/** * login process */ public static function login() { // form validation if (!filter_input(INPUT_POST, "form_token") || Form::isFormTokenValid(filter_input(INPUT_POST, "form_token"))) { View::setMessageFlash("danger", "Form tidak valid"); return FALSE; } if (!filter_input(INPUT_POST, "username") || !filter_input(INPUT_POST, "password")) { View::setMessageFlash("danger", "Masukkan Username dan Password"); return FALSE; } $username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING); $password = md5(filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING)); $mysqli = App::getConnection(true); $sql = "SELECT user_id FROM users WHERE username='******' AND password='******'"; if (!($query = $mysqli->query($sql))) { View::setMessageFlash("danger", $mysqli->error); return FALSE; } if ($query->num_rows == 0) { View::setMessageFlash("danger", "Username dan Password Salah"); return FALSE; } $row = $query->fetch_row(); $_SESSION['user_id'] = $row[0]; return TRUE; }
public function __construct($id) { $mysqli = App::getConnection(true); $sql = "SELECT * FROM " . $this->table . " WHERE " . $this->key . " = '" . $id . "'"; if (!($query = $mysqli->query($sql))) { return; } $this->data = $query->fetch_assoc(); }
public function update() { $mysqli = App::getConnection(true); $sql = "UPDATE " . $this->table . " SET "; $sql .= "name='" . $this->data['name'] . "', "; $sql .= "phone='" . $this->data['phone'] . "', "; $sql .= "address='" . $this->data['address'] . "' "; $sql .= "WHERE " . $this->key . "='" . $this->data[$this->key] . "' "; if (!($query = $mysqli->query($sql))) { return FALSE; } return TRUE; }