Initial
[qwikioffice:qwikioffice.git] / public / modules / qwiki / profile / server / QoProfile.php
1 <?php
2 /*
3  * qWikiOffice Desktop 1.0
4  * Copyright(c) 2007-2010, Murdock Technologies, Inc.
5  * licensing@qwikioffice.com
6  *
7  * http://www.qwikioffice.com/license
8  */
9
10 class QoProfile {
11
12    private $os;
13
14    /**
15     * __construct()
16     *
17     * @access public
18     * @param {class} $os The os.
19     */
20    public function __construct(os $os){
21       if(!$os->session_exists()){
22          die('Session does not exist!');
23       }
24
25                 $this->os = $os;
26         } // end __construct()
27
28         // begin public module methods
29
30    /**
31     * loadProfile()
32     */
33    public function loadProfile(){
34       $response = '{"success":false}';
35
36       $member_id = $this->os->get_member_id();
37       if(isset($member_id) && $member_id != '' && is_numeric($member_id)){
38          $sql = 'SELECT
39             first_name AS field1,
40             last_name AS field2,
41             email_address AS field3
42             FROM
43             qo_members
44             WHERE
45             id = '.$member_id;
46
47          $result = $this->os->db->conn->query($sql);
48          if($result){
49
50             $row = $result->fetch(PDO::FETCH_ASSOC);
51             if($row){
52                $response = '{"success":true,"data":'.json_encode($row).'}';
53             }
54          }
55       }
56
57       print $response;
58    } // end loadProfile()
59
60    /**
61     * saveProfile()
62     */
63    public function saveProfile(){
64       $response = '{success:false}';
65
66       $member_id = $this->os->get_member_id();
67       if(isset($member_id) && $member_id != '' && is_numeric($member_id)){
68          // get post data
69          $field1 = (!empty($_POST['field1']) ? $_POST['field1'] : NULL);
70          $field2 = (!empty($_POST['field2']) ? $_POST['field2'] : NULL);
71          $field3 = (!empty($_POST['field3']) ? $_POST['field3'] : NULL);
72          // valid data
73          if(isset($field1, $field2, $field3)){
74             $sql = 'UPDATE qo_members SET first_name = ?, last_name = ?, email_address = ? WHERE id = '.$member_id;
75
76             // prepare the statement, prevents SQL injection by calling the PDO::quote() method internally
77             $sql = $this->os->db->conn->prepare($sql);
78             $sql->bindParam(1, $field1);
79             $sql->bindParam(2, $field2);
80             $sql->bindParam(3, $field3);
81             $sql->execute();
82
83             $code = $sql->errorCode();
84             if($code == '00000'){
85                $response = '{"success":true}';
86             }
87          }
88       }
89
90       print $response;
91    } // end saveProfile()
92
93    /**
94     * savePwd()
95     */
96    public function savePwd(){
97       $response = '{success:false}';
98
99       $member_id = $this->os->get_member_id();
100       if(isset($member_id) && $member_id != '' && is_numeric($member_id)){
101          // get post data
102          $field1 = (!empty($_POST['field1']) ? $_POST['field1'] : NULL);
103          $field2 = (!empty($_POST['field2']) ? $_POST['field2'] : NULL);
104          // valid data
105          if(isset($field1, $field2) && $field1 == $field2){
106             // encrypt the password
107             $this->os->load('security');
108             $pwd = $this->os->security->encrypt($field1);
109             $sql = 'UPDATE qo_members SET password = ? WHERE id = '.$member_id;
110             // prepare the statement, prevents SQL injection by calling the PDO::quote() method internally
111             $sql = $this->os->db->conn->prepare($sql);
112             $sql->bindParam(1, $pwd);
113             $sql->execute();
114
115             $code = $sql->errorCode();
116             if($code == '00000'){
117                $response = '{"success":true}';
118             }
119          }
120       }
121
122       print $response;
123    } // end savePwd()
124 }
125 ?>