Thread: Not sure!
View Single Post
  #1  
Old 20th October 2021, 03:38
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Senior Member
 
Join Date: Jul 2013
P2P
Posts: 356
Default Not sure!
PHP Code:
<?php
session_start
();
require(
'../config.php');
class 
User extends Dbconfig {    
    protected 
$hostName;
    protected 
$userName;
    protected 
$password;
    protected 
$dbName;
    private 
$userTable 'user';
    private 
$dbConnect false;
    public function 
__construct(){
        if(!
$this->dbConnect){         
            
$database = new dbConfig();            
            
$this -> hostName $database -> serverName;
            
$this -> userName $database -> userName;
            
$this -> password $database ->password;
            
$this -> dbName $database -> dbName;            
            
$conn = new mysqli($this->hostName$this->userName$this->password$this->dbName);
            if(
$conn->connect_error){
                die(
"Error failed to connect to MySQL: " $conn->connect_error);
            } else{
                
$this->dbConnect $conn;
            }
        }
    }
    private function 
getData($sqlQuery) {
        
$result mysqli_query($this->dbConnect$sqlQuery);
        if(!
$result){
            die(
'Error in query: 'mysqli_error());
        }
        
$data= array();
        while (
$row mysqli_fetch_array($resultMYSQLI_ASSOC)) {
            
$data[]=$row;            
        }
        return 
$data;
    }
    private function 
getNumRows($sqlQuery) {
        
$result mysqli_query($this->dbConnect$sqlQuery);
        if(!
$result){
            die(
'Error in query: 'mysqli_error());
        }
        
$numRows mysqli_num_rows($result);
        return 
$numRows;
    }    
    public function 
loginStatus (){
        if(empty(
$_SESSION["userid"])) {
            
header("Location: login.php");
        }
    }    
    public function 
login(){        
        
$errorMessage '';
        if(!empty(
$_POST["login"]) && $_POST["loginId"]!=''&& $_POST["loginPass"]!='') {    
            
$loginId $_POST['loginId'];
            
$password $_POST['loginPass'];
            if(isset(
$_COOKIE["loginPass"]) && $_COOKIE["loginPass"] == $password) {
                
$password $_COOKIE["loginPass"];
            } else {
                
$password md5($password);
            }    
            
$sqlQuery "SELECT * FROM ".$this->userTable.
                WHERE email='"
.$loginId."' AND password='".$password."' AND status = 'active'";
            
$resultSet mysqli_query($this->dbConnect$sqlQuery);
            
$isValidLogin mysqli_num_rows($resultSet);    
            if(
$isValidLogin){
                if(!empty(
$_POST["remember"]) && $_POST["remember"] != '') {
                    
setcookie ("loginId"$loginIdtime()+ (10 365 24 60 60));  
                    
setcookie ("loginPass",    $password,    time()+ (10 365 24 60 60));
                } else {
                    
$_COOKIE['loginId' ]='';
                    
$_COOKIE['loginPass'] = '';
                }
                
$userDetails mysqli_fetch_assoc($resultSet);
                
$_SESSION["userid"] = $userDetails['id'];
                
$_SESSION["name"] = $userDetails['first_name']." ".$userDetails['last_name'];
                
header("location: index.php");         
            } else {        
                
$errorMessage "Invalid login!";         
            }
        } else if(!empty(
$_POST["loginId"])){
            
$errorMessage "Enter Both user and password!";    
        }
        return 
$errorMessage;         
    }
    public function 
adminLoginStatus (){
        if(empty(
$_SESSION["adminUserid"])) {
            
header("Location: index.php");
        }
    }        
    public function 
adminLogin(){        
        
$errorMessage '';
        if(!empty(
$_POST["login"]) && $_POST["email"]!=''&& $_POST["password"]!='') {    
            
$email $_POST['email'];
            
$password $_POST['password'];
            
$sqlQuery "SELECT * FROM ".$this->userTable.
                WHERE email='"
.$email."' AND password='".md5($password)."' AND status = 'active' AND type = 'administrator'";
            
$resultSet mysqli_query($this->dbConnect$sqlQuery);
            
$isValidLogin mysqli_num_rows($resultSet);    
            if(
$isValidLogin){
                
$userDetails mysqli_fetch_assoc($resultSet);
                
$_SESSION["adminUserid"] = $userDetails['id'];
                
$_SESSION["admin"] = $userDetails['first_name']." ".$userDetails['last_name'];
                
header("location: dashboard.php");         
            } else {        
                
$errorMessage "Invalid login!";         
            }
        } else if(!empty(
$_POST["login"])){
            
$errorMessage "Enter Both user and password!";    
        }
        return 
$errorMessage;         
    }
    public function 
register(){        
        
$message '';
        if(!empty(
$_POST["register"]) && $_POST["email"] !='') {
            
$sqlQuery "SELECT * FROM ".$this->userTable.
                WHERE email='"
.$_POST["email"]."'";
            
$result mysqli_query($this->dbConnect$sqlQuery);
            
$isUserExist mysqli_num_rows($result);
            if(
$isUserExist) {
                
$message "User already exist with this email address.";
            } else {            
                
$authtoken $this->getAuthtoken($_POST["email"]);
                
$insertQuery "INSERT INTO ".$this->userTable."(first_name, last_name, email, password, authtoken) 
                VALUES ('"
.$_POST["firstname"]."', '".$_POST["lastname"]."', '".$_POST["email"]."', '".md5($_POST["passwd"])."', '".$authtoken."')";
                
$userSaved mysqli_query($this->dbConnect$insertQuery);
                if(
$userSaved) {                
                    
$link "<a href='http://webdamn.com/demo/user-management-system/verify.php?authtoken=".$authtoken."'>Verify Email</a>";            
                    
$toEmail $_POST["email"];
                    
$subject "Verify email to complete registration";
                    
$msg "Hi there, click on this ".$link." to verify email to complete registration.";
                    
$msg wordwrap($msg,70);
                    
$headers "From: info@webdamn.com";
                    if(
mail($toEmail$subject$msg$headers)) {
                        
$message "Verification email send to your email address. Please check email and verify to complete registration.";
                    }
                } else {
                    
$message "User register request failed.";
                }
            }
        }
        return 
$message;
    }    
    public function 
getAuthtoken($email) {
        
$code md5(889966);
        
$authtoken $code."".md5($email);
        return 
$authtoken;
    }    
    public function 
verifyRegister(){
        
$verifyStatus 0;
        if(!empty(
$_GET["authtoken"]) && $_GET["authtoken"] != '') {            
            
$sqlQuery "SELECT * FROM ".$this->userTable.
                WHERE authtoken='"
.$_GET["authtoken"]."'";
            
$resultSet mysqli_query($this->dbConnect$sqlQuery);
            
$isValid mysqli_num_rows($resultSet);    
            if(
$isValid){
                
$userDetails mysqli_fetch_assoc($resultSet);
                
$authtoken $this->getAuthtoken($userDetails['email']);
                if(
$authtoken == $_GET["authtoken"]) {                    
                    
$updateQuery "UPDATE ".$this->userTable." SET status = 'active'
                        WHERE id='"
.$userDetails['id']."'";
                    
$isUpdated mysqli_query($this->dbConnect$updateQuery);                    
                    if(
$isUpdated) {
                        
$verifyStatus 1;
                    }
                }
            }
        }
        return 
$verifyStatus;
    }    
    public function 
userDetails () {
        
$sqlQuery "SELECT * FROM ".$this->userTable.
            WHERE id ='"
.$_SESSION["userid"]."'";
        
$result mysqli_query($this->dbConnect$sqlQuery);    
        
$userDetails mysqli_fetch_assoc($result);
        return 
$userDetails;
    }    
    public function 
editAccount () {
        
$message '';
        
$updatePassword '';
        if(!empty(
$_POST["passwd"]) && $_POST["passwd"] != '' && $_POST["passwd"] != $_POST["cpasswd"]) {
            
$message "Confirm passwords do not match.";
        } else if(!empty(
$_POST["passwd"]) && $_POST["passwd"] != '' && $_POST["passwd"] == $_POST["cpasswd"]) {
            
$updatePassword ", password='".md5($_POST["passwd"])."' ";
        }        
        
$updateQuery "UPDATE ".$this->userTable.
            SET first_name = '"
.$_POST["firstname"]."', last_name = '".$_POST["lastname"]."', email = '".$_POST["email"]."', mobile = '".$_POST["mobile"]."' , designation = '".$_POST["designation"]."', gender = '".$_POST["gender"]."' $updatePassword
            WHERE id ='"
.$_SESSION["userid"]."'";
        
$isUpdated mysqli_query($this->dbConnect$updateQuery);    
        if(
$isUpdated) {
            
$_SESSION["name"] = $_POST['firstname']." ".$_POST['lastname'];
            
$message "Account details saved.";
        }
        return 
$message;
    }    
    public function 
resetPassword(){
        
$message '';
        if(
$_POST['email'] == '') {
            
$message "Please enter username or email to proceed with password reset";            
        } else {
            
$sqlQuery "
                SELECT email 
                FROM "
.$this->userTable.
                WHERE email='"
.$_POST['email']."'";            
            
$result mysqli_query($this->dbConnect$sqlQuery);
            
$numRows mysqli_num_rows($result);
            if(
$numRows) {            
                
$user mysqli_fetch_assoc($result);
                
$authtoken $this->getAuthtoken($user['email']);
                
$link="<a href='https://www.webdamn.com/demo/user-management-system/reset_password.php?authtoken=".$authtoken."'>Reset Password</a>";                
                
$toEmail $user['email'];
                
$subject "Reset your password on examplesite.com";
                
$msg "Hi there, click on this ".$link." to reset your password.";
                
$msg wordwrap($msg,70);
                
$headers "From: info@webdamn.com";
                if(
mail($toEmail$subject$msg$headers)) {
                    
$message =  "Password reset link send. Please check your mailbox to reset password.";
                }                
            } else {
                
$message "No account exist with entered email address.";
            }
        }
        return 
$message;
    }
    public function 
savePassword(){
        
$message '';
        if(
$_POST['password'] != $_POST['cpassword']) {
            
$message "Password does not match the confirm password.";
        } else if(
$_POST['authtoken']) {
            
$sqlQuery "
                SELECT email, authtoken 
                FROM "
.$this->userTable.
                WHERE authtoken='"
.$_POST['authtoken']."'";            
            
$result mysqli_query($this->dbConnect$sqlQuery);
            
$numRows mysqli_num_rows($result);
            if(
$numRows) {                
                
$userDetails mysqli_fetch_assoc($result);
                
$authtoken $this->getAuthtoken($userDetails['email']);
                if(
$authtoken == $_POST['authtoken']) {
                    
$sqlUpdate "
                        UPDATE "
.$this->userTable.
                        SET password='"
.md5($_POST['password'])."'
                        WHERE email='"
.$userDetails['email']."' AND authtoken='".$authtoken."'";    
                    
$isUpdated mysqli_query($this->dbConnect$sqlUpdate);    
                    if(
$isUpdated) {
                        
$message "Password saved successfully. Please <a href='login.php'>Login</a> to access account.";
                    }
                } else {
                    
$message "Invalid password change request.";
                }
            } else {
                
$message "Invalid password change request.";
            }    
        }
        return 
$message;
    }
    public function 
getUserList(){        
        
$sqlQuery "SELECT * FROM ".$this->userTable." WHERE id !='".$_SESSION['adminUserid']."' ";
        if(!empty(
$_POST["search"]["value"])){
            
$sqlQuery .= '(id LIKE "%'.$_POST["search"]["value"].'%" ';
            
$sqlQuery .= ' OR first_name LIKE "%'.$_POST["search"]["value"].'%" ';
            
$sqlQuery .= ' OR last_name LIKE "%'.$_POST["search"]["value"].'%" ';
            
$sqlQuery .= ' OR designation LIKE "%'.$_POST["search"]["value"].'%" ';
            
$sqlQuery .= ' OR status LIKE "%'.$_POST["search"]["value"].'%" ';
            
$sqlQuery .= ' OR mobile LIKE "%'.$_POST["search"]["value"].'%") ';            
        }
        if(!empty(
$_POST["order"])){
            
$sqlQuery .= 'ORDER BY '.$_POST['order']['0']['column'].' '.$_POST['order']['0']['dir'].' ';
        } else {
            
$sqlQuery .= 'ORDER BY id DESC ';
        }
        if(
$_POST["length"] != -1){
            
$sqlQuery .= 'LIMIT ' $_POST['start'] . ', ' $_POST['length'];
        }    
        
$result mysqli_query($this->dbConnect$sqlQuery);
        
        
$sqlQuery1 "SELECT * FROM ".$this->userTable." WHERE id !='".$_SESSION['adminUserid']."' ";
        
$result1 mysqli_query($this->dbConnect$sqlQuery1);
        
$numRows mysqli_num_rows($result1);
        
        
$userData = array();    
        while( 
$users mysqli_fetch_assoc($result) ) {        
            
$userRows = array();
            
$status '';
            if(
$users['status'] == 'active')    {
                
$status '<span class="label label-success">Active</span>';
            } else if(
$users['status'] == 'pending') {
                
$status '<span class="label label-warning">Inactive</span>';
            } else if(
$users['status'] == 'deleted') {
                
$status '<span class="label label-danger">Deleted</span>';
            }
            
$userRows[] = $users['id'];
            
$userRows[] = ucfirst($users['first_name']." ".$users['last_name']);
            
$userRows[] = $users['gender'];            
            
$userRows[] = $users['email'];    
            
$userRows[] = $users['mobile'];    
            
$userRows[] = $users['type'];
            
$userRows[] = $status;                        
            
$userRows[] = '<button type="button" name="update" id="'.$users["id"].'" class="btn btn-warning btn-xs update">Update</button>';
            
$userRows[] = '<button type="button" name="delete" id="'.$users["id"].'" class="btn btn-danger btn-xs delete" >Delete</button>';
            
$userData[] = $userRows;
        }
        
$output = array(
            
"draw"                =>    intval($_POST["draw"]),
            
"recordsTotal"      =>  $numRows,
            
"recordsFiltered"     =>     $numRows,
            
"data"                =>     $userData
        
);
        echo 
json_encode($output);
    }
    public function 
deleteUser(){
        if(
$_POST["userid"]) {
            
$sqlUpdate "
                UPDATE "
.$this->userTable." SET status = 'deleted'
                WHERE id = '"
.$_POST["userid"]."'";        
            
mysqli_query($this->dbConnect$sqlUpdate);        
        }
    }
    public function 
getUser(){
        
$sqlQuery "
            SELECT * FROM "
.$this->userTable.
            WHERE id = '"
.$_POST["userid"]."'";
        
$result mysqli_query($this->dbConnect$sqlQuery);    
        
$row mysqli_fetch_array($resultMYSQLI_ASSOC);
        echo 
json_encode($row);
    }
    public function 
updateUser() {
        if(
$_POST['userid']) {    
            
$updateQuery "UPDATE ".$this->userTable.
            SET first_name = '"
.$_POST["firstname"]."', last_name = '".$_POST["lastname"]."', email = '".$_POST["email"]."', mobile = '".$_POST["mobile"]."' , designation = '".$_POST["designation"]."', gender = '".$_POST["gender"]."', status = '".$_POST["status"]."', type = '".$_POST['user_type']."'
            WHERE id ='"
.$_POST["userid"]."'";
            
$isUpdated mysqli_query($this->dbConnect$updateQuery);        
        }    
    }    
    public function 
saveAdminPassword(){
        
$message '';
        if(
$_POST['password'] && $_POST['password'] != $_POST['cpassword']) {
            
$message "Password does not match the confirm password.";
        } else {            
            
$sqlUpdate "
                UPDATE "
.$this->userTable.
                SET password='"
.md5($_POST['password'])."'
                WHERE id='"
.$_SESSION['adminUserid']."' AND type='administrator'";    
            
$isUpdated mysqli_query($this->dbConnect$sqlUpdate);    
            if(
$isUpdated) {
                
$message "Password saved successfully.";
            }                
        }
        return 
$message;
    }
    public function 
adminDetails () {
        
$sqlQuery "SELECT * FROM ".$this->userTable.
            WHERE id ='"
.$_SESSION["adminUserid"]."'";
        
$result mysqli_query($this->dbConnect$sqlQuery);    
        
$userDetails mysqli_fetch_assoc($result);
        return 
$userDetails;
    }    
    public function 
addUser () {
        if(
$_POST["email"]) {
            
$authtoken $this->getAuthtoken($_POST['email']);
            
$insertQuery "INSERT INTO ".$this->userTable."(first_name, last_name, email, gender, password, mobile, designation, type, status, authtoken) 
                VALUES ('"
.$_POST["firstname"]."', '".$_POST["lastname"]."', '".$_POST["email"]."', '".$_POST["gender"]."', '".md5($_POST["password"])."', '".$_POST["mobile"]."', '".$_POST["designation"]."', '".$_POST['user_type']."', 'active', '".$authtoken."')";
            
$userSaved mysqli_query($this->dbConnect$insertQuery);
        }
    }
    public function 
totalUsers ($status) {
        
$query '';
        if(
$status) {
            
$query " AND status = '".$status."'";
        }
        
$sqlQuery "SELECT * FROM ".$this->userTable.
        WHERE id !='"
.$_SESSION["adminUserid"]."' $query";
        
$result mysqli_query($this->dbConnect$sqlQuery);
        
$numRows mysqli_num_rows($result);
        return 
$numRows;
    }
}
?>
PHP Code:
include('../class/User.php');
$user = new User();
$errorMessage =  $user->adminLogin();
include(
'include/header.php');
?> 
Attached Files
File Type: zip user-management-system-php.zip (54.8 KB, 0 views)
__________________
https://www.seedbox.io
http://www.SceneKat.info/account-signup.php
Reply With Quote