1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
| <?php
class User extends Model {
protected function _init ($statement) {
if (isset($this->_statements[$statement]))
return $this->_statements[$statement];
switch ($statement) {
case 'create':
$query = 'INSERT INTO `users` VALUES (NULL,:login,:password,:name,:surname,:group,CURRENT_TIMESTAMP,NULL)';
break;
case 'retrieve':
$query = 'SELECT * FROM `users` WHERE `id`=:id';
break;
case 'update':
$query = 'UPDATE `users` SET `login`=:login, `password`=:password, `name`=:name, `surname`=:surname, '.
'`group`=:group, `creation`=:creation, `last_connection`=:last_connection WHERE `id`=:id';
break;
case 'delete':
$query = 'DELETE FROM `users` WHERE `id`=:id';
break;
default:
throw new RuntimeException("$statement is unexepected for " . __METHOD__);
}
return $this->_statements[$statement] = Database::prepare($query);
}
public static function exists ($username, $password) {
$query = "SELECT `id` FROM `users` WHERE `login`=:login AND `password`=:password";
$stmt = Database::prepare($query);
$password = md5($password);
$stmt->bindParam(':login', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
if ($stmt->execute()) {
if (($row = $stmt->fetch(PDO::FETCH_ASSOC)) !== false)
return new self($row['id']);
return false;
}
else
throw new RuntimeException("Error with query");
}
} |
Partager