public function registerCustomer()
{
$salt = md5($_POST['firstname'] . $_POST['lastname']);
$password = hash('ripemd128', $_POST['password'] . $salt);
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$stmt = $mysqli->prepare("INSERT INTO `customer`(`customer_title`,\n `customer_firstname`,\n `customer_lastname`,\n `customer_login`,\n `customer_password`,\n `customer_email`,\n `customer_phone`,\n `customer_address`,\n `customer_zip`,\n `customer_location`,\n `customer_title2`,\n `customer_firstname2`,\n `customer_lastname2`,\n `customer_address2`,\n `customer_zip2`,\n `customer_location2`,\n `customer_billingaddress`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param('sssssssssssssssss', $_POST['title'], $_POST['firstname'], $_POST['lastname'], $_POST['login'], $password, $_POST['email'], $_POST['phone'], $_POST['address'], $_POST['zip'], $_POST['location'], $_POST['title2'], $_POST['firstname2'], $_POST['lastname2'], $_POST['address2'], $_POST['zip2'], $_POST['location2'], $_POST['billingaddress']);
$stmt->execute();
$stmt->close();
//get customernumber from name add salt to salttable
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT `customer_id` FROM `customer` WHERE `customer_login` = '" . $_POST['login'] . "';";
$result = $mysqli->query($sql_query);
$customer_id = $result->fetch_array();
$customer_id = $customer_id['customer_id'];
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$stmt = $mysqli->prepare("INSERT INTO `salts`(`customer_id`, `salt`) VALUES (?, ?)");
$stmt->bind_param('ss', $customer_id, $salt);
$stmt->execute();
$stmt->close();
mail($_POST['email'], "Your myShop Registration", "Hello " . $_POST['firstname'] . " " . $_POST['lastname'] . "\n\n Your Login Information:\n--------\nUsername: "******"\nPassword: "******"\n--------\n\n Best wishes\nYour myShop Team");
}
public function __construct($parameter)
{
if (isset($_SESSION['user'])) {
if (isset($_GET['ordersubmitted'])) {
//write order to db
$customer = unserialize($_SESSION['user']);
$cart = unserialize($_SESSION['cart']);
$id = $customer->__get('id');
//create json array for order-entry
$products = [];
foreach ($cart->getProducts() as $product) {
$products[] = array($product->__get('number'), $product->__get('amount'), $product->__get('selectedoption'));
}
$products = json_encode($products);
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "INSERT INTO `product_order` (`customer_id`, `order_products`) VALUES ('{$id}', '{$products}');";
$mysqli->query($sql_query);
$mysqli->commit();
//send email to admin and customer
//mail("*****@*****.**", "Bestellung", "Jemand hat eine Bestellung getätigt" );
mail($customer->__get('email'), "Your Order", "Hello " . $customer->__get('firstname') . " " . $customer->__get('lastname') . "\n\n Thanks for your Order!\n You have ordered " . $cart->count() . " Product(s) with a total price of CHF " . $cart->getCartBalance() . ".\nYou'll never get it HAHAHA. \n\n Best wishes\nYour myshop Team");
//unset cart
unset($_SESSION['cart']);
$this->view = new OrderCompleteView();
} else {
$this->view = new CheckoutView();
}
} else {
$_SESSION['checkout'] = 1;
$this->view = new LoginView();
}
$langselect = new LanguageView(null);
$langselect->render();
}
public static function getDatabaseInstance()
{
if (!isset(self::$databaseInstance)) {
self::$databaseInstance = new DatabaseController();
}
return self::$databaseInstance;
}
public function __construct($id)
{
$this->id = $id;
//connect to db and get product with $id
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT * FROM product WHERE product_id = '" . $id . "' AND hidden != 1;";
$result = $mysqli->query($sql_query);
$res = $result->fetch_array();
$this->name1 = $res['product_name1'];
$this->name2 = $res['product_name2'];
$this->nicename = $res['product_nicename'];
$this->price1 = $res['product_price1'];
$this->price2 = $res['product_price2'];
$this->number = $res['product_number'];
$this->lang = $res['lang'];
$this->translof = $res['translof'];
/* ... */
$result->close();
//create list of translated versions
$sql_query = "SELECT product_nicename, lang FROM product WHERE translof = '" . $this->translof . "' AND hidden != 1;";
$result = $mysqli->query($sql_query);
while ($row = $result->fetch_row()) {
$this->languages[$row[1]] = $row[0];
}
$result->close();
}
public function __construct($id)
{
//connect to db and get customer with $id
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT * FROM customer WHERE customer_id = '" . $id . "';";
$result = $mysqli->query($sql_query);
$res = $result->fetch_array();
$this->id = $id;
$this->title = $res['customer_title'];
$this->firstname = $res['customer_firstname'];
$this->lastname = $res['customer_lastname'];
$this->username = $res['customer_login'];
$this->email = $res['customer_email'];
$this->phone = $res['customer_phone'];
$this->address = $res['customer_address'];
$this->zip = $res['customer_zip'];
$this->location = $res['customer_location'];
$this->title2 = $res['customer_title2'];
$this->firstname2 = $res['customer_firstname2'];
$this->lastname2 = $res['customer_lastname2'];
$this->address2 = $res['customer_address2'];
$this->zip2 = $res['customer_zip2'];
$this->location2 = $res['customer_location2'];
$this->billingaddress = $res['customer_billingaddress'];
$result->close();
}
private function authenticate($username, $password)
{
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$query = "SELECT customer.customer_id, customer.customer_login, customer.customer_password, salts.salt\n FROM customer\n INNER JOIN salts\n ON customer.customer_id = salts.customer_id\n WHERE customer_login = ?;";
if (!($stmt = $mysqli->prepare($query))) {
return false;
} else {
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if (!$result || $result->num_rows == 0) {
$this->view->usernotfound();
return false;
} else {
$row = $result->fetch_assoc();
$salt = $row["salt"];
$hash = $row["customer_password"];
//debug info
//echo "<pre>Passwort: " . $password . "<br />Salt: " . $salt . "<br />To Hash: " . $password . $salt . "<br />Customer Hash: " . $hash . "<br />Generated Hash: ". hash('ripemd128', $password.$salt) . "</pre>";
if (hash('ripemd128', $password . $salt) === $hash) {
return true;
} else {
$this->view->wrongpassword();
return false;
}
}
$stmt->close();
}
}
public static function getInstance()
{
// If no instance then make one
if (!self::$_instance) {
self::$_instance = new self();
}
return self::$_instance;
}
public static function closeConn()
{
try {
self::$db = null;
} catch (Exception $e) {
header('HTTP/1.1 500 Internal Server Error');
die(json_encode(array('code' => '500', 'error' => $e->getMessage())));
}
}
public function __construct()
{
//connect to db and get page with $id
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT product_id FROM product WHERE lang = '" . $_COOKIE['locale'] . "' AND hidden != 1;";
if ($result = $mysqli->query($sql_query)) {
while ($row = mysqli_fetch_row($result)) {
$this->products[] = new Product($row[0]);
}
/* free result set */
mysqli_free_result($result);
}
}
public function __construct($parameter)
{
$cart = unserialize($_SESSION['cart']);
// set variables
if (isset($parameter[2])) {
$action = $parameter[2];
}
if (isset($parameter[3])) {
$productnr = $parameter[3];
$uid = $parameter[3];
}
if (isset($parameter[4])) {
$amount = $parameter[4];
}
if (isset($parameter[5])) {
$option = $parameter[5];
}
//update
if (!empty($action) && $action == "update" && !empty($uid) && !empty($amount)) {
$cart->update($uid, $amount);
}
//delete
if (!empty($action) && $action == "delete" && !empty($uid)) {
$cart->remove($uid);
}
//add
if (!empty($action) && $action == "add") {
//connect to db and get productid
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT `product_id` FROM `product` WHERE `product_number` = '" . $productnr . "';";
if ($result = $mysqli->query($sql_query)) {
$product_id = $result->fetch_array();
$product_id = $product_id['product_id'];
} else {
$product_id = 1;
}
//create new product for cart and update its values according selection
$newproduct = new Product($product_id);
$newproduct->__set('selectedoption', $option);
$newproduct->updateUid();
$newproduct->__set('amount', $amount);
$cart->add($newproduct);
}
$_SESSION['cart'] = serialize($cart);
$this->view = new CartView($cart);
$langselect = new LanguageView(null);
$langselect->render();
}
public function __construct($user = null)
{
$this->databaseController = DatabaseController::getDatabaseInstance();
$this->sessionName = SettingsFactory::getSettingsProperty(SettingsFactory::$SESSIONNAME_PATH);
if (!$user) {
// no arg provided
if (Session::sessionExists($this->sessionName)) {
$user = Session::sessionGet($this->sessionName);
if ($this->find($user)) {
$this->isLoggedIn = true;
}
}
} else {
$this->find($user);
}
}
public function __construct($parameter)
{
$nicename = $parameter[1];
//connect to db and get pageid
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT `page_id` FROM `pages` WHERE `nicename` = '" . $nicename . "' AND `hidden` != 1;";
$result = $mysqli->query($sql_query);
$page_id = $result->fetch_array();
$page_id = $page_id['page_id'];
//change language to language of selected page
$page = new Page($page_id);
$this->view = new PageView($page);
$this->model = $page;
$langselect = new LanguageView($this->model);
$langselect->render();
}
public function __construct($id)
{
$this->uid = md5(uniqid(rand(), true));
$this->id = $id;
//connect to db and get product with $id
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT * FROM product WHERE product_id = '" . $id . "' AND hidden != 1;";
$result = $mysqli->query($sql_query);
$res = $result->fetch_array();
$this->name1 = $res['product_name1'];
$this->name2 = $res['product_name2'];
$this->nicename = $res['product_nicename'];
$this->price1 = $res['product_price1'];
$this->price2 = $res['product_price2'];
$this->number = $res['product_number'];
$this->options = $res['product_options'];
$this->brand = $res['product_brand'];
$this->images = $res['product_images'];
$this->lang = $res['lang'];
$this->translof = $res['translof'];
$this->description = $res['product_description'];
$this->details = $res['product_details'];
$this->features = $res['product_features'];
$result->close();
//get brand
$sql_query = "SELECT brand_nicename, brand_name FROM product_brand WHERE brand_id = " . $this->brand . ";";
$result = $mysqli->query($sql_query);
$res = $result->fetch_array();
$this->brand_nicename = $res['brand_nicename'];
$this->brand = $res['brand_name'];
$result->close();
//create list of translated versions
$sql_query = "SELECT product_nicename, lang FROM product WHERE translof = '" . $this->translof . "' AND hidden != 1;";
$result = $mysqli->query($sql_query);
while ($row = $result->fetch_row()) {
$this->languages[$row[1]] = $row[0];
}
$result->close();
//get stock from stock table
$sql_query = "SELECT stock FROM product_stock WHERE product_number = '" . $this->number . "';";
$result = $mysqli->query($sql_query);
$res = $result->fetch_array();
$this->stock = $res['stock'];
$result->close();
}
function get_bottom_menu()
{
$menu = "<ul class='unstyled-list list-inline'>";
$lang = Trans::getDomain();
$pages = array();
//add products page to menu
if ($lang == "en_EN") {
$pages[] = array("Products", "/myshop/products");
} else {
if ($lang == "de_DE") {
$pages[] = array("Produkte", "/myshop/produkte");
} else {
if ($lang == "fr_FR") {
$pages[] = array("Produits", "/myshop/produits");
}
}
}
// dynamically create page-routes from db
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT `nicename`,`title`,`pos` FROM pages WHERE lang = '" . $lang . "' AND inmenu = '1' ORDER BY pos DESC;";
$result = $mysqli->query($sql_query) or trigger_error($mysqli->error . "[{$sql_query}]");
while ($row = $result->fetch_row()) {
$pages[] = array($row[1], "/myshop/" . $row[0]);
}
//add contact page to menu
if ($lang == "en_EN" || $lang == "fr_FR") {
$pages[] = array("Contact", "/myshop/contact");
} else {
if ($lang == "de_DE") {
$pages[] = array("Kontakt", "/myshop/kontakt");
}
}
$l = count($pages);
//add menu with separators
for ($i = 0; $i < $l; $i++) {
if ($i == $l - 1) {
$menu .= "<li><a href='" . $pages[$i][1] . "'> " . $pages[$i][0] . "</a></li>";
} else {
$menu .= "<li><a href='" . $pages[$i][1] . "'> " . $pages[$i][0] . "</a><span></span></li>";
}
}
$menu .= "<div class='clearfix'></div></ul>";
return $menu;
}
public function __construct($parameter)
{
if (!isset($parameter[2])) {
$product_id = 1;
} else {
//connect to db and get productid
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT `product_id` FROM `product` WHERE `product_nicename` = '" . $parameter[2] . "' AND `hidden` != 1;";
if ($result = $mysqli->query($sql_query)) {
$product_id = $result->fetch_array();
$product_id = $product_id['product_id'];
} else {
$product_id = 1;
}
}
$product = new Product($product_id);
$this->view = new SingleProductView($product);
$this->model = $product;
$langselect = new LanguageView($product);
$langselect->render();
}
public function __construct($id)
{
$this->id = $id;
//connect to db and get page with $id
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT * FROM pages WHERE page_id = '" . $id . "' AND hidden != 1;";
$result = $mysqli->query($sql_query);
$res = $result->fetch_array();
$this->title = $res['title'];
$this->content = $res['content'];
$this->lang = $res['lang'];
$this->translof = $res['translof'];
$result->close();
//create list of translated versions
$sql_query = "SELECT nicename, lang FROM pages WHERE translof = '" . $this->translof . "' AND hidden != 1;";
$result = $mysqli->query($sql_query);
while ($row = $result->fetch_row()) {
$this->languages[$row[1]] = $row[0];
}
$result->close();
}
public function renderView()
{
foreach ($this->model->getUris() as $key => $value) {
if (preg_match("#^{$value}\$#", $this->uriView)) {
if ($this->model->getView($key) === "PageView") {
//connect to db and get pageid
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT `page_id` FROM `pages` WHERE `nicename` = '" . str_replace('/', '', $value) . "' AND `hidden` != 1;";
$result = $mysqli->query($sql_query);
$page_id = $result->fetch_array();
$page_id = $page_id['page_id'];
//change language to language of selected page
$page = new Page($page_id);
$view = new PageView($page);
$langselect = new LanguageView($page);
$langselect->render();
} else {
if ($this->model->getView($key) === "ProductView") {
$products = new Products();
$view = new ProductView($products);
} else {
if ($this->model->getView($key) === "SingleProductView") {
$params = $this->additionalParam;
if (!isset($params[2])) {
$product_id = 1;
} else {
//connect to db and get pageid
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT `product_id` FROM `product` WHERE `product_nicename` = '" . $params[2] . "' AND `hidden` != 1;";
if ($result = $mysqli->query($sql_query)) {
$product_id = $result->fetch_array();
$product_id = $product_id['product_id'];
} else {
$product_id = 1;
}
}
$product = new Product($product_id);
$view = new SingleProductView($product);
$langselect = new LanguageView($product);
$langselect->render();
} else {
if ($this->model->getView($key) === "LoginView") {
if (isset($_SESSION['user'])) {
//logout if logout link is called
if (str_replace('/', '', $value) == "logout") {
$view = new LoginView();
$controller = new LoginController($view);
$controller->logout();
} else {
$view = new CustomerView(unserialize($_SESSION['user']));
}
} else {
if (isset($_POST["login"]) && isset($_POST["password"])) {
$username = $_POST["login"];
$password = $_POST["password"];
$view = new LoginView();
$controller = new LoginController($view);
//authenticate
if ($controller->login($username, $password)) {
$view = new CustomerView(unserialize($_SESSION['user']));
}
} else {
$view = new LoginView();
}
}
} else {
if ($this->model->getView($key) === "CustomerView") {
if (isset($_SESSION['user'])) {
$view = new CustomerView(unserialize($_SESSION['user']));
} else {
$view = new LoginView();
}
} else {
if ($this->model->getView($key) === "CartView") {
if (isset($_SESSION['cart'])) {
$cart = unserialize($_SESSION['cart']);
$params = $this->additionalParam;
//update article
if (isset($params[2])) {
$action = $params[2];
}
if (isset($params[3])) {
$productnr = $params[3];
}
if (isset($params[4])) {
$newamount = $params[4];
}
if (!empty($action) && $action == "update" && !empty($productnr) && !empty($newamount)) {
$cart->update($productnr, $newamount);
}
if (!empty($action) && $action == "delete" && !empty($productnr)) {
$cart->remove($productnr);
}
$_SESSION['cart'] = serialize($cart);
$view = new CartView($cart);
} else {
$cart = new Cart();
//test-data
$cart->add(new Product(1));
$cart->add(new Product(2));
$cart->add(new Product(3));
$cart->add(new Product(4));
//$cart->remove(10001);
$_SESSION['cart'] = serialize($cart);
$view = new CartView($cart);
}
} else {
$useView = $this->model->getView($key);
$view = new $useView();
}
}
}
}
}
}
$view->render();
}
}
}
<?php
require "partials/secure-page.php";
$pageTitle = "User List";
$pageSubtitle = "Registered Users";
require_once "classes/database-controller.php";
$db = new DatabaseController();
$users = $db->getAllUsers();
require "partials/html-head.php";
?>
<meta name="description" content="View all registered users on the system.">
<?php
require "partials/html-page-start.php";
?>
<h2>List of current users</h2>
<p>The following users have registered with the system:</p>
<table class="users">
<thead>
<tr>
<th style="width: 5em;">User ID</th>
<th>Username</th>
<th>Registration Date</th>
</tr>
</thead>
<tbody>
<?php
foreach ($users as $user) {
<?php
/**
* Created by PhpStorm.
* User: florianauderset
* Date: 15.01.16
* Time: 10:41
*/
if (!isset($_POST['login'])) {
die;
} else {
$customers = [];
include_once '../lib/controllers/DatabaseController.php';
//connect to db and get page with $id
$db = DatabaseController::getInstance();
$mysqli = $db->getConnection();
$sql_query = "SELECT customer_login FROM customer;";
$result = $mysqli->query($sql_query);
while ($row = $result->fetch_row()) {
$customers[] = $row[0];
}
$result->close();
$username = strtolower($_POST['login']);
if (in_array($username, $customers)) {
echo 'false';
} else {
echo 'true';
}
}
public function __construct()
{
$this->databaseController = DatabaseController::getDatabaseInstance();
}
<?php
$pageTitle = "Logon";
$pageSubtitle = "User control";
require "partials/html-head.php";
require_once "classes/database-controller.php";
if (isset($_GET["logoff"]) && $_GET["logoff"] == "true") {
$_SESSION["userLoggedIn"] = false;
}
$logon = true;
$valid = "";
if (isset($_POST["username"]) && isset($_POST["password"])) {
$db = new DatabaseController();
if ($db->logUserIn($_POST["username"], $_POST["password"])) {
$valid = "You are now logged in!";
$logon = false;
} else {
$valid = $db->dbError;
}
}
?>
<meta name="description" content="Logon to address pro">
<?php
require "partials/html-page-start.php";
if ($logon) {
?>
<h2>Logon to Address Pro</h2>
$firefoxWidthRawVariable;
$safariWidthRawVariable;
$chromeWidthRawVariable;
$operaWidthRawVariable;
$konquerorWidthRawVariable;
$lynxWidthRawVariable;
$tableArray;
/*check if the submit button has been pressed (html form has been submitted) to prevent an 'index:undefined index:' error from occuring. The following code
will only be executed after the form has been submitted. */
if (isset($_POST['submit'])) {
//escape all form data to protect against injection!
$name = mysql_real_escape_string($_POST['usersName']);
$email = mysql_real_escape_string($_POST['usersEmail']);
$browser = mysql_real_escape_string($_POST['usersFavBrowser']);
$reason = mysql_real_escape_string($_POST['usersReason']);
$databaseController = new DatabaseController($name, $email, $browser, $reason);
$databaseController->connectToDatabase();
$databaseController->submitToDatabase();
$databaseController->orderDatabase();
$databaseController->browserCount();
$browserPercentUsageArray = $databaseController->getPercentageArray();
foreach ($browserPercentUsageArray as $key => $value) {
if ($key == 'ie') {
$internetexplorerWidthVariablePercentage = $value;
} elseif ($key == 'ff') {
$firefoxWidthVariablePercentage = $value;
} elseif ($key == 'saf') {
$safariWidthVariablePercentage = $value;
} elseif ($key == 'chr') {
$chromeWidthVariablePercentage = $value;
} elseif ($key == 'op') {
<?php
// load db controller for adding user
require_once "classes/database-controller.php";
// Analyse data received
$error = false;
// open database
$db = new DatabaseController();
if ($db->dbError) {
$error = $db->dbError;
} else {
// Test all POST data has been received
if (isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["passwordConfirm"])) {
// check password match
if ($_POST["password"] == $_POST["passwordConfirm"]) {
// save information to database
if (!$db->addUser($_POST["username"], $_POST["password"])) {
$error = "Error adding user.<br>" . $db->dbError;
} else {
// see if image exists and save
if (isset($_FILES["avatar"]) && strpos($_FILES["avatar"]["type"], "image") !== false) {
if (!file_exists("uploads")) {
mkdir("uploads");
}
$filename = "uploads/" . $_POST['username'];
move_uploaded_file($_FILES["avatar"]["tmp_name"], $filename);
}
}
} else {
$error = "Password do not match";
}
