Guest User

Untitled

a guest
Dec 1st, 2017
394
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.74 KB | None | 0 0
  1. <?php
  2.  
  3. include(__DIR__.'\config.php');
  4.  
  5. class User{
  6.  
  7. public $host = DB_HOST;
  8. public $user = DB_USER;
  9. public $pass = DB_PASSWORD;
  10. public $dbname = DB_DATABSE;
  11. // public $saltkey = SALT;
  12. // public $patsaltkey =PATSALT;
  13. public $conn;
  14. public $error;
  15.  
  16. public function __construct(){
  17. $this->connect();
  18. }
  19.  
  20. private function connect(){
  21.  
  22. $this->conn = new mysqli($this->host, $this->user, $this->pass, $this->dbname);
  23. if(!$this->conn){
  24. $this->error = "Fatal Error: Can't connect to database".$this->conn->connect_error;
  25. return false;
  26. }
  27. }
  28.  
  29. public function cleanInput($input) {
  30.  
  31. $search = array(
  32. '@<script[^>]*?>.*?</script>@si', // Strip out javascript
  33. '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
  34. '@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
  35. '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
  36. );
  37.  
  38. $output = preg_replace($search, '', $input);
  39. return $output;
  40. }
  41.  
  42. public function sanitize($input) {
  43.  
  44.  
  45. if (is_array($input)) {
  46. foreach($input as $var=>$val) {
  47. $output[$var] = $this->sanitize($val);
  48. }
  49. }
  50. else {
  51. if (get_magic_quotes_gpc()) {
  52. $input = stripslashes($input);
  53. }
  54. $input = $this->cleanInput($input);
  55. $output =mysqli_real_escape_string($this->conn,$input);
  56. //$output = $input;
  57. }
  58.  
  59. return $output;
  60.  
  61.  
  62. }
  63.  
  64. public function admin()
  65. {
  66. $error ="";
  67.  
  68. $email = isset($_POST['email'])? trim(strip_tags($_POST['email'])):'';
  69. $password = isset($_POST['password'])?trim(strip_tags($_POST['password'])):'';
  70. $error = $this->validatelogin($email,$password);
  71. if($error){
  72. header("location:../index.php?err=$error");exit;
  73. }else{
  74.  
  75. $user_check = $this->checkUser($email, $password);
  76. if($user_check['status']=="error"){
  77. $error = 3;
  78. header("location:../index.php?err=$error");exit;
  79.  
  80. }else{
  81. $user_details = $this->login($email, $password);
  82. //echo "<pre>"; var_dump($user_details);exit;
  83. //login
  84. $_SESSION['login'] = true;
  85. $_SESSION['uid'] = $user_details['result']->id;
  86.  
  87.  
  88. header("location:../dashboard.php");
  89. }
  90.  
  91.  
  92.  
  93.  
  94. }
  95. }
  96.  
  97. // Check if username/password is incorrect
  98. public function checkUser($username, $password) {
  99.  
  100.  
  101. try {
  102.  
  103.  
  104. $query = "SELECT * FROM admin_users WHERE uname = '".$username."' and password = '".$password."' and isActive=1";
  105.  
  106. $result = $this->conn->query($query);
  107. if(!$result) {
  108. throw new exception("Error in query!");
  109. }
  110. $count = $result->num_rows;
  111. if($count == 0) {
  112. throw new exception("Username/Password is incorrect.");
  113. }
  114. $data = array('status'=>'success', 'msg'=>"", 'result'=>'');
  115. } catch (Exception $e) {
  116. $data = array('status'=>'error', 'msg'=>$e->getMessage());
  117. } finally {
  118. return $data;
  119. }
  120. }
  121. // login function
  122. public function login($username, $password) {
  123.  
  124.  
  125. try {
  126.  
  127. //$query = "SELECT * FROM tbl_clinic WHERE clinicEmail = '".$username."' and hash_password = '".$hashed_password."' and isActive=1";
  128. $query = "SELECT * FROM admin_users WHERE uname = '".$username."' and password = '".$password."' and isActive=1";
  129. $result = $this->conn->query($query);
  130. if(!$result) {
  131. throw new exception("Error in query!");
  132. }
  133. $resultSet =$result->fetch_object();
  134. $data = array('status'=>'success', 'msg'=>"User detail fetched successfully.", 'result'=>$resultSet);
  135.  
  136. } catch (Exception $e) {
  137. $data = array('status'=>'error', 'msg'=>$e->getMessage());
  138. } finally {
  139. return $data;
  140. }
  141. }
  142.  
  143. // Check if username/password is incorrect
  144. public function validatelogin($username, $password) {
  145. $err = "";
  146. if($username==""){
  147.  
  148. $err = 1;
  149.  
  150. }elseif($password==""){
  151.  
  152. $err = 2;
  153. }
  154.  
  155. return $err ;
  156. }
  157.  
  158. public function adduser()
  159. {
  160. $input_array = array();
  161. $error ="";
  162. if(!empty($_POST))
  163. {
  164. //echo "<pre>"; print_r($_POST);
  165.  
  166. $input_array['name'] = (isset($_POST['name']) && trim($_POST['name'])!='')?$this->sanitize($_POST['name']):'';
  167.  
  168. $input_array['email'] =(isset($_POST['email']))?$this->sanitize($_POST['email']):'';
  169.  
  170. if($input_array['name']==''){
  171. $error = "Please Enter Name";
  172. }
  173.  
  174. if($input_array['email']==''){
  175. $error = "Please Enter Name";
  176. }
  177.  
  178. $query = "SELECT * FROM user WHERE email = '".$input_array['email']."' ";
  179.  
  180. $result = $this->conn->query($query);
  181. //var_dump($result);
  182. if($result->num_rows > 0)
  183. {
  184. $error ="Email is alredy exist";
  185. }
  186.  
  187.  
  188.  
  189. if($error==""){
  190.  
  191. $status = $this->add_new_user($input_array);
  192. if($status){
  193. $is_error =0;
  194. $error ="";
  195.  
  196. }else{
  197. $is_error =1;
  198. $error = "Error in Insertion";
  199. }
  200.  
  201. }else{
  202.  
  203. $is_error =1;
  204. }
  205.  
  206. return json_encode(array("is_error"=>$is_error,"msg"=>$error));
  207. }
  208. }
  209.  
  210.  
  211. public function add_new_user($input) {
  212.  
  213.  
  214. try {
  215.  
  216. $name = $input['name'];
  217. $email = $input['email'];
  218.  
  219. $query = "INSERT INTO user(name,email)
  220. VALUES('".$name."','".$email."') ";
  221.  
  222. $result = $this->conn->query($query);
  223.  
  224.  
  225. if(!$result) {
  226. throw new exception("Error in query!");
  227. }
  228. $status = 1;
  229.  
  230. } catch (Exception $e) {
  231. $status = 0;
  232. } finally {
  233. return $status;
  234. }
  235.  
  236.  
  237. }
  238.  
  239. public function userlist()
  240. {
  241.  
  242. $query = "SELECT * FROM user";
  243. $result = $this->conn->query($query);
  244. return $result;
  245.  
  246.  
  247.  
  248. }
  249.  
  250. public function sendmail()
  251. {
  252.  
  253. $input_array = array();
  254. $error ="";
  255. if(!empty($_POST))
  256. {
  257. //echo "<pre>"; print_r($_POST);
  258.  
  259.  
  260.  
  261. $input_array['message'] =(isset($_POST['message']))?$_POST['message']:'';
  262. $input_array['users_email'] = (isset($_POST['users_email']))?$_POST['users_email']:'';
  263.  
  264. /*if(isset($_POST['users_email'])) {
  265. $users_email = serialize($_POST['users_email']);
  266. $input_array['users_email'] = $this->sanitize($users_email);
  267.  
  268. }else{
  269. $input_array['users_email'] = '';
  270. }*/
  271.  
  272. if($input_array['users_email']==''){
  273. $error = "Please Enter Name";
  274. }
  275.  
  276. if($input_array['message']==''){
  277. $error = "Please Enter Name";
  278. }
  279.  
  280. if($error==""){
  281.  
  282. $status = $this->newsletter($input_array);
  283. if($status){
  284. $is_error =0;
  285. $error ="";
  286.  
  287. }else{
  288. $is_error =1;
  289. $error = "Error in Insertion";
  290. }
  291.  
  292. }else{
  293.  
  294. $is_error =1;
  295. }
  296.  
  297. return json_encode(array("is_error"=>$is_error,"msg"=>$error));
  298.  
  299. }
  300.  
  301.  
  302. }
  303.  
  304. public function newsletter($input_array)
  305. {
  306. try {
  307. $users_emails = $input_array['users_email'];
  308. $from = 'admin@gmail.com';
  309. $subject = 'Newsletter';
  310. $message = "";
  311. $message.= $input_array['message'];
  312.  
  313. $headers = 'MIME-Version: 1.0' . "\r\n";
  314. $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
  315. $headers .= 'From: <'.$from.'>' . "\r\n";
  316. $count = 1;
  317. foreach($users_emails as $users_email)
  318. {
  319. $to = $users_email;
  320. echo $to."<br>".$subject."<br>".$message."<br>".$headers."<br>";
  321. echo $mail = mail($to, $subject, $message, $headers);
  322. $count++;
  323. }
  324. die;
  325.  
  326.  
  327.  
  328.  
  329.  
  330. /*$headers = "From: $from" . "\r\n" .
  331. "Reply-To: $from" . "\r\n" .
  332. "X-Mailer: PHP/" . phpversion();*/
  333.  
  334.  
  335.  
  336.  
  337. if(!$result) {
  338. throw new exception("Error in query!");
  339. }
  340. $status = 1;
  341.  
  342. } catch (Exception $e) {
  343. $status = 0;
  344. } finally {
  345. return $status;
  346. }
  347.  
  348. }
  349.  
  350.  
  351.  
  352.  
  353.  
  354.  
  355.  
  356.  
  357. }
  358.  
  359.  
  360. ?>
  361.  
  362.  
  363. /*************Session**************/
  364. session_start();
  365. if(!isset($_SESSION['login']) || (isset($_SESION['login']) && $_SESSION['login'] == 0)){
  366. header('Location: index.php');
  367. }
  368. $loginid = $_SESSION['uid'];
Add Comment
Please, Sign In to add comment