function login($emailPOST, $passwordPOST)
{
echo "login()<br/>";
// Create DB connection
require_once __ROOT__ . '/admin/include/DBclass.php';
$sqlConn = new DBclass();
// Check for the submit data
$email = $sqlConn->realEscapeString($emailPOST);
$password = $sqlConn->realEscapeString($passwordPOST);
// React if email/password are empty or wrong
echo $email;
echo $password;
// Get user with email info from the database
$query = "SELECT * FROM user WHERE user.email='" . $email . "'";
$result = $sqlConn->exeQuery($query);
// Email address is unique in the database. Check if the user is logged on.
if ($result->num_rows == 1) {
$user = $result->fetch_assoc();
$emailDB = $user['email'];
$passwordDB = $user['password'];
$passwordEncrypt = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($email), $password, MCRYPT_MODE_CBC, md5(md5($email))));
// Check if user exists and password matches
if (strcmp($email, $emailDB) == 0 and strcmp($passwordEncrypt, $passwordDB) == 0) {
echo "Loggin suffessfull...<br/>";
return 1;
}
} else {
echo "Loggin ERROR...<br/>";
return 0;
}
}
function checkRegisterParams()
{
// Create DB connection
require_once __ROOT__ . '/admin/include/DBclass.php';
$sqlConn = new DBclass();
// Check for the submit data
$email = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'email', FILTER_DEFAULT));
$firstname = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'firstname', FILTER_DEFAULT));
$lastname = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'lastname', FILTER_DEFAULT));
$password = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'password', FILTER_DEFAULT));
$passwordRe = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'passwordRe', FILTER_DEFAULT));
$address = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'address', FILTER_DEFAULT));
$postnumber = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'postnumber', FILTER_DEFAULT));
$city = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'city', FILTER_DEFAULT));
$phone = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'phone', FILTER_DEFAULT));
// Check inputs validity
// Encrypt password
$passwordEncypt = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($email), $password, MCRYPT_MODE_CBC, md5(md5($email))));
// Record current date and time
$timeAndDate = date("Y-m-d h:i:sa");
// Insert:
$query = "INSERT INTO user (firstname, lastname, password, address,\n email, phone, city, postnumber, usertype_idusertype, timeAndDate) \n VALUES ('" . $firstname . "','" . $lastname . "','" . $passwordEncypt . "','" . $address . "','" . $email . "','" . $phone . "','" . $city . "'," . $postnumber . ",1,'" . $timeAndDate . "')";
echo "<br/>" . $query . "<br/>";
$sqlConn->exeQuery($query);
// Remove DB connection
unset($sqlConn);
}
function updateArticle($saveEdit)
{
// Create DB connection
require_once __ROOT__ . '/admin/include/DBclass.php';
$sqlConn = new DBclass("nazmarket");
$articlename = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlename', FILTER_DEFAULT));
$idcategory = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcategory', FILTER_DEFAULT));
$idcompany = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcompany', FILTER_DEFAULT));
$idunit = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idunit', FILTER_DEFAULT));
$articlecomment = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlecomment', FILTER_DEFAULT));
$price = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'price', FILTER_DEFAULT));
$available = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'available', FILTER_DEFAULT));
$query = "UPDATE article SET \r\n articlename='" . $articlename . "',\r\n idcategory=" . $idcategory . ",\r\n idcompany=" . $idcompany . ",\r\n idunit='" . $idunit . "',\r\n articlecomment='" . $articlecomment . "',\r\n price=" . $price . ",\r\n available=" . $available . " \r\n WHERE idarticle=" . $saveEdit;
echo $query;
$sqlConn->exeQuery($query);
}
function insertArticleIntoDB()
{
// Create DB connection
require_once __ROOT__ . '/admin/include/DBclass.php';
$sqlConn = new DBclass("nazmarket");
// Extract received informations.
// Do checks for SQL injection, data times and other limitations.
$articlename = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlename', FILTER_DEFAULT));
$idcategory = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcategory', FILTER_DEFAULT));
$idcompany = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idcompany', FILTER_DEFAULT));
$idunit = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'idunit', FILTER_DEFAULT));
$articlecomment = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'articlecomment', FILTER_DEFAULT));
$price = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'price', FILTER_DEFAULT));
$available = $sqlConn->realEscapeString(filter_input(INPUT_POST, 'available', FILTER_DEFAULT));
// Corresponds to the name in HTML.
$articleimage = uploadFile("articleimage");
if ($articleimage == -1) {
$articleimage = "";
}
// $articleName =
//[articlename] => [idcategory] => 1 [idcompany] => 1 [articlecomment] => e.g. 500 [idunit] => 1 [price]
// Insert:
$query = "INSERT INTO article (articlename, idcategory, idcompany, idunit,\r\n price, articlecomment, articleimage, available) \r\n VALUES ('" . $articlename . "','" . $idcategory . "','" . $idcompany . "'," . $idunit . "," . $price . ",'" . $articlecomment . "','" . $articleimage . "'," . $available . ")";
echo "<br/>" . $query . "<br/>";
$sqlConn->exeQuery($query);
// Remove DB connection
unset($sqlConn);
}
