Nextrek
Subversion Repository Public Repository

Nextrek

URLs

Copy to Clipboard
Explore
Commits

Diff Revisions 727 vs 728 for /Android/SmartCharging/endPoints/repositories/UserRepository.php

Diff revisions: vs.
  @@ -20,18 +20,63 @@
20 20 $this->db = $db;
21 21 }
22 22
23 - public static function checkToken($token, $conn) {
23 + public static function checkToken($token, $conn) { //utile per il control panel
24 24 try {
25 - $queryToken = "SELECT id FROM utente WHERE token='".$token."'";
26 - //echo "<br/>".$queryToken."<br/>";
27 - $result = $conn->query($queryToken);
28 - return ($result->rowCount()>0);
25 + //$queryToken = "SELECT id FROM utente WHERE token='".$token."'";
26 + $queryToken = "SELECT id FROM utente WHERE token=:token";
27 + $stmt = $conn->prepare($queryToken);
28 + $stmt->bindParam(':token', $token);
29 + $result = $stmt->execute();
30 + return ($stmt->rowCount()>0);
31 + } catch (PDOException $e) {
32 + echo $e->getMessage();
33 + return false;
34 + }
35 + }
36 +
37 + public static function checkUserByToken($user_id, $token, $conn) {
38 + try {
39 + //$queryToken = "SELECT id FROM utente WHERE token='".$token."'";
40 + $queryToken = "SELECT id FROM utente WHERE token=:token AND id=:id";
41 + $stmt = $conn->prepare($queryToken);
42 + $stmt->bindParam(':token', $token);
43 + $stmt->bindParam(':id', $user_id);
44 + $result = $stmt->execute();
45 + return ($stmt->rowCount()>0);
29 46 } catch (PDOException $e) {
30 47 echo $e->getMessage();
31 48 return false;
32 49 }
33 50 }
34 51
52 + public static function checkAdminByToken($token, $conn) {
53 + try {
54 + //$queryToken = "SELECT id FROM utente WHERE token='".$token."'";
55 + $queryToken = "SELECT id FROM utente WHERE token=:token AND is_admin=1";
56 + $stmt = $conn->prepare($queryToken);
57 + $stmt->bindParam(':token', $token);
58 + $result = $stmt->execute();
59 + return ($stmt->rowCount()>0);
60 + } catch (PDOException $e) {
61 + echo $e->getMessage();
62 + return false;
63 + }
64 + }
65 +
66 + public static function getUserByToken($token, $conn) {
67 + try {
68 + //$queryToken = "SELECT id FROM utente WHERE token='".$token."'";
69 + $queryToken = "SELECT id FROM utente WHERE token=:token";
70 + $stmt = $conn->prepare($queryToken);
71 + $stmt->bindParam(':token', $token);
72 + $result = $stmt->execute();
73 + return ($stmt->rowCount()>0) ? $stmt->fetchColumn() : -1;
74 + } catch (PDOException $e) {
75 + echo $e->getMessage();
76 + return -1;
77 + }
78 + }
79 +
35 80 public function registerUser($user, $password) {
36 81 $status = array();
37 82
  @@ -56,18 +101,33 @@
56 101 $hashedPwd = password_hash($password, PASSWORD_DEFAULT);
57 102 $newToken = sha1($user->username.session_id().time());
58 103
59 - $query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token)
104 + /*$query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token)
60 105 VALUES ('".$user->username."',
61 106 '".$hashedPwd."',
62 107 '".$user->nome."',
63 108 '".$user->cognome."',
64 109 '".$user->cell."',
65 110 '".$user->email."',
66 - '".$newToken."')";
111 + '".$newToken."')";*/
67 112
68 - //echo "<br/>".$query."<br/>";
113 + //echo "<br/>".$query."<br/>";
114 +
115 + $query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token)
116 + VALUES (:username, :password, :nome, :cognome, :cell, :email, :token)";
69 117
70 - $this->db->exec($query);
118 + $stmt = $this->db->prepare($query);
119 +
120 + $stmt->bindParam(':username', $user->username);
121 + $stmt->bindParam(':password', $hashedPwd);
122 + $stmt->bindParam(':nome', $user->nome);
123 + $stmt->bindParam(':cognome', $user->cognome);
124 + $stmt->bindParam(':cell', $user->cell);
125 + $stmt->bindParam(':email', $user->email);
126 + $stmt->bindParam(':token', $newToken);
127 +
128 + $result = $stmt->execute();
129 +
130 + //$this->db->exec($query);
71 131 $status["id"] = $this->db->lastInsertId();
72 132 $status["return"] = 0;
73 133 $status["token"] = $newToken;
  @@ -88,14 +148,22 @@
88 148 $status = array();
89 149
90 150 try {
91 - $query = "SELECT id, password, email, is_owner FROM utente WHERE username='".$username."' AND is_active=1";
151 + //$query = "SELECT id, password, email, is_owner FROM utente WHERE username='".$username."' AND is_active=1";
152 +
153 + $query = "SELECT id, password, email, is_owner FROM utente WHERE username=:username AND is_active=1";
92 154
93 155 if ($is_admin) {
94 156 $query = $query." AND is_admin=1";
95 157 }
96 158
97 - $result = $this->db->query($query);
98 - $row = ($result->rowCount()>0) ? $result->fetch() : null;
159 + $stmt = $this->db->prepare($query);
160 + $stmt->bindParam(':username', $username);
161 + $result = $stmt->execute();
162 +
163 + /*$result = $this->db->query($query);
164 + $row = ($result->rowCount()>0) ? $result->fetch() : null;*/
165 +
166 + $row = ($stmt->rowCount()>0) ? $stmt->fetch() : null;
99 167
100 168 if (is_null($row)) {
101 169 $status = createErrorMessage(1, "Username non valido");
  @@ -111,13 +179,20 @@
111 179 //$newToken = sha1($row["email"].session_id().time());
112 180 $newToken = sha1($username.session_id().time());
113 181
114 - $queryToken = "UPDATE utente
182 + /*$queryToken = "UPDATE utente
115 183 SET token='".$newToken."'
116 - WHERE id=".$row["id"];
184 + WHERE id=".$row["id"];*/
117 185
118 186 //echo "<br/>".$queryToken."<br/>";
119 187
120 - $this->db->exec($queryToken);
188 + $queryToken = "UPDATE utente SET token=:token WHERE id=:id";
189 +
190 + //$this->db->exec($queryToken);
191 +
192 + $stmt = $this->db->prepare($queryToken);
193 + $stmt->bindParam(':token', $newToken);
194 + $stmt->bindParam(':id', $row["id"]);
195 + $stmt->execute();
121 196
122 197 $status["return"] = 0;
123 198 $status["is_owner"] = $row["is_owner"];
  @@ -140,13 +215,19 @@
140 215 public function logoutUser($user_id) {
141 216 $status = array();
142 217 try {
143 - $queryToken = "UPDATE utente
218 + /*$queryToken = "UPDATE utente
144 219 SET token = ''
145 - WHERE id=".$user_id;
220 + WHERE id=".$user_id;*/
146 221
147 222 //echo "<br/>".$queryToken."<br/>";
148 223
149 - $this->db->exec($queryToken);
224 + $queryToken = "UPDATE utente SET token='' WHERE id=:id";
225 +
226 + //$this->db->exec($queryToken);
227 +
228 + $stmt = $this->db->prepare($queryToken);
229 + $stmt->bindParam(':id', $user_id);
230 + $stmt->execute();
150 231
151 232 $status["return"] = 0;
152 233 return $status;
  @@ -195,18 +276,36 @@
195 276 $u_last_name = $graphObject->getProperty('last_name');
196 277 $u_email = $graphObject->getProperty('email');
197 278
198 - $sql = "SELECT id, username FROM utente WHERE email='".$user_email."'";
279 + //$sql = "SELECT id, username FROM utente WHERE email='".$user_email."'";
280 + $sql = "SELECT id, username FROM utente WHERE email=:email";
281 +
282 + //$result = $this->db->query($sql);
199 283
200 - $result = $this->db->query($sql);
201 - $row = ($result->rowCount()>0) ? $result->fetch() : null;
284 + $stmt = $this->db->prepare($sql);
285 + $stmt->bindParam(':email', $user_email);
286 + $stmt->execute();
287 +
288 + $row = ($stmt->rowCount()>0) ? $stmt->fetch() : null;
202 289
203 290 if (!is_null($row)) { //utente già esistente
204 291
205 - $sql = "UPDATE utente
292 + /*$sql = "UPDATE utente
206 293 SET nome='".$u_first_name."', cognome='".$u_last_name."', email='".$u_email."', token='".$fb_token."'
207 - WHERE id=".$row["id"];
294 + WHERE id=".$row["id"];*/
295 +
296 + $sql = "UPDATE utente
297 + SET nome=:nome, cognome=:cognome, email=:email, token=:token
298 + WHERE id=:id";
208 299
209 - $this->db->exec($sql);
300 + $stmt = $this->db->prepare($sql);
301 + $stmt->bindParam(':nome', $u_first_name);
302 + $stmt->bindParam(':cognome', $u_last_name);
303 + $stmt->bindParam(':email', $u_email);
304 + $stmt->bindParam(':token', $fb_token);
305 + $stmt->bindParam(':id', $row["id"]);
306 + $stmt->execute();
307 +
308 + //$this->db->exec($sql);
210 309 $status["id"] = $row["id"];
211 310 $status["username"] = $row["username"];
212 311
  @@ -222,12 +321,24 @@
222 321 fputs($file, $fb_avatar_data);
223 322 fclose($file);
224 323
225 - $sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar)
226 - VALUES ('".$u_first_name."','".$u_last_name."','".$u_email."','".$fb_token."','".$username."','".$image_filename."')";
324 + /*$sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar)
325 + VALUES ('".$u_first_name."','".$u_last_name."','".$u_email."','".$fb_token."','".$username."','".$image_filename."')";*/
227 326
228 327 //echo "<br/>".$sql."<br/>";
229 328
230 - $this->db->exec($sql);
329 + $sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar)
330 + VALUES (:nome,:cognome,:email,:token,:username,:avatar)";
331 +
332 + $stmt = $this->db->prepare($sql);
333 + $stmt->bindParam(':nome', $u_first_name);
334 + $stmt->bindParam(':cognome', $u_last_name);
335 + $stmt->bindParam(':email', $u_email);
336 + $stmt->bindParam(':token', $fb_token);
337 + $stmt->bindParam(':username', $username);
338 + $stmt->bindParam(':avatar', $image_filename);
339 + $stmt->execute();
340 +
341 + //$this->db->exec($sql);
231 342 $status["id"] = $this->db->lastInsertId();
232 343 $status["username"] = $username;
233 344
  @@ -265,14 +376,20 @@
265 376 public function getAvatar($user_id) {
266 377 $status = array();
267 378 try {
268 - $query = "SELECT avatar FROM utente WHERE id='".$user_id."'";
269 - $result = $this->db->query($query);
270 - $row = ($result->rowCount()>0) ? $result->fetch() : null;
379 + //$query = "SELECT avatar FROM utente WHERE id='".$user_id."'";
380 + $query = "SELECT avatar FROM utente WHERE id=:id";
381 +
382 + $stmt = $this->db->prepare($query);
383 + $stmt->bindParam(':id', $user_id);
384 + $result = $stmt->execute();
385 +
386 + //$result = $this->db->query($query);
387 + $row = ($stmt->rowCount()>0) ? $stmt->fetch() : null;
271 388
272 389 if (!is_null($row)) {
273 390 $status["return"] = 0;
274 391 $status["id"] = $user_id;
275 - $status["avatar"] = IMAGE_SERVER.AVATAR_PATH.$row["avatar"];
392 + $status["avatar"] = ($row["avatar"] != "") ? IMAGE_SERVER.AVATAR_PATH.$row["avatar"] : "";
276 393 } else {
277 394 $status = createErrorMessage(1, "User ID non disponibile");
278 395 //$status["return"] = 1;
  @@ -296,13 +413,20 @@
296 413 $status = array();
297 414
298 415 try {
299 - $query = "UPDATE utente
416 + /*$query = "UPDATE utente
300 417 SET avatar='".$avatar_url."'
301 - WHERE id=".$user_id;
418 + WHERE id=".$user_id;*/
419 +
420 + //echo "<br/>".$query."<br/>";
302 421
303 - //echo "<br/>".$query."<br/>";
422 + $query = "UPDATE utente SET avatar=:avatar WHERE id=:id";
304 423
305 - $this->db->exec($query);
424 + $stmt = $this->db->prepare($query);
425 + $stmt->bindParam(':avatar', $avatar_url);
426 + $stmt->bindParam(':id', $user_id);
427 + $stmt->execute();
428 +
429 + //$this->db->exec($query);
306 430 $status["return"] = 0;
307 431 $status["avatar_name"] = $avatar_url;
308 432 return $status;
  @@ -317,34 +441,53 @@
317 441
318 442 public function editUser($user) { //$user è l'oggetto Utente
319 443 $status = array();
444 + $array_params = array();
320 445
321 446 try {
322 447
323 448 $setString = "";
324 449
325 450 if (isset($user->nome) && !is_null($user->nome)) {
326 - $setString = ($setString == "") ? "nome='".$user->nome."'" : $setString.",nome='".$user->nome."'";
451 + //$setString = ($setString == "") ? "nome='".$user->nome."'" : $setString.",nome='".$user->nome."'";
452 + $setString = ($setString == "") ? "nome=:nome" : $setString.",nome=:nome";
453 + $array_params[":nome"] = $user->nome;
327 454 }
328 455
329 456 if (isset($user->cognome) && !is_null($user->cognome)) {
330 - $setString = ($setString == "") ? "cognome='".$user->cognome."'" : $setString.",cognome='".$user->cognome."'";
457 + //$setString = ($setString == "") ? "cognome='".$user->cognome."'" : $setString.",cognome='".$user->cognome."'";
458 + $setString = ($setString == "") ? "cognome=:cognome" : $setString.",cognome=:cognome";
459 + $array_params[":cognome"] = $user->cognome;
331 460 }
332 461
333 462 if (isset($user->cell) && !is_null($user->cell)) {
334 - $setString = ($setString == "") ? "cell='".$user->cell."'" : $setString.",cell='".$user->cell."'";
463 + //$setString = ($setString == "") ? "cell='".$user->cell."'" : $setString.",cell='".$user->cell."'";
464 + $setString = ($setString == "") ? "cell=:cell" : $setString.",cell=:cell";
465 + $array_params[":cell"] = $user->cell;
335 466 }
336 467
337 468 if (isset($user->email) && !is_null($user->email)) {
338 - $setString = ($setString == "") ? "email='".$user->email."'" : $setString.",email='".$user->email."'";
469 + //$setString = ($setString == "") ? "email='".$user->email."'" : $setString.",email='".$user->email."'";
470 + $setString = ($setString == "") ? "email=:email" : $setString.",email=:email";
471 + $array_params[":email"] = $user->email;
339 472 }
340 473
341 - $query = "UPDATE utente
474 + /*$query = "UPDATE utente
475 + SET ".$setString."
476 + WHERE id=".$user->id;*/
477 +
478 + //echo "<br/>".$query."<br/>";
479 +
480 + //$this->db->exec($query);
481 +
482 + $query = "UPDATE utente
342 483 SET ".$setString."
343 - WHERE id=".$user->id;
484 + WHERE id=:id";
485 +
486 + $array_params[":id"] = $user->id;
344 487
345 - //echo "<br/>".$query."<br/>";
488 + $stmt = $this->db->prepare($query);
489 + $stmt->execute($array_params);
346 490
347 - $this->db->exec($query);
348 491 $status["return"] = 0;
349 492
350 493 } catch (PDOException $e) {
  @@ -360,12 +503,32 @@
360 503
361 504 public function deleteUser($user_id) {
362 505 $status = array();
363 - $query = "UPDATE utente,locale
506 + /*$query = "UPDATE utente,locale
364 507 SET utente.is_active=0, utente.token='', locale.hidden=1
365 - WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;
508 + WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;*/
509 +
510 + $queryUtente = "UPDATE utente
511 + SET is_active=0, token=''
512 + WHERE id=:id_utente";
366 513
367 514 try {
368 - $this->db->exec($query);
515 + $stmt = $this->db->prepare($queryUtente);
516 + $stmt->bindParam(':id_utente', $user_id);
517 + $resultUtente = $stmt->execute();
518 +
519 + if ($resultUtente) {
520 + $queryLocale = "UPDATE locale
521 + SET hidden=1
522 + WHERE id_utente_owner=:id_utente_owner";
523 +
524 + $stmt = $this->db->prepare($queryLocale);
525 + $stmt->bindParam(':id_utente_owner', $user_id);
526 + $stmt->execute();
527 + } else {
528 + $status = createErrorMessage(1, "Errore DB");
529 + return $status;
530 + }
531 + //$this->db->exec($query);
369 532 $status["return"] = 0;
370 533 return $status;
371 534 } catch (PDOException $e) {
  @@ -378,12 +541,33 @@
378 541
379 542 public function enableUser($user_id) {
380 543 $status = array();
381 - $query = "UPDATE utente,locale
544 + /*$query = "UPDATE utente,locale
382 545 SET utente.is_active=1, locale.hidden=0
383 - WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;
546 + WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;*/
547 +
548 + $queryUtente = "UPDATE utente
549 + SET is_active=1
550 + WHERE id=:id_utente";
384 551
385 552 try {
386 - $this->db->exec($query);
553 + $stmt = $this->db->prepare($queryUtente);
554 + $stmt->bindParam(':id_utente', $user_id);
555 + $resultUtente = $stmt->execute();
556 +
557 + if ($resultUtente) {
558 + $queryLocale = "UPDATE locale
559 + SET hidden=0
560 + WHERE id_utente_owner=:id_utente_owner";
561 +
562 + $stmt = $this->db->prepare($queryLocale);
563 + $stmt->bindParam(':id_utente_owner', $user_id);
564 + $stmt->execute();
565 + } else {
566 + $status = createErrorMessage(1, "Errore DB");
567 + return $status;
568 + }
569 +
570 + //$this->db->exec($query);
387 571 $status["return"] = 0;
388 572 return $status;
389 573 } catch (PDOException $e) {

View View this file contents

History View the full history

Feeds

Commits for /Android/SmartCharging/endPoints/repositories/UserRepository.php

Need assistance?   Get in touch, or head to our documentation site.