· 7 years ago · Feb 09, 2019, 11:46 AM
1<?php
2// 'user' object
3class User{
4
5 // database connection and table name
6 private $conn;
7 private $table_name = "users";
8
9 // object properties
10 public $id;
11 public $firstname;
12 public $lastname;
13 public $email;
14 public $contact_number;
15 public $address;
16 public $password;
17 public $access_level;
18 public $access_code;
19 public $status;
20 public $created;
21 public $modified;
22
23 // constructor
24 public function __construct($db){
25 $this->conn = $db;
26 }
27// check if given email exist in the database
28function emailExists(){
29
30 // query to check if email exists
31 $query = "SELECT id, firstname, lastname, access_level, password, status
32 FROM " . $this->table_name . "
33 WHERE email = ?
34 LIMIT 0,1";
35
36 // prepare the query
37 $stmt = $this->conn->prepare( $query );
38
39 // sanitize
40 $this->email=htmlspecialchars(strip_tags($this->email));
41
42 // bind given email value
43 $stmt->bindParam(1, $this->email);
44
45 // execute the query
46 $stmt->execute();
47
48 // get number of rows
49 $num = $stmt->rowCount();
50
51 // if email exists, assign values to object properties for easy access and use for php sessions
52 if($num>0){
53
54 // get record details / values
55 $row = $stmt->fetch(PDO::FETCH_ASSOC);
56
57 // assign values to object properties
58 $this->id = $row['id'];
59 $this->firstname = $row['firstname'];
60 $this->lastname = $row['lastname'];
61 $this->access_level = $row['access_level'];
62 $this->password = $row['password'];
63 $this->status = $row['status'];
64
65 // return true because email exists in the database
66 return true;
67 }
68
69 // return false if email does not exist in the database
70 return false;
71}
72 // create new user record
73function create(){
74
75 // to get time stamp for 'created' field
76 $this->created=date('Y-m-d H:i:s');
77
78 // insert query
79 $query = "INSERT INTO
80 " . $this->table_name . "
81 SET
82 firstname = :firstname,
83 lastname = :lastname,
84 email = :email,
85 contact_number = :contact_number,
86 address = :address,
87 password = :password,
88 access_level = :access_level,
89 status = :status,
90 created = :created";
91
92 // prepare the query
93 $stmt = $this->conn->prepare($query);
94
95 // sanitize
96 $this->firstname=htmlspecialchars(strip_tags($this->firstname));
97 $this->lastname=htmlspecialchars(strip_tags($this->lastname));
98 $this->email=htmlspecialchars(strip_tags($this->email));
99 $this->contact_number=htmlspecialchars(strip_tags($this->contact_number));
100 $this->address=htmlspecialchars(strip_tags($this->address));
101 $this->password=htmlspecialchars(strip_tags($this->password));
102 $this->access_level=htmlspecialchars(strip_tags($this->access_level));
103 $this->status=htmlspecialchars(strip_tags($this->status));
104
105 // bind the values
106 $stmt->bindParam(':firstname', $this->firstname);
107 $stmt->bindParam(':lastname', $this->lastname);
108 $stmt->bindParam(':email', $this->email);
109 $stmt->bindParam(':contact_number', $this->contact_number);
110 $stmt->bindParam(':address', $this->address);
111
112 // hash the password before saving to database
113 $password_hash = password_hash($this->password, PASSWORD_BCRYPT);
114 $stmt->bindParam(':password', $password_hash);
115
116 $stmt->bindParam(':access_level', $this->access_level);
117 $stmt->bindParam(':status', $this->status);
118 $stmt->bindParam(':created', $this->created);
119
120 // execute the query, also check if query was successful
121 if($stmt->execute()){
122 return true;
123 }else{
124 $this->showError($stmt);
125 return false;
126 function showError($stmt){
127 echo "<pre>";
128 print_r($stmt->errorInfo());
129 echo "</pre>";
130 }
131 }
132}
133}
134?>