Example #1
0
 public function __construct($id)
 {
     //connect to db and get customer with $id
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $sql_query = "SELECT * FROM customer WHERE customer_id = '" . $id . "';";
     $result = $mysqli->query($sql_query);
     $res = $result->fetch_array();
     $this->id = $id;
     $this->title = $res['customer_title'];
     $this->firstname = $res['customer_firstname'];
     $this->lastname = $res['customer_lastname'];
     $this->username = $res['customer_login'];
     $this->email = $res['customer_email'];
     $this->phone = $res['customer_phone'];
     $this->address = $res['customer_address'];
     $this->zip = $res['customer_zip'];
     $this->location = $res['customer_location'];
     $this->title2 = $res['customer_title2'];
     $this->firstname2 = $res['customer_firstname2'];
     $this->lastname2 = $res['customer_lastname2'];
     $this->address2 = $res['customer_address2'];
     $this->zip2 = $res['customer_zip2'];
     $this->location2 = $res['customer_location2'];
     $this->billingaddress = $res['customer_billingaddress'];
     $result->close();
 }
Example #2
0
 private function authenticate($username, $password)
 {
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $query = "SELECT customer.customer_id, customer.customer_login, customer.customer_password, salts.salt\n                  FROM customer\n                  INNER JOIN salts\n                  ON customer.customer_id = salts.customer_id\n                  WHERE customer_login = ?;";
     if (!($stmt = $mysqli->prepare($query))) {
         return false;
     } else {
         $stmt->bind_param("s", $username);
         $stmt->execute();
         $result = $stmt->get_result();
         if (!$result || $result->num_rows == 0) {
             $this->view->usernotfound();
             return false;
         } else {
             $row = $result->fetch_assoc();
             $salt = $row["salt"];
             $hash = $row["customer_password"];
             //debug info
             //echo "<pre>Passwort: " . $password . "<br />Salt: " . $salt . "<br />To Hash: " . $password . $salt . "<br />Customer Hash: " . $hash . "<br />Generated Hash: ". hash('ripemd128', $password.$salt) . "</pre>";
             if (hash('ripemd128', $password . $salt) === $hash) {
                 return true;
             } else {
                 $this->view->wrongpassword();
                 return false;
             }
         }
         $stmt->close();
     }
 }
Example #3
0
 public function __construct($id)
 {
     $this->id = $id;
     //connect to db and get product with $id
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $sql_query = "SELECT * FROM product WHERE product_id = '" . $id . "' AND hidden != 1;";
     $result = $mysqli->query($sql_query);
     $res = $result->fetch_array();
     $this->name1 = $res['product_name1'];
     $this->name2 = $res['product_name2'];
     $this->nicename = $res['product_nicename'];
     $this->price1 = $res['product_price1'];
     $this->price2 = $res['product_price2'];
     $this->number = $res['product_number'];
     $this->lang = $res['lang'];
     $this->translof = $res['translof'];
     /* ... */
     $result->close();
     //create list of translated versions
     $sql_query = "SELECT product_nicename, lang FROM product WHERE translof = '" . $this->translof . "' AND hidden != 1;";
     $result = $mysqli->query($sql_query);
     while ($row = $result->fetch_row()) {
         $this->languages[$row[1]] = $row[0];
     }
     $result->close();
 }
Example #4
0
 public function registerCustomer()
 {
     $salt = md5($_POST['firstname'] . $_POST['lastname']);
     $password = hash('ripemd128', $_POST['password'] . $salt);
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $stmt = $mysqli->prepare("INSERT INTO `customer`(`customer_title`,\n                                                          `customer_firstname`,\n                                                          `customer_lastname`,\n                                                          `customer_login`,\n                                                          `customer_password`,\n                                                          `customer_email`,\n                                                          `customer_phone`,\n                                                          `customer_address`,\n                                                          `customer_zip`,\n                                                          `customer_location`,\n                                                          `customer_title2`,\n                                                          `customer_firstname2`,\n                                                          `customer_lastname2`,\n                                                          `customer_address2`,\n                                                          `customer_zip2`,\n                                                          `customer_location2`,\n                                                          `customer_billingaddress`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
     $stmt->bind_param('sssssssssssssssss', $_POST['title'], $_POST['firstname'], $_POST['lastname'], $_POST['login'], $password, $_POST['email'], $_POST['phone'], $_POST['address'], $_POST['zip'], $_POST['location'], $_POST['title2'], $_POST['firstname2'], $_POST['lastname2'], $_POST['address2'], $_POST['zip2'], $_POST['location2'], $_POST['billingaddress']);
     $stmt->execute();
     $stmt->close();
     //get customernumber from name add salt to salttable
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $sql_query = "SELECT `customer_id` FROM `customer` WHERE `customer_login` = '" . $_POST['login'] . "';";
     $result = $mysqli->query($sql_query);
     $customer_id = $result->fetch_array();
     $customer_id = $customer_id['customer_id'];
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $stmt = $mysqli->prepare("INSERT INTO `salts`(`customer_id`, `salt`) VALUES (?, ?)");
     $stmt->bind_param('ss', $customer_id, $salt);
     $stmt->execute();
     $stmt->close();
     mail($_POST['email'], "Your myShop Registration", "Hello " . $_POST['firstname'] . " " . $_POST['lastname'] . "\n\n Your Login Information:\n--------\nUsername: "******"\nPassword: "******"\n--------\n\n Best wishes\nYour myShop Team");
 }
Example #5
0
 public function __construct($parameter)
 {
     if (isset($_SESSION['user'])) {
         if (isset($_GET['ordersubmitted'])) {
             //write order to db
             $customer = unserialize($_SESSION['user']);
             $cart = unserialize($_SESSION['cart']);
             $id = $customer->__get('id');
             //create json array for order-entry
             $products = [];
             foreach ($cart->getProducts() as $product) {
                 $products[] = array($product->__get('number'), $product->__get('amount'), $product->__get('selectedoption'));
             }
             $products = json_encode($products);
             $db = DatabaseController::getInstance();
             $mysqli = $db->getConnection();
             $sql_query = "INSERT INTO `product_order` (`customer_id`, `order_products`) VALUES ('{$id}', '{$products}');";
             $mysqli->query($sql_query);
             $mysqli->commit();
             //send email to admin and customer
             //mail("*****@*****.**", "Bestellung", "Jemand hat eine Bestellung getÃĪtigt" );
             mail($customer->__get('email'), "Your Order", "Hello " . $customer->__get('firstname') . " " . $customer->__get('lastname') . "\n\n Thanks for your Order!\n You have ordered " . $cart->count() . " Product(s) with a total price of CHF " . $cart->getCartBalance() . ".\nYou'll never get it HAHAHA. \n\n Best wishes\nYour myshop Team");
             //unset cart
             unset($_SESSION['cart']);
             $this->view = new OrderCompleteView();
         } else {
             $this->view = new CheckoutView();
         }
     } else {
         $_SESSION['checkout'] = 1;
         $this->view = new LoginView();
     }
     $langselect = new LanguageView(null);
     $langselect->render();
 }
Example #6
0
 public function __construct()
 {
     //connect to db and get page with $id
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $sql_query = "SELECT product_id FROM product WHERE lang = '" . $_COOKIE['locale'] . "' AND hidden != 1;";
     if ($result = $mysqli->query($sql_query)) {
         while ($row = mysqli_fetch_row($result)) {
             $this->products[] = new Product($row[0]);
         }
         /* free result set */
         mysqli_free_result($result);
     }
 }
Example #7
0
 public function __construct($parameter)
 {
     $cart = unserialize($_SESSION['cart']);
     // set variables
     if (isset($parameter[2])) {
         $action = $parameter[2];
     }
     if (isset($parameter[3])) {
         $productnr = $parameter[3];
         $uid = $parameter[3];
     }
     if (isset($parameter[4])) {
         $amount = $parameter[4];
     }
     if (isset($parameter[5])) {
         $option = $parameter[5];
     }
     //update
     if (!empty($action) && $action == "update" && !empty($uid) && !empty($amount)) {
         $cart->update($uid, $amount);
     }
     //delete
     if (!empty($action) && $action == "delete" && !empty($uid)) {
         $cart->remove($uid);
     }
     //add
     if (!empty($action) && $action == "add") {
         //connect to db and get productid
         $db = DatabaseController::getInstance();
         $mysqli = $db->getConnection();
         $sql_query = "SELECT `product_id` FROM `product` WHERE `product_number` = '" . $productnr . "';";
         if ($result = $mysqli->query($sql_query)) {
             $product_id = $result->fetch_array();
             $product_id = $product_id['product_id'];
         } else {
             $product_id = 1;
         }
         //create new product for cart and update its values according selection
         $newproduct = new Product($product_id);
         $newproduct->__set('selectedoption', $option);
         $newproduct->updateUid();
         $newproduct->__set('amount', $amount);
         $cart->add($newproduct);
     }
     $_SESSION['cart'] = serialize($cart);
     $this->view = new CartView($cart);
     $langselect = new LanguageView(null);
     $langselect->render();
 }
Example #8
0
 public function __construct($parameter)
 {
     $nicename = $parameter[1];
     //connect to db and get pageid
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $sql_query = "SELECT `page_id` FROM `pages` WHERE `nicename` = '" . $nicename . "' AND `hidden` != 1;";
     $result = $mysqli->query($sql_query);
     $page_id = $result->fetch_array();
     $page_id = $page_id['page_id'];
     //change language to language of selected page
     $page = new Page($page_id);
     $this->view = new PageView($page);
     $this->model = $page;
     $langselect = new LanguageView($this->model);
     $langselect->render();
 }
Example #9
0
 public function __construct($id)
 {
     $this->uid = md5(uniqid(rand(), true));
     $this->id = $id;
     //connect to db and get product with $id
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $sql_query = "SELECT * FROM product WHERE product_id = '" . $id . "' AND hidden != 1;";
     $result = $mysqli->query($sql_query);
     $res = $result->fetch_array();
     $this->name1 = $res['product_name1'];
     $this->name2 = $res['product_name2'];
     $this->nicename = $res['product_nicename'];
     $this->price1 = $res['product_price1'];
     $this->price2 = $res['product_price2'];
     $this->number = $res['product_number'];
     $this->options = $res['product_options'];
     $this->brand = $res['product_brand'];
     $this->images = $res['product_images'];
     $this->lang = $res['lang'];
     $this->translof = $res['translof'];
     $this->description = $res['product_description'];
     $this->details = $res['product_details'];
     $this->features = $res['product_features'];
     $result->close();
     //get brand
     $sql_query = "SELECT brand_nicename, brand_name FROM product_brand WHERE brand_id = " . $this->brand . ";";
     $result = $mysqli->query($sql_query);
     $res = $result->fetch_array();
     $this->brand_nicename = $res['brand_nicename'];
     $this->brand = $res['brand_name'];
     $result->close();
     //create list of translated versions
     $sql_query = "SELECT product_nicename, lang FROM product WHERE translof = '" . $this->translof . "' AND hidden != 1;";
     $result = $mysqli->query($sql_query);
     while ($row = $result->fetch_row()) {
         $this->languages[$row[1]] = $row[0];
     }
     $result->close();
     //get stock from stock table
     $sql_query = "SELECT stock FROM product_stock WHERE product_number = '" . $this->number . "';";
     $result = $mysqli->query($sql_query);
     $res = $result->fetch_array();
     $this->stock = $res['stock'];
     $result->close();
 }
Example #10
0
function get_bottom_menu()
{
    $menu = "<ul class='unstyled-list list-inline'>";
    $lang = Trans::getDomain();
    $pages = array();
    //add products page to menu
    if ($lang == "en_EN") {
        $pages[] = array("Products", "/myshop/products");
    } else {
        if ($lang == "de_DE") {
            $pages[] = array("Produkte", "/myshop/produkte");
        } else {
            if ($lang == "fr_FR") {
                $pages[] = array("Produits", "/myshop/produits");
            }
        }
    }
    // dynamically create page-routes from db
    $db = DatabaseController::getInstance();
    $mysqli = $db->getConnection();
    $sql_query = "SELECT `nicename`,`title`,`pos` FROM pages WHERE lang = '" . $lang . "' AND inmenu = '1' ORDER BY pos DESC;";
    $result = $mysqli->query($sql_query) or trigger_error($mysqli->error . "[{$sql_query}]");
    while ($row = $result->fetch_row()) {
        $pages[] = array($row[1], "/myshop/" . $row[0]);
    }
    //add contact page to menu
    if ($lang == "en_EN" || $lang == "fr_FR") {
        $pages[] = array("Contact", "/myshop/contact");
    } else {
        if ($lang == "de_DE") {
            $pages[] = array("Kontakt", "/myshop/kontakt");
        }
    }
    $l = count($pages);
    //add menu with separators
    for ($i = 0; $i < $l; $i++) {
        if ($i == $l - 1) {
            $menu .= "<li><a href='" . $pages[$i][1] . "'> " . $pages[$i][0] . "</a></li>";
        } else {
            $menu .= "<li><a href='" . $pages[$i][1] . "'> " . $pages[$i][0] . "</a><span></span></li>";
        }
    }
    $menu .= "<div class='clearfix'></div></ul>";
    return $menu;
}
Example #11
0
 public function __construct($id)
 {
     $this->id = $id;
     //connect to db and get page with $id
     $db = DatabaseController::getInstance();
     $mysqli = $db->getConnection();
     $sql_query = "SELECT * FROM pages WHERE page_id = '" . $id . "' AND hidden != 1;";
     $result = $mysqli->query($sql_query);
     $res = $result->fetch_array();
     $this->title = $res['title'];
     $this->content = $res['content'];
     $this->lang = $res['lang'];
     $this->translof = $res['translof'];
     $result->close();
     //create list of translated versions
     $sql_query = "SELECT nicename, lang FROM pages WHERE translof = '" . $this->translof . "' AND hidden != 1;";
     $result = $mysqli->query($sql_query);
     while ($row = $result->fetch_row()) {
         $this->languages[$row[1]] = $row[0];
     }
     $result->close();
 }
Example #12
0
 public function __construct($parameter)
 {
     if (!isset($parameter[2])) {
         $product_id = 1;
     } else {
         //connect to db and get productid
         $db = DatabaseController::getInstance();
         $mysqli = $db->getConnection();
         $sql_query = "SELECT `product_id` FROM `product` WHERE `product_nicename` = '" . $parameter[2] . "' AND `hidden` != 1;";
         if ($result = $mysqli->query($sql_query)) {
             $product_id = $result->fetch_array();
             $product_id = $product_id['product_id'];
         } else {
             $product_id = 1;
         }
     }
     $product = new Product($product_id);
     $this->view = new SingleProductView($product);
     $this->model = $product;
     $langselect = new LanguageView($product);
     $langselect->render();
 }
Example #13
0
<?php

/**
 * Created by PhpStorm.
 * User: florianauderset
 * Date: 15.01.16
 * Time: 10:41
 */
if (!isset($_POST['login'])) {
    die;
} else {
    $customers = [];
    include_once '../lib/controllers/DatabaseController.php';
    //connect to db and get page with $id
    $db = DatabaseController::getInstance();
    $mysqli = $db->getConnection();
    $sql_query = "SELECT customer_login FROM customer;";
    $result = $mysqli->query($sql_query);
    while ($row = $result->fetch_row()) {
        $customers[] = $row[0];
    }
    $result->close();
    $username = strtolower($_POST['login']);
    if (in_array($username, $customers)) {
        echo 'false';
    } else {
        echo 'true';
    }
}
Example #14
0
 public function renderView()
 {
     foreach ($this->model->getUris() as $key => $value) {
         if (preg_match("#^{$value}\$#", $this->uriView)) {
             if ($this->model->getView($key) === "PageView") {
                 //connect to db and get pageid
                 $db = DatabaseController::getInstance();
                 $mysqli = $db->getConnection();
                 $sql_query = "SELECT `page_id` FROM `pages` WHERE `nicename` = '" . str_replace('/', '', $value) . "' AND `hidden` != 1;";
                 $result = $mysqli->query($sql_query);
                 $page_id = $result->fetch_array();
                 $page_id = $page_id['page_id'];
                 //change language to language of selected page
                 $page = new Page($page_id);
                 $view = new PageView($page);
                 $langselect = new LanguageView($page);
                 $langselect->render();
             } else {
                 if ($this->model->getView($key) === "ProductView") {
                     $products = new Products();
                     $view = new ProductView($products);
                 } else {
                     if ($this->model->getView($key) === "SingleProductView") {
                         $params = $this->additionalParam;
                         if (!isset($params[2])) {
                             $product_id = 1;
                         } else {
                             //connect to db and get pageid
                             $db = DatabaseController::getInstance();
                             $mysqli = $db->getConnection();
                             $sql_query = "SELECT `product_id` FROM `product` WHERE `product_nicename` = '" . $params[2] . "' AND `hidden` != 1;";
                             if ($result = $mysqli->query($sql_query)) {
                                 $product_id = $result->fetch_array();
                                 $product_id = $product_id['product_id'];
                             } else {
                                 $product_id = 1;
                             }
                         }
                         $product = new Product($product_id);
                         $view = new SingleProductView($product);
                         $langselect = new LanguageView($product);
                         $langselect->render();
                     } else {
                         if ($this->model->getView($key) === "LoginView") {
                             if (isset($_SESSION['user'])) {
                                 //logout if logout link is called
                                 if (str_replace('/', '', $value) == "logout") {
                                     $view = new LoginView();
                                     $controller = new LoginController($view);
                                     $controller->logout();
                                 } else {
                                     $view = new CustomerView(unserialize($_SESSION['user']));
                                 }
                             } else {
                                 if (isset($_POST["login"]) && isset($_POST["password"])) {
                                     $username = $_POST["login"];
                                     $password = $_POST["password"];
                                     $view = new LoginView();
                                     $controller = new LoginController($view);
                                     //authenticate
                                     if ($controller->login($username, $password)) {
                                         $view = new CustomerView(unserialize($_SESSION['user']));
                                     }
                                 } else {
                                     $view = new LoginView();
                                 }
                             }
                         } else {
                             if ($this->model->getView($key) === "CustomerView") {
                                 if (isset($_SESSION['user'])) {
                                     $view = new CustomerView(unserialize($_SESSION['user']));
                                 } else {
                                     $view = new LoginView();
                                 }
                             } else {
                                 if ($this->model->getView($key) === "CartView") {
                                     if (isset($_SESSION['cart'])) {
                                         $cart = unserialize($_SESSION['cart']);
                                         $params = $this->additionalParam;
                                         //update article
                                         if (isset($params[2])) {
                                             $action = $params[2];
                                         }
                                         if (isset($params[3])) {
                                             $productnr = $params[3];
                                         }
                                         if (isset($params[4])) {
                                             $newamount = $params[4];
                                         }
                                         if (!empty($action) && $action == "update" && !empty($productnr) && !empty($newamount)) {
                                             $cart->update($productnr, $newamount);
                                         }
                                         if (!empty($action) && $action == "delete" && !empty($productnr)) {
                                             $cart->remove($productnr);
                                         }
                                         $_SESSION['cart'] = serialize($cart);
                                         $view = new CartView($cart);
                                     } else {
                                         $cart = new Cart();
                                         //test-data
                                         $cart->add(new Product(1));
                                         $cart->add(new Product(2));
                                         $cart->add(new Product(3));
                                         $cart->add(new Product(4));
                                         //$cart->remove(10001);
                                         $_SESSION['cart'] = serialize($cart);
                                         $view = new CartView($cart);
                                     }
                                 } else {
                                     $useView = $this->model->getView($key);
                                     $view = new $useView();
                                 }
                             }
                         }
                     }
                 }
             }
             $view->render();
         }
     }
 }