function __construct($username, $password, $tenantID)
{
if (strlen($username) == 0 || strlen($password) == 0) {
throw new Exception("Invalid username or password.");
}
$userDetails = User::getUserDetails($username);
if ($userDetails["active"] == 0) {
throw new Exception("This user account is inactive. Please check your email for activation instructions.");
} else {
$saltedPassword = Utility::saltAndHash($password, $userDetails["password"]);
//echo 'salted:' . $saltedPassword;
//echo Utility::saltAndHash($password);
$query = 'call validateUser(' . Database::queryString($username);
$query .= ',' . Database::queryString($saltedPassword);
$query .= ',' . Database::queryNumber($tenantID) . ');';
$result = Database::executeQuery($query);
if (!$result) {
throw new Exception('Unable to validate that username/password combination.');
} else {
$userid = 0;
while ($o = mysqli_fetch_object($result)) {
$userid = $o->userid;
$name = $o->name;
}
if ($userid > 0) {
$this->id = $userid;
$this->name = $name;
} else {
throw new Exception("Unable to validate that username/password combination.");
}
}
}
}
function saveUserInfo($inputArr)
{
try {
global $db;
foreach ($inputArr as $key => $key_value) {
$keyArr[$key] = $key_value;
}
$userObj = new User($db);
$r_user = $userObj->getUserDetails($keyArr['mobile_num']);
if (is_array($r_user) && sizeof($r_user) > 0) {
$user_id = $r_user[0]['user_id'];
} else {
$i_user = $userObj->insertUserDetails($keyArr);
$user_id = $db->lastInsertId();
}
$keyArr['parentId'] = $user_id;
$pregObj = new PreDetails($db);
$row_child = $pregObj->insertPregDetails($keyArr);
if ($row_child > 0) {
$arr = array('status' => $row_child);
} else {
$arr = array('status' => 0);
}
return $arr;
} catch (Exception $e) {
echo 'Caught exception: Please try after sometime.\\n';
}
}
/**
* @param User $model
* @return UserDto
*/
public static function toDto(User $model)
{
/** @var UserDetails $details */
$details = $model->getUserDetails();
/** @var UserBlob[] $blobs */
$blobs = $model->getUserBlobs();
/** @var UserDto $userDto */
$userDto = new UserDto($model->getAttributes());
$userDto->description = $details ? $details->description : '';
$userDto->blobs = array();
foreach ($blobs as $blob) {
$userDto->blobs[] = $blob->blob_b64;
}
return $userDto;
}
function _addNews()
{
$user = new User(getdbh());
$userDetails = $user->getUserDetails($_SESSION['uid']);
$noutate = new Noutati(getdbh());
$autor = $userDetails[0]['NUME'] . " " . $userDetails[0]['PRENUME'];
if ($noutate->addNews($autor, $_POST['noutate'])) {
$data['msg'][] = 'Noutatea a fost adaugata cu success';
$data['redirect'][] = 'news/showNews';
View::do_dump(VIEW_PATH . 'layout.php', $data);
} else {
$data['msg'][] = 'Noutatea nu a fost adaugata';
$data['redirect'][] = 'news/showNews';
View::do_dump(VIEW_PATH . 'layout.php', $data);
}
}
function getUserDetails($inputArr)
{
try {
global $db;
//server side validation
foreach ($inputArr as $key => $key_value) {
$keyArr[$key] = $key_value;
}
//print_r($keyArr);
$docObj = new User($db);
$r_user = $docObj->getUserDetails($keyArr['mobile']);
if (is_array($r_user) && sizeof($r_user) > 0) {
$arr = array('status' => "1", 'data' => $r_user);
} else {
$arr = array('status' => "0");
}
return $arr;
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
}
private function validatePassword($password, $username, $userid)
{
// returns true if password if correct for specified user
$userDetails = User::getUserDetails($username);
if ($password != "reset") {
$saltedPassword = Utility::saltAndHash($password, $userDetails["password"]);
} else {
$saltedPassword = '******';
}
$query = 'call validateUser(' . Database::queryString($username);
$query .= ',' . Database::queryString($saltedPassword);
$query .= ',' . Database::queryNumber($this->tenantid) . ');';
$result = Database::executeQuery($query);
if (!$result) {
Utility::debug('User ' . $name . ' failed password validation.', 9);
return false;
} else {
$matchedid = 0;
while ($o = mysqli_fetch_object($result)) {
$matchedid = $o->userid;
}
Utility::debug($matchedid . '- ' . $userid, 9);
return $userid == $matchedid;
}
}
<?php
session_start();
$sessiondata = $_SESSION['email'];
include 'db/db.php';
$query = "select TypeOfUser from userdetail where UserName = '******'";
$sql = mysql_query($query) or die(mysql_error());
$result = mysql_fetch_row($sql);
$user = $result[0];
include 'classes/User.php';
$us = new User();
$prepared_by = $us->getUserDetails();
function subval_sort($a, $subkey)
{
foreach ($a as $k => $v) {
$b[$k] = strtolower($v[$subkey]);
}
asort($b);
foreach ($b as $key => $val) {
$c[] = $a[$key];
}
return $c;
}
$paramAdd = serialize($_REQUEST['paramAdd']);
$paramCom = serialize($_REQUEST['paramComments']);
$paramCom = preg_replace("@matchResult.*?\\}\\}@", "", $paramCom);
$us->storeAddress($_SESSION['searchId'], $paramAdd, $paramCom);
if ($user == 2) {
$address = isset($_SESSION['search']['address']) ? $_SESSION['search']['address'] : "3101 West End Ave, Nashvelle TN 37203";
$bedrooms = isset($_SESSION['search']['bedrooms']) ? $_SESSION['search']['bedrooms'] : "3";
$bathrooms = isset($_SESSION['search']['bathrooms']) ? $_SESSION['search']['bathrooms'] : "4";
<?php
include_once 'Item.php';
include_once 'User.php';
$item = new Item();
$user = new User();
if (isset($_POST['email'])) {
$email = trim($_POST['email']);
$old_password = $_POST['op'];
$new_password = $_POST['np'];
$len_email = strlen($email);
$len_op = strlen($old_password);
$len_np = strlen($new_password);
if ($len_email == 0 || $len_op === 0 || $len_np === 0) {
header('Location: profile.php');
} else {
$row = $user->getUserDetails($email, $old_password);
$details = $row->fetch_array(MYSQLI_ASSOC);
if ($email === $details['email'] && $old_password === $details['password']) {
$user->updatePassword($email, $old_password, $new_password);
header('Location: login.php');
} else {
header('Location: profile.php');
}
}
}
function _adminUsers()
{
isUserLoggedIn();
switch ($_POST['actiune']) {
case 'edit':
reset($_POST);
$key = key($_POST);
$user_id = explode("_", $key);
$user = new User(getDbh());
$user_details = $user->getUserDetails($user_id[1]);
$grupa = new Grupa(getdbh());
$groupsDetails = $grupa->fetchAll();
$result['grupa'] = $groupsDetails;
$result['user'] = $user_details;
$result['ID'] = $user_id[1];
$data['msg'][] = View::do_fetch(VIEW_PATH . 'modifica_user.tpl.php', $result);
View::do_dump(VIEW_PATH . 'layout.php', $data);
break;
case 'delete':
reset($_POST);
$key = key($_POST);
$user_id = explode("_", $key);
$user = new User(getDbh());
if ($user->deleteUser($user_id[1]) == true) {
$data['msg'][] = " Userul a fost sters cu success";
$data['redirect'][] = 'administrare/show_users';
View::do_dump(VIEW_PATH . 'layout.php', $data);
} else {
$data['msg'][] = " Userul nu a fost sters";
$data['redirect'][] = 'administrare/show_users';
View::do_dump(VIEW_PATH . 'layout.php', $data);
}
break;
case 'delete_all':
$sterse = 0;
$nesterse = 0;
$user = new User(getDbh());
foreach ($_POST as $key) {
if ($key == 'delete_all') {
continue;
} else {
$user_id = explode("_", $key);
if ($user->deleteUser($user_id[1]) == true) {
$sterse++;
} else {
$nesterse++;
}
}
}
if ($sterse > 0) {
$data['msg'][] = $sterse . "useri au fost stersi cu success";
$data['redirect'][] = 'administrare/show_users';
View::do_dump(VIEW_PATH . 'layout.php', $data);
} else {
$data['msg'][] = $nesterse . "useri nu au fost stersi";
$data['redirect'][] = 'administrare/show_users';
View::do_dump(VIEW_PATH . 'layout.php', $data);
}
break;
default:
//echo "wrong action"
break;
}
}
