Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- shop.php
- [CODE]
- <?php include("functions\uploadFunction.php"); ?>
- <?php if($user_home->is_logged_in()){ ?>
- <div class="row">
- <div class="col-lg-8 col-lg-offset-2">
- <h2 class="section-heading">Place an Order</h2>
- <div class="text-center" style="input, select, textarea{
- color: #000;
- }">
- </div><BR>
- <form role="form" class="userTrans" method="POST" enctype="multipart/form-data">
- <input type="hidden" value="OrderInsert" name="act_userTrans">
- <div class="form-group">
- <label for="text"> Customer ID</label>
- <input type="text" value=" <?php echo $row['userID'];?> " class="form-control" id="customerid" name="customerid" readonly >
- </div>
- <div class="form-group">
- <label for="text"> Customer Name</label>
- <input type="text" value=" <?php echo $row['userfirstName']; echo ' '; echo $row['userlastName']; ?> " class="form-control" id="customername" name="customername" readonly >
- </div>
- <div class="form-group">
- <label for="text"> Mailing Address</label>
- <input type="text" value=" <?php echo $row['userAddress']; ?> " class="form-control" id="customeraddress" name="customeraddress" readonly >
- <input type="hidden" value=" <?php date_default_timezone_set("Asia/Taipei"); echo date("Y-m-d h:i:s A"); ?> " class="form-control" id="dateandtimeorder" name="dateandtimeorder" readonly >
- </div>
- <script type="text/javascript">
- var a = new Array(150,240,360,50,50,50,80,60,50,50,50,50,60,50,55,56,50,70);
- </script>
- <div class="form-group">
- <label for="typeofservice">Select Type of Service</label>
- <select id="typeofservice" class="form-control" name="typeofservice" onchange="
- document.getElementById('price').value = parseFloat(a[this.selectedIndex]).toFixed(2);
- ">
- <option value="Tarpaulin2x3">Tarpaulin2x3</option>
- <option value="Tarpaulin2x3">Tarpaulin3x4</option>
- <option value="Tarpaulin2x3">Tarpaulin3x6</option>
- <option value="Package 1 Rush ID 2x2/1x1">Package 1 Rush ID 2x2/1x1</option>
- <option value="Package 2 Rush ID Passport and 1x1">Package 2 Rush ID Passport and 1x1</option>
- <option value="Package 3 Rush ID 1.x1.5 and 1x1">Package 3 Rush ID 1.x1.5 and 1x1</option>
- <option value="Package 4 2x2 passport and 1x1">Package 4 2x2 passport and 1x1</option>
- <option value="Graphic Layout">Grahpic Layout</option>.
- <option value="Photocopy">Photocopy</option>
- <option value="Panaflex">Panaflex</option>
- <option value="Signages">Signages</option>
- <option value="Stickers">Stickers</option>
- <option value="Sintra board">Sintra board</option>
- <option value="Large Format Photo">Large Format Photo</option>
- <option value="PVC ID">PVC ID</option>
- <option value="Lamination">Lamination</option>
- <option value="Bag Tags">Bag Tags</option>
- <option value="Notary Public">Notary Public</option>
- </select>
- </div>
- <div class="form-group">
- <label for="templateselect">Template Selection</label>
- <select id="templateselect" class="form-control" name="templateselect">
- <option value="Own Made Template">Own Made Template</option>
- <option value="Pre-made Template">Pre-made Template</option>
- </select>
- </div>
- <div class="form-group">
- <label for="delivery">Mode of Payment</label>
- <select id="delivery" class="form-control" name="delivery">
- <option value="Cash on Delivery">Cash on Delivery</option>
- <option value="Pickup">Pickup only</option>
- </select>
- </div>
- <div class="form-group">
- <label for="text">Price</label>
- <input type="text" class="form-control" id="price" name="price" readonly>
- </div>
- <div class="form-group">
- <label for="text">More details about your order</label>
- <input type="text" class="form-control" id="orderdetails" name="orderdetails">
- <br>
- </div>
- <!--
- <div class="form-group">
- <label for="image">Upload</label>
- <input type="file" class="form-control-file" id="image" name="image">
- <br>
- </div>
- -->
- <!--UPLOAD PART -->
- <br>
- <br>
- <button type="submit" name="upload" value="Upload Now" class="btn btn-default userTrans">Submit</button>
- </div>
- </div>
- <br><br>
- <!--TEMPLATES-->
- <div class="container-fluid">
- <div class="row no-gutter">
- <div class="col-lg-4 col-sm-6">
- <a href="http://www.freepptbackgrounds.net/wp-content/uploads/2013/11/Wedding-Concept-Powerpoint-Template-800x600.jpg" class="portfolio-box">
- <img src="http://www.freepptbackgrounds.net/wp-content/uploads/2013/11/Wedding-Concept-Powerpoint-Template-800x600.jpg" class="img-responsive" alt="">
- <div class="portfolio-box-caption">
- <div class="portfolio-box-caption-content">
- <div class="project-category text-faded">
- </div>
- <div class="project-name">
- Template 1
- </div>
- </div>
- </div>
- </a>
- </div>
- <div class="col-lg-4 col-sm-6">
- <a href="http://www.freepptbackgrounds.net/wp-content/uploads/2012/12/Colorful-Birthday-Balloons-PPT-Backgrounds-800x600.jpg" class="portfolio-box">
- <img src="http://www.freepptbackgrounds.net/wp-content/uploads/2012/12/Colorful-Birthday-Balloons-PPT-Backgrounds-800x600.jpg" class="img-responsive" alt="">
- <div class="portfolio-box-caption">
- <div class="portfolio-box-caption-content">
- <div class="project-category text-faded">
- </div>
- <div class="project-name">
- Template 2
- </div>
- </div>
- </div>
- </a>
- </div>
- <div class="col-lg-4 col-sm-6">
- <a href="http://images.sharefaith.com/images/3/1274207732381_2859/slide-42.jpg" class="portfolio-box">
- <img src="http://images.sharefaith.com/images/3/1274207732381_2859/slide-42.jpg" class="img-responsive" alt="">
- <div class="portfolio-box-caption">
- <div class="portfolio-box-caption-content">
- <div class="project-category text-faded">
- </div>
- <div class="project-name">
- Template 3
- </div>
- </div>
- </div>
- </a>
- </div>
- <div class="col-lg-4 col-sm-6">
- <a href="http://newkilpatrickblog.typepad.com/files/doveblank.jpg" class="portfolio-box">
- <img src="http://newkilpatrickblog.typepad.com/files/doveblank.jpg" class="img-responsive" alt="">
- <div class="portfolio-box-caption">
- <div class="portfolio-box-caption-content">
- <div class="project-category text-faded">
- </div>
- <div class="project-name">
- Template 4
- </div>
- </div>
- </div>
- </a>
- </div>
- <div class="col-lg-4 col-sm-6">
- <a href="http://www.freepptbackgrounds.net/wp-content/uploads/2013/11/Happy-New-Year-PPT-Backgrounds-800x600.jpg" class="portfolio-box">
- <img src="http://www.freepptbackgrounds.net/wp-content/uploads/2013/11/Happy-New-Year-PPT-Backgrounds-800x600.jpg" class="img-responsive" alt="">
- <div class="portfolio-box-caption">
- <div class="portfolio-box-caption-content">
- <div class="project-category text-faded">
- </div>
- <div class="project-name">
- Template 5
- </div>
- </div>
- </div>
- </a>
- </div>
- <div class="col-lg-4 col-sm-6">
- <a href="http://www.freepptbackgrounds.net/wp-content/uploads/2013/12/Xmas-Snows-PPT-Backgrounds-800x600.jpg" class="portfolio-box">
- <img src="http://www.freepptbackgrounds.net/wp-content/uploads/2013/12/Xmas-Snows-PPT-Backgrounds-800x600.jpg" class="img-responsive" alt="">
- <div class="portfolio-box-caption">
- <div class="portfolio-box-caption-content">
- <div class="project-category text-faded">
- </div>
- <div class="project-name">
- Template 6
- </div>
- </div>
- </div>
- </a>
- </div>
- </form>
- <div>
- </div>
- <?php } else { ?>
- <!-- Do not use center tags when you're using bootstrap framework -->
- <!--<center> Please Login to Place an Order </center>-->
- <div class="text-center"> Please Login to Place an Order </div>
- <?php } ?>
- [/CODE]
- userTrans.php
- [CODE]<?php
- error_reporting(E_ALL ^E_NOTICE ^E_WARNING);
- session_start();
- require_once 'includes/class.user.php';
- $user_home = new USER();
- if($user_home->is_logged_in()){
- $stmt = $user_home->runQuery("SELECT * FROM tbl_users WHERE userID=:uid");
- $stmt->execute(array(":uid"=>$_SESSION['userSession']));
- $row = $stmt->fetch(PDO::FETCH_ASSOC);
- }
- //JSON Transactions to-do
- function response($status,$text,$refresh=0,$link="none") {
- $status = array(
- 'status' => $status,
- 'text' => $text,
- 'refresh' => $refresh,
- 'link' => $link
- // echo response (status,text,refresh,link)
- );
- return json_encode($status);
- }
- $activity = $_POST[act_userTrans];
- if (isset($activity)){
- if(!$user_home->is_logged_in()){
- //Beyond this line lies functions that only work when not logged in.
- if( $activity == "login" )
- {
- $email = trim($_POST['txtemail']);
- $upass = trim($_POST['txtupass']);
- $login = $user_home->login($email,$upass);
- if($login[status]==1)
- {
- //$user_home->redirect('index.php');
- echo response(1,'Login Success, redirecting....',1);
- }else
- {
- echo response(0,''.$login[msg].'',0);
- }
- }
- if( $activity == "register")
- {
- require_once( __DIR__ . '/functions/CaptchasDotNet.php');
- // See query.php for documentation
- $captchas = new CaptchasDotNet ('demo', 'secret',
- '/tmp/captchasnet-random-strings','3600',
- 'abcdefghkmnopqrstuvwxyz','6',
- '240','80','000088');
- // Read the form values
- $message = $_REQUEST['message'];
- $captcha = $_REQUEST['captcha'];
- $random_string = $_REQUEST['random'];
- $cap = $captchas->verify ($captcha);
- //echo response(0,$captchas->verify ($captcha),0);
- //exit();
- // Check the random string to be valid and return an error message
- // otherwise.
- if (!$captchas->validate ($random_string))
- {
- $a = 'The session key (random) does not exist, please go back and reload form.<br/>
- In case you are the administrator of this page,
- please check if random keys are stored correct.<br/>
- See http://captchas.net/sample/php/ "Problems with save mode"';
- echo response(0,$a,0);
- }
- // Check, that the right CAPTCHA password has been entered and
- // return an error message otherwise.
- elseif (!$cap)
- {
- echo response(0, 'You entered the wrong password. Aren\'t you human? Please use back button and reload.',0);
- }
- // Return a success message
- else
- {
- //echo 'Your message was verified to be entered by a human and is "' . $message . '"';
- $uname = trim($_POST['txtuname']);
- $email = trim($_POST['txtemail']);
- $upass = trim($_POST['txtpass']);
- $code = md5(uniqid(rand()));
- $ufname = trim($_POST['txtufirstname']);
- $ulname = trim($_POST['txtulastname']);
- $umname = trim($_POST['txtumiddlename']);
- $uaddress = trim($_POST['txtuseraddress']);
- $usquestion = trim($_POST['txtusecretquestion']);
- $usanswer = trim($_POST['txtusecretanswer']);
- $ubirthdate = trim($_POST['txtuserbirthDate']);
- /* need NULL output errors*/
- $stmt = $user_home->runQuery("SELECT * FROM tbl_users WHERE userEmail=:email_id");
- $stmt->execute(array(":email_id"=>$email));
- $row = $stmt->fetch(PDO::FETCH_ASSOC);
- if($stmt->rowCount() > 0)
- {
- /*$msg = "
- <div class='alert alert-error'>
- <button class='close' data-dismiss='alert'>×</button>
- <strong>Sorry !</strong> email allready exists , Please Try another one
- </div>
- ";*/
- echo response(0,'Sorry! mail allready exists , Please Try another one',0);
- }
- else
- {
- if($user_home->register($uname,$email,$upass,$code,$ufname,$ulname,$umname,$uaddress,$usquestion,$usanswer,$ubirthdate))
- {
- $key = urlencode(base64_encode($uname));
- $message = "
- Hello $ufname,
- <br /><br />
- Welcome to Crossway Printing<br/>
- To complete your registration please , just click following link<br/>
- <br /><br />
- <a href='http://{$_SERVER[HTTP_HOST]}/?p=verify&id=$key&code=$code'>Click HERE to Activate :)</a>
- <br /><br />
- Thanks,";
- $subject = "Crossway Printing: Confirm Registration";
- $user_home->send_mail($email,$message,$subject);
- /*$msg = "
- <div class='alert alert-success'>
- <button class='close' data-dismiss='alert'>×</button>
- <strong>Success!</strong> We've sent an email to $email.
- Please click on the confirmation link in the email to create your account.
- </div>
- ";*/
- echo response(1,"Success! We've sent an email to $email. Please click on the confirmation link in the email to create your account.",0);
- }
- else
- {
- //echo "sorry , Query could no execute...";
- echo response(0,'Sorry! Query could not execute...',0);
- }
- }
- }
- }
- }else{
- //Beyond this line lies functions that only work when logged in.
- if($user_home->is_admin() || $user_home->is_auditor())
- {
- //Beyond this line lies functions that only works for admin OR auditor
- if($activity == "newsInsert")
- {
- $title = $_POST[title];
- $ctg = (int)$_POST[ctg];
- $content = $_POST[text2];
- if($user_home->newsInsert($_SESSION[userSession],$content,$ctg,$title))
- {
- echo response(1,'Inserting '.$title.' news, success!',0);
- }else{
- echo response(0,'Inserting '.$title.' news, failed!',0);
- }
- }
- if($activity == "newsUpdate")
- {
- $title = htmlspecialchars($_POST[title]);
- $id = (int)$_POST[id];
- $ctg = (int)$_POST[ctg];
- $content = $_POST[text2];
- if($user_home->newsUpdate($_SESSION[userSession],$title,$ctg,$content,$id))
- {
- echo response(1,'Updating '.$title.' news, success!',0);
- }else{
- echo response(0,'Updating '.$title.' news, failed!',0);
- }
- }
- if($activity=="newsDelete"){
- $id = (int)$_POST[id];
- $user_home->doDeleteNews($id);
- echo response(1,'News Deletion success!',1);
- }
- }
- }
- }
- if($user_home->is_admin() || $user_home->is_auditor())
- {
- //Beyond this line lies functions that only works for admin OR auditor
- if($activity == "iteminsert")
- {
- $itemname = $_POST[itemname];
- $itemcategory = (int)$_POST[itemcategory];
- $itemquantity = (int)$_POST[itemquantity];
- $ishidden = (int)$_POST[hidden];
- $itemprice = (int) $_POST[itemprice];
- if($user_home->itemInsert($_SESSION[userSession],$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice))
- {
- echo response(1,'Inserting '.$itemname.' item, success!',0);
- }else{
- echo response(0,'Inserting '.$itemname.' item, failed!',0);
- }
- }
- if($activity=="doDeleteItem"){
- $id = (int)$_POST[id];
- $user_home->doDeleteItem($id);
- echo response(1,'Item Deletion success!',1);
- }
- if($activity=="doUserUpdate"){
- $id = (int)$_POST[userID];
- $usertype = (int)$_POST[usertype];
- $user_home->doUserUpdate($id,$usertype);
- echo response(1,'Editing Success!!',1);
- }
- if($activity=="doStatusUpdate")
- {
- $id = (int)$_POST[orderID];
- $status = $_POST[Status];
- $user_home->doStatusUpdate($id,$status);
- echo response(1,'Editing Success!!',1);
- }
- if($activity == "itemUpdate")
- {
- $id = (int)$_POST[id];
- $itemname = $_POST[itemname];
- $itemcategory = (int)$_POST[itemcategory];
- $itemquantity = (int)$_POST[itemquantity];
- $ishidden = (int)$_POST[ishidden];
- $itemprice = (int) $_POST[itemprice];
- if($user_home->itemUpdate($_SESSION[userSession],$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice,$id))
- {
- echo response(1,'Updating '.$itemname.' item, success!',0);
- }else{
- echo response(0,'Updating '.$itemname.' item, failed!',0);
- }
- }
- }
- // ordering system na itot
- if($activity == "OrderInsert")
- {
- /*
- echo response(0,'<pre>' . print_r($_FILES, 1) . '</pre>',0);
- exit();
- $image_name = $_FILES['image']['name'];
- $image_type = $_FILES['image']['type'];
- $image_size = $_FILES['image']['size'];
- $image_tmp_name = $_FILES['image']['tmp_name'];
- if($image_name==''){
- echo response(1,'Please Select an Image',0);
- }
- else
- {
- move_uploaded_file($image_tmp_name,"photos/$image_name");
- }
- */
- $typeofservice = $_POST[typeofservice];
- $templateselect = $_POST[templateselect];
- $orderdetails = $_POST[orderdetails];
- $customername = $_POST[customername];
- $customeraddress = $_POST[customeraddress];
- $delivery = $_POST[delivery];
- $customerid = $_POST[customerid];
- $dateandtimeorder = $_POST[dateandtimeorder];
- $price = $_POST[price];
- $ishidden = (int)$_POST[hidden];
- if($user_home->orderInsert($_SESSION[userSession],$price,$dateandtimeorder,$customerid,$delivery,$customeraddress,$customername,$orderdetails,$templateselect,$typeofservice,$ishidden))
- {
- echo response(1,'Thank you for Ordering! '.$customername.' your order will be in pending status and awaiting for price adjustment!',0);
- }else{
- echo response(0,'Order Failed please contact in email or send us a ticket at helpdesk '.$typeofservice.' Status failed!',0);
- }
- }
- ?>[/CODE]
- class.user.php
- [CODE]<?php
- require_once 'dbconfig.php';
- class USER
- {
- private $conn;
- public function __construct()
- {
- $database = new Database();
- $db = $database->dbConnection();
- $this->conn = $db;
- }
- public function runQuery($sql)
- {
- $stmt = $this->conn->prepare($sql);
- return $stmt;
- }
- public function lasdID()
- {
- $stmt = $this->conn->lastInsertId();
- return $stmt;
- }
- function doCheckCaptchaResult($captcha,$ip){
- $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Ld0cQgTAAAAADvO9VpqOt02GYKZ3Efaa9ySv5__&response=".$captcha."&remoteip=".$ip);
- return $response.success;
- }
- public function register($uname,$email,$upass,$code,$ufname,$ulname,$umname,$uaddress,$usquestion,$usanswer,$ubirthdate)
- {
- try
- {
- $password = md5($upass);
- $stmt = $this->conn->prepare("INSERT INTO tbl_users(userName,userEmail,userPass,tokenCode,userfirstName,userlastName,usermiddleName,userAddress,usersecretQuestion,usersecretAnswer,userbirthDate)
- VALUES(:user_name, :user_mail, :user_pass, :active_code, :user_fname, :user_lname, :user_mname, :user_address, :user_secretquestion, :user_answer, :user_birthdate)");
- $stmt->bindparam(":user_name",$uname);
- $stmt->bindparam(":user_mail",$email);
- $stmt->bindparam(":user_pass",$password);
- $stmt->bindparam(":active_code",$code);
- $stmt->bindparam(":user_fname",$ufname);
- $stmt->bindparam(":user_lname",$ulname);
- $stmt->bindparam(":user_mname",$umname);
- $stmt->bindparam(":user_address",$uaddress);
- $stmt->bindparam(":user_secretquestion",$usquestion);
- $stmt->bindparam(":user_answer",$usanswer);
- $stmt->bindparam(":user_birthdate",$ubirthdate);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function newsInsert($authorUserNum,$content,$newsCtg,$title)
- {
- try
- {
- $stmt = $this->conn->prepare("INSERT INTO tbl_news(authorUserNum,content,newsCtg,title)
- VALUES(:author_UserNum, :topic_content, :news_Ctg, :topic_title)");
- $stmt->bindparam(":author_UserNum",$authorUserNum);
- $stmt->bindparam(":topic_content",$content);
- $stmt->bindparam(":news_Ctg",$newsCtg);
- $stmt->bindparam(":topic_title",$title);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function newsUpdate($usernum,$title,$ctg,$content,$id)
- {
- try
- {
- $stmt = $this->conn->prepare("UPDATE tbl_news SET content=:topic_content,newsCtg=:news_Ctg,title=:topic_title WHERE id=:id");
- $stmt->bindparam(":id",$id);
- $stmt->bindparam(":topic_content",$content);
- $stmt->bindparam(":news_Ctg",$newsCtg);
- $stmt->bindparam(":topic_title",$title);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function getNewsList()
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_news ORDER BY newsDate DESC");
- $stmt->execute();
- return $stmt;
- }
- public function getNewsDetail($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("SELECT * from tbl_news WHERE id=:id");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- public function getAuthor($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("SELECT userfirstName from tbl_users WHERE userID=:id ");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- foreach($stmt as $author){
- return $author->userfirstName;
- }
- //return $stmt;
- }
- public function doDeleteNews($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("DELETE from tbl_news WHERE id=:id");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- public function itemInsert($usersession,$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice)
- {
- try
- {
- $stmt = $this->conn->prepare("INSERT INTO tbl_product(ItemName,ItemCategory,ItemQuantity,isHidden,ItemPrice)
- VALUES(:itemname, :itemcategory, :itemquantity, :ishidden, :itemprice)");
- $stmt->bindparam(":itemname",$itemname);
- $stmt->bindparam(":itemcategory",$itemcategory);
- $stmt->bindparam(":itemquantity",$itemquantity);
- $stmt->bindparam(":ishidden",$ishidden);
- $stmt->bindparam(":itemprice",$itemprice);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function getItemList($search="")
- {
- if($search==""){
- $stmt = $this->conn->prepare("SELECT * from tbl_product ORDER BY ItemQuantity ASC, ItemID DESC");
- $stmt->execute();
- }else{
- $search = "%$search%";
- $stmt = $this->conn->prepare("SELECT * from tbl_product WHERE ItemName LIKE :search");
- $stmt->bindparam(":search",$search);
- $stmt->execute();
- }
- return $stmt;
- }
- public function itemUpdate($usersession,$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice,$id)//transform to item again, wait may asikasuhin ako saglit sa database, nagcrash e okss
- {
- try
- {
- $stmt = $this->conn->prepare("UPDATE tbl_product SET ItemName=:itemname,ItemCategory=:itemcategory,ItemQuantity=:itemquantity,isHidden=:ishidden, ItemPrice=:itemprice WHERE ItemID=:id");
- $stmt->bindparam(":itemname",$itemname);
- $stmt->bindparam(":itemcategory",$itemcategory);
- $stmt->bindparam(":itemquantity",$itemquantity);
- $stmt->bindparam(":ishidden",$ishidden);
- $stmt->bindparam(":itemprice",$itemprice);
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function getCategory($ctg){
- switch($ctg)
- {
- case 0: return "Tarpaulin"; break;
- case 1: return "Rush ID"; break;
- case 2: return "Photocopy"; break;
- case 3: return "Graphic Layout"; break;
- case 4: return "Invitation"; break;
- case 5: return "Panaflex"; break;
- case 6: return "Signages"; break;
- case 7: return "Stickers"; break;
- case 8: return "Sintra board"; break;
- case 9: return "Large Format Photo"; break;
- case 10: return "PVC ID"; break;
- case 11: return "Lamination"; break;
- case 12: return "Bag Tags"; break;
- case 13: return "Notary Public"; break;
- case 14: return "Scan"; break;
- default: return "Tarpaulin";
- }
- }
- public function getItemDetail($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("SELECT * from tbl_product WHERE ItemID=:id");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- public function doDeleteItem($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("DELETE from tbl_product WHERE ItemID=:id");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- public function login($email,$upass)
- {
- try
- {
- $stmt = $this->conn->prepare("SELECT * FROM tbl_users WHERE userEmail=:email_id");
- $stmt->execute(array(":email_id"=>$email));
- $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
- if($stmt->rowCount() == 1)
- {
- if($userRow['userStatus']=="Y")
- {
- if($userRow['userPass']==md5($upass))
- {
- $_SESSION['userSession'] = $userRow['userID'];
- $_SESSION['usertype'] = $userRow['usertype'];
- $result = array (
- 'status' => 1,
- 'msg' => 'Login Success'
- );
- return $result;
- }
- else
- {
- $result = array (
- 'status' => 0,
- 'msg' => 'Password Incorrect'
- );
- return $result;
- }
- }
- else
- {
- $result = array (
- 'status' => 0,
- 'msg' => 'Account Inactive'
- );
- return $result;
- }
- }
- else
- {
- $result = array (
- 'status' => 0,
- 'msg' => 'Account Not Found'
- );
- return $result;
- }
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function is_logged_in()
- {
- if(isset($_SESSION['userSession']))
- {
- return true;
- }
- }
- public function is_admin()
- {
- if(isset($_SESSION['usertype']))
- {
- if($_SESSION['usertype']==1)return true;
- else return false;
- }
- }
- public function is_auditor()
- {
- if(isset($_SESSION['usertype']))
- {
- if($_SESSION['usertype']==2)return true;
- else return false;
- }
- }
- public function is_member()
- {
- if(isset($_SESSION['usertype']))
- {
- if($_SESSION['usertype']==0)return true;
- else return false;
- }
- }
- public function getUserList($search="")
- {
- if($search==""){
- $stmt = $this->conn->prepare("SELECT * from tbl_users ORDER BY userID DESC");
- }else{
- $search = "%$search%";
- $stmt = $this->conn->prepare("SELECT * from tbl_users WHERE userfirstName LIKE :search");
- $stmt->bindparam(":search",$search);
- $stmt->execute();
- }
- $stmt->execute();
- return $stmt;
- }
- public function getUserInfo($userid)
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_users WHERE UserID=:userid");
- $stmt->bindparam(":userid",$userid);
- $stmt->execute();
- return $stmt;
- }
- public function getStatusInfo($orderid)
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE orderID=:orderid");
- $stmt->bindparam(":orderid",$orderid);
- $stmt->execute();
- return $stmt;
- }
- public function getOrderInfo($userid)
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE orderID=:orderid");
- $stmt->bindparam(":orderid",$orderid);
- $stmt->execute();
- return $stmt;
- }
- public function doUserUpdate($usernum,$usertype)
- {
- try
- {
- $stmt = $this->conn->prepare("UPDATE tbl_users SET usertype=:usertype WHERE userID=:id");
- $stmt->bindparam(":id",$usernum);
- $stmt->bindparam(":usertype",$usertype);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function doStatusUpdate($ordernum,$status)
- {
- try
- {
- $stmt = $this->conn->prepare("UPDATE tbl_orderlist SET Status=:status WHERE orderID=:id");
- $stmt->bindparam(":id",$ordernum);
- $stmt->bindparam(":status",$status);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function OrderInsert($usersession,$price,$dateandtimeorder,$customerid,$delivery,$customeraddress,$customername,$orderdetails,$templateselect,$typeofservice,$ishidden)
- {
- try
- {
- $stmt = $this->conn->prepare("INSERT INTO tbl_orderlist(TypeofService,TemplateSelect,OrderDetails,CustomerName,CustomerAddress,Delivery,CustomerID,DateandTimeOrder,Price,IsHidden)
- VALUES(:typeofservice, :templateselect, :orderdetails, :customername, :customeraddress, :delivery, :customerid, :dateandtimeorder, :price, :ishidden)");
- $stmt->bindparam(":typeofservice",$typeofservice);
- $stmt->bindparam(":templateselect",$templateselect);
- $stmt->bindparam(":orderdetails",$orderdetails);
- $stmt->bindparam(":customername",$customername);
- $stmt->bindparam(":customeraddress",$customeraddress);
- $stmt->bindparam(":delivery",$delivery);
- $stmt->bindparam(":customerid",$customerid);
- $stmt->bindparam(":dateandtimeorder",$dateandtimeorder);
- $stmt->bindparam(":price",$price);
- $stmt->bindparam(":ishidden",$ishidden);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function getOrderList() {
- if ( ! empty( $_SESSION['userSession'] ) ) {
- $values = array( ":uid" => $_SESSION['userSession'] );
- $stmt = $this->conn->prepare("SELECT * FROM tbl_orderlist WHERE CustomerID = :uid");
- $stmt->execute($values);
- $row = $stmt->fetchAll();
- // Uncomment this to debug
- // echo "<pre>";
- // print_r( $row );
- // echo "<pre>";
- //echo "Customer ID: " . $_SESSION['userSession'];
- //print_r( $row );
- return $row;
- }
- }
- public function getTotalOrderList()
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist ORDER BY orderID DESC");
- $stmt->execute();
- return $stmt;
- echo "<pre>";
- print_r( $row );
- }
- public function getPendingList()
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE status = 'Pending' ORDER BY orderID DESC");
- $stmt->execute();
- return $stmt;
- echo "<pre>";
- print_r( $row );
- }
- public function getClaimedList()
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE status = 'Claimed' ORDER BY orderID DESC");
- $stmt->execute();
- return $stmt;
- echo "<pre>";
- print_r( $row );
- }
- public function gettotalsales()
- {
- $stmt = $this->conn->prepare("Select sum(Price) From tbl_orderlist");
- $stmt->execute();
- return $stmt;
- }
- public function getAllSales()
- {
- $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist");
- $stmt->execute();
- $result = $stmt->fetch();
- return $result;
- }
- public function getallClaimedlist()
- {
- $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist WHERE status = 'Claimed'");
- $stmt->execute();
- $result = $stmt->fetch();
- return $result;
- }
- public function getallPendinglist()
- {
- $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist WHERE status = 'Pending'");
- $stmt->execute();
- $result = $stmt->fetch();
- return $result;
- }
- /*
- public function orderInsert($servicetype,$templateselection,$orderdetails)
- {
- try
- {
- $stmt = $this->conn->prepare("INSERT INTO tbl_order(TypeofService,TemplateSelect,orderdetails)
- VALUES(:Service_Type, :Template_Select, :order_details)");
- $stmt->bindparam(":Service_Type",$servicetype);
- $stmt->bindparam(":Template_Select",$templateselection);
- $stmt->bindparam(":order_details",$orderdetails);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- */
- public function redirect($url)
- {
- header("Location: $url");
- }
- public function logout()
- {
- session_destroy();
- $_SESSION['userSession'] = false;
- }
- function send_mail($email,$message,$subject)
- {
- $headers = "From: no-reply@crosswayprinting.ga\r\n";
- $headers .= "Reply-To: no-reply@crosswayprinting.ga\r\n";
- $headers .= "Return-Path: no-reply@crosswayprinting.ga\r\n";
- $headers .= "MIME-Version: 1.0\r\n";
- $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
- mail($email,$subject,$message,$headers);
- /*require_once('mailer/class.phpmailer.php');
- $mail = new PHPMailer();
- $mail->IsSMTP();
- $mail->SMTPDebug = 0;
- $mail->SMTPAuth = true;
- $mail->SMTPSecure = "ssl";
- $mail->Host = "smtp.gmail.com";
- $mail->Port = 465;
- $mail->AddAddress($email);
- $mail->Username="crosswaytags42@gmail.com";
- $mail->Password="a1500m500";
- $mail->SetFrom('crosswaytags42@gmail.com','Crossway Printing');
- $mail->AddReplyTo("crosswaytags42@gmail.com","Crossway Printing");
- $mail->Subject = $subject;
- $mail->MsgHTML($message);
- $mail->Send();*/
- }
- }
- [/CODE]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement