public static function _list()
{
$warning = "";
if (isset($_POST['delete_post'])) {
///check if a user is logged in and if the logged in user is the one that wrote the blog post
if (isset($_SESSION['user_id']) && $_SESSION['user_id'] == $_POST['user_id']) {
Post::destroy($_POST['id']);
} else {
$warning = 'Sorry, you do not have permissions to delete that post';
}
}
if (isset($_POST['update_post'])) {
///check if a user is logged in and if the logged in user is the one that wrote the blog post
if (isset($_SESSION['user_id']) && $_SESSION['user_id'] == $_POST['user_id']) {
Post::edit($_POST, $_POST['id']);
} else {
$warning = 'Sorry, you do not have permissions to edit that post';
}
}
if (isset($_POST['create_post'])) {
///check if a user is logged in
if (isset($_SESSION['user_id'])) {
$_POST['user_id'] = $_SESSION['user_id'];
Post::create($_POST);
} else {
$warning = 'Sorry, you must be logged in to submit a post';
}
}
$posts_array = Post::getAll();
if ($posts_array) {
foreach ($posts_array as $post) {
$blogger = Blogger::getOne($post['user_id']);
$post['username'] = $blogger['username'];
}
}
return array('posts' => $posts_array, 'warning' => $warning);
}
public static function _list()
{
$warning = "";
///delete blogger form controller
if (isset($_POST['delete_blogger'])) {
///check if a user is logged in and if the logged in user is the one trying to delete themselves
if (isset($_SESSION['user_id']) && $_SESSION['user_id'] == $_POST['id']) {
Blogger::destroy($_POST['id']);
} else {
$warning = 'Sorry, you do not have permissions to delete that user';
}
}
//update blogger form controller
if (isset($_POST['update_blogger'])) {
///check if a user is logged in and if the logged in user is the one trying to edit the user
if (isset($_SESSION['user_id']) && $_SESSION['user_id'] == $_POST['id']) {
//if new password was not sent, edit the blogger's username or email
if ($_POST['password'] == '') {
Blogger::edit($_POST, $_POST['id']);
} else {
if ($_POST['password'] != '' && $_POST['old_password'] != '') {
//get old password for blogger and check that it matches
$blogger = Blogger::getOne($_POST['id']);
$old_password = md5($_POST['old_password'], false);
if ($old_password == $blogger['password']) {
Blogger::edit($_POST, $_POST['id']);
} else {
$warning = 'Old password does not match password in the database';
}
} else {
$warning = 'You must provide an old password to change passwords.';
}
}
} else {
$warning = 'Sorry, you do not have permissions to edit that user';
}
}
//create blogger form controller
if (isset($_POST['create_blogger'])) {
//check if all fields are present
//NOTE: in most real world application this check would be done in Javascript
// in order to avoid refreshing the page and losing the user's data
if ($_POST['username'] != "" && $_POST['email'] != "" && $_POST['password'] != "" && $_POST['confirm_password'] != "") {
//check if password and confirm password match
//NOTE: in most real world application this check would be done in Javascript
// in order to avoid refreshing the page and losing the user's data
if ($_POST['password'] == $_POST['confirm_password']) {
Blogger::create($_POST);
} else {
$warning = 'Password and confirm password must match';
}
} else {
$warning = 'Please enter all fields to register a user';
}
}
if (isset($_POST['login_blogger'])) {
if ($_POST['username'] != '' && $_POST['password'] != '') {
$blogger = Blogger::login($_POST);
if ($blogger) {
$_SESSION['user_id'] = $blogger['id'];
} else {
$warning = 'No blogger with that username and database exists in our database';
}
} else {
$warning = 'Please enter both username and password';
}
}
if (isset($_POST['logout_blogger'])) {
unset($_SESSION['user_id']);
}
$blogger_array = Blogger::getAll();
return array('bloggers' => $blogger_array, 'bloggerWarning' => $warning);
}