c9d71b422a
Also wrapped database logic inside the correct try catch block to prevent further mishaps and information leakages. Fixes #6.
123 lines
3.2 KiB
PHP
123 lines
3.2 KiB
PHP
<?php
|
|
|
|
use \ParagonIE\EasyDB\Exception;
|
|
|
|
class Application
|
|
{
|
|
private $database = [];
|
|
|
|
private $db;
|
|
|
|
public function __construct()
|
|
{
|
|
$config = new Config();
|
|
$cConfigArray = $config->getConfig();
|
|
|
|
|
|
|
|
$this->database['username'] = $cConfigArray['core']['database']['username'];
|
|
$this->database['password'] = $cConfigArray['core']['database']['password'];
|
|
$this->database['hostname'] = $cConfigArray['core']['database']['hostname'];
|
|
$this->database['dbname'] = $cConfigArray['core']['database']['dbname'];
|
|
|
|
$this->db = $this->instDB();
|
|
|
|
}
|
|
|
|
protected function instDB()
|
|
{// ConstructorFailed
|
|
|
|
|
|
try
|
|
{
|
|
|
|
$connection = \ParagonIE\EasyDB\Factory::create(
|
|
'mysql:host=' . $this->database['hostname'] . ';dbname=' . $this->database['dbname'],
|
|
$this->database['username'],
|
|
$this->database['password']
|
|
);
|
|
|
|
}
|
|
catch (ConstructorFailed $Ex)
|
|
{
|
|
header("HTTP/1.1 500 Internal Server Error");
|
|
exit("An error has ocurred and therefore we are unable to fulfill your request for information. Sorry.");
|
|
}
|
|
finally
|
|
{
|
|
return $connection;
|
|
}
|
|
}
|
|
|
|
public function Exists($Table, $IDRowColumnName, $SearchValue)
|
|
{
|
|
$exists = $db->cell(
|
|
"SELECT count(ID) FROM $Table WHERE $IDRowColumnName = ?",
|
|
$SearhValue
|
|
);
|
|
|
|
// Query might not return what we're looking for, an integer. Use vardump if otherwise.
|
|
return ($exists == 1) ? true : false;
|
|
}
|
|
|
|
public function adminExists($AdminID)
|
|
{
|
|
$this->Exists("Administrators", "ID", $ID);
|
|
}
|
|
|
|
|
|
public function addAdministrator($Username, $Name, $Email, $Password, $KeyID)
|
|
{
|
|
$this->db->insert('Administrators', [
|
|
'AdministratorName' => $Name,
|
|
'AdministratorUsername' => $Username,
|
|
'AdministratorEmail' => $Email,
|
|
'AdministratorPassword' => $Password
|
|
]);
|
|
}
|
|
|
|
public function listAdminsByName($AdminUsername)
|
|
{
|
|
$Admin = $this->db->row(
|
|
"SELECT * FROM Administrators WHERE Username = ?",
|
|
$Username
|
|
);
|
|
}
|
|
|
|
|
|
public function addKey($AdminID, $Keyname)
|
|
{
|
|
$key = password_hash(openssl_random_pseudo_bytes(32), PASSWORD_BCYPT);
|
|
|
|
$this->db->insert('APIKeys', [
|
|
'AdminID' => $AdminID,
|
|
'Keyname' => $Keyname,
|
|
'Keytext' => $key
|
|
]);
|
|
|
|
return $key;
|
|
|
|
}
|
|
|
|
public function ApiKeyExists($AdminID)
|
|
{
|
|
$this->Exists("APIKeys", "AdminID", $AdminID);
|
|
|
|
}
|
|
|
|
public function ApiKeyToAdminId($Key)
|
|
{
|
|
$apiKey = $this->db->row(
|
|
"SELECT * FROM APIKeys WHERE Keytext = ?",
|
|
$Key
|
|
);
|
|
|
|
// Expecting an array. Var dump if else
|
|
if ($apiKey == null && !is_array($apiKey))
|
|
{
|
|
throw new LogicException("Illegal data from DB: ApiKeyToAdminId");
|
|
}
|
|
}
|
|
|
|
|
|
} |