public function create() { $connect = new DB_connect(); $connect->set_charset("utf8"); $firstname = $connect->real_escape_string(trim($this->name)); $lastname = $connect->real_escape_string(trim($this->lastname)); $dateOfBirth = $connect->real_escape_string(trim($this->dateOfBirth)); $dateOfDeath = $connect->real_escape_string(trim($this->dateOfDeath)); $religion = $connect->real_escape_string(trim($this->religion)); $location = $connect->real_escape_string(trim($this->location)); $text = $connect->real_escape_string(trim($this->text)); $url = $connect->real_escape_string(trim($this->music)); if (!empty($_FILES["photo"]["name"])) { if ($_FILES['photo']['size'] < 1024000 && getimagesize($_FILES['photo']['tmp_name'])) { $directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']); $uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'images/'; $this->image = rand(); move_uploaded_file($_FILES['photo']['tmp_name'], $uploadsDirectory . $this->image); } else { echo 'This format of photo is unsupported or the photo is too big!'; } } else { $this->image = 0; } $query = "INSERT INTO obituaries(name, lastname, dateOfBirth, dateOfDeath, religion, location, text, image, music, datePublished) \n\t\t\tVALUES(?,?,?,?,?,?,?,?,?,?)"; $statment = $connect->prepare($query); $statment->bind_param('ssssssssss', $this->name, $this->lastname, $this->dateOfBirth, $this->dateOfDeath, $this->religion, $this->location, $this->text, $this->image, $this->music, $this->datePublished); $statment->execute(); $statment->close(); $connect->close(); }
public function update() { $connect = new DB_connect(); $connect->set_charset("utf8"); $address = $connect->real_escape_string(trim($this->address)); $phone = $connect->real_escape_string(trim($this->phone)); $email = $connect->real_escape_string(trim($this->email)); if ($this->pass == '') { $query = "UPDATE users SET address=?, phone=?, email=? WHERE id=?"; $statment = $connect->prepare($query); $statment->bind_param('sssi', $address, $phone, $email, $this->id); } else { $query = "UPDATE users SET address=?, phone=?, email=?, password=? WHERE id=?"; $statment = $connect->prepare($query); $statment->bind_param('ssssi', $address, $phone, $email, $this->pass, $this->id); } $statment->execute(); $statment->close(); $connect->close(); }
<?php if (!isset($_SESSION)) { session_start(); } if (isset($_POST['login'])) { require_once 'class/DB_connect.php'; $connect = new DB_connect(); $connect->set_charset("utf8"); $email = $connect->real_escape_string(trim($_POST["email"])); $pass = md5($connect->real_escape_string(trim($_POST["pass"]))); $query = "SELECT id, name, lastname, password, rank FROM users WHERE email=?"; $statement = $connect->prepare($query); $statement->bind_param('s', $email); $statement->execute(); $statement->bind_result($id_user, $name, $lastname, $passwd, $rank); $statement->fetch(); $statement->close(); $connect->close(); if ($pass == $passwd) { $_SESSION['name'] = $name . " " . $lastname; $_SESSION['email'] = $email; $_SESSION['id_user'] = $id_user; $_SESSION['rank'] = $rank; $_SESSION['logged'] = true; header("Location: index.php"); } else { echo '<p>Username and password do not match!</p>'; } }