/**
* login process
*/
public static function login()
{
// form validation
if (!filter_input(INPUT_POST, "form_token") || Form::isFormTokenValid(filter_input(INPUT_POST, "form_token"))) {
View::setMessageFlash("danger", "Form tidak valid");
return FALSE;
}
if (!filter_input(INPUT_POST, "username") || !filter_input(INPUT_POST, "password")) {
View::setMessageFlash("danger", "Masukkan Username dan Password");
return FALSE;
}
$username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING);
$password = md5(filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING));
$mysqli = App::getConnection(true);
$sql = "SELECT user_id FROM users WHERE username='******' AND password='******'";
if (!($query = $mysqli->query($sql))) {
View::setMessageFlash("danger", $mysqli->error);
return FALSE;
}
if ($query->num_rows == 0) {
View::setMessageFlash("danger", "Username dan Password Salah");
return FALSE;
}
$row = $query->fetch_row();
$_SESSION['user_id'] = $row[0];
return TRUE;
}
public function __construct($id)
{
$mysqli = App::getConnection(true);
$sql = "SELECT * FROM " . $this->table . " WHERE " . $this->key . " = '" . $id . "'";
if (!($query = $mysqli->query($sql))) {
return;
}
$this->data = $query->fetch_assoc();
}
public function update()
{
$mysqli = App::getConnection(true);
$sql = "UPDATE " . $this->table . " SET ";
$sql .= "name='" . $this->data['name'] . "', ";
$sql .= "phone='" . $this->data['phone'] . "', ";
$sql .= "address='" . $this->data['address'] . "' ";
$sql .= "WHERE " . $this->key . "='" . $this->data[$this->key] . "' ";
if (!($query = $mysqli->query($sql))) {
return FALSE;
}
return TRUE;
}
