public function queryCheck($email, $activationcode, $connect)
{
$db = new db_config();
if ($activationcode == 0) {
$sql = $db->mquery("SELECT * FROM users", $connect);
$row = $db->fetchobject($sql);
print_r($row);
} else {
}
}
public function getReports($accountNum, $connect)
{
$db = new db_config();
$data = '';
$sql = $db->mquery("EXEC callchart @acct_no = '" . $accountNum . "'", $connect);
$num = $db->numrows($sql);
$callers = array();
while ($row = $db->fetcharray($sql)) {
$fields[0] = $row[caller_tag];
$fields[1] = $row[No_of_Calls];
array_push($callers, $fields);
}
print json_encode($callers, JSON_NUMERIC_CHECK);
//return $data;
}
public function getContactHistory($phoneNum, $returnTag, $connect)
{
$db = new db_config();
$data = '';
$sql = $db->mquery("EXEC dbo.show_ContactName @phone_number = '" . $phoneNum . "'", $connect);
$num = $db->numrows($sql);
while ($row = $db->fetchobject($sql)) {
$name = $db->strip($row->Name);
$caller_tag = $db->strip($row->Caller_Tag);
if ($caller_tag == 'P') {
$caller_tag_image = 'images/image-personal-tag-hp.png';
} else {
if ($caller_tag == 'W') {
$caller_tag_image = 'images/image-work-tag-hp.png';
} else {
$caller_tag_image = 'images/image-untagged-tag-hp.png';
}
}
$data = $name;
$data_tag = $caller_tag_image;
}
if ($returnTag == 'y') {
return $data_tag;
} else {
return $data;
}
}
public function getBills($accountNum, $isNumRows, $connect)
{
$dbCon = new db_config();
$data = '';
$sqlQ = $dbCon->mquery("EXEC dbo.getbill_upload @account_number = '" . $accountNum . "'", $connect);
$num = $dbCon->numrows($sqlQ);
$counter = 1;
while ($row = $dbCon->fetcharray($sqlQ, SQLSRV_FETCH_ASSOC)) {
//use fetcharray function here not object
$upload_date = date_format($row['upload_date'], 'd M Y');
$bill_name = $dbCon->strip($row['bill_name']);
$bill_date = $dbCon->strip($row['bill_date']);
$data .= "<tr>";
$data .= "<td>" . $upload_date . "</td>";
$data .= "<td>" . $bill_name . "</td>";
$data .= "<td>" . $bill_date . "</td>";
$data .= "</tr>";
//$totalContacts = $counter++;
}
if ($isNumRows == 'y') {
//return $totalContacts;
} else {
return $data;
}
}
public function loginPage($username, $password, $connect)
{
$db = new db_config();
$sql = "SELECT * FROM tbl_users WHERE username = '******' AND password = '******'";
$result = mysqli_query($connect, $sql);
$num = $db->numrows($result);
$row = $db->fetcharray($result);
if ($num == 0) {
echo "user not existing";
} else {
$data = '';
$username = $row['username'];
$is_admin = $row['is_admin'];
$brand_name = $row['brand_name'];
$id = $row['id'];
if ($is_admin == 1) {
session_start();
$_SESSION['session_userid'] = $username;
$_SESSION['session_is_admin'] = $is_admin;
$_SESSION['brand_name'] = $brand_name;
$_SESSION['id'] = $id;
session_write_close();
header("Location: index.php");
} else {
if ($is_admin == 0) {
session_start();
$_SESSION['session_userid'] = $username;
$_SESSION['session_is_admin'] = $is_admin;
$_SESSION['brand_name'] = $brand_name;
$_SESSION['id'] = $id;
session_write_close();
header("Location: /user/index.php");
}
}
}
return $data;
}
public function getContacts($accountNum, $isNumRows, $connect)
{
$db = new db_config();
$data = '';
$sql = $db->mquery("EXEC dbo.getContacts @account_number = '" . $accountNum . "'", $connect);
$num = $db->numrows($sql);
$counter = 1;
while ($row = $db->fetchobject($sql)) {
$phone_number = $db->strip($row->Phonenumber);
$name = $db->strip($row->Name);
$caller_tag = $db->strip($row->Caller_tag);
$data .= "<tr>";
$data .= "<td>" . $phone_number . "</td>";
$data .= "<td>" . $name . "</td>";
$data .= "<td>" . $caller_tag . "</td>";
$data .= "</tr>";
$totalContacts = $counter++;
}
if ($isNumRows == 'y') {
return $totalContacts;
} else {
return $data;
}
}
<?php
session_start();
include 'protected/config/db_config.php';
include 'protected/config/html_config.php';
include 'protected/library/validation_library.php';
include 'protected/controllers/login.php';
$db = new db_config();
$formelem = new FormElem();
$loginController = new LoginController();
$connect = $db->connect();
if ($_SESSION['session_is_admin'] == 1) {
header("Location: /user/index.php?redirected=true");
} elseif ($_SESSION['session_is_admin'] == 0) {
}
if (isset($_POST['btn-login'])) {
$username = $_POST['form-username'];
$password = $_POST['form-password'];
$loginController->loginPage($username, $password, $connect);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Zaril Login Form</title>
public function generateCSVData($filterFields, $accountNum, $connect)
{
$db = new db_config();
$data = '';
$sql = $db->mquery("EXEC dbo.getCalls @caller_tag = '" . $filterFields . "', @account_number = '" . $accountNum . "'", $connect);
$num = $db->numrows($sql);
$HeadingsArray = array('Caller tag', 'Date', 'Time', 'Contact Name', 'Phone number', 'Duration', 'Estimated cost', 'Actual cost', 'Bill issued');
$csvContent = implode(",", $HeadingsArray) . "\n";
while ($row = $db->fetchobject($sql)) {
$valuesArray['caller_tag'] = $db->strip($row->caller_tag);
$call_date = $db->strip($row->call_date);
$valuesArray['call_date_format'] = date('d M', strtotime($call_date));
$valuesArray['time'] = $db->strip($row->time);
$valuesArray['contact_name'] = $db->strip($row->contact_name);
$valuesArray['phone_number'] = $db->strip($row->phone_number);
$date = new DateTime('2000-01-01');
$date->add(new DateInterval('P0Y0M0DT0H0M' . $row->duration . 'S'));
$valuesArray['duration'] = $date->format('i\\m s\\s');
$valuesArray['estimated_cost'] = $db->strip($row->estimated_cost);
$valuesArray['actual_cost'] = $db->strip($row->actual_cost);
$valuesArray['bill_issued'] = $db->strip($row->bill_issued);
$csvContent .= implode(",", $valuesArray) . "\r\n";
unset($valuesArray);
}
$fileName = date("Y-m-d") . "_export.csv";
header('Content-Type: text/csv');
header("Content-length: " . filesize($fileName));
header('Content-Disposition: inline; filename="' . $fileName . '"');
echo $csvContent;
}
public function registerInterest($data, $connect)
{
$db = new db_config();
$dbCheck = new db_config();
$email_data = $data['@email'];
$sqlCheck = $dbCheck->mquery("SELECT * FROM register_interest WHERE email = '" . $email_data . "'", $connect);
$num = $dbCheck->numhasrows($sqlCheck);
$row = $dbCheck->fetchobject($sqlCheck);
if ($num == 0) {
$sql = $db->mquery_insert("dbo.registerInterest", $data, $connect);
header("location: confirmation?register_success=true");
} else {
$sql = $db->mquery_insert("dbo.registerInterest", $data, $connect);
header("location: confirmation?register_success=true");
//note: for the meantime duplicates are okay
//header ("location: index.php?emailcheck=true");
}
}
public function getBills($accountNum, $connect)
{
$db = new db_config();
$data = '';
$sql = $db->mquery("EXEC dbo.getbill_upload @account_number = '" . $accountNum . "'", $connect);
$num = $db->numhasrows($sql);
$uploadedbills = array();
$i = 0;
while ($row = $db->fetchobject($sql)) {
$ctr = $i++;
$bill_id = $db->strip($row->id);
$bill_date = $db->strip($row->bill_date);
$data .= '<li id="btype_' . $ctr . '" onclick="btype_data(\'' . $ctr . '\', \'' . $bill_date . '\');" rel="' . $ctr . '" class="btype">';
$data .= '<a tabindex="-1" href="#" class="opt"><span class="pull-left">' . $bill_date . '</span></a>';
$data .= '</li>';
}
return $data;
}
<?php
session_start();
include 'protected/config/db_config.php';
include 'protected/config/html_config.php';
include 'protected/library/validation_library.php';
include 'protected/models/users.php';
$db = new db_config();
$formelem = new FormElem();
$UsersModel = new UsersModel();
$connect = $db->connect();
$brand_name = $_SESSION['brand_name'];
if (isset($_POST['btn-create'])) {
$data['email'] = $_POST['email'];
$data['username'] = $_POST['username'];
$data['brand_name'] = $_POST['brandname'];
$data['password'] = $_POST['password'];
$data['backup_password'] = $_POST['password'];
$data['is_admin'] = $_POST['isAdmin'];
$data['date_created'] = date("Y-m-d H:i:s");
$db->mquery_insert("tbl_users", $data, $connect);
}
if (isset($_POST['update-record'])) {
$id = $_POST['id'];
$email = $_POST['email'];
$username = $_POST['username'];
$brandname = $_POST['brandname'];
$is_admin = $_POST['isadmin'];
$user_item_update_sql = "UPDATE tbl_users SET id = '" . $id . "', email = '" . $email . "', username = '******', brand_name = '" . $brandname . "' WHERE id = '" . $id . "'";
$user_item_update = mysqli_query($connect, $user_item_update_sql) or die(mysqli_error($connect));
header('location: /user.php?record_updated=true');
public function getHistory($phoneNum, $accountNum, $connect)
{
$db = new db_config();
$data = '';
$sql = $db->mquery("EXEC dbo.getcallhistory @phone_number = '" . $phoneNum . "', @account_number = '" . $accountNum . "'", $connect);
$num = $db->numrows($sql);
while ($row = $db->fetchobject($sql)) {
$call_date = $db->strip($row->call_date);
$call_date_format = date('d M', strtotime($call_date));
$time = $db->strip($row->time);
$call_id = $db->strip($row->call_id);
$contact_name = $db->strip($row->contact_name);
$phone_number = $db->strip($row->phone_number);
$date = new DateTime('2000-01-01');
$date->add(new DateInterval('P0Y0M0DT0H0M' . $row->duration . 'S'));
//$duration = $date->format('H:i:s');
$duration = $date->format('i\\m s\\s');
$estimated_cost = $db->strip($row->estimated_cost);
$actual_cost = $db->strip($row->actual_cost);
$caller_tag = $db->strip($row->caller_tag);
$bill_issued = $db->strip($row->bill_issued);
$data .= "<tr>";
$data .= "<td>" . $call_date_format . "</td>";
$data .= "<td>" . $time . "</td>";
$data .= "<td>" . $duration . "</td>";
$data .= "<td>" . "\$" . number_format($estimated_cost, 2) . "</td>";
$data .= "<td>" . "\$" . number_format($actual_cost, 2) . "</td>";
$data .= "<td>" . $bill_issued . "</td>";
$data .= "</tr>";
}
return $data;
}
public function __construct(db_config $db)
{
$this->mysqli = $db->getLink();
}
