API tools faq
paste
Guest User

Untitled

a guest
Apr 11th, 2016
32
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.97 KB | None | 0 0
raw download clone embed print report
  1. class.user.php
  2.  
  3.  
  4. <?php
  5.  
  6. require_once 'dbconfig.php';
  7.  
  8. class USER
  9. {
  10.  
  11. private $conn;
  12.  
  13. public function __construct()
  14. {
  15. $database = new Database();
  16. $db = $database->dbConnection();
  17. $this->conn = $db;
  18. }
  19.  
  20. public function runQuery($sql)
  21. {
  22. $stmt = $this->conn->prepare($sql);
  23. return $stmt;
  24. }
  25.  
  26. public function lasdID()
  27. {
  28. $stmt = $this->conn->lastInsertId();
  29. return $stmt;
  30. }
  31.  
  32. function doCheckCaptchaResult($captcha,$ip){
  33. $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Ld0cQgTAAAAADvO9VpqOt02GYKZ3Efaa9ySv5__&response=".$captcha."&remoteip=".$ip);
  34. return $response.success;
  35. }
  36.  
  37. public function register($uname,$email,$upass,$code,$ufname,$ulname,$umname,$uaddress,$usquestion,$usanswer,$ubirthdate)
  38. {
  39. try
  40. {
  41. $password = md5($upass);
  42. $stmt = $this->conn->prepare("INSERT INTO tbl_users(userName,userEmail,userPass,tokenCode,userfirstName,userlastName,usermiddleName,userAddress,usersecretQuestion,usersecretAnswer,userbirthDate)
  43. VALUES(:user_name, :user_mail, :user_pass, :active_code, :user_fname, :user_lname, :user_mname, :user_address, :user_secretquestion, :user_answer, :user_birthdate)");
  44.  
  45. $stmt->bindparam(":user_name",$uname);
  46. $stmt->bindparam(":user_mail",$email);
  47. $stmt->bindparam(":user_pass",$password);
  48. $stmt->bindparam(":active_code",$code);
  49. $stmt->bindparam(":user_fname",$ufname);
  50. $stmt->bindparam(":user_lname",$ulname);
  51. $stmt->bindparam(":user_mname",$umname);
  52. $stmt->bindparam(":user_address",$uaddress);
  53. $stmt->bindparam(":user_secretquestion",$usquestion);
  54. $stmt->bindparam(":user_answer",$usanswer);
  55. $stmt->bindparam(":user_birthdate",$ubirthdate);
  56. $stmt->execute();
  57. return $stmt;
  58. }
  59. catch(PDOException $ex)
  60. {
  61. echo $ex->getMessage();
  62. }
  63. }
  64.  
  65. public function newsInsert($authorUserNum,$content,$newsCtg,$title)
  66. {
  67. try
  68. {
  69. $stmt = $this->conn->prepare("INSERT INTO tbl_news(authorUserNum,content,newsCtg,title)
  70. VALUES(:author_UserNum, :topic_content, :news_Ctg, :topic_title)");
  71.  
  72. $stmt->bindparam(":author_UserNum",$authorUserNum);
  73. $stmt->bindparam(":topic_content",$content);
  74. $stmt->bindparam(":news_Ctg",$newsCtg);
  75. $stmt->bindparam(":topic_title",$title);
  76. $stmt->execute();
  77. return $stmt;
  78. }
  79. catch(PDOException $ex)
  80. {
  81. echo $ex->getMessage();
  82. }
  83. }
  84. public function newsUpdate($usernum,$title,$ctg,$content,$id)
  85. {
  86. try
  87. {
  88. $stmt = $this->conn->prepare("UPDATE tbl_news SET content=:topic_content,newsCtg=:news_Ctg,title=:topic_title WHERE id=:id");
  89.  
  90. $stmt->bindparam(":id",$id);
  91. $stmt->bindparam(":topic_content",$content);
  92. $stmt->bindparam(":news_Ctg",$newsCtg);
  93. $stmt->bindparam(":topic_title",$title);
  94. $stmt->execute();
  95. return $stmt;
  96. }
  97. catch(PDOException $ex)
  98. {
  99. echo $ex->getMessage();
  100. }
  101. }
  102. public function getNewsList()
  103. {
  104. $stmt = $this->conn->prepare("SELECT * from tbl_news ORDER BY newsDate DESC");
  105. $stmt->execute();
  106. return $stmt;
  107. }
  108.  
  109. public function getNewsDetail($id)
  110. {
  111. $id = (int)$id;
  112. $stmt = $this->conn->prepare("SELECT * from tbl_news WHERE id=:id");
  113. $stmt->bindparam(":id",$id);
  114. $stmt->execute();
  115. return $stmt;
  116. }
  117. public function getAuthor($id)
  118. {
  119. $id = (int)$id;
  120. $stmt = $this->conn->prepare("SELECT userfirstName from tbl_users WHERE userID=:id ");
  121. $stmt->bindparam(":id",$id);
  122. $stmt->execute();
  123. foreach($stmt as $author){
  124. return $author->userfirstName;
  125. }
  126. //return $stmt;
  127. }
  128. public function doDeleteNews($id)
  129. {
  130. $id = (int)$id;
  131. $stmt = $this->conn->prepare("DELETE from tbl_news WHERE id=:id");
  132. $stmt->bindparam(":id",$id);
  133. $stmt->execute();
  134. return $stmt;
  135. }
  136. public function itemInsert($usersession,$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice)
  137. {
  138.  
  139.  
  140. try
  141. {
  142. $stmt = $this->conn->prepare("INSERT INTO tbl_product(ItemName,ItemCategory,ItemQuantity,isHidden,ItemPrice)
  143. VALUES(:itemname, :itemcategory, :itemquantity, :ishidden, :itemprice)");
  144.  
  145. $stmt->bindparam(":itemname",$itemname);
  146. $stmt->bindparam(":itemcategory",$itemcategory);
  147. $stmt->bindparam(":itemquantity",$itemquantity);
  148. $stmt->bindparam(":ishidden",$ishidden);
  149. $stmt->bindparam(":itemprice",$itemprice);
  150. $stmt->execute();
  151. return $stmt;
  152. }
  153. catch(PDOException $ex)
  154. {
  155. echo $ex->getMessage();
  156. }
  157. }
  158.  
  159. public function getItemList($search="")
  160. {
  161. if($search==""){
  162. $stmt = $this->conn->prepare("SELECT * from tbl_product ORDER BY ItemQuantity ASC, ItemID DESC");
  163. $stmt->execute();
  164. }else{
  165. $search = "%$search%";
  166. $stmt = $this->conn->prepare("SELECT * from tbl_product WHERE ItemName LIKE :search");
  167. $stmt->bindparam(":search",$search);
  168. $stmt->execute();
  169. }
  170.  
  171.  
  172. return $stmt;
  173. }
  174. public function itemUpdate($usersession,$itemquantity,$itemcategory,$itemname,$ishidden,$itemprice,$id)//transform to item again, wait may asikasuhin ako saglit sa database, nagcrash e okss
  175. {
  176. try
  177. {
  178. $stmt = $this->conn->prepare("UPDATE tbl_product SET ItemName=:itemname,ItemCategory=:itemcategory,ItemQuantity=:itemquantity,isHidden=:ishidden, ItemPrice=:itemprice WHERE ItemID=:id");
  179.  
  180. $stmt->bindparam(":itemname",$itemname);
  181. $stmt->bindparam(":itemcategory",$itemcategory);
  182. $stmt->bindparam(":itemquantity",$itemquantity);
  183. $stmt->bindparam(":ishidden",$ishidden);
  184. $stmt->bindparam(":itemprice",$itemprice);
  185. $stmt->bindparam(":id",$id);
  186. $stmt->execute();
  187. return $stmt;
  188. }
  189. catch(PDOException $ex)
  190. {
  191. echo $ex->getMessage();
  192. }
  193. }
  194. public function getCategory($ctg){
  195. switch($ctg)
  196. {
  197. case 0: return "Tarpaulin"; break;
  198. case 1: return "Rush ID"; break;
  199. case 2: return "Photocopy"; break;
  200. case 3: return "Graphic Layout"; break;
  201. case 4: return "Invitation"; break;
  202. case 5: return "Panaflex"; break;
  203. case 6: return "Signages"; break;
  204. case 7: return "Stickers"; break;
  205. case 8: return "Sintra board"; break;
  206. case 9: return "Large Format Photo"; break;
  207. case 10: return "PVC ID"; break;
  208. case 11: return "Lamination"; break;
  209. case 12: return "Bag Tags"; break;
  210. case 13: return "Notary Public"; break;
  211. case 14: return "Scan"; break;
  212. default: return "Tarpaulin";
  213. }
  214. }
  215. public function getItemDetail($id)
  216. {
  217. $id = (int)$id;
  218. $stmt = $this->conn->prepare("SELECT * from tbl_product WHERE ItemID=:id");
  219. $stmt->bindparam(":id",$id);
  220. $stmt->execute();
  221. return $stmt;
  222. }
  223. public function doDeleteItem($id)
  224. {
  225. $id = (int)$id;
  226. $stmt = $this->conn->prepare("DELETE from tbl_product WHERE ItemID=:id");
  227. $stmt->bindparam(":id",$id);
  228. $stmt->execute();
  229. return $stmt;
  230. }
  231. public function login($email,$upass)
  232. {
  233. try
  234. {
  235. $stmt = $this->conn->prepare("SELECT * FROM tbl_users WHERE userEmail=:email_id");
  236. $stmt->execute(array(":email_id"=>$email));
  237. $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
  238.  
  239. if($stmt->rowCount() == 1)
  240. {
  241. if($userRow['userStatus']=="Y")
  242. {
  243. if($userRow['userPass']==md5($upass))
  244. {
  245. $_SESSION['userSession'] = $userRow['userID'];
  246. $_SESSION['usertype'] = $userRow['usertype'];
  247. $result = array (
  248. 'status' => 1,
  249. 'msg' => 'Login Success'
  250. );
  251. return $result;
  252. }
  253. else
  254. {
  255. $result = array (
  256. 'status' => 0,
  257. 'msg' => 'Password Incorrect'
  258. );
  259. return $result;
  260. }
  261. }
  262. else
  263. {
  264. $result = array (
  265. 'status' => 0,
  266. 'msg' => 'Account Inactive'
  267. );
  268. return $result;
  269. }
  270. }
  271. else
  272. {
  273. $result = array (
  274. 'status' => 0,
  275. 'msg' => 'Account Not Found'
  276. );
  277. return $result;
  278. }
  279. }
  280. catch(PDOException $ex)
  281. {
  282. echo $ex->getMessage();
  283. }
  284. }
  285.  
  286.  
  287. public function is_logged_in()
  288. {
  289. if(isset($_SESSION['userSession']))
  290.  
  291. {
  292. return true;
  293. }
  294. }
  295.  
  296. public function is_admin()
  297. {
  298. if(isset($_SESSION['usertype']))
  299. {
  300. if($_SESSION['usertype']==1)return true;
  301. else return false;
  302. }
  303. }
  304.  
  305.  
  306. public function is_auditor()
  307. {
  308. if(isset($_SESSION['usertype']))
  309. {
  310. if($_SESSION['usertype']==2)return true;
  311. else return false;
  312. }
  313. }
  314.  
  315. public function is_member()
  316. {
  317. if(isset($_SESSION['usertype']))
  318. {
  319. if($_SESSION['usertype']==0)return true;
  320. else return false;
  321. }
  322. }
  323.  
  324.  
  325. public function getUserList($search="")
  326. {
  327. if($search==""){
  328. $stmt = $this->conn->prepare("SELECT * from tbl_users ORDER BY userID DESC");
  329. }else{
  330. $search = "%$search%";
  331. $stmt = $this->conn->prepare("SELECT * from tbl_users WHERE userfirstName LIKE :search");
  332. $stmt->bindparam(":search",$search);
  333. $stmt->execute();
  334. }
  335. $stmt->execute();
  336. return $stmt;
  337. }
  338. public function getUserInfo($userid)
  339. {
  340. $stmt = $this->conn->prepare("SELECT * from tbl_users WHERE UserID=:userid");
  341. $stmt->bindparam(":userid",$userid);
  342. $stmt->execute();
  343. return $stmt;
  344. }
  345.  
  346. public function getStatusInfo($orderid)
  347. {
  348. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE orderID=:orderid");
  349. $stmt->bindparam(":orderid",$orderid);
  350. $stmt->execute();
  351. return $stmt;
  352. }
  353. public function getOrderInfo($userid)
  354. {
  355. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE orderID=:orderid");
  356. $stmt->bindparam(":orderid",$orderid);
  357. $stmt->execute();
  358. return $stmt;
  359. }
  360.  
  361. public function doUserUpdate($usernum,$usertype)
  362. {
  363. try
  364. {
  365. $stmt = $this->conn->prepare("UPDATE tbl_users SET usertype=:usertype WHERE userID=:id");
  366.  
  367. $stmt->bindparam(":id",$usernum);
  368. $stmt->bindparam(":usertype",$usertype);
  369.  
  370. $stmt->execute();
  371. return $stmt;
  372. }
  373. catch(PDOException $ex)
  374. {
  375. echo $ex->getMessage();
  376. }
  377. }
  378.  
  379. public function doStatusUpdate($ordernum,$status)
  380. {
  381. try
  382. {
  383. $stmt = $this->conn->prepare("UPDATE tbl_orderlist SET Status=:status WHERE orderID=:id");
  384.  
  385. $stmt->bindparam(":id",$ordernum);
  386. $stmt->bindparam(":status",$status);
  387.  
  388. $stmt->execute();
  389. return $stmt;
  390. }
  391. catch(PDOException $ex)
  392. {
  393. echo $ex->getMessage();
  394. }
  395. }
  396.  
  397.  
  398.  
  399. public function OrderInsert($usersession,$price,$dateandtimeorder,$customerid,$delivery,$customeraddress,$customername,$orderdetails,$templateselect,$typeofservice,$ishidden)
  400. {
  401.  
  402.  
  403. try
  404. {
  405. $stmt = $this->conn->prepare("INSERT INTO tbl_orderlist(TypeofService,TemplateSelect,OrderDetails,CustomerName,CustomerAddress,Delivery,CustomerID,DateandTimeOrder,Price,IsHidden)
  406. VALUES(:typeofservice, :templateselect, :orderdetails, :customername, :customeraddress, :delivery, :customerid, :dateandtimeorder, :price, :ishidden)");
  407.  
  408. $stmt->bindparam(":typeofservice",$typeofservice);
  409. $stmt->bindparam(":templateselect",$templateselect);
  410. $stmt->bindparam(":orderdetails",$orderdetails);
  411. $stmt->bindparam(":customername",$customername);
  412. $stmt->bindparam(":customeraddress",$customeraddress);
  413. $stmt->bindparam(":delivery",$delivery);
  414. $stmt->bindparam(":customerid",$customerid);
  415. $stmt->bindparam(":dateandtimeorder",$dateandtimeorder);
  416. $stmt->bindparam(":price",$price);
  417. $stmt->bindparam(":ishidden",$ishidden);
  418. $stmt->execute();
  419. return $stmt;
  420. }
  421. catch(PDOException $ex)
  422. {
  423. echo $ex->getMessage();
  424. }
  425. }
  426.  
  427.  
  428. public function getOrderList() {
  429.  
  430. if ( ! empty( $_SESSION['userSession'] ) ) {
  431.  
  432. $values = array( ":uid" => $_SESSION['userSession'] );
  433. $stmt = $this->conn->prepare("SELECT * FROM tbl_orderlist WHERE CustomerID = :uid");
  434. $stmt->execute($values);
  435. $row = $stmt->fetchAll();
  436.  
  437. // Uncomment this to debug
  438. // echo "<pre>";
  439. // print_r( $row );
  440. // echo "<pre>";
  441. //echo "Customer ID: " . $_SESSION['userSession'];
  442. //print_r( $row );
  443.  
  444.  
  445.  
  446. return $row;
  447. }
  448.  
  449. }
  450.  
  451.  
  452.  
  453.  
  454. public function getTotalOrderList()
  455. {
  456. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist ORDER BY orderID DESC");
  457. $stmt->execute();
  458. return $stmt;
  459.  
  460. echo "<pre>";
  461. print_r( $row );
  462.  
  463. }
  464.  
  465.  
  466. public function getPendingList()
  467. {
  468. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE status = 'Pending' ORDER BY orderID DESC");
  469. $stmt->execute();
  470. return $stmt;
  471.  
  472. echo "<pre>";
  473. print_r( $row );
  474.  
  475. }
  476.  
  477. public function getClaimedList()
  478. {
  479. $stmt = $this->conn->prepare("SELECT * from tbl_orderlist WHERE status = 'Claimed' ORDER BY orderID DESC");
  480. $stmt->execute();
  481. return $stmt;
  482.  
  483. echo "<pre>";
  484. print_r( $row );
  485.  
  486. }
  487.  
  488.  
  489. public function gettotalsales()
  490. {
  491. $stmt = $this->conn->prepare("Select sum(Price) From tbl_orderlist");
  492. $stmt->execute();
  493. return $stmt;
  494.  
  495.  
  496. }
  497.  
  498.  
  499. public function getAllSales()
  500. {
  501. $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist");
  502. $stmt->execute();
  503. $result = $stmt->fetch();
  504. return $result;
  505.  
  506.  
  507. }
  508.  
  509. public function getallClaimedlist()
  510. {
  511. $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist WHERE status = 'Claimed'");
  512. $stmt->execute();
  513. $result = $stmt->fetch();
  514. return $result;
  515.  
  516.  
  517. }
  518.  
  519.  
  520.  
  521. public function getallPendinglist()
  522. {
  523. $stmt = $this->conn->prepare("Select sum(Price) AS total From tbl_orderlist WHERE status = 'Pending'");
  524. $stmt->execute();
  525. $result = $stmt->fetch();
  526. return $result;
  527.  
  528.  
  529. }
  530.  
  531.  
  532.  
  533.  
  534.  
  535.  
  536. /*
  537.  
  538. public function orderInsert($servicetype,$templateselection,$orderdetails)
  539. {
  540. try
  541. {
  542. $stmt = $this->conn->prepare("INSERT INTO tbl_order(TypeofService,TemplateSelect,orderdetails)
  543. VALUES(:Service_Type, :Template_Select, :order_details)");
  544.  
  545. $stmt->bindparam(":Service_Type",$servicetype);
  546. $stmt->bindparam(":Template_Select",$templateselection);
  547. $stmt->bindparam(":order_details",$orderdetails);
  548. $stmt->execute();
  549. return $stmt;
  550. }
  551. catch(PDOException $ex)
  552. {
  553. echo $ex->getMessage();
  554. }
  555. }
  556.  
  557.  
  558.  
  559. */
  560.  
  561.  
  562.  
  563.  
  564.  
  565.  
  566.  
  567.  
  568.  
  569.  
  570.  
  571.  
  572.  
  573.  
  574.  
  575.  
  576.  
  577.  
  578.  
  579.  
  580.  
  581.  
  582.  
  583.  
  584.  
  585. public function redirect($url)
  586. {
  587. header("Location: $url");
  588. }
  589.  
  590. public function logout()
  591. {
  592. session_destroy();
  593. $_SESSION['userSession'] = false;
  594. }
  595.  
  596. function send_mail($email,$message,$subject)
  597. {
  598.  
  599. $headers = "From: no-reply@crosswayprinting.ga\r\n";
  600. $headers .= "Reply-To: no-reply@crosswayprinting.ga\r\n";
  601. $headers .= "Return-Path: no-reply@crosswayprinting.ga\r\n";
  602. $headers .= "MIME-Version: 1.0\r\n";
  603. $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
  604. mail($email,$subject,$message,$headers);
  605.  
  606. /*require_once('mailer/class.phpmailer.php');
  607. $mail = new PHPMailer();
  608. $mail->IsSMTP();
  609. $mail->SMTPDebug = 0;
  610. $mail->SMTPAuth = true;
  611. $mail->SMTPSecure = "ssl";
  612. $mail->Host = "smtp.gmail.com";
  613. $mail->Port = 465;
  614. $mail->AddAddress($email);
  615. $mail->Username="crosswaytags42@gmail.com";
  616. $mail->Password="a1500m500";
  617. $mail->SetFrom('crosswaytags42@gmail.com','Crossway Printing');
  618. $mail->AddReplyTo("crosswaytags42@gmail.com","Crossway Printing");
  619. $mail->Subject = $subject;
  620. $mail->MsgHTML($message);
  621. $mail->Send();*/
  622. }
  623. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!