public function insertOrUpdateProduct($post) { parent::createConnection(); $house_no = $post['house_no']; $street_name = parent::getEscaped($post['street_name']); $apartment_no = parent::getEscaped($post['apartment_no']); $city = parent::getEscaped(ucwords($post['city'])); $state = $post['state']; $country = $post['country']; $zip = strtoupper($post['zip']); $type = $post['range']; $description = parent::getEscaped($post['description']); $room_no = $post['rooms']; $bath_no = $post['bathrooms']; $living_room_no = $post['living_rooms']; $price = parent::getEscaped($post['price']); $rangeType = $post['rangeType']; $loginObj = new Login(); $user_id = $loginObj->getUserId(); if (isset($post['upload']) && isset($_FILES['files'])) { $query1 = "INSERT INTO address_info VALUES (DEFAULT, '{$house_no}', '{$street_name}', '{$apartment_no}', '{$city}', '{$state}', '{$zip}', '{$country}')"; parent::executeSqlQuery($query1); $addressId = parent::getLastId(); $query = "INSERT INTO dwellings VALUES (DEFAULT, '{$addressId}', '{$user_id}', '{$type}', '{$description}', '{$room_no}', '{$bath_no}', '{$living_room_no}', '{$price}', '{$rangeType}')"; parent::executeSqlQuery($query); $this->uploadImages($_FILES); } elseif (isset($post['update'])) { $dwelling_Id = $post['hiddenID']; $address_id = $this->getAddressId($dwelling_Id); $updateDwellings = "UPDATE dwellings SET type \t\t \t\t= '{$type}', \t\tdescription \t= '{$description}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t no_of_rooms \t\t= '{$room_no}', \t\tno_of_bathrooms\t= '{$bath_no}', \t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t no_of_living_rooms = '{$living_room_no}',price \t\t\t= '{$price}'\n\t\t\t\t\t\t\t\t\t\t\t\t WHERE dwelling_Id = {$dwelling_Id}"; $updateAddress = "UPDATE address_info SET house_no \t\t\t= '{$house_no}', \t\tstreet_name \t\t= '{$street_name}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t apartment_no \t\t= '{$apartment_no}', \tcity \t\t \t\t= '{$city}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t province \t\t\t= '{$state}', \t\tzip_code \t \t\t= '{$zip}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t country\t\t\t\t= '{$country}'\n\t\t\t\t\t\t\t\t\t\t\t WHERE address_id \t= '{$address_id}'"; parent::executeSqlQuery($updateDwellings); parent::executeSqlQuery($updateAddress); } }
public function banUser($user_id, $message) { $rs = parent::checkBannedUsers($user_id); if (count($rs) == 0) { $description = Database::getEscaped($message); $query = "INSERT INTO bannedUsers(banId, user_id, description, from_ ,to_) VALUES(DEFAULT, '{$user_id}', '{$description}', NOW() , ADDDATE(NOW(), INTERVAL 31 DAY))"; Database::executeSqlQuery($query); header("location: adminPanel.php?action=user"); } else { echo "this user is already banned from this site"; } }
public function processLoginForm($post) { $username = parent::getEscaped(strtolower($post['username'])); $password = parent::getEscaped($post['password']); //the following statement is storing associative array of users inside the variable '$getInfo' $getInfo = parent::getResultSetAsArray("SELECT * FROM users WHERE username = '******'"); //the following if statement executes when the username provided by the user exists in the database if (count($getInfo) > 0) { for ($row = 0; $row < count($getInfo); $row++) { $db_username = $getInfo[$row]['username']; $db_password = $getInfo[$row]['password']; $db_salt = $getInfo[$row]['salt']; if (strcmp($username, $db_username) === 0 && strcmp($db_password, $this->hashPassword($password, $db_salt)) === 0) { parent::printMessage("USERNAME", $username, "index.php"); } else { parent::printMessage("MESSAGE", "The username or password is wrong! Please try again", "login.php"); } } } else { parent::printMessage("MESSAGE", "The username does not exist in the database! Do you really have an account?", "login.php"); } }
public function sendMessage($conversation_id, $message, $user_id) { $description = Database::getEscaped($message); $query = "INSERT INTO conversation_reply(cr_id, sender, reply_message, conversationId) VALUES(DEFAULT, {$user_id}, '{$description}', '{$conversation_id}')"; Database::executeSqlQuery($query); }