function check_max_field_lengths($field_length_array)
{
$field_errors = array();
foreach ($field_length_array as $fieldname => $maxlength) {
if (strlen(trim(mysqli_prep($_POST[$fieldname]))) > $maxlength) {
$field_errors[] = $fieldname;
}
}
return $field_errors;
}
require_once "../../includes/validations_functions.php";
include "../../includes/layouts/page_header.php";
logged_in();
if (isset($_GET["userid"])) {
$current_user = find_user_by_id($_GET["userid"]);
} else {
$current_user = null;
}
if (!$current_user["id"]) {
redirect_to("manage_users.php");
}
?>
<?php
if (isset($_POST['submit'])) {
$username = mysqli_prep($_POST["username"]);
$password = password_encrypt($_POST["password"]);
$required_fields = array("username", "password");
validate_presences($required_fields);
$field_with_max_lengths = array("username" => 60);
validate_max_lengths($field_with_max_lengths);
if (empty($errors)) {
$id = $current_user["id"];
$update_query = "UPDATE users SET ";
$update_query .= "username = '******', ";
$update_query .= "hashed_password = '******' ";
$update_query .= "WHERE id = {$id} ";
$update_query .= "LIMIT 1";
$result = mysqli_query($connection, $update_query);
if ($result && mysqli_affected_rows($connection) == 1) {
$_SESSION["message"] = "User edit success.";
$message1 = "";
$message2 = "";
if (isset($_POST['submit'])) {
$errors = array();
$required_fields = array('isbn', 'title', 'author', 'img_url', 'isn');
foreach ($required_fields as $fieldname) {
if (!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) {
$errors[] = $fieldname;
}
}
if (empty($errors)) {
$bisbn = mysqli_prep($_POST['isbn']);
$btitle = mysqli_prep($_POST['title']);
$bauthor = mysqli_prep($_POST['author']);
$bimg = mysqli_prep($_POST['img_url']);
$bisn = mysqli_prep($_POST['isn']);
$query1 = "INSERT INTO book (`ISBN`, `title`, `author`,`img_url`) ";
$query1 .= "SELECT * FROM (SELECT '{$bisbn}', '{$btitle}', '{$bauthor}','{$bimg}') as tmp ";
$query1 .= "WHERE NOT EXISTS ( SELECT `ISBN` FROM book WHERE `ISBN` = '{$bisbn}') LIMIT 1 ";
$result1 = $connection->query($query1);
if ($result1) {
$query2 = "INSERT INTO book_copy (`book_isbn`, `isn`, `is_available`) VALUES ('{$bisbn}', '{$bisn}', '1')";
$result2 = $connection->query($query2);
}
if ($result2 && $result1) {
$message2 = "Book Added Successfully";
} else {
$message2 = "Error Adding Book " . $connection->error;
}
} else {
// Errors occurred
require_once "includes/session.php";
require_once "includes/connection.php";
require_once "includes/functions.php";
if (logged_in()) {
if (isset($_GET['admin']) && $_GET['admin'] == '0') {
$message2 = "Login as administrator or click here to go to reader's page";
} else {
redirect_to("home.php");
}
}
include_once "includes/form_functions.php";
// START FORM PROCESSING
if (isset($_SESSION['temp_email']) || isset($_SESSION['temp_password'])) {
// Form has been submitted.
$email = trim(mysqli_prep($_SESSION['temp_email']));
$password = trim(mysqli_prep($_SESSION['temp_password']));
$hashed_password = sha1($password);
// Check database to see if email and the hashed password exist there.
$query = "SELECT user.id,name,mail,is_admin,image_url,profstud_flag ";
$query .= "FROM user LEFT JOIN reader ON reader.id = user.id ";
$query .= "WHERE mail = '{$email}' ";
$query .= "AND hashed_password = '******' ";
$query .= "LIMIT 1";
$result_set = $connection->query($query);
if ($result_set->num_rows == 1) {
// email/password authenticated
// and only 1 match
$found_user = mysqli_fetch_array($result_set, MYSQLI_ASSOC);
$_SESSION['id'] = $found_user['id'];
$_SESSION['mail'] = $found_user['mail'];
$_SESSION['name'] = $found_user['name'];
require_once "../../includes/sessions.php";
require_once "../../includes/db_connect.php";
require_once "../../includes/functions.php";
require_once "../../includes/validations_functions.php";
logged_in();
find_selected_page();
if (!$current_subject) {
redirect_to("manage_content.php");
}
include "../../includes/layouts/page_header.php";
?>
<?php
if (isset($_POST['submit'])) {
$menu_name = mysqli_prep($_POST["menu_name"]);
$position = (int) $_POST["position"];
$visible = (int) $_POST["visible"];
$required_fields = array("menu_name", "position", "visible");
validate_presences($required_fields);
$field_with_max_lengths = array("menu_name" => 60);
validate_max_lengths($field_with_max_lengths);
if (empty($errors)) {
$id = $current_subject["id"];
$update_query = "UPDATE subjects SET ";
$update_query .= "subject_name = '{$menu_name}', ";
$update_query .= "position = '{$position}', ";
$update_query .= "visible = '{$visible}' ";
$update_query .= "WHERE id = {$id} ";
$update_query .= "LIMIT 1";
$result = mysqli_query($connection, $update_query);
$errors[] = $fieldname;
}
}
if (empty($errors)) {
$adduser_name = mysqli_prep($_POST['user_name']);
$adduser_id = "";
$adduser_email = mysqli_prep($_POST['email']);
if (isset($_POST['code']) && !empty($_POST['code'])) {
$adduser_code = $_POST['code'];
}
if (isset($_POST['limit']) && !empty($_POST['limit'])) {
$adduser_limit = $_POST['limit'];
}
$adduser_pswd = $_POST['password'];
$adduser_img = $_POST['img_url'];
$adduser_type = mysqli_prep($_POST['user_type']);
if ($adduser_type == "Administrator") {
$query = "INSERT INTO `user` (`id`, `name`, `hashed_password`, `mail`, `is_admin`, `token`, `image_url`) VALUES (NULL, '{$adduser_name}', SHA1('{$adduser_pswd}'), '{$adduser_email}', '1',NULL, '{$adduser_img}')";
$result = $connection->query($query);
if ($result) {
$query_id = "SELECT LAST_INSERT_ID()";
$result_id = $connection->query($query_id);
$found_id = mysqli_fetch_array($result_id, MYSQLI_ASSOC);
$adduser_id = $found_id['LAST_INSERT_ID()'];
$query1 = "INSERT INTO `admin` (`id`, `joindate`) VALUES ('{$adduser_id}', now())";
$result1 = $connection->query($query1);
if ($result1) {
$message = "Administrator Added Successfully with ID = " . $adduser_id;
} else {
$message = "Error Adding Administrator";
}
require_once "../includes/validation_functions.php";
find_selected_page();
if (!$current_page) {
redirect_to("manage_content.php");
}
?>
<!-- Form processing -->
<?php
if (isset($_POST['submit'])) {
// Process the form
$id = $current_page["id"];
$menu_name = mysqli_prep($_POST["menu_name"]);
$position = (int) $_POST["position"];
$visible = (int) $_POST["visible"];
$content = mysqli_prep($_POST["content"]);
// Escape all strings
$menu_name = mysqli_real_escape_string($connection, $menu_name);
// Validations
$required_fields = array("menu_name", "position", "visible", "content");
validate_presences($required_fields);
$fields_with_max_lengths = array("menu_name" => 30);
validate_max_lengths($fields_with_max_lengths);
// print_r($errors);
if (empty($errors)) {
// Perform DB query
$query = "UPDATE pages\n\t\t\t\t\t SET menu_name = '{$menu_name}', \n\t\t\t\t\t position = {$position}, \n\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t content = '{$content}'\n\t\t\t\t\t WHERE id = {$id}\n\t\t\t\t\t LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
$_SESSION["message"] = "Editted successfully!";
redirect_to("manage_content.php");
