Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class.user.php
- <?php
- require_once 'dbconfig.php';
- class USER
- {
- private $conn;
- public function __construct()
- {
- $database = new Database();
- $db = $database->dbConnection();
- $this->conn = $db;
- }
- public function runQuery($sql)
- {
- $stmt = $this->conn->prepare($sql);
- return $stmt;
- }
- public function lasdID()
- {
- $stmt = $this->conn->lastInsertId();
- return $stmt;
- }
- function doCheckCaptchaResult($captcha,$ip){
- $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Ld0cQgTAAAAADvO9VpqOt02GYKZ3Efaa9ySv5__&response=".$captcha."&remoteip=".$ip);
- return $response.success;
- }
- public function register($uname,$email,$upass,$code,$ufname,$ulname,$umname,$uaddress,$usquestion,$usanswer,$ubirthdate)
- {
- try
- {
- $password = md5($upass);
- $stmt = $this->conn->prepare("INSERT INTO tbl_users(userName,userEmail,userPass,tokenCode,userfirstName,userlastName,usermiddleName,userAddress,usersecretQuestion,usersecretAnswer,userbirthDate)
- VALUES(:user_name, :user_mail, :user_pass, :active_code, :user_fname, :user_lname, :user_mname, :user_address, :user_secretquestion, :user_answer, :user_birthdate)");
- $stmt->bindparam(":user_name",$uname);
- $stmt->bindparam(":user_mail",$email);
- $stmt->bindparam(":user_pass",$password);
- $stmt->bindparam(":active_code",$code);
- $stmt->bindparam(":user_fname",$ufname);
- $stmt->bindparam(":user_lname",$ulname);
- $stmt->bindparam(":user_mname",$umname);
- $stmt->bindparam(":user_address",$uaddress);
- $stmt->bindparam(":user_secretquestion",$usquestion);
- $stmt->bindparam(":user_answer",$usanswer);
- $stmt->bindparam(":user_birthdate",$ubirthdate);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function newsInsert($authorUserNum,$content,$newsCtg,$title)
- {
- try
- {
- $stmt = $this->conn->prepare("INSERT INTO tbl_news(authorUserNum,content,newsCtg,title)
- VALUES(:author_UserNum, :topic_content, :news_Ctg, :topic_title)");
- $stmt->bindparam(":author_UserNum",$authorUserNum);
- $stmt->bindparam(":topic_content",$content);
- $stmt->bindparam(":news_Ctg",$newsCtg);
- $stmt->bindparam(":topic_title",$title);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function newsUpdate($usernum,$title,$ctg,$content,$id)
- {
- try
- {
- $stmt = $this->conn->prepare("UPDATE tbl_news SET content=:topic_content,newsCtg=:news_Ctg,title=:topic_title WHERE id=:id");
- $stmt->bindparam(":id",$id);
- $stmt->bindparam(":topic_content",$content);
- $stmt->bindparam(":news_Ctg",$newsCtg);
- $stmt->bindparam(":topic_title",$title);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function getNewsList()
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_news ORDER BY newsDate DESC");
- $stmt->execute();
- return $stmt;
- }
- public function getNewsDetail($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("SELECT * from tbl_news WHERE id=:id");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- public function getAuthor($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("SELECT userfirstName from tbl_users WHERE userID=:id ");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- foreach($stmt as $author){
- return $author->userfirstName;
- }
- //return $stmt;
- }
- public function doDeleteNews($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("DELETE from tbl_news WHERE id=:id");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- public function itemInsert($usersession,$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice)
- {
- try
- {
- $stmt = $this->conn->prepare("INSERT INTO tbl_product(ItemName,ItemCategory,ItemQuantity,isHidden,ItemPrice)
- VALUES(:itemname, :itemcategory, :itemquantity, :ishidden, :itemprice)");
- $stmt->bindparam(":itemname",$itemname);
- $stmt->bindparam(":itemcategory",$itemcategory);
- $stmt->bindparam(":itemquantity",$itemquantity);
- $stmt->bindparam(":ishidden",$ishidden);
- $stmt->bindparam(":itemprice",$itemprice);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function getItemList($search="")
- {
- if($search==""){
- $stmt = $this->conn->prepare("SELECT * from tbl_product ORDER BY ItemQuantity ASC, ItemID DESC");
- $stmt->execute();
- }else{
- $search = "%$search%";
- $stmt = $this->conn->prepare("SELECT * from tbl_product WHERE ItemName LIKE :search");
- $stmt->bindparam(":search",$search);
- $stmt->execute();
- }
- return $stmt;
- }
- public function itemUpdate($usersession,$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice,$id)//transform to item again, wait may asikasuhin ako saglit sa database, nagcrash e okss
- {
- try
- {
- $stmt = $this->conn->prepare("UPDATE tbl_product SET ItemName=:itemname,ItemCategory=:itemcategory,ItemQuantity=:itemquantity,isHidden=:ishidden, ItemPrice=:itemprice WHERE ItemID=:id");
- $stmt->bindparam(":itemname",$itemname);
- $stmt->bindparam(":itemcategory",$itemcategory);
- $stmt->bindparam(":itemquantity",$itemquantity);
- $stmt->bindparam(":ishidden",$ishidden);
- $stmt->bindparam(":itemprice",$itemprice);
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function getCategory($ctg){
- switch($ctg)
- {
- case 0: return "Tarpaulin"; break;
- case 1: return "Rush ID"; break;
- case 2: return "Photocopy"; break;
- case 3: return "Graphic Layout"; break;
- case 4: return "Invitation"; break;
- case 5: return "Panaflex"; break;
- case 6: return "Signages"; break;
- case 7: return "Stickers"; break;
- case 8: return "Sintra board"; break;
- case 9: return "Large Format Photo"; break;
- case 10: return "PVC ID"; break;
- case 11: return "Lamination"; break;
- case 12: return "Bag Tags"; break;
- case 13: return "Notary Public"; break;
- case 14: return "Scan"; break;
- default: return "Tarpaulin";
- }
- }
- public function getItemDetail($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("SELECT * from tbl_product WHERE ItemID=:id");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- public function doDeleteItem($id)
- {
- $id = (int)$id;
- $stmt = $this->conn->prepare("DELETE from tbl_product WHERE ItemID=:id");
- $stmt->bindparam(":id",$id);
- $stmt->execute();
- return $stmt;
- }
- public function login($email,$upass)
- {
- try
- {
- $stmt = $this->conn->prepare("SELECT * FROM tbl_users WHERE userEmail=:email_id");
- $stmt->execute(array(":email_id"=>$email));
- $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
- if($stmt->rowCount() == 1)
- {
- if($userRow['userStatus']=="Y")
- {
- if($userRow['userPass']==md5($upass))
- {
- $_SESSION['userSession'] = $userRow['userID'];
- $_SESSION['usertype'] = $userRow['usertype'];
- $result = array (
- 'status' => 1,
- 'msg' => 'Login Success'
- );
- return $result;
- }
- else
- {
- $result = array (
- 'status' => 0,
- 'msg' => 'Password Incorrect'
- );
- return $result;
- }
- }
- else
- {
- $result = array (
- 'status' => 0,
- 'msg' => 'Account Inactive'
- );
- return $result;
- }
- }
- else
- {
- $result = array (
- 'status' => 0,
- 'msg' => 'Account Not Found'
- );
- return $result;
- }
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function is_logged_in()
- {
- if(isset($_SESSION['userSession']))
- {
- return true;
- }
- }
- public function is_admin()
- {
- if(isset($_SESSION['usertype']))
- {
- if($_SESSION['usertype']==1)return true;
- else return false;
- }
- }
- public function is_auditor()
- {
- if(isset($_SESSION['usertype']))
- {
- if($_SESSION['usertype']==2)return true;
- else return false;
- }
- }
- public function is_member()
- {
- if(isset($_SESSION['usertype']))
- {
- if($_SESSION['usertype']==0)return true;
- else return false;
- }
- }
- public function getUserList($search="")
- {
- if($search==""){
- $stmt = $this->conn->prepare("SELECT * from tbl_users ORDER BY userID DESC");
- }else{
- $search = "%$search%";
- $stmt = $this->conn->prepare("SELECT * from tbl_users WHERE userfirstName LIKE :search");
- $stmt->bindparam(":search",$search);
- $stmt->execute();
- }
- $stmt->execute();
- return $stmt;
- }
- public function getUserInfo($userid)
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_users WHERE UserID=:userid");
- $stmt->bindparam(":userid",$userid);
- $stmt->execute();
- return $stmt;
- }
- public function getStatusInfo($orderid)
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE orderID=:orderid");
- $stmt->bindparam(":orderid",$orderid);
- $stmt->execute();
- return $stmt;
- }
- public function getOrderInfo($userid)
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE orderID=:orderid");
- $stmt->bindparam(":orderid",$orderid);
- $stmt->execute();
- return $stmt;
- }
- public function doUserUpdate($usernum,$usertype)
- {
- try
- {
- $stmt = $this->conn->prepare("UPDATE tbl_users SET usertype=:usertype WHERE userID=:id");
- $stmt->bindparam(":id",$usernum);
- $stmt->bindparam(":usertype",$usertype);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function doStatusUpdate($ordernum,$status)
- {
- try
- {
- $stmt = $this->conn->prepare("UPDATE tbl_orderlist SET Status=:status WHERE orderID=:id");
- $stmt->bindparam(":id",$ordernum);
- $stmt->bindparam(":status",$status);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function OrderInsert($usersession,$price,$dateandtimeorder,$customerid,$delivery,$customeraddress,$customername,$orderdetails,$templateselect,$typeofservice,$ishidden)
- {
- try
- {
- $stmt = $this->conn->prepare("INSERT INTO tbl_orderlist(TypeofService,TemplateSelect,OrderDetails,CustomerName,CustomerAddress,Delivery,CustomerID,DateandTimeOrder,Price,IsHidden)
- VALUES(:typeofservice, :templateselect, :orderdetails, :customername, :customeraddress, :delivery, :customerid, :dateandtimeorder, :price, :ishidden)");
- $stmt->bindparam(":typeofservice",$typeofservice);
- $stmt->bindparam(":templateselect",$templateselect);
- $stmt->bindparam(":orderdetails",$orderdetails);
- $stmt->bindparam(":customername",$customername);
- $stmt->bindparam(":customeraddress",$customeraddress);
- $stmt->bindparam(":delivery",$delivery);
- $stmt->bindparam(":customerid",$customerid);
- $stmt->bindparam(":dateandtimeorder",$dateandtimeorder);
- $stmt->bindparam(":price",$price);
- $stmt->bindparam(":ishidden",$ishidden);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- public function getOrderList() {
- if ( ! empty( $_SESSION['userSession'] ) ) {
- $values = array( ":uid" => $_SESSION['userSession'] );
- $stmt = $this->conn->prepare("SELECT * FROM tbl_orderlist WHERE CustomerID = :uid");
- $stmt->execute($values);
- $row = $stmt->fetchAll();
- // Uncomment this to debug
- // echo "<pre>";
- // print_r( $row );
- // echo "<pre>";
- //echo "Customer ID: " . $_SESSION['userSession'];
- //print_r( $row );
- return $row;
- }
- }
- public function getTotalOrderList()
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist ORDER BY orderID DESC");
- $stmt->execute();
- return $stmt;
- echo "<pre>";
- print_r( $row );
- }
- public function getPendingList()
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE status = 'Pending' ORDER BY orderID DESC");
- $stmt->execute();
- return $stmt;
- echo "<pre>";
- print_r( $row );
- }
- public function getClaimedList()
- {
- $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE status = 'Claimed' ORDER BY orderID DESC");
- $stmt->execute();
- return $stmt;
- echo "<pre>";
- print_r( $row );
- }
- public function gettotalsales()
- {
- $stmt = $this->conn->prepare("Select sum(Price) From tbl_orderlist");
- $stmt->execute();
- return $stmt;
- }
- public function getAllSales()
- {
- $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist");
- $stmt->execute();
- $result = $stmt->fetch();
- return $result;
- }
- public function getallClaimedlist()
- {
- $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist WHERE status = 'Claimed'");
- $stmt->execute();
- $result = $stmt->fetch();
- return $result;
- }
- public function getallPendinglist()
- {
- $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist WHERE status = 'Pending'");
- $stmt->execute();
- $result = $stmt->fetch();
- return $result;
- }
- /*
- public function orderInsert($servicetype,$templateselection,$orderdetails)
- {
- try
- {
- $stmt = $this->conn->prepare("INSERT INTO tbl_order(TypeofService,TemplateSelect,orderdetails)
- VALUES(:Service_Type, :Template_Select, :order_details)");
- $stmt->bindparam(":Service_Type",$servicetype);
- $stmt->bindparam(":Template_Select",$templateselection);
- $stmt->bindparam(":order_details",$orderdetails);
- $stmt->execute();
- return $stmt;
- }
- catch(PDOException $ex)
- {
- echo $ex->getMessage();
- }
- }
- */
- public function redirect($url)
- {
- header("Location: $url");
- }
- public function logout()
- {
- session_destroy();
- $_SESSION['userSession'] = false;
- }
- function send_mail($email,$message,$subject)
- {
- $headers = "From: no-reply@crosswayprinting.ga\r\n";
- $headers .= "Reply-To: no-reply@crosswayprinting.ga\r\n";
- $headers .= "Return-Path: no-reply@crosswayprinting.ga\r\n";
- $headers .= "MIME-Version: 1.0\r\n";
- $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
- mail($email,$subject,$message,$headers);
- /*require_once('mailer/class.phpmailer.php');
- $mail = new PHPMailer();
- $mail->IsSMTP();
- $mail->SMTPDebug = 0;
- $mail->SMTPAuth = true;
- $mail->SMTPSecure = "ssl";
- $mail->Host = "smtp.gmail.com";
- $mail->Port = 465;
- $mail->AddAddress($email);
- $mail->Username="crosswaytags42@gmail.com";
- $mail->Password="a1500m500";
- $mail->SetFrom('crosswaytags42@gmail.com','Crossway Printing');
- $mail->AddReplyTo("crosswaytags42@gmail.com","Crossway Printing");
- $mail->Subject = $subject;
- $mail->MsgHTML($message);
- $mail->Send();*/
- }
- }
Add Comment
Please, Sign In to add comment