cscg25 continues
This commit is contained in:
32
cscg25/web/canteenfood/challenge/models/AdminModel.php
Normal file
32
cscg25/web/canteenfood/challenge/models/AdminModel.php
Normal file
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
if($_SESSION["admin"] === false){
|
||||
return "You're not welcome. This part is only for canteen workers.";
|
||||
}
|
||||
|
||||
|
||||
class AdminModel {
|
||||
public $filename;
|
||||
public $logcontent;
|
||||
|
||||
public function __construct($filename, $content) {
|
||||
$this->filename = $filename;
|
||||
$this->logcontent = $content;
|
||||
file_put_contents($filename, $content, FILE_APPEND);
|
||||
}
|
||||
|
||||
public function __wakeup() {
|
||||
new LogFile($this->filename, $this->logcontent);
|
||||
}
|
||||
|
||||
public static function read_logs($log) {
|
||||
$contents = file_get_contents($log);
|
||||
return $contents;
|
||||
}
|
||||
}
|
||||
|
||||
class LogFile {
|
||||
public function __construct($filename, $content) {
|
||||
file_put_contents($filename, $content, FILE_APPEND);
|
||||
}
|
||||
}
|
||||
71
cscg25/web/canteenfood/challenge/models/CanteenModel.php
Normal file
71
cscg25/web/canteenfood/challenge/models/CanteenModel.php
Normal file
@@ -0,0 +1,71 @@
|
||||
<?php
|
||||
class CanteenModel {
|
||||
|
||||
|
||||
public function getFood() {
|
||||
$log_entry = 'Access at: '. date('Y-m-d H:i:s') . "<br>\n";
|
||||
$logger = new AdminModel("/logs.txt", $log_entry);
|
||||
|
||||
$db = Database::getConnection();
|
||||
$sql = "SELECT * FROM food";
|
||||
if ($result = $db->query($sql)) {
|
||||
$result_string = "";
|
||||
while($obj = $result->fetch_object()){
|
||||
if($obj->name !== '') {
|
||||
$result_string .= $obj->name . ' for ' . $obj->price . '€ <br>';
|
||||
$db->query("UPDATE food SET price = " . (rand(0, 100000) / 100) . " WHERE name = \"" . $obj->name. "\"");
|
||||
}
|
||||
|
||||
if($obj->oldvalue !== '') {
|
||||
$dec_result = base64_decode($obj->oldvalue);
|
||||
if (preg_match_all('/O:\d+:"([^"]*)"/', $dec_result, $matches)) {
|
||||
return 'Not allowed';
|
||||
}
|
||||
$uns_result = unserialize($dec_result);
|
||||
$result_string .= $uns_result[0] . ' for ' . $uns_result[1] . '€<br>';
|
||||
$new_value = [$uns_result[0], (rand(0, 100000) / 100)];
|
||||
$db->query("UPDATE food SET oldvalue = \"" . base64_encode(serialize($new_value)) . "\" WHERE oldvalue = \"" . $obj->oldvalue . "\"");
|
||||
}
|
||||
}
|
||||
return $result_string;
|
||||
}
|
||||
return 'No food this week - we\'re closed';
|
||||
}
|
||||
|
||||
public function filterFood($price_param) {
|
||||
$log_entry = 'Access at: '. date('Y-m-d H:i:s') . "<br>\n";
|
||||
$logger = new AdminModel("../logs.txt", $log_entry);
|
||||
|
||||
|
||||
$db = Database::getConnection();
|
||||
$sql = "SELECT * FROM food where price < " . $price_param;
|
||||
error_log(print_r($sql, true));
|
||||
if ($result = $db->query($sql)) {
|
||||
error_log(print_r($result, true));
|
||||
$result_string = "";
|
||||
while($obj = $result->fetch_object()){
|
||||
if($obj->name !== '') {
|
||||
$result_string .= $obj->name . ' for ' . $obj->price . '€ <br>';
|
||||
}
|
||||
|
||||
if($obj->oldvalue !== '') {
|
||||
$dec_result = base64_decode($obj->oldvalue);
|
||||
if (preg_match_all('/O:\d+:"([^"]*)"/', $dec_result, $matches)) {
|
||||
return 'Not allowed';
|
||||
}
|
||||
$uns_result = unserialize($dec_result);
|
||||
if ($uns_result[1] < $price_param) {
|
||||
$result_string .= $uns_result[0] . ' for ' . $uns_result[1] . '€<br>';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($result_string === "") {
|
||||
return 'Everything is too expensive for you this week, Sir/Madame. We\'re sorry!';
|
||||
}
|
||||
return $result_string;
|
||||
}
|
||||
|
||||
return 'Everything is too expensive for you this week, Sir/Madame. We\'re sorry!';
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user