- return $attributes;
- }
- protected function sanitized_attributes() {
- global $database;
- $clean_attributes = array();
- // sanitize the values before submitting
- // Note: does not alter the actual value of each attribute
- foreach($this->attributes() as $key => $value){
- $clean_attributes[$key] = $database->escape_value($value);
- }
- return $clean_attributes;
- }
- public function save() {
- // A new record won't have an id yet.
- return isset($this->id) ? $this->update() : $this->create();
- }
- public function create() {
- global $database;
- // Don't forget your SQL syntax and good habits:
- // - INSERT INTO table (key, key) VALUES ('value', 'value')
- // - single-quotes around all values
- // - escape all values to prevent SQL injection
- $attributes = $this->sanitized_attributes();
- $sql = "INSERT INTO ".self::$table_name." (";
- $sql .= join(", ", array_keys($attributes));
- $sql .= ") VALUES ('";
- $sql .= join("', '", array_values($attributes));
- $sql .= "')";
- if($database->query($sql)) {
- $this->id = $database->insert_id();
- return true;
- } else {
- return false;
- }
- }
- public function update() {
- global $database;
- // Don't forget your SQL syntax and good habits:
- // - UPDATE table SET key='value', key='value' WHERE condition
- // - single-quotes around all values
- // - escape all values to prevent SQL injection
- $attributes = $this->sanitized_attributes();
- $attribute_pairs = array();
- foreach($attributes as $key => $value) {
- $attribute_pairs[] = "{$key}='{$value}'";
- }
- $sql = "UPDATE ".self::$table_name." SET ";
- $sql .= join(", ", $attribute_pairs);
- $sql .= " WHERE id=". $database->escape_value($this->id);
- $database->query($sql);
- return ($database->affected_rows() == 1) ? true : false;
- }
- public function delete() {
- global $database;
- // Don't forget your SQL syntax and good habits:
- // - DELETE FROM table WHERE condition LIMIT 1
- // - escape all values to prevent SQL injection
- // - use LIMIT 1
- $sql = "DELETE FROM ".self::$table_name;
- $sql .= " WHERE id=". $database->escape_value($this->id);
- $sql .= " LIMIT 1";
- $database->query($sql);
- return ($database->affected_rows() == 1) ? true : false;
- // NB: After deleting, the instance of User still
- // exists, even though the database entry does not.
- // This can be useful, as in:
- // echo $user->first_name . " was deleted";
- // but, for example, we can't call $user->update()
- // after calling $user->delete().
- }
- }
- ?>
- <?php
- require_once(LIB_PATH.DS."config.php");
- class MySQLDatabase{
- private $connection;
- function __construct(){
- $this->open_connection();
- }
- public function open_connection(){
- $this->connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS,DB_NAME);
- if(mysqli_connect_errno()) {
- die("Database connections failed: " .
- mysqli_connect_error() .
- " (" . mysqli_connect_errno() . ")"
- );
- }
- }
- public function close_connection(){
- if(isset($this->connection)){
- mysqli_close($this->connection);
- unset($this->connection);
- }
- }
- public function query($sql){
- $result = mysqli_query($this->connection, $sql);
- $this->confirm_query($result);
- return $result;
- }
- private function confirm_query($result_set) {
- if (!$result_set) {
- die("Database query failed yo.");
- }
- }
- public function escape_value($string) {
- $escaped_string = mysqli_real_escape_string($this->connection, $string);
- return $escaped_string;
- }
- //database neutral functions
- public function fetch_array($result_set){
- return mysqli_fetch_array($result_set);
- }
- public function num_rows($result_set){
- return mysqli_num_rows($result_set);
- }
- public function insert_id(){
- return mysqli_insert_id($this->connection);
- }
- public function affected_rows(){
- return mysqli_affected_rows($this->connection);
- }
- }//End class MySQLDatabase
- $database = new MySQLDatabase();
- ?>
Add Comment
Please, Sign In to add comment