diff options
| author | Freya Murphy <freya@freyacat.org> | 2024-05-20 19:26:59 -0400 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2024-05-20 19:26:59 -0400 |
| commit | 29f7c5ea41d36509d8e5961f40a7af0a934a7ca1 (patch) | |
| tree | 722c420750b16c9ef25eb77410813942f146446f /src/web | |
| parent | a (diff) | |
| download | xssbook2-29f7c5ea41d36509d8e5961f40a7af0a934a7ca1.tar.gz xssbook2-29f7c5ea41d36509d8e5961f40a7af0a934a7ca1.tar.bz2 xssbook2-29f7c5ea41d36509d8e5961f40a7af0a934a7ca1.zip | |
aaaa
Diffstat (limited to 'src/web')
| -rw-r--r-- | src/web/_model/main.php | 23 | ||||
| -rw-r--r-- | src/web/core/database.php | 161 | ||||
| -rw-r--r-- | src/web/lang/en_US/common_lang.php | 2 |
3 files changed, 149 insertions, 37 deletions
diff --git a/src/web/_model/main.php b/src/web/_model/main.php index 6d8b708..58ae307 100644 --- a/src/web/_model/main.php +++ b/src/web/_model/main.php @@ -13,6 +13,9 @@ class Main_model { // stores the current request info public $info; + // tthe logged in user + private $user; + /** * Loads the main model * @param Loader $load - the main loader object @@ -28,6 +31,7 @@ class Main_model { }; /// init other vars $this->users = array(); + $this->user = NULL; } /** @@ -36,14 +40,20 @@ class Main_model { */ private function get_session($jwt) { $query = $this->db - ->select("_api.verify_jwt('" . $jwt . "') AS user_id;"); - $result = $query->row(); + ->select("_api.verify_jwt(?) AS user_id;"); + $result = $query->row($jwt); $user_id = $result['user_id']; if ($user_id) { $this->session = array( 'id' => $user_id, 'jwt' => $jwt ); + $user = $this->user(); + if ($user === FALSE) { + /// valid jwt for invalid user!!! + $this->session = NULL; + $this->user = NULL; + } } } @@ -79,16 +89,19 @@ class Main_model { * Gets the current user */ public function user() { + if ($this->user) { + return $this->user; + } if ($this->session) { - return $this->db + $this->user = $this->db ->select('*') ->from('api.user') ->where('id') ->eq($this->session['id']) ->row(); - } else { - return NULL; + return $this->user; } + return NULL; } } diff --git a/src/web/core/database.php b/src/web/core/database.php index e9b8109..25cb5ba 100644 --- a/src/web/core/database.php +++ b/src/web/core/database.php @@ -19,19 +19,19 @@ class DatabaseQuery { $this->param = array(); } - private function in($array) { - $in = 'IN ('; - foreach ($array as $idx => $item) { - if ($idx != 0) { - $in .= ","; - } - $in .= "?"; - array_push($this->param, $item); - } - $in .= ")"; - return $in; + /// + /// ARBITRARY QUERY + /// + + public function query($query) { + $this->query .= $query; + return $this; } + /// + /// SELECT + /// + public function select($select) { $this->query .= "SELECT $select\n"; return $this; @@ -42,6 +42,39 @@ class DatabaseQuery { return $this; } + /// + /// INSERT + /// + + public function insert_into($insert, ...$columns) { + $this->query .= "INSERT INTO $insert\n ("; + foreach ($columns as $idx => $column) { + if ($idx !== 0) { + $this->query .= ","; + } + $this->query .= $column; + } + $this->query .= ")\n"; + return $this; + } + + public function values(...$values) { + $this->query .= "VALUES ("; + foreach ($values as $idx => $value) { + if ($idx !== 0) { + $this->query .= ","; + } + $this->query .= "?"; + array_push($this->param, $value); + } + $this->query .= ")\n"; + return $this; + } + + /// + /// WHERE + /// + public function where($cond) { if (!$this->where) { $this->where = TRUE; @@ -53,6 +86,39 @@ class DatabaseQuery { return $this; } + public function where_in($column, $array) { + if (!$this->where) { + $this->where = TRUE; + $this->query .= "WHERE "; + } else { + $this->query .= "AND "; + } + if (empty($array)) { + $this->query .= "FALSE\n"; + return $this; + } + $in = $this->in($array); + $this->query .= "$column $in\n"; + return $this; + } + + private function in($array) { + $in = 'IN ('; + foreach ($array as $idx => $item) { + if ($idx != 0) { + $in .= ","; + } + $in .= "?"; + array_push($this->param, $item); + } + $in .= ")"; + return $in; + } + + /// + /// OPERATORS + /// + public function like($item) { $this->query .= "LIKE ?\n"; array_push($this->param, $item); @@ -83,27 +149,19 @@ class DatabaseQuery { return $this; } - public function where_in($column, $array) { - if (!$this->where) { - $this->where = TRUE; - $this->query .= "WHERE "; - } else { - $this->query .= "AND "; - } - if (empty($array)) { - $this->query .= "FALSE\n"; - return $this; - } - $in = $this->in($array); - $this->query .= "$column $in\n"; - return $this; - } + /// + /// JOINS + /// public function join($table, $on, $type = 'LEFT') { $this->query .= "$type JOIN $table ON $on\n"; return $this; } + /// + /// LIMIT, OFFSET, ORDER + /// + public function limit($limit) { $this->query .= "LIMIT ?\n"; array_push($this->param, $limit); @@ -121,10 +179,18 @@ class DatabaseQuery { return $this; } - public function rows() { + /// + /// COLLECT + /// + + public function rows(...$params) { + $args = $this->param; + foreach ($params as $param) { + array_push($args, $param); + } $stmt = $this->conn->prepare($this->query); try { - $stmt->execute($this->param); + $stmt->execute($args); } catch (Exception $ex) { echo $ex; echo '<br> >> caused by <<<br>'; @@ -133,17 +199,38 @@ class DatabaseQuery { return $stmt->fetchAll(PDO::FETCH_ASSOC); } - public function row() { + public function row(...$params) { + $args = $this->param; + foreach ($params as $param) { + array_push($args, $param); + } $stmt = $this->conn->prepare($this->query); - $stmt->execute($this->param); + $stmt->execute($args); return $stmt->fetch(PDO::FETCH_ASSOC); } + + public function execute(...$params) { + $args = $this->param; + foreach ($params as $param) { + array_push($args, $param); + } + $stmt = $this->conn->prepare($this->query); + try { + $stmt->execute($args); + return TRUE; + } catch (Exception $_e) { + echo $_e; + echo '<br> >> caused by <<<br>'; + echo str_replace("\n", "<br>", $this->query); + return FALSE; + } + } } /** * DatabaseHelper * allows queries on the - * xssbook postgres database + * postgres database */ class DatabaseHelper { @@ -180,4 +267,16 @@ class DatabaseHelper { return $query->select($select); } + public function insert_into($insert, ...$columns) { + $conn = $this->connect(); + $query = new DatabaseQuery($conn); + return $query->insert_into($insert, ...$columns); + } + + public function query($query_str) { + $conn = $this->connect(); + $query = new DatabaseQuery($conn); + return $query->query($query_str); + } } + diff --git a/src/web/lang/en_US/common_lang.php b/src/web/lang/en_US/common_lang.php index ef93ce8..22e1c89 100644 --- a/src/web/lang/en_US/common_lang.php +++ b/src/web/lang/en_US/common_lang.php @@ -1,6 +1,6 @@ <?php /* Copyright (c) 2024 Freya Murphy */ -$lang['version'] = 'Version 2.0.1'; +$lang['version'] = 'Version 2.0.2'; $lang['copyright'] = 'Freya Murphy © 2024'; // Navigation Bar Lang |