Moved album::lookup() and album::addPhoto() to new db

Issue #20
jeroenrnl · Dec 22, 2014 · a8f0c22 · a8f0c22
1 parent 5125d97
commit a8f0c22
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 33 deletions.
diff --git a/UnitTests/photoTest.php b/UnitTests/photoTest.php
@@ -860,7 +860,7 @@ public function getImages() {
 
     public function getNewAlbums() {
         return array(
-            array(1, array(2,3,4)),
+            array(1, array(4,5,6)),
             array(2, array(1,5,6)),
             array(3, array(7)),
             array(4, array(8,9))

diff --git a/php/classes/album.inc.php b/php/classes/album.inc.php
@@ -56,27 +56,28 @@ class album extends zophTreeTable implements Organizer {
      */
     public function lookup() {
         $user=user::getCurrent();
-        $id = $this->get("album_id");
-        if(!is_numeric($id)) { die("album_id must be numeric"); }
-        if (!$id) { return; }
+        $id = $this->getId();
+        if(!is_numeric($id)) { 
+            die("album_id must be numeric"); 
+        }
+        if (!$id) { 
+            return; 
+        }
 
-        if ($user->is_admin()) {
-            $sql =
-                "select * from " . DB_PREFIX . "albums " .
-                "where album_id = " . escape_string($id);
-        } else {
-            $sql =
-                 "select distinct a.* from "  .
-                 DB_PREFIX . "albums as a JOIN " .
-                 DB_PREFIX . "group_permissions as gp ON " .
-                 "gp.album_id = a.album_id JOIN " .
-                 DB_PREFIX . "groups_users gu ON " .
-                 "gp.group_id = gu.group_id " .
-                 "where gp.album_id = '" . escape_string($id) . "'" .
-                 " and gu.user_id = '" . 
-                 escape_string($user->get("user_id"))."'";
+        $qry=new select(array("a" => "albums"));
+        $distinct=true;
+        $qry->addFields(array("*"), $distinct);
+        $where=new clause("a.album_id=:albumid");
+        $qry->addParam(new param(":albumid", (int) $this->getId(), PDO::PARAM_INT));
+
+        if (!$user->is_admin()) {
+            $qry->join(array(), array("gp" => "group_permissions"), "a.album_id=gp.album_id")
+                ->join(array(), array("gu" => "groups_users"), "gp.group_id=gu.group_id");
+            $where->addAnd(new clause("gu.user_id=:userid"));
+            $qry->addParam(new param(":userid", (int) $user->getId(), PDO::PARAM_INT));
         }
-        return $this->lookupFromSQL($sql);
+        $qry->where($where);
+        return $this->lookupFromSQL($qry);
     }
 
     /**
@@ -85,14 +86,11 @@ public function lookup() {
      */
     public function addPhoto(photo $photo) {
         $user=user::getCurrent();
-        if($user->is_admin() || $user
-                ->get_album_permissions($this->get("album_id"))
-                ->get("writable")) {
-            $sql = "INSERT INTO " . DB_PREFIX . "photo_albums " .
-                "(photo_id, album_id) values ('" .
-                escape_string($photo->get("photo_id")) . "', '" .
-                escape_string($this->get("album_id")) . "')";
-            query($sql);
+        if($user->is_admin() || $user->get_album_permissions($this->getId())->get("writable")) {
+            $qry=new insert(array("photo_albums"));
+            $qry->addParam(new param(":photo_id", (int) $photo->getId(), PDO::PARAM_INT));
+            $qry->addParam(new param(":album_id", (int) $this->getId(), PDO::PARAM_INT));
+            $qry->execute();
         }
     }
 

diff --git a/php/classes/query.inc.php b/php/classes/query.inc.php
@@ -68,17 +68,24 @@ public function __construct($table) {
      * @param array list of fields [ "alias" => "field"]
      * @return query 
      */
-    public function addFields(array $fields) {
+    public function addFields(array $fields, $distinct=false) {
         $table=$this->table;
         foreach ($fields as $alias => $field) {
+
             if(!isset($this->alias)) {
                 $field=$table . "." . $field;
             } else {
                 $field=$this->alias . "." . $field;
             }
+
+            if($distinct) {
+                $field="DISTINCT " . $field;
+            }
+
             if(!is_numeric($alias)) {
                 $field .= " AS " . $alias;
             }
+
             $this->fields[]=$field;
 
         }

diff --git a/php/classes/zophTable.inc.php b/php/classes/zophTable.inc.php
@@ -186,8 +186,18 @@ public function lookup() {
      */
     public function lookupFromSQL($sql) {
         $result = query($sql, "Lookup failed:");
-        if (num_rows($result) == 1) {
-            $row = fetch_assoc($result);
+        if($result instanceof PDOStatement) {
+            $results=$result->fetchAll(PDO::FETCH_ASSOC);
+            $rows=count($results);
+        } else {
+            $rows=num_rows($result);
+        }
+        if($rows == 1) {
+            if($result instanceof PDOStatement) {
+                $row=array_pop($results);
+            } else {
+                $row = fetch_assoc($result);
+            }
 
             $this->fields = array();
 

diff --git a/php/database.inc.php b/php/database.inc.php
@@ -93,8 +93,7 @@ function fetch_array($result) {
 
 function fetch_assoc($result) {
     if($result instanceof PDOStatement) {
-        $return=$result->fetch(PDO::FETCH_ASSOC);
-        return $return;
+        return $result->fetch(PDO::FETCH_ASSOC);
     }
     return mysql_fetch_assoc($result);
 }