shop.php[CODE] <?php include("functions\uploadFunction.php"); ?> <?php

1. shop.php
2. [CODE]
3. <?php include("functions\uploadFunction.php"); ?>
4.  
5. <?php if($user_home->is_logged_in()){ ?>
6. <div class="row">
7. <div class="col-lg-8 col-lg-offset-2">
8. <h2 class="section-heading">Place an Order</h2>
9. <div class="text-center" style="input, select, textarea{
10. color: #000;
11. }">
12.  
13.  
14. </div><BR>
15.  
16. <form role="form" class="userTrans" method="POST" enctype="multipart/form-data">
17. <input type="hidden" value="OrderInsert" name="act_userTrans">
18.  
19.  
20.  
21. <div class="form-group">
22. <label for="text"> Customer ID</label>
23.  
24. <input type="text" value=" <?php echo $row['userID'];?> " class="form-control" id="customerid" name="customerid" readonly >
25.  
26. </div>
27.  
28.  
29. <div class="form-group">
30. <label for="text"> Customer Name</label>
31.  
32. <input type="text" value=" <?php echo $row['userfirstName']; echo '&nbsp;'; echo $row['userlastName']; ?> " class="form-control" id="customername" name="customername" readonly >
33.  
34. </div>
35. <div class="form-group">
36. <label for="text"> Mailing Address</label>
37. <input type="text" value=" <?php echo $row['userAddress']; ?> " class="form-control" id="customeraddress" name="customeraddress" readonly >
38. <input type="hidden" value=" <?php date_default_timezone_set("Asia/Taipei"); echo date("Y-m-d h:i:s A"); ?> " class="form-control" id="dateandtimeorder" name="dateandtimeorder" readonly >
39.  
40. </div>
41. <script type="text/javascript">
42. var a = new Array(150,240,360,50,50,50,80,60,50,50,50,50,60,50,55,56,50,70);
43.  
44.  
45.  
46. </script>
47.  
48. <div class="form-group">
49. <label for="typeofservice">Select Type of Service</label>
50. <select id="typeofservice" class="form-control" name="typeofservice" onchange="
51.  
52. document.getElementById('price').value = parseFloat(a[this.selectedIndex]).toFixed(2);
53. ">
54. <option value="Tarpaulin2x3">Tarpaulin2x3</option>
55. <option value="Tarpaulin2x3">Tarpaulin3x4</option>
56. <option value="Tarpaulin2x3">Tarpaulin3x6</option>
57. <option value="Package 1 Rush ID 2x2/1x1">Package 1 Rush ID 2x2/1x1</option>
58. <option value="Package 2 Rush ID Passport and 1x1">Package 2 Rush ID Passport and 1x1</option>
59. <option value="Package 3 Rush ID 1.x1.5 and 1x1">Package 3 Rush ID 1.x1.5 and 1x1</option>
60. <option value="Package 4 2x2 passport and 1x1">Package 4 2x2 passport and 1x1</option>
61. <option value="Graphic Layout">Grahpic Layout</option>.
62. <option value="Photocopy">Photocopy</option>
63. <option value="Panaflex">Panaflex</option>
64. <option value="Signages">Signages</option>
65. <option value="Stickers">Stickers</option>
66. <option value="Sintra board">Sintra board</option>
67. <option value="Large Format Photo">Large Format Photo</option>
68. <option value="PVC ID">PVC ID</option>
69. <option value="Lamination">Lamination</option>
70. <option value="Bag Tags">Bag Tags</option>
71. <option value="Notary Public">Notary Public</option>
72.  
73. </select>
74. </div>
75.  
76.  
77.  
78. <div class="form-group">
79. <label for="templateselect">Template Selection</label>
80. <select id="templateselect" class="form-control" name="templateselect">
81. <option value="Own Made Template">Own Made Template</option>
82. <option value="Pre-made Template">Pre-made Template</option>
83.  
84. </select>
85. </div>
86.  
87.  
88. <div class="form-group">
89. <label for="delivery">Mode of Payment</label>
90. <select id="delivery" class="form-control" name="delivery">
91. <option value="Cash on Delivery">Cash on Delivery</option>
92. <option value="Pickup">Pickup only</option>
93.  
94. </select>
95. </div>
96. <div class="form-group">
97. <label for="text">Price</label>
98. <input type="text" class="form-control" id="price" name="price" readonly>
99.  
100.  
101. </div>
102.  
103. <div class="form-group">
104. <label for="text">More details about your order</label>
105. <input type="text" class="form-control" id="orderdetails" name="orderdetails">
106. <br>
107. </div>
108.  
109. <!--
110. <div class="form-group">
111. <label for="image">Upload</label>
112. <input type="file" class="form-control-file" id="image" name="image">
113. <br>
114. </div>
115. -->
116.  
117.  
118.  
119. <!--UPLOAD PART -->
120.  
121. <br>
122. <br>
123.  
124.  
125.  
126.  
127.  
128. <button type="submit" name="upload" value="Upload Now" class="btn btn-default userTrans">Submit</button>
129. </div>
130.  
131.  
132.  
133. </div>
134.  
135. <br><br>
136. <!--TEMPLATES-->
137.  
138. <div class="container-fluid">
139. <div class="row no-gutter">
140. <div class="col-lg-4 col-sm-6">
141. <a href="http://www.freepptbackgrounds.net/wp-content/uploads/2013/11/Wedding-Concept-Powerpoint-Template-800x600.jpg" class="portfolio-box">
142. <img src="http://www.freepptbackgrounds.net/wp-content/uploads/2013/11/Wedding-Concept-Powerpoint-Template-800x600.jpg" class="img-responsive" alt="">
143. <div class="portfolio-box-caption">
144. <div class="portfolio-box-caption-content">
145. <div class="project-category text-faded">
146.  
147. </div>
148. <div class="project-name">
149. Template 1
150. </div>
151. </div>
152. </div>
153. </a>
154. </div>
155. <div class="col-lg-4 col-sm-6">
156. <a href="http://www.freepptbackgrounds.net/wp-content/uploads/2012/12/Colorful-Birthday-Balloons-PPT-Backgrounds-800x600.jpg" class="portfolio-box">
157. <img src="http://www.freepptbackgrounds.net/wp-content/uploads/2012/12/Colorful-Birthday-Balloons-PPT-Backgrounds-800x600.jpg" class="img-responsive" alt="">
158. <div class="portfolio-box-caption">
159. <div class="portfolio-box-caption-content">
160. <div class="project-category text-faded">
161.  
162. </div>
163. <div class="project-name">
164. Template 2
165. </div>
166. </div>
167. </div>
168. </a>
169. </div>
170. <div class="col-lg-4 col-sm-6">
171. <a href="http://images.sharefaith.com/images/3/1274207732381_2859/slide-42.jpg" class="portfolio-box">
172. <img src="http://images.sharefaith.com/images/3/1274207732381_2859/slide-42.jpg" class="img-responsive" alt="">
173. <div class="portfolio-box-caption">
174. <div class="portfolio-box-caption-content">
175. <div class="project-category text-faded">
176.  
177. </div>
178. <div class="project-name">
179. Template 3
180. </div>
181. </div>
182. </div>
183. </a>
184. </div>
185. <div class="col-lg-4 col-sm-6">
186. <a href="http://newkilpatrickblog.typepad.com/files/doveblank.jpg" class="portfolio-box">
187. <img src="http://newkilpatrickblog.typepad.com/files/doveblank.jpg" class="img-responsive" alt="">
188. <div class="portfolio-box-caption">
189. <div class="portfolio-box-caption-content">
190. <div class="project-category text-faded">
191.  
192. </div>
193. <div class="project-name">
194. Template 4
195. </div>
196. </div>
197. </div>
198. </a>
199. </div>
200. <div class="col-lg-4 col-sm-6">
201. <a href="http://www.freepptbackgrounds.net/wp-content/uploads/2013/11/Happy-New-Year-PPT-Backgrounds-800x600.jpg" class="portfolio-box">
202. <img src="http://www.freepptbackgrounds.net/wp-content/uploads/2013/11/Happy-New-Year-PPT-Backgrounds-800x600.jpg" class="img-responsive" alt="">
203. <div class="portfolio-box-caption">
204. <div class="portfolio-box-caption-content">
205. <div class="project-category text-faded">
206.  
207. </div>
208. <div class="project-name">
209. Template 5
210. </div>
211. </div>
212. </div>
213. </a>
214. </div>
215. <div class="col-lg-4 col-sm-6">
216. <a href="http://www.freepptbackgrounds.net/wp-content/uploads/2013/12/Xmas-Snows-PPT-Backgrounds-800x600.jpg" class="portfolio-box">
217. <img src="http://www.freepptbackgrounds.net/wp-content/uploads/2013/12/Xmas-Snows-PPT-Backgrounds-800x600.jpg" class="img-responsive" alt="">
218. <div class="portfolio-box-caption">
219. <div class="portfolio-box-caption-content">
220. <div class="project-category text-faded">
221.  
222. </div>
223. <div class="project-name">
224. Template 6
225. </div>
226. </div>
227. </div>
228. </a>
229. </div>
230.  
231.  
232.  
233.  
234.  
235.  
236.  
237.  
238. </form>
239.  
240. <div>
241.  
242.  
243.  
244. </div>
245.  
246.  
247. <?php } else { ?>
248. <!-- Do not use center tags when you're using bootstrap framework -->
249. <!--<center> Please Login to Place an Order </center>-->
250. <div class="text-center"> Please Login to Place an Order </div>
251.  
252. <?php } ?>
253.  
254.  
255.  
256.  
257.  
258.  
259.  
260.  
261.  
262.  
263.  
264.  
265.  
266.  
267.  
268.  
269.  
270. [/CODE]
271.  
272.  
273.  
274.  
275. userTrans.php
276. [CODE]<?php
277.  
278.  
279.  
280.  
281. error_reporting(E_ALL ^E_NOTICE ^E_WARNING);
282. session_start();
283. require_once 'includes/class.user.php';
284. $user_home = new USER();
285.  
286. if($user_home->is_logged_in()){
287. $stmt = $user_home->runQuery("SELECT * FROM tbl_users WHERE userID=:uid");
288. $stmt->execute(array(":uid"=>$_SESSION['userSession']));
289. $row = $stmt->fetch(PDO::FETCH_ASSOC);
290.  
291. }
292.  
293. //JSON Transactions to-do
294. function response($status,$text,$refresh=0,$link="none") {
295. $status = array(
296. 'status' => $status,
297. 'text' => $text,
298. 'refresh' => $refresh,
299. 'link' => $link
300. // echo response (status,text,refresh,link)
301. );
302. return json_encode($status);
303. }
304.  
305. $activity = $_POST[act_userTrans];
306. if (isset($activity)){
307.  
308. if(!$user_home->is_logged_in()){
309.  
310. //Beyond this line lies functions that only work when not logged in.
311.  
312. if( $activity == "login" )
313. {
314. $email = trim($_POST['txtemail']);
315. $upass = trim($_POST['txtupass']);
316. $login = $user_home->login($email,$upass);
317. if($login[status]==1)
318. {
319. //$user_home->redirect('index.php');
320. echo response(1,'Login Success, redirecting....',1);
321. }else
322. {
323. echo response(0,''.$login[msg].'',0);
324. }
325. }
326. if( $activity == "register")
327. {
328.  
329.  
330. require_once( __DIR__ . '/functions/CaptchasDotNet.php');
331.  
332. // See query.php for documentation
333.  
334. $captchas = new CaptchasDotNet ('demo', 'secret',
335. '/tmp/captchasnet-random-strings','3600',
336. 'abcdefghkmnopqrstuvwxyz','6',
337. '240','80','000088');
338.  
339. // Read the form values
340. $message = $_REQUEST['message'];
341. $captcha = $_REQUEST['captcha'];
342. $random_string = $_REQUEST['random'];
343.  
344.  
345. $cap = $captchas->verify ($captcha);
346. //echo response(0,$captchas->verify ($captcha),0);
347.  
348. //exit();
349.  
350.  
351. // Check the random string to be valid and return an error message
352. // otherwise.
353. if (!$captchas->validate ($random_string))
354. {
355.  
356. $a = 'The session key (random) does not exist, please go back and reload form.<br/>
357. In case you are the administrator of this page,
358. please check if random keys are stored correct.<br/>
359. See http://captchas.net/sample/php/ "Problems with save mode"';
360.  
361. echo response(0,$a,0);
362. }
363. // Check, that the right CAPTCHA password has been entered and
364. // return an error message otherwise.
365. elseif (!$cap)
366. {
367.  
368.  
369.  
370.  
371. echo response(0, 'You entered the wrong password. Aren\'t you human? Please use back button and reload.',0);
372. }
373. // Return a success message
374. else
375. {
376. //echo 'Your message was verified to be entered by a human and is "' . $message . '"';
377.  
378.  
379. $uname = trim($_POST['txtuname']);
380. $email = trim($_POST['txtemail']);
381. $upass = trim($_POST['txtpass']);
382. $code = md5(uniqid(rand()));
383. $ufname = trim($_POST['txtufirstname']);
384. $ulname = trim($_POST['txtulastname']);
385. $umname = trim($_POST['txtumiddlename']);
386. $uaddress = trim($_POST['txtuseraddress']);
387. $usquestion = trim($_POST['txtusecretquestion']);
388. $usanswer = trim($_POST['txtusecretanswer']);
389. $ubirthdate = trim($_POST['txtuserbirthDate']);
390.  
391. /* need NULL output errors*/
392.  
393.  
394. $stmt = $user_home->runQuery("SELECT * FROM tbl_users WHERE userEmail=:email_id");
395. $stmt->execute(array(":email_id"=>$email));
396. $row = $stmt->fetch(PDO::FETCH_ASSOC);
397.  
398. if($stmt->rowCount() > 0)
399. {
400. /*$msg = "
401. <div class='alert alert-error'>
402. <button class='close' data-dismiss='alert'>&times;</button>
403. <strong>Sorry !</strong> email allready exists , Please Try another one
404. </div>
405. ";*/
406. echo response(0,'Sorry! mail allready exists , Please Try another one',0);
407. }
408. else
409. {
410. if($user_home->register($uname,$email,$upass,$code,$ufname,$ulname,$umname,$uaddress,$usquestion,$usanswer,$ubirthdate))
411. {
412. $key = urlencode(base64_encode($uname));
413.  
414.  
415. $message = "
416. Hello $ufname,
417. <br /><br />
418. Welcome to Crossway Printing<br/>
419. To complete your registration please , just click following link<br/>
420. <br /><br />
421. <a href='http://{$_SERVER[HTTP_HOST]}/?p=verify&id=$key&code=$code'>Click HERE to Activate :)</a>
422. <br /><br />
423. Thanks,";
424.  
425. $subject = "Crossway Printing: Confirm Registration";
426.  
427. $user_home->send_mail($email,$message,$subject);
428. /*$msg = "
429. <div class='alert alert-success'>
430. <button class='close' data-dismiss='alert'>&times;</button>
431. <strong>Success!</strong> We've sent an email to $email.
432. Please click on the confirmation link in the email to create your account.
433. </div>
434. ";*/
435. echo response(1,"Success! We've sent an email to $email. Please click on the confirmation link in the email to create your account.",0);
436. }
437. else
438. {
439. //echo "sorry , Query could no execute...";
440. echo response(0,'Sorry! Query could not execute...',0);
441. }
442. }
443.  
444.  
445.  
446. }
447.  
448. }
449.  
450. }else{
451. //Beyond this line lies functions that only work when logged in.
452. if($user_home->is_admin() || $user_home->is_auditor())
453. {
454. //Beyond this line lies functions that only works for admin OR auditor
455. if($activity == "newsInsert")
456. {
457. $title = $_POST[title];
458. $ctg = (int)$_POST[ctg];
459. $content = $_POST[text2];
460. if($user_home->newsInsert($_SESSION[userSession],$content,$ctg,$title))
461. {
462. echo response(1,'Inserting '.$title.' news, success!',0);
463. }else{
464. echo response(0,'Inserting '.$title.' news, failed!',0);
465. }
466.  
467. }
468. if($activity == "newsUpdate")
469. {
470. $title = htmlspecialchars($_POST[title]);
471. $id = (int)$_POST[id];
472. $ctg = (int)$_POST[ctg];
473. $content = $_POST[text2];
474. if($user_home->newsUpdate($_SESSION[userSession],$title,$ctg,$content,$id))
475. {
476. echo response(1,'Updating '.$title.' news, success!',0);
477. }else{
478. echo response(0,'Updating '.$title.' news, failed!',0);
479. }
480.  
481. }
482. if($activity=="newsDelete"){
483. $id = (int)$_POST[id];
484. $user_home->doDeleteNews($id);
485. echo response(1,'News Deletion success!',1);
486.  
487. }
488.  
489. }
490. }
491. }
492.  
493.  
494.  
495.  
496.  
497. if($user_home->is_admin() || $user_home->is_auditor())
498. {
499. //Beyond this line lies functions that only works for admin OR auditor
500. if($activity == "iteminsert")
501. {
502. $itemname = $_POST[itemname];
503. $itemcategory = (int)$_POST[itemcategory];
504. $itemquantity = (int)$_POST[itemquantity];
505. $ishidden = (int)$_POST[hidden];
506. $itemprice = (int) $_POST[itemprice];
507. if($user_home->itemInsert($_SESSION[userSession],$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice))
508. {
509. echo response(1,'Inserting '.$itemname.' item, success!',0);
510. }else{
511. echo response(0,'Inserting '.$itemname.' item, failed!',0);
512. }
513.  
514. }
515.  
516.  
517.  
518.  
519. if($activity=="doDeleteItem"){
520. $id = (int)$_POST[id];
521. $user_home->doDeleteItem($id);
522. echo response(1,'Item Deletion success!',1);
523. }
524.  
525. if($activity=="doUserUpdate"){
526. $id = (int)$_POST[userID];
527. $usertype = (int)$_POST[usertype];
528. $user_home->doUserUpdate($id,$usertype);
529. echo response(1,'Editing Success!!',1);
530. }
531.  
532. if($activity=="doStatusUpdate")
533. {
534. $id = (int)$_POST[orderID];
535. $status = $_POST[Status];
536. $user_home->doStatusUpdate($id,$status);
537. echo response(1,'Editing Success!!',1);
538. }
539.  
540.  
541.  
542. if($activity == "itemUpdate")
543. {
544. $id = (int)$_POST[id];
545. $itemname = $_POST[itemname];
546. $itemcategory = (int)$_POST[itemcategory];
547. $itemquantity = (int)$_POST[itemquantity];
548. $ishidden = (int)$_POST[ishidden];
549. $itemprice = (int) $_POST[itemprice];
550.  
551. if($user_home->itemUpdate($_SESSION[userSession],$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice,$id))
552. {
553. echo response(1,'Updating '.$itemname.' item, success!',0);
554. }else{
555. echo response(0,'Updating '.$itemname.' item, failed!',0);
556. }
557.  
558. }
559.  
560.  
561. }
562.  
563.  
564.  
565. // ordering system na itot
566.  
567.  
568. if($activity == "OrderInsert")
569. {
570. /*
571. echo response(0,'<pre>' . print_r($_FILES, 1) . '</pre>',0);
572.  
573. exit();
574.  
575. $image_name = $_FILES['image']['name'];
576. $image_type = $_FILES['image']['type'];
577. $image_size = $_FILES['image']['size'];
578. $image_tmp_name = $_FILES['image']['tmp_name'];
579.  
580. if($image_name==''){
581. echo response(1,'Please Select an Image',0);
582. }
583. else
584. {
585. move_uploaded_file($image_tmp_name,"photos/$image_name");
586.  
587. }
588. */
589.  
590.  
591.  
592.  
593.  
594.  
595. $typeofservice = $_POST[typeofservice];
596. $templateselect = $_POST[templateselect];
597. $orderdetails = $_POST[orderdetails];
598. $customername = $_POST[customername];
599. $customeraddress = $_POST[customeraddress];
600. $delivery = $_POST[delivery];
601. $customerid = $_POST[customerid];
602. $dateandtimeorder = $_POST[dateandtimeorder];
603. $price = $_POST[price];
604. $ishidden = (int)$_POST[hidden];
605. if($user_home->orderInsert($_SESSION[userSession],$price,$dateandtimeorder,$customerid,$delivery,$customeraddress,$customername,$orderdetails,$templateselect,$typeofservice,$ishidden))
606. {
607. echo response(1,'Thank you for Ordering! '.$customername.' your order will be in pending status and awaiting for price adjustment!',0);
608. }else{
609. echo response(0,'Order Failed please contact in email or send us a ticket at helpdesk '.$typeofservice.' Status failed!',0);
610. }
611.  
612.  
613.  
614.  
615.  
616.  
617.  
618.  
619. }
620.  
621.  
622.  
623.  
624.  
625.  
626.  
627.  
628.  
629.  
630.  
631.  
632.  
633.  
634.  
635.  
636.  
637. ?>[/CODE]
638.  
639.  
640.  
641. class.user.php
642.  
643. [CODE]<?php
644.  
645. require_once 'dbconfig.php';
646.  
647. class USER
648. {
649.  
650. private $conn;
651.  
652. public function __construct()
653. {
654. $database = new Database();
655. $db = $database->dbConnection();
656. $this->conn = $db;
657. }
658.  
659. public function runQuery($sql)
660. {
661. $stmt = $this->conn->prepare($sql);
662. return $stmt;
663. }
664.  
665. public function lasdID()
666. {
667. $stmt = $this->conn->lastInsertId();
668. return $stmt;
669. }
670.  
671. function doCheckCaptchaResult($captcha,$ip){
672. $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Ld0cQgTAAAAADvO9VpqOt02GYKZ3Efaa9ySv5__&response=".$captcha."&remoteip=".$ip);
673. return $response.success;
674. }
675.  
676. public function register($uname,$email,$upass,$code,$ufname,$ulname,$umname,$uaddress,$usquestion,$usanswer,$ubirthdate)
677. {
678. try
679. {
680. $password = md5($upass);
681. $stmt = $this->conn->prepare("INSERT INTO tbl_users(userName,userEmail,userPass,tokenCode,userfirstName,userlastName,usermiddleName,userAddress,usersecretQuestion,usersecretAnswer,userbirthDate)
682. VALUES(:user_name, :user_mail, :user_pass, :active_code, :user_fname, :user_lname, :user_mname, :user_address, :user_secretquestion, :user_answer, :user_birthdate)");
683.  
684. $stmt->bindparam(":user_name",$uname);
685. $stmt->bindparam(":user_mail",$email);
686. $stmt->bindparam(":user_pass",$password);
687. $stmt->bindparam(":active_code",$code);
688. $stmt->bindparam(":user_fname",$ufname);
689. $stmt->bindparam(":user_lname",$ulname);
690. $stmt->bindparam(":user_mname",$umname);
691. $stmt->bindparam(":user_address",$uaddress);
692. $stmt->bindparam(":user_secretquestion",$usquestion);
693. $stmt->bindparam(":user_answer",$usanswer);
694. $stmt->bindparam(":user_birthdate",$ubirthdate);
695. $stmt->execute();
696. return $stmt;
697. }
698. catch(PDOException $ex)
699. {
700. echo $ex->getMessage();
701. }
702. }
703.  
704. public function newsInsert($authorUserNum,$content,$newsCtg,$title)
705. {
706. try
707. {
708. $stmt = $this->conn->prepare("INSERT INTO tbl_news(authorUserNum,content,newsCtg,title)
709. VALUES(:author_UserNum, :topic_content, :news_Ctg, :topic_title)");
710.  
711. $stmt->bindparam(":author_UserNum",$authorUserNum);
712. $stmt->bindparam(":topic_content",$content);
713. $stmt->bindparam(":news_Ctg",$newsCtg);
714. $stmt->bindparam(":topic_title",$title);
715. $stmt->execute();
716. return $stmt;
717. }
718. catch(PDOException $ex)
719. {
720. echo $ex->getMessage();
721. }
722. }
723. public function newsUpdate($usernum,$title,$ctg,$content,$id)
724. {
725. try
726. {
727. $stmt = $this->conn->prepare("UPDATE tbl_news SET content=:topic_content,newsCtg=:news_Ctg,title=:topic_title WHERE id=:id");
728.  
729. $stmt->bindparam(":id",$id);
730. $stmt->bindparam(":topic_content",$content);
731. $stmt->bindparam(":news_Ctg",$newsCtg);
732. $stmt->bindparam(":topic_title",$title);
733. $stmt->execute();
734. return $stmt;
735. }
736. catch(PDOException $ex)
737. {
738. echo $ex->getMessage();
739. }
740. }
741. public function getNewsList()
742. {
743. $stmt = $this->conn->prepare("SELECT * from tbl_news ORDER BY newsDate DESC");
744. $stmt->execute();
745. return $stmt;
746. }
747.  
748. public function getNewsDetail($id)
749. {
750. $id = (int)$id;
751. $stmt = $this->conn->prepare("SELECT * from tbl_news WHERE id=:id");
752. $stmt->bindparam(":id",$id);
753. $stmt->execute();
754. return $stmt;
755. }
756. public function getAuthor($id)
757. {
758. $id = (int)$id;
759. $stmt = $this->conn->prepare("SELECT userfirstName from tbl_users WHERE userID=:id ");
760. $stmt->bindparam(":id",$id);
761. $stmt->execute();
762. foreach($stmt as $author){
763. return $author->userfirstName;
764. }
765. //return $stmt;
766. }
767. public function doDeleteNews($id)
768. {
769. $id = (int)$id;
770. $stmt = $this->conn->prepare("DELETE from tbl_news WHERE id=:id");
771. $stmt->bindparam(":id",$id);
772. $stmt->execute();
773. return $stmt;
774. }
775. public function itemInsert($usersession,$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice)
776. {
777.  
778.  
779. try
780. {
781. $stmt = $this->conn->prepare("INSERT INTO tbl_product(ItemName,ItemCategory,ItemQuantity,isHidden,ItemPrice)
782. VALUES(:itemname, :itemcategory, :itemquantity, :ishidden, :itemprice)");
783.  
784. $stmt->bindparam(":itemname",$itemname);
785. $stmt->bindparam(":itemcategory",$itemcategory);
786. $stmt->bindparam(":itemquantity",$itemquantity);
787. $stmt->bindparam(":ishidden",$ishidden);
788. $stmt->bindparam(":itemprice",$itemprice);
789. $stmt->execute();
790. return $stmt;
791. }
792. catch(PDOException $ex)
793. {
794. echo $ex->getMessage();
795. }
796. }
797.  
798. public function getItemList($search="")
799. {
800. if($search==""){
801. $stmt = $this->conn->prepare("SELECT * from tbl_product ORDER BY ItemQuantity ASC, ItemID DESC");
802. $stmt->execute();
803. }else{
804. $search = "%$search%";
805. $stmt = $this->conn->prepare("SELECT * from tbl_product WHERE ItemName LIKE :search");
806. $stmt->bindparam(":search",$search);
807. $stmt->execute();
808. }
809.  
810.  
811. return $stmt;
812. }
813. public function itemUpdate($usersession,$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice,$id)//transform to item again, wait may asikasuhin ako saglit sa database, nagcrash e okss
814. {
815. try
816. {
817. $stmt = $this->conn->prepare("UPDATE tbl_product SET ItemName=:itemname,ItemCategory=:itemcategory,ItemQuantity=:itemquantity,isHidden=:ishidden, ItemPrice=:itemprice WHERE ItemID=:id");
818.  
819. $stmt->bindparam(":itemname",$itemname);
820. $stmt->bindparam(":itemcategory",$itemcategory);
821. $stmt->bindparam(":itemquantity",$itemquantity);
822. $stmt->bindparam(":ishidden",$ishidden);
823. $stmt->bindparam(":itemprice",$itemprice);
824. $stmt->bindparam(":id",$id);
825. $stmt->execute();
826. return $stmt;
827. }
828. catch(PDOException $ex)
829. {
830. echo $ex->getMessage();
831. }
832. }
833. public function getCategory($ctg){
834. switch($ctg)
835. {
836. case 0: return "Tarpaulin"; break;
837. case 1: return "Rush ID"; break;
838. case 2: return "Photocopy"; break;
839. case 3: return "Graphic Layout"; break;
840. case 4: return "Invitation"; break;
841. case 5: return "Panaflex"; break;
842. case 6: return "Signages"; break;
843. case 7: return "Stickers"; break;
844. case 8: return "Sintra board"; break;
845. case 9: return "Large Format Photo"; break;
846. case 10: return "PVC ID"; break;
847. case 11: return "Lamination"; break;
848. case 12: return "Bag Tags"; break;
849. case 13: return "Notary Public"; break;
850. case 14: return "Scan"; break;
851. default: return "Tarpaulin";
852. }
853. }
854. public function getItemDetail($id)
855. {
856. $id = (int)$id;
857. $stmt = $this->conn->prepare("SELECT * from tbl_product WHERE ItemID=:id");
858. $stmt->bindparam(":id",$id);
859. $stmt->execute();
860. return $stmt;
861. }
862. public function doDeleteItem($id)
863. {
864. $id = (int)$id;
865. $stmt = $this->conn->prepare("DELETE from tbl_product WHERE ItemID=:id");
866. $stmt->bindparam(":id",$id);
867. $stmt->execute();
868. return $stmt;
869. }
870. public function login($email,$upass)
871. {
872. try
873. {
874. $stmt = $this->conn->prepare("SELECT * FROM tbl_users WHERE userEmail=:email_id");
875. $stmt->execute(array(":email_id"=>$email));
876. $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
877.  
878. if($stmt->rowCount() == 1)
879. {
880. if($userRow['userStatus']=="Y")
881. {
882. if($userRow['userPass']==md5($upass))
883. {
884. $_SESSION['userSession'] = $userRow['userID'];
885. $_SESSION['usertype'] = $userRow['usertype'];
886. $result = array (
887. 'status' => 1,
888. 'msg' => 'Login Success'
889. );
890. return $result;
891. }
892. else
893. {
894. $result = array (
895. 'status' => 0,
896. 'msg' => 'Password Incorrect'
897. );
898. return $result;
899. }
900. }
901. else
902. {
903. $result = array (
904. 'status' => 0,
905. 'msg' => 'Account Inactive'
906. );
907. return $result;
908. }
909. }
910. else
911. {
912. $result = array (
913. 'status' => 0,
914. 'msg' => 'Account Not Found'
915. );
916. return $result;
917. }
918. }
919. catch(PDOException $ex)
920. {
921. echo $ex->getMessage();
922. }
923. }
924.  
925.  
926. public function is_logged_in()
927. {
928. if(isset($_SESSION['userSession']))
929.  
930. {
931. return true;
932. }
933. }
934.  
935. public function is_admin()
936. {
937. if(isset($_SESSION['usertype']))
938. {
939. if($_SESSION['usertype']==1)return true;
940. else return false;
941. }
942. }
943.  
944.  
945. public function is_auditor()
946. {
947. if(isset($_SESSION['usertype']))
948. {
949. if($_SESSION['usertype']==2)return true;
950. else return false;
951. }
952. }
953.  
954. public function is_member()
955. {
956. if(isset($_SESSION['usertype']))
957. {
958. if($_SESSION['usertype']==0)return true;
959. else return false;
960. }
961. }
962.  
963.  
964. public function getUserList($search="")
965. {
966. if($search==""){
967. $stmt = $this->conn->prepare("SELECT * from tbl_users ORDER BY userID DESC");
968. }else{
969. $search = "%$search%";
970. $stmt = $this->conn->prepare("SELECT * from tbl_users WHERE userfirstName LIKE :search");
971. $stmt->bindparam(":search",$search);
972. $stmt->execute();
973. }
974. $stmt->execute();
975. return $stmt;
976. }
977. public function getUserInfo($userid)
978. {
979. $stmt = $this->conn->prepare("SELECT * from tbl_users WHERE UserID=:userid");
980. $stmt->bindparam(":userid",$userid);
981. $stmt->execute();
982. return $stmt;
983. }
984.  
985. public function getStatusInfo($orderid)
986. {
987. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE orderID=:orderid");
988. $stmt->bindparam(":orderid",$orderid);
989. $stmt->execute();
990. return $stmt;
991. }
992. public function getOrderInfo($userid)
993. {
994. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE orderID=:orderid");
995. $stmt->bindparam(":orderid",$orderid);
996. $stmt->execute();
997. return $stmt;
998. }
999.  
1000. public function doUserUpdate($usernum,$usertype)
1001. {
1002. try
1003. {
1004. $stmt = $this->conn->prepare("UPDATE tbl_users SET usertype=:usertype WHERE userID=:id");
1005.  
1006. $stmt->bindparam(":id",$usernum);
1007. $stmt->bindparam(":usertype",$usertype);
1008.  
1009. $stmt->execute();
1010. return $stmt;
1011. }
1012. catch(PDOException $ex)
1013. {
1014. echo $ex->getMessage();
1015. }
1016. }
1017.  
1018. public function doStatusUpdate($ordernum,$status)
1019. {
1020. try
1021. {
1022. $stmt = $this->conn->prepare("UPDATE tbl_orderlist SET Status=:status WHERE orderID=:id");
1023.  
1024. $stmt->bindparam(":id",$ordernum);
1025. $stmt->bindparam(":status",$status);
1026.  
1027. $stmt->execute();
1028. return $stmt;
1029. }
1030. catch(PDOException $ex)
1031. {
1032. echo $ex->getMessage();
1033. }
1034. }
1035.  
1036.  
1037.  
1038. public function OrderInsert($usersession,$price,$dateandtimeorder,$customerid,$delivery,$customeraddress,$customername,$orderdetails,$templateselect,$typeofservice,$ishidden)
1039. {
1040.  
1041.  
1042. try
1043. {
1044. $stmt = $this->conn->prepare("INSERT INTO tbl_orderlist(TypeofService,TemplateSelect,OrderDetails,CustomerName,CustomerAddress,Delivery,CustomerID,DateandTimeOrder,Price,IsHidden)
1045. VALUES(:typeofservice, :templateselect, :orderdetails, :customername, :customeraddress, :delivery, :customerid, :dateandtimeorder, :price, :ishidden)");
1046.  
1047. $stmt->bindparam(":typeofservice",$typeofservice);
1048. $stmt->bindparam(":templateselect",$templateselect);
1049. $stmt->bindparam(":orderdetails",$orderdetails);
1050. $stmt->bindparam(":customername",$customername);
1051. $stmt->bindparam(":customeraddress",$customeraddress);
1052. $stmt->bindparam(":delivery",$delivery);
1053. $stmt->bindparam(":customerid",$customerid);
1054. $stmt->bindparam(":dateandtimeorder",$dateandtimeorder);
1055. $stmt->bindparam(":price",$price);
1056. $stmt->bindparam(":ishidden",$ishidden);
1057. $stmt->execute();
1058. return $stmt;
1059. }
1060. catch(PDOException $ex)
1061. {
1062. echo $ex->getMessage();
1063. }
1064. }
1065.  
1066.  
1067. public function getOrderList() {
1068.  
1069. if ( ! empty( $_SESSION['userSession'] ) ) {
1070.  
1071. $values = array( ":uid" => $_SESSION['userSession'] );
1072. $stmt = $this->conn->prepare("SELECT * FROM tbl_orderlist WHERE CustomerID = :uid");
1073. $stmt->execute($values);
1074. $row = $stmt->fetchAll();
1075.  
1076. // Uncomment this to debug
1077. // echo "<pre>";
1078. // print_r( $row );
1079. // echo "<pre>";
1080. //echo "Customer ID: " . $_SESSION['userSession'];
1081. //print_r( $row );
1082.  
1083.  
1084.  
1085. return $row;
1086. }
1087.  
1088. }
1089.  
1090.  
1091.  
1092.  
1093. public function getTotalOrderList()
1094. {
1095. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist ORDER BY orderID DESC");
1096. $stmt->execute();
1097. return $stmt;
1098.  
1099. echo "<pre>";
1100. print_r( $row );
1101.  
1102. }
1103.  
1104.  
1105. public function getPendingList()
1106. {
1107. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE status = 'Pending' ORDER BY orderID DESC");
1108. $stmt->execute();
1109. return $stmt;
1110.  
1111. echo "<pre>";
1112. print_r( $row );
1113.  
1114. }
1115.  
1116. public function getClaimedList()
1117. {
1118. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE status = 'Claimed' ORDER BY orderID DESC");
1119. $stmt->execute();
1120. return $stmt;
1121.  
1122. echo "<pre>";
1123. print_r( $row );
1124.  
1125. }
1126.  
1127.  
1128. public function gettotalsales()
1129. {
1130. $stmt = $this->conn->prepare("Select sum(Price) From tbl_orderlist");
1131. $stmt->execute();
1132. return $stmt;
1133.  
1134.  
1135. }
1136.  
1137.  
1138. public function getAllSales()
1139. {
1140. $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist");
1141. $stmt->execute();
1142. $result = $stmt->fetch();
1143. return $result;
1144.  
1145.  
1146. }
1147.  
1148. public function getallClaimedlist()
1149. {
1150. $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist WHERE status = 'Claimed'");
1151. $stmt->execute();
1152. $result = $stmt->fetch();
1153. return $result;
1154.  
1155.  
1156. }
1157.  
1158.  
1159.  
1160. public function getallPendinglist()
1161. {
1162. $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist WHERE status = 'Pending'");
1163. $stmt->execute();
1164. $result = $stmt->fetch();
1165. return $result;
1166.  
1167.  
1168. }
1169.  
1170.  
1171.  
1172.  
1173.  
1174.  
1175. /*
1176.  
1177. public function orderInsert($servicetype,$templateselection,$orderdetails)
1178. {
1179. try
1180. {
1181. $stmt = $this->conn->prepare("INSERT INTO tbl_order(TypeofService,TemplateSelect,orderdetails)
1182. VALUES(:Service_Type, :Template_Select, :order_details)");
1183.  
1184. $stmt->bindparam(":Service_Type",$servicetype);
1185. $stmt->bindparam(":Template_Select",$templateselection);
1186. $stmt->bindparam(":order_details",$orderdetails);
1187. $stmt->execute();
1188. return $stmt;
1189. }
1190. catch(PDOException $ex)
1191. {
1192. echo $ex->getMessage();
1193. }
1194. }
1195.  
1196.  
1197.  
1198. */
1199.  
1200.  
1201.  
1202.  
1203.  
1204.  
1205.  
1206.  
1207.  
1208.  
1209.  
1210.  
1211.  
1212.  
1213.  
1214.  
1215.  
1216.  
1217.  
1218.  
1219.  
1220.  
1221.  
1222.  
1223.  
1224. public function redirect($url)
1225. {
1226. header("Location: $url");
1227. }
1228.  
1229. public function logout()
1230. {
1231. session_destroy();
1232. $_SESSION['userSession'] = false;
1233. }
1234.  
1235. function send_mail($email,$message,$subject)
1236. {
1237.  
1238. $headers = "From: no-reply@crosswayprinting.ga\r\n";
1239. $headers .= "Reply-To: no-reply@crosswayprinting.ga\r\n";
1240. $headers .= "Return-Path: no-reply@crosswayprinting.ga\r\n";
1241. $headers .= "MIME-Version: 1.0\r\n";
1242. $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
1243. mail($email,$subject,$message,$headers);
1244.  
1245. /*require_once('mailer/class.phpmailer.php');
1246. $mail = new PHPMailer();
1247. $mail->IsSMTP();
1248. $mail->SMTPDebug = 0;
1249. $mail->SMTPAuth = true;
1250. $mail->SMTPSecure = "ssl";
1251. $mail->Host = "smtp.gmail.com";
1252. $mail->Port = 465;
1253. $mail->AddAddress($email);
1254. $mail->Username="crosswaytags42@gmail.com";
1255. $mail->Password="a1500m500";
1256. $mail->SetFrom('crosswaytags42@gmail.com','Crossway Printing');
1257. $mail->AddReplyTo("crosswaytags42@gmail.com","Crossway Printing");
1258. $mail->Subject = $subject;
1259. $mail->MsgHTML($message);
1260. $mail->Send();*/
1261. }
1262. }
1263. [/CODE]