<?php require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'bootstrap.php'; // check if there is query string with book id. If not, redirect. if (Input::exists('get') === false || Input::found('id') === false) { Redirect::to('index.php'); } if (Token::check(Input::get('token'))) { //delete book from database $bookManager = new BookManage(); $bookManager->delete(Input::get('id')); /** * * The following block of code if responsible for deleting book cover * **/ $destination = dirname(__DIR__) . DIRECTORY_SEPARATOR . Config::get('upload_book_cover/default_folder'); // adding trailing slash if there isn't one if ($destination[strlen($destination) - 1] != '/') { $destination .= '/'; } // find the file by given name no mater what extension it has and delete it $pattern = $destination . Input::get('id') . '.*'; $file = glob($pattern)[0]; unlink($file); $logMessage = 'Книга удалена (' . Input::get('id') . ')'; Log::getInstance()->message($logMessage, 'book_manage'); Session::flash('home', 'Товар удален из каталога'); Redirect::to('manage.php'); } else { Session::flash('home', 'Неправильный токен');
/** * establish error handler outside the following if block because * of a need to output error information to the user **/ $errorHandler = new ErrorHandler(); if (Input::exists()) { if (Token::check(Input::get('token'))) { $validator = new Validate($errorHandler); $validator->check($_POST, ['address' => ['required' => true, 'minLength' => 5, 'maxLength' => 240], 'customer_name' => ['required' => true, 'minLength' => 8, 'maxLength' => 120], 'quantity' => ['digit' => true], 'info' => ['maxLength' => 600]]); /** * Google reCAPTCHA check (if enabled in config.ini) **/ if ($recaptchaEnabled) { $reCaptcha = new ReCaptcha(Config::get('google_recaptcha/secret_key')); // Was there a proper reCAPTCHA response? if (Input::found('g-recaptcha-response')) { $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], Input::get('g-recaptcha-response')); } else { $response = null; } if ($response === null || $response->success !== true) { $message = 'Пожалуйста, подтвердите, что вы не робот.<span class="smile">☺</span>'; $errorHandler->addError($message, 'recaptcha'); } } // continue only if there aren't any errors if ($errorHandler->hasErrors() === false) { $phpmailer = new PHPMailer(); $mailer = new Mail($errorHandler, $phpmailer); /*=========================================================== = Composing email with customer order =
$library = $bookSelector->loadLibrary($limit); } } } /** * Find out the name of current php file to use in links with query string * A bit of explanation: PHP_SELF isn't good due to being vulnerable to XSS **/ $current = basename(__FILE__); // generate controls to navigate through different pages $controls = ''; if ($last != 1) { // Define possible contexts for pagination $specifiers = ['author', 'genre', 'title']; foreach ($specifiers as $specifier) { if (Input::exists('get') && Input::found($specifier)) { $specifier = $specifier . '=' . Input::get($specifier) . '&'; break; // otherwise we will end up with empty specifier } else { $specifier = ''; } } $controls = '<div class="controls"><ul>'; /** * First we check if we are on the page one. If we are then we don't need a * link to the previous page or the first page so we do nothing. If we aren't * then we generate links to the first page, and to the previous page. **/ if ($page > 1) { $previous = $page - 1;
// we need to include header first because of search functionality $pageTitle = 'BkShp| Изменить'; include dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR . 'header.php'; if (Input::exists('get') && Input::found('id')) { $sql = 'SELECT id, name, name_secondary FROM author WHERE id = ?;'; $author = Database::getInstance()->query($sql, [Input::get('id')])->first(); if ($author === false) { Session::flash('home', 'Автора с указанным id(' . Input::get('id') . ') не существует'); Redirect::to('manage.php'); } } else { Session::flash('home', 'Не указан автор для редактирования'); Redirect::to('manage.php'); } $errorHandler = new ErrorHandler(); if (Input::found('submit')) { if (Token::check(Input::get('token'))) { $validator = new Validate($errorHandler); $validator->check($_POST, ['name' => ['required' => true, 'minLength' => 3, 'maxLength' => 60], 'name_secondary' => ['minLength' => 3, 'maxLength' => 60]]); if ($errorHandler->hasErrors() === false) { $data = ['name' => Input::get('name'), 'name_secondary' => Input::get('name_secondary')]; $update = Database::getInstance()->update('author', $author->id, $data)->count(); if ($update > 0) { $message = 'Информация об авторе(' . $author->name . ', ' . $author->id . ') была отредактирована.'; Log::getInstance()->message($message, 'book_manage'); Session::flash('home', $message); } else { Session::flash('home', 'Информация об авторе(' . $author->name . ', ' . $author->id . ') осталась неизмененной.'); } Redirect::to('manage.php'); }
<?php require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'bootstrap.php'; // we need to include header first because of search functionality $pageTitle = 'BkShp| Изменить'; include dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR . 'header.php'; // check if there is query string with book id and if it's valid. Load book data. if (Input::exists('get') && Input::found('id')) { $bookSelector = new BookSelect(); $id = Input::get('id'); $book = $bookSelector->getBook($id, true); if ($book === false) { Session::flash('home', 'Книги с указанным id(' . Input::get('id') . ') не существует'); Redirect::to('manage.php'); } } else { Session::flash('home', 'Не указана книга для редактирования'); Redirect::to('manage.php'); } /** * There isn't a way to properly check if uploaded file exceeds post_max_size * limit in php.ini, so we validate $_SERVER['CONTENT_LENGTH'] to avoid unnecessary * warnings and to make overall experience a bit more user friendly **/ $postMaxSize = Info::convertToBytes(ini_get('post_max_size')); if (isset($_SERVER['CONTENT_LENGTH']) && $_SERVER['CONTENT_LENGTH'] > $postMaxSize) { Session::flash('home', 'Вы пытаетесь загрузить слишком большой файл.'); Redirect::to(); } $errorHandler = new ErrorHandler(); if (Input::exists()) {
<?php require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'bootstrap.php'; if (Input::exists('get') && Input::found('search')) { if (Input::found('search_category') && Input::found('search_id')) { if (Input::get('search_category') === 'book') { Redirect::to('book.php?id=' . Input::get('search_id')); } else { Redirect::to('index.php?' . Input::get('search_category') . '=' . Input::get('search_id')); } } Redirect::to('index.php?title=' . Input::get('search')); } $defaultTitle = 'Bookshop'; $defaultDescription = 'Продаем художественную, учебную и другую литературу с доставкой на дом. Николаев.'; ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <meta name="google" content="notranslate"> <title><?php echo isset($pageTitle) ? $pageTitle : $defaultTitle; ?> </title> <meta name="description" content="<?php echo isset($pageDescription) ? $pageDescription : $defaultDescription; ?> ">
require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'bootstrap.php'; $pageTitle = 'BkShp| Управление'; include dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR . 'header.php'; if (Input::exists()) { if (Token::check(Input::get('token'))) { if (Input::found('book_edit')) { $sql = 'SELECT id FROM book WHERE title = ?;'; $id = Database::getInstance()->query($sql, [Input::get('book_edit')])->first()->id; if (isset($id) == false) { $input = Input::escape(Input::get('book_edit')); Session::flash('home', 'Книги под названием "' . $input . '" не существует'); Redirect::to(); } Redirect::to('editbook.php?id=' . $id); } if (Input::found('author_edit')) { $sql = 'SELECT id FROM author WHERE name = ?;'; $id = Database::getInstance()->query($sql, [Input::get('author_edit')])->first()->id; if (isset($id) == false) { $input = Input::escape(Input::get('author_edit')); Session::flash('home', 'Автора под именем "' . $input . '" не существует'); Redirect::to(); } Redirect::to('editauthor.php?id=' . $id); } } } // there would be 2 forms on this page so we need to generate anti-csrf token beforehand $token = Token::generate(); ?> <div class="wrapper">