$userObj->setFirstName($_POST["firstname"]); $userObj->setLastName($_POST["lastname"]); $userObj->setEmail($_POST["email"]); $userObj->setPassword($_POST["password"]); $userObj->setUserActivated(0); //by default //echo "The name you sent is: ". $userObj->getFirstName() . "!!!"; /*Validate if the user exists. If it does, then just check if its already activated by checking this field in the DB, if not *then resend an activation email to the email of the user and redirect the user to a page where it tells that an email has been sent to *activate the account. If the user doesn't exist then create it and put the activated field in the DB *in 0 and send activation email to the user's email account and redirect it to the screen that tells that an email has been sent to his/her account *to activate the account. *If the account already exists and is activated then redirect the user to the dashboard. */ //execute query to see if the user exist $email = $connObj->escapeMe($userObj->getEmail()); $result = $connObj->executeQuery($q->getUserByEmail() . "'{$email}'"); $usersCount = $connObj->getNumRows(); //echo "You selected ".$usersCount." users<br>"."select * from `user` where `email`=".$userObj->getEmail(); if ($usersCount <= 0) { /*First case: a new user needs to be created *We need to create the user in the DB with the user_activated flag with 0 and send an email *with a url like this: localhost/validate_user?userID=id&hash_email=hash&userActivated=1; */ $query_str = sprintf($q->insInsertNewUser(), $userObj->getFirstName(), $userObj->getLastName(), $userObj->getEmail(), $userObj->getPassword(), $userObj->getUserActivated()); //echo "This is the formatted string:<br>"; //echo $query_str; $result = $connObj->executeQuery($query_str); $lastId = $connObj->getLastId(); $connObj->commit(); //echo "This is my last id inserted: ". $lastId;
<?php session_start(); include "./myclasses.php"; //load queries $q = new Queries(); //Get connection to the DB $connObj = new MySQLConn(); $connObj->getConnection(); if (isset($_SESSION['username'])) { //3 scenarios: upload the image, view images and delete image //First if ($_GET['act'] == "uimg") { //TODO: put more restrictions like file size, type of file, etc $filename = $connObj->escapeMe($_FILES['imgfile']['name']); $fileSize = $_FILES["imgfile"]["size"]; $fileObj = $_FILES["imgfile"]["tmp_name"]; $userId = $_SESSION["userId"]; $sql = sprintf($q->insInsertImg(), $userId, $fileObj, $filename, $fileSize); $connObj->executeQuery($sql); echo "<h1>Your image has been saved!!!</h1>"; echo "<hr><h3>Please go to the main <a href=http://localhost/dashboard.php>menu</a> for more options.</h3>"; } //Second if ($_GET['act'] == "viewimg") { $userId = $_SESSION["userId"]; $connObj->escapeMe($userId); $sql = sprintf($q->getImgByUserId(), $userId); $connObj->executeQuery($sql); $result = $connObj->fetchArray(); foreach ($result as $img) {