fermdez/SW
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Fernando Méndez
2021-05-17 15:29:29 +02:00
committed by GitHub
parent 4e92236fab
commit 6a9b6cd8a4
72 changed files with 8866 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
assets/php/HTMLtemplate.php Normal file
View File

@ -0,0 +1,34 @@
<!--
Práctica - Sistemas Web | Grupo D
CompluCine - FDI-cines
-->
<!DOCTYPE HTML>
<html lang="es">
<!-- Head -->
<?php
$template->print_head();
?>
<body>
<!-- Header -->
<?php
$template->print_header();
?>
<!-- Main -->
<?php
if(!isset($content)) $content = "";
$template->print_main($content);
?>
<!-- Section -->
<?php
$template->print_section($section);
?>
<!-- Footer -->
<?php
$template->print_footer();
?>
</body>
</html>

138
assets/php/aplication.php Normal file
View File

@ -0,0 +1,138 @@
<?php
require_once('config.php');
/**
* Clase que mantiene el estado global de la aplicación.
*/
class Aplicacion {
private static $instancia;
/**
* Permite obtener una instancia de <code>Aplicacion</code>.
*
* @return Applicacion Obtiene la única instancia de la <code>Aplicacion</code>
*/
public static function getSingleton() {
if ( !self::$instancia instanceof self) {
self::$instancia = new self;
}
return self::$instancia;
}
/**
* @var array Almacena los datos de configuración de la BD
*/
private $bdDatosConexion;
/**
* Almacena si la Aplicacion ya ha sido inicializada.
*
* @var boolean
*/
private $inicializada = false;
/**
* @var \mysqli Conexión de BD.
*/
private $conn;
/**
* Evita que se pueda instanciar la clase directamente.
*/
private function __construct() {}
/**
* Evita que se pueda utilizar el operador clone.
*/
public function __clone() {
throw new \Exception('No tiene sentido el clonado.');
}
/**
* Evita que se pueda utilizar serialize().
*/
public function __sleep() {
throw new \Exception('No tiene sentido el serializar el objeto.');
}
/**
* Evita que se pueda utilizar unserialize().
*/
public function __wakeup() {
throw new \Exception('No tiene sentido el deserializar el objeto.');
}
/**
* Inicializa la aplicación.
*
* @param array $bdDatosConexion datos de configuración de la BD
*/
public function init($bdDatosConexion) {
if ( ! $this->inicializada ) {
$this->bdDatosConexion = $bdDatosConexion;
if ( $this->is_session_started() === FALSE ) session_start();
$this->inicializada = true;
}
}
/**
* Inicia la sesión, si esta no se había iniciado.
*/
protected function is_session_started(){
if ( php_sapi_name() !== 'cli' ) {
if ( version_compare(phpversion(), '5.4.0', '>=') ) {
return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE;
} else {
return session_id() === '' ? FALSE : TRUE;
}
}
return FALSE;
}
/**
* Cierre de la aplicación.
*/
public function shutdown() {
$this->compruebaInstanciaInicializada();
if ($this->conn !== null) {
$this->conn->close();
}
}
/**
* Comprueba si la aplicación está inicializada. Si no lo está muestra un mensaje y termina la ejecución.
*/
private function compruebaInstanciaInicializada() {
if (! $this->inicializada ) {
echo "ERROR 403: app_not_configured.";
exit();
}
}
/**
* Devuelve una conexión a la BD. Se encarga de que exista como mucho una conexión a la BD por petición.
*
* @return \mysqli Conexión a MySQL.
*/
public function conexionBd() {
$this->compruebaInstanciaInicializada();
if (! $this->conn ) {
$bdHost = $this->bdDatosConexion['host'];
$bdUser = $this->bdDatosConexion['user'];
$bdPass = $this->bdDatosConexion['pass'];
$bd = $this->bdDatosConexion['bd'];
$this->conn = new \mysqli($bdHost, $bdUser, $bdPass, $bd);
if ( $this->conn->connect_errno ) {
echo "Error de conexión a la BD: (" . $this->conn->connect_errno . ") " . utf8_encode($this->conn->connect_error);
exit();
}
if ( ! $this->conn->set_charset("utf8mb4")) {
echo "Error al configurar la codificación de la BD: (" . $this->conn->errno . ") " . utf8_encode($this->conn->error);
exit();
}
}
return $this->conn;
}
}

32
assets/php/common/cinema.php Normal file
View File

@ -0,0 +1,32 @@
<?php
class Cinema{
//Attributes:
private $_id; //Cinema ID.
private $_name; //Cinema name.
private $_direction; //Cinema direction.
private $_phone; //Cinema phone.
//Constructor:
function __construct($id, $name, $direction, $phone){
$this->_id = $id;
$this->_name = $name;
$this->_direction = $direction;
$this->_phone = $phone;
}
//Methods:
//Getters && Setters:
public function setId($id){ $this->_id = $id; }
public function getId(){ return $this->_id; }
public function setName($name){ $this->_name = $name; }
public function getName(){ return $this->_name; }
public function setDirection($direction){ $this->_direction = $direction; }
public function getDirection(){ return $this->_direction; }
public function setPhone($phone){$this->_phone = $phone; }
public function getPhone(){ return $this->_phone; }
}
?>

77
assets/php/common/cinema_dao.php Normal file
View File

@ -0,0 +1,77 @@
<?php
include_once('cinema.php');
class Cinema_DAO extends DAO {
//Constructor:
function __construct($bd_name){
parent::__construct($bd_name);
}
//Methods:
//Create a new Session.
public function createCinema($id, $name, $direction, $phone){
$sql = sprintf( "INSERT INTO `cinema`( `id`, `name`, `direction`, `phone`)
VALUES ( '%d', '%s', '%s', '%s')",
$id, $name, $direction, $phone);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Returns a query to get All the films.
public function allCinemaData(){
$sql = sprintf( "SELECT * FROM cinema ");
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
while($fila=$resul->fetch_assoc()){
$films[] = $this->loadCinema($fila["id"], $fila["name"], $fila["direction"], $fila["phone"]);
}
$resul->free();
return $films;
}
//Returns a film data .
public function GetCinema($name,$direction){
$sql = sprintf( "SELECT * FROM cinema WHERE cinema.name = '%s'AND cinema.direction='%s'", $name,$direction );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Returns a film data .
public function cinemaData($id){
$sql = sprintf( "SELECT * FROM cinema WHERE cinema.id = '%d'", $id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Deleted film by "id".
public function deleteCinema($id){
$sql = sprintf( "DELETE FROM cinema WHERE cinema.id = '%d' ;",$id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Edit a film.
public function editCinema($id, $name, $direction, $phone){
$sql = sprintf( "UPDATE cinema SET name = '%s' , direction = '%s', phone ='%s'
WHERE cinema.id = '%d';",
$name, $direction, $phone, $id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Create a new film Data Transfer Object.
public function loadCinema($id, $name, $direction, $phone){
return new Cinema($id, $name, $direction, $phone);
}
}
?>

39
assets/php/common/film.php Normal file
View File

@ -0,0 +1,39 @@
<?php
class Film{
//Attributes:
private $_id; //Film ID.
private $_tittle; //Film tittle.
private $_duration; //Film duration.
private $_language; //Film language.
private $_description; //Film description.
private $_img;
//Constructor:
function __construct($id, $tittle, $duration, $language, $description, $img){
$this->_id = $id;
$this->_tittle = $tittle;
$this->_duration = $duration;
$this->_language = $language;
$this->_description = $description;
$this->_img = $img;
}
//Methods:
//Getters && Setters:
public function setId($id){ $this->_id = $id; }
public function getId(){ return $this->_id; }
public function setTittle($tittle) {$this->_tittle = $tittle; }
public function getTittle(){return $this->_tittle;}
public function setDuration($duration){$this->_duration = $duration; }
public function getDuration() {return $this->_duration;}
public function setLanguage($language) {$this->_language = $language; }
public function getLanguage(){return $this->_language;}
public function setDescription($description){ $this->_description = $description;}
public function getDescription(){return $this->_description;}
public function setImg($img){ $this->_img = $img;}
public function getImg(){return $this->_img;}
}
?>

100
assets/php/common/film_dao.php Normal file
View File

@ -0,0 +1,100 @@
<?php
include_once('film.php');
class Film_DAO extends DAO {
//Constructor:
function __construct($bd_name){
parent::__construct($bd_name);
}
//Methods:
//Create a new Session.
public function createFilm($id, $tittle, $duration, $language, $description, $img){
$sql = sprintf( "INSERT INTO `film`( `id`, `tittle`, `duration`, `language`,`description`, `img`)
VALUES ( '%d', '%s', '%d', '%s','%s', '%s')",
$id, $tittle, $duration, $language, $description, $img);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Returns a film data .
public function GetFilm($tittle,$language){
$sql = sprintf( "SELECT * FROM film WHERE film.tittle = '%s'AND film.language='%s'", $tittle,$language );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Returns a query to get the film's data.
public function FilmData($id){
$sql = sprintf( "SELECT * FROM film WHERE id = '%d'", $id );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Returns a query to get All the films.
public function allFilmData(){
$sql = sprintf( "SELECT * FROM film ");
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
while($fila=$resul->fetch_assoc()){
$films[] = $this->loadFilm($fila["id"], $fila["tittle"], $fila["duration"], $fila["language"], $fila["description"], $fila["img"]);
}
$resul->free();
return $films;
}
//Returns a query to get all films tittles.
public function tittleFilmData(){
$sql = sprintf( "SELECT DISTINCT tittle FROM film ");
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Returns a query to get all films descriptions.
public function descriptionFilmData(){
$sql = sprintf( "SELECT description FROM film ");
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
/*
public function addFilm($films) {
$resul = mysqli_query($this->mysqli, $this->createFilm($film.getId(), $film.getTittle(), $film.getDuration(), $film.getLanguage(), $film.getDescription())) or die ('Error into query database');
return $resul;
}
*/
//Deleted film by "id".
public function deleteFilm($id){
$sql = sprintf( "DELETE FROM film WHERE film.id = '%d' ;",$id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Edit a film.
public function editFilm($id, $tittle, $duration, $language,$description,$img){
$sql = sprintf( "UPDATE film SET tittle = '%s' , duration = '%d', language ='%s' , description ='%s', img ='%s'
WHERE film.id = '%d';",
$tittle, $duration, $language, $description, $img, $id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Create a new film Data Transfer Object.
public function loadFilm($id, $tittle, $duration, $language,$description, $img){
return new Film( $id, $tittle, $duration, $language,$description, $img);
}
}
?>

103
assets/php/common/hall.php Normal file
View File

@ -0,0 +1,103 @@
<?php
include_once($prefix.'assets/php/common/hall_dao.php');
include_once('seat_dao.php');
class Hall{
//Attributes:
private $_number; //Room number.
private $_idcinema; //Cinema Id
private $_numRows; //Num rows.
private $_numCol; //Num columns.
private $_total_seats;
private $_seats_map;
//Constructor:
function __construct($number, $idcinema, $numRows, $numCol, $total_seats, $seats_map){
$this->_number = $number;
$this->_idcinema = $idcinema;
$this->_numRows = $numRows;
$this->_numCol = $numCol;
$this->_total_seats = $total_seats;
$_seats_map = array();
$_seats_map = $seats_map;
}
//Methods:
public static function getListHalls($cinema){
$bd = new HallDAO('complucine');
if($bd )
return $bd->getAllHalls($cinema);
}
public static function create_hall($number, $cinema, $rows, $cols, $seats, $seats_map){
$bd = new HallDAO('complucine');
if($bd ){
if(!$bd->searchHall($number, $cinema)){
$bd->createHall($number, $cinema, $rows, $cols, $seats, $seats_map);
Seat::createSeats($number, $cinema, $rows, $cols, $seats_map);
return "Se ha creado la sala con exito";
} else {
return "Esta sala ya existe";
}
} else { return "Error al conectarse a la base de datos"; }
}
public static function edit_hall($number, $cinema, $rows, $cols, $seats, $seats_map, $og_number){
$bd = new HallDAO('complucine');
if($bd ){
if($bd->searchHall($og_number, $cinema)){
if($og_number == $number){
Seat::deleteAllSeats($number, $cinema);
$bd->editHall($number, $cinema, $rows, $cols, $seats, $og_number);
Seat::createSeats($number, $cinema, $rows, $cols, $seats_map);
return "Se ha editado la sala con exito";
}else{
if(!$bd->searchHall($number, $cinema)){
Seat::deleteAllSeats($og_number, $cinema);
$bd->editHall($number, $cinema, $rows, $cols, $seats, $og_number);
Seat::createSeats($number, $cinema, $rows, $cols, $seats_map);
return "Se ha editado la sala con exito";
}else
return "El nuevo numero de sala ya existe en otra sala";
}
} else {
return "La sala a editar no existe";
}
} else { return "Error al conectarse a la base de datos"; }
}
public static function delete_hall($number, $cinema, $rows, $cols, $seats, $seats_map, $og_number){
$bd = new HallDAO('complucine');
if($bd ){
if($bd->searchHall($og_number, $cinema)){
$bd->deleteHall($og_number, $cinema);
Seat::deleteAllSeats($og_number, $cinema);
return "La sala se ha eliminado correctamente";
} else {
return "La sala a borrar no existe";
}
} else { return "Error al conectarse a la base de datos"; }
}
//Getters && Setters:
public function setNumber($number){ $this->_number = $number; }
public function getNumber(){ return $this->_number; }
public function setIdcinema($idcinema){ $this->_idcinema = $idcinema; }
public function getIdcinema(){ return $this->_idcinema; }
public function setNumRows($numRows){ $this->_numRows = $numRows; }
public function getNumRows(){ return $this->_numRows; }
public function setNumCol($numCol){ $this->_numCol = $numCol; }
public function getNumCol(){ return $this->_numCol; }
public function setTotalSeats($totalSeat){ $this->_total_seats = $totalSeat; }
public function getTotalSeats(){ return $this->_total_seats; }
public function setSeatsmap($seats_map){ $this->_seats_map = $seats_map; }
public function getSeatsmap(){ return $this->_seats_map; }
}
?>

96
assets/php/common/hall_dao.php Normal file
View File

@ -0,0 +1,96 @@
<?php
include_once('hall.php');
class HallDAO extends DAO {
//Constructor:
function __construct($bd_name){
parent::__construct($bd_name);
}
//Methods:
//Create a new Hall.
public function createHall($number, $cinema, $rows, $cols, $seats, $seats_map){
$sql = sprintf( "INSERT INTO `hall`( `number`, `idcinema`, `numrows`, `numcolumns`, `total_seats`)
VALUES ( '%d', '%d', '%d', '%d', '%d')",
$number, $cinema, $rows, $cols, $seats );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error BD createhall');
return $sql;
}
//Returns a query to get the halls data.
public function getAllHalls($cinema){
$sql = sprintf( "SELECT * FROM hall WHERE
idcinema = '%s'",
$cinema);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
$hall = null;
while($fila=mysqli_fetch_array($resul)){
$hall[] = $this->loadHall($fila["number"], $fila["idcinema"], $fila["numrows"], $fila["numcolumns"], $fila["total_seats"], null);
}
mysqli_free_result($resul);
return $hall;
}
public function searchHall($number, $cinema){
$sql = sprintf( "SELECT * FROM hall WHERE
number = '%s' AND idcinema = '%s'",
$number, $cinema);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
$hall = false;
if($resul){
if($resul->num_rows == 1){
$fila = $resul->fetch_assoc();
$hall = $this->loadHall($fila["number"], $fila["idcinema"], $fila["numrows"], $fila["numcolumns"], $fila["total_seats"], null);
}
$resul->free();
}
return $hall;
}
//Create a new Hall Data Transfer Object.
public function loadHall($number, $idcinema, $numrows, $numcolumns, $total_seats, $seats_map){
return new Hall($number, $idcinema, $numrows, $numcolumns, $total_seats, $seats_map);
}
//Edit Hall.
public function editHall($number, $cinema, $rows, $cols, $seats, $og_number){
$sql = sprintf( "UPDATE `hall`
SET `number` = '%d' ,`numrows` = '%d' , `numcolumns` = '%d' , `total_seats` = %d
WHERE `hall`.`number` = '%d' AND `hall`.`idcinema` = '%d';",
$number, $rows, $cols, $seats, $og_number, $cinema );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Delete Hall.
public function deleteHall($number, $cinema){
$sql = sprintf( "DELETE FROM `hall` WHERE `hall`.`number` = '%d' AND `hall`.`idcinema` = '%d';",$number, $cinema);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
}
?>

35
assets/php/common/manager.php Normal file
View File

@ -0,0 +1,35 @@
<?php
class Manager{
//Attributes:
private $_id; //Manager ID.
private $_username; //Manager username.
private $_email; //Email.
private $_roll; //Roll
//Constructor:
function __construct($id, $idcinema, $username, $email, $roll){
$this->_id = $id;
$this->_idcinema = $idcinema;
$this->_username = $username;
$this->_email = $email;
$this->_roll = $roll;
}
//Methods:
//Getters && Setters:
public function setId($id){ $this->_id = $id; }
public function getId(){ return $this->_id; }
public function setIdcinema($idcinema){ $this->_idcinema = $idcinema; }
public function getIdcinema(){ return $this->_idcinema; }
public function setUsername($username){$this->_username = $username; }
public function getUsername(){ return $this->_username;}
public function setEmail($email){$this->_email = $email;}
public function getEmail(){return $this->_email;}
public function setRoll($roll){$this->_roll = $roll;}
public function getRoll(){return $this->_roll;}
}
?>

77
assets/php/common/manager_dao.php Normal file
View File

@ -0,0 +1,77 @@
<?php
include_once('manager.php');
class Manager_DAO extends DAO {
//Constructor:
function __construct($bd_name){
parent::__construct($bd_name);
}
//Methods:
//Returns a query to get All the managers.
public function allManagersData(){
$sql = sprintf( "SELECT * FROM `users` JOIN `manager` ON manager.id = users.id");
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
while($fila=$resul->fetch_assoc()){
$managers[] = $this->loadManager($fila["id"], $fila["idcinema"], $fila["username"], $fila["email"], $fila["rol"]);
}
$resul->free();
return $managers;
}
//Returns a manager data .
public function GetManager($id){
$sql = sprintf( "SELECT * FROM `manager` WHERE manager.id = '%d'", $id );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Returns a manager data .
public function GetManagerCinema($id, $idcinema){
$sql = sprintf( "SELECT * FROM `manager` WHERE manager.id = '%d' AND manager.idcinema ='%d'", $id, $idcinema );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Create a new Session.
public function createManager($id, $idcinema){
$sql = sprintf( "INSERT INTO `manager`( `id`, `idcinema`)
VALUES ( '%d', '%d')",
$id, $idcinema);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Deleted manager by "id".
public function deleteManager($id){
$sql = sprintf( "DELETE FROM `manager` WHERE manager.id = '%d' ;",$id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Edit manager.
public function editManager($id, $idcinema){
$sql = sprintf( "UPDATE `manager` SET manager.idcinema = '%d'
WHERE manager.id = '%d';",
$idcinema, $id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Create a new Manager Data Transfer Object.
public function loadManager($id, $idcinema, $username, $email, $rol){
return new Manager($id, $idcinema, $username, $email, $rol);
}
}
?>

36
assets/php/common/promotion.php Normal file
View File

@ -0,0 +1,36 @@
<?php
class Promotion{
//Attributes:
private $_id; //Cinema ID.
private $_tittle; //Cinema name.
private $_description; //Cinema direction.
private $_code; //Cinema phone.
private $_active;
//Constructor:
function __construct($id, $tittle, $description, $code, $active){
$this->_id = $id;
$this->_tittle = $tittle;
$this->_description = $description;
$this->_code = $code;
$this->_active = $active;
}
//Methods:
//Getters && Setters:
public function setId($id){ $this->_id = $id; }
public function getId(){ return $this->_id; }
public function setTittle($tittle){ $this->_tittle = $tittle; }
public function getTittle(){ return $this->_tittle; }
public function setDescription($description){ $this->_description = $description;}
public function getDescription(){return $this->_description;}
public function setCode($code){ $this->_code = $code;}
public function getCode(){return $this->_code;}
public function setActive($active){ $this->_active = $active;}
public function getActive(){return $this->_active;}
}
?>

77
assets/php/common/promotion_dao.php Normal file
View File

@ -0,0 +1,77 @@
<?php
include_once('promotion.php');
class Promotion_DAO extends DAO {
//Constructor:
function __construct($bd_name){
parent::__construct($bd_name);
}
//Methods:
//Create a new Session.
public function createPromotion($id, $tittle, $description, $code, $active){
$sql = sprintf( "INSERT INTO `promotion`( `id`, `tittle`, `description`, `code`, `active`)
VALUES ( '%d', '%s', '%s', '%s', '%s')",
$id, $tittle, $description, $code, $active);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Returns a query to get All the films.
public function allPromotionData(){
$sql = sprintf( "SELECT * FROM promotion ");
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
while($fila=$resul->fetch_assoc()){
$promotions[] = $this->loadPromotion($fila["id"], $fila["tittle"], $fila["description"], $fila["code"], $fila["active"]);
}
$resul->free();
return $promotions;
}
//Returns a film data .
public function GetPromotion($code){
$sql = sprintf( "SELECT * FROM promotion WHERE promotion.code = '%s'", $code );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Returns a film data .
public function promotionData($id){
$sql = sprintf( "SELECT * FROM promotion WHERE promotion.id = '%d'", $id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Deleted film by "id".
public function deletePromotion($id){
$sql = sprintf( "DELETE FROM promotion WHERE promotion.id = '%d' ;",$id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Edit a film.
public function editPromotion($id, $tittle, $description, $code, $active){
$sql = sprintf( "UPDATE promotion SET tittle = '%s' , description = '%s', code ='%s' , active ='%s'
WHERE promotion.id = '%d';",
$tittle, $description, $code, $active, $id);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Create a new film Data Transfer Object.
public function loadPromotion($id, $tittle, $description, $code, $active){
return new Promotion($id, $tittle, $description, $code, $active);
}
}
?>

63
assets/php/common/seat.php Normal file
View File

@ -0,0 +1,63 @@
<?php
include_once($prefix.'assets/php/common/seat_dao.php');
class Seat{
//Attributes:
private $_idhall;
private $_idcinema;
private $_numRow;
private $_numCol;
private $_state;
//Constructor:
function __construct($idhall, $idcinema, $numRow, $numCol, $state){
$this->_number = $idhall;
$this->_idcinema = $idcinema;
$this->_numRow = $numRow;
$this->_numCol = $numCol;
$this->_state = $state;
}
static public function createSeats($hall, $cinema, $rows, $cols, $seats_map){
$bd = new SeatDAO('complucine');
for($i = 1;$i <= $rows;$i++){
for($j = 1; $j <= $cols;$j++){
$bd->createSeat($hall, $cinema, $i, $j, $seats_map[$i][$j]);
}
}
}
static public function getSeatsMap($number, $cinema){
$bd = new SeatDAO('complucine');
if($bd )
return $bd->getAllSeats($number, $cinema);
}
static public function deleteAllSeats($number, $cinema){
$bd = new SeatDAO('complucine');
if($bd)
return $bd->deletemapSeats($number, $cinema);
}
//Getters && Setters:
public function setNumber($number){ $this->_number = $number; }
public function getNumber(){ return $this->_number; }
public function setIdcinema($idcinema){ $this->_idcinema = $idcinema; }
public function getIdcinema(){ return $this->_idcinema; }
public function setNumRows($numRow){ $this->_numRow = $numRow; }
public function getNumRows(){ return $this->_numRow; }
public function setNumCol($numCol){ $this->_numCol = $numCol; }
public function getNumCol(){ return $this->_numCol; }
public function setState($state){ $this->_state = $state; }
public function getState(){ return $this->_state; }
}
?>

58
assets/php/common/seat_dao.php Normal file
View File

@ -0,0 +1,58 @@
<?php
include_once('seat.php');
class SeatDAO extends DAO {
//Constructor:
function __construct($bd_name){
parent::__construct($bd_name);
}
//Methods:
//Create a new Hall.
public function createSeat($hall, $cinema, $row, $col, $state){
$sql = sprintf( "INSERT INTO `seat`( `idhall`, `idcinema`, `numrow`, `numcolum`, `active`)
VALUES ( '%d', '%d', '%d', '%d', '%d')",
$hall, $cinema, $row, $col, $state);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error BD createSeat');
return $sql;
}
public function getAllSeats($number, $cinema){
$sql = sprintf( "SELECT * FROM seat WHERE
idhall = '%s' AND idcinema = '%s'",
$number, $cinema);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
$seat_map = null;
while($fila=mysqli_fetch_array($resul)){
$seat_map[] = $this->loadSeat($fila["idhall"], $fila["idcinema"], $fila["numrow"], $fila["numcolum"], $fila["active"]);
}
mysqli_free_result($resul);
return $seat_map;
}
public function deletemapSeats($hall, $cinema){
$sql = sprintf( "DELETE FROM `seat` WHERE
idcinema = '%s' AND idhall = '%s'",
$cinema, $hall);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
public function loadSeat($idhall, $idcinema, $numRow, $numCol, $state){
return new Seat($idhall, $idcinema, $numRow, $numCol, $state);
}
}
?>

118
assets/php/common/session.php Normal file
View File

@ -0,0 +1,118 @@
<?php
include_once($prefix.'assets/php/common/session_dao.php');
class Session{
private $_id;
private $_idfilm;
private $_idhall;
private $_idcinema;
private $_date;
private $_startTime;
private $_seatPrice;
private $_format;
private $_seats_full;
function __construct($id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format, $seats_full){
$this->_id = $id;
$this->_idfilm = $idfilm;
$this->_idhall = $idhall;
$this->_idcinema = $idcinema;
$this->_date = $date;
$this->_startTime = $startTime;
$this->_seatPrice = $seatPrice;
$this->_format = $format;
$this->_seats_full = $seats_full;
}
public static function getListSessions($hall,$cinema,$date){
$bd = new SessionDAO('complucine');
if($bd ) {
return $bd->getAllSessions($hall, $cinema, $date);
}
}
public static function create_session($cinema, $hall, $start, $date, $film, $price, $format,$repeat){
$bd = new SessionDAO('complucine');
if($bd ){
if(!$bd->searchSession($cinema, $hall, $start, $date)){
$bd->createSession(null,$film, $hall, $cinema, $date, $start, $price, $format);
if($repeat > "0") {
$repeats = $repeat;
$repeat = $repeat - 1;
$date = date('Y-m-d', strtotime( $date . ' +1 day') );
self::create_session($cinema, $hall, $start, $date, $film, $price, $format,$repeat);
return "Se han creado las ".$repeat ." sesiones con exito";
}
else
return "Se ha creado la session con exito";
} else
return "Esta session ya existe";
} else return "Error al conectarse a la base de datos";
}
public static function edit_session($cinema, $or_hall, $or_date, $or_start, $hall, $start, $date, $film, $price, $format){
$bd = new SessionDAO('complucine');
if($bd ){
if($bd->searchSession($cinema, $or_hall, $or_start, $or_date)){
if(!$bd->searchSession($cinema,$hall,$start,$date)){
$origin = array("cinema" => $cinema,"hall" => $or_hall,"start" => $or_start,"date" => $or_date);
$bd->editSession($film, $hall, $cinema, $date, $start, $price, $format,$origin);
return "Se ha editado la session con exito";
}else
return "Ya existe una sesion con los parametros nuevos";
} else
return "Esta session no existe";
} else return "Error al conectarse a la base de datos";
}
public static function delete_session($cinema, $hall, $start, $date){
$bd = new SessionDAO('complucine');
if($bd ){
if($bd->searchSession($cinema, $hall, $start, $date)){
$bd->deleteSession($hall, $cinema, $date, $start);
return "Se ha eliminado la session con exito";
} else
return "Esta session no existe";
} else return "Error al conectarse a la base de datos";
}
//Esto deberia estar en film.php? seguramente
public static function getThisSessionFilm($idfilm){
$bd = new SessionDAO('complucine');
if($bd ) {
return $bd->filmTittle($idfilm);
}
}
public function setId($id){ $this->_id = $id; }
public function getId(){ return $this->_id; }
public function setIdfilm($idfilm){ $this->_idfilm = $idfilm; }
public function getIdfilm(){ return $this->_idfilm; }
public function setIdhall($idhall){ $this->_idhall = $idhall; }
public function getIdhall(){ return $this->_idhall; }
public function setIdcinema($cinema){ $this->_idcinema = $idcinema; }
public function getIdcinema(){ return $this->_idcinema; }
public function setDate($date){ $this->_date = $date; }
public function getDate(){ return $this->_date; }
public function setStartTime($startTime){ $this->_startTime = $startTime; }
public function getStartTime(){ return $this->_startTime; }
public function setSeatPrice($seatPrice){ $this->_seatPrice = $seatPrice; }
public function getSeatPrice(){ return $this->_seatPrice; }
public function setFormat($format){ $this->_format = $format; }
public function getFormat(){ return $this->_format; }
}
?>

114
assets/php/common/session_dao.php Normal file
View File

@ -0,0 +1,114 @@
<?php
include_once('session.php');
class SessionDAO extends DAO {
//Constructor:
function __construct($bd_name){
parent::__construct($bd_name);
}
//Methods:
public function createSession($id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format){
$format = $this->mysqli->real_escape_string($format);
$date = date('Y-m-d', strtotime( $date ) );
$startTime = date('H:i:s', strtotime( $startTime ) );
$sql = sprintf( "INSERT INTO `session` (`id`, `idfilm`, `idhall`, `idcinema`, `date`, `start_time`, `seat_price`, `format`, `seats_full`)
VALUES ('%d', '%d', '%d', '%d', '%s', '%s', '%d', '%s', '%d')",
$id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format, "0");
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $sql;
}
//Returns a query to get the session's data.
public function sessionData($id){
$sql = sprintf( "SELECT * FROM `session` WHERE id = '%d'", $id );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database en sessionData con la id '. $id);
$resul = mysqli_fetch_array($resul);
return $resul;
}
public function filmTittle($idfilm){
$sql = sprintf("SELECT * FROM film JOIN session ON film.id = session.idfilm WHERE session.idfilm = '%d' ", $idfilm );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database en sessionData con la id '. $idfilm);
$resul = mysqli_fetch_array($resul);
return $resul;
}
//Returns a session
public function searchSession($cinema, $hall, $startTime, $date){
$date = date('Y-m-d', strtotime( $date ) );
$startTime = date('H:i:s', strtotime( $startTime ) );
$sql = sprintf( "SELECT * FROM session WHERE
idcinema = '%s' AND idhall = '%s' AND date = '%s' AND start_time = '%s'",
$cinema, $hall, $date, $startTime);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
$session = mysqli_fetch_array($resul);
mysqli_free_result($resul);
return $session;
}
//Returns a query to get all the session's data.
public function getAllSessions($hall, $cinema, $date){
$date = date('Y-m-d', strtotime( $date ) );
$sql = sprintf( "SELECT * FROM session WHERE
idcinema = '%s' AND idhall = '%s' AND date = '%s' ORDER BY start_time ASC;",
$cinema, $hall, $date);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
$sessions = null;
while($fila=mysqli_fetch_array($resul)){
$sessions[] = $this->loadSession($fila["id"], $fila["idfilm"], $fila["idhall"], $fila["idcinema"], $fila["date"], $fila["start_time"], $fila["seat_price"], $fila["format"], $fila["seats_full"]);
}
mysqli_free_result($resul);
return $sessions;
}
public function editSession($idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format, $origin){
$format = $this->mysqli->real_escape_string($format);
$date = date('Y-m-d', strtotime( $date ) );
$startTime = date('H:i:s', strtotime( $startTime ) );
$sql = sprintf( "UPDATE `session`
SET `idfilm` = '%d' , `idhall` = '%d', `idcinema` = '%d', `date` = '%s',
`start_time` = '%s', `seat_price` = '%d', `format` = '%s'
WHERE
idcinema = '%s' AND idhall = '%s' AND date = '%s' AND start_time = '%s'",
$idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format, $origin["cinema"],$origin["hall"],$origin["date"],$origin["start"]);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
public function deleteSession($hall, $cinema, $date, $startTime){
$sql = sprintf( "DELETE FROM `session` WHERE
idcinema = '%s' AND idhall = '%s' AND date = '%s' AND start_time = '%s'",
$cinema, $hall, $date, $startTime);
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Create a new Session Data Transfer Object.
public function loadSession( $id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format, $seats_full){
return new Session( $id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format, $seats_full);
}
}
?>

36
assets/php/common/user.php Normal file
View File

@ -0,0 +1,36 @@
<?php
class User {
//Attributes:
private $_id; //User Id.
private $_username; //User name.
private $_email; //User email.
private $_password; //User password.
private $_rol; //Type of user: user | manager | admin. --> Será eliminado en la siguiente práctica para usar el modelo relacional de nuestra BD.
//Constructor:
function __construct($id, $username, $email, $password, $rol){
$this->_id = $id;
$this->_username = $username;
$this->_email = $email;
$this->_password = $password;
$this->_rol = $rol;
}
//Methods:
//Getters && Setters:
public function setId($id){ $this->_id = $id; }
public function getId(){ return $this->_id; }
public function setName($username){ $this->_username = $username; }
public function getName(){ return $this->_username; }
public function setEmail($email){ $this->_email = $email; }
public function getEmail(){ return $this->_email; }
public function setPass($passwd){ $this->_password = $passwd; }
public function getPass(){ return $this->_password; }
public function setRol($rol){ $this->_rol = $rol; }
public function getRol(){ return $this->_rol; }
}
?>

155
assets/php/common/user_dao.php Normal file
View File

@ -0,0 +1,155 @@
<?php
include_once('user.php');
class UserDAO extends DAO {
//Constants:
private const _USER = "user";
private const _MANAGER = "manager";
private const _ADMIN = "admin";
//Attributes:
//Constructor:
function __construct($bd_name){
parent::__construct($bd_name);
}
//Methods:
//Encrypt password with SHA254.
private function encryptPass($password){
//$password = hash('sha256', $password);
$password = password_hash($password, PASSWORD_DEFAULT);
return $password;
}
//Returns true if the password and hash match, or false otherwise.
public function verifyPass($password, $passwd){
return password_verify($password, $passwd);
}
//All users
public function allUsersNotM(){
$sql = sprintf( "SELECT * FROM `users` WHERE users.id NOT IN (SELECT id FROM `manager`)");
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
while($fila=$resul->fetch_assoc()){
$users[] = $this->loadUser($fila['id'], $fila['username'], $fila['email'], $fila['passwd'], $fila['rol']);
}
$resul->free();
return $users;
}
//Create a new User.
public function createUser($id, $username, $email, $password, $rol){
$password = $this->encryptPass($password);
$sql = sprintf( "INSERT INTO users( id, username, email, passwd, rol)
VALUES ( '%s', '%s', '%s', '%s', '%s')",
$id, $username, $email, $password, $rol );
$resul = mysqli_query($this->mysqli, $sql);
return $resul;
}
//Returns a query to check if the user name exists.
public function selectUser($username, $password){
$username = $this->mysqli->real_escape_string($username);
$password = $this->mysqli->real_escape_string($password);
$sql = sprintf( "SELECT * FROM users WHERE username = '%s'", $username );
$resul = mysqli_query($this->mysqli, $sql);
$resul->data_seek(0);
$user = null;
while ($fila = $resul->fetch_assoc()) {
if($username === $fila['username'] && $this->verifyPass($password, $fila['passwd'])){
$user = $this->loadUser($fila['id'], $fila['username'], $fila['email'], $fila['passwd'], $fila['rol']);
}
}
//mysqli_free_result($selectUser);
$resul->free();
return $user;
}
//Returns a query to get the user's data.
public function userData($id){
$id = $this->mysqli->real_escape_string($id);
$sql = sprintf( "SELECT * FROM users WHERE id = '%d'", $id );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Search a user by name.
public function selectUserName($username){
$username = $this->mysqli->real_escape_string($username);
$sql = sprintf( "SELECT * FROM users WHERE username = '%s'", $username );
$resul = mysqli_query($this->mysqli, $sql);
return $resul;
}
//Change username by id.
public function changeUserName($id, $username){
$id = $this->mysqli->real_escape_string($id);
$username = $this->mysqli->real_escape_string($username);
$sql = sprintf( "UPDATE users SET username = '%s' WHERE id = '%d'", $username, $id );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Change userpass by id.
public function changeUserPass($id, $password){
$id = $this->mysqli->real_escape_string($id);
$password = $this->mysqli->real_escape_string($password);
$password = $this->encryptPass($password);
$sql = sprintf( "UPDATE users SET passwd = '%s' WHERE id = '%d'", $password, $id );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Change user email by id.
public function changeUserEmail($id, $email){
$id = $this->mysqli->real_escape_string($id);
$email = $this->mysqli->real_escape_string($email);
$sql = sprintf( "UPDATE users SET email = '%s' WHERE id = '%d'", $email, $id );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Delete user account by id.
public function deleteUserAccount($id){
$id = $this->mysqli->real_escape_string($id);
$sql = sprintf( "DELETE FROM users WHERE id = '%d'", $id );
$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
return $resul;
}
//Create a new User Data Transfer Object.
public function loadUser($id, $username, $email, $password, $rol){
return new User($id, $username, $email, $password, $rol);
}
}
?>

55
assets/php/config.php Normal file
View File

@ -0,0 +1,55 @@
<?php
/**
* Connection parameters to the DB.
*/
define('BD_HOST', 'localhost');
define('BD_NAME', 'complucine');
define('BD_USER', 'sw');
define('BD_PASS', '_admin_');
/*
* Configuration parameters used to generate URLs and file paths in the application
*/
define('ROUTE_APP', '/'); //Change if it´s necessary.
define('RAIZ_APP', __DIR__);
/**
* Image files directory.
*/
define('FILMS_DIR', dirname(RAIZ_APP).'img/films/tmp');
define('FILMS_DIR_PROTECTED', RAIZ_APP.'img/films/tmp');
/**
* Utf-8 support settings, location (language and country) and time zone.
*/
ini_set('default_charset', 'UTF-8');
setLocale(LC_ALL, 'es_ES.UTF.8');
date_default_timezone_set('Europe/Madrid');
//Start session:
session_start();
//HTML template:
require_once('template.php');
$template = new Template();
$prefix = $template->get_prefix();
/**
* Initialize the application:
*/
include_once($prefix.'assets/php/dao.php');
require_once('aplication.php');
$app = Aplicacion::getSingleton();
$app->init(array('host'=>BD_HOST, 'bd'=>BD_NAME, 'user'=>BD_USER, 'pass'=>BD_PASS));
/**
* @see http://php.net/manual/en/function.register-shutdown-function.php
* @see http://php.net/manual/en/language.types.callable.php
*/
register_shutdown_function(array($app, 'shutdown'));
//Depuración (BORRAR):
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
?>

24
assets/php/dao.php Normal file
View File

@ -0,0 +1,24 @@
<?php
class DAO {
//Atributes:
public $mysqli;
//Constructor:
public function __construct($bd_name){
if($bd_name != BD_NAME) {
echo "Está intentando acceder a una base de datos que no existe, puede que la aplicación no funcione correctamente.";
}
$app = Aplicacion::getSingleton();
$this->mysqli = $app->conexionBd();
}
//Destructor (Ya no es necesdario):
/*
public function __destruct(){
$this->mysqli->close();
}
*/
}
?>

386
assets/php/form.php Normal file
View File

@ -0,0 +1,386 @@
<?php
/**
* Clase base para la gestión de formularios.
*
* Gestión de token CSRF está basada en: https://www.owasp.org/index.php/PHP_CSRF_Guard
*/
abstract class Form {
/**
* @var string Sufijo para el nombre del parámetro de la sesión del usuario donde se almacena el token CSRF.
*/
const CSRF_PARAM = 'csrf';
/**
* @var string Identificador utilizado para construir el atributo "id" de la etiqueta &lt;form&gt; como <code>$tipoFormulario.$formId</code>.
*/
private $formId;
/**
* @var string Valor del parámetro enctype del formulario.
*/
private $enctype;
/**
* @var string Valor del atributo "class" de la etiqueta &lt;form&gt; asociada al formulario. Si este parámetro incluye la cadena "nocsrf" no se generá el token CSRF para este formulario.
*/
private $classAtt;
/**
* @var string Parámetro de la petición utilizado para comprobar que el usuario ha enviado el formulario..
*/
private $tipoFormulario;
/**
* @var string URL asociada al atributo "action" de la etiqueta &lt;form&gt; del fomrulario y que procesará el
* envío del formulario.
*/
private $action;
private $printed;
/**
* @var bool Almacena si la interacción con el formulario va a realizarse a través de AJAX <code>true</code> o
* <code>false</code> en otro caso.
*/
private $ajax;
/**
* Crea un nuevo formulario.
*
* Posibles opciones:
* <table>
* <thead>
* <tr>
* <th>Opción</th>
* <th>Valor por defecto</th>
* <th>Descripción</th>
* </tr>
* </thead>
* <tbody>
* <tr>
* <td>action</td>
* <td><code>$_SERVER['PHP_SELF']</code></td>
* <td>URL asociada al atributo "action" de la etiqueta &lt;form&gt; del fomrulario y que procesará el envío del formulario.</td>
* </tr>
* <tr>
* <td>class</td>
* <td>""</td>
* <td>Valor del atributo "class" de la etiqueta &lt;form&gt; asociada al formulario. Si este parámetro incluye la cadena
* "nocsrf" no se generá el token CSRF para este formulario.</td>
* </tr>
* <tr>
* <td>enctype</td>
* <td>""</td>
* <td>Valor del parámetro enctype del formulario.</td>
* </tr>
* <tr>
* <td>ajax</td>
* <td><code>false</code></td>
* <td>Configura si el formulario se gestionará a través de AJAX.</td>
* </tr>
* </tbody>
* </table>
* @param string $tipoFormulario Parámetro de la petición utilizado para comprobar que el usuario ha enviado el formulario.
* @param string $formId (opcional) Identificador utilizado para construir el atributo "id" de la etiqueta &lt;form&gt; como <code>$tipoFormulario.$formId</code>.
*
* @param array $opciones (ver más arriba).
*/
public function __construct($tipoFormulario, $opciones = array(), $formId = 1)
{
$this->tipoFormulario = $tipoFormulario;
$this->formId = $tipoFormulario.$formId;
$opcionesPorDefecto = array( 'ajax' => false, 'action' => null, 'class' => null, 'enctype' => null );
$opciones = array_merge($opcionesPorDefecto, $opciones);
$this->ajax = $opciones['ajax'];
$this->action = $opciones['action'];
$this->classAtt = $opciones['class'];
$this->enctype = $opciones['enctype'];
if ( !$this->action ) {
$this->action = htmlentities($_SERVER['PHP_SELF']);
}
}
/**
* Se encarga de orquestar todo el proceso de gestión de un formulario.
*
* El proceso es el siguiente:
* <ul>
* <li>O bien se quiere mostrar el formulario (petición GET)</li>
* <li>O bien hay que procesar el formulario (petición POST) y hay dos situaciones:
* <ul>
* <li>El formulario se ha procesado correctamente y se devuelve un <code>string</code> en {@see Form::procesaFormulario()}
* que será la URL a la que se rederigirá al usuario. Se redirige al usuario y se termina la ejecución del script.</li>
* <li>El formulario NO se ha procesado correctamente (errores en los datos, datos incorrectos, etc.) y se devuelve
* un <code>array</code> con entradas (campo, mensaje) con errores específicos para un campo o (entero, mensaje) si el mensaje
* es un mensaje que afecta globalmente al formulario. Se vuelve a generar el formulario pasándole el array de errores.</li>
* </ul>
* </li>
* </ul>
*/
public function gestiona()
{
if ( ! $this->formularioEnviado($_POST) ) {
return $this->generaFormulario();
} else {
// Valida el token CSRF si es necesario (hay un token en la sesión asociada al formulario)
$tokenRecibido = $_POST['CSRFToken'] ?? FALSE;
$errores = $this->csrfguard_ValidateToken($this->tipoFormulario, $tokenRecibido);
// limpia los tokens CSRF que no han sido utilizados en esta petición
self::limpiaCsrfTokens();
// Sin AJAX.
/**
* $result = $this->procesaFormulario($_POST);
* if ( is_array($result) ) {
* return $this->generaFormulario($_POST, $result);
* } else {
* header('Location: '.$result);
* exit();
* }
*/
// Con AJAX.
if ( $errores !== TRUE ) {
if ( ! $this->ajax ) {
return $this->generaFormulario($_POST, $errores);
} else {
return $this->generaHtmlErrores($errores);
}
} else {
$result = $this->procesaFormulario($_POST);
if ( is_array($result) ) {
// Error al procesar el formulario, volvemos a mostrarlo
if ( ! $this->ajax ) {
return $this->generaFormulario($_POST, $result);
} else {
return $this->generaHtmlErrores($result);
}
} else {
if ( ! $this->ajax ) {
header('Location: '.$result);
exit();
} else {
return $result;
}
}
}
}
}
/**
* Genera el HTML necesario para presentar los campos del formulario.
*
* Si el formulario ya ha sido enviado y hay errores en {@see Form::procesaFormulario()} se llama a este método
* nuevamente con los datos que ha introducido el usuario en <code>$datosIniciales</code> y los errores al procesar
* el formulario en <code>$errores</code>
*
* @param string[] $datosIniciales Datos iniciales para los campos del formulario (normalmente <code>$_POST</code>).
*
* @param string[] $errores (opcional)Lista / Tabla asociativa de errores asociados al formulario.
*
* @return string HTML asociado a los campos del formulario.
*/
protected function generaCamposFormulario($datosIniciales, $errores = array())
{
return '';
}
/**
* Procesa los datos del formulario.
*
* @param string[] $datos Datos enviado por el usuario (normalmente <code>$_POST</code>).
*
* @return string|string[] Devuelve el resultado del procesamiento del formulario, normalmente una URL a la que
* se desea que se redirija al usuario, o un array con los errores que ha habido durante el procesamiento del formulario.
*/
protected function procesaFormulario($datos)
{
return array();
}
/**
* Función que verifica si el usuario ha enviado el formulario.
*
* Comprueba si existe el parámetro <code>$formId</code> en <code>$params</code>.
*
* @param string[] $params Array que contiene los datos recibidos en el envío formulario.
*
* @return boolean Devuelve <code>true</code> si <code>$formId</code> existe como clave en <code>$params</code>
*/
private function formularioEnviado(&$params)
{
return isset($params['action']) && $params['action'] == $this->tipoFormulario;
}
/**
* Función que genera el HTML necesario para el formulario.
*
* @param string[] $datos (opcional) Array con los valores por defecto de los campos del formulario.
*
* @param string[] $errores (opcional) Array con los mensajes de error de validación y/o procesamiento del formulario.
*
* @return string HTML asociado al formulario.
*/
private function generaFormulario(&$datos = array(), &$errores = array())
{
$htmlCamposFormularios = $this->generaCamposFormulario($datos, $errores);
$classAtt='';
if ( $this->classAtt ) {
$classAtt = " class=\"{$this->classAtt}\"";
}
$enctypeAtt='';
if ( $this->enctype ) {
$enctypeAtt = " enctype=\"{$this->enctype}\"";
}
// Se genera el token CSRF si el usuario no solicita explícitamente lo contrario.
$tokenCSRF = '';
if ( ! $this->classAtt || strpos($this->classAtt, 'nocsrf') === false ) {
$tokenValue = $this->csrfguard_GenerateToken($this->tipoFormulario);
$tokenCSRF = "<input type='hidden' name='CSRFToken' value='$tokenValue' />";
}
/* <<< Permite definir cadena en múltiples líneas.
* Revisa https://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc
*/
$htmlForm = "<form method='POST' action='{$this->action}' id='{$this->formId}{$classAtt}{$enctypeAtt}' >
<input type='hidden' name='action' value='{$this->tipoFormulario}' />
".$tokenCSRF.$htmlCamposFormularios."
</form>";
return $htmlForm;
}
/**
* Genera la lista de mensajes de errores globales (no asociada a un campo) a incluir en el formulario.
*
* @param string[] $errores (opcional) Array con los mensajes de error de validación y/o procesamiento del formulario.
*
* @param string $classAtt (opcional) Valor del atributo class de la lista de errores.
*
* @return string El HTML asociado a los mensajes de error.
*/
protected static function generaListaErroresGlobales($errores = array(), $classAtt='')
{
$html='';
$clavesErroresGenerales = array_filter(array_keys($errores), function ($elem) {
return is_numeric($elem);
});
$numErrores = count($clavesErroresGenerales);
if ($numErrores > 0) {
$html = "<ul class=\"$classAtt\">";
if ( $numErrores == 1 ) {
$html .= "<li>$errores[0]</li>";
} else {
foreach($clavesErroresGenerales as $clave) {
$html .= "<li>$errores[$clave]</li>";
}
$html .= "</li>";
}
$html .= '</ul>';
}
return $html;
}
/**
* Crea una etiqueta para mostrar un mensaje de error. Sólo creará el mensaje de error
* si existe una clave <code>$idError</code> dentro del array <code>$errores</code>.
*
* @param string[] $errores (opcional) Array con los mensajes de error de validación y/o procesamiento del formulario.
* @param string $idError (opcional) Clave dentro de <code>$errores</code> del error a mostrar.
* @param string $htmlElement (opcional) Etiqueta HTML a crear para mostrar el error.
* @param array $atts (opcional) Tabla asociativa con los atributos a añadir a la etiqueta que mostrará el error.
*/
protected static function createMensajeError($errores=array(), $idError='', $htmlElement='span', $atts = array())
{
$html = '';
if (isset($errores[$idError])) {
$att = '';
foreach($atts as $key => $value) {
$att .= "$key=$value";
}
$html = " <$htmlElement $att>{$errores[$idError]}</$htmlElement>";
}
return $html;
}
/**
* Método para eliminar los tokens CSRF almecenados en la petición anterior que no hayan sido utilizados en la actual.
*/
public static function limpiaCsrfTokens()
{
foreach(array_keys($_SESSION) as $key) {
if (strpos($key, self::CSRF_PARAM) === 0) {
unset($_SESSION[$key]);
}
}
}
private function csrfguard_GenerateToken($formParameter)
{
if ( ! session_id() ) {
throw new \Exception('La sesión del usuario no está definida.');
}
$paramSession = self::CSRF_PARAM.'_'.$formParameter;
if (isset($_SESSION[$paramSession])) {
$token = $_SESSION[$paramSession];
} else {
if ( function_exists('hash_algos') && in_array('sha512', hash_algos()) ) {
$token = hash('sha512', mt_rand(0, mt_getrandmax()));
} else {
$token=' ';
for ($i=0;$i<128;++$i) {
$r=mt_rand(0,35);
if ($r<26){
$c=chr(ord('a')+$r);
} else{
$c=chr(ord('0')+$r-26);
}
$token.=$c;
}
}
$_SESSION[$paramSession]=$token;
}
return $token;
}
private function csrfguard_ValidateToken($formParameter, $tokenRecibido)
{
if ( ! session_id() ) {
throw new \Exception('La sesión del usuario no está definida.');
}
$result = TRUE;
$paramSession = self::CSRF_PARAM.'_'.$formParameter;
if ( isset($_SESSION[$paramSession]) ) {
if ( $_SESSION[$paramSession] !== $tokenRecibido ) {
$result = array();
$result[] = 'Has enviado el formulario dos veces';
}
$_SESSION[$paramSession] = ' ';
unset($_SESSION[$paramSession]);
} else {
$result = array();
$result[] = 'Formulario no válido';
}
return $result;
}
//Test some form input.
protected function test_input($input){
return htmlspecialchars(trim(strip_tags($input)));
}
}

516
assets/php/template.php Normal file
View File

@ -0,0 +1,516 @@
<?php
class Template {
//Constants:
//private const _NUMPAGES = 10; //Constant to page results.
//Attributes:
private $page; //Page Name.
private $prefix; //Page prefix.
private $session; //"Iniciar Sesión" (if user isn´t logged in), "Cerrar Sesión" (otherwise).
private $session_route; //"login/" (if user isn´t logged in), "logout/" (otherwise).
private $panel; //Button to access the user's dashboard (only displayed if logged in).
private $user_route; //Route of the panel (depends on the type of user).
//Constructor:
function __construct(){
$this->page = $_SERVER['PHP_SELF']; //Page that instantiates the template.
$this->prefix = '../'; //Default prefix.
$this->set_page_prefix(); //Assigns the name and prefix of the page.
$this->session = 'Iniciar Sesión'; //Default, the session has not started.
$this->session_route = 'login/'; //Default, the session has not started.
$this->panel = ''; //Default, the session has not started.
$this->user_route = 'panel_user/'; //Default, the type of client is user.
}
//Methods:
//Assigns the name and prefix of the page:
private function set_page_prefix() {
switch(true){
case strpos($this->page, 'panel_user'): $this->page = 'Panel de Usuario'; break;
case strpos($this->page, 'panel_manager'): $this->page = 'Panel de Gerente'; break;
case strpos($this->page, 'panel_admin'): $this->page = 'Panel de Administrador'; break;
case strpos($this->page, 'login'): $this->page = 'Acceso'; break;
case strpos($this->page, 'logout'): $this->page = 'Cerrar Sesión'; break;
case strpos($this->page, 'register'): $this->page = 'Registro de Usuario'; break;
case strpos($this->page, 'showtimes'): $this->page = 'Cartelera'; break;
case strpos($this->page, 'cinemas'): $this->page = 'Nuestros Cines'; break;
case strpos($this->page, 'about_us'): $this->page = 'Sobre FDI-Cines'; $this->prefix = '../../'; break;
case strpos($this->page, 'terms'): $this->page = 'Términos y Condiciones'; $this->prefix = '../../'; break;
case strpos($this->page, 'detalles'): $this->page = 'Detalles'; $this->prefix = '../../'; break;
case strpos($this->page, 'bocetos'): $this->page = 'Bocetos'; $this->prefix = '../../'; break;
case strpos($this->page, 'miembros'): $this->page = 'Miembros'; $this->prefix = '../../'; break;
case strpos($this->page, 'planificacion'): $this->page = 'Planificación'; $this->prefix = '../../'; break;
case strpos($this->page, 'contacto'): $this->page = 'Contacto'; break;
default: $this->page = 'FDI-Cines'; $this->prefix = './'; break;
}
}
//Returns page name:
function get_page(){
return $this->page;
}
//Returns page prefix:
function get_prefix(){
return $this->prefix;
}
//Print generic Head:
function print_head(){
$page = $this->page;
$prefix = $this->prefix;
echo"<head>
<title>CompluCine | {$page}</title>
<meta charset='utf-8' />
<link id='estilo' rel='stylesheet' type='text/css' href='{$prefix}assets/css/main.css'>
<meta name='viewport' content='width=device-width, initial-scale=1'>
<link rel='icon' href='{$prefix}img/favicon.png' />
</head>\n";
}
//Print generic Header:
function print_header(){
$page = $this->page;
$prefix = $this->prefix;
$session = $this->session;
$session_route =$this->session_route;
$user_route = $this->user_route;
$panel =$this->panel;
if(isset($_SESSION["nombre"])){
if($_SESSION["rol"] == "admin") $user_route = 'panel_admin/';
else if($_SESSION["rol"] == "manager") $user_route = 'panel_manager/';
$panel = "<a href='{$prefix}{$user_route}'><li>Mi Panel</li></a>";
$session = 'Cerrar Sesión';
$session_route = 'logout/';
}
echo"<div class='header'>
<a href='{$prefix}'><img src='{$prefix}img/favicon2.png' alt='favicon' /> CompluCine</a> | {$page}
<div class='menu'>
<nav>
<a href='{$prefix}{$session_route}'><li>{$session}</li></a>
{$panel}
<li>Menú
<ul>
<a href='{$prefix}'><li>Inicio</li></a>
<a href='{$prefix}showtimes/'><li>Cartelera</li></a>
<a href='{$prefix}cinemas/'><li>Nuestros Cines</li></a>
<a href='{$prefix}fdicines/miembros/'><li>Quiénes somos</li></a>
<a href='{$prefix}contacto/'><li>Contacto</li></a>
</ul>
</li>
</nav>
</div>
</div>\n";
}
//Print generic subHeader:
function print_subheader(){
//$page = $this->page;
$prefix = $this->prefix;
echo"<div class='header sub'>
<div class='menu'>
<nav>
<a href='{$prefix}fdicines/about_us/'><li>Sobre FDI-Cines</li></a>
<a href='{$prefix}fdicines/detalles/'><li>Detalles</li></a>
<a href='{$prefix}fdicines/bocetos/'><li>Bocetos</li></a>
<a href='{$prefix}fdicines/miembros/'><li>Miembros</li></a>
<a href='{$prefix}fdicines/planificacion/'><li>Planificación</li></a>
</nav>
</div>
</div>\n";
}
//Print generic Main:
function print_main($content = ""){
$page = $this->page;
$prefix = $this->prefix;
/* SubHeader on Main */
$sub_header = '';
if(strpos($_SERVER['PHP_SELF'], 'fdicines')){
$sub_header = "<!-- Sub Header -->
<div class='header sub'>
<div class='menu'>
<nav>
<a href='{$prefix}fdicines/about_us/'><li>Sobre FDI-Cines</li></a>
<a href='{$prefix}fdicines/detalles/'><li>Detalles</li></a>
<a href='{$prefix}fdicines/bocetos/'><li>Bocetos</li></a>
<a href='{$prefix}fdicines/miembros/'><li>Miembros</li></a>
<a href='{$prefix}fdicines/planificacion/'><li>Planificación</li></a>
</nav>
</div>
</div>\n";
}
/* MAIN */
if($prefix === "./"){
if(isset($_SESSION["nombre"])){
$tittle = "<h1>Bienvenido {$_SESSION["nombre"]}</h1>\n";
} else {
$tittle = "<h1>Bienvenido a CompluCine</h1>\n";
}
} else {
$tittle = "<h1>{$page}</h1>\n";
}
echo"<main>
<div class='image'><a href='{$prefix}'><img src='{$prefix}img/logo_trasparente.png' alt='logo_FDI-Cines' /></a></div>
{$sub_header}
{$tittle}{$content}
<hr />
</main>\n";
}
//Print panel menu:
function print_panelMenu($panel){
if($_SESSION["login"]){
$prefix = $this->prefix;
$menus = array("<a href='./'><li>Panel Principal</li></a>");
switch($panel){
case "admin": array_push($menus, "<li>Ver como...
<ul>
<a href='./?state=un'><li>Usuario</li></a>
<a href='./?state=ur'><li>Usuario registrado</li></a>
<a href='./?state=ag'><li>Gerente</li></a>
</ul>
</li>");
array_push($menus, "<li>Modificar
<ul>
<a href='./?state=mc'><li>Cines</li></a>
<a href='./?state=mf'><li>Películas</li></a>
<a href='./?state=mp'><li>Promociones</li></a>
<a href='./?state=mg'><li>Gerentes</li></a>
</ul>
</li>");
break;
case "manager": array_push($menus, "<li>Ver como...
<ul>
<a href='./?state=view_user'><li>Usuario</li></a>
<a href='./?state=view_ruser'><li>Usuario registrado</li></a>
</ul>
</li>");
array_push($menus, "<li>Modificar
<ul>
<a href='./?state=manage_halls'><li>Salas</li></a>
<a href='./?state=manage_sessions'><li>Sesiones</li></a>
</ul>
</li>");
break;
case "user": array_push($menus, "<a href='./?option=manage_profile'><li>Cuenta de usuario</li></a>");
array_push($menus, "<a href='./?option=purchases'><li>Historial Compras</li></a>");
array_push($menus, "<a href='./?option=payment'><li>Datos Pago</li></a>");
array_push($menus, "<a href='./?option=delete_user'><li>Eliminar Usuario</li></a>");
break;
default: $menus = array(); break;
}
if($_SESSION["rol"] === $panel){
echo"<div class='header sub'>
<div class='menu'>
<nav>";
foreach($menus as $value){
echo $value;
}
echo"</nav>
</div>
</div>
";
}
}
}
//Print specific page content:
function print_section($section){
/* Panel menu */
$sub_header = '';
if(strpos($_SERVER['PHP_SELF'], 'panel')){
echo "<!-- Panel Menu -->
";
$this->print_panelMenu($_SESSION["rol"]);
$this->print_msg();
}
echo $section;
}
//Print Films Cards:
function print_fimls(){
$reply = "";
//List of the movies:
require_once(__DIR__.'/common/film_dao.php');
$prefix= $this->get_prefix();
$films = new Film_DAO("complucine");
$films_array = $films->allFilmData();
$ids = array();
$tittles = array();
$descriptions = array();
$times = array();
$languages = array();
foreach($films_array as $key => $value){
$ids[$key] = $value->getId();
$tittles[$key] = $value->getTittle();
$descriptions[$key] = $value->getDescription();
$times[$key] = $value->getDuration();
$languages[$key] = $value->getLanguage();
}
switch($this->page){
case "Cartelera":
for($i = 0; $i < count($films_array); $i++){
$tittle = str_replace('_', ' ', $tittles[$i]);
if($i%2 === 0){
if($i != 0) $reply .= "</div>
";
$reply .= "<div class='column side'>
";
}
else{
if($i != 0) $reply .= "</div>
";
$reply .= "<div class='column middle'>
";
}
$reply .= "<section id='".$tittles[$i]."'>
<div class='zoom'>
<div class='code showtimes'>
<div class='image'><img src='".$prefix."img/films/".$tittles[$i].".jpg' alt='".$tittles[$i]."' /></div>
<h2>".$tittle."</h2>
<hr />
<div class='blockquote'>
<p>".$descriptions[$i]."</p>
</div>
<li>Duración: ".$times[$i]." minutos</li>
<li>Lenguaje: ".$languages[$i]."</li>
</div>
</div>
</section>
";
}
$reply .= "</div>\n";
break;
case "Panel de Administrador":
$reply .= "<div class='column'>";
for($i = 0; $i < count($films_array); $i++){
$tittle = str_replace('_', ' ', $tittles[$i]);
if($i%2 === 0){
if($i != 0) $reply .= "</div>
";
$reply .= "<div class='column side'>
";
}
else{
if($i != 0) $reply .= "</div>
";
$reply .= "<div class='column middle'>
";
}
$reply .= "<section id='".$tittles[$i]."'>
<div class='zoom'>
<div class='code showtimes'>
<div class='image'><img src='".$prefix."img/films/".$tittles[$i].".jpg' alt='".$tittles[$i]."' /></div>
<h2>".$tittle."</h2>
<hr />
<form method='post' action='./index.php?state=mf'>
<input name='id' type='hidden' value='".$ids[$i]."'>
<input name='tittle' type='hidden' value='".$tittles[$i]."'>
<input name='duration' type='hidden' value='".$times[$i]."'>
<input name='language' type='hidden' value='".$languages[$i]."'>
<input name='description' type='hidden' value='".$descriptions[$i]."'>
<input type='submit' id='submit' value='Editar' name='edit_film' class='primary' />
</form>
<form method='post' action='./index.php?state=mf'>
<input name='id' type='hidden' value='".$ids[$i]."'>
<input name='tittle' type='hidden' value='".$tittles[$i]."'>
<input name='duration' type='hidden' value='".$times[$i]."'>
<input name='language' type='hidden' value='".$languages[$i]."'>
<input name='description' type='hidden' value='".$descriptions[$i]."'>
<input type='submit' id='submit' value='Eliminar' name='delete_film' class='primary' />
</form>
</div>
</div>
</section>
";
}
$reply .= "</div>\n";
break;
case "Panel de Gerente":
break;
default:
$reply .='<div class="column left">
<div class="galery">
<h1>Últimos Estrenos</h1><hr />';
$count = 0;
for($i = count($tittles)-4; $i < count($tittles); $i++){
if($count%2===0){
if($count != 0) $reply .= "
</div>";
$reply .= "
<div class='fila'>";
}
$reply .= "
<div class='zoom'>
<div class='columna'>
<a href='".$prefix."showtimes/#".$tittles[$i]."'><div class='image'><img src='img/films/".$tittles[$i].".jpg' alt='".$tittles[$i]."' /></div></a>
</div>
</div>";
$count++;
}
$reply .= "
</div>
</div>
</div>
<div class='column right'>
<div class='galery'>";
$count = rand(0, count($tittles)-1);
$title = str_replace('_', ' ', $tittles[$count]);
$reply .= "
<h1>{$title}</h1><hr />
<div class='zoom'>
<a href='".$prefix."showtimes/#".$tittles[$count]."'><div class='image main'><img src='img/films/".$tittles[$count].".jpg' alt='".$tittles[$count]."' /></div></a>
</div>
</div>
</div>\n";
break;
}
return $reply;
}
//Print Cinemas info:
function print_cinemas(){
$reply = "";
//List of the cinemas:
require_once(__DIR__.'/common/cinema_dao.php');
$cine = new Cinema_DAO("complucine");
$cinemas = $cine->allCinemaData();
$ids = array();
$names = array();
$directions = array();
$phones = array();
if(is_array($cinemas)){
foreach($cinemas as $key => $value){
$ids[$key] = $value->getId();
$names[$key] = $value->getName();
$directions[$key] = $value->getDirection();
$phones[$key] = $value->getPhone();
}
}
switch($this->page){
case "Panel de Administrador":
$reply .= "<div class='row'>
<div class='column side'></div>
<div class='column middle'>
<table class='alt'>
<thead>
<tr>
<th>Id</th>
<th>Nombre</th>
<th>Direccion</th>
<th>Telefono</th>
</tr>
</thead>
<tbody>
";
if(is_array($cinemas)){
for($i = 0; $i < count($cinemas); $i++){
$reply .= '<tr>
<td>'. $ids[$i] .'</td>
<td>'. $names[$i] .'</td>
<td>'. $directions[$i] .'</td>
<td>'. $phones[$i] .'</td>
<td>
<form method="post" action="index.php?state=mc">
<input name="id" type="hidden" value="'.$ids[$i].'">
<input name="name" type="hidden" value="'.$names[$i].'">
<input name="direction" type="hidden" value="'.$directions[$i].'">
<input name="phone" type="hidden" value="'.$phones[$i].'">
<input type="submit" id="submit" value="Editar" name="edit_cinema" class="primary" />
</form>
</td>
<td>
<form method="post" action="index.php?state=mc">
<input name="id" type="hidden" value="'.$ids[$i].'">
<input name="name" type="hidden" value="'.$names[$i].'">
<input name="direction" type="hidden" value="'.$directions[$i].'">
<input name="phone" type="hidden" value="'.$phones[$i].'">
<input type="submit" id="submit" value="Eliminar" name="delete_cinema" class="primary" />
</form>
</td>
</tr>
';
}
}
$reply .='</tbody>
</table>
</div>
<div class="column side"></div>
';
break;
default:
break;
}
return $reply;
}
//Print session MSG:
function print_msg() {
if(isset($_SESSION['message'])){
echo "<div>".$_SESSION['message']."</div>";
unset($_SESSION['message']);
}
}
//Print generic Footer:
function print_footer(){
$prefix = $this->prefix;
/* TODO */
$css = "{$prefix}assets/css/highContrast.css";
$nameCSS = "Alto Contraste";
//$css = "{$prefix}assets/css/main.css";
//$nameCSS = "Contraste Normal";
echo"<footer>
<div class='footer'>
<p>© Práctica 2 | Sistemas Web 2021 </p>
</div>
<a href='{$prefix}fdicines/about_us/'>Sobre FDI-Cines</a> |
<a href='{$prefix}fdicines/terms_conditions/'>Términos de uso</a> |
<a href='{$prefix}cinemas/'>Nuestros cines</a> |
<a href='{$prefix}contacto/'>Contacto</a> |
<button onclick=\"cambiarCSS('$css');\">$nameCSS</button>
</footer>\n";
echo"
<!-- Scripts -->
<script src='{$prefix}assets/js/cambiarCSS.js'></script>\n";
}
}
?>