//YES WE FOUND A MATCH!
if ($count > 0) {
$query2 = "SELECT role, userId FROM tbl_users\r\n\t\t\t\t\t\t WHERE username = '******'";
$result = mysqli_query($conn, $query2) or die("Error in query: " . mysqli_error($conn));
$row2 = mysqli_fetch_row($result);
$role = $row2[0];
$userId = $row2[1];
header("Location:index.php");
if ($role == 'admin') {
$_SESSION['admin'] = true;
//Create a session for the admin
$_SESSION['username'] = $username;
$_SESSION['userId'] = $userId;
$_SESSION['dateTime'] = $date;
write_mysql_log($_SESSION['username'] . " successfully logged in!", $conn);
//write log
} else {
$_SESSION['registered'] = true;
//Create a session for the user
$_SESSION['username'] = $username;
$_SESSION['userId'] = $userId;
$_SESSION['dateTime'] = $date;
write_mysql_log($_SESSION['username'] . " successfully logged in!", $conn);
}
} else {
$loginFailed = "Incorrect username and/or password";
$_SESSION['loginFailed'] = $loginFailed;
write_mysql_log("Login failed!", $conn);
}
}
}
//Variables from the form
$title = $_POST['title'];
$content = $_POST['content'];
$file = $_FILES['file']['name'];
//Check to see if the user left any space empty!
if ($title == "" || $content == "") {
echo "Please fill all the fields!";
} else {
if ($_FILES["file"]["error"] > 0) {
echo "Error: " . $_FILES["file"]["error"];
} else {
//write image details to log
write_mysql_log("Upload: " . $_FILES["file"]["name"], $conn);
write_mysql_log("Type: " . $_FILES["file"]["type"], $conn);
write_mysql_log("Size: " . $_FILES["file"]["size"] / 1024, $conn);
write_mysql_log("Stored in: " . $_FILES["file"]["tmp_name"], $conn);
//move image from temp location to images folder
$final_save_dir = 'images/';
move_uploaded_file($_FILES['file']['tmp_name'], $final_save_dir . $_FILES['file']['name']);
$image = $final_save_dir . $_FILES['file']['name'];
$query2 = "UPDATE tbl_articles SET title='{$title}', content='{$content}', imgPath='{$image}' \r\n\t\t\t\t\t\t\t\t WHERE articleId='{$artId}'";
$result2 = mysqli_query($conn, $query2) or die(mysqli_error($conn));
header("Location:page.php");
}
}
} else {
//getting article Id which was passed from in page.php in link and can be seen in URL
$query = "SELECT * FROM tbl_articles WHERE articleId = '{$artId}'";
$result = mysqli_query($conn, $query) or die("Error in query: " . mysqli_error($conn));
$row = mysqli_fetch_assoc($result);
?>
<?php
/**
* The logout template file
*
*/
session_start();
require_once "functions.php";
$conn = connectToMySQL();
//grabbing the username from the session
if (isset($_SESSION['username'])) {
write_mysql_log($_SESSION['username'] . " successfully logged out!", $conn);
}
header("Location:index.php");
//destroying the session
$_SESSION = array();
session_destroy();
<?php
/**
* The posts template file
*
*/
include "header.php";
require_once "functions.php";
if (isset($_SESSION['admin'])) {
$conn = connectToMySQL();
//getting article Id which was passed from in page.php in link and can be seen in URL
if (isset($_GET['artId'])) {
$artId = $_GET['artId'];
}
//deleting selected article from the database
$query = "DELETE FROM tbl_articles WHERE articleId = '{$artId}'";
$result = mysqli_query($conn, $query) or die("Error in query: " . mysqli_error($conn));
write_mysql_log($_SESSION['username'] . " successfully deleted an article!", $conn);
header("Location:page.php");
include "sidebar.php";
include "footer.php";
} else {
header("Location:404.php");
}
<?php
/**
* The article comments template file
*
*/
session_start();
require_once "functions.php";
$conn = connectToMySQL();
if (isset($_GET['artId'])) {
$artId = $_GET['artId'];
}
if (isset($_POST['submit'])) {
//Variables from the form
$comment = $_POST['comment'];
//Check to see if the user left any space empty!
if ($comment == "") {
echo "Please fill all the fields!";
} else {
//Inserting the comment into the database
$query = "INSERT INTO tbl_comments (comment, articleId, userId)\r\n\t\t\t\t\t VALUES ('{$comment}', '{$artId}', '{$_SESSION['userId']}')";
$result = mysqli_query($conn, $query) or die("Error in query: " . mysqli_error($conn));
write_mysql_log("User successfully posted a comment!", $conn);
header("Location:index.php");
}
}
echo "You have entered an invalid email!";
} else {
//check to see if username exists
$query = "SELECT count(*) FROM tbl_users \r\n\t\t\t\t\t WHERE username='******'";
$result = mysqli_query($conn, $query) or die("Error in query: " . mysqli_error($conn));
$row = mysqli_fetch_row($result);
$count = $row[0];
//if the username exists
if ($count > 0) {
$failedRegistration = "Incorrect username and/or password";
$_SESSION['failedRegistration'] = $failedRegistration;
write_mysql_log("Registration unsuccessful!", $conn);
} else {
$query2 = "INSERT INTO tbl_users (username, email, password, role)\r\n\t\t\t\t\t\t VALUES ('{$username}', '{$email}', sha1('{$password}'), 'registered')";
$result2 = mysqli_query($conn, $query2) or die("Error in query: " . mysqli_error($conn));
write_mysql_log("Registration successful!", $conn);
header("Location:index.php");
}
}
}
}
}
} else {
?>
<article id="register">
<form action="register.php" method="post" onsubmit="return validate(this);">
<label for="email">Email: </label> <br />
<input type="text" id="email" name="email"> <br />
<label for="username">Username: </label> <br />
<input type="text" id="registerUsername" name="username"> <br />
<label for="password">Password: </label> <br />
