/**
* Inserts data into database, tables customers, occupancies, payments, and updates rooms
* @param array $array_fields fields from booking form
*/
public static function Insert($array_fields)
{
if (!false) {
$conn = DB::GetConnection();
$stmt = $conn->prepare("INSERT INTO customers (customer_id, customer_name, customer_lastname, customer_phone, customer_notes) VALUES (?, ?, ?, ?, ?) ");
$stmt->bindParam(1, $array_fields['id'], \PDO::PARAM_INT);
$stmt->bindParam(2, $array_fields['firstname'], \PDO::PARAM_STR);
$stmt->bindParam(3, $array_fields['lastname'], \PDO::PARAM_STR);
$stmt->bindParam(4, $array_fields['phone'], \PDO::PARAM_STR);
$stmt->bindParam(5, $array_fields['notes'], \PDO::PARAM_STR);
$stmt->execute();
$insertkey = $conn->lastInsertId();
$stmt = $conn->prepare("INSERT INTO occupancies (occupancy_id, occupancy_customer_id, occupancy_room_id, occupancy_firstdate, occupancy_lastdate) VALUES (?, ?, ?, ?, ?) ");
$stmt->bindParam(1, $array_fields['id'], \PDO::PARAM_INT);
$stmt->bindParam(2, $insertkey, \PDO::PARAM_INT);
$stmt->bindParam(3, $array_fields['room_number'], \PDO::PARAM_INT);
$stmt->bindParam(4, $array_fields['check_in'], \PDO::PARAM_STR);
$stmt->bindParam(5, $array_fields['check_out'], \PDO::PARAM_STR);
$stmt->execute();
$payment_id = null;
$payment_status_id = 1;
$payment_amount = 20;
$stmt = $conn->prepare("INSERT INTO payments (payment_id, payment_customer, payment_status_id, payment_amount, payment_date) VALUES (?, ?, ?, ?, ? )");
$stmt->bindParam(1, $payment_id);
$stmt->bindParam(2, $insertkey, \PDO::PARAM_INT);
$stmt->bindParam(3, $payment_status_id);
$stmt->bindParam(4, $payment_amount);
$stmt->bindParam(5, $array_fields['check_out'], \PDO::PARAM_STR);
$stmt->execute();
$stmt = $conn->prepare("UPDATE rooms SET room_status_id = '1' WHERE room_id = ?");
$stmt->bindParam(1, $array_fields['room_number'], \PDO::PARAM_INT);
$stmt->execute();
}
}
/**
* Return array of menu items
* @param int $id
* @return array $menu list of columns from menuitems table
*/
public static function GetMenu($id)
{
$db = DB::GetConnection();
$res = $db->query("select * from menuitems where menu_id = '{$id}' ");
$res->setFetchMode(\PDO::FETCH_CLASS, get_called_class());
$menu = array();
while ($rw = $res->fetch()) {
$menu[] = $rw;
}
return $menu;
}
/**
* Returns array of objects
* @param string $filter add where clause for sql query
* @param int $id
* @param int $bed_id
* @return array of objects for that table
*/
public static function GetAll($filter = null, $id = null, $bed_id = null)
{
$db = DB::GetConnection();
$sql = "select * from " . static::$table;
if ($filter) {
$sql .= " WHERE room_status_id > {$id}";
if ($bed_id) {
$sql .= " AND room_bed_id = {$bed_id}";
}
}
$res = $db->query($sql);
$res->setFetchMode(\PDO::FETCH_CLASS, get_called_class());
$ret_val = array();
while ($rw = $res->fetch()) {
$ret_val[] = $rw;
}
return $ret_val;
}
/**
* Deletes users from tables customers, occupancies, payments, updates rooms so it can free room
* then refresh page
*/
public static function DeleteUsers()
{
$conn = DB::GetConnection();
$user_selected = $_GET['user_selected'];
$stmt = $conn->query("SELECT occupancy_room_id FROM occupancies WHERE occupancy_customer_id = {$user_selected}");
$res = $stmt->fetch();
$occupancy_room_id = $res[0];
$room_status_id = 2;
$stmt = $conn->prepare("UPDATE rooms SET rooms.room_status_id = ? WHERE rooms.room_id = ?");
$stmt->bindParam(1, $room_status_id);
$stmt->bindParam(2, $occupancy_room_id, \PDO::PARAM_INT);
$stmt->execute();
$stmt = $conn->prepare("DELETE FROM customers WHERE customer_id = ?");
$stmt->bindParam(1, $user_selected, \PDO::PARAM_INT);
$stmt->execute();
$stmt = $conn->prepare("DELETE FROM occupancies WHERE occupancy_customer_id = ?");
$stmt->bindParam(1, $user_selected, \PDO::PARAM_INT);
$stmt->execute();
$stmt = $conn->prepare("DELETE FROM payments WHERE payment_customer = ?");
$stmt->bindParam(1, $user_selected, \PDO::PARAM_INT);
$stmt->execute();
}
<?php
//namespace App\Admin;
use App\DB;
use App\Session;
require "../../config.php";
require_once "../../vendor/autoload.php";
$conn = DB::GetConnection();
if (isset($_POST['btnLogin']) && isset($_POST['txtEmail']) && isset($_POST['txtPass'])) {
$username = $_POST['txtEmail'];
$pass = $_POST['txtPass'];
if (empty($username) || empty($pass)) {
header("Location: " . APP_DIR . "public/index.php");
}
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
header("Location: " . APP_DIR . "public/index.php");
}
$stmt = $conn->prepare("select user_id,user_name from users where user_email= ? and user_pass= password( ? ) ");
$stmt->bindParam(1, $username, \PDO::PARAM_STR);
$stmt->bindParam(2, $pass, \PDO::PARAM_STR);
$stmt->execute();
if ($row = $stmt->fetchObject()) {
var_dump($row);
Session::SetKey('user_id', $row->user_id);
Session::SetKey('user_name', $row->user_name);
header("Location: admin.php");
} else {
die("Niste Admin");
}
}