· 6 years ago · Feb 12, 2019, 06:00 PM
1<?php
2header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
3header('Cache-Control: no-store, no-cache, must-revalidate');
4header('Cache-Control: post-check=0, pre-check=0', FALSE);
5header('Pragma: no-cache');
6
7/**
8 * Description of Account
9 *
10 * Class for accounts.
11 *
12 * @author FREDERICK
13 */
14class Account
15{
16
17 public function GetCommentorIDFromCommentID($commentID)
18 {
19 $conn = mysqli_connect("localhost", "root", "", "webdb");
20 $commentID = mysqli_real_escape_string($conn, $commentID);
21
22 $queryText = "SELECT CommentorID FROM usercomments WHERE ID='$commentID'";
23 $result = mysqli_query($conn, $queryText);
24 while ($row = mysqli_fetch_array($result))
25 {
26 if (isset($row))
27 {
28 return $row[0];
29 }
30 }
31 }
32
33 public function AddRating($username, $score, $comment)
34 {
35 $conn = mysqli_connect("localhost", "root", "", "webdb");
36 $Username = $this->GetIdFromUsername($username);
37 $CommentorID = $_COOKIE["UserCookieSession"];
38 $Comment = mysqli_real_escape_string($conn, $comment);
39 $queryText = "";
40 $newValue = 0;
41 if (!$this->CheckIfRatingExists($Username))
42 {
43 $queryText = "INSERT INTO usercomments (UID, CommentorID) VALUES ($Username, $CommentorID)";
44 mysqli_query($conn, $queryText);
45 if (mysqli_error($conn) != null)
46 {
47 echo mysqli_error($conn);
48 die();
49 }
50 }
51 switch ($score)
52 {
53 case 1:
54 $queryText = "UPDATE usercomments SET thumbsup='1', thumbsdown='0' "
55 . "WHERE UID='$Username' AND CommentorID='$CommentorID'";
56 mysqli_query($conn, $queryText);
57 if (mysqli_error($conn) != null)
58 {
59 echo mysqli_error($conn);
60 die();
61 }
62
63 break;
64 case 2:
65 $queryText = "UPDATE usercomments SET thumbsup='0', thumbsdown='1' "
66 . "WHERE UID='$Username' AND CommentorID='$CommentorID'";
67 mysqli_query($conn, $queryText);
68 if (mysqli_error($conn) != null)
69 {
70 echo mysqli_error($conn);
71 die();
72 }
73 break;
74
75 }
76
77 $queryText = "UPDATE usercomments SET Comment='$Comment' WHERE UID='$Username' AND CommentorID='$CommentorID' AND Approved='0'";
78 mysqli_query($conn, $queryText);
79 if (mysqli_error($conn) != null)
80 {
81 echo mysqli_error($conn);
82 die();
83 }
84 }
85
86 private function CheckIfRatingExists($userid)
87 {
88 $HasRecord = false;
89 $conn = mysqli_connect("localhost", "root", "", "webdb");
90 $commentorid = $_COOKIE["UserCookieSession"];
91 $queryText = "SELECT ID FROM usercomments WHERE UID='$userid' AND CommentorID='$commentorid'";
92 $result = mysqli_query($conn, $queryText);
93 while ($row = mysqli_fetch_array($result))
94 {
95 if (isset($row))
96 {
97 $HasRecord = true;
98 }
99 }
100 return $HasRecord;
101 }
102
103 private function GetRatingOfUser($userid, $voterid)
104 {
105 $val = 0;
106 $conn = mysqli_connect("localhost", "root", "", "webdb");
107 $queryText = "SELECT thumbsup, thumbsdown FROM usercomments "
108 . "WHERE UID='$userid' AND CommentorID='$voterid'";
109 $result = mysqli_query($conn, $queryText);
110 while ($row = mysqli_fetch_array($result))
111 {
112 if (isset($row))
113 {
114 if ($row[0] > 0)
115 {
116 $val = 1;
117 }
118 else if ($row[1] > 0)
119 {
120 $val = 2;
121 }
122// else if ($row[2] > 0)
123// {
124// $val = 3;
125// }
126// else if ($row[3] > 0)
127// {
128// $val = 4;
129// }
130// else if ($row[4] > 0)
131// {
132// $val = 5;
133// }
134 }
135 break;
136 }
137 if (mysqli_error($conn) != null)
138 {
139 echo mysqli_error($conn);
140 die();
141 }
142 return $val;
143 }
144
145 private function GetRating($username, $column)
146 {
147 $arr = "";
148 $conn = mysqli_connect("localhost", "root", "", "webdb");
149 $Username = $this->GetIdFromUsername($username);
150 $CommentorID = $_COOKIE["UserCookieSession"];
151 $Column = mysqli_real_escape_string($conn, $column);
152 $queryText = "SELECT $Column FROM usercomments WHERE UID='$Username' AND CommentorID='$CommentorID'";
153 $result = mysqli_query($conn, $queryText);
154 while ($row = mysqli_fetch_array($result))
155 {
156 $arr = $row[0];
157 break;
158 }
159 if (mysqli_error($conn) != null)
160 {
161 echo mysqli_error($conn);
162 die();
163 }
164 return $arr;
165 }
166 public function ShowRating($username)
167 {
168 $a = 0;
169 $b = 0;
170 $star1 = 0;
171 $star2 = 0;
172 $conn = mysqli_connect("localhost", "root", "", "webdb");
173 $Username = $this->GetIdFromUsername($username);
174 $queryText = "SELECT thumbsup, thumbsdown FROM usercomments WHERE UID='$Username' AND Approved='1'";
175 $result = mysqli_query($conn, $queryText);
176 while ($row = mysqli_fetch_array($result))
177 {
178 if (isset($row))
179 {
180 $a += $row[0];
181 $b += $row[1];
182 }
183 }
184 $x = ($a + $b);
185 if (mysqli_error($conn) != null)
186 {
187 echo mysqli_error($conn);
188 die();
189 }
190 if ($a > 0)
191 { $star1 = (($a / $x) * 100); }
192
193 if ($b > 0)
194 { $star2 = (($b / $x) * 100); }
195//
196// if ($c > 0)
197// { $star3 = (($c / $x) * 100); }
198//
199// if ($d > 0)
200// { $star4 = (($d / $x) * 100); }
201//
202// if ($e > 0)
203// { $star5 = (($e / $x) * 100); }
204 $word = "";
205 switch (max($a, $b))
206 {
207 case $a:
208 $word = "Excellent";
209 break;
210 case $b:
211 $word = "Needs improvement";
212 break;
213
214 }
215 echo "
216<h5 class='text-center'>" . $word. "</h5>
217<div class='table-responsive table-borderless'>
218 <table class='table table-striped table-bordered table-hover table-sm'>
219 <tbody>
220 <tr style='text-align:center;'>
221 <td>Rating</td>
222 <td>Total</td>
223 </tr>
224
225
226 <tr style='text-align:center;'>
227 <td><i class='fa fa-thumbs-up' style='font-size:x-large;'></i></td>
228 <td>" . $a . "</td>
229 </tr>
230 <tr style='text-align:center;'>
231 <td><i class='fa fa-thumbs-down' style='font-size:x-large;'></i></td>
232 <td>" . $b . "</td>
233 </tr>
234 </tbody>
235 </table>
236</div>
237";
238 }
239
240 public function GetPublicAccount($username)
241 {
242 $arr = [];
243 $conn = mysqli_connect("localhost", "root", "", "webdb");
244 $Username = mysqli_real_escape_string($conn, $username);
245 $queryText = "SELECT FirstName, LastName, Age, Gender, ContactNumber, Location, ImagePath, Birthday FROM users WHERE Username='$Username'";
246 $result = mysqli_query($conn, $queryText);
247 while ($row = mysqli_fetch_array($result))
248 {
249 if (isset($row))
250 {
251 $arr[0] = $row[0]; // FirstName
252 $arr[1] = $row[1]; // LastName
253 $arr[2] = $this->GetAgeFrom($row[7]);
254 $arr[3] = $row[3]; // Gender
255 $arr[4] = $row[4]; // ContactNumber
256 $arr[5] = $row[5]; // Location
257 $arr[6] = $row[6]; // ImagePath
258
259 }
260 break;
261 }
262 if (mysqli_error($conn) != null)
263 {
264 echo mysqli_error($conn);
265 die();
266 }
267 return $arr;
268 }
269 public function GetComment($profileid)
270 {
271 $conn = mysqli_connect("localhost", "root", "", "webdb");
272 $queryText = "SELECT CommentorID, Comment FROM usercomments WHERE UID='$profileid' AND Approved='1' ORDER BY ID DESC";
273 $result = mysqli_query($conn, $queryText);
274 while ($row = mysqli_fetch_array($result))
275 {
276 echo "
277 <div class='row user-comment' style='min-height:72px;'>
278 <div class='col-auto align-self-center'><img src='" . $this->GetImagePath($row[0]) . "' style='width:75px;height:75px;'></div>
279 <div class='col'>
280 <a href='ViewProfile.php?username=" . $this->GetUsernameFromId($row[0]) . "'>
281 <h5 style='margin-bottom:0px;'>" . $this->GetUsernameFromId($row[0]) . "</h5>
282 </a>
283 <span class='text-black-50'>Rating: " . $this->GetRatingOfUser($profileid, $row[0]) . "</span>
284 <p style='margin-bottom:0px;'>" . $row[1] . "</p>
285 </div>
286 </div>
287 ";
288 }
289 if (mysqli_error($conn) != null)
290 {
291 echo mysqli_error($conn);
292 die();
293 }
294 }
295 public function AddComment($profileid, $commentorid, $comment)
296 {
297 date_default_timezone_set('Asia/Manila');
298 $dateToday = date("Y-m-d h:i:s");
299 $conn = mysqli_connect("localhost", "root", "", "webdb");
300 $Comment = mysqli_real_escape_string($conn, $comment);
301
302 $queryText = "UPDATE usercomments SET Comment='$Comment' WHERE UID='$profileid' AND CommentorID='$commentorid' AND Approved='0'";
303 mysqli_query($conn, $queryText);
304
305 if (mysqli_error($conn) != null)
306 {
307 echo mysqli_error($conn);
308 die();
309 }
310
311 $sender = $this->GetUsernameFromId($commentorid);
312 $Message = "You have received a review from $sender";
313 $message = mysqli_real_escape_string($conn, $Message);
314 $queryText = "INSERT INTO notifications (UID, Date, Message) VALUES "
315 . "('$profileid', '$dateToday', '$message')";
316 mysqli_query($conn, $queryText);
317 if (mysqli_error($conn) != null)
318 {
319 echo mysqli_error($conn);
320 die();
321 }
322 }
323 /**
324 * A method for logging in into the website. params are automatically string escaped
325 *
326 * @param string username username
327 * @param string password your password
328 *
329 * @author FREDERICK
330 */
331 public function LogIn($username, $password)
332 {
333 $conn = mysqli_connect("localhost", "root", "", "webdb");
334 $pword = md5($password);
335 $uname = mysqli_real_escape_string($conn, $username);
336 $IsValid = false;
337
338 $queryText = "SELECT UID, Username FROM users WHERE Username='$uname' AND Password='$pword'";
339
340 $resultRow = mysqli_query($conn, $queryText);
341 //$resultRow = $this->GetQueryResult($queryText);
342
343
344 while ($row = mysqli_fetch_array($resultRow))
345 {
346 if (isset($row))
347 {
348 $_SESSION["UserCookieSession"] = $row[0];
349 setcookie("UserCookieSession", $row[0], time() + 30 * 50000);
350 $IsValid = true;
351 }
352 }
353
354 return $IsValid;
355 }
356
357 public function GetUsernameFromId($AccountIndex)
358 {
359 $arr = "";
360 $conn = mysqli_connect("localhost", "root", "", "webdb");
361 $queryText = "SELECT Username FROM users WHERE UID='$AccountIndex'";
362 $result = mysqli_query($conn, $queryText);
363 while ($row = mysqli_fetch_array($result))
364 {
365 if (isset($row))
366 {
367 $arr = $row[0];
368 break;
369 }
370 }
371 return $arr;
372 }
373
374 public function GetIdFromUsername($username)
375 {
376 $arr = "";
377 $conn = mysqli_connect("localhost", "root", "", "webdb");
378 $Username = mysqli_real_escape_string($conn, $username);
379 $queryText = "SELECT UID FROM users WHERE Username='$Username'";
380 $result = mysqli_query($conn, $queryText);
381 while ($row = mysqli_fetch_array($result))
382 {
383 if (isset($row))
384 {
385 $arr = $row[0];
386 break;
387 }
388 }
389
390 if (mysqli_error($conn) != null)
391 {
392 echo mysqli_error($conn);
393 die();
394 }
395 return $arr;
396
397 }
398
399
400 public function GetAccountInfo($AccountIndex)
401 {
402 $arr = [];
403 $conn = mysqli_connect("localhost", "root", "", "webdb");
404 $queryText = "SELECT FirstName, LastName, Location, ContactNumber, Birthday, "
405 . " Email, Username, ImagePath, Gender FROM users WHERE UID='$AccountIndex'";
406 $result = mysqli_query($conn, $queryText);
407 while ($row = mysqli_fetch_array($result))
408 {
409 if (isset($row))
410 {
411 $arr[0] = $row[0]; // FirstName
412 $arr[1] = $row[1]; // LastName
413 $arr[2] = $row[2]; // Location
414 $arr[3] = $row[3]; // ContactNumber
415 $arr[4] = $row[4]; // Birthday
416 $arr[5] = $row[5]; // Email
417 $arr[6] = $row[6]; // Username
418 $arr[7] = $row[7]; // ImagePath
419 $arr[8] = $this->GetAgeFrom($row[4]); // Age
420 $arr[9] = $row[8];
421 }
422 }
423 return $arr;
424 }
425
426 public function GetJobsFromId($id)
427 {
428 $job = [];
429 $index = 0;
430 $conn = mysqli_connect("localhost", "root", "", "webdb");
431 $queryText = "SELECT JobName FROM jobs WHERE UID='$id'";
432 $result = mysqli_query($conn, $queryText);
433 while ($row = mysqli_fetch_array($result))
434 {
435 if (isset($row))
436 {
437 $job[$index] = $row[0];
438 $index++;
439 }
440 }
441 return $job;
442 }
443
444 /**
445 * Returns True if username exists, else returns false
446 *
447 * @param type $username
448 * @return boolean
449 */
450 public function CheckIfUsernameExists($username)
451 {
452 $conn = mysqli_connect("localhost", "root", "", "webdb");
453 $uname = mysqli_real_escape_string($conn, $username);
454 $IsAvailable = false;
455
456 $queryText = "SELECT Username FROM users WHERE Username='$uname'";
457 $result = mysqli_query($conn, $queryText);
458
459 if (mysqli_num_rows($result) > "0")
460 {
461 $IsAvailable = true;
462 }
463 if (mysqli_error($conn) != null)
464 {
465 echo mysqli_error($conn);
466 die();
467 }
468
469 return $IsAvailable;
470 }
471
472 public function GetQuestionFromUsername($username)
473 {
474 $arr = "";
475 $conn = mysqli_connect("localhost", "root", "", "webdb");
476 $Username = mysqli_real_escape_string($conn, $username);
477
478 $queryText = "SELECT Question FROM users WHERE Username='$Username'";
479 $result = mysqli_query($conn, $queryText);
480 while ($row = mysqli_fetch_array($result))
481 {
482 $arr = $row[0];
483 break;
484 }
485 if (mysqli_error($conn) != null)
486 {
487 echo mysqli_error($conn);
488 die();
489 }
490 return $arr;
491 }
492
493 public function IsAnswerCorrect($username, $answer, $birthday)
494 {
495 $Ans = false;
496 $bAns = false;
497 $conn = mysqli_connect("localhost", "root", "", "webdb");
498 $Username = mysqli_real_escape_string($conn, $username);
499
500 $queryText = "SELECT Answer FROM users WHERE Username='$Username'";
501
502 $result = mysqli_query($conn, $queryText);
503 while ($row = mysqli_fetch_array($result))
504 {
505 if ($row[0] === $answer)
506 {
507 $Ans = true;
508 }
509 break;
510 }
511
512 $queryText = "SELECT Birthday FROM users WHERE Username='$Username'";
513 $result = mysqli_query($conn, $queryText);
514 while ($row = mysqli_fetch_array($result))
515 {
516 if ($row[0] === $birthday)
517 {
518 $bAns = true;
519 }
520 break;
521 }
522
523 if (mysqli_error($conn) != null)
524 {
525 echo mysqli_error($conn);
526 die();
527 }
528 return $Ans && $bAns;
529 }
530 public function ResetAccount($username, $password)
531 {
532 $conn = mysqli_connect("localhost", "root", "", "webdb");
533 $Username = mysqli_real_escape_string($conn, $username);
534 $Password = md5($password);
535
536 $queryText = "UPDATE users SET Password='$Password' WHERE Username='$Username'";
537 mysqli_query($conn, $queryText);
538
539 if (mysqli_error($conn) != null)
540 {
541 echo mysqli_error($conn);
542 die();
543 }
544 }
545
546 public function RegisterUser($username, $password, $firstName,
547 $lastName, $gender, $email, $location,
548 $contactNumber, $birthday, $expertise, $question, $answer)
549 {
550 $conn = mysqli_connect("localhost", "root", "", "webdb");
551 $Username = mysqli_real_escape_string($conn, $username);
552 $Password = md5($password);
553 $FirstName = mysqli_real_escape_string($conn, $firstName);
554 $LastName = mysqli_real_escape_string($conn, $lastName);
555 $Gender = mysqli_real_escape_string($conn, $gender);
556 $Email = mysqli_real_escape_string($conn, $email);
557 $Location = mysqli_real_escape_string($conn, $location);
558 $ContactNumber = $contactNumber;
559 $Birthday = mysqli_real_escape_string($conn, $birthday);
560 $Age = $this->GetAgeFrom($birthday);
561 $Question = mysqli_real_escape_string($conn, $question);
562 $Answer = mysqli_real_escape_string($conn, $answer);
563
564 $queryText = "INSERT INTO users (Username, Password, FirstName, LastName, Email, ContactNumber, Birthday, Age, Location, Question, Answer, Gender, Approved) "
565 . "VALUES ('$Username', '$Password', '$FirstName', '$LastName', '$Email', '$ContactNumber', '$Birthday', '$Age', '$Location', '$Question', '$Answer', '$Gender', '0')";
566 mysqli_query($conn, $queryText);
567
568 if (isset($expertise))
569 {
570 $UserID = $this->GetIdFromUsername($Username);
571 foreach ($expertise as $value)
572 {
573 $queryText = "INSERT INTO jobs (JobName, UID) VALUES ('$value', '$UserID')";
574 mysqli_query($conn, $queryText);
575 }
576 }
577 }
578 public function GetAgeFrom($date) // returns an age integer from inputted date
579 {
580 return intval(substr(date('Ymd') - date('Ymd', strtotime($date)), 0, -4));
581 }
582
583 public function EditAccount($userId, $username, $password, $firstName,
584 $lastName, $gender, $email, $location,
585 $contactNumber, $birthday, $expertise, $question, $answer)
586 {
587 $conn = mysqli_connect("localhost", "root", "", "webdb");
588 $UserID = mysqli_real_escape_string($conn, $userId);
589 $Username = mysqli_real_escape_string($conn, $username);
590 $Password = md5($password);
591 $FirstName = mysqli_real_escape_string($conn, $firstName);
592 $LastName = mysqli_real_escape_string($conn, $lastName);
593 $Gender = mysqli_real_escape_string($conn, $gender);
594 $Email = mysqli_real_escape_string($conn, $email);
595 $Location = mysqli_real_escape_string($conn, $location);
596 $ContactNumber = $contactNumber;
597 $Birthday = mysqli_real_escape_string($conn, $birthday);
598 $Age = $this->GetAgeFrom($birthday);
599 //$Expertise = mysqli_real_escape_string($conn, $expertise);
600/// $Question = mysqli_real_escape_string($conn, $question);
601/// $Answer = mysqli_real_escape_string($conn, $answer);
602
603 $queryText = "UPDATE users SET Username='$Username', Password='$Password', "
604 . "FirstName='$FirstName', LastName='$LastName', "
605 . "Email='$Email', Location='$Location', "
606 . "ContactNumber='$ContactNumber', Birthday='$Birthday', "
607 . "Age='$Age', Gender='$Gender' "
608/// . "Question='$Question', Answer='$Answer' "
609 . "WHERE UID='$UserID'";
610
611 mysqli_query($conn, $queryText);
612 echo mysqli_error($conn);
613 if (isset($expertise))
614 {
615 $queryText = "DELETE FROM jobs WHERE UID='$UserID'";
616 mysqli_query($conn, $queryText);
617
618 foreach ($expertise as $value)
619 {
620 $queryText = "INSERT INTO jobs (JobName, UID) VALUES ('$value', '$UserID')";
621 mysqli_query($conn, $queryText);
622 }
623 }
624
625 }
626
627 public function InsertImagePath($path)
628 {
629 $conn = mysqli_connect("localhost", "root", "", "webdb");
630 $Path = mysqli_real_escape_string($conn, $path);
631 $UserID = mysqli_real_escape_string($conn, $_COOKIE["UserCookieSession"]);
632
633 $queryText = "UPDATE users SET ImagePath='$Path' WHERE UID='$UserID'";
634 mysqli_query($conn, $queryText);
635 }
636 public function GetImagePath($id)
637 {
638 $conn = mysqli_connect("localhost", "root", "", "webdb");
639 $ID = mysqli_real_escape_string($conn, $id);
640 $path = "";
641 $queryText = "SELECT ImagePath FROM users WHERE UID='$ID'";
642 $result = mysqli_query($conn, $queryText);
643 while ($row = mysqli_fetch_array($result))
644 {
645 if (isset($row))
646 {
647 $path = isset($row[0]) ? $row[0] : "assets/img/defaultpic.png";
648 break;
649 }
650 }
651 return $path;
652 }
653 public function GetFirstName($id)
654 {
655 $conn = mysqli_connect("localhost", "root", "", "webdb");
656 $FirstName = "";
657 $queryText = "SELECT FirstName FROM users WHERE UID='$id'";
658 $result = mysqli_query($conn, $queryText);
659 while ($row = mysqli_fetch_array($result))
660 {
661 if (isset($row))
662 {
663 $FirstName = $row[0];
664 break;
665 }
666 }
667 return $FirstName;
668 }
669 public function GetAge($id)
670 {
671 $conn = mysqli_connect("localhost", "root", "", "webdb");
672 $Age = 0;
673 $queryText = "SELECT Age FROM users WHERE UID='$id'";
674 $result = mysqli_query($conn, $queryText);
675 while ($row = mysqli_fetch_array($result))
676 {
677 if (isset($row))
678 {
679 $Age = $row[0];
680 break;
681 }
682 }
683 return $Age;
684 }
685
686 /**
687 * simple method to encrypt or decrypt a plain text string
688 * initialization vector(IV) has to be the same when encrypting and decrypting
689 *
690 * @param string $action: can be 'encrypt' or 'decrypt'
691 * @param string $string: string to encrypt or decrypt
692 *
693 * @return string
694 */
695 public function DEncrypt($action, $string)
696 {
697 $output = false;
698 $encrypt_method = "AES-256-CBC";
699 $secret_key = 'This is my secret key';
700 $secret_iv = 'This is my secret iv';
701 // hash
702 $key = hash('sha256', $secret_key);
703
704 // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
705 $iv = substr(hash('sha256', $secret_iv), 0, 16);
706 if ( $action == 'encrypt' )
707 {
708 $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
709 $output = base64_encode($output);
710 }
711 else if ( $action == 'decrypt' )
712 {
713 $output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
714 }
715 return $output;
716 }
717
718 public function GetNotifications($id)
719 {
720 $conn = mysqli_connect("localhost", "root", "", "webdb");
721 $queryText = "SELECT Date, Message FROM notifications WHERE UID='$id' ORDER BY ID DESC LIMIT 5";
722 $result = mysqli_query($conn, $queryText);
723 while ($row = mysqli_fetch_array($result))
724 {
725 if (isset($row))
726 {
727 echo "<tr>
728 <td style='width:175px;'>" . $row[0] . "</td>
729 <td>" . $row[1] . "</td>
730 </tr>";
731 }
732 }
733
734 if (mysqli_error($conn) != null)
735 {
736 echo mysqli_error($conn);
737 die();
738 }
739 }
740
741
742 public function InsertToken($UserId, $Token)
743 {
744 $conn = mysqli_connect("localhost", "root", "", "webdb");
745
746 $UID = mysqli_real_escape_string($conn, $UserId);
747 $toek = mysqli_real_escape_string($conn, $Token);
748
749 $queryText = "INSERT INTO usertokens (UID, Token) VALUES "
750 . "('$UID', '$toek')";
751 mysqli_query($conn, $queryText);
752
753 if (mysqli_error($conn) != null)
754 {
755 echo mysqli_error($conn);
756 die();
757 }
758 }
759 public function CheckToken($UserId, $Token)
760 {
761 $IsValid = false;
762 $conn = mysqli_connect("localhost", "root", "", "webdb");
763 $UID = mysqli_real_escape_string($conn, $UserId);
764 $toek = mysqli_real_escape_string($conn, $Token);
765 $queryText = "SELECT UID FROM usertokens WHERE UID='$UID' AND Token='$toek'";
766 $result = mysqli_query($conn, $queryText);
767 while ($row = mysqli_fetch_array($result))
768 {
769 if (isset($row))
770 {
771 $IsValid = true;
772 }
773 }
774
775 if (mysqli_error($conn) != null)
776 {
777 echo mysqli_error($conn);
778 die();
779 }
780 return $IsValid;
781 }
782 public function DeleteToken($uid)
783 {
784 $conn = mysqli_connect("localhost", "root", "", "webdb");
785
786 $UID = mysqli_real_escape_string($conn, $uid);
787
788 $queryText = "DELETE FROM usertokens WHERE UID='$UID'";
789 mysqli_query($conn, $queryText);
790
791 if (mysqli_error($conn) != null)
792 {
793 echo mysqli_error($conn);
794 die();
795 }
796 }
797
798 public function GetUserEmail($user)
799 {
800
801 $conn = mysqli_connect("localhost", "root", "", "webdb");
802 $username = mysqli_real_escape_string($conn, $user);
803 $queryText = "SELECT Email FROM users WHERE Username='$username'";
804 $result = mysqli_query($conn, $queryText);
805 while ($row = mysqli_fetch_array($result))
806 {
807 if (isset($row))
808 {
809 return $row[0];
810 }
811 else
812 {
813 throw new Exception("No user email");
814 }
815 }
816
817 if (mysqli_error($conn) != null)
818 {
819 echo mysqli_error($conn);
820 die();
821 }
822 }
823}