/** * Validate users details * * This method checks the user's given details with the database to make * sure the password given is the same as we hold in the database. Return * True if it is, False if it is not. * * @return Boolean * */ public static function checkUserDetails($uname, $pword) { $mysql = new PDOConfig(); $returnValue = False; $clean = array(); $resultArray = array(); if (isset($uname) && TasksappValidator::checkPassword($uname)) { $clean['username'] = $uname; } if (isset($pword) && TasksappValidator::checkPassword($pword)) { $clean['password'] = $pword; } $query = $mysql->prepare("SELECT user_id, username, password from gl_user WHERE username=:username LIMIT 1"); $query->execute(array(':username' => $clean['username'])); foreach ($query->fetchAll() as $row) { $resultArray = $row; } print md5(Config::mySalt . $clean['password']); if (count($resultArray) && $clean['username'] == $resultArray['username'] && md5(Config::mySalt . $clean['password']) == $resultArray['password']) { $_SESSION['user_id'] = $resultArray['user_id']; $_SESSION['username'] = $resultArray['username']; $_SESSION['usertype'] = $resultArray['usertype']; $returnValue = True; } return $returnValue; }
<?php include "../../../model/connectDB.php"; $db = new PDOConfig(); if (isset($username) && isset($password)) { $sql = "SELECT store_name,store_id from store where account =:username and password =:password"; $query = $db->prepare($sql); $query->execute(array(':username' => $username, ':password' => $password)); $result = $query->fetchAll(PDO::FETCH_OBJ); if ($result != null) { session_start(true); $_SESSION['store_id'] = $result[0]->store_id; $_SESSION['account'] = $username; $_SESSION['store_name'] = $result[0]->name; echo true; } else { echo false; } } else { echo false; }
$decide = $_POST["decide"]; $gender = $_POST["gender"]; $birthday = $_POST["birthday"]; $address = $_POST["address"]; $name = $_POST["name"]; $password = $_POST["password"]; $field_file = $_FILES['file']; $filename = $_FILES['file']['name']; $tmpname = $_FILES['file']['tmp_name']; $filetype = $_FILES['file']['type']; $filesize = $_FILES['file']['size']; switch ($decide) { case 'update': $id = $_SESSION['mem_id']; $sql = "UPDATE member SET name = :name, address = :address, password = :password, birthday = :birthday , gender = :gender WHERE member.mem_id ={$id}"; $query = $db->prepare($sql); $query->execute(array('name' => $name, 'address' => $address, 'password' => $password, 'birthday' => $birthday, 'gender' => $gender)); $imgtype = (string) $id + '.jpg'; $stmt2 = $db->prepare("UPDATE member SET `imgtype`='{$imgtype}.jpg' WHERE `mem_id`='{$id}'"); $result2 = $stmt2->execute(); if ($query == true) { if (move_uploaded_file($_FILES['file']['tmp_name'], '../../../../store/StoreManage/picture/member/' . $id . '.jpg')) { echo true; } else { echo "檔案上傳失敗"; } } else { echo "新增失敗"; } break; default:
$a = $_REQUEST['a']; $decide = $a[1]; $qst_type = $a[0]; } elseif (isset($_REQUEST['ins'])) { $b = $_REQUEST['ins']; $pt = $b[0]; $couid = $b[1]; $total = $b[2]; $decide = "insert"; } switch ($decide) { case 'list': $store_id = $_SESSION['storeid']; $mem_id = $_SESSION['mem_id']; $sqlp = "SELECT total_pt from `point` where store_id = {$store_id} and mem_id = {$mem_id}"; $queryp = $db->prepare($sqlp); $queryp->execute(); $resultp = $queryp->fetchall(PDO::FETCH_OBJ); $total_pt = $resultp[0]->total_pt; $today = date("Y-m-d"); $sql = "SELECT end_date,need_pt,coupon_name,a.coupon_type_id\r\n FROM coupon as a join coupon_type as b on a.coupon_type_id = b.coupon_type_id\r\n where coupon_id={$a['0']}"; $query = $db->prepare($sql); $query->execute(); $row = $query->fetchall(PDO::FETCH_OBJ); if ($row[0]->coupon_type_id == 1) { echo '<div class="6u" style="width:100%;color:#FFFFFF;text-align:center;font-size:14px"><a href="#" class="image fit"><img src="../../image/discounts.jpg" height="60%" width="60%" alt="" />'; } else { echo '<div class="6u" style="width:100%;color:#FFFFFF;text-align:center;font-size:14px"><a href="#" class="image fit"><img src="../../image/coupons.jpg" height="60%" width="60%" alt="" />'; } echo '</a>' . $row[0]->coupon_name . '<br/>領取此禮券需' . $row[0]->need_pt . '點<br/><font color="red">領取期限剩' . (strtotime($row[0]->end_date) - strtotime($today)) / 86400 . '天</font><br/><br/></div> <INPUT TYPE=hidden id="pt" NAME="pt" VALUE="' . $row[0]->need_pt . '">
function photo($decide) { switch ($decide) { case 'view': $db = new PDOConfig(); $sql = "SELECT imgtype FROM `activity` where CURDATE() between start_date and end_date LIMIT 3"; $query = $db->prepare($sql); $query->execute(); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { echo '<div > <img src="src=../../../../../store/StoreManage/picture/activity/' . $row['imgtype'] . '" style="width: 100%;height: 100%;" /> </div> '; } break; default: echo "error"; break; } }
$a = $_REQUEST['a']; $decide = $a[1]; $qst_type = $a[0]; } elseif (isset($_REQUEST['ins'])) { $b = $_REQUEST['ins']; $Quantity = $b[0]; $gift_id = $b[1]; $red_point = 0 - $b[2]; $decide = "inster"; } switch ($decide) { case 'list': $store_id = $_SESSION['storeid']; $mem_id = $_SESSION['mem_id']; $sqlp = "SELECT total_pt from `point` where store_id = {$store_id} and mem_id = {$mem_id}"; $queryp = $db->prepare($sqlp); $queryp->execute(); $resultp = $queryp->fetchall(PDO::FETCH_OBJ); $total_pt = $resultp[0]->total_pt; $sql = "SELECT gift_name,gift_id,imgtype,need_pt,Quantity FROM gift where gift_id = {$a['0']} and CURDATE() between start_date-1 and end_date"; //$qst_name=$result[0]->qst_name; //echo $qst_name.$result[0]->opt_1; $query = $db->prepare($sql); $query->execute(); $result = $query->fetchall(PDO::FETCH_OBJ); echo ' <td rowspan="3" style="width:30%;border-color:#3C3C3C;color:#3C3C3C;text-align:center;display: table-cell;vertical-align:middle;"><img style="width:120px;height:120px;" src="../../../store/StoreManage/picture/gift/' . $result[0]->imgtype . '" alt="" /></td> <td style="border-color:#3C3C3C;color:#FFFFFF;text-align:center;display: table-cell;vertical-align:middle;font-size:16px;">' . $result[0]->gift_name . '</td> <INPUT TYPE=hidden id="pt" NAME="pt" VALUE="' . $result[0]->need_pt . '"> <INPUT TYPE=hidden id="gift_id" NAME="gift_id" VALUE="' . $result[0]->gift_id . '"> <INPUT TYPE=hidden id="gift_name" NAME="gift_name" VALUE="' . $result[0]->gift_name . '">