-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate.class.php
More file actions
185 lines (146 loc) · 6.35 KB
/
update.class.php
File metadata and controls
185 lines (146 loc) · 6.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
<?php
class DataUpdate
{
static function update($table, $id, $updating_values, $duplicate_errorhandling = Response::DUPLICATE, $not_found_errorhandling = Response::ID_NOT_FOUND, $changeable_columns)
{
global $pdo;
// get identity column
$identity_column = self::getIdentityColumn($table);
// check id:
$sql = "SELECT * FROM " . $table . " WHERE " . $identity_column . " = :id";
$stmt = $pdo->prepare($sql);
$stmt->execute(["id" => $id]);
$row = $stmt->fetch();
$changes = false;
foreach ($updating_values as $key => $value) {
// check if key is valid
if (!in_array($key, $changeable_columns))
Response::error(Response::INVALID_KEY, [$key]);
// check if value changed (if not, skip)
if ($row[$key] == $value || $value === "" || $value === null)
unset($updating_values[$key]);
else
$changes = true;
}
if (!$row)
Response::error($not_found_errorhandling, ["id"]);
if (!$changes || empty($updating_values))
Response::success(Response::NO_CHANGES);
try {
$sql = "UPDATE " . $table . " SET ";
foreach ($updating_values as $key => $value) {
$sql .= $key . " = :" . $key . ", ";
}
$sql = substr($sql, 0, -2); // remove last ", "
$sql .= " WHERE " . $identity_column . " = :id";
$sth = $pdo->prepare($sql);
$result = $sth->execute(array_merge($updating_values, ["id" => $id]));
} catch (PDOException $th) {
if ($th->errorInfo[1] == "1062") // check if class exists
Response::error($duplicate_errorhandling, ["id"]);
// unexpected error
throw $th;
}
}
private static function getIdentityColumn($table)
{
global $pdo;
$sql = "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = :table_name AND COLUMN_KEY = 'PRI'";
$sth = $pdo->prepare($sql);
$sth->execute(["table_name" => $table]);
$result = $sth->fetch(PDO::FETCH_ASSOC);
if (!$result)
Response::error(Response::INTERNAL_SERVER_ERROR);
return $result["COLUMN_NAME"];
}
public static function token($id, $updating_values)
{
global $pdo;
$changeable_columns = [
"token_username",
"token_password",
"token_user_id",
"permissions",
];
// check id:
$sql = "SELECT * FROM token WHERE token_id = :id";
$stmt = $pdo->prepare($sql);
$stmt->execute(["id" => $id]);
$row = $stmt->fetch();
$changes = false;
foreach ($updating_values as $key => $value) {
if ($value === null) {
unset($updating_values[$key]);
continue;
}
// check if key is valid
if (!in_array($key, $changeable_columns))
Response::error(Response::INVALID_KEY, [$key]);
// check if key is "permisions"
if ($key == "permissions") {
$sql = "SELECT link_token_permission_id FROM token_link_permissions WHERE link_token_id = :id";
$stmt = $pdo->prepare($sql);
$stmt->execute(["id" => $id]);
$current_permissions = $stmt->fetchAll(PDO::FETCH_COLUMN);
$sql = "SELECT permission_id FROM property_token_permissions";
$stmt = $pdo->prepare($sql);
$stmt->execute();
$permissions = $stmt->fetchAll(PDO::FETCH_COLUMN);
// check if permissions are valid
foreach ($value as $permission) {
if (!in_array($permission, $permissions))
Response::error(Response::INVALID_PERMISSION, [$permission]);
}
// get permissions to create
$new_permissions = array_diff($value, $current_permissions);
// get permissions to delete
$delete_permissions = array_diff($current_permissions, $value);
// add permissions
foreach ($new_permissions as $permission) {
$sql = "INSERT INTO token_link_permissions (link_token_id, link_token_permission_id) VALUES (:id, :permission)";
$stmt = $pdo->prepare($sql);
$stmt->execute(["id" => $id, "permission" => $permission]);
}
// delete permissions
foreach ($delete_permissions as $permission) {
$sql = "DELETE FROM token_link_permissions WHERE link_token_id = :id AND link_token_permission_id = :permission";
$stmt = $pdo->prepare($sql);
$stmt->execute(["id" => $id, "permission" => $permission]);
}
if (!empty($delete_permissions) || !empty($new_permissions)) {
$changes = true;
}
unset($updating_values[$key]);
continue;
} else if ($key == "token_password") {
$updating_values[$key] = password_hash($value, PASSWORD_BCRYPT);
$changes = true;
continue;
}
// check if value changed (if not, skip)
if ($row[$key] == $value || $value === "" || $value === null)
unset($updating_values[$key]);
else
$changes = true;
}
if (!$row)
Response::error(Response::ID_NOT_FOUND, ["id"]);
if (!$changes || (empty($updating_values) && !$changes))
Response::success(Response::NO_CHANGES);
try {
$sql = "UPDATE token SET ";
foreach ($updating_values as $key => $value) {
$sql .= $key . " = :" . $key . ", ";
}
$sql .= "token_last_change = NOW()";
$sql .= " WHERE token_id = :id";
$sth = $pdo->prepare($sql);
$result = $sth->execute(array_merge($updating_values, ["id" => $id]));
} catch (PDOException $th) {
if ($th->errorInfo[1] == "1062") // check if class exists
Response::error(Response::DUPLICATE, ["id"]);
// unexpected error
throw $th;
}
}
}