﻿﻿﻿<?php
class user{
	private $conn;
    private $table_name = "acts_user";
		
	public $userbranchcode;
	public $usernme;
	public $useremail;
	public $userpass;
	public $userstatus;
	
	// constructor with $db as database connection
    public function __construct($db){
        $this->conn = $db;
    }
	
	function user_create(){
 
		// query to insert record
		$query = "INSERT INTO " . $this->table_name . " SET userbranchcode=:userbranchcode, mobile=:mobile, username=:username, useremail=:useremail, userpass=:userpass, userstatus=:userstatus";
		
		//echo $query;
	 
		// prepare query
		$stmt = $this->conn->prepare($query);		
	 
		// sanitize
		$this->userbranchcode=htmlspecialchars(strip_tags($this->userbranchcode));
		$this->mobile=htmlspecialchars(strip_tags($this->mobile));
		$this->username=htmlspecialchars(strip_tags($this->username));
		$this->useremail=htmlspecialchars(strip_tags($this->useremail));
		$this->userpass=htmlspecialchars(strip_tags($this->userpass));		
		$this->userstatus=htmlspecialchars(strip_tags($this->userstatus));
			 
		// bind values
		$stmt->bindParam(":userbranchcode", $this->userbranchcode);
		$stmt->bindParam(":mobile", $this->mobile);
		$stmt->bindParam(":username", $this->username);
		$stmt->bindParam(":useremail", $this->useremail);
		$stmt->bindParam(":userpass", $this->userpass);
		$stmt->bindParam(":userstatus", $this->userstatus);
			
		// execute query
		if($stmt->execute()){			
			return true;
		}
			return false;
	}
	
	/******************************************************************************/
	
	function user_read(){					
		
		$query = "SELECT * FROM " . $this->table_name . " WHERE userstatus = 'active'";		
		//echo $query;
		
		// prepare query statement
		$stmt = $this->conn->prepare($query);
				
		// execute query
		$stmt->execute();
 
    return $stmt;
		
	}
	
	/******************************************************************************/

/******************************************************************************/
	
	 public function check_login($emailusername, $password){
					
		// query to insert record
		$query = "SELECT * FROM " . $this->table_name . " WHERE useremail='" . $emailusername ."' or username = '".$emailusername."' AND userpass = '".$password."'";			
		
		// prepare query statement
		$stmt = $this->conn->prepare($query);
		
		//$stmt->bindParam(":ts_empid", $this->ts_empid);
				 
		// execute query
		$stmt->execute();		
 
		if ($stmt->rowCount() == 1) {                
                 return true;
           } else {
                // Define failure
                return false;
           }		
	}
	
/******************************************************************************/
	
	 public function check_admin_permission($username){
					
		// query to insert record
		$query = "SELECT * FROM " . $this->table_name . " WHERE username='" . $username ."' AND userbranchcode = 0";			
		
		// prepare query statement
		$stmt = $this->conn->prepare($query);
		
		//$stmt->bindParam(":ts_empid", $this->ts_empid);
				 
		// execute query
		$stmt->execute();
		 
		if ($stmt->rowCount() == 1) {                
                 return true;
           } else {
                // Define failure
                return false;
           }		
	}
	

	/******************************************************************************/
	
	function user_delete(){
					
		// set ID property of record to read
		$query = "DELETE FROM " . $this->table_name . " WHERE user_id=:ts_userid" ;
				 
		// prepare query statement
		$stmt = $this->conn->prepare($query);
		$stmt->bindParam(":ts_userid", $this->ts_userid);
				 
		// execute query
		$stmt->execute();
 
    return $stmt;
		
	}
	
	/******************************************************************************/
}
?>