Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include(__DIR__.'\config.php');
- class User{
- public $host = DB_HOST;
- public $user = DB_USER;
- public $pass = DB_PASSWORD;
- public $dbname = DB_DATABSE;
- // public $saltkey = SALT;
- // public $patsaltkey =PATSALT;
- public $conn;
- public $error;
- public function __construct(){
- $this->connect();
- }
- private function connect(){
- $this->conn = new mysqli($this->host, $this->user, $this->pass, $this->dbname);
- if(!$this->conn){
- $this->error = "Fatal Error: Can't connect to database".$this->conn->connect_error;
- return false;
- }
- }
- public function cleanInput($input) {
- $search = array(
- '@<script[^>]*?>.*?</script>@si', // Strip out javascript
- '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
- '@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
- '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
- );
- $output = preg_replace($search, '', $input);
- return $output;
- }
- public function sanitize($input) {
- if (is_array($input)) {
- foreach($input as $var=>$val) {
- $output[$var] = $this->sanitize($val);
- }
- }
- else {
- if (get_magic_quotes_gpc()) {
- $input = stripslashes($input);
- }
- $input = $this->cleanInput($input);
- $output =mysqli_real_escape_string($this->conn,$input);
- //$output = $input;
- }
- return $output;
- }
- public function admin()
- {
- $error ="";
- $email = isset($_POST['email'])? trim(strip_tags($_POST['email'])):'';
- $password = isset($_POST['password'])?trim(strip_tags($_POST['password'])):'';
- $error = $this->validatelogin($email,$password);
- if($error){
- header("location:../index.php?err=$error");exit;
- }else{
- $user_check = $this->checkUser($email, $password);
- if($user_check['status']=="error"){
- $error = 3;
- header("location:../index.php?err=$error");exit;
- }else{
- $user_details = $this->login($email, $password);
- //echo "<pre>"; var_dump($user_details);exit;
- //login
- $_SESSION['login'] = true;
- $_SESSION['uid'] = $user_details['result']->id;
- header("location:../dashboard.php");
- }
- }
- }
- // Check if username/password is incorrect
- public function checkUser($username, $password) {
- try {
- $query = "SELECT * FROM admin_users WHERE uname = '".$username."' and password = '".$password."' and isActive=1";
- $result = $this->conn->query($query);
- if(!$result) {
- throw new exception("Error in query!");
- }
- $count = $result->num_rows;
- if($count == 0) {
- throw new exception("Username/Password is incorrect.");
- }
- $data = array('status'=>'success', 'msg'=>"", 'result'=>'');
- } catch (Exception $e) {
- $data = array('status'=>'error', 'msg'=>$e->getMessage());
- } finally {
- return $data;
- }
- }
- // login function
- public function login($username, $password) {
- try {
- //$query = "SELECT * FROM tbl_clinic WHERE clinicEmail = '".$username."' and hash_password = '".$hashed_password."' and isActive=1";
- $query = "SELECT * FROM admin_users WHERE uname = '".$username."' and password = '".$password."' and isActive=1";
- $result = $this->conn->query($query);
- if(!$result) {
- throw new exception("Error in query!");
- }
- $resultSet =$result->fetch_object();
- $data = array('status'=>'success', 'msg'=>"User detail fetched successfully.", 'result'=>$resultSet);
- } catch (Exception $e) {
- $data = array('status'=>'error', 'msg'=>$e->getMessage());
- } finally {
- return $data;
- }
- }
- // Check if username/password is incorrect
- public function validatelogin($username, $password) {
- $err = "";
- if($username==""){
- $err = 1;
- }elseif($password==""){
- $err = 2;
- }
- return $err ;
- }
- public function adduser()
- {
- $input_array = array();
- $error ="";
- if(!empty($_POST))
- {
- //echo "<pre>"; print_r($_POST);
- $input_array['name'] = (isset($_POST['name']) && trim($_POST['name'])!='')?$this->sanitize($_POST['name']):'';
- $input_array['email'] =(isset($_POST['email']))?$this->sanitize($_POST['email']):'';
- if($input_array['name']==''){
- $error = "Please Enter Name";
- }
- if($input_array['email']==''){
- $error = "Please Enter Name";
- }
- $query = "SELECT * FROM user WHERE email = '".$input_array['email']."' ";
- $result = $this->conn->query($query);
- //var_dump($result);
- if($result->num_rows > 0)
- {
- $error ="Email is alredy exist";
- }
- if($error==""){
- $status = $this->add_new_user($input_array);
- if($status){
- $is_error =0;
- $error ="";
- }else{
- $is_error =1;
- $error = "Error in Insertion";
- }
- }else{
- $is_error =1;
- }
- return json_encode(array("is_error"=>$is_error,"msg"=>$error));
- }
- }
- public function add_new_user($input) {
- try {
- $name = $input['name'];
- $email = $input['email'];
- $query = "INSERT INTO user(name,email)
- VALUES('".$name."','".$email."') ";
- $result = $this->conn->query($query);
- if(!$result) {
- throw new exception("Error in query!");
- }
- $status = 1;
- } catch (Exception $e) {
- $status = 0;
- } finally {
- return $status;
- }
- }
- public function userlist()
- {
- $query = "SELECT * FROM user";
- $result = $this->conn->query($query);
- return $result;
- }
- public function sendmail()
- {
- $input_array = array();
- $error ="";
- if(!empty($_POST))
- {
- //echo "<pre>"; print_r($_POST);
- $input_array['message'] =(isset($_POST['message']))?$_POST['message']:'';
- $input_array['users_email'] = (isset($_POST['users_email']))?$_POST['users_email']:'';
- /*if(isset($_POST['users_email'])) {
- $users_email = serialize($_POST['users_email']);
- $input_array['users_email'] = $this->sanitize($users_email);
- }else{
- $input_array['users_email'] = '';
- }*/
- if($input_array['users_email']==''){
- $error = "Please Enter Name";
- }
- if($input_array['message']==''){
- $error = "Please Enter Name";
- }
- if($error==""){
- $status = $this->newsletter($input_array);
- if($status){
- $is_error =0;
- $error ="";
- }else{
- $is_error =1;
- $error = "Error in Insertion";
- }
- }else{
- $is_error =1;
- }
- return json_encode(array("is_error"=>$is_error,"msg"=>$error));
- }
- }
- public function newsletter($input_array)
- {
- try {
- $users_emails = $input_array['users_email'];
- $from = 'admin@gmail.com';
- $subject = 'Newsletter';
- $message = "";
- $message.= $input_array['message'];
- $headers = 'MIME-Version: 1.0' . "\r\n";
- $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
- $headers .= 'From: <'.$from.'>' . "\r\n";
- $count = 1;
- foreach($users_emails as $users_email)
- {
- $to = $users_email;
- echo $to."<br>".$subject."<br>".$message."<br>".$headers."<br>";
- echo $mail = mail($to, $subject, $message, $headers);
- $count++;
- }
- die;
- /*$headers = "From: $from" . "\r\n" .
- "Reply-To: $from" . "\r\n" .
- "X-Mailer: PHP/" . phpversion();*/
- if(!$result) {
- throw new exception("Error in query!");
- }
- $status = 1;
- } catch (Exception $e) {
- $status = 0;
- } finally {
- return $status;
- }
- }
- }
- ?>
- /*************Session**************/
- session_start();
- if(!isset($_SESSION['login']) || (isset($_SESION['login']) && $_SESSION['login'] == 0)){
- header('Location: index.php');
- }
- $loginid = $_SESSION['uid'];
Add Comment
Please, Sign In to add comment