rewriting some stufff

HATBE · HATBE · commit c85e2b75d099 · 2021-11-01T20:10:28.000+01:00
diff --git a/src/classes/controllers/AuthController.php b/src/classes/controllers/AuthController.php
@@ -1,17 +1,66 @@
 <?php
     class AuthController extends Controller {
         private $authmodel;
+        private $userModel;
         
         public function __construct() {
             $this->authModel = $this->model('Auth');
+            $this->userModel = $this->model('User');
         }
+        
         public function index() {
             $this->login();
         }
 
+        public function register() {
+            if(!isset($_SESSION['loggedIn'])) {
+                header('Location: ' . ROOT_PATH);
+                exit();
+            }
+
+            $msg = null;
+            $username = '';
+            $password = '';
+
+            if(isset($_POST['submitInput'])) {
+                if(empty($_POST['usernameInput'])) {
+                    $msg[] = "Field username is empty.";
+                } else {
+                    $username = $_POST['usernameInput'];
+                }
+                if(empty($_POST['passwordInput'])) {
+                    $msg[] = "Field password is empty.";
+                } else {
+                    $password = $_POST['passwordInput'];
+                }
+                if($this->userModel->existsUname($username)) {
+                    $msg[] = 'User already exists';
+                }
+                if($msg == null) {
+                    $password = password_hash($password, PASSWORD_DEFAULT);
+                    $username = htmlentities($username, ENT_QUOTES, 'utf-8');
+                    $username = trim($username);
+                    $username = str_replace(' ', '', $username);
+
+                    $this->authModel->register($username, $password);
+                    header('Location: ' . ROOT_PATH . 'users/users');
+                }
+            }
+
+            $data = array(
+                'username' => $username,
+                'msg' => $msg,
+                'backPath' => 'users/users',
+                'actionName' => 'Register'
+            );
+
+            $this->render('auth/register', $data);
+
+        }
+
         public function login() {
             if(isset($_SESSION['loggedIn'])) {
-                Linker::link('index', 'index');
+                header('Location: /index/index');
                 exit();
             }
 
@@ -34,7 +83,7 @@ public function login() {
                     $login = $this->authModel->login($username, $password);
                     if($login !== false) {
                         $_SESSION['loggedIn'] = $login;
-                        header('Location: ' . Linker::link('index', 'index'));
+                        header('Location: /index/index');
                         exit();
                     } else {
                         $msg[] = "Login failed, password or username incorrect.";
diff --git a/src/classes/controllers/UsersController.php b/src/classes/controllers/UsersController.php
@@ -1,6 +1,116 @@
 <?php
     class UsersController extends Controller {
+        private $userModel;
+        private $postModel;
+        
+        public function __construct() {
+            $this->userModel = $this->model('User');
+            $this->postModel = $this->model('Post');
+        }
+
         public function index() {
+            if(!isset($_SESSION['loggedIn'])) {
+                header('Location: ' . ROOT_PATH);
+                exit();
+            }
+
+            $users = $this->userModel->getAllUsers();
+
+            $data = array(
+                'usersData' => $users
+            );
             
+            $this->render('users/index', $data);
+        }
+
+        public function edit($id) {
+            if(!isset($_SESSION['loggedIn'])) {
+                header('Location: ' . ROOT_PATH);
+                exit();
+            }
+            if($id === null || !is_numeric($id)) {
+                header('Location: ' . ROOT_PATH . 'users/users');
+                exit();
+            }
+            $id = filter_var($id, FILTER_SANITIZE_NUMBER_INT);
+
+            $msg = null;
+            $username = '';
+            $password = '';
+
+            if(!$this->userModel->existsId($id)) {
+                header('Location: ' . ROOT_PATH . 'users/users');
+                exit();
+            }
+
+            $user = $this->userModel->getUserById($id);
+
+            if(isset($_POST['submitInput'])) {
+                if(empty($_POST['usernameInput'])) {
+                    $msg[] = "Field username is empty.";
+                } else {
+                    $username = $_POST['usernameInput'];
+                }
+                if(empty($_POST['passwordInput'])) {
+                    $password = '';
+                } else {
+                    $password = $_POST['passwordInput'];
+                }
+
+                if($msg == null) {
+                    $username = htmlentities($username, ENT_QUOTES, "UTF-8");
+                    
+                    $password = $password == '' ? $user->password : password_hash($password, PASSWORD_DEFAULT);
+
+                    $this->userModel->update($username, $password, $id);
+                    header('Location: ' . ROOT_PATH . 'users/users');
+                    exit();
+                }
+            }
+
+            $data = array(
+                'msg' => $msg,
+                'id' => $user->id,
+                'username' => $user->username,
+                'backPath' => 'users/users',
+                'actionName' => 'Edit'
+            );
+
+            $this->render('users/edit', $data);
+        }
+
+        public function delete($id) {
+            if(!isset($_SESSION['loggedIn'])) {
+                header('Location: ' . ROOT_PATH);
+                exit();
+            }
+            if($id === null || !is_numeric($id)) {
+                header('Location: ' . ROOT_PATH);
+                exit();
+            }
+            $id = filter_var($id, FILTER_SANITIZE_NUMBER_INT);
+
+            if(!$this->userModel->existsId($id)) {
+                header('Location: ' . ROOT_PATH);
+                exit();
+            }
+            if($id == $_SESSION['loggedIn'] || $id == 1) {
+                header('Location: ' . ROOT_PATH . 'users/users');
+                exit();
+            }
+
+            if(isset($_POST['sure'])) {
+                $this->postModel->deleteAllPostsFromUserId($id);
+                $this->userModel->delete($id);
+
+                header('Location: ' . ROOT_PATH);
+            }
+
+            $data = array(
+                'id' => $id,
+                'backPath' => 'users/users'
+            );  
+
+            $this->render('users/delete', $data);
         }
     }
diff --git a/src/classes/models/AuthModel.php b/src/classes/models/AuthModel.php
@@ -1,7 +1,13 @@
 <?php
     class AuthModel extends Model {
         public function login($uname, $passwd) {
-            $user = $this->getUser($uname);
+            $this->db->query('SELECT id, password FROM users WHERE username LIKE :uname;');
+            $this->db->bind(':uname', $uname);
+            $user = $this->db->single();
+
+            if($this->db->rowCount() <= 0) {
+                return false;
+            }
 
             if($user == null) return false;
 
@@ -14,17 +20,13 @@ public function login($uname, $passwd) {
             }
         }
 
-        // PRIV
-
-        private function getUser($uname) {
-            $this->db->query('SELECT id, password FROM users WHERE username LIKE :uname;');
-            $this->db->bind(':uname', $uname);
-            $row = $this->db->single();
+        public function register($uname, $passwd) {
+            $this->db->query('INSERT INTO users (username, password) VALUES (:username, :password);');
+            $this->db->bind(':username', $uname);
+            $this->db->bind(':password', $passwd);
+            $this->db->execute();
 
-            if($this->db->rowCount() <= 0) {
-                return false;
-            }
-
-            return $row;
+            return true;
         }
+
     }
diff --git a/src/classes/models/PostModel.php b/src/classes/models/PostModel.php
@@ -73,6 +73,14 @@ public function create($title, $body, $userId) {
             return $this->db->lastId();
         }
 
+        public function deleteAllPostsFromUserId($id) {
+            $this->db->query('DELETE FROM posts WHERE user_fk LIKE :id;');
+            $this->db->bind(':id', $id);
+            $this->db->execute();
+            
+            return true;
+        }
+
         public function update($title, $body, $id) {
             $this->db->query('UPDATE posts SET title = :title, body = :body WHERE id LIKE :id');
             $this->db->bind(':title', $title);
diff --git a/src/classes/models/UserModel.php b/src/classes/models/UserModel.php
@@ -1,19 +1,52 @@
 <?php
     class UserModel extends Model {
+        public function getAllUsers() {
+            $this->db->query('SELECT id, username FROM users');
+            $results = $this->db->resultSet();
+
+            return $this->db->rowCount() > 0 ? $results : null;
+        }
+        
         public function getUserById($id) {
-            $user = $this->getUserByIdFromDb($id);
-            unset($user['password']);
+            $this->db->query('SELECT id, username, password  FROM users WHERE id LIKE :id;');
+            $this->db->bind(':id', $id);
+            $user = $this->db->single();
 
             return $user;
         }
 
-        // PRIV
+        public function existsUname($uname) {
+            $this->db->query('SELECT id FROM users WHERE username LIKE :username;');
+            $this->db->bind(':username', $uname);
+            $this->db->execute();
+            
+            return $this->db->rowCount() >= 1 ? true : false;
+        }
 
-        private function getUserByIdFromDb($id) {
-            $this->db->query('SELECT id, username, password  FROM users WHERE id LIKE :id;');
+        public function existsId($id) {
+            $this->db->query('SELECT id FROM users WHERE id LIKE :id;');
             $this->db->bind(':id', $id);
-            $user = $this->db->single();
+            $this->db->execute();
+            
+            return $this->db->rowCount() >= 1 ? true : false;
+        }
 
-            return $user;
+        public function delete($id) {
+            $this->db->query('DELETE FROM users WHERE id LIKE :id;');
+            $this->db->bind(':id', $id);
+            $this->db->execute();
+
+            return true;
+        }
+
+
+        public function update($uname, $passwd, $id) {
+            $this->db->query('UPDATE users SET username = :username, password = :password WHERE id LIKE :id;');
+            $this->db->bind(':username', $uname);
+            $this->db->bind(':password', $passwd);
+            $this->db->bind(':id', $id);
+            $this->db->execute();
+
+            return true;
         }
     }
diff --git a/src/templates/userForm.php b/src/templates/userForm.php
@@ -2,7 +2,7 @@
     <div class="col-md-4 offset-md-4">
         <div class="login-form bg-dark mt-4 p-4">
             <form method="POST" class="row g-3">
-                <h4>Login</h4>
+                <h4><?= $action?></h4>
                 <?php Template::load('alert', ['type' => 'danger', 'msg' => $msg]);?>
                 <div class="col-12">
                     <label>Username</label>
@@ -13,7 +13,7 @@
                     <input type="password" name="passwordInput" class="form-control" placeholder="Password">
                 </div>
                 <div class="col-12">
-                    <button type="submit" name="submitInput" class="btn btn-primary float-end">Login</button>
+                    <button type="submit" name="submitInput" class="btn btn-primary float-end"><?= $action?></button>
                 </div>
             </form>
         </div>
diff --git a/src/views/auth/login.php b/src/views/auth/login.php
@@ -1,5 +1,5 @@
 <?= Template::load('header', ['title' => 'Login']);?>
 
-<?= Template::load('loginForm', ['username' => $data['username'], 'msg' => $data['msg']]);?>
+<?= Template::load('userForm', ['username' => $data['username'], 'msg' => $data['msg'], 'action' => 'Login']);?>
 
 <?= Template::load('footer');?>
diff --git a/src/views/auth/register.php b/src/views/auth/register.php
@@ -0,0 +1,5 @@
+<?= Template::load('header', ['title' => 'Register']);?>
+
+<?= Template::load('userForm', ['username' => $data['username'], 'msg' => $data['msg'], 'action' => 'Register']);?>
+
+<?= Template::load('footer');?>
diff --git a/src/views/index/imprint.php b/src/views/index/imprint.php
diff --git a/src/views/users/delete.php b/src/views/users/delete.php
@@ -0,0 +1,6 @@
+<?= Template::load('header', ['title' => 'Home']);?>
+
+    <?= Template::load('backBtn', ['controller' => 'users', 'method' => 'index', 'args' => ''])?>
+    <?= Template::load('delete', ['actionName' => 'User', 'id' => $data['id']]);?>
+
+<?= Template::load('footer');?>
diff --git a/src/views/users/edit.php b/src/views/users/edit.php
@@ -0,0 +1,5 @@
+<?= Template::load('header', ['title' => 'Edit']);?>
+
+<?= Template::load('userForm', ['username' => $data['username'], 'msg' => $data['msg'], 'action' => 'Edit']);?>
+
+<?= Template::load('footer');?>
diff --git a/src/views/users/index.php b/src/views/users/index.php
