usr cls

require_once 'BaseUser.class.php';

class User extends BaseUser
{
private $DB;

public function __construct() {
$this->DB = new DBCon();
$this->DB->getInstance();
}

public function getUserById($id)
{
$id = Tools::escape($id);

$sqlQuery = "SELECT * FROM `user` u WHERE id='$id'";
$result = $this->DB->sqlQuery($sqlQuery);

if($result)
{
while ($row = mysql_fetch_assoc($result))
{
$this->setId($row['id']);
$this->setUsername($row['username'] );
$this->setPassword($row['password'] );
$this->setCreatedAt($row['created_at'] );
$this->setLastLogin($row['last_login'] );
$this->setIsActive($row['is_active'] );
$this->setIsSuperAdmin($row['is_super_admin'] );
break;
}

return $this;
}else{
return false;
}
}

public function login($uname, $password)
{
$uname = Tools::escape($uname);
$password = Tools::escape($password);

$isUser = 0;
$sqlQuery = "SELECT * FROM user WHERE username = LOWER('".$uname."') AND password = '".md5($password)."' AND is_active='1'";
$result = $this->DB->sqlQuery($sqlQuery);

if($result)
{
while ($row = mysql_fetch_assoc($result))
{
$isUser = 1;
$this->setId( $row['id'] );
$this->setUsername($row['username'] );
break;
}
}
return $isUser;
}

public function checkUserExists($uname)
{
$uname = Tools::escape($uname);

$sqlQuery = "SELECT * FROM user WHERE username = LOWER('".$uname."')";
$result = $this->DB->sqlQuery($sqlQuery);

if(mysql_affected_rows()>0){
return true;
}else{
return false;
}
}

public function addUser($uname, $password)
{
$uname = Tools::escape($uname);
$password = Tools::escape($password);

$this->applyDefaultValues();
$now = date('Y-m-d H:i:s');

$sqlQuery = "INSERT INTO `user` (`username`,`algorithm`,`password`,`created_at`) VALUES('$uname','$this->algorithm','".md5($password)."','$now')";
$result = $this->DB->sqlQuery($sqlQuery);

if(mysql_affected_rows()==1)
{
return true;
}else{
return false;
}
}

public function logout()
{
Tools::unsetSession('user');
Tools::redirect('index','5');
}

public function getUsersByGroup($group_id)
{
$group_id = Tools::escape($group_id);

$sqlQuery = "SELECT * FROM `user` u LEFT JOIN `user_group` ug ON u.id=ug.user_id WHERE ug.group_id='$group_id'";
$result = $this->DB->sqlQuery($sqlQuery);

if(mysql_affected_rows()>0){
$res = array();
while ($row = mysql_fetch_assoc($result))
{
$res[] = $row;
}
return $res;
}else{
return false;
}
}

public function setActive($id,$status)
{
$id = Tools::escape($id);
$status = Tools::escape($status);

$sqlQuery = "UPDATE `user` SET `is_active`='$status' WHERE id='$id'";
$result = $this->DB->sqlQuery($sqlQuery);

if(mysql_affected_rows()==1){
return true;
}else{
return false;
}
}

public function changePassword($id,$new)
{
$id= Tools::escape($id);
$new_password = md5(Tools::escape($new));

$sqlQuery = "UPDATE `user` SET `password`='$new_password' WHERE id='$id'";
$result = $this->DB->sqlQuery($sqlQuery);

if(mysql_affected_rows()==1){
return true;
}else{
return false;
}
}
}
?>

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)