public function insertOrUpdateProduct($post)
{
parent::createConnection();
$house_no = $post['house_no'];
$street_name = parent::getEscaped($post['street_name']);
$apartment_no = parent::getEscaped($post['apartment_no']);
$city = parent::getEscaped(ucwords($post['city']));
$state = $post['state'];
$country = $post['country'];
$zip = strtoupper($post['zip']);
$type = $post['range'];
$description = parent::getEscaped($post['description']);
$room_no = $post['rooms'];
$bath_no = $post['bathrooms'];
$living_room_no = $post['living_rooms'];
$price = parent::getEscaped($post['price']);
$rangeType = $post['rangeType'];
$loginObj = new Login();
$user_id = $loginObj->getUserId();
if (isset($post['upload']) && isset($_FILES['files'])) {
$query1 = "INSERT INTO address_info VALUES (DEFAULT, '{$house_no}', '{$street_name}', '{$apartment_no}', '{$city}', '{$state}', '{$zip}', '{$country}')";
parent::executeSqlQuery($query1);
$addressId = parent::getLastId();
$query = "INSERT INTO dwellings VALUES (DEFAULT, '{$addressId}', '{$user_id}', '{$type}', '{$description}', '{$room_no}', '{$bath_no}', '{$living_room_no}', '{$price}', '{$rangeType}')";
parent::executeSqlQuery($query);
$this->uploadImages($_FILES);
} elseif (isset($post['update'])) {
$dwelling_Id = $post['hiddenID'];
$address_id = $this->getAddressId($dwelling_Id);
$updateDwellings = "UPDATE dwellings SET type \t\t \t\t= '{$type}', \t\tdescription \t= '{$description}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t no_of_rooms \t\t= '{$room_no}', \t\tno_of_bathrooms\t= '{$bath_no}', \t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t no_of_living_rooms = '{$living_room_no}',price \t\t\t= '{$price}'\n\t\t\t\t\t\t\t\t\t\t\t\t WHERE dwelling_Id = {$dwelling_Id}";
$updateAddress = "UPDATE address_info SET house_no \t\t\t= '{$house_no}', \t\tstreet_name \t\t= '{$street_name}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t apartment_no \t\t= '{$apartment_no}', \tcity \t\t \t\t= '{$city}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t province \t\t\t= '{$state}', \t\tzip_code \t \t\t= '{$zip}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t country\t\t\t\t= '{$country}'\n\t\t\t\t\t\t\t\t\t\t\t WHERE address_id \t= '{$address_id}'";
parent::executeSqlQuery($updateDwellings);
parent::executeSqlQuery($updateAddress);
}
}
public function banUser($user_id, $message)
{
$rs = parent::checkBannedUsers($user_id);
if (count($rs) == 0) {
$description = Database::getEscaped($message);
$query = "INSERT INTO bannedUsers(banId, user_id, description, from_ ,to_) VALUES(DEFAULT, '{$user_id}', '{$description}', NOW() , ADDDATE(NOW(), INTERVAL 31 DAY))";
Database::executeSqlQuery($query);
header("location: adminPanel.php?action=user");
} else {
echo "this user is already banned from this site";
}
}
public function processLoginForm($post)
{
$username = parent::getEscaped(strtolower($post['username']));
$password = parent::getEscaped($post['password']);
//the following statement is storing associative array of users inside the variable '$getInfo'
$getInfo = parent::getResultSetAsArray("SELECT * FROM users WHERE username = '******'");
//the following if statement executes when the username provided by the user exists in the database
if (count($getInfo) > 0) {
for ($row = 0; $row < count($getInfo); $row++) {
$db_username = $getInfo[$row]['username'];
$db_password = $getInfo[$row]['password'];
$db_salt = $getInfo[$row]['salt'];
if (strcmp($username, $db_username) === 0 && strcmp($db_password, $this->hashPassword($password, $db_salt)) === 0) {
parent::printMessage("USERNAME", $username, "index.php");
} else {
parent::printMessage("MESSAGE", "The username or password is wrong! Please try again", "login.php");
}
}
} else {
parent::printMessage("MESSAGE", "The username does not exist in the database! Do you really have an account?", "login.php");
}
}
public function sendMessage($conversation_id, $message, $user_id)
{
$description = Database::getEscaped($message);
$query = "INSERT INTO conversation_reply(cr_id, sender, reply_message, conversationId) VALUES(DEFAULT, {$user_id}, '{$description}', '{$conversation_id}')";
Database::executeSqlQuery($query);
}
