/**
* Overwrite the method from abstract PageController.
* Possibility to handle requests sent to the 'shipping' page.
*/
public function handleRequestInMain()
{
// redirect the user if it's not logged in.
if (isset($_SESSION[Session::USER])) {
$this->redirect("mydata.php");
}
// handle only POST requests
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// create a NamedQuery, then add all given params in POST array
$namedQuery = new NamedQuery($this->QUERY_INSERT_USER);
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-firstname"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-lastname"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-email"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-address"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-addressnr"]));
$namedQuery->addParam(QueryParam::TYPE_INTEGER, StringUtils::removeTags($_POST["name-zipcode"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-city"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-country"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::convertInSha1($_POST["name-password"]));
// try to execute the query
if (!CRUDService::getInstance()->executeNamedQuery($namedQuery)) {
Logger::error("error registering a new user");
} else {
// query was OK.
// reload the user's data and store them in the session
$namedQuery = new NamedQuery($this->QUERY_LOAD_USER);
$namedQuery->addParam(QueryParam::TYPE_STRING, $_POST["name-email"]);
$result = CRUDService::getInstance()->fetchNamedQuery($namedQuery, "User");
$_SESSION[Session::USER] = serialize($result[0]);
$this->redirect("home.php");
}
}
}
/**
* Overwrite the abstract function from the Superclass.
* This method updates the data given over the view
* and stores it into the database related to the user's id,
* if it has changed. Values which have not changed, will not be
* updated.
*/
public function handleRequestInMain()
{
if (!isset($_SESSION[Session::USER])) {
$this->redirect("login.php");
}
// handle only POST requests
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// load user data from session
$user = unserialize($_SESSION[Session::USER]);
$this->namedQuery = new NamedQuery();
$this->query = $this->QUERY_UPDATE_PREFIX;
if ($_POST["name-firstname"] !== $user->getFirstname()) {
$this->appendQuery("firstname", QueryParam::TYPE_STRING, $_POST["name-firstname"]);
}
if ($_POST["name-lastname"] !== $user->getLastname()) {
$this->appendQuery("lastname", QueryParam::TYPE_STRING, $_POST["name-lastname"]);
}
if ($_POST["name-email"] !== $user->getEmail()) {
$this->appendQuery("email", QueryParam::TYPE_STRING, $_POST["name-email"]);
}
// Attention with the password, it is stored as SHA-1 hash in database.
// --> the user has the SHA-1 pw in the input field
// --> BUT when he changes it, it won't be SHA-1 anymore, BUT if he enters its real PW, the Hash will be the same again
if ($_POST["name-password"] !== $user->getPassword() && StringUtils::convertInSha1($_POST["name-password"]) !== $user->getPassword()) {
$this->appendQuery("password", QueryParam::TYPE_STRING, StringUtils::convertInSha1($_POST["name-password"]));
}
if ($_POST["name-address"] !== $user->getAddress()) {
$this->appendQuery("address", QueryParam::TYPE_STRING, $_POST["name-address"]);
}
if ($_POST["name-addressnr"] !== $user->getAddressnr()) {
$this->appendQuery("addressnr", QueryParam::TYPE_STRING, $_POST["name-addressnr"]);
}
if ($_POST["name-zipcode"] != $user->getZipcode()) {
$this->appendQuery("zipcode", QueryParam::TYPE_INTEGER, $_POST["name-zipcode"]);
}
if ($_POST["name-city"] !== $user->getCity()) {
$this->appendQuery("city", QueryParam::TYPE_STRING, $_POST["name-city"]);
}
if ($_POST["name-country"] !== $user->getCountry()) {
$this->appendQuery("country", QueryParam::TYPE_STRING, $_POST["name-country"]);
}
// finalize the query with the where clause with user's id
$this->query .= $this->QUERY_UPDATE_SUFFIX;
$this->namedQuery->addParam(QueryParam::TYPE_INTEGER, $user->getId());
// set the query to the namedQuery
$this->namedQuery->setNamedQuery($this->query);
CRUDService::getInstance()->executeNamedQuery($this->namedQuery);
$this->reloadUser($user->getId());
$this->redirect("mydata.php");
}
}
/**
* Overwrite the abstract function from Superclass.
* If a user POST-ed login data, check whether the data
* is correct or not.
* In case it's not, show the user a message that the login was not ok.
* Otherwise, set the user's data into the session and redirect to
* the 'Home' page.
*/
public function handleRequestInMain()
{
// handle only POST requests
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// read e-mail from POST and try to load a user by its e-mail
$namedQuery = new NamedQuery($this->QUERY_LOAD_USER);
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-email"]));
$result = CRUDService::getInstance()->fetchNamedQuery($namedQuery, "User");
// if there is no (or more which should not be possible) result, return an error
if (count($result) !== 1) {
$this->getView()->setMessage($this->MSG_ERROR);
return;
}
// now that we really found just 1 user, check its password
$user = $result[0];
if ($user->getPassword() === StringUtils::convertInSha1($_POST["name-password"])) {
// persist user in session and redirect user to the main page
$_SESSION[Session::USER] = serialize($user);
$this->redirect("home.php");
} else {
$this->getView()->setMessage($this->MSG_ERROR);
}
}
}
