public function create()
{
$connect = new DB_connect();
$connect->set_charset("utf8");
$firstname = $connect->real_escape_string(trim($this->name));
$lastname = $connect->real_escape_string(trim($this->lastname));
$dateOfBirth = $connect->real_escape_string(trim($this->dateOfBirth));
$dateOfDeath = $connect->real_escape_string(trim($this->dateOfDeath));
$religion = $connect->real_escape_string(trim($this->religion));
$location = $connect->real_escape_string(trim($this->location));
$text = $connect->real_escape_string(trim($this->text));
$url = $connect->real_escape_string(trim($this->music));
if (!empty($_FILES["photo"]["name"])) {
if ($_FILES['photo']['size'] < 1024000 && getimagesize($_FILES['photo']['tmp_name'])) {
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'images/';
$this->image = rand();
move_uploaded_file($_FILES['photo']['tmp_name'], $uploadsDirectory . $this->image);
} else {
echo 'This format of photo is unsupported or the photo is too big!';
}
} else {
$this->image = 0;
}
$query = "INSERT INTO obituaries(name, lastname, dateOfBirth, dateOfDeath, religion, location, text, image, music, datePublished) \n\t\t\tVALUES(?,?,?,?,?,?,?,?,?,?)";
$statment = $connect->prepare($query);
$statment->bind_param('ssssssssss', $this->name, $this->lastname, $this->dateOfBirth, $this->dateOfDeath, $this->religion, $this->location, $this->text, $this->image, $this->music, $this->datePublished);
$statment->execute();
$statment->close();
$connect->close();
}
public function update()
{
$connect = new DB_connect();
$connect->set_charset("utf8");
$address = $connect->real_escape_string(trim($this->address));
$phone = $connect->real_escape_string(trim($this->phone));
$email = $connect->real_escape_string(trim($this->email));
if ($this->pass == '') {
$query = "UPDATE users SET address=?, phone=?, email=? WHERE id=?";
$statment = $connect->prepare($query);
$statment->bind_param('sssi', $address, $phone, $email, $this->id);
} else {
$query = "UPDATE users SET address=?, phone=?, email=?, password=? WHERE id=?";
$statment = $connect->prepare($query);
$statment->bind_param('ssssi', $address, $phone, $email, $this->pass, $this->id);
}
$statment->execute();
$statment->close();
$connect->close();
}
<?php
if (!isset($_SESSION)) {
session_start();
}
if (isset($_POST['login'])) {
require_once 'class/DB_connect.php';
$connect = new DB_connect();
$connect->set_charset("utf8");
$email = $connect->real_escape_string(trim($_POST["email"]));
$pass = md5($connect->real_escape_string(trim($_POST["pass"])));
$query = "SELECT id, name, lastname, password, rank FROM users WHERE email=?";
$statement = $connect->prepare($query);
$statement->bind_param('s', $email);
$statement->execute();
$statement->bind_result($id_user, $name, $lastname, $passwd, $rank);
$statement->fetch();
$statement->close();
$connect->close();
if ($pass == $passwd) {
$_SESSION['name'] = $name . " " . $lastname;
$_SESSION['email'] = $email;
$_SESSION['id_user'] = $id_user;
$_SESSION['rank'] = $rank;
$_SESSION['logged'] = true;
header("Location: index.php");
} else {
echo '<p>Username and password do not match!</p>';
}
}
