</<?php
//Chad//
include "Functions.php";
SESSION_START();
$username = trim($_REQUEST["username"]);
$password = md5(trim($_REQUEST["password"]));
$link = agencyConnect();
$sql = "SELECT `CustPassword` FROM `customers` WHERE `CustUserName` = ?";
$stmt = $link->prepare($sql);
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->bind_result($dbpwd);
$stmt->fetch();
if ($dbpwd == $password) {
$link->close();
$link = agencyConnect();
//Login is okay, set session variables
$sql = "SELECT CustFirstName, CustLastName, CustomerId FROM customers WHERE CustUserName = '******'";
$result = $link->query($sql);
$row = $result->fetch_array(MYSQLI_NUM);
$_SESSION["userfirstname"] = $row[0];
$_SESSION["userlastname"] = $row[1];
$_SESSION["userid"] = $row[2];
$_SESSION["loggedin"] = "TRUE";
$_SESSION["message"] = "Login Successful, welcome to Travel Experts";
if ($_SESSION["lastpage"] == "Booking.php") {
$_SESSION["bookingLogin"] = "******";
header("Location: messages.php");
}
header("Location: messages.php");
} else {
public function customerAdd()
{
$a = $this->getFirstName();
$b = $this->getLastName();
$c = $this->getAddress();
$d = $this->getCity();
$e = $this->getProv();
$f = $this->getPostal();
$g = $this->getCountry();
$h = $this->getHomePhone();
$i = $this->getBusPhone();
$j = $this->getBusPhone();
$k = $this->getUsername();
$l = md5($this->getPassword());
$link = agencyConnect();
$sql = "INSERT INTO `customers`(`CustFirstName`, `CustLastName`, `CustAddress`, `CustCity`, `CustProv`, `CustPostal`, `CustCountry`, `CustHomePhone`, `CustBusPhone`, `CustEmail`, `AgentId`, `CustUserName`, `CustPassword`) VALUES (?,?,?,?,?,?,?,?,?,?,'1',?,?)";
$stmt = $link->prepare($sql);
$stmt->bind_param("ssssssssssss", $a, $b, $c, $d, $e, $f, $g, $h, $i, $j, $k, $l);
$success = 1;
if (!$stmt->execute()) {
print "Insert Failed: " . $link->error;
$success = 0;
}
if ($success = 1) {
return true;
} else {
return false;
}
}
function execute($userId)
{
if (isset($_POST['year'])) {
$mysqli = agencyConnect();
$datec = "20" . $_POST['year'] . "-" . $_POST['month'] . "-" . "00 00:00:00";
$credit = "INSERT INTO creditcards (CCName, CCNumber, CCExpiry, CustomerId) VALUES ('{$_POST['cardType']}', '{$_POST['cardNumber']}', '{$datec}', '{$userId}')";
$insert = $mysqli->query($credit);
$mysqli->close();
return $insert;
}
}
function displayBookings($customerId)
{
$link = agencyConnect();
$contact;
$sql = "SELECT `BookingId`, `BookingNo`, `TravelerCount`, `PackageId` FROM `bookings` WHERE `CustomerId` = {$customerId}";
$bookingResult = $link->query($sql);
$contact = "<div id='bookings' align='center'>";
$contact .= "<table id='BookingTable'><th>Booking Number</th><th>Travelers</th><th>Package</th><th>Start Date</th><th>End Date</th><br />";
while ($row = $bookingResult->fetch_row()) {
$bookingid = "{$row['0']}";
$packageid = "{$row['3']}";
$booking = getBookingDetails($bookingid);
$pkgArray = getPackageDetails($packageid);
$contact .= "<tr><td> {$row['1']} </td> <td> {$row['2']} </td> <td> '{$pkgArray['0']}' </td> <td> " . substr("{$pkgArray['1']}", 0, 10) . " </td> <td> " . substr("{$pkgArray['2']}", 0, 10) . " </td></tr>";
}
$contact .= "</table></div>";
$link->close();
return $contact;
}