/** * Overwrite the method from abstract PageController. * Possibility to handle requests sent to the 'shipping' page. */ public function handleRequestInMain() { // redirect the user if it's not logged in. if (isset($_SESSION[Session::USER])) { $this->redirect("mydata.php"); } // handle only POST requests if ($_SERVER["REQUEST_METHOD"] == "POST") { // create a NamedQuery, then add all given params in POST array $namedQuery = new NamedQuery($this->QUERY_INSERT_USER); $namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-firstname"])); $namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-lastname"])); $namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-email"])); $namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-address"])); $namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-addressnr"])); $namedQuery->addParam(QueryParam::TYPE_INTEGER, StringUtils::removeTags($_POST["name-zipcode"])); $namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-city"])); $namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-country"])); $namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::convertInSha1($_POST["name-password"])); // try to execute the query if (!CRUDService::getInstance()->executeNamedQuery($namedQuery)) { Logger::error("error registering a new user"); } else { // query was OK. // reload the user's data and store them in the session $namedQuery = new NamedQuery($this->QUERY_LOAD_USER); $namedQuery->addParam(QueryParam::TYPE_STRING, $_POST["name-email"]); $result = CRUDService::getInstance()->fetchNamedQuery($namedQuery, "User"); $_SESSION[Session::USER] = serialize($result[0]); $this->redirect("home.php"); } } }
/** * Overwrite the abstract function from the Superclass. * This method updates the data given over the view * and stores it into the database related to the user's id, * if it has changed. Values which have not changed, will not be * updated. */ public function handleRequestInMain() { if (!isset($_SESSION[Session::USER])) { $this->redirect("login.php"); } // handle only POST requests if ($_SERVER["REQUEST_METHOD"] == "POST") { // load user data from session $user = unserialize($_SESSION[Session::USER]); $this->namedQuery = new NamedQuery(); $this->query = $this->QUERY_UPDATE_PREFIX; if ($_POST["name-firstname"] !== $user->getFirstname()) { $this->appendQuery("firstname", QueryParam::TYPE_STRING, $_POST["name-firstname"]); } if ($_POST["name-lastname"] !== $user->getLastname()) { $this->appendQuery("lastname", QueryParam::TYPE_STRING, $_POST["name-lastname"]); } if ($_POST["name-email"] !== $user->getEmail()) { $this->appendQuery("email", QueryParam::TYPE_STRING, $_POST["name-email"]); } // Attention with the password, it is stored as SHA-1 hash in database. // --> the user has the SHA-1 pw in the input field // --> BUT when he changes it, it won't be SHA-1 anymore, BUT if he enters its real PW, the Hash will be the same again if ($_POST["name-password"] !== $user->getPassword() && StringUtils::convertInSha1($_POST["name-password"]) !== $user->getPassword()) { $this->appendQuery("password", QueryParam::TYPE_STRING, StringUtils::convertInSha1($_POST["name-password"])); } if ($_POST["name-address"] !== $user->getAddress()) { $this->appendQuery("address", QueryParam::TYPE_STRING, $_POST["name-address"]); } if ($_POST["name-addressnr"] !== $user->getAddressnr()) { $this->appendQuery("addressnr", QueryParam::TYPE_STRING, $_POST["name-addressnr"]); } if ($_POST["name-zipcode"] != $user->getZipcode()) { $this->appendQuery("zipcode", QueryParam::TYPE_INTEGER, $_POST["name-zipcode"]); } if ($_POST["name-city"] !== $user->getCity()) { $this->appendQuery("city", QueryParam::TYPE_STRING, $_POST["name-city"]); } if ($_POST["name-country"] !== $user->getCountry()) { $this->appendQuery("country", QueryParam::TYPE_STRING, $_POST["name-country"]); } // finalize the query with the where clause with user's id $this->query .= $this->QUERY_UPDATE_SUFFIX; $this->namedQuery->addParam(QueryParam::TYPE_INTEGER, $user->getId()); // set the query to the namedQuery $this->namedQuery->setNamedQuery($this->query); CRUDService::getInstance()->executeNamedQuery($this->namedQuery); $this->reloadUser($user->getId()); $this->redirect("mydata.php"); } }
/** * Overwrite the abstract function from Superclass. * If a user POST-ed login data, check whether the data * is correct or not. * In case it's not, show the user a message that the login was not ok. * Otherwise, set the user's data into the session and redirect to * the 'Home' page. */ public function handleRequestInMain() { // handle only POST requests if ($_SERVER["REQUEST_METHOD"] == "POST") { // read e-mail from POST and try to load a user by its e-mail $namedQuery = new NamedQuery($this->QUERY_LOAD_USER); $namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-email"])); $result = CRUDService::getInstance()->fetchNamedQuery($namedQuery, "User"); // if there is no (or more which should not be possible) result, return an error if (count($result) !== 1) { $this->getView()->setMessage($this->MSG_ERROR); return; } // now that we really found just 1 user, check its password $user = $result[0]; if ($user->getPassword() === StringUtils::convertInSha1($_POST["name-password"])) { // persist user in session and redirect user to the main page $_SESSION[Session::USER] = serialize($user); $this->redirect("home.php"); } else { $this->getView()->setMessage($this->MSG_ERROR); } } }