diff --git a/App/Controllers/Home.php b/App/Controllers/Home.php
index 650c8a0..ad37262 100644
--- a/App/Controllers/Home.php
+++ b/App/Controllers/Home.php
@@ -10,11 +10,16 @@ use Core\Hash;
class Home
{
- private $access;
+ public $access,
+ $table;
+
public function __construct()
{
$this->access = new Access();
+ $this->table = 'user';
}
+
+ /* Routes */
public function index()
{
$posts = new Posts();
@@ -33,6 +38,21 @@ class Home
}
}
+ public function logout() {
+ if ($this->delete() != true) {
+ $info = "There's an error. Please try again.";
+ } else {
+ Session::delete('userid');
+ Session::delete('username');
+ Session::delete('full_name');
+ Session::delete('privilage');
+
+ $info = "Logged out success";
+ }
+ Session::flash('info', $info);
+ Redirect::to('/');
+ }
+
public function register()
{
if (Session::exists('userid') && Session::get('privilage') == 1) {
@@ -44,7 +64,7 @@ class Home
}
}
- // Methods
+ /* Methods */
public function post($args = [])
{
foreach ($args as $value) {
@@ -69,7 +89,7 @@ class Home
$args['full_name'] = htmlspecialchars($args['full_name']);
$args['username'] = htmlspecialchars($args['username']);
- $data = $this->access->showAll();
+ $data = $this->access->showAll($table);
foreach ($data as $users) {
if ($args['username'] == $users['username']) {
Session::flash('info', 'Username already exists');
@@ -85,38 +105,43 @@ class Home
public function put($args = [])
{
- if ($user = $this->access->login($args)) {
- Session::put('userid', $user['id']);
- Session::put('username', $user['username']);
- Session::put('full_name', $user['full_name']);
- Session::put('privilage', $user['privilage']);
+ $table = 'user';
+ $username = $args['username'];
+ $password = $args['password'];
- $table = 'user';
- $id = Session::get('userid');
-
- if ($this->access->update($table, ['status' => 1], $id)) {
- $username = Session::get('username');
- Session::flash('info', "$username logged in");
- }
+ $user = $this->access->showAll($table, [
+ ['username', '=', $username]
+ ]);
+ if ($user == false) {
+ $info = "Invalid username/password";
} else {
- Session::flash('info', 'Invalid username/password');
+ $hash = Hash::compare($password, $user['salt'], $user['password']);
+
+ if ($hash == true) {
+ if ($this->access->update($table, ['status' => 1], $user['id']) != true) {
+ $info = "There's an error. Please try again.";
+ } else {
+ Session::put('userid', $user['id']);
+ Session::put('username', $user['username']);
+ Session::put('full_name', $user['full_name']);
+ Session::put('privilage', $user['privilage']);
+
+ $info = "Logged in success";
+ }
+ }
}
+ Session::flash('info', $info);
Redirect::to('/');
}
- public function logout()
+ public function delete()
{
+ $table = 'user';
$user = Session::get('userid');
- $username = Session::get('username');
- if ($this->access->logout($user)) {
- Session::flash('info', "$username has logged out");
- Session::delete('userid');
- Session::delete('username');
- Session::delete('full_name');
- Session::delete('privilage');
-
- Redirect::to('/');
+ if ($this->access->update($table, ['status' => 0], $user) != true) {
+ throw new \Exception("Bad request", 400);
}
+ return true;
}
}
diff --git a/App/Controllers/Posts.php b/App/Controllers/Posts.php
index a5d017f..aa8c20c 100644
--- a/App/Controllers/Posts.php
+++ b/App/Controllers/Posts.php
@@ -11,12 +11,14 @@ use \Core\Redirect;
class Posts
{
private $post,
- $access;
+ $access,
+ $table;
public function __construct()
{
$this->post = new Post();
$this->access = new Access();
+ $this->table = 'pengumuman';
}
public function checkValid()
@@ -24,9 +26,7 @@ class Posts
$date = new \DateTime();
$now = $date->format("Y-m-d");
- $table = 'pengumuman';
-
- $valid = $this->post->showAll([
+ $valid = $this->post->showAll($this->table, [
['valid_at', '<=', $now],
['status', '!=', 3]
]);
@@ -34,11 +34,11 @@ class Posts
foreach ($valid as $fields) {
$id = $fields['id'];
- $this->post->update($table, ['status' => 1], $id);
+ $this->post->update($this->table, ['status' => 1], $id);
}
}
- $not_valid = $this->post->showAll([
+ $not_valid = $this->post->showAll($this->table, [
['valid_at', '>', $now],
['status', '!=', 3]
]);
@@ -46,11 +46,11 @@ class Posts
foreach ($not_valid as $fields) {
$id = $fields['id'];
- $this->post->update($table, ['status' => 2], $id);
+ $this->post->update($this->table, ['status' => 2], $id);
}
}
- $expired = $this->post->showAll([
+ $expired = $this->post->showAll($this->table, [
['expired_at', '<', $now],
['status', '!=', 3]
]);
@@ -58,16 +58,17 @@ class Posts
foreach ($expired as $fields) {
$id = $fields['id'];
- $this->post->update($table, ['status' => 0], $id);
+ $this->post->update($this->table, ['status' => 0], $id);
}
}
}
+ /* Routes */
public function index()
{
$this->checkValid();
- $posts = $this->post->showAll([
+ $posts = $this->post->showAll($this->table, [
['status', '=', 1]
]);
@@ -76,7 +77,7 @@ class Posts
$status = '';
if (Session::exists('userid')) {
- $posts = $this->post->showAll();
+ $posts = $this->post->showAll($this->table);
$status = 'admin';
}
@@ -122,12 +123,18 @@ class Posts
$categories = $this->post->showCategories();
- $post = $this->post->showSingle($id);
+ $post = $this->post->showAll($this->table, [
+ ['id', '=', $id]
+ ]);
$creator = $post['creator'];
$editor = $post['editor'];
- $creator = $this->access->showSingle($creator);
- $editor = $this->access->showSingle($editor);
+ $creator = $this->access->showAll($this->table, [
+ ['id', '=', $creator]
+ ]);
+ $editor = $this->access->showAll($this->table, [
+ ['id', '=', $editor]
+ ]);
$editor_now = Session::get('userid');
@@ -166,42 +173,42 @@ class Posts
}
}
- // Methods
+ /* Methods */
public function post($args = [])
{
- $table = 'pengumuman';
if (isset($args['_addon'])) {
- $table = $args['_addon'];
+ $this->table = $args['_addon'];
unset($args['_addon']);
}
foreach ($args as $value) {
if ($value == '') {
Session::flash('info', 'All data must not be empty');
- if ($table == 'pengumuman') {
+ if ($this->table == 'pengumuman') {
Redirect::to('/posts/entry');
- } elseif ($table == 'kategori') {
+ } elseif ($this->table == 'kategori') {
Redirect::to('/posts/category');
}
die();
}
}
- if ($this->post->entry($table, $args)) {
+ if ($this->post->entry($this->table, $args)) {
Session::flash('info', 'Data successfuly uploaded');
- if ($table == 'kategori') {
+ if ($this->table == 'kategori') {
Redirect::to('/posts/category');
- } elseif ($table == 'pengumuman') {
+ } elseif ($this->table == 'pengumuman') {
Redirect::to('/');
}
}
+
+ // Return the $table back to default
+ $this->table = 'pengumuman';
}
public function put($args = [])
{
- $table = 'pengumuman';
-
$args['content'] = htmlspecialchars($args['content']);
$id = $args['id'];
@@ -234,7 +241,7 @@ class Posts
}
}
- if ($this->post->update($table, $args, $id)) {
+ if ($this->post->update($this->table, $args, $id)) {
Session::flash('info', 'Data successfuly updated');
Redirect::to('/');
} else {
@@ -245,22 +252,24 @@ class Posts
public function delete($args = [])
{
- $table = 'pengumuman';
if (isset($args['_addon'])) {
- $table = $args['_addon'];
+ $this->table = $args['_addon'];
unset($args['_addon']);
}
$id = $args['id'];
- if ($this->post->delete($table, $id)) {
+ if ($this->post->delete($this->table, $id)) {
Session::flash('info', 'Data successfuly removed');
- if ($table = 'kategori') {
+ if ($this->table = 'kategori') {
Redirect::to('/posts/category');
- } elseif ($table = 'pengumuman') {
+ } elseif ($this->table = 'pengumuman') {
Redirect::to('/');
}
}
+
+ // Return the $table back to default
+ $this->table = 'pengumuman';
}
}
diff --git a/App/Models/Access.php b/App/Models/Access.php
index 544e4a9..4063994 100644
--- a/App/Models/Access.php
+++ b/App/Models/Access.php
@@ -20,84 +20,4 @@ class Access extends \Core\Model
]
);
}
-
- public function showAll()
- {
- try {
- $db = static::connectDB();
-
- $sql = "SELECT id, username, full_name, registered_at FROM user";
-
- if ($stmt = $db->query($sql)) {
- $result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
- return $result;
- }
- return false;
- } catch (PDOException $e) {
- echo $e->getMessage();
- }
- }
-
- public function showSingle($id)
- {
- try {
- $db = static::connectDB();
-
- $sql = "SELECT id, username, full_name, registered_at, privilage FROM user WHERE id = ?";
-
- $query = $db->prepare($sql);
-
- if ($query->execute([$id])) {
- if ($query->rowCount() === 1) {
- $result = $query->fetch(\PDO::FETCH_ASSOC);
- return $result;
- }
- }
- return false;
- } catch (PDOException $e) {
- throw new \Exception($e->getMessage(), 444);
- }
- }
-
- public function login($args = [])
- {
- try {
- $username = htmlspecialchars($args['username']);
- $password = $args['password'];
-
- $db = static::connectDB();
-
- $sql = "SELECT id, password, salt FROM user WHERE username = ?";
-
- $query = $db->prepare($sql);
- $query->bindValue(1, $username);
-
- if ($query->execute()) {
- if ($query->rowCount() === 1) {
- $result = $query->fetch(\PDO::FETCH_ASSOC);
-
- $id = $result['id'];
- $salt = $result['salt'];
- $hash = $result['password'];
-
- if (\Core\Hash::compare($password, $salt, $hash)) {
- $user = $this->showSingle($id);
-
- return $user;
- }
- return false;
- }
- }
- } catch (PDOException $e) {
- throw new \Exception($e->getMessage(), 444);
- }
- }
-
- public function logout($id)
- {
- if ($this->update('user', ['status' => 0], $id)) {
- return true;
- }
- return false;
- }
}
diff --git a/App/Models/Post.php b/App/Models/Post.php
index e6e5422..3728254 100644
--- a/App/Models/Post.php
+++ b/App/Models/Post.php
@@ -35,76 +35,6 @@ class Post extends \Core\Model
);
}
- public function showAll($conditions = [])
- {
- try {
- $db = static::connectDB();
-
- $sql = "SELECT * FROM pengumuman";
-
- if ($conditions) {
- $sql .= " WHERE";
- foreach ($conditions as $condition) {
-
- $keys[] = $condition[0];
- $operators[] = $condition[1];
- $values[] = $condition[2];
- }
-
- $x = 1;
- $i = 0;
- foreach ($keys as $key) {
- $sql .= " $key $operators[$i] ?";
- $i++;
-
- $x++;
- if ($x <= count($keys)) {
- $sql .= " AND";
- }
- }
- }
-
- $query = $db->prepare($sql);
-
- if ($conditions) {
- $x = 1;
- foreach ($values as $value) {
- $query->bindValue($x, $value);
- $x++;
- }
- }
-
- if ($query->execute()) {
- if ($query->rowCount() != 0) {
- $result = $query->fetchAll(\PDO::FETCH_ASSOC);
- return $result;
- }
- }
- } catch (PDOException $e) {
- throw new \Exception($e->getMessage, 444);
- }
- }
-
- public function showSingle($id)
- {
- try {
- $db = static::connectDB();
-
- $sql = "SELECT * FROM pengumuman WHERE id = ?";
-
- $query = $db->prepare($sql);
-
- if ($query->execute([$id])) {
- if ($query->rowCount() === 1) {
- $result = $query->fetch(\PDO::FETCH_ASSOC);
- return $result;
- }
- }
- } catch (PDOException $e) {
- throw new \Exception($e->getMessage(), 444);
- }
- }
-
public function showCategories()
{
try {
diff --git a/App/Views/Access/login.html b/App/Views/Access/login.html
index e2e7faf..2affd94 100644
--- a/App/Views/Access/login.html
+++ b/App/Views/Access/login.html
@@ -20,6 +20,6 @@
-
+
{% endblock %}
diff --git a/Core/Model.php b/Core/Model.php
index 144762c..de80a74 100644
--- a/Core/Model.php
+++ b/Core/Model.php
@@ -7,10 +7,6 @@ abstract class Model
{
protected static $conn = null;
- abstract public function showAll();
-
- abstract public function showSingle($id);
-
protected static function connectDB()
{
try {
@@ -60,6 +56,62 @@ abstract class Model
}
}
+ public function showAll($table, $conditions = [])
+ {
+ try {
+ if ($table) {
+ $db = static::connectDB();
+
+ $sql = "SELECT * FROM $table";
+
+ if ($conditions) {
+ $sql .= " WHERE";
+ foreach ($conditions as $condition) {
+
+ $keys[] = $condition[0];
+ $operators[] = $condition[1];
+ $values[] = $condition[2];
+ }
+
+ $x = 1;
+ $i = 0;
+ foreach ($keys as $key) {
+ $sql .= " $key $operators[$i] ?";
+ $i++;
+
+ $x++;
+ if ($x <= count($keys)) {
+ $sql .= " AND";
+ }
+ }
+ }
+
+ $query = $db->prepare($sql);
+
+ if ($conditions) {
+ $x = 1;
+ foreach ($values as $value) {
+ $query->bindValue($x, $value);
+ $x++;
+ }
+ }
+
+ $query->execute();
+ if ($query->rowCount() == 1) {
+ $result = $query->fetch(\PDO::FETCH_ASSOC);
+ } elseif ($query->rowCount() > 1) {
+ $result = $query->fetchAll(\PDO::FETCH_ASSOC);
+ } else {
+ return false;
+ }
+ return $result;
+ }
+ return false;
+ } catch (PDOException $e) {
+ throw new \Exception($e->getMessage, 444);
+ }
+ }
+
public function entry($table, $args, $values = '')
{
if (count($args)) {
@@ -146,7 +198,7 @@ abstract class Model
try {
$db = static::connectDB();
- $result = $this->showAll([
+ $result = $this->showAll($table, [
['id', '=', $id]
]);