├── error.log ├── public ├── uploads │ └── .empty └── assets │ ├── css │ └── style.css │ └── js │ └── main.js ├── version.json ├── screenshot.png ├── install.php ├── core ├── config │ ├── session.php │ └── database.php ├── classes │ ├── ValidationException.php │ ├── Model.php │ ├── Controller.php │ └── Sql.php ├── helpers │ ├── Email.php │ ├── Errors.php │ ├── Time.php │ ├── Site.php │ ├── File.php │ ├── User.php │ └── Str.php └── App.php ├── app ├── controllers │ ├── MainController.php │ ├── PostsController.php │ └── UsersController.php ├── views │ ├── footer.php │ ├── users │ │ ├── sign-in.php │ │ ├── sign-up.php │ │ ├── panel.php │ │ ├── user.php │ │ ├── users.php │ │ └── edit.php │ ├── header.php │ ├── pagination.php │ └── posts │ │ ├── add.php │ │ ├── post.php │ │ ├── edit.php │ │ └── posts.php └── models │ ├── PostsModel.php │ └── UsersModel.php ├── .htaccess ├── index.php ├── LICENSE ├── database.sql └── README.md /error.log: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /public/uploads/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /version.json: -------------------------------------------------------------------------------- 1 | { "version" : "0.9.0" } 2 | -------------------------------------------------------------------------------- /screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/utoyvo/crud-mvc-oop-pdo/HEAD/screenshot.png -------------------------------------------------------------------------------- /install.php: -------------------------------------------------------------------------------- 1 | config['session-name'] = 'SID'; 10 | -------------------------------------------------------------------------------- /core/config/database.php: -------------------------------------------------------------------------------- 1 | config['db'] = array( 10 | 'driver' => 'mysql', 11 | 'host' => 'localhost', 12 | 'username' => 'root', 13 | 'password' => '', 14 | 'name' => 'crud-mvc-oop-pdo' 15 | ); 16 | -------------------------------------------------------------------------------- /app/controllers/MainController.php: -------------------------------------------------------------------------------- 1 | errors = $errors; 16 | } 17 | 18 | public function getError() 19 | { 20 | return $this->errors; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /core/helpers/Email.php: -------------------------------------------------------------------------------- 1 | 18 |
19 | 20 | $error ) : ?> 21 |
22 | 23 |
24 | 15 | * @copyright 2020 16 | */ 17 | 18 | require_once( __DIR__ . '/core/App.php' ); 19 | 20 | $app = new App(); 21 | 22 | $app->autoload(); 23 | $app->config(); 24 | $app->start(); 25 | -------------------------------------------------------------------------------- /public/assets/js/main.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Main 3 | * 4 | * @package CRUD MVC OOP PDO 5 | * @link https://github.com/utoyvo/crud-mvc-oop-pdo/blob/master/public/assets/js/main.php 6 | */ 7 | 8 | jQuery( function () { 9 | 10 | /** 11 | * Upload File 12 | */ 13 | 14 | /* 15 | * Real URL 16 | */ 17 | function readURL( input ) { 18 | if ( input.files && input.files[0] ) { 19 | var reader = new FileReader(); 20 | reader.onload = function( e ) { 21 | $( '#prev' ).attr( 'src', e.target.result ); 22 | } 23 | 24 | reader.readAsDataURL( input.files[0] ); 25 | } 26 | } 27 | 28 | // Prev 29 | $( '#post-cover' ).change( function() { 30 | readURL( this ); 31 | } ); 32 | 33 | // Reset 34 | $( '#post-cover-reset' ).on( 'click', function() { 35 | $( '#post-cover' ).val( '' ); 36 | $( '#prev' ).attr( 'src', '' ); 37 | } ); 38 | 39 | /** 40 | * Tolltip 41 | */ 42 | $( '[data-toggle="tooltip"]' ).tooltip(); 43 | } ); 44 | -------------------------------------------------------------------------------- /app/views/footer.php: -------------------------------------------------------------------------------- 1 | 10 | 11 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /app/views/users/sign-in.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 |
13 |

Sign In

14 | 15 | 16 | 17 |
18 |
19 | 20 | 21 |
22 | 23 |
24 | 25 | 26 |
27 | 28 | 29 | Cancel 30 |
31 | 32 |

You don't have an account? Sign Up.

33 |
34 |
35 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Oleksandr Klochko 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /core/helpers/Time.php: -------------------------------------------------------------------------------- 1 | version; 55 | } 56 | 57 | return $version; 58 | } 59 | 60 | } 61 | -------------------------------------------------------------------------------- /app/views/users/sign-up.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 |
13 |

Sign Up

14 | 15 | 16 | 17 |
18 |
19 | 20 | 21 |
22 | 23 |
24 | 25 | 26 |
27 | 28 |
29 | 30 | 31 |
32 | 33 | 34 | Cancel 35 |
36 | 37 |

Are you have an account? Sign In.

38 |
39 |
40 | -------------------------------------------------------------------------------- /app/views/header.php: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 | 13 | 14 | 15 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | <?= Site::title( $title ); ?> 28 | 29 | 30 | 31 | 32 | 33 | 34 |
35 | -------------------------------------------------------------------------------- /app/views/users/panel.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 | 13 | 14 | $_SESSION['user']['name'], 'class' => 'img-fluid rounded' ) ); ?> 15 | 16 | 17 |
18 | @ 19 | Edit 20 |
21 | Posts 22 |
23 | Users 24 |
25 | Sign Out 26 |
27 | 28 | Add Post 29 | 30 | Sign In 31 | Sign Up 32 | 33 |
34 | -------------------------------------------------------------------------------- /app/views/pagination.php: -------------------------------------------------------------------------------- 1 | 10 | 11 | 37 | -------------------------------------------------------------------------------- /core/helpers/File.php: -------------------------------------------------------------------------------- 1 | $max_file_size ) { 54 | $errors[] = 'File is too large.'; 55 | } 56 | 57 | if ( $errors ) { 58 | throw new ValidationException( $errors ); 59 | } 60 | } 61 | } 62 | 63 | } 64 | -------------------------------------------------------------------------------- /core/helpers/User.php: -------------------------------------------------------------------------------- 1 | $val ) { 35 | $url .= ' ' . $key . '="' . $val . '"'; 36 | } 37 | 38 | $url .= ' />'; 39 | } 40 | 41 | return $url; 42 | } 43 | 44 | /** 45 | * Login 46 | */ 47 | public static function login() : bool 48 | { 49 | return isset( $_SESSION['user'] ) ? true : false; 50 | } 51 | 52 | /** 53 | * Panel 54 | */ 55 | public static function panel() : void 56 | { 57 | require_once( ROOT . '/app/views/users/panel.php' ); 58 | } 59 | 60 | /** 61 | * Role 62 | */ 63 | public static function role( array $roles ) : bool 64 | { 65 | return in_array( $_SESSION['user']['role'], $roles ) ? true : false; 66 | } 67 | 68 | } 69 | -------------------------------------------------------------------------------- /core/helpers/Str.php: -------------------------------------------------------------------------------- 1 | $length ) { 59 | $errors[] = 'String is too large.'; 60 | } 61 | } 62 | 63 | if ( ! empty( $errors ) ) { 64 | throw new ValidationException( $errors ); 65 | } 66 | } 67 | 68 | } 69 | -------------------------------------------------------------------------------- /app/views/posts/add.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 |
13 |

Add Post

14 | 15 | 16 | 17 |
18 |
19 | 20 | 21 |
22 | 23 |
24 | 25 | 26 |
27 | 28 | Cover 29 | 30 |
31 |
32 | 33 | 34 |
35 |
36 | Reset 37 |
38 |
39 | 40 | 41 | Cancel 42 |
43 |
44 |
45 | -------------------------------------------------------------------------------- /app/views/users/user.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 | 13 | <?= $user['user_name']; ?> 14 | 15 | 16 |
17 | 18 |
19 |
20 | $user['user_name'], 'class' => 'img-fluid rounded mb-3 w-100' ) ); ?> 21 | 22 | 23 | Edit 24 | 25 | Sing Out 26 | 27 | 28 | Return 29 |
30 | 31 |
32 |

33 | 34 |

35 |

Role .

36 |

Registered

37 |
38 |
39 | 40 |
User does not exist.
41 | 42 |
43 |
44 | -------------------------------------------------------------------------------- /app/views/posts/post.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 | 13 | <?= $post['post_title']; ?> 14 | 15 | 16 |
17 | 18 |

19 | 20 |
21 | 24 | by 25 | 26 |
27 | 28 |
29 | 30 |
31 | 32 | Edit 33 | 34 | Delete 35 | 36 | 37 | Return 38 |
39 | 40 |
Empty
41 | 42 |
43 |
44 | -------------------------------------------------------------------------------- /core/classes/Model.php: -------------------------------------------------------------------------------- 1 | db = $app->db; 18 | } 19 | 20 | /** 21 | * Pagination 22 | */ 23 | public function pagination( string $for, int $page, int $perpage = 10 ) : array 24 | { 25 | $sql = Sql::query() 26 | ->select( 'COUNT(*)' ) 27 | ->as( 'total' ) 28 | ->from( $for ) 29 | ->get(); 30 | 31 | $stmt = $this->db->prepare( $sql ); 32 | $stmt->execute(); 33 | 34 | $pages = $stmt->fetch( PDO::FETCH_ASSOC ); 35 | 36 | $page = $page != 0 ? $page : 1; 37 | $total_pages = ceil( $pages['total'] / $perpage ); 38 | $start = $perpage * $page - $perpage; 39 | 40 | return array( 41 | 'for' => $for, 42 | 'page' => $page, 43 | 'total_pages' => $total_pages, 44 | 'start' => $start, 45 | 'perpage' => $perpage, 46 | ); 47 | } 48 | 49 | /** 50 | * Sort 51 | */ 52 | public function sort( string $prefix, string $by, array $keys = array() ) : array 53 | { 54 | if ( isset( $by ) && in_array( $by, $keys ) ) { 55 | if ( $by == 'time' ) { 56 | $by = 'created'; 57 | } 58 | 59 | $sort = array( 60 | 'by' => $prefix . $by, 61 | 'order' => 'ASC', 62 | ); 63 | } else { 64 | $sort = array( 65 | 'by' => $prefix . 'id', 66 | 'order' => 'DESC', 67 | ); 68 | } 69 | 70 | return $sort; 71 | } 72 | 73 | /** 74 | * Bind 75 | */ 76 | public function bind( object $stmt, array $data ) : void 77 | { 78 | foreach ( $data as $key => $value ) { 79 | $stmt->bindValue( ':' . $key, $value ); 80 | } 81 | } 82 | 83 | } 84 | -------------------------------------------------------------------------------- /app/views/posts/edit.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 |
13 | 14 |

Edit Post

15 | 16 | 17 | 18 |
19 |
20 | 21 | 22 |
23 | 24 |
25 | 26 | 27 |
28 | 29 | Cover 30 | 31 |
32 |
33 | 34 | 35 |
36 |
37 | 38 |
39 |
40 | 41 | 42 | Cancel 43 |
44 | 45 |
Empty
46 | 47 |
48 |
49 | -------------------------------------------------------------------------------- /core/classes/Controller.php: -------------------------------------------------------------------------------- 1 | route = explode( '/', URI ); 19 | $this->args = count( $this->route ); 20 | $this->router(); 21 | } 22 | 23 | /** 24 | * Index 25 | */ 26 | abstract function index(); 27 | 28 | /** 29 | * Router 30 | */ 31 | private function router() : void 32 | { 33 | if ( class_exists( $this->route[1] ) ) { 34 | if ( $this->args >= 3 ) { 35 | if ( method_exists( $this, $this->route[2] ) ) { 36 | $this->uriCaller( 2, 3 ); 37 | } else { 38 | $this->uriCaller( 0, 2 ); 39 | } 40 | } else { 41 | $this->uriCaller( 0, 2 ); 42 | } 43 | } else { 44 | if ( $this->args >= 2 ) { 45 | if ( method_exists( $this, $this->route[1] ) ) { 46 | $this->uriCaller( 1, 2 ); 47 | } else { 48 | $this->uriCaller( 0, 1 ); 49 | } 50 | } else { 51 | $this->uriCaller( 0, 1 ); 52 | } 53 | } 54 | } 55 | 56 | /** 57 | * UriCaller 58 | */ 59 | private function uriCaller( int $method, int $param ) : void 60 | { 61 | for ( $i = $param; $i < $this->args; $i++ ) { 62 | $this->params[$i] = $this->route[$i]; 63 | } 64 | 65 | if ( $method === 0 ) { 66 | call_user_func_array( array( $this, 'index' ), $this->params ); 67 | } else { 68 | call_user_func_array( array( $this, $this->route[$method] ), $this->params ); 69 | } 70 | } 71 | 72 | /** 73 | * Model 74 | */ 75 | public function model( string $path ) : void 76 | { 77 | $class = explode( '/', $path ); 78 | $class = $class[count( $class ) - 1]; 79 | $path = strtolower( $path ); 80 | 81 | require( ROOT . '/app/models/' . $path . '.php' ); 82 | 83 | $this->$class = new $class; 84 | } 85 | 86 | /** 87 | * View 88 | */ 89 | public function view( string $path, array $data = [] ) : void 90 | { 91 | if ( is_array( $data ) ) { 92 | extract( $data ); 93 | } 94 | 95 | require( ROOT . '/app/views/header.php' ); 96 | require( ROOT . '/app/views/' . $path . '.php' ); 97 | require( ROOT . '/app/views/footer.php' ); 98 | } 99 | 100 | } 101 | -------------------------------------------------------------------------------- /core/App.php: -------------------------------------------------------------------------------- 1 | db = new PDO( 49 | $this->config['db']['driver'] . ':host=' . $this->config['db']['host'] . ';dbname=' . $this->config['db']['name'], 50 | $this->config['db']['username'], 51 | $this->config['db']['password'] 52 | ); 53 | 54 | $this->db->query( 'SET NAMES utf8' ); 55 | $this->db->query( 'SET CHARACTER_SET utf8_unicode_ci' ); 56 | 57 | $this->db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); 58 | } catch ( PDOException $e ) { 59 | error_log( 60 | '[' . date( 'Y-m-d H:i:s' ) . '] [ERROR] [' . $_SERVER['REMOTE_ADDR'] . '] ' . $e->getMessage() . "\n", 61 | 3, 62 | 'error.log' 63 | ); 64 | die( $e->getMessage() ); 65 | } 66 | } 67 | 68 | /** 69 | * Start 70 | */ 71 | public function start() : void 72 | { 73 | session_name( $this->config['session-name'] ); 74 | session_start(); 75 | 76 | $route = explode( '/', URI ); 77 | $route[1] = strtolower( $route[1] ); 78 | 79 | if ( file_exists( ROOT . '/app/controllers/' . $route[1] . 'Controller.php' ) ) { 80 | require( ROOT . '/app/controllers/' . $route[1] . 'Controller.php' ); 81 | $controller = new $route[1](); 82 | } else { 83 | require( ROOT . '/app/controllers/MainController.php' ); 84 | $main = new MainController(); 85 | } 86 | } 87 | 88 | } 89 | -------------------------------------------------------------------------------- /app/views/users/users.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 |
13 |

Users

14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 52 | 53 | 54 | 60 | 61 | 62 | 63 | 64 |
AvatarNameEmailRoleRegisteredActions
36 | 37 | $user['user_name'], 'class' => 'img-fluid rounded' ) ); ?> 38 | 39 | 48 | 51 | 55 | 56 | Edit 57 | Delete 58 | 59 |
65 | 66 | 67 | 68 | 69 |
Empty.
70 | 71 |
72 |
73 | -------------------------------------------------------------------------------- /app/views/posts/posts.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 |
13 |

Posts

14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 42 | 43 | 44 | 45 | 50 | 51 | 52 | 53 | 58 | 59 | 60 | 68 | 69 | 70 | 71 | 72 |
CoverTitleTimeContentAuthorActions
36 | 37 | 38 | <?= $post['post_title']; ?> 39 | 40 | 41 | 46 | 49 | 54 | 55 | $post['user_name'], 'class' => 'img-fluid rounded' ) ); ?> 56 | 57 | 61 | 62 | Edit 63 | 64 | Delete 65 | 66 | 67 |
73 | 74 | 75 | 76 | 77 |
Empty.
78 | 79 |
80 |
81 | -------------------------------------------------------------------------------- /database.sql: -------------------------------------------------------------------------------- 1 | CREATE DATABASE IF NOT EXISTS `crud-mvc-oop-pdo`; 2 | 3 | USE `crud-mvc-oop-pdo`; 4 | 5 | /* 6 | +--------------+--------------+------+-----+-------------------+-----------------------------+ 7 | | Field | Type | Null | Key | Default | Extra | 8 | +--------------+--------------+------+-----+-------------------+-----------------------------+ 9 | | post_id | INT(11) | NO | PRI | NULL | AUTO_INCREMENT | 10 | | post_created | DATETIME | NO | | CURRENT_TIMESTAMP | | 11 | | post_updated | DATETIME | NO | | CURRENT_TIMESTAMP | ON UPDATE CURRENT_TIMESTAMP | 12 | | post_title | VARCHAR(255) | NO | | NULL | | 13 | | post_author | INT(11) | NO | | NULL | | 14 | | post_content | TEXT | NO | | NULL | | 15 | | post_cover | VARCHAR(255) | NO | | NULL | | 16 | +--------------+--------------+------+-----+-------------------+-----------------------------+ 17 | */ 18 | CREATE TABLE IF NOT EXISTS `posts` ( 19 | `post_id` INT(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, 20 | `post_created` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, 21 | `post_updated` DATETIME NOT NULL ON UPDATE CURRENT_TIMESTAMP, 22 | `post_title` VARCHAR(255) NOT NULL, 23 | `post_author` INT(11) NOT NULL, 24 | `post_content` TEXT NOT NULL, 25 | `post_cover` VARCHAR(255) NOT NULL 26 | ) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci; 27 | 28 | /* 29 | +---------------+--------------+------+-----+-------------------+-----------------------------+ 30 | | Field | Type | Null | Key | Default | Extra | 31 | +---------------+--------------+------+-----+-------------------+-----------------------------+ 32 | | user_id | INT(11) | NO | PRI | NULL | AUTO_INCREMENT | 33 | | user_created | DATETIME | NO | | CURRENT_TIMESTAMP | | 34 | | user_updated | DATETIME | NO | | CURRENT_TIMESTAMP | ON UPDATE CURRENT_TIMESTAMP | 35 | | user_name | VARCHAR(255) | NO | | NULL | | 36 | | user_email | VARCHAR(255) | NO | | NULL | | 37 | | user_password | VARCHAR(255) | NO | | NULL | | 38 | | user_role | VARCHAR(20) | NO | | NULL | | 39 | +---------------+--------------+------+-----+-------------------+-----------------------------+ 40 | */ 41 | CREATE TABLE IF NOT EXISTS `users` ( 42 | `user_id` INT(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, 43 | `user_created` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, 44 | `user_updated` DATETIME NOT NULL ON UPDATE CURRENT_TIMESTAMP, 45 | `user_name` VARCHAR(255) NOT NULL, 46 | `user_email` VARCHAR(255) NOT NULL, 47 | `user_password` VARCHAR(255) NOT NULL, 48 | `user_role` VARCHAR(20) NOT NULL 49 | ) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci; 50 | -------------------------------------------------------------------------------- /core/classes/Sql.php: -------------------------------------------------------------------------------- 1 | and = $query_part; 59 | 60 | return $this; 61 | } 62 | 63 | // As 64 | public function as( string $options ) 65 | { 66 | $query_part = 'AS ' . $options; 67 | $this->as = $query_part; 68 | 69 | return $this; 70 | } 71 | 72 | // Delete 73 | public function delete() 74 | { 75 | $query_part = 'DELETE'; 76 | $this->delete = $query_part; 77 | 78 | return $this; 79 | } 80 | 81 | // From 82 | public function from( string $options ) 83 | { 84 | $query_part = 'FROM ' . $options; 85 | $this->from = $query_part; 86 | 87 | return $this; 88 | } 89 | 90 | // Inner Join 91 | public function innerJoin( string $options ) 92 | { 93 | $query_part = 'INNER JOIN ' . $options; 94 | $this->innerJoin = $query_part; 95 | 96 | return $this; 97 | } 98 | 99 | // Insert Into 100 | public function insertInto( string $options ) 101 | { 102 | $query_part = 'INSERT INTO ' . $options; 103 | $this->insertInto = $query_part; 104 | 105 | return $this; 106 | } 107 | 108 | // Limit 109 | public function limit( string $options ) 110 | { 111 | $query_part = 'LIMIT ' . $options; 112 | $this->limit = $query_part; 113 | 114 | return $this; 115 | } 116 | 117 | // On 118 | public function on( string $options ) 119 | { 120 | $query_part = 'ON ' . $options; 121 | $this->on = $query_part; 122 | 123 | return $this; 124 | } 125 | 126 | // Or 127 | public function or( string $options ) 128 | { 129 | $query_part = 'OR ' . $options; 130 | $this->or = $query_part; 131 | 132 | return $this; 133 | } 134 | 135 | // Order By 136 | public function orderBy( string $options ) 137 | { 138 | $query_part = 'ORDER BY ' . $options; 139 | $this->orderBy = $query_part; 140 | 141 | return $this; 142 | } 143 | 144 | // Select 145 | public function select( string $options = '*' ) 146 | { 147 | $query_part = 'SELECT ' . $options; 148 | $this->select = $query_part; 149 | 150 | return $this; 151 | } 152 | 153 | // Set 154 | public function set( string $options ) 155 | { 156 | $query_part = 'SET ' . $options; 157 | $this->set = $query_part; 158 | 159 | return $this; 160 | } 161 | 162 | // Update 163 | public function update( string $options ) 164 | { 165 | $query_part = 'UPDATE ' . $options; 166 | $this->update = $query_part; 167 | 168 | return $this; 169 | } 170 | 171 | // Values 172 | public function values( string $options ) 173 | { 174 | $query_part = 'VALUES ' . $options; 175 | $this->values = $query_part; 176 | 177 | return $this; 178 | } 179 | 180 | // Where 181 | public function where( string $options ) 182 | { 183 | $query_part = 'WHERE ' . $options; 184 | $this->where = $query_part; 185 | 186 | return $this; 187 | } 188 | 189 | } 190 | -------------------------------------------------------------------------------- /app/controllers/PostsController.php: -------------------------------------------------------------------------------- 1 | model( 'PostsModel' ); 20 | 21 | $pagination = $this->PostsModel->pagination( 'posts', ( int )$_GET['page'], 5 ); 22 | $sort = $this->PostsModel->sort( 'post_', ( string )$_GET['sort'], array( 'title', 'time', 'content', 'author' ) ); 23 | 24 | $posts = $this->PostsModel->readPosts( $pagination, $sort ); 25 | 26 | $data = array( 27 | 'title' => 'Posts', 28 | 'posts' => $posts, 29 | 'pagination' => $pagination, 30 | ); 31 | 32 | $this->view( 'posts/posts', $data ); 33 | } 34 | 35 | /** 36 | * Post 37 | * 38 | * http://localhost/posts/post/[$post_id] 39 | */ 40 | public function post( $post_id = 0 ) : void 41 | { 42 | $this->model( 'PostsModel' ); 43 | 44 | $post = $this->PostsModel->readPost( ( int )$post_id ); 45 | 46 | $data = array( 47 | 'title' => $post['post_title'] ?? '', 48 | 'post' => $post, 49 | ); 50 | 51 | $this->view( 'posts/post', $data ); 52 | } 53 | 54 | /** 55 | * Add 56 | * 57 | * http://localhost/posts/add 58 | */ 59 | public function add() : void 60 | { 61 | $this->model( 'PostsModel' ); 62 | 63 | if ( ! User::login() ) { 64 | Site::redirect( '/users/sign_in' ); 65 | } 66 | 67 | if ( isset( $_POST['post-add'] ) ) { 68 | try { 69 | $this->PostsModel->addPost( array( 70 | 'title' => $_POST['post-title'], 71 | 'author' => $_SESSION['user']['id'], 72 | 'content' => $_POST['post-content'], 73 | 'cover' => $_FILES['post-cover'], 74 | ) ); 75 | } catch ( ValidationException $e ) { 76 | $errors = $e->getError(); 77 | } 78 | } 79 | 80 | $data = array( 81 | 'title' => 'Add Post', 82 | 'errors' => $errors, 83 | ); 84 | 85 | $this->view( 'posts/add', $data ); 86 | } 87 | 88 | /** 89 | * Edit 90 | * 91 | * http://localhost/posts/edit/[$post_id] 92 | */ 93 | public function edit( $post_id = 0 ) : void 94 | { 95 | $this->model( 'PostsModel' ); 96 | 97 | $post = $this->PostsModel->readPost( ( int )$post_id ); 98 | 99 | if ( ! User::author( ( int )$post['post_author'] ) && ! User::role( array( 'admin', 'editor' ) ) ) { 100 | Site::redirect( '/' ); 101 | } 102 | 103 | if ( isset( $_POST['post-edit'] ) ) { 104 | try { 105 | $this->PostsModel->editPost( array( 106 | 'id' => ( int )$post_id, 107 | 'title' => $_POST['post-title'], 108 | 'content' => $_POST['post-content'], 109 | 'cover' => $_FILES['post-cover'], 110 | ) ); 111 | } catch ( ValidationException $e ) { 112 | $errors = $e->getError(); 113 | } 114 | } 115 | 116 | $data = array( 117 | 'title' => 'Edit ' . $post['post_title'], 118 | 'post' => $post, 119 | 'errors' => $errors, 120 | ); 121 | 122 | $this->view( 'posts/edit', $data ); 123 | } 124 | 125 | /** 126 | * Delete 127 | * 128 | * http://localhost/posts/delete/[$post_id] 129 | */ 130 | public function delete( $post_id = 0 ) : void 131 | { 132 | $this->model( 'PostsModel' ); 133 | 134 | $post = $this->PostsModel->readPost( ( int )$post_id ); 135 | 136 | if ( ! User::author( $post['post_author'] ) && ! User::role( array( 'admin' ) ) ) { 137 | Site::redirect( '/' ); 138 | } 139 | 140 | if ( ! empty( $post['post_cover'] ) ) { 141 | File::delete( $post['post_cover'] ); 142 | } 143 | 144 | $this->PostsModel->deletePost( ( int )$post_id ); 145 | } 146 | 147 | } 148 | 149 | class_alias( 'PostsController', 'Posts' ); 150 | -------------------------------------------------------------------------------- /app/views/users/edit.php: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 |
13 | 14 |
15 |
16 | $user['user_name'], 'class' => 'img-fluid rounded mb-3 w-100' ) ); ?> 17 | 18 |

Change your Gravatar.

19 |

Last edit

20 | Cancel 21 |
22 | 23 |
24 |

Edit

25 | 26 | 27 | 28 |
29 |
30 |
31 |
32 | 33 | 34 |
35 | 36 |
37 | 38 | 39 |
40 | 41 | 42 |
43 |
44 |
45 | 46 | 47 |
48 |
49 |
50 |
51 | 52 | 58 |
59 | 60 | 61 |
62 |
63 |
64 | 65 | 66 | 67 |
68 |
69 |

Change password

70 | 71 |
72 |
73 | 74 | 75 |
76 | 77 |
78 | 79 | 80 |
81 | 82 |
83 | 84 | 85 |
86 | 87 | 88 |
89 |
90 |
91 | 92 | 93 |
94 |
95 |

Delete

96 | Delete 97 |
98 |
99 |
100 |
101 | 102 |
Empty
103 | 104 |
105 |
106 | -------------------------------------------------------------------------------- /app/models/PostsModel.php: -------------------------------------------------------------------------------- 1 | select( 'post_id, post_created, post_updated, post_title, post_content, post_author, post_cover, user_id, user_name, user_email' ) 19 | ->from( 'posts' ) 20 | ->innerJoin( 'users' ) 21 | ->on( 'posts.post_author = users.user_id' ) 22 | ->orderBy( $sort['by'] . ' ' . $sort['order'] ) 23 | ->limit( $pagination['start'] . ', ' . $pagination['perpage'] ) 24 | ->get(); 25 | 26 | $stmt = $this->db->prepare( $sql ); 27 | $stmt->execute(); 28 | 29 | return $stmt->fetchAll( PDO::FETCH_ASSOC ); 30 | } 31 | 32 | /** 33 | * Read Post 34 | */ 35 | public function readPost( int $post_id ) 36 | { 37 | $sql = Sql::query() 38 | ->select( 'post_id, post_created, post_updated, post_title, post_content, post_author, post_cover, user_id, user_name, user_email' ) 39 | ->from( 'posts' ) 40 | ->innerJoin( 'users' ) 41 | ->on( 'posts.post_author = users.user_id' ) 42 | ->where( 'post_id = :id' ) 43 | ->get(); 44 | 45 | $data = array( 46 | 'id' => $post_id, 47 | ); 48 | 49 | $stmt = $this->db->prepare( $sql ); 50 | $this->bind( $stmt, $data ); 51 | $stmt->execute(); 52 | 53 | return $stmt->fetch( PDO::FETCH_ASSOC ); 54 | } 55 | 56 | /** 57 | * Add Post 58 | */ 59 | public function addPost( array $post ) : void 60 | { 61 | Str::validate( $post['title'], true, 255 ); 62 | Str::validate( $post['content'] ); 63 | File::validate( $post['cover'], array( 'image/jpg', 'image/jpeg', 'image/png', 'image/gif' ), 5000000 ); 64 | 65 | $post_title = Str::clean( $post['title'] ); 66 | $post_author = Str::clean( $post['author'] ); 67 | $post_content = Str::clean( $post['content'], false ); 68 | $post_cover = File::upload( $post['cover'] ); 69 | 70 | $sql = Sql::query() 71 | ->insertInto( 'posts ( post_title, post_author, post_content, post_cover )' ) 72 | ->values( '( :title, :author, :content, :cover )' ) 73 | ->get(); 74 | 75 | $data = array( 76 | 'title' => $post_title, 77 | 'author' => $post_author, 78 | 'content' => $post_content, 79 | 'cover' => $post_cover, 80 | ); 81 | 82 | $stmt = $this->db->prepare( $sql ); 83 | $this->bind( $stmt, $data ); 84 | $stmt->execute(); 85 | 86 | Site::redirect( '/' ); 87 | } 88 | 89 | /** 90 | * Edit Post 91 | */ 92 | public function editPost( array $post ) : void 93 | { 94 | Str::validate( $post['title'], true, 255 ); 95 | Str::validate( $post['content'] ); 96 | File::validate( $post['cover'], array( 'image/jpg', 'image/jpeg', 'image/png', 'image/gif' ), 5000000 ); 97 | 98 | $post_id = $post['id']; 99 | $post_title = Str::clean( $post['title'] ); 100 | $post_content = Str::clean( $post['content'], false ); 101 | 102 | $current_post = $this->readPost( $post_id ); 103 | if ( $post['cover']['error'] === 0 ) { 104 | File::delete( $current_post['post_cover'] ); 105 | $post_cover = File::upload( $post['cover'] ); 106 | } elseif ( $post['cover']['error'] === 4 ) { 107 | File::delete( $current_post['post_cover'] ); 108 | $post_cover = ''; 109 | } 110 | 111 | $sql = Sql::query() 112 | ->update( 'posts' ) 113 | ->set( 'post_title = :title, post_content = :content, post_cover = :cover' ) 114 | ->where( 'post_id = :id' ) 115 | ->get(); 116 | 117 | $data = array( 118 | 'id' => $post_id, 119 | 'title' => $post_title, 120 | 'content' => $post_content, 121 | 'cover' => $post_cover, 122 | ); 123 | 124 | $stmt = $this->db->prepare( $sql ); 125 | $this->bind( $stmt, $data ); 126 | $stmt->execute(); 127 | 128 | Site::redirect( '/posts/edit/' . $post_id ); 129 | } 130 | 131 | /** 132 | * Delete Post 133 | */ 134 | public function deletePost( int $post_id ) : void 135 | { 136 | $sql = Sql::query() 137 | ->delete() 138 | ->from( 'posts' ) 139 | ->where( 'post_id = :id' ) 140 | ->get(); 141 | 142 | $data = array( 143 | 'id' => $post_id, 144 | ); 145 | 146 | $stmt = $this->db->prepare( $sql ); 147 | $this->bind( $stmt, $data ); 148 | $stmt->execute(); 149 | 150 | Site::redirect( '/' ); 151 | } 152 | 153 | } 154 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CRUD MVC OOP PDO 2 | 3 | A simple and intuitive CRUD system using the MVC pattern in OOP paradigm. To connect to the database using PDO. 4 | 5 | ![crud mvc oop pdo](screenshot.png) 6 | 7 | ## STRUCTURE 8 | 9 | ``` 10 | ├── app 11 | │ ├── controllers 12 | | | ├── MainController.php 13 | | | ├── PostsController.php 14 | | | └── UsersController.php 15 | │ ├── models 16 | | | ├── PostsModel.php 17 | | | └── UsersModel.php 18 | | └── views 19 | | ├── posts 20 | | │ ├── add.php 21 | | │ ├── edit.php 22 | | │ ├── post.php 23 | | | └── posts.php 24 | | ├── users 25 | | │ ├── edit.php 26 | | │ ├── panel.php 27 | | │ ├── sign-in.php 28 | | │ ├── sign-up.php 29 | | │ ├── user.php 30 | | | └── users.php 31 | | ├── footer.php 32 | | ├── header.php 33 | | └── pagination.php 34 | ├── core 35 | │ ├── classes 36 | | │ ├── Controller.php 37 | | | ├── Model.php 38 | | | ├── Sql.php 39 | | | └── ValidationException.php 40 | │ ├── config 41 | | │ ├── database.php 42 | | | └── session.php 43 | │ ├── helpers 44 | | │ ├── Email.php 45 | | │ ├── Errors.php 46 | | │ ├── File.php 47 | | │ ├── Site.php 48 | | │ ├── Str.php 49 | | │ ├── Time.php 50 | | | └── User.php 51 | | └── App.php 52 | ├── public 53 | │ ├── assets 54 | │ │ ├── css 55 | │ │ │ └── style.css 56 | │ | └── js 57 | │ │ └── main.js 58 | │ └── uploads 59 | │ └── .empty 60 | ├── .htaccess 61 | ├── LICENSE 62 | ├── README.md 63 | ├── database.sql 64 | ├── error.log 65 | ├── index.php 66 | ├── install.php 67 | ├── screenshot.png 68 | └── version.json 69 | ``` 70 | 71 | ## REQUIREMENTS 72 | 73 | ### System requirements 74 | 75 | - Apache. 76 | - PHP 7.2.0 or higher. 77 | 78 | ### PHP extensions 79 | 80 | - PHP [Data Objects (PDO)](https://www.php.net/manual/en/book.pdo.php) module for accessing databases. 81 | - PHP [mbstring](http://php.net/manual/en/book.mbstring.php) module for full UTF-8 support. 82 | - PHP [gd](http://php.net/manual/en/book.image.php) or [ImageMagick](http://php.net/manual/en/book.imagick.php) module for image processing. 83 | - PHP [JSON](https://php.net/manual/en/book.json.php) module for JSON manipulation. 84 | - PHP [Fileinfo](https://www.php.net/manual/en/book.fileinfo.php). 85 | - PHP [SPL](https://www.php.net/manual/en/book.spl.php). 86 | - PHP [DOM](https://www.php.net/manual/ru/class.domdocument.php). 87 | 88 | ### Database 89 | 90 | - [MySQL](https://www.mysql.com/) or [MariaDB](https://mariadb.com/). 91 | 92 | ## CONFIG 93 | 94 | ### Database 95 | 96 | ```php 97 | $this->config['db'] = array( 98 | 'driver' => 'mysql', 99 | 'host' => 'localhost', 100 | 'username' => 'root', 101 | 'password' => '', 102 | 'name' => 'crud-mvc-oop-pdo' 103 | ); 104 | ``` 105 | 106 | ### Session 107 | 108 | ```php 109 | $this->config['session-name'] = 'SID'; 110 | ``` 111 | 112 | ## DATABASE 113 | 114 | ### Posts 115 | 116 | | Field | Type | Null | Key | Default | Extra | 117 | |:-------------|:-------------|:-----|:----|:------------------|:----------------------------| 118 | | post_id | INT(11) | NO | PRI | NULL | AUTO_INCREMENT | 119 | | post_created | DATETIME | NO | | CURRENT_TIMESTAMP | | 120 | | post_updated | DATETIME | NO | | CURRENT_TIMESTAMP | ON UPDATE CURRENT_TIMESTAMP | 121 | | post_title | VARCHAR(255) | NO | | NULL | | 122 | | post_author | INT(11) | NO | | NULL | | 123 | | post_content | TEXT | NO | | NULL | | 124 | | post_cover | VARCHAR(255) | NO | | NULL | | 125 | 126 | ### Users 127 | 128 | | Field | Type | Null | Key | Default | Extra | 129 | |:--------------|:-------------|:-----|:----|:------------------|:----------------------------| 130 | | user_id | INT(11) | NO | PRI | NULL | AUTO_INCREMENT | 131 | | user_created | DATETIME | NO | | CURRENT_TIMESTAMP | | 132 | | user_updated | DATETIME | NO | | CURRENT_TIMESTAMP | ON UPDATE CURRENT_TIMESTAMP | 133 | | user_name | VARCHAR(255) | NO | | NULL | | 134 | | user_email | VARCHAR(255) | NO | | NULL | | 135 | | user_password | VARCHAR(255) | NO | | NULL | | 136 | | user_role | VARCHAR(20) | NO | | NULL | | 137 | 138 | ## CONTRIBUTOR 139 | 140 | Oleksandr Klochko [@utoyvo](https://github.com/utoyvo) 141 | 142 | ## LICENSE 143 | 144 | Code released under the [MIT License](LICENSE). 145 | -------------------------------------------------------------------------------- /app/controllers/UsersController.php: -------------------------------------------------------------------------------- 1 | model( 'UsersModel' ); 20 | 21 | $pagination = $this->UsersModel->pagination( 'users', ( int )$_GET['page'], 5 ); 22 | $sort = $this->UsersModel->sort( 'user_', ( string )$_GET['sort'], array( 'name', 'email', 'role', 'time' ) ); 23 | 24 | $users = $this->UsersModel->readUsers( $pagination, $sort ); 25 | 26 | $data = array( 27 | 'title' => 'Users', 28 | 'users' => $users, 29 | 'pagination' => $pagination, 30 | ); 31 | 32 | $this->view( 'users/users', $data ); 33 | } 34 | 35 | /** 36 | * User 37 | * 38 | * http://localhost/users/user/[$user_id] 39 | */ 40 | public function user( $user_id = 0 ) : void 41 | { 42 | $this->model( 'UsersModel' ); 43 | 44 | $user = $this->UsersModel->readUser( ( int )$user_id ); 45 | 46 | $data = array( 47 | 'title' => '@' . $user['user_name'], 48 | 'user' => $user, 49 | ); 50 | 51 | $this->view( 'users/user', $data ); 52 | } 53 | 54 | /** 55 | * Sign Up 56 | * 57 | * http://localhost/users/sign_up 58 | */ 59 | public function sign_up() : void 60 | { 61 | $this->model( 'UsersModel' ); 62 | 63 | if ( User::login() ) { 64 | Site::redirect( '/' ); 65 | } 66 | 67 | $role = file_exists( 'install.php' ) ? 'admin' : 'user'; 68 | 69 | if ( isset( $_POST['sign-up'] ) ) { 70 | try { 71 | $this->UsersModel->signUp( array( 72 | 'name' => $_POST['user-name'], 73 | 'email' => $_POST['user-email'], 74 | 'password' => $_POST['user-password'], 75 | 'role' => $role, 76 | ) ); 77 | } catch ( ValidationException $e ) { 78 | $errors = $e->getError(); 79 | } 80 | } 81 | 82 | $data = array( 83 | 'title' => 'Sign Up', 84 | 'errors' => $errors, 85 | ); 86 | 87 | $this->view( 'users/sign-up', $data ); 88 | } 89 | 90 | /** 91 | * Sign In 92 | * 93 | * http://localhost/users/sign_in 94 | */ 95 | public function sign_in() : void 96 | { 97 | $this->model( 'UsersModel' ); 98 | 99 | if ( User::login() ) { 100 | Site::redirect( '/' ); 101 | } 102 | 103 | if ( isset( $_POST['sign-in'] ) ) { 104 | try { 105 | $this->UsersModel->signIn( array( 106 | 'name' => $_POST['user-name'], 107 | 'password' => $_POST['user-password'], 108 | ) ); 109 | } catch ( ValidationException $e ) { 110 | $errors = $e->getError(); 111 | } 112 | } 113 | 114 | $data = array( 115 | 'title' => 'Sign In', 116 | 'errors' => $errors, 117 | ); 118 | 119 | $this->view( 'users/sign-in', $data ); 120 | } 121 | 122 | /** 123 | * Sign Out 124 | * 125 | * http://localhost/users/sign_out 126 | */ 127 | public function sign_out() : void 128 | { 129 | $this->model( 'UsersModel' ); 130 | 131 | if ( User::login() ) { 132 | $this->UsersModel->signOut(); 133 | } 134 | } 135 | 136 | /** 137 | * Edit 138 | * 139 | * http://localhost/users/edit/[$user_id] 140 | */ 141 | public function edit( $user_id = 0 ) : void 142 | { 143 | $this->model( 'UsersModel' ); 144 | 145 | $user = $this->UsersModel->readUser( ( int )$user_id ); 146 | 147 | if ( ! User::author( ( int )$user_id ) && ! User::role( array( 'admin' ) ) ) { 148 | Site::redirect( '/' ); 149 | } 150 | 151 | if ( isset( $_POST['user-edit'] ) ) { 152 | try { 153 | $this->UsersModel->editUser( array( 154 | 'id' => ( int )$user_id, 155 | 'name' => $_POST['user-name'], 156 | 'email' => $_POST['user-email'], 157 | 'role' => $_POST['user-role'], 158 | ) ); 159 | } catch ( ValidationException $e ) { 160 | $errors = $e->getError(); 161 | } 162 | } 163 | 164 | if ( ! User::author( $user_id ) ) { 165 | if ( isset( $_POST['user-change-role'] ) ) { 166 | try { 167 | $this->UsersModel->changeUserRole( array( 168 | 'id' => ( int )$user_id, 169 | 'role' => $_POST['user-role'], 170 | ) ); 171 | } catch ( ValidationException $e ) { 172 | $errors = $e->getError(); 173 | } 174 | } 175 | } 176 | 177 | if ( isset( $_POST['user-change-password'] ) ) { 178 | try { 179 | $this->UsersModel->changeUserPassword( array( 180 | 'id' => ( int )$user_id, 181 | 'old-password' => $_POST['old-password'], 182 | 'new-password' => $_POST['new-password'], 183 | 'confirm-new-password' => $_POST['confirm-new-password'], 184 | ) ); 185 | } catch ( ValidationException $e ) { 186 | $errors = $e->getError(); 187 | } 188 | } 189 | 190 | $data = array( 191 | 'title' => 'Edit @' . $user['user_name'], 192 | 'user' => $user, 193 | 'errors' => $errors, 194 | ); 195 | 196 | $this->view( 'users/edit', $data ); 197 | } 198 | 199 | /** 200 | * Delete 201 | * 202 | * http://localhost/users/delete/[$user_id] 203 | */ 204 | public function delete( $user_id = 0 ) : void 205 | { 206 | $this->model( 'UsersModel' ); 207 | 208 | if ( User::author( ( int )$user_id ) || User::role( array( 'admin' ) ) ) { 209 | $this->UsersModel->deleteUser( ( int )$user_id ); 210 | } 211 | } 212 | 213 | } 214 | 215 | class_alias( 'UsersController', 'Users' ); 216 | -------------------------------------------------------------------------------- /app/models/UsersModel.php: -------------------------------------------------------------------------------- 1 | select( 'user_id, user_created, user_updated, user_name, user_email, user_role' ) 19 | ->from( 'users' ) 20 | ->orderBy( $sort['by'] . ' ' . $sort['order'] ) 21 | ->limit( $pagination['start'] . ', ' . $pagination['perpage'] ) 22 | ->get(); 23 | 24 | $stmt = $this->db->prepare( $sql ); 25 | $stmt->execute(); 26 | 27 | return $stmt->fetchAll( PDO::FETCH_ASSOC ); 28 | } 29 | 30 | /** 31 | * Read User 32 | */ 33 | public function readUser( int $user_id ) 34 | { 35 | $sql = Sql::query() 36 | ->select( 'user_id, user_created, user_updated, user_name, user_email, user_role' ) 37 | ->from( 'users' ) 38 | ->where( 'user_id = :id' ) 39 | ->get(); 40 | 41 | $data = array( 42 | 'id' => $user_id, 43 | ); 44 | 45 | $stmt = $this->db->prepare( $sql ); 46 | $this->bind( $stmt, $data ); 47 | $stmt->execute(); 48 | 49 | return $stmt->fetch( PDO::FETCH_ASSOC ); 50 | } 51 | 52 | /** 53 | * Sign Up 54 | */ 55 | public function signUp( array $user ) : void 56 | { 57 | Str::validate( $user['name'], true, 255 ); 58 | Email::validate( $user['email'] ); 59 | Str::validate( $user['password'], true, 255 ); 60 | 61 | $user_name = Str::clean( $user['name'] ); 62 | $user_email = Str::clean( $user['email'] ); 63 | $user_password = password_hash( $user['password'], PASSWORD_DEFAULT ); 64 | $user_role = in_array( $user['role'], array( 'admin', 'editor', 'user' ) ) ? $user['role'] : 'user'; 65 | 66 | if ( ! empty( $user_name ) && ! empty( $user_email ) ) { 67 | $sql = Sql::query() 68 | ->select( 'user_name, user_email' ) 69 | ->from( 'users' ) 70 | ->where( 'user_name = :name' ) 71 | ->or( 'user_email = :email' ) 72 | ->get(); 73 | 74 | $data = array( 75 | 'name' => $user_name, 76 | 'email' => $user_email, 77 | ); 78 | 79 | $stmt = $this->db->prepare( $sql ); 80 | $this->bind( $stmt, $data ); 81 | $stmt->execute(); 82 | 83 | if ( ! empty( $stmt->fetch( PDO::FETCH_ASSOC ) ) ) { 84 | $errors[] = 'Username or Email already exists.'; 85 | throw new ValidationException( $errors ); 86 | } 87 | } 88 | 89 | $sql = Sql::query() 90 | ->insertInto( 'users ( user_name, user_email, user_password, user_role )' ) 91 | ->values( '( :name, :email, :password, :role )' ) 92 | ->get(); 93 | 94 | $data = array( 95 | 'name' => $user_name, 96 | 'email' => $user_email, 97 | 'password' => $user_password, 98 | 'role' => $user_role, 99 | ); 100 | 101 | $stmt = $this->db->prepare( $sql ); 102 | $this->bind( $stmt, $data ); 103 | $stmt->execute(); 104 | 105 | if ( file_exists( 'install.php' ) ) { 106 | unlink( 'install.php' ); 107 | } 108 | 109 | Site::redirect( '/users/sign_in' ); 110 | } 111 | 112 | /** 113 | * Sign In 114 | */ 115 | public function signIn( array $user ) : void 116 | { 117 | Str::validate( $user['name'], true, 255 ); 118 | Str::validate( $user['password'], true, 255 ); 119 | 120 | $user_name = Str::clean( $user['name'] ); 121 | $user_password = Str::clean( $user['password'] ); 122 | 123 | $sql = Sql::query() 124 | ->select( 'user_id, user_name, user_email, user_password, user_role' ) 125 | ->from( 'users' ) 126 | ->where( 'user_name = :name' ) 127 | ->get(); 128 | 129 | $data = array( 130 | 'name' => $user_name, 131 | ); 132 | 133 | $stmt = $this->db->prepare( $sql ); 134 | $this->bind( $stmt, $data ); 135 | $stmt->execute(); 136 | 137 | $user = $stmt->fetch( PDO::FETCH_ASSOC ); 138 | 139 | if ( ! empty( $user ) ) { 140 | if ( password_verify( $user_password, $user['user_password'] ) ) { 141 | $_SESSION['user']['id'] = $user['user_id']; 142 | $_SESSION['user']['name'] = $user['user_name']; 143 | $_SESSION['user']['email'] = $user['user_email']; 144 | $_SESSION['user']['role'] = $user['user_role']; 145 | 146 | Site::redirect( '/users/user/' . $user['user_id'] ); 147 | } else { 148 | $errors[] = 'Invalid password'; 149 | } 150 | } else { 151 | $errors[] = 'User does not exist'; 152 | } 153 | 154 | if ( ! empty( $errors ) ) { 155 | throw new ValidationException( $errors ); 156 | } 157 | } 158 | 159 | /** 160 | * Sign Out 161 | */ 162 | public function signOut( $redirect = '/' ) : void 163 | { 164 | $_SESSION = []; 165 | session_unset(); 166 | 167 | Site::redirect( $redirect ); 168 | } 169 | 170 | /** 171 | * Edit User 172 | */ 173 | public function editUser( array $user ) : void 174 | { 175 | Str::validate( $user['name'], true, 255 ); 176 | Email::validate( $user['email'] ); 177 | 178 | $user_id = ( int )$user['id']; 179 | $user_name = Str::clean( $user['name'] ); 180 | $user_email = Str::clean( $user['email'] ); 181 | 182 | if ( ! empty( $user_name ) && ! empty( $user_email ) ) { 183 | $sql = Sql::query() 184 | ->select( 'user_name, user_email' ) 185 | ->from( 'users' ) 186 | ->where( 'user_name = :name' ) 187 | ->or( 'user_email = :email' ) 188 | ->get(); 189 | 190 | $data = array( 191 | 'name' => $user_name, 192 | 'email' => $user_email, 193 | ); 194 | 195 | $stmt = $this->db->prepare( $sql ); 196 | $this->bind( $stmt, $data ); 197 | $stmt->execute(); 198 | 199 | if ( ! empty( $stmt->fetch( PDO::FETCH_ASSOC ) ) ) { 200 | $errors[] = 'Username or Email already exists.'; 201 | throw new ValidationException( $errors ); 202 | } 203 | } 204 | 205 | if ( User::author( $user['id'] ) ) { 206 | $_SESSION['user']['name'] = $user_name; 207 | $_SESSION['user']['email'] = $user_email; 208 | } 209 | 210 | $sql = Sql::query() 211 | ->update( 'users' ) 212 | ->set( 'user_name = :name, user_email = :email' ) 213 | ->where( 'user_id = :id' ) 214 | ->get(); 215 | 216 | $data = array( 217 | 'id' => $user_id, 218 | 'name' => $user_name, 219 | 'email' => $user_email, 220 | ); 221 | 222 | $stmt = $this->db->prepare( $sql ); 223 | $this->bind( $stmt, $data ); 224 | $stmt->execute(); 225 | 226 | Site::redirect( '/users/edit/' . $user_id ); 227 | } 228 | 229 | /** 230 | * Change User Role 231 | */ 232 | public function changeUserRole( array $user ) : void 233 | { 234 | Str::validate( $user['role'], true, 20 ); 235 | 236 | $user_id = ( int )$user['id']; 237 | $user_role = in_array( $user['role'], array( 'admin', 'editor', 'user' ) ) ? $user['role'] : 'user'; 238 | 239 | $sql = Sql::query() 240 | ->update( 'users' ) 241 | ->set( 'user_role = :role' ) 242 | ->where( 'user_id = :id' ) 243 | ->get(); 244 | 245 | $data = array( 246 | 'id' => $user_id, 247 | 'role' => $user_role, 248 | ); 249 | 250 | $stmt = $this->db->prepare( $sql ); 251 | $this->bind( $stmt, $data ); 252 | $stmt->execute(); 253 | 254 | Site::redirect( '/users/edit/' . $user_id ); 255 | } 256 | 257 | /** 258 | * Change User Password 259 | */ 260 | public function changeUserPassword( array $user ) : void 261 | { 262 | Str::validate( $user['old-password'], true, 255 ); 263 | Str::validate( $user['new-password'], true, 255 ); 264 | Str::validate( $user['confirm-new-password'], true, 255 ); 265 | 266 | $user_id = ( int )$user['id']; 267 | $user_old_password = Str::clean( $user['old-password'] ); 268 | $user_new_password = Str::clean( $user['new-password'] ); 269 | $user_confirm_new_password = Str::clean( $user['confirm-new-password'] ); 270 | 271 | $sql = Sql::query() 272 | ->select( 'user_password' ) 273 | ->from( 'users' ) 274 | ->where( 'user_id = :id' ) 275 | ->get(); 276 | 277 | $data = array( 278 | 'id' => $user_id, 279 | ); 280 | 281 | $stmt = $this->db->prepare( $sql ); 282 | $this->bind( $stmt, $data ); 283 | $stmt->execute(); 284 | 285 | $user = $stmt->fetch( PDO::FETCH_ASSOC ); 286 | 287 | if ( password_verify( $user_old_password, $user['user_password'] ) ) { 288 | if ( $user_new_password == $user_confirm_new_password ) { 289 | $user_password = password_hash( $user_new_password, PASSWORD_DEFAULT ); 290 | 291 | $sql = Sql::query() 292 | ->update( 'users' ) 293 | ->set( 'user_password = :password' ) 294 | ->where( 'user_id = :id' ) 295 | ->get(); 296 | 297 | $data = array( 298 | 'id' => $user_id, 299 | 'password' => $user_password, 300 | ); 301 | 302 | $stmt = $this->db->prepare( $sql ); 303 | $this->bind( $stmt, $data ); 304 | $stmt->execute(); 305 | 306 | $this->signOut( '/users/sign_in' ); 307 | } else { 308 | $errors[] = 'New password does not match.'; 309 | } 310 | } else { 311 | $errors[] = 'Old password is entered incorrectly.'; 312 | } 313 | 314 | if ( ! empty( $errors ) ) { 315 | throw new ValidationException( $errors ); 316 | } 317 | } 318 | 319 | /** 320 | * Delete User 321 | */ 322 | public function deleteUser( int $user_id ) : void 323 | { 324 | $sql = Sql::query() 325 | ->delete() 326 | ->from( 'users' ) 327 | ->where( 'user_id = :id' ) 328 | ->get(); 329 | 330 | $data = array( 331 | 'id' => $user_id, 332 | ); 333 | 334 | $stmt = $this->db->prepare( $sql ); 335 | $this->bind( $stmt, $data ); 336 | $stmt->execute(); 337 | 338 | if ( User::author( $user_id ) ) { 339 | $this->signOut(); 340 | } elseif ( User::role( array( 'admin' ) ) ) { 341 | Site::redirect( '/users' ); 342 | } 343 | } 344 | 345 | } 346 | --------------------------------------------------------------------------------