CasperSecurity
<?php
//include '../include/config.php';
class user{
private $host;
private $username;
private $password;
global $db_name;
private $conn;
public $qry;
//For pagination
private $_limit;
private $_page;
private $_query;
private $_total;
public function __construct(){
$this->host = 'localhost';
$this->username = 'root';
$this->password = '';
$this->db_name = 'maximsof_aspire';
}
public function connect(){
$c1 = new mysqli($this->host, $this->username, $this->password, $this->db_name);
if($c1->connect_error){
die("Error in Database connection ".$c1->connect_error);
}
return $c1;
}
public function close($c){
mysqli_close($c);
}
public function secure_data($data){
$this->conn = $this->connect();
return mysqli_real_escape_string($this->conn, $data);
close($this->conn);
}
public function escape_string($data){
$this->conn = $this->connect();
return $this->conn->real_escape_string($data);
}
public function number_rows($table, $field=null, $value=null){ //number_rows($table, array(field), array($value)) or number_rows($table, array(field1, field2), array(value1, value2)
$this->conn = $this->connect();
if(is_array($field) && is_array($value)){
$q = "select * from $table where ";
$i=0;
foreach($field as $f){
$v = $value[$i++];
$q.=" $f='".$v."' and";
}
$q = rtrim($q, 'and');
}else{
if($field==null && $value==null)
$q = "select * from $table";
else
$q = "select * from ".$table." where ".$field."='".$value."'";
}
//echo $q;
$query= $this->conn->query($q);
//$query->fetch_array(MYSQLI_ASSOC);
if($query)
return $query->num_rows;
else
return 'invalid';
$this->close($this->conn);
}
public function insert_data($table, $fields, $values){
$this->conn = $this->connect();
$qry = 'insert into `'.$table.'` (';
foreach($fields as $field){
$qry .= $field.',';
}
$qry = rtrim($qry, ",");
$qry .= ') values(';
foreach($values as $value){
$value = $this->secure_data($value);
$qry .= "'".$value."',";
}
$qry = rtrim($qry, ",");
$qry .= ')';
if($this->conn->query($qry)){
return 1;
}else{
return 0;
}
$this->close($this->conn);
//return $qry;
}
public function insert_data2($table, $data){
$this->conn = $this->connect();
$fld = $val = '';
foreach($data as $f=>$v){
$fld .= $f.',';
$value = $this->secure_data($v);
$val .= "'".$value."',";
}
$fld = rtrim($fld, ",");
$val = rtrim($val, ",");
$qry = "insert into $table ($fld) values($val)";
if($this->conn->query($qry)){
return $this->conn->insert_id;
}else{
return 0;
}
$this->close($this->conn);
//return $qry;
}
public function image_upload($img,$path, $ret=''){
$error = '';
$uploadOk = 1;
$target_dir = $path;
$file_name = mt_rand(10,99).'-'.$img['name'];
$target_file = $target_dir . $file_name;
$supported_image = array('image/gif', 'image/jpg', 'image/jpeg', 'image/png');
$imageFileType = $img['type'];
// Check if image file is a actual image or fake image
/*if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
}*/
// Check if file already exists
if (file_exists($target_file)){
$error.= "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($img["size"] > 500000) {
$error.= "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if(in_array($imageFileType, $supported_image)) {
$uploadOk = 1;
}else{
$error.= $imageFileType." Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
$error.= "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($img["tmp_name"], $target_file)) {
$success = "The file ". basename( $img["name"]). " has been uploaded.";
$succ = array($uploadOk, $file_name);
} else {
$error.= "Sorry, there was an error uploading your file.";
}
}
if($ret == ''){
if($uploadOk == 0){
return array($uploadOk, $error);
}else{
return $succ;
}
}else{
if(isset($succ))
return $succ[1];
else
return '';
}
}
public function update_data($table, $fields, $values, $id){
$this->conn = $this->connect();
$id = $this->secure_data($id);
$qry = 'update '.$table.' set ';
foreach($fields as $k=>$field){
$value = $this->secure_data($values[$k]);
$qry .= $field.' ="'.$value.'",';
}
$qry=rtrim($qry,",");
$qry .= ' where id='.$id;
$val= $this->conn->query($qry);
$this->close($this->conn);
if($val){
return 1;
}else{
return 0;
}
}
public function update_data2($table, $data, $criteria){
//example update_data2($table, array('name'=>'anil'), array('id'=>1))
$this->conn = $this->connect();
$sval = '';
$qry = '';
foreach($data as $k=>$v){
$value = $this->secure_data($v);
$qry .= "`$k`='$value',";
}
$qry=rtrim($qry,",");
$whr = '';
foreach($criteria as $f=>$v){
$v = $this->secure_data($v);
$whr .= "`$f`='$v' AND ";
}
$whr = rtrim($whr," AND ");
$q = "update $table set $qry where $whr ";
$v= $this->conn->query($q);
$this->close($this->conn);
if($v){
return 1;
}else{
return 0;
}
}
public function delete_data($table, $id){ //delete_data(demo, array('id'=>1,'name'=>'ajaya');
$this->conn = $this->connect();
if(is_array($id)){
$qry = "delete from $table where ";
foreach($id as $k=>$v){
$v = $this->secure_data($v);
$qry.=" `$k`='$v' and";
}
$qry = rtrim($qry, "and");
}else{
$id = $this->secure_data($id);
$qry = 'delete from '.$table.' where id='.$id;
}
//echo $qry;
$val = $this->conn->query($qry);
$this->close($this->conn);
if($val){
return 1;
}else{
return 0;
}
}
public function query_data($table, $id=null, $distinct=null, $order=null){
$this->conn = $this->connect();
$id = $this->secure_data($id);
$row= array();
if($id != null)
$q = 'select * from '.$table.' where id='.$id;
else if($distinct != null)
$q = "select DISTINCT $distinct from $table";
else if($order !=null)
$q = 'select * from '.$table.' order by id ASC';
else
$q = 'select * from '.$table.' order by id desc';
$qry = $this->conn->query($q);
for ($res = array(); $tmp = $qry->fetch_array(MYSQLI_ASSOC);) $res[] = $tmp;
$this->close($this->conn);
return $res;
}
public function query_databy($table, $field, $value){
$this->conn = $this->connect();
$value = $this->secure_data($value);
$value = $this->secure_data($value);
$q = 'select * from '.$table.' where '.$field.'="'.$value.'"';
$qry = $this->conn->query($q);
for ($res = array(); $tmp = $qry->fetch_array(MYSQLI_ASSOC);) $res[] = $tmp;
$this->close($this->conn);
if(!empty($res))
return $res;
else
return array();
}
global function custom_query($q){
global $mysqli;
$this->conn = $this->connect();
$qry = $mysqli->query($q);
for ($res = array(); $tmp = $qry->fetch_array(MYSQLI_ASSOC);) $res[] = $tmp;
$this->close($this->conn);
if(!empty($res))
return $res;
else
return array();
}
public function stringtodate($d){
$dt = strtotime($d);
$newdate = date("Y/m/d", $dt);
return $newdate;
}
/* End password creation */
public function diverse_array($vector) {
//change the order array('name'=>array(0=>1, 1=>2), 'type'=>array(0=>3, 1=>5)) to array( 0 =>array('name'=>1, 'type'=>3), 1=>array('type'=>)
$result = array();
foreach($vector as $key1 => $value1)
foreach($value1 as $key2 => $value2)
$result[$key2][$key1] = $value2;
return $result;
}
public function countData($table, $criteric = array()){ //countData($table, array('id'=>3)
$whr = '';
if(!empty($criteria)){
$whr = ' WHERE ';
foreach($criteria as $f=>$v){
$v = $this->secure_data($v);
$whr .= "`$f`='$v' AND ";
}
$whr = rtrim($whr," AND ");
}
$this->conn = $this->connect();
$q = "SELECT count(*) FROM $table $whr";
//echo $q;
$cnt = $this->conn->query($q);
$row = $cnt->fetch_row();
$this->close($this->conn);
return $row[0];
}
public function totalRevenew($table, $field, $criteria = array()){ //totalRevenew('booking', 'amount', array('dr_id'=>5));
$whr = '';
if(!empty($criteria)){
$whr = ' WHERE ';
foreach($criteria as $f=>$v){
$v = $this->secure_data($v);
$whr .= "`$f`='$v' AND ";
}
$whr = rtrim($whr," AND ");
}
$this->conn = $this->connect();
$q = "SELECT sum($field) FROM $table $whr";
$cnt = $this->conn->query($q);
$total = $cnt->fetch_row();
$this->close($this->conn);
return $total[0];
}
public function drRating($dr_id){
$connect= new user();
$rating = $connect->custom_query("select SUM(rating) as total_rating from review where dr_id=$dr_id and active_status=1");
$count = $connect->custom_query("select count(*) as total_count from review where dr_id=$dr_id and active_status=1");
$rating = $rating[0]['total_rating'];
$count = $count[0]['total_count'];
//print_r(array($rating, $count));
$str = '';
if($count>0){
$average = round($rating/$count);
$str .= '<div class="review-count rating">';
for($i=1; $i<=5; $i++){
$fil = 'fe fe-star-o text-secondary';
$fil = $i<=$average?'fe fe-star text-warning':'';
$str.='<i class=" '.$fil.'"></i>';
}
$str.= '<span class="d-inline-block average-rating">('.$count.')</span>';
$str.='</div>';
}else{
$str = 'No review yet';
}
return $str;
}
public function get_options($field){
$this->conn = $this->connect();
$q = "SELECT value FROM options WHERE field='$field'";
$cnt = $this->conn->query($q);
$value = $cnt->fetch_row();
$this->close($this->conn);
return $value[0];
}
};
?>