function login($emailPOST, $passwordPOST) { echo "login()<br/>"; // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass(); // Check for the submit data $email = $sqlConn->realEscapeString($emailPOST); $password = $sqlConn->realEscapeString($passwordPOST); // React if email/password are empty or wrong echo $email; echo $password; // Get user with email info from the database $query = "SELECT * FROM user WHERE user.email='" . $email . "'"; $result = $sqlConn->exeQuery($query); // Email address is unique in the database. Check if the user is logged on. if ($result->num_rows == 1) { $user = $result->fetch_assoc(); $emailDB = $user['email']; $passwordDB = $user['password']; $passwordEncrypt = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($email), $password, MCRYPT_MODE_CBC, md5(md5($email)))); // Check if user exists and password matches if (strcmp($email, $emailDB) == 0 and strcmp($passwordEncrypt, $passwordDB) == 0) { echo "Loggin suffessfull...<br/>"; return 1; } } else { echo "Loggin ERROR...<br/>"; return 0; } }
function checkRegisterParams() { // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass(); // Check for the submit data $email = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'email', FILTER_DEFAULT)); $firstname = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'firstname', FILTER_DEFAULT)); $lastname = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'lastname', FILTER_DEFAULT)); $password = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'password', FILTER_DEFAULT)); $passwordRe = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'passwordRe', FILTER_DEFAULT)); $address = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'address', FILTER_DEFAULT)); $postnumber = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'postnumber', FILTER_DEFAULT)); $city = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'city', FILTER_DEFAULT)); $phone = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'phone', FILTER_DEFAULT)); // Check inputs validity // Encrypt password $passwordEncypt = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($email), $password, MCRYPT_MODE_CBC, md5(md5($email)))); // Record current date and time $timeAndDate = date("Y-m-d h:i:sa"); // Insert: $query = "INSERT INTO user (firstname, lastname, password, address,\n email, phone, city, postnumber, usertype_idusertype, timeAndDate) \n VALUES ('" . $firstname . "','" . $lastname . "','" . $passwordEncypt . "','" . $address . "','" . $email . "','" . $phone . "','" . $city . "'," . $postnumber . ",1,'" . $timeAndDate . "')"; echo "<br/>" . $query . "<br/>"; $sqlConn->exeQuery($query); // Remove DB connection unset($sqlConn); }
function updateArticle($saveEdit) { // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass("nazmarket"); $articlename = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlename', FILTER_DEFAULT)); $idcategory = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcategory', FILTER_DEFAULT)); $idcompany = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcompany', FILTER_DEFAULT)); $idunit = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idunit', FILTER_DEFAULT)); $articlecomment = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlecomment', FILTER_DEFAULT)); $price = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'price', FILTER_DEFAULT)); $available = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'available', FILTER_DEFAULT)); $query = "UPDATE article SET \r\n articlename='" . $articlename . "',\r\n idcategory=" . $idcategory . ",\r\n idcompany=" . $idcompany . ",\r\n idunit='" . $idunit . "',\r\n articlecomment='" . $articlecomment . "',\r\n price=" . $price . ",\r\n available=" . $available . " \r\n WHERE idarticle=" . $saveEdit; echo $query; $sqlConn->exeQuery($query); }
function insertArticleIntoDB() { // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass("nazmarket"); // Extract received informations. // Do checks for SQL injection, data times and other limitations. $articlename = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlename', FILTER_DEFAULT)); $idcategory = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcategory', FILTER_DEFAULT)); $idcompany = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcompany', FILTER_DEFAULT)); $idunit = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idunit', FILTER_DEFAULT)); $articlecomment = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlecomment', FILTER_DEFAULT)); $price = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'price', FILTER_DEFAULT)); $available = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'available', FILTER_DEFAULT)); // Corresponds to the name in HTML. $articleimage = uploadFile("articleimage"); if ($articleimage == -1) { $articleimage = ""; } // $articleName = //[articlename] => [idcategory] => 1 [idcompany] => 1 [articlecomment] => e.g. 500 [idunit] => 1 [price] // Insert: $query = "INSERT INTO article (articlename, idcategory, idcompany, idunit,\r\n price, articlecomment, articleimage, available) \r\n VALUES ('" . $articlename . "','" . $idcategory . "','" . $idcompany . "'," . $idunit . "," . $price . ",'" . $articlecomment . "','" . $articleimage . "'," . $available . ")"; echo "<br/>" . $query . "<br/>"; $sqlConn->exeQuery($query); // Remove DB connection unset($sqlConn); }