settings_table . " WHERE setting_key = ? LIMIT 0,1"; $stmt = $this->conn->prepare($query); $stmt->bindParam(1, $key); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row) { switch ($row['setting_type']) { case 'boolean': return $row['setting_value'] == '1'; case 'number': return (int) $row['setting_value']; case 'json': return json_decode($row['setting_value'], true); default: return $row['setting_value']; } } return null; } public function updateSetting($key, $value, $type = 'string') { // Convert value based on type switch ($type) { case 'boolean': $value = $value ? '1' : '0'; break; case 'json': $value = json_encode($value); break; } $query = "INSERT INTO " . $this->settings_table . " (setting_key, setting_value, setting_type) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE setting_value = VALUES(setting_value), setting_type = VALUES(setting_type)"; $stmt = $this->conn->prepare($query); $stmt->bindParam(1, $key); $stmt->bindParam(2, $value); $stmt->bindParam(3, $type); return $stmt->execute(); } public function getAllSettings() { $query = "SELECT setting_key, setting_value, setting_type FROM " . $this->settings_table . " ORDER BY setting_key"; $stmt = $this->conn->prepare($query); $stmt->execute(); $settings = []; while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $value = $row['setting_value']; switch ($row['setting_type']) { case 'boolean': $value = $row['setting_value'] == '1'; break; case 'number': $value = (int) $row['setting_value']; break; case 'json': $value = json_decode($row['setting_value'], true); break; } $settings[$row['setting_key']] = $value; } return $settings; } public function __construct($db) { $this->conn = $db; } public function create() { $query = "INSERT INTO " . $this->table_name . " SET name=:name, phone=:phone, password=:password, role=:role"; $stmt = $this->conn->prepare($query); $this->name = htmlspecialchars(strip_tags($this->name ?? '')); $this->phone = htmlspecialchars(strip_tags($this->phone ?? '')); $this->password = password_hash($this->password, PASSWORD_DEFAULT); $this->role = htmlspecialchars(strip_tags($this->role ?? 'user')); $stmt->bindParam(":name", $this->name); $stmt->bindParam(":phone", $this->phone); $stmt->bindParam(":password", $this->password); $stmt->bindParam(":role", $this->role); if($stmt->execute()) { $this->id = $this->conn->lastInsertId(); return true; } return false; } public function phoneExists() { $query = "SELECT id, name, password, role FROM " . $this->table_name . " WHERE phone = ? LIMIT 0,1"; $stmt = $this->conn->prepare($query); $stmt->bindParam(1, $this->phone); $stmt->execute(); $num = $stmt->rowCount(); if($num > 0) { $row = $stmt->fetch(PDO::FETCH_ASSOC); $this->id = $row['id']; $this->name = $row['name']; $this->password = $row['password']; $this->role = $row['role']; return true; } return false; } public function getUserById($id) { $query = "SELECT id, name, phone, password, address, age, profile_picture, role FROM " . $this->table_name . " WHERE id = ? LIMIT 0,1"; $stmt = $this->conn->prepare($query); $stmt->bindParam(1, $id); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); return $row; } /** * Login function - authenticate user */ public function login($email, $password) { $query = "SELECT id, name, email, phone, password, address, role FROM " . $this->table_name . " WHERE email = ? LIMIT 1"; $stmt = $this->conn->prepare($query); $stmt->bindParam(1, $email); $stmt->execute(); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && password_verify($password, $user['password'])) { // Don't return password unset($user['password']); return $user; } return false; } public function updateProfile($id, $name, $phone, $address) { $query = "UPDATE " . $this->table_name . " SET name=:name, phone=:phone, address=:address WHERE id=:id"; $stmt = $this->conn->prepare($query); $name = htmlspecialchars(strip_tags($name)); $phone = htmlspecialchars(strip_tags($phone)); $address = htmlspecialchars(strip_tags($address)); $stmt->bindParam(":name", $name); $stmt->bindParam(":phone", $phone); $stmt->bindParam(":address", $address); $stmt->bindParam(":id", $id); if($stmt->execute()) { return true; } return false; } public function updateProfilePicture($id, $profile_picture) { $query = "UPDATE " . $this->table_name . " SET profile_picture=:profile_picture WHERE id=:id"; $stmt = $this->conn->prepare($query); $profile_picture = htmlspecialchars(strip_tags($profile_picture)); $stmt->bindParam(":profile_picture", $profile_picture); $stmt->bindParam(":id", $id); if($stmt->execute()) { return true; } return false; } public function updatePassword($id, $password) { $query = "UPDATE " . $this->table_name . " SET password=:password WHERE id=:id"; $stmt = $this->conn->prepare($query); $password = password_hash($password, PASSWORD_DEFAULT); $stmt->bindParam(":password", $password); $stmt->bindParam(":id", $id); if($stmt->execute()) { return true; } return false; } public function getAllUsers() { $query = "SELECT id, name, phone, address, role, created_at FROM " . $this->table_name . " ORDER BY created_at DESC"; $stmt = $this->conn->prepare($query); $stmt->execute(); return $stmt->fetchAll(PDO::FETCH_ASSOC); } public function deleteUser($id) { $query = "DELETE FROM " . $this->table_name . " WHERE id = ?"; $stmt = $this->conn->prepare($query); $stmt->bindParam(1, $id); if($stmt->execute()) { return true; } return false; } } ?>