· 6 years ago · Jul 24, 2019, 02:54 PM
1<?php
2// 'user' object
3class User{
4
5 // database connection and table name
6 private $conn;
7 private $table_name = "users";
8
9 // object properties
10 public $id;
11 public $firstname;
12 public $lastname;
13 public $email;
14 public $password;
15
16 // constructor
17 public function __construct($db){
18 $this->conn = $db;
19 }
20
21// create new user record
22function create(){
23
24 // insert query
25 $query = "INSERT INTO " . $this->table_name . "
26 SET
27 firstname = :firstname,
28 lastname = :lastname,
29 email = :email,
30 password = :password";
31
32 // prepare the query
33 $stmt = $this->conn->prepare($query);
34
35 // sanitize
36 $this->firstname=htmlspecialchars(strip_tags($this->firstname));
37 $this->lastname=htmlspecialchars(strip_tags($this->lastname));
38 $this->email=htmlspecialchars(strip_tags($this->email));
39 $this->password=htmlspecialchars(strip_tags($this->password));
40
41 // bind the values
42 $stmt->bindParam(':firstname', $this->firstname);
43 $stmt->bindParam(':lastname', $this->lastname);
44 $stmt->bindParam(':email', $this->email);
45
46 // hash the password before saving to database
47 $password_hash = password_hash($this->password, PASSWORD_BCRYPT);
48 $stmt->bindParam(':password', $password_hash);
49
50 // execute the query, also check if query was successful
51 if($stmt->execute()){
52 return true;
53 }
54
55 return false;
56}
57
58// check if given email exist in the database
59function emailExists(){
60
61 // query to check if email exists
62 $query = "SELECT id, firstname, lastname, password
63 FROM " . $this->table_name . "
64 WHERE email = ?
65 LIMIT 0,1";
66
67 // prepare the query
68 $stmt = $this->conn->prepare( $query );
69
70 // sanitize
71 $this->email=htmlspecialchars(strip_tags($this->email));
72
73 // bind given email value
74 $stmt->bindParam(1, $this->email);
75
76 // execute the query
77 $stmt->execute();
78
79 // get number of rows
80 $num = $stmt->rowCount();
81
82 // if email exists, assign values to object properties for easy access and use for php sessions
83 if($num>0){
84
85 // get record details / values
86 $row = $stmt->fetch(PDO::FETCH_ASSOC);
87
88 // assign values to object properties
89 $this->id = $row['id'];
90 $this->firstname = $row['firstname'];
91 $this->lastname = $row['lastname'];
92 $this->password = $row['password'];
93
94 // return true because email exists in the database
95 return true;
96 }
97
98 // return false if email does not exist in the database
99 return false;
100}
101
102// update a user record
103public function update(){
104
105 // if password needs to be updated
106 $password_set=!empty($this->password) ? ", password = :password" : "";
107
108 // if no posted password, do not update the password
109 $query = "UPDATE " . $this->table_name . "
110 SET
111 firstname = :firstname,
112 lastname = :lastname,
113 email = :email
114 {$password_set}
115 WHERE id = :id";
116
117 // prepare the query
118 $stmt = $this->conn->prepare($query);
119
120 // sanitize
121 $this->firstname=htmlspecialchars(strip_tags($this->firstname));
122 $this->lastname=htmlspecialchars(strip_tags($this->lastname));
123 $this->email=htmlspecialchars(strip_tags($this->email));
124
125 // bind the values from the form
126 $stmt->bindParam(':firstname', $this->firstname);
127 $stmt->bindParam(':lastname', $this->lastname);
128 $stmt->bindParam(':email', $this->email);
129
130 // hash the password before saving to database
131 if(!empty($this->password)){
132 $this->password=htmlspecialchars(strip_tags($this->password));
133 $password_hash = password_hash($this->password, PASSWORD_BCRYPT);
134 $stmt->bindParam(':password', $password_hash);
135 }
136
137 // unique ID of record to be edited
138 $stmt->bindParam(':id', $this->id);
139
140 // execute the query
141 if($stmt->execute()){
142 return true;
143 }
144
145 return false;
146}
147}