/**
* Validate users details
*
* This method checks the user's given details with the database to make
* sure the password given is the same as we hold in the database. Return
* True if it is, False if it is not.
*
* @return Boolean
*
*/
public static function checkUserDetails($uname, $pword)
{
$mysql = new PDOConfig();
$returnValue = False;
$clean = array();
$resultArray = array();
if (isset($uname) && TasksappValidator::checkPassword($uname)) {
$clean['username'] = $uname;
}
if (isset($pword) && TasksappValidator::checkPassword($pword)) {
$clean['password'] = $pword;
}
$query = $mysql->prepare("SELECT user_id, username, password from gl_user WHERE username=:username LIMIT 1");
$query->execute(array(':username' => $clean['username']));
foreach ($query->fetchAll() as $row) {
$resultArray = $row;
}
print md5(Config::mySalt . $clean['password']);
if (count($resultArray) && $clean['username'] == $resultArray['username'] && md5(Config::mySalt . $clean['password']) == $resultArray['password']) {
$_SESSION['user_id'] = $resultArray['user_id'];
$_SESSION['username'] = $resultArray['username'];
$_SESSION['usertype'] = $resultArray['usertype'];
$returnValue = True;
}
return $returnValue;
}
<?php
include "../../../model/connectDB.php";
$db = new PDOConfig();
if (isset($username) && isset($password)) {
$sql = "SELECT store_name,store_id from store where account =:username and password =:password";
$query = $db->prepare($sql);
$query->execute(array(':username' => $username, ':password' => $password));
$result = $query->fetchAll(PDO::FETCH_OBJ);
if ($result != null) {
session_start(true);
$_SESSION['store_id'] = $result[0]->store_id;
$_SESSION['account'] = $username;
$_SESSION['store_name'] = $result[0]->name;
echo true;
} else {
echo false;
}
} else {
echo false;
}
$decide = $_POST["decide"];
$gender = $_POST["gender"];
$birthday = $_POST["birthday"];
$address = $_POST["address"];
$name = $_POST["name"];
$password = $_POST["password"];
$field_file = $_FILES['file'];
$filename = $_FILES['file']['name'];
$tmpname = $_FILES['file']['tmp_name'];
$filetype = $_FILES['file']['type'];
$filesize = $_FILES['file']['size'];
switch ($decide) {
case 'update':
$id = $_SESSION['mem_id'];
$sql = "UPDATE member SET name = :name, address = :address, password = :password, birthday = :birthday , gender = :gender WHERE member.mem_id ={$id}";
$query = $db->prepare($sql);
$query->execute(array('name' => $name, 'address' => $address, 'password' => $password, 'birthday' => $birthday, 'gender' => $gender));
$imgtype = (string) $id + '.jpg';
$stmt2 = $db->prepare("UPDATE member SET `imgtype`='{$imgtype}.jpg' WHERE `mem_id`='{$id}'");
$result2 = $stmt2->execute();
if ($query == true) {
if (move_uploaded_file($_FILES['file']['tmp_name'], '../../../../store/StoreManage/picture/member/' . $id . '.jpg')) {
echo true;
} else {
echo "檔案上傳失敗";
}
} else {
echo "新增失敗";
}
break;
default:
$a = $_REQUEST['a'];
$decide = $a[1];
$qst_type = $a[0];
} elseif (isset($_REQUEST['ins'])) {
$b = $_REQUEST['ins'];
$pt = $b[0];
$couid = $b[1];
$total = $b[2];
$decide = "insert";
}
switch ($decide) {
case 'list':
$store_id = $_SESSION['storeid'];
$mem_id = $_SESSION['mem_id'];
$sqlp = "SELECT total_pt from `point` where store_id = {$store_id} and mem_id = {$mem_id}";
$queryp = $db->prepare($sqlp);
$queryp->execute();
$resultp = $queryp->fetchall(PDO::FETCH_OBJ);
$total_pt = $resultp[0]->total_pt;
$today = date("Y-m-d");
$sql = "SELECT end_date,need_pt,coupon_name,a.coupon_type_id\r\n FROM coupon as a join coupon_type as b on a.coupon_type_id = b.coupon_type_id\r\n where coupon_id={$a['0']}";
$query = $db->prepare($sql);
$query->execute();
$row = $query->fetchall(PDO::FETCH_OBJ);
if ($row[0]->coupon_type_id == 1) {
echo '<div class="6u" style="width:100%;color:#FFFFFF;text-align:center;font-size:14px"><a href="#" class="image fit"><img src="../../image/discounts.jpg" height="60%" width="60%" alt="" />';
} else {
echo '<div class="6u" style="width:100%;color:#FFFFFF;text-align:center;font-size:14px"><a href="#" class="image fit"><img src="../../image/coupons.jpg" height="60%" width="60%" alt="" />';
}
echo '</a>' . $row[0]->coupon_name . '<br/>領取此禮券需' . $row[0]->need_pt . '點<br/><font color="red">領取期限剩' . (strtotime($row[0]->end_date) - strtotime($today)) / 86400 . '天</font><br/><br/></div>
<INPUT TYPE=hidden id="pt" NAME="pt" VALUE="' . $row[0]->need_pt . '">
function photo($decide)
{
switch ($decide) {
case 'view':
$db = new PDOConfig();
$sql = "SELECT imgtype FROM `activity` where CURDATE() between start_date and end_date LIMIT 3";
$query = $db->prepare($sql);
$query->execute();
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
echo '<div >
<img src="src=../../../../../store/StoreManage/picture/activity/' . $row['imgtype'] . '" style="width: 100%;height: 100%;" />
</div>
';
}
break;
default:
echo "error";
break;
}
}
$a = $_REQUEST['a'];
$decide = $a[1];
$qst_type = $a[0];
} elseif (isset($_REQUEST['ins'])) {
$b = $_REQUEST['ins'];
$Quantity = $b[0];
$gift_id = $b[1];
$red_point = 0 - $b[2];
$decide = "inster";
}
switch ($decide) {
case 'list':
$store_id = $_SESSION['storeid'];
$mem_id = $_SESSION['mem_id'];
$sqlp = "SELECT total_pt from `point` where store_id = {$store_id} and mem_id = {$mem_id}";
$queryp = $db->prepare($sqlp);
$queryp->execute();
$resultp = $queryp->fetchall(PDO::FETCH_OBJ);
$total_pt = $resultp[0]->total_pt;
$sql = "SELECT gift_name,gift_id,imgtype,need_pt,Quantity FROM gift where gift_id = {$a['0']} and CURDATE() between start_date-1 and end_date";
//$qst_name=$result[0]->qst_name;
//echo $qst_name.$result[0]->opt_1;
$query = $db->prepare($sql);
$query->execute();
$result = $query->fetchall(PDO::FETCH_OBJ);
echo '
<td rowspan="3" style="width:30%;border-color:#3C3C3C;color:#3C3C3C;text-align:center;display: table-cell;vertical-align:middle;"><img style="width:120px;height:120px;" src="../../../store/StoreManage/picture/gift/' . $result[0]->imgtype . '" alt="" /></td>
<td style="border-color:#3C3C3C;color:#FFFFFF;text-align:center;display: table-cell;vertical-align:middle;font-size:16px;">' . $result[0]->gift_name . '</td>
<INPUT TYPE=hidden id="pt" NAME="pt" VALUE="' . $result[0]->need_pt . '">
<INPUT TYPE=hidden id="gift_id" NAME="gift_id" VALUE="' . $result[0]->gift_id . '">
<INPUT TYPE=hidden id="gift_name" NAME="gift_name" VALUE="' . $result[0]->gift_name . '">
