public function __construct()
{
$connect = new DB_connect();
$connect->set_charset("utf8");
$query = "SELECT id, name, lastname, location, dateOfBirth, dateOfDeath, religion FROM obituaries ORDER BY datePublished DESC";
$statment = $connect->prepare($query);
$statment->execute();
$statment->bind_result($id_obituary, $name, $lastname, $location, $dateOfBirth, $dateOfDeath, $religion);
while ($statment->fetch()) {
$this->addObituary(new Obituary($id_obituary, $name, $lastname, $location, $dateOfBirth, $dateOfDeath, $religion));
}
$statment->close();
$connect->close();
}
public function __construct()
{
$connect = new DB_connect();
$connect->set_charset("utf8");
$query = "SELECT id, name, lastname, address, phone, email, rank FROM users";
$statment = $connect->prepare($query);
$statment->execute();
$statment->bind_result($id_user, $name, $lastname, $address, $phone, $email, $rank);
while ($statment->fetch()) {
$this->addUser(new Users($id_user, $name, $lastname, $address, $phone, $email, null, $rank));
}
$statment->close();
$connect->close();
}
public function update()
{
$connect = new DB_connect();
$connect->set_charset("utf8");
$address = $connect->real_escape_string(trim($this->address));
$phone = $connect->real_escape_string(trim($this->phone));
$email = $connect->real_escape_string(trim($this->email));
if ($this->pass == '') {
$query = "UPDATE users SET address=?, phone=?, email=? WHERE id=?";
$statment = $connect->prepare($query);
$statment->bind_param('sssi', $address, $phone, $email, $this->id);
} else {
$query = "UPDATE users SET address=?, phone=?, email=?, password=? WHERE id=?";
$statment = $connect->prepare($query);
$statment->bind_param('ssssi', $address, $phone, $email, $this->pass, $this->id);
}
$statment->execute();
$statment->close();
$connect->close();
}
public function delete()
{
$connect = new DB_connect();
$connect->set_charset("utf8");
$query = "DELETE FROM obituaries WHERE id=?";
$statment = $connect->prepare($query);
$statment->bind_param('i', $this->obituaryId);
$statment->execute();
$statment->close();
$connect->close();
}
<?php
if (!isset($_SESSION)) {
session_start();
}
if (isset($_POST['login'])) {
require_once 'class/DB_connect.php';
$connect = new DB_connect();
$connect->set_charset("utf8");
$email = $connect->real_escape_string(trim($_POST["email"]));
$pass = md5($connect->real_escape_string(trim($_POST["pass"])));
$query = "SELECT id, name, lastname, password, rank FROM users WHERE email=?";
$statement = $connect->prepare($query);
$statement->bind_param('s', $email);
$statement->execute();
$statement->bind_result($id_user, $name, $lastname, $passwd, $rank);
$statement->fetch();
$statement->close();
$connect->close();
if ($pass == $passwd) {
$_SESSION['name'] = $name . " " . $lastname;
$_SESSION['email'] = $email;
$_SESSION['id_user'] = $id_user;
$_SESSION['rank'] = $rank;
$_SESSION['logged'] = true;
header("Location: index.php");
} else {
echo '<p>Username and password do not match!</p>';
}
}