public function upload()
{
// security check first
$token_handler = new security();
$token_handler->check_token();
// receives data from input form:
/*
* <form action="upload.php" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
*/
$target_dir = PHOTO_DIR;
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);
// actual photo/image ?
$msg = '';
if (isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if ($check !== false) {
$msg .= "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
$msg .= "File is not an image.";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($target_file)) {
$msg .= "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
$msg .= "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {
$msg .= "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
$msg .= "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
$msg .= "The file " . basename($_FILES["fileToUpload"]["name"]) . " has been uploaded.";
} else {
$msg .= "Sorry, there was an error uploading your file.";
}
}
$result = array('message' => $msg, 'ok' => $uploadOk);
return $result;
}
public function reset()
{
$token_handler = new security();
$token_handler->check_token();
$content = '';
// resets users password
// sends an email containing a link + token with 6h validity
// from this link, access this same method, but with confirm=yes in url
if (isset($_GET['confirm'])) {
if ($_GET['confirm'] == 'yes') {
// check token with database
// will arrive here from user's mail - show form to enter new password and UPDATE it in the database
}
} else {
// send email to user with link to reset, redirecting here
// ?controller=users&action=reset&confirm=yes&token=ETC
// 1st, check if user + email exist in database
$connection = new database();
$sql = "SELECT username, email FROM users WHERE username=?";
$data[] = $_POST['username'];
$user_results = $connection->fetchAll($sql, $data);
if ($connection->row_count = 1) {
// ok, found one user with this username
// but, does he/she has an email?
if ($_POST['email'] != '') {
if ($user_results[0]['email'] == $_POST['email']) {
// send email with proper link to reset password
$content .= "<p>Dear {$_POST['username']}, an email was sent to {$_POST['email']} with instructions on how to reset your password.";
$content .= "<p>It should arrive momentarily; if not, check your spam box or contact the administrator.";
// TODO: send email to reset password.
// Contains a link with a token that redirects to a special page - this only confirms that user has acces to the concerned email
} else {
$content .= "<p>Email not found or invalid. Please, try again.";
$content .= "<p>Contact the administrator if you think you do not have a registered email.";
}
} else {
$content .= "<p>Email is obligatory. Please, try again.";
}
} else {
$content .= "User not found. Please, try again!";
}
}
$output['page'] = 'views/forgot.php';
$output['content'] = $content;
return $output;
}
public function update()
{
/* UPDATE multiple tables:
// UPDATE tables SET table1.col1=table2.col2
// WHERE condition;
// needs:
// 1. column names - $this->cols
// 2. table name - $this->table_name
// 3. id - $_GET['id'] from action form
example:
$sql = " UPDATE {$this->table_name} SET
nom=?, prenom=?, nom_khmer=?, prenom_khmer=?, sex_id=?, matricule=?, dob=?, program_id=?
WHERE student_id=?";
/********************************************/
$security_handler = new security();
$security_handler->check_token();
$id = $_GET['id'];
$i = 0;
$cols = '';
$values = array();
foreach ($this->cols as $column) {
array_push($values, $_POST[$column]);
$cols .= $column . '=?,';
$i++;
}
array_push($values, $id);
// add last value to the array, which corresponds to the record id number.
$cols = substr($cols, 0, -1);
$sql = "UPDATE " . $this->table_name . " SET " . $cols . " WHERE " . $this->id_column . "=?";
//echo "<p>sql: ".$sql."<br>";
//echo "<p>values: ";
//var_dump ($values);
$connection = new database();
if ($connection->update($sql, $values)) {
$_SESSION['log'] .= new timestamp("Affected rows: " . $connection->get_row_num());
} else {
$_SESSION['log'] .= new timestamp("Record was not updated in {$_GET['controller']}!");
}
//die();
}
