Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- if(!isset($_SESSION))
- {
- session_start();
- }
- function connectToDB($usr, $pw, $server_name, $db_name)
- {
- // Create connection
- $conn = mysqli_connect($server_name, $usr, $pw);
- // Check connection
- if (!$conn) {
- return(mysqli_connect_error());
- }
- mysqli_select_db($conn, $db_name);
- return $conn;
- }
- //
- //
- /* GENERAL GET AND SET FUNCTIONS */
- //
- //
- //fetch all the user IDs
- function fetchAllAccounts(){
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT account_id FROM users";
- $user_id = $db_token->query($query);
- $user_array = array();
- while($row = $user_id->fetch_row())
- array_push($user_array, $row);
- return $user_array;
- }
- //Fetch a username from an email
- function fetchUsername($email)
- {
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT username FROM users WHERE email = '$email'";
- $username = $db_token->query($query);
- $results = mysqli_fetch_array($username, MYSQLI_NUM);
- return $results[0];
- }
- //Check if the user id is for an administrator
- function isAdmin($id)
- {
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT COUNT(*) FROM users WHERE id = '$id' AND is_admin = '1'";
- $results = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
- return $results;
- }
- //fetch an email address from an account ID
- function getEmailFromAccountID($account_id){
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT user_id FROM accounts WHERE acct_id='$account_id'";
- $user_id = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
- $query = "SELECT email FROM users WHERE id='$user_id'";
- $email = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
- return $email;
- }
- //Fetch an account ID from a user ID
- function fetchAccountID($user_id){
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT acct_id FROM accounts WHERE user_id='$user_id'";
- $account_id = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
- return $account_id;
- }
- //Gets balance from accounts based on the username
- function getBalance($email)
- {
- $username = fetchUsername($email);
- $id = fetchID($username);
- $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT balance FROM accounts WHERE user_id = '$id'";
- $result = mysqli_query($token, $query);
- if($result != FALSE)
- {
- $row = $result->fetch_assoc();
- $balance = $row['balance'];
- return $balance;
- }
- else
- return "Error: ".mysqli_error($token);
- }
- //Fetch user ID from username function
- function fetchID($username)
- {
- $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT id FROM users WHERE username='$username'";
- $result = $token->query($query);
- //$result = $result->fetch_assoc();
- if(!$result)
- {
- echo mysqli_error($result->fetch_assoc());
- }
- else
- {
- $result = $result->fetch_assoc();
- $id = $result['id'];
- return $id;
- }
- }
- //
- //
- /* LOGIN AND REGISTER AND FORGOT PASSWORD FUNCTIONS */
- //
- //
- // Takes in a username and registers the user, also creates a bank account
- function registerAccount($username, $password, $email)
- {
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT COUNT(*) FROM users WHERE email='$email'";
- $results = $db_token->query($query);
- $results = mysqli_fetch_array($results,MYSQLI_NUM);
- $password = md5($password);
- if($results[0] == 0)
- {
- $query = "INSERT INTO users (password, username, is_admin, email, account_id) VALUES ('$password', '$username', '0', '$email', null)";
- $db_token->query($query);
- $query = "SELECT id FROM users WHERE email = '$email'";
- $user_id = $db_token->query($query);
- $user_id = mysqli_fetch_array($user_id,MYSQLI_NUM)[0];
- $query = "INSERT INTO accounts (user_id, balance) VALUES ('$user_id', 0)";
- $db_token->query($query);
- $query = "SELECT acct_id FROM accounts WHERE user_id = '$user_id'";
- $acct_id = $db_token->query($query);
- $acct_id = mysqli_fetch_array($acct_id,MYSQLI_NUM)[0];
- $query = "UPDATE users SET account_id = '$acct_id' WHERE id='$user_id'";
- $db_token->query($query);
- return mysqli_error($db_token);
- }
- else
- {
- return 1;
- }
- }
- //login function
- function login($email, $password)
- {
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT * FROM users WHERE email='$email'";
- $results = $db_token->query($query);
- $results = mysqli_fetch_array($results,MYSQLI_NUM);
- if($results == NULL)
- {
- return 2;
- }
- else if($results[1] == md5($password) && $results[4] == $email)
- {
- return 1; //good
- }
- else
- {
- echo $password;
- echo md5(trim($password))." ".$email;
- return 0; //not good
- }
- }
- //send the user their new password if it got reset
- function sendPassword($email)
- {
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "SELECT * FROM users WHERE email='$email'";
- $results = $db_token->query($query);
- $results = mysqli_fetch_array($results,MYSQLI_NUM);
- if($results != null)
- return mail ( $email , "Password Reminder" , "Your password is ".$results[1] );
- else
- return 0;
- }
- //
- //
- /* ACCOUNT FUNCTIONS */
- //
- //
- //Modify balance function
- function modifyBalance($userID,$newBalance)
- {
- $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "UPDATE accounts SET balance=$newBalance WHERE user_id=$userID";
- $balanceResult = mysqli_query($token, $query);
- if(!$balanceResult)
- {
- echo "Error @ modifyBalance: ".mysqli_error($token);
- }
- return $balanceResult;
- }
- //Delete user function
- function deleteUser($userID)
- {
- $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $queryTwo = "DELETE FROM accounts WHERE user_id=$userID";
- $queryThree = "DELETE FROM users WHERE id=$userID";
- //May also need to add a query to delete the transfer history?
- $resultTwo = mysqli_query($token,$queryTwo);
- if(!$resultTwo)
- {
- echo "Error @ deleteUser: ".mysqli_error($token);
- }
- $resultThree = mysqli_query($token,$queryThree);
- if(!$resultThree)
- {
- echo "Error @ deleteUser: ".mysqli_error($token);
- }
- else
- {
- return "Success";
- }
- }
- //Add user function
- function addUser($email,$password,$balance,$admin, $username)
- {
- $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- //Inserting new user into the users table
- $queryOne = "INSERT INTO users(password,email,is_admin, username) VALUES('$password','$email',$admin, '$username')";
- $resultOne = mysqli_query($token,$queryOne);
- if(!$resultOne)
- {
- echo "Error @ deleteUser: ".mysqli_error($token);
- }
- //Inserting id and balance into te account table
- $id = fetchID($username);
- $queryTwo = "INSERT INTO accounts (user_id, balance) VALUES ($id, $balance)";
- $resultTwo = mysqli_query($token,$queryTwo);
- if(!$resultTwo)
- {
- echo "Error @ deleteUser: ".mysqli_error($token);
- }
- $acct_id = fetchAccountID($id);
- $queryThree = "UPDATE users SET account_id = '$acct_id' WHERE id='$id'";
- $resultThree = mysqli_query($token,$queryThree);
- if(!$resultThree)
- {
- echo "Error @ deleteUser: ".mysqli_error($token);
- }
- else
- {
- //Do not return the id
- return "$username has successfully been added!";
- }
- }
- //
- //
- /* ADMIN PAGE FUNCTIONS */
- //
- //
- //Fetches all of the user's information and displays it
- function fetchUsers()
- {
- //Fetches the user id, username and balance to be displayed
- $query = "SELECT user_id,username,balance FROM users JOIN accounts WHERE users.id = accounts.user_id;";
- //If there is an error, it is probably here
- $result = mysqli_query(connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm'), $query);
- while($row = $result->fetch_assoc())
- {
- $userID = $row['user_id'];
- $username = $row['username'];
- $balance = $row['balance'];
- //Printing out data in html form
- if(1==1)
- {
- ?>
- <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method='POST' class="accountHolder">
- <fieldset class="form-group">
- <label>Name of Account Holder: </label>
- <p><?php echo $username; ?></p>
- <label>Balance: </label>
- <input type='text' id='balance' name='balance' placeholder="<?php echo $balance; ?>"/>
- <!-- Every user has a different submit button name -->
- <button class="btn btn-primary" type='submit' name='balanceChange<?php echo $userID?>'>Modify</button>
- </fieldset>
- <fieldset class="form-group">
- <!-- Delete User button -->
- <button class="btn btn-primary" type='submit' name='deleteUser<?php echo $userID?>'>Delete User</button>
- </fieldset>
- </form>
- <?php
- }
- //If the balance change button is pressed
- if(isset($_POST["balanceChange$userID"]))
- {
- $newBalance = $_POST["balance"];
- $bbb = modifyBalance($userID,$newBalance);
- if($bbb)
- echo "Successfully changed the salary to $newBalance!<br>";
- }
- if(isset($_POST["deleteUser$userID"]))
- {
- $ccc = deleteUser($userID);
- if($ccc)
- echo "Successfully deleted user $username!<br>";
- header("Location: admin.php");
- }
- }
- }
- //
- //
- /* TRANSFER FUNCTIONS */
- //
- //
- //Update the balance of a user for transaction
- function updateBalance($user,$newBal)
- {
- $token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "UPDATE accounts SET balance='$newBal' WHERE user_id='$user'";
- $balResult = mysqli_query($token, $query);
- //incase the balance cannot be updated
- if(!$balResult)
- {
- echo "Error @ updateBalance: ".mysqli_error($token);
- }
- //return the results
- return $balResult;
- }
- function logTransfer($to, $from, $amount)
- {
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $query = "INSERT INTO transfers (user_id, to_acct, amount) VALUES ('$from', '$to', '$amount')";
- $db_token->query($query);
- return mysqli_error($db_token);
- }
- //
- //
- /* EDIT PASSWORD FUNCTION */
- //
- //
- function changePassword($oldpw, $newpw){
- $db_token = connectToDB('colinm', 'B00599161', 'db.cs.dal.ca', 'colinm');
- $email = $_SESSION['email'];
- $query = "SELECT COUNT(*) FROM users WHERE email = '$email' AND password = '$oldpw'";
- $results = mysqli_fetch_array($db_token->query($query), MYSQLI_NUM)[0];
- if($results != 0)
- {
- $query = "UPDATE users SET password = '$newpw' WHERE email='$email'";
- $db_token->query($query);
- return mysqli_error($db_token);
- }
- else
- {
- return -1;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement