Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- namespace Models\Database\User;
- class UserContainer {
- private $dbConnection;
- public function __construct($connection) {
- $this->dbConnection = $connection;
- }
- public function registerUser() {
- $validate = new \Controllers\ValidationController();
- // Check connection
- if ($this->dbConnection->connect_error) {
- die("Connection failed: " . $this->dbConnection->connect_error);
- }
- $p1 = mysqli_real_escape_string($this->dbConnection, $_POST['Password']);
- $p2 = mysqli_real_escape_string($this->dbConnection, $_POST['Password2']);
- if ($p1 == $p2) {
- $name = $validate->Sanitize_String($name);
- $name = mysqli_real_escape_string($this->dbConnection, $_POST['Name']);
- $surname = $validate->Sanitize_String($surname);
- $surname = mysqli_real_escape_string($this->dbConnection, $_POST['Surname']);
- $mail = $validate->Sanitize_Email($mail);
- $mail = mysqli_real_escape_string($this->dbConnection, $_POST['Email']);
- $pass = mysqli_real_escape_string($this->dbConnection, $_POST['Password']);
- $password_hash = password_hash($pass, PASSWORD_BCRYPT, array('cost' => 12));
- $sql = "INSERT INTO`ecomm_site`.`cus_customers` (`Name`, `Surname`, `Email Address`, `Password`) VALUES (\"" . $name . "\" , \"" . $surname . "\", \"" . $mail . "\", \"" . $password_hash . "\")";
- if ($result = $this->dbConnection->query($sql) === TRUE) {
- $newUserQuery = $this->dbConnection->query('Select ID from cus_customers where Name like \'' . $name . '\' LIMIT 1;');
- foreach ($newUserQuery as $user) {
- $_SESSION['user'] = $user['ID'];
- }
- } else {
- return FALSE;
- }
- //$conn->close();
- return TRUE;
- } else {
- include_once("Views/Errors/Errorpasswordmatch.php");
- }
- }
- public function loginSession($name, $pass) {
- // Check connection
- $validate = new \Controllers\ValidationController();
- if ($this->dbConnection->connect_error) {
- die("Connection failed: " . $this->dbConnection->connect_error);
- }
- // $name = $_POST['Username'];
- // $pass = $_POST['Password'];
- $name = $validate->Sanitize_String($name);
- //
- $sql = "SELECT * FROM cus_customers WHERE Name = \"" . $name . "\" LIMIT 1";
- //$sql = "SELECT ID FROM cus_customers WHERE Name LIKE \"".$name. "\" AND Password LIKE \"".$pass."\" LIMIT 1";
- $result = $this->dbConnection->query($sql);
- if ($result->num_rows > 0) {
- // output data of each row
- while ($row = $result->fetch_assoc()) {
- if (password_verify($pass, $row["Password"])) {
- //Store variable as usual
- //$sessid = $row["ID"];
- $_SESSION['user'] = $row['ID'];
- //$_SESSION['user'] = $name;
- } else {
- return false;
- }
- }
- //session_regenerate_id(TRUE);
- //$_SESSION['user'] = $_POST['Username'];
- } else {
- return FALSE;
- }
- // echo $sql;
- //$conn->close();
- return TRUE;
- }
- public function getSessionUser() {
- if ($this->dbConnection->connect_error) {
- die("Connection failed: " . $this->dbConnection->connect_error);
- }
- $sql = "SELECT * FROM cus_customers WHERE ID = \"" . $_SESSION['user'] . "\" LIMIT 1";
- $result = $this->dbConnection->query($sql);
- if ($result->num_rows > 0) {
- // output data of each row
- while ($row = $result->fetch_assoc()) {
- $Username = $row['Name'];
- }
- } else {
- return 'Account not found';
- }
- return $Username;
- }
- public function logout() {
- //$session->destroy(session_id());
- session_destroy();
- session_unset();
- echo '<script type="text/javascript">
- window.location = "Home"
- </script>';
- }
- }
Add Comment
Please, Sign In to add comment