<?php
require './includes/config.inc.php';
redirect_invalid_user('user_admin');
$page_title = 'dodavanje knjige';
include './includes/header.html';
require MYSQL;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!empty($_POST['art_descr'])) {
$t = mysqli_real_escape_string($dbc, strip_tags($_POST['art_descr']));
} else {
echo ' Molim unesite naslov knjige!';
}
if (!empty($_POST['price'])) {
$d = mysqli_real_escape_string($dbc, strip_tags($_POST['price']));
} else {
echo ' Molim unesite cijenu proizvoda!';
}
$descr = $_POST['art_descr'];
$amount = $_POST['amount'];
$price = $_POST['price'];
$num = $_POST['art_no'];
$pic = $_POST['pic'];
$q = "INSERT INTO stock (art_descr, amount, price, art_no, pic) VALUES ('{$descr}', '{$amount}', '{$price}', '{$num}', '{$pic}')";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1) {
echo '<h4>Knjiga je dodana!</h4>';
} else {
trigger_error('Knjige se nije mogla dodati zbog sistemskog errora.');
}
}
<?php
require './includes/config.inc.php';
redirect_invalid_user();
$page_title = 'Promijenite vasu lozinku';
include './includes/header.html';
require MYSQL;
$pass_errors = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!empty($_POST['current'])) {
$current = mysqli_real_escape_string($dbc, $_POST['current']);
} else {
$pass_errors['current'] = 'Molim vas unesite svoju lozinku!';
}
if (preg_match('/^(\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*){6,20}$/', $_POST['pass1'])) {
if ($_POST['pass1'] == $_POST['pass2']) {
$p = mysqli_real_escape_string($dbc, $_POST['pass1']);
} else {
$pass_errors['pass2'] = 'Vasa lozinka nije nadena u bazi podataka!';
}
} else {
$pass_errors['pass1'] = 'Molim unesite ispravnu lozinku!';
}
if (empty($pass_errors)) {
$q = "SELECT id FROM users WHERE pass='******' AND id={$_SESSION['user_id']}";
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) == 1) {
$q = "UPDATE users SET pass='******' WHERE id={$_SESSION['user_id']} LIMIT 1";
if ($r = mysqli_query($dbc, $q)) {
echo '<h3>Vasa lozinka je promjenjena.</h3>';
include './includes/footer.html';
<?php
// This page adds a page of content to the list of the user's favorites.
// This is bonus material based upon recommendations suggested in Chapter 5.
// Require the configuration before any PHP code as the configuration controls error reporting:
require './includes/config.inc.php';
// The config file also starts the session.
// If the user isn't active, redirect them:
redirect_invalid_user('user_not_expired');
// Require the database connection:
require MYSQL;
// Validate the page ID:
if (filter_var($_GET['id'], FILTER_VALIDATE_INT, array('min_range' => 1))) {
$page_id = $_GET['id'];
// Get the page info:
$q = 'SELECT title, description, content FROM pages WHERE id=' . $page_id;
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) != 1) {
// Problem!
$page_title = 'Error!';
include './includes/header.html';
echo '<p class="error">This page has been accessed in error.</p>';
include './includes/footer.html';
exit;
}
// Fetch the page info:
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
$page_title = $row['title'];
include 'includes/header.html';
echo "<h3>{$page_title}</h3>";
// Add this favorite to the database:
