<?if(!isset($_SESSION)){ session_start();}function connectToDB(

1. <?
2.  
3. if(!isset($_SESSION))
4. {
5. session_start();
6. }
7.  
8. function connectToDB($usr, $pw, $server_name, $db_name)
9. {
10. // Create connection
11. $conn = mysqli_connect($server_name, $usr, $pw);
12.  
13. // Check connection
14. if (!$conn) {
15. return(mysqli_connect_error());
16. }
17.  
18. mysqli_select_db($conn, $db_name);
19. return $conn;
20.  
21. }
22.  
23.  
24.  
25.  
26.  
27.  
28. //
29. //
30. /* GENERAL GET AND SET FUNCTIONS */
31. //
32. //
33.  
34.  
35. //fetch all the user IDs
36. function fetchAllAccounts(){
37. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
38. $query = "SELECT account_id FROM users";
39. $user_id = $db_token->query($query);
40.  
41. $user_array = array();
42.  
43. while($row = $user_id->fetch_row())
44. array_push($user_array, $row);
45.  
46. return $user_array;
47.  
48. }
49.  
50. //Fetch a username from an email
51. function fetchUsername($email)
52. {
53. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
54. $query = "SELECT username FROM users WHERE email = '$email'";
55. $username = $db_token->query($query);
56. $results = mysqli_fetch_array($username, MYSQLI_NUM);
57.  
58. return $results[0];
59.  
60. }
61.  
62. //Check if the user id is for an administrator
63. function isAdmin($id)
64. {
65. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
66. $query = "SELECT COUNT(*) FROM users WHERE id = '$id' AND is_admin = '1'";
67. $results = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
68.  
69. return $results;
70. }
71.  
72. //fetch an email address from an account ID
73. function getEmailFromAccountID($account_id){
74. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
75. $query = "SELECT user_id FROM accounts WHERE acct_id='$account_id'";
76. $user_id = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
77.  
78. $query = "SELECT email FROM users WHERE id='$user_id'";
79. $email = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
80.  
81. return $email;
82. }
83.  
84. //Fetch an account ID from a user ID
85. function fetchAccountID($user_id){
86. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
87. $query = "SELECT acct_id FROM accounts WHERE user_id='$user_id'";
88. $account_id = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
89.  
90. return $account_id;
91. }
92.  
93.  
94. //Gets balance from accounts based on the username
95. function getBalance($email)
96. {
97. $username = fetchUsername($email);
98. $id = fetchID($username);
99. $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
100. $query = "SELECT balance FROM accounts WHERE user_id = '$id'";
101. $result = mysqli_query($token, $query);
102.  
103. if($result != FALSE)
104. {
105. $row = $result->fetch_assoc();
106. $balance = $row['balance'];
107. return $balance;
108. }
109. else
110. return "Error: ".mysqli_error($token);
111.  
112.  
113. }
114.  
115. //Fetch user ID from username function
116. function fetchID($username)
117. {
118.  
119. $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
120.  
121. $query = "SELECT id FROM users WHERE username='$username'";
122.  
123. $result = $token->query($query);
124. //$result = $result->fetch_assoc();
125.  
126.  
127. if(!$result)
128. {
129. echo mysqli_error($result->fetch_assoc());
130. }
131.  
132. else
133. {
134. $result = $result->fetch_assoc();
135. $id = $result['id'];
136. return $id;
137. }
138.  
139.  
140. }
141.  
142.  
143.  
144.  
145.  
146. //
147. //
148. /* LOGIN AND REGISTER AND FORGOT PASSWORD FUNCTIONS */
149. //
150. //
151.  
152.  
153. // Takes in a username and registers the user, also creates a bank account
154. function registerAccount($username, $password, $email)
155. {
156. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
157.  
158. $query = "SELECT COUNT(*) FROM users WHERE email='$email'";
159. $results = $db_token->query($query);
160.  
161. $results = mysqli_fetch_array($results,MYSQLI_NUM);
162.  
163. $password = md5($password);
164.  
165.  
166. if($results[0] == 0)
167. {
168. $query = "INSERT INTO users (password, username, is_admin, email, account_id) VALUES ('$password', '$username', '0', '$email', null)";
169. $db_token->query($query);
170.  
171. $query = "SELECT id FROM users WHERE email = '$email'";
172. $user_id = $db_token->query($query);
173. $user_id = mysqli_fetch_array($user_id,MYSQLI_NUM)[0];
174.  
175. $query = "INSERT INTO accounts (user_id, balance) VALUES ('$user_id', 0)";
176. $db_token->query($query);
177.  
178. $query = "SELECT acct_id FROM accounts WHERE user_id = '$user_id'";
179. $acct_id = $db_token->query($query);
180. $acct_id = mysqli_fetch_array($acct_id,MYSQLI_NUM)[0];
181.  
182. $query = "UPDATE users SET account_id = '$acct_id' WHERE id='$user_id'";
183. $db_token->query($query);
184.  
185. return mysqli_error($db_token);
186. }
187. else
188. {
189. return 1;
190. }
191.  
192. }
193.  
194.  
195. //login function
196. function login($email, $password)
197. {
198. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
199.  
200. $query = "SELECT * FROM users WHERE email='$email'";
201. $results = $db_token->query($query);
202.  
203. $results = mysqli_fetch_array($results,MYSQLI_NUM);
204.  
205.  
206. if($results == NULL)
207. {
208. return 2;
209. }
210. else if($results[1] == md5($password) && $results[4] == $email)
211. {
212. return 1; //good
213. }
214. else
215. {
216. echo $password;
217. echo md5(trim($password))." ".$email;
218. return 0; //not good
219. }
220. }
221.  
222.  
223. //send the user their new password if it got reset
224. function sendPassword($email)
225. {
226. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
227.  
228. $query = "SELECT * FROM users WHERE email='$email'";
229. $results = $db_token->query($query);
230.  
231. $results = mysqli_fetch_array($results,MYSQLI_NUM);
232.  
233. if($results != null)
234. return mail ( $email , "Password Reminder" , "Your password is ".$results[1] );
235. else
236. return 0;
237. }
238.  
239.  
240.  
241.  
242. //
243. //
244. /* ACCOUNT FUNCTIONS */
245. //
246. //
247.  
248. //Modify balance function
249. function modifyBalance($userID,$newBalance)
250. {
251. $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
252. $query = "UPDATE accounts SET balance=$newBalance WHERE user_id=$userID";
253. $balanceResult = mysqli_query($token, $query);
254.  
255.  
256. if(!$balanceResult)
257. {
258. echo "Error @ modifyBalance: ".mysqli_error($token);
259. }
260.  
261. return $balanceResult;
262.  
263. }
264.  
265. //Delete user function
266. function deleteUser($userID)
267. {
268. $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
269. $queryTwo = "DELETE FROM accounts WHERE user_id=$userID";
270. $queryThree = "DELETE FROM users WHERE id=$userID";
271.  
272. //May also need to add a query to delete the transfer history?
273. $resultTwo = mysqli_query($token,$queryTwo);
274.  
275. if(!$resultTwo)
276. {
277. echo "Error @ deleteUser: ".mysqli_error($token);
278. }
279.  
280. $resultThree = mysqli_query($token,$queryThree);
281.  
282. if(!$resultThree)
283. {
284. echo "Error @ deleteUser: ".mysqli_error($token);
285. }
286.  
287. else
288. {
289. return "Success";
290. }
291.  
292.  
293. }
294.  
295.  
296. //Add user function
297. function addUser($email,$password,$balance,$admin, $username)
298. {
299.  
300. $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
301.  
302. //Inserting new user into the users table
303. $queryOne = "INSERT INTO users(password,email,is_admin, username) VALUES('$password','$email',$admin, '$username')";
304. $resultOne = mysqli_query($token,$queryOne);
305.  
306. if(!$resultOne)
307. {
308. echo "Error @ deleteUser: ".mysqli_error($token);
309. }
310.  
311. //Inserting id and balance into te account table
312. $id = fetchID($username);
313.  
314. $queryTwo = "INSERT INTO accounts (user_id, balance) VALUES ($id, $balance)";
315. $resultTwo = mysqli_query($token,$queryTwo);
316.  
317. if(!$resultTwo)
318. {
319. echo "Error @ deleteUser: ".mysqli_error($token);
320. }
321.  
322. $acct_id = fetchAccountID($id);
323.  
324. $queryThree = "UPDATE users SET account_id = '$acct_id' WHERE id='$id'";
325. $resultThree = mysqli_query($token,$queryThree);
326.  
327. if(!$resultThree)
328. {
329. echo "Error @ deleteUser: ".mysqli_error($token);
330. }
331.  
332.  
333.  
334. else
335. {
336. //Do not return the id
337. return "$username has successfully been added!";
338. }
339. }
340.  
341.  
342.  
343.  
344.  
345.  
346.  
347. //
348. //
349. /* ADMIN PAGE FUNCTIONS */
350. //
351. //
352.  
353.  
354. //Fetches all of the user's information and displays it
355. function fetchUsers()
356. {
357.  
358. //Fetches the user id, username and balance to be displayed
359. $query = "SELECT user_id,username,balance FROM users JOIN accounts WHERE users.id = accounts.user_id;";
360.  
361. //If there is an error, it is probably here
362. $result = mysqli_query(connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm'), $query);
363.  
364.  
365. while($row = $result->fetch_assoc())
366. {
367. $userID = $row['user_id'];
368. $username = $row['username'];
369. $balance = $row['balance'];
370.  
371.  
372.  
373. //Printing out data in html form
374. if(1==1)
375. {
376. ?>
377.  
378. <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method='POST' class="accountHolder">
379.  
380.  
381. <fieldset class="form-group">
382. <label>Name of Account Holder: </label>
383. <p><?php echo $username; ?></p>
384.  
385. <label>Balance: </label>
386. <input type='text' id='balance' name='balance' placeholder="<?php echo $balance; ?>"/>
387.  
388. <!-- Every user has a different submit button name -->
389. <button class="btn btn-primary" type='submit' name='balanceChange<?php echo $userID?>'>Modify</button>
390.  
391.  
392. </fieldset>
393.  
394.  
395. <fieldset class="form-group">
396. <!-- Delete User button -->
397. <button class="btn btn-primary" type='submit' name='deleteUser<?php echo $userID?>'>Delete User</button>
398. </fieldset>
399. </form>
400.  
401. <?php
402. }
403.  
404. //If the balance change button is pressed
405. if(isset($_POST["balanceChange$userID"]))
406. {
407. $newBalance = $_POST["balance"];
408. $bbb = modifyBalance($userID,$newBalance);
409. if($bbb)
410. echo "Successfully changed the salary to $newBalance!<br>";
411. }
412.  
413. if(isset($_POST["deleteUser$userID"]))
414. {
415.  
416. $ccc = deleteUser($userID);
417. if($ccc)
418. echo "Successfully deleted user $username!<br>";
419. header("Location: admin.php");
420. }
421.  
422. }
423.  
424.  
425. }
426.  
427.  
428.  
429.  
430.  
431.  
432.  
433. //
434. //
435. /* TRANSFER FUNCTIONS */
436. //
437. //
438.  
439.  
440. //Update the balance of a user for transaction
441. function updateBalance($user,$newBal)
442. {
443. $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
444. $query = "UPDATE accounts SET balance='$newBal' WHERE user_id='$user'";
445. $balResult = mysqli_query($token, $query);
446.  
447. //incase the balance cannot be updated
448. if(!$balResult)
449. {
450. echo "Error @ updateBalance: ".mysqli_error($token);
451. }
452. //return the results
453. return $balResult;
454.  
455. }
456.  
457.  
458. function logTransfer($to, $from, $amount)
459. {
460. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
461. $query = "INSERT INTO transfers (user_id, to_acct, amount) VALUES ('$from', '$to', '$amount')";
462. $db_token->query($query);
463.  
464. return mysqli_error($db_token);
465. }
466.  
467.  
468.  
469.  
470.  
471.  
472. //
473. //
474. /* EDIT PASSWORD FUNCTION */
475. //
476. //
477.  
478. function changePassword($oldpw, $newpw){
479. $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
480. $email = $_SESSION['email'];
481.  
482. $query = "SELECT COUNT(*) FROM users WHERE email = '$email' AND password = '$oldpw'";
483. $results = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
484.  
485. if($results != 0)
486. {
487. $query = "UPDATE users SET password = '$newpw' WHERE email='$email'";
488. $db_token->query($query);
489.  
490. return mysqli_error($db_token);
491. }
492. else
493. {
494. return -1;
495. }
496.  
497. }
498.  
499.  
500.  
501.  
502. ?>