-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.php
More file actions
168 lines (152 loc) Β· 5.15 KB
/
config.php
File metadata and controls
168 lines (152 loc) Β· 5.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
<?php
// === [DATABASE CONFIGURATION] ===
define("DB_SERVER", "localhost");
define("DB_USERNAME", "root");
define("DB_PASSWORD", "");
define("DB_NAME", "auth_master_db");
// Dynamically determine the base site URL
define("SITE_PATH", ($_SERVER['REQUEST_SCHEME'] ?? 'http') . "://" . $_SERVER['HTTP_HOST']);
// Set the system timezone to GMT-5
date_default_timezone_set('Etc/GMT-5');
// Define user roles and their corresponding dashboard paths
define('ROLES', [
'admin' => '/admin/',
'user' => '/'
]);
class Database
{
private $conn;
public function __construct()
{
try {
$this->conn = new PDO(
"mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME,
DB_USERNAME,
DB_PASSWORD,
[
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]
);
} catch (PDOException $e) {
die("Database connection error: " . $e->getMessage());
}
}
/**
* Execute an SQL query.
*
* @param string $sql The SQL statement.
* @param array $params Parameters for the prepared statement.
* @return PDOStatement The executed statement.
*/
public function execute($sql, $params = [])
{
try {
$stmt = $this->conn->prepare($sql);
$stmt->execute($params);
return $stmt;
} catch (PDOException $e) {
die("Query Error: " . $e->getMessage());
}
}
/**
* Retrieve records from a database table.
*
* @param string $table Table name.
* @param string $columns Columns to select (default: "*").
* @param string $condition WHERE clause condition (default: none).
* @param array $params Parameters for the condition.
* @return array The result set.
*/
public function select($table, $columns = "*", $condition = "", $params = [])
{
return $this->execute(
"SELECT $columns FROM $table" . ($condition ? " WHERE $condition" : ""),
$params
)->fetchAll();
}
/**
* Insert a new record into a table.
*
* @param string $table Table name.
* @param array $data Associative array of column => value.
* @return int The last inserted ID.
*/
public function insert($table, $data)
{
$keys = implode(', ', array_keys($data));
$placeholders = implode(', ', array_fill(0, count($data), '?'));
$this->execute("INSERT INTO $table ($keys) VALUES ($placeholders)", array_values($data));
return $this->conn->lastInsertId();
}
/**
* Update existing records in a table.
*
* @param string $table Table name.
* @param array $data Associative array of columns and values to update.
* @param string $condition Condition for selecting records to update.
* @param array $params Additional parameters for the condition.
* @return int Number of affected rows.
*/
public function update($table, $data, $condition, $params = [])
{
$set = implode(", ", array_map(fn($k) => "$k = ?", array_keys($data))); // Prepare SET clause
return $this->execute(
"UPDATE $table SET $set WHERE $condition",
array_merge(array_values($data), $params)
)->rowCount();
}
/**
* Delete records from a table.
*
* @param string $table Table name.
* @param string $condition Condition to filter records to delete.
* @param array $params Additional parameters for the condition.
* @return int Number of deleted rows.
*/
public function delete($table, $condition, $params = [])
{
return $this->execute("DELETE FROM $table WHERE $condition", $params)->rowCount();
}
/**
* Count the number of records in a table.
*
* @param string $table Table name.
* @param string $condition Optional condition to filter records.
* @param array $params Additional parameters for the condition.
* @return int The count of matching records.
*/
public function count($table, $condition = "", $params = [])
{
return $this->execute(
"SELECT COUNT(*) as total FROM $table" . ($condition ? " WHERE $condition" : ""),
$params
)->fetch()['total'];
}
/**
* Check if user session is valid and has the required role.
*
* @param string $role Required user role.
*/
public function check_session($role)
{
if (($_SESSION['loggedin'] ?? false) !== true || ($_SESSION['user']['role'] ?? '') !== $role) {
header("Location: " . SITE_PATH . "/login/");
exit;
}
if (!$this->select('active_sessions', '*', 'session_token = ?', [session_id()])) {
header("Location: " . SITE_PATH . "/logout/");
exit;
}
}
/**
* Generate CSRF token and store it in session.
*
* @return string The generated CSRF token.
*/
public function generate_csrf_token()
{
return $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
}