function post_comments()
{
$comment = escape_this_string($_POST["comment"]);
$query = "INSERT INTO comments (comment, created_at, updated_at, message_id, user_id)\n\t\t\t\t VALUES ('{$comment}', NOW(), NOW(), '{$_POST['message_id']}', '{$_SESSION['user_id']}')";
if (run_mysql_query($query)) {
header("Location: wall.php");
}
}
function insert_query_comment($post)
{
$content = escape_this_string($post['content']);
$query = "INSERT INTO comments\n\t\t\t\t\t(content, created_at, updated_at,post_id,user_id)\n\t\t\t\t\tvalues\n\t\t\t\t\t('{$content}',now(),now(),{$_POST['post_id']},{$_SESSION['user_id']});";
if (run_mysql_query($query)) {
// run query here
header('Location: wall.php');
return true;
} else {
var_dump($post);
die("System Error");
}
//return
}
function login_user($post)
{
$password = md5($post['password']);
$email = escape_this_string($post['email']);
$query = "SELECT * FROM users WHERE users.email = '{$email}' AND users.password = '******'";
$user = fetch_all($query);
if (count($user) > 0) {
$_SESSION['user_id'] = $user[0]['id'];
$_SESSION['first_name'] = $user[0]['first_name'];
$_SESSION['logged_in'] = true;
header('location: wall.php');
} else {
$_SESSION['errors'][] = 'Check your credentials';
header('location: login.php');
}
}
function login_user($post)
{
// First the security stuff and then a query to get all of the needed data from the database
$username = escape_this_string($post['username']);
$email = escape_this_string($post['email']);
$password = escape_this_string($post['password']);
$query = "SELECT * FROM users WHERE users.username = '******'";
$user = fetch_record($query);
// Beginning of validation checks
if (empty($username)) {
$_SESSION['errors'][] = "Please enter your username";
}
if (empty($password)) {
$_SESSION['errors'][] = "Please enter your password";
}
if (empty($email)) {
$_SESSION['errors'][] = "Please enter your email";
}
if (count($_SESSION['errors']) > 0) {
header('Location: main.php');
exit;
}
// End of validation checks
// Check to see if $user is empty
if (empty($user)) {
$_SESSION['errors'][] = "There are no users present in the database";
header('Location: main.php');
exit;
} else {
if (!empty($user)) {
$encrypted_password = md5($password . '' . $user['salt']);
if ($user['password'] == $encrypted_password) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['logged_in'] = true;
header('Location: wall.php');
} else {
// If an error occurs then this error is shown
$_SESSION['errors'][] = "Cannot find a matching user";
header('Location: main.php');
exit;
}
}
}
}
function login_user($post)
{
$email = escape_this_string($_POST["email"]);
$password = escape_this_string($_POST["password"]);
$query = "SELECT * FROM users\n\t\t\t\t WHERE users.password = '******'\n\t\t\t\t AND users.email = '{$email}'";
$user = fetch_all($query);
if (count($user) > 0) {
$_SESSION["user_id"] = $user[0]["id"];
$_SESSION["first_name"] = $user[0]["first_name"];
$_SESSION["logged_in"] = TRUE;
header("Location: wall.php");
die;
} else {
$_SESSION["errors"][] = "Can't find a user with those credentials!";
header("Location: index.php");
die;
}
}
exit;
}
}
}
//if user is posting a message
if ($_POST['action'] == 'post_message') {
$query = "INSERT INTO messages (user_id, message, created_at, updated_at) VALUES ('" . escape_this_string($_SESSION['user_id']) . "', '" . escape_this_string($_POST['message']) . "', NOW(), NOW())";
run_mysql_query($query);
header("LOCATION: home.php");
exit;
}
//if user is posting a comment
if ($_POST['action'] == 'post_comment') {
$query = "INSERT INTO comments (message_id, user_id, comment, created_at, updated_at) VALUES ('" . escape_this_string($_POST['message_id']) . "','" . escape_this_string($_POST['user_id']) . "', '" . escape_this_string($_POST['comment']) . "', NOW(), NOW())";
run_mysql_query($query);
header("LOCATION: home.php");
exit;
}
//if user is logging off
if ($_POST['action'] == 'logoff') {
header("LOCATION: index.php");
session_destroy();
exit;
}
//if user is deleting his message
if ($_POST['action'] == 'delete') {
$query = "DELETE FROM messages WHERE id = " . escape_this_string($_POST['message_id']);
run_mysql_query($query);
header("LOCATION: home.php");
exit;
}
$_SESSION['error'][] = "You must create four options for this poll.";
} elseif (empty($_POST['option3'])) {
$_SESSION['error'][] = "You must create four options for this poll.";
} elseif (empty($_POST['option4'])) {
$_SESSION['error'][] = "You must create four options for this poll.";
}
if (isset($_SESSION['error'])) {
header("location: add_poll.php");
die;
} else {
$esc_title = escape_this_string($_POST['title']);
$esc_description = escape_this_string($_POST['description']);
$esc_option1 = escape_this_string($_POST['option1']);
$esc_option2 = escape_this_string($_POST['option2']);
$esc_option3 = escape_this_string($_POST['option3']);
$esc_option4 = escape_this_string($_POST['option4']);
$poll_query = "INSERT INTO green_belt.polls (name, description, created_at, updated_at) VALUES ('{$esc_title}', '{$esc_description}', NOW(), NOW())";
$poll_id = run_mysql_query($poll_query);
$option1_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option1}', {$poll_id}, NOW(), NOW())";
$option2_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option2}', {$poll_id}, NOW(), NOW())";
$option3_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option3}', {$poll_id}, NOW(), NOW())";
$option4_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option4}', {$poll_id}, NOW(), NOW())";
$option1_id = run_mysql_query($option1_query);
$option2_id = run_mysql_query($option2_query);
$option3_id = run_mysql_query($option3_query);
$option4_id = run_mysql_query($option4_query);
header("location: index.php");
}
} elseif (isset($_POST['action']) && $_POST['action'] == 'vote') {
if (empty($_POST['opt'])) {
unset($_SESSION['error']);
<?php
$username = escape_this_string($_POST['username']);
$email = escape_this_string($_POST['email']);
$password = escape_this_string($_POST['password']);
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
$query = "INSERT INTO users (username, email, password, salt, created_at, updated_at) \n VALUES ('{$username}', '{$email}', '{$encrypted_password}', '{$salt}', NOW(), NOW());\n run_mysql_query({$query})";
// die();
$query = "INSERT INTO comments (comment, message_id, comment_user_id, created_at_cmt, updated_at_cmt) VALUE ('{$comment}', '{$message_id}', '{$user_id}', NOW(), NOW())";
run_mysql_query($query);
header('location: wall.php');
} else {
header('Location: wall.php');
}
//message handling
} else {
if ($_POST['action'] == 'post_message') {
//check what button was clicked
if (isset($_POST['submit_message']) && $_POST['submit_message'] != null && !empty($_POST['submit_message'])) {
//make sure the message isn't blank
$user_id = $_SESSION['user_id'];
//again, variables for easier syntax in the query
$message = escape_this_string($_POST['message']);
//prevent MySQL injection
$query = "INSERT INTO messages (message, user_id, created_at_msg, updated_at_msg) VALUE ('{$message}', '{$user_id}', NOW(), NOW())";
// var_dump($user_id);
// die();
run_mysql_query($query);
header('location: wall.php');
} else {
if ($_POST['submit_message'] == null) {
header('location: wall.php');
} else {
header("Location: wall.php");
//if no button was clicked, then refresh
}
}
//delete message handling
function login()
{
$email = escape_this_string($_POST['email']);
$password = escape_this_string($_POST['password']);
//check is login info is in database
// $query = "SELECT * FROM users WHERE users.email ='{$email}' and users.password ='******'; ";
$query = "SELECT id as user_id, name_first, name_last\n\t\t\t\t\t\t\t\tFROM users\n\t\t\t\t\t\t\t\tWHERE email='{$email}'\n\t\t\t\t\t\t\t\tAND password='******';\n\t\t";
if (!fetch($query)) {
$_SESSION['errors']['login'] = "******";
header("Location: index.php");
die;
}
$_SESSION = fetch($query)[0];
//// user array replaces SESSION
// $user = fetch($query)[0];
// $_S['user-id'] = $user['id'];
// $_S['user-name'] = $user['name_first'];
header("Location: wall.php");
}
/* ========================== Posts form validation ====================================================== */
if ($_POST['submitted_form'] == 'post') {
$posts = $_POST['post_message'];
$query_1 = "INSERT INTO posts (post, created_at, updated_at, user_id) \n \t\t\t\t\tVALUES ( '{$posts}', NOW(), NOW(), {$_SESSION['this_user']['id']} )";
$query_2 = "SELECT posts.id as post_id, post, posts.created_at as post_created_at, posts.user_id, \n\t\t\t\t\tusers.id as user_id, users.first_name, users.last_name, users.created_at as users_created_at \n\t\t\t\t\tFROM posts LEFT JOIN users ON posts.user_id = users.id";
$query_3 = "SELECT comments.id AS comment_id, comments.comment, comments.created_at AS comment_created_at, \n\t\t\t\t\tcomments.user_id AS comment_user_id, comments.post_id AS comment_post_id, \n\t\t\t\t\tusers.first_name AS comment_first_name, users.id AS comment_user_id FROM comments\n\t\t\t\t\tLEFT JOIN users ON comments.user_id = users.id;;";
// var_dump($post_message);
// var_dump(run_mysql_query($get_messages));
// var_dump(fetch_all($get_messages));
// var_dump(fetch_all($get_posts));
run_mysql_query($query_1);
if (fetch_all($query_2)) {
$_SESSION['all_posts'] = fetch_all($query_2);
}
if (!empty(fetch_all($query_3))) {
$_SESSION['all_comments'] = fetch_all($query_3);
}
header('location: wall.php');
}
/* ========================== Comment form validation ==================================================== */
if ($_POST['submitted_form'] == 'comments') {
$comment = escape_this_string($_POST['post_comments']);
$query_1 = "INSERT INTO comments (comment, created_at, updated_at, user_id, post_id )\n\t\t VALUES ('{$comment}', NOW(), NOW(), '{$_SESSION['this_user']['id']}', '{$_POST['post_id']}')";
$query_2 = "SELECT comments.id AS comment_id, comments.comment, comments.created_at AS comment_created_at, \n\t\t\t\t\tcomments.user_id AS comment_user_id, comments.post_id AS comment_post_id, \n\t\t\t\t\tusers.first_name AS comment_first_name, users.id AS comment_user_id FROM comments\n\t\t\t\t\tLEFT JOIN users ON comments.user_id = users.id;";
run_mysql_query($query_1);
// // // var_dump($_SESSION['post_id']);
// // // var_dump($query_1);
// // // var_dump(run_mysql_query($post_comments));
$_SESSION['all_comments'] = fetch_all($query_2);
header('location: wall.php');
}
<?php
session_start();
require 'connection.php';
$errors = array();
if (isset($_POST['action']) && $_POST['action'] == 'logout') {
session_destroy();
header('location: index.php');
} else {
if (isset($_POST['action']) && $_POST['action'] == 'message') {
$message = escape_this_string($_POST['message']);
$query = "INSERT INTO messages (message, users_id, created_at, updated_at) VALUES ('{$message}', '{$_SESSION['user_id']}', NOW(), NOW())";
if (!run_mysql_query($query)) {
$errors[] = 'failed to post message';
}
$_SESSION['errors'] = $errors;
header('location: main.php');
} else {
if (isset($_POST['action']) && $_POST['action'] == 'comment') {
$comment = escape_this_string($_POST['comment']);
$query = "INSERT INTO comments (comment, users_id, messages_id, created_at, updated_at) VALUES ('{$comment}', '{$_SESSION['user_id']}', '{$_POST['message_id']}', NOW(), NOW())";
if (!run_mysql_query($query)) {
$errors[] = 'failed to post comment';
}
$_SESSION['errors'] = $errors;
header('location: main.php');
}
}
}
}
/* ======================== Login form validation ======================================================== */
if ($_POST['submitted_form'] == 'login') {
if (empty($_POST['email']) || empty($_POST['password'])) {
$errors[] = "Make sure no fields are empty";
}
if (strlen($_POST['password']) < 6 || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errors[] = "Make sure password is more than 6 characters and email is valid";
}
// Set local variables //
$query_1 = "SELECT * FROM users WHERE email = '{$_POST['email']}' ";
$query_2 = "SELECT posts.id as post_id, post, posts.created_at as post_created_at, posts.user_id, \n\t\t\t\t\tusers.id as user_id, users.first_name, users.last_name, users.created_at as users_created_at \n\t\t\t\t\tFROM posts LEFT JOIN users ON posts.user_id = users.id";
$query_3 = "SELECT comments.id AS comment_id, comments.comment, comments.created_at AS comment_created_at, \n\t\t\t\t\tcomments.user_id AS comment_user_id, comments.post_id AS comment_post_id, \n\t\t\t\t\tusers.first_name AS comment_first_name, users.id AS comment_user_id FROM comments\n\t\t\t\t\tLEFT JOIN users ON comments.user_id = users.id;";
$this_user = fetch_record($query_1);
// Check database for username & password //
$encrypted_password = md5(escape_this_string($_POST['password']) . '' . $this_user['salt']);
if (empty($this_user)) {
$errors[] = "Email was not found";
} else {
if ($this_user['password'] != $encrypted_password) {
$errors[] = "Password and email do not match";
}
}
/* ---------- use when troubleshooting password / email errors ------ */
// echo "this_user: "******"encrypted_password:"******"stored password:";
// var_dump($this_user['password']);
// var_dump($this_user['salt']);
