function checkRegisterParams() { // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass(); // Check for the submit data $email = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'email', FILTER_DEFAULT)); $firstname = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'firstname', FILTER_DEFAULT)); $lastname = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'lastname', FILTER_DEFAULT)); $password = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'password', FILTER_DEFAULT)); $passwordRe = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'passwordRe', FILTER_DEFAULT)); $address = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'address', FILTER_DEFAULT)); $postnumber = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'postnumber', FILTER_DEFAULT)); $city = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'city', FILTER_DEFAULT)); $phone = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'phone', FILTER_DEFAULT)); // Check inputs validity // Encrypt password $passwordEncypt = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($email), $password, MCRYPT_MODE_CBC, md5(md5($email)))); // Record current date and time $timeAndDate = date("Y-m-d h:i:sa"); // Insert: $query = "INSERT INTO user (firstname, lastname, password, address,\n email, phone, city, postnumber, usertype_idusertype, timeAndDate) \n VALUES ('" . $firstname . "','" . $lastname . "','" . $passwordEncypt . "','" . $address . "','" . $email . "','" . $phone . "','" . $city . "'," . $postnumber . ",1,'" . $timeAndDate . "')"; echo "<br/>" . $query . "<br/>"; $sqlConn->exeQuery($query); // Remove DB connection unset($sqlConn); }
function insertArticleIntoDB() { // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass("nazmarket"); // Extract received informations. // Do checks for SQL injection, data times and other limitations. $articlename = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlename', FILTER_DEFAULT)); $idcategory = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcategory', FILTER_DEFAULT)); $idcompany = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcompany', FILTER_DEFAULT)); $idunit = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idunit', FILTER_DEFAULT)); $articlecomment = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlecomment', FILTER_DEFAULT)); $price = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'price', FILTER_DEFAULT)); $available = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'available', FILTER_DEFAULT)); // Corresponds to the name in HTML. $articleimage = uploadFile("articleimage"); if ($articleimage == -1) { $articleimage = ""; } // $articleName = //[articlename] => [idcategory] => 1 [idcompany] => 1 [articlecomment] => e.g. 500 [idunit] => 1 [price] // Insert: $query = "INSERT INTO article (articlename, idcategory, idcompany, idunit,\r\n price, articlecomment, articleimage, available) \r\n VALUES ('" . $articlename . "','" . $idcategory . "','" . $idcompany . "'," . $idunit . "," . $price . ",'" . $articlecomment . "','" . $articleimage . "'," . $available . ")"; echo "<br/>" . $query . "<br/>"; $sqlConn->exeQuery($query); // Remove DB connection unset($sqlConn); }
function login($emailPOST, $passwordPOST) { echo "login()<br/>"; // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass(); // Check for the submit data $email = $sqlConn->realEscapeString($emailPOST); $password = $sqlConn->realEscapeString($passwordPOST); // React if email/password are empty or wrong echo $email; echo $password; // Get user with email info from the database $query = "SELECT * FROM user WHERE user.email='" . $email . "'"; $result = $sqlConn->exeQuery($query); // Email address is unique in the database. Check if the user is logged on. if ($result->num_rows == 1) { $user = $result->fetch_assoc(); $emailDB = $user['email']; $passwordDB = $user['password']; $passwordEncrypt = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($email), $password, MCRYPT_MODE_CBC, md5(md5($email)))); // Check if user exists and password matches if (strcmp($email, $emailDB) == 0 and strcmp($passwordEncrypt, $passwordDB) == 0) { echo "Loggin suffessfull...<br/>"; return 1; } } else { echo "Loggin ERROR...<br/>"; return 0; } }
function showAllUsers() { // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass("nazmarket"); $result = $sqlConn->exeQuery("SELECT * FROM user, usertype WHERE user.usertype_idusertype = usertype.idusertype"); echo $result->num_rows; echo '<form method="post"> '; echo '<table cellspacing="5"><tr> <td></td> <td><b>First name</b><hr></td> <td><b>Last name</b>' . '<hr></td> <td><b>Email</b><hr></td> <td><b>Address</b><hr></td> <td><b>Phone</b><hr></td> ' . '<td><b>Registration date</b><hr></td> <td><b>Type</b><hr></td> <td></td></tr>'; while ($row = $result->fetch_assoc()) { echo "<tr>"; echo "<td><button type='submit' name='edit' value='" . $row['iduser'] . "'>Edit</button></td>"; echo "<td>" . $row['firstname'] . "</td>"; //$articleImageSrc = __ROOT__."/uploads/article/image/".$row['articleimage']; echo "<td> " . $row['lastname'] . "</td>"; echo "<td>" . $row['email'] . "</td>"; echo "<td>" . $row['address'] . "; " . $row['postnumber'] . "; " . $row['city'] . "</td>"; echo "<td>" . $row['phone'] . "</td>"; echo "<td>" . $row['timeAndDate'] . "</td>"; echo "<td>" . $row['idusertype'] . "</td>"; echo "<td><button type='submit' name='delete' value='" . $row['iduser'] . "'>Delete</button></td>"; echo "</tr> "; } echo '</table>'; echo '</form>'; }
function showAllArticles() { // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass("nazmarket"); $result = $sqlConn->exeQuery("SELECT * FROM article, category, company, unit " . " WHERE ((article.idcategory = category.idcategory) AND " . " (article.idcompany = company.idcompany) AND " . " (article.idunit = unit.idunit))"); echo '<form method="post"> '; while ($row = $result->fetch_assoc()) { echo '<div class="ProductIcon">'; //$articleImage = __ROOT__."/uploads/article/image/".$row['articleimage']; $articleImage = "uploads/article/image/" . $row['articleimage']; echo '<img class="ProductIcon" src="' . $articleImage . '" alt=""width="200" Height="120" " </img> '; echo '<br><br>'; echo $row['articlename'] . '<br>'; echo $row['price'] . 'e'; echo '<br>'; echo $row['articlecomment'] . $row['unitname']; echo '<br>'; echo $row['companyname']; echo '<a class="addButton"href="#"> Add </a>'; echo '</div>'; } echo '</form>'; }
function updateArticle($saveEdit) { // Create DB connection require_once __ROOT__ . '/admin/include/DBclass.php'; $sqlConn = new DBclass("nazmarket"); $articlename = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlename', FILTER_DEFAULT)); $idcategory = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcategory', FILTER_DEFAULT)); $idcompany = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcompany', FILTER_DEFAULT)); $idunit = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idunit', FILTER_DEFAULT)); $articlecomment = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlecomment', FILTER_DEFAULT)); $price = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'price', FILTER_DEFAULT)); $available = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'available', FILTER_DEFAULT)); $query = "UPDATE article SET \r\n articlename='" . $articlename . "',\r\n idcategory=" . $idcategory . ",\r\n idcompany=" . $idcompany . ",\r\n idunit='" . $idunit . "',\r\n articlecomment='" . $articlecomment . "',\r\n price=" . $price . ",\r\n available=" . $available . " \r\n WHERE idarticle=" . $saveEdit; echo $query; $sqlConn->exeQuery($query); }