public function __construct($id) { //connect to db and get customer with $id $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT * FROM customer WHERE customer_id = '" . $id . "';"; $result = $mysqli->query($sql_query); $res = $result->fetch_array(); $this->id = $id; $this->title = $res['customer_title']; $this->firstname = $res['customer_firstname']; $this->lastname = $res['customer_lastname']; $this->username = $res['customer_login']; $this->email = $res['customer_email']; $this->phone = $res['customer_phone']; $this->address = $res['customer_address']; $this->zip = $res['customer_zip']; $this->location = $res['customer_location']; $this->title2 = $res['customer_title2']; $this->firstname2 = $res['customer_firstname2']; $this->lastname2 = $res['customer_lastname2']; $this->address2 = $res['customer_address2']; $this->zip2 = $res['customer_zip2']; $this->location2 = $res['customer_location2']; $this->billingaddress = $res['customer_billingaddress']; $result->close(); }
private function authenticate($username, $password) { $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $query = "SELECT customer.customer_id, customer.customer_login, customer.customer_password, salts.salt\n FROM customer\n INNER JOIN salts\n ON customer.customer_id = salts.customer_id\n WHERE customer_login = ?;"; if (!($stmt = $mysqli->prepare($query))) { return false; } else { $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); if (!$result || $result->num_rows == 0) { $this->view->usernotfound(); return false; } else { $row = $result->fetch_assoc(); $salt = $row["salt"]; $hash = $row["customer_password"]; //debug info //echo "<pre>Passwort: " . $password . "<br />Salt: " . $salt . "<br />To Hash: " . $password . $salt . "<br />Customer Hash: " . $hash . "<br />Generated Hash: ". hash('ripemd128', $password.$salt) . "</pre>"; if (hash('ripemd128', $password . $salt) === $hash) { return true; } else { $this->view->wrongpassword(); return false; } } $stmt->close(); } }
public function __construct($id) { $this->id = $id; //connect to db and get product with $id $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT * FROM product WHERE product_id = '" . $id . "' AND hidden != 1;"; $result = $mysqli->query($sql_query); $res = $result->fetch_array(); $this->name1 = $res['product_name1']; $this->name2 = $res['product_name2']; $this->nicename = $res['product_nicename']; $this->price1 = $res['product_price1']; $this->price2 = $res['product_price2']; $this->number = $res['product_number']; $this->lang = $res['lang']; $this->translof = $res['translof']; /* ... */ $result->close(); //create list of translated versions $sql_query = "SELECT product_nicename, lang FROM product WHERE translof = '" . $this->translof . "' AND hidden != 1;"; $result = $mysqli->query($sql_query); while ($row = $result->fetch_row()) { $this->languages[$row[1]] = $row[0]; } $result->close(); }
public function registerCustomer() { $salt = md5($_POST['firstname'] . $_POST['lastname']); $password = hash('ripemd128', $_POST['password'] . $salt); $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $stmt = $mysqli->prepare("INSERT INTO `customer`(`customer_title`,\n `customer_firstname`,\n `customer_lastname`,\n `customer_login`,\n `customer_password`,\n `customer_email`,\n `customer_phone`,\n `customer_address`,\n `customer_zip`,\n `customer_location`,\n `customer_title2`,\n `customer_firstname2`,\n `customer_lastname2`,\n `customer_address2`,\n `customer_zip2`,\n `customer_location2`,\n `customer_billingaddress`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param('sssssssssssssssss', $_POST['title'], $_POST['firstname'], $_POST['lastname'], $_POST['login'], $password, $_POST['email'], $_POST['phone'], $_POST['address'], $_POST['zip'], $_POST['location'], $_POST['title2'], $_POST['firstname2'], $_POST['lastname2'], $_POST['address2'], $_POST['zip2'], $_POST['location2'], $_POST['billingaddress']); $stmt->execute(); $stmt->close(); //get customernumber from name add salt to salttable $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT `customer_id` FROM `customer` WHERE `customer_login` = '" . $_POST['login'] . "';"; $result = $mysqli->query($sql_query); $customer_id = $result->fetch_array(); $customer_id = $customer_id['customer_id']; $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $stmt = $mysqli->prepare("INSERT INTO `salts`(`customer_id`, `salt`) VALUES (?, ?)"); $stmt->bind_param('ss', $customer_id, $salt); $stmt->execute(); $stmt->close(); mail($_POST['email'], "Your myShop Registration", "Hello " . $_POST['firstname'] . " " . $_POST['lastname'] . "\n\n Your Login Information:\n--------\nUsername: "******"\nPassword: "******"\n--------\n\n Best wishes\nYour myShop Team"); }
public function __construct($parameter) { if (isset($_SESSION['user'])) { if (isset($_GET['ordersubmitted'])) { //write order to db $customer = unserialize($_SESSION['user']); $cart = unserialize($_SESSION['cart']); $id = $customer->__get('id'); //create json array for order-entry $products = []; foreach ($cart->getProducts() as $product) { $products[] = array($product->__get('number'), $product->__get('amount'), $product->__get('selectedoption')); } $products = json_encode($products); $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "INSERT INTO `product_order` (`customer_id`, `order_products`) VALUES ('{$id}', '{$products}');"; $mysqli->query($sql_query); $mysqli->commit(); //send email to admin and customer //mail("*****@*****.**", "Bestellung", "Jemand hat eine Bestellung getÃĪtigt" ); mail($customer->__get('email'), "Your Order", "Hello " . $customer->__get('firstname') . " " . $customer->__get('lastname') . "\n\n Thanks for your Order!\n You have ordered " . $cart->count() . " Product(s) with a total price of CHF " . $cart->getCartBalance() . ".\nYou'll never get it HAHAHA. \n\n Best wishes\nYour myshop Team"); //unset cart unset($_SESSION['cart']); $this->view = new OrderCompleteView(); } else { $this->view = new CheckoutView(); } } else { $_SESSION['checkout'] = 1; $this->view = new LoginView(); } $langselect = new LanguageView(null); $langselect->render(); }
public function __construct() { //connect to db and get page with $id $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT product_id FROM product WHERE lang = '" . $_COOKIE['locale'] . "' AND hidden != 1;"; if ($result = $mysqli->query($sql_query)) { while ($row = mysqli_fetch_row($result)) { $this->products[] = new Product($row[0]); } /* free result set */ mysqli_free_result($result); } }
public function __construct($parameter) { $cart = unserialize($_SESSION['cart']); // set variables if (isset($parameter[2])) { $action = $parameter[2]; } if (isset($parameter[3])) { $productnr = $parameter[3]; $uid = $parameter[3]; } if (isset($parameter[4])) { $amount = $parameter[4]; } if (isset($parameter[5])) { $option = $parameter[5]; } //update if (!empty($action) && $action == "update" && !empty($uid) && !empty($amount)) { $cart->update($uid, $amount); } //delete if (!empty($action) && $action == "delete" && !empty($uid)) { $cart->remove($uid); } //add if (!empty($action) && $action == "add") { //connect to db and get productid $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT `product_id` FROM `product` WHERE `product_number` = '" . $productnr . "';"; if ($result = $mysqli->query($sql_query)) { $product_id = $result->fetch_array(); $product_id = $product_id['product_id']; } else { $product_id = 1; } //create new product for cart and update its values according selection $newproduct = new Product($product_id); $newproduct->__set('selectedoption', $option); $newproduct->updateUid(); $newproduct->__set('amount', $amount); $cart->add($newproduct); } $_SESSION['cart'] = serialize($cart); $this->view = new CartView($cart); $langselect = new LanguageView(null); $langselect->render(); }
public function __construct($parameter) { $nicename = $parameter[1]; //connect to db and get pageid $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT `page_id` FROM `pages` WHERE `nicename` = '" . $nicename . "' AND `hidden` != 1;"; $result = $mysqli->query($sql_query); $page_id = $result->fetch_array(); $page_id = $page_id['page_id']; //change language to language of selected page $page = new Page($page_id); $this->view = new PageView($page); $this->model = $page; $langselect = new LanguageView($this->model); $langselect->render(); }
public function __construct($id) { $this->uid = md5(uniqid(rand(), true)); $this->id = $id; //connect to db and get product with $id $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT * FROM product WHERE product_id = '" . $id . "' AND hidden != 1;"; $result = $mysqli->query($sql_query); $res = $result->fetch_array(); $this->name1 = $res['product_name1']; $this->name2 = $res['product_name2']; $this->nicename = $res['product_nicename']; $this->price1 = $res['product_price1']; $this->price2 = $res['product_price2']; $this->number = $res['product_number']; $this->options = $res['product_options']; $this->brand = $res['product_brand']; $this->images = $res['product_images']; $this->lang = $res['lang']; $this->translof = $res['translof']; $this->description = $res['product_description']; $this->details = $res['product_details']; $this->features = $res['product_features']; $result->close(); //get brand $sql_query = "SELECT brand_nicename, brand_name FROM product_brand WHERE brand_id = " . $this->brand . ";"; $result = $mysqli->query($sql_query); $res = $result->fetch_array(); $this->brand_nicename = $res['brand_nicename']; $this->brand = $res['brand_name']; $result->close(); //create list of translated versions $sql_query = "SELECT product_nicename, lang FROM product WHERE translof = '" . $this->translof . "' AND hidden != 1;"; $result = $mysqli->query($sql_query); while ($row = $result->fetch_row()) { $this->languages[$row[1]] = $row[0]; } $result->close(); //get stock from stock table $sql_query = "SELECT stock FROM product_stock WHERE product_number = '" . $this->number . "';"; $result = $mysqli->query($sql_query); $res = $result->fetch_array(); $this->stock = $res['stock']; $result->close(); }
function get_bottom_menu() { $menu = "<ul class='unstyled-list list-inline'>"; $lang = Trans::getDomain(); $pages = array(); //add products page to menu if ($lang == "en_EN") { $pages[] = array("Products", "/myshop/products"); } else { if ($lang == "de_DE") { $pages[] = array("Produkte", "/myshop/produkte"); } else { if ($lang == "fr_FR") { $pages[] = array("Produits", "/myshop/produits"); } } } // dynamically create page-routes from db $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT `nicename`,`title`,`pos` FROM pages WHERE lang = '" . $lang . "' AND inmenu = '1' ORDER BY pos DESC;"; $result = $mysqli->query($sql_query) or trigger_error($mysqli->error . "[{$sql_query}]"); while ($row = $result->fetch_row()) { $pages[] = array($row[1], "/myshop/" . $row[0]); } //add contact page to menu if ($lang == "en_EN" || $lang == "fr_FR") { $pages[] = array("Contact", "/myshop/contact"); } else { if ($lang == "de_DE") { $pages[] = array("Kontakt", "/myshop/kontakt"); } } $l = count($pages); //add menu with separators for ($i = 0; $i < $l; $i++) { if ($i == $l - 1) { $menu .= "<li><a href='" . $pages[$i][1] . "'> " . $pages[$i][0] . "</a></li>"; } else { $menu .= "<li><a href='" . $pages[$i][1] . "'> " . $pages[$i][0] . "</a><span></span></li>"; } } $menu .= "<div class='clearfix'></div></ul>"; return $menu; }
public function __construct($id) { $this->id = $id; //connect to db and get page with $id $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT * FROM pages WHERE page_id = '" . $id . "' AND hidden != 1;"; $result = $mysqli->query($sql_query); $res = $result->fetch_array(); $this->title = $res['title']; $this->content = $res['content']; $this->lang = $res['lang']; $this->translof = $res['translof']; $result->close(); //create list of translated versions $sql_query = "SELECT nicename, lang FROM pages WHERE translof = '" . $this->translof . "' AND hidden != 1;"; $result = $mysqli->query($sql_query); while ($row = $result->fetch_row()) { $this->languages[$row[1]] = $row[0]; } $result->close(); }
public function __construct($parameter) { if (!isset($parameter[2])) { $product_id = 1; } else { //connect to db and get productid $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT `product_id` FROM `product` WHERE `product_nicename` = '" . $parameter[2] . "' AND `hidden` != 1;"; if ($result = $mysqli->query($sql_query)) { $product_id = $result->fetch_array(); $product_id = $product_id['product_id']; } else { $product_id = 1; } } $product = new Product($product_id); $this->view = new SingleProductView($product); $this->model = $product; $langselect = new LanguageView($product); $langselect->render(); }
<?php /** * Created by PhpStorm. * User: florianauderset * Date: 15.01.16 * Time: 10:41 */ if (!isset($_POST['login'])) { die; } else { $customers = []; include_once '../lib/controllers/DatabaseController.php'; //connect to db and get page with $id $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT customer_login FROM customer;"; $result = $mysqli->query($sql_query); while ($row = $result->fetch_row()) { $customers[] = $row[0]; } $result->close(); $username = strtolower($_POST['login']); if (in_array($username, $customers)) { echo 'false'; } else { echo 'true'; } }
public function renderView() { foreach ($this->model->getUris() as $key => $value) { if (preg_match("#^{$value}\$#", $this->uriView)) { if ($this->model->getView($key) === "PageView") { //connect to db and get pageid $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT `page_id` FROM `pages` WHERE `nicename` = '" . str_replace('/', '', $value) . "' AND `hidden` != 1;"; $result = $mysqli->query($sql_query); $page_id = $result->fetch_array(); $page_id = $page_id['page_id']; //change language to language of selected page $page = new Page($page_id); $view = new PageView($page); $langselect = new LanguageView($page); $langselect->render(); } else { if ($this->model->getView($key) === "ProductView") { $products = new Products(); $view = new ProductView($products); } else { if ($this->model->getView($key) === "SingleProductView") { $params = $this->additionalParam; if (!isset($params[2])) { $product_id = 1; } else { //connect to db and get pageid $db = DatabaseController::getInstance(); $mysqli = $db->getConnection(); $sql_query = "SELECT `product_id` FROM `product` WHERE `product_nicename` = '" . $params[2] . "' AND `hidden` != 1;"; if ($result = $mysqli->query($sql_query)) { $product_id = $result->fetch_array(); $product_id = $product_id['product_id']; } else { $product_id = 1; } } $product = new Product($product_id); $view = new SingleProductView($product); $langselect = new LanguageView($product); $langselect->render(); } else { if ($this->model->getView($key) === "LoginView") { if (isset($_SESSION['user'])) { //logout if logout link is called if (str_replace('/', '', $value) == "logout") { $view = new LoginView(); $controller = new LoginController($view); $controller->logout(); } else { $view = new CustomerView(unserialize($_SESSION['user'])); } } else { if (isset($_POST["login"]) && isset($_POST["password"])) { $username = $_POST["login"]; $password = $_POST["password"]; $view = new LoginView(); $controller = new LoginController($view); //authenticate if ($controller->login($username, $password)) { $view = new CustomerView(unserialize($_SESSION['user'])); } } else { $view = new LoginView(); } } } else { if ($this->model->getView($key) === "CustomerView") { if (isset($_SESSION['user'])) { $view = new CustomerView(unserialize($_SESSION['user'])); } else { $view = new LoginView(); } } else { if ($this->model->getView($key) === "CartView") { if (isset($_SESSION['cart'])) { $cart = unserialize($_SESSION['cart']); $params = $this->additionalParam; //update article if (isset($params[2])) { $action = $params[2]; } if (isset($params[3])) { $productnr = $params[3]; } if (isset($params[4])) { $newamount = $params[4]; } if (!empty($action) && $action == "update" && !empty($productnr) && !empty($newamount)) { $cart->update($productnr, $newamount); } if (!empty($action) && $action == "delete" && !empty($productnr)) { $cart->remove($productnr); } $_SESSION['cart'] = serialize($cart); $view = new CartView($cart); } else { $cart = new Cart(); //test-data $cart->add(new Product(1)); $cart->add(new Product(2)); $cart->add(new Product(3)); $cart->add(new Product(4)); //$cart->remove(10001); $_SESSION['cart'] = serialize($cart); $view = new CartView($cart); } } else { $useView = $this->model->getView($key); $view = new $useView(); } } } } } } $view->render(); } } }