<?phpnamespace Models\Database\User;class UserContainer { private

1. <?php
2.  
3. namespace Models\Database\User;
4.  
5. class UserContainer {
6.  
7. private $dbConnection;
8.  
9. public function __construct($connection) {
10. $this->dbConnection = $connection;
11. }
12.  
13. public function registerUser() {
14. $validate = new \Controllers\ValidationController();
15. // Check connection
16. if ($this->dbConnection->connect_error) {
17. die("Connection failed: " . $this->dbConnection->connect_error);
18. }
19. $p1 = mysqli_real_escape_string($this->dbConnection, $_POST['Password']);
20. $p2 = mysqli_real_escape_string($this->dbConnection, $_POST['Password2']);
21.  
22. if ($p1 == $p2) {
23. $name = $validate->Sanitize_String($name);
24. $name = mysqli_real_escape_string($this->dbConnection, $_POST['Name']);
25. $surname = $validate->Sanitize_String($surname);
26. $surname = mysqli_real_escape_string($this->dbConnection, $_POST['Surname']);
27. $mail = $validate->Sanitize_Email($mail);
28. $mail = mysqli_real_escape_string($this->dbConnection, $_POST['Email']);
29. $pass = mysqli_real_escape_string($this->dbConnection, $_POST['Password']);
30.  
31.  
32. $password_hash = password_hash($pass, PASSWORD_BCRYPT, array('cost' => 12));
33.  
34.  
35. $sql = "INSERT INTO`ecomm_site`.`cus_customers` (`Name`, `Surname`, `Email Address`, `Password`) VALUES (\"" . $name . "\" , \"" . $surname . "\", \"" . $mail . "\", \"" . $password_hash . "\")";
36.  
37. if ($result = $this->dbConnection->query($sql) === TRUE) {
38.  
39. $newUserQuery = $this->dbConnection->query('Select ID from cus_customers where Name like \'' . $name . '\' LIMIT 1;');
40.  
41. foreach ($newUserQuery as $user) {
42. $_SESSION['user'] = $user['ID'];
43. }
44. } else {
45. return FALSE;
46. }
47. //$conn->close();
48. return TRUE;
49. } else {
50. include_once("Views/Errors/Errorpasswordmatch.php");
51. }
52. }
53.  
54. public function loginSession($name, $pass) {
55. // Check connection
56. $validate = new \Controllers\ValidationController();
57. if ($this->dbConnection->connect_error) {
58. die("Connection failed: " . $this->dbConnection->connect_error);
59. }
60. // $name = $_POST['Username'];
61. // $pass = $_POST['Password'];
62. $name = $validate->Sanitize_String($name);
63.  
64. //
65.  
66.  
67. $sql = "SELECT * FROM cus_customers WHERE Name = \"" . $name . "\" LIMIT 1";
68.  
69. //$sql = "SELECT ID FROM cus_customers WHERE Name LIKE \"".$name. "\" AND Password LIKE \"".$pass."\" LIMIT 1";
70.  
71. $result = $this->dbConnection->query($sql);
72.  
73. if ($result->num_rows > 0) {
74. // output data of each row
75. while ($row = $result->fetch_assoc()) {
76. if (password_verify($pass, $row["Password"])) {
77. //Store variable as usual
78. //$sessid = $row["ID"];
79. $_SESSION['user'] = $row['ID'];
80. //$_SESSION['user'] = $name;
81. } else {
82. return false;
83. }
84. }
85.  
86.  
87. //session_regenerate_id(TRUE);
88. //$_SESSION['user'] = $_POST['Username'];
89. } else {
90. return FALSE;
91. }
92. // echo $sql;
93. //$conn->close();
94. return TRUE;
95. }
96.  
97. public function getSessionUser() {
98. if ($this->dbConnection->connect_error) {
99. die("Connection failed: " . $this->dbConnection->connect_error);
100. }
101.  
102. $sql = "SELECT * FROM cus_customers WHERE ID = \"" . $_SESSION['user'] . "\" LIMIT 1";
103.  
104. $result = $this->dbConnection->query($sql);
105.  
106. if ($result->num_rows > 0) {
107. // output data of each row
108. while ($row = $result->fetch_assoc()) {
109.  
110. $Username = $row['Name'];
111. }
112. } else {
113. return 'Account not found';
114. }
115. return $Username;
116. }
117.  
118. public function logout() {
119. //$session->destroy(session_id());
120. session_destroy();
121. session_unset();
122.  
123. echo '<script type="text/javascript">
124. window.location = "Home"
125. </script>';
126. }
127.  
128. }