spacejewel-ipn-communication/source/dbtools/Application.php
Miguel Nogueira c9d71b422a Database crentials were incorrect.
Also wrapped database logic inside the correct try catch block to prevent further mishaps and information leakages.
Fixes #6.
2018-06-08 15:38:27 +00:00

123 lines
3.2 KiB
PHP

<?php
use \ParagonIE\EasyDB\Exception;
class Application
{
private $database = [];
private $db;
public function __construct()
{
$config = new Config();
$cConfigArray = $config->getConfig();
$this->database['username'] = $cConfigArray['core']['database']['username'];
$this->database['password'] = $cConfigArray['core']['database']['password'];
$this->database['hostname'] = $cConfigArray['core']['database']['hostname'];
$this->database['dbname'] = $cConfigArray['core']['database']['dbname'];
$this->db = $this->instDB();
}
protected function instDB()
{// ConstructorFailed
try
{
$connection = \ParagonIE\EasyDB\Factory::create(
'mysql:host=' . $this->database['hostname'] . ';dbname=' . $this->database['dbname'],
$this->database['username'],
$this->database['password']
);
}
catch (ConstructorFailed $Ex)
{
header("HTTP/1.1 500 Internal Server Error");
exit("An error has ocurred and therefore we are unable to fulfill your request for information. Sorry.");
}
finally
{
return $connection;
}
}
public function Exists($Table, $IDRowColumnName, $SearchValue)
{
$exists = $db->cell(
"SELECT count(ID) FROM $Table WHERE $IDRowColumnName = ?",
$SearhValue
);
// Query might not return what we're looking for, an integer. Use vardump if otherwise.
return ($exists == 1) ? true : false;
}
public function adminExists($AdminID)
{
$this->Exists("Administrators", "ID", $ID);
}
public function addAdministrator($Username, $Name, $Email, $Password, $KeyID)
{
$this->db->insert('Administrators', [
'AdministratorName' => $Name,
'AdministratorUsername' => $Username,
'AdministratorEmail' => $Email,
'AdministratorPassword' => $Password
]);
}
public function listAdminsByName($AdminUsername)
{
$Admin = $this->db->row(
"SELECT * FROM Administrators WHERE Username = ?",
$Username
);
}
public function addKey($AdminID, $Keyname)
{
$key = password_hash(openssl_random_pseudo_bytes(32), PASSWORD_BCYPT);
$this->db->insert('APIKeys', [
'AdminID' => $AdminID,
'Keyname' => $Keyname,
'Keytext' => $key
]);
return $key;
}
public function ApiKeyExists($AdminID)
{
$this->Exists("APIKeys", "AdminID", $AdminID);
}
public function ApiKeyToAdminId($Key)
{
$apiKey = $this->db->row(
"SELECT * FROM APIKeys WHERE Keytext = ?",
$Key
);
// Expecting an array. Var dump if else
if ($apiKey == null && !is_array($apiKey))
{
throw new LogicException("Illegal data from DB: ApiKeyToAdminId");
}
}
}