// Check if the user is logged in if (!isset($_SESSION['user_id'])) { echo "You need to log in first!"; header("refresh:3;url=login.php"); } else { // Check who is logged in $user_id = $_SESSION['user_id']; // Get the message id that the user wishes to open $message_id = $_GET['message_id']; try { // Establishing a connection to the database $conn = new DBCommunication(); // Query to get a message $query = "SELECT * FROM whwp_Message WHERE :user_id = message_recipient "; $conn->prepQuery($query); $conn->bind('user_id', $user_id); $message = $conn->single(); //$sender_id = $message -> receiver_id; // Check if the specified message belongs to the logged in user //if($user_id == $sender_id) //{ $sender_id = $message->message_sender; // Query to get the sender's username. $query = "SELECT user_firstname FROM whwp_User WHERE user_id = :user"; $conn->prepQuery($query); $conn->bind('user', $sender_id); $resultset = $conn->single(); // Get and output all the details. $sender = $resultset->user_firstname; $title = $message->message_subject; $message_text = $message->message_content;
$new_width = 200; $new_height = floor($height * ($new_width / $width)); $tmp_img = imagecreatetruecolor($new_width, $new_height); imagecopyresized($tmp_img, $img, 0, 0, 0, 0, $new_width, $new_height, $width, $height); imagejpeg($tmp_img, __DIR__ . "/../thumbnails/" . basename($image)); } } } try { // Connect to the database $conn = new DBCommunication(); $conn->beginTransaction(); // Get user, who is logged in and posting ad, id $query = "SELECT user_id FROM whwp_User WHERE user_username = :username"; $conn->prepQuery($query); $conn->bind('username', $username); $resultset = $conn->single(); $user_id = $resultset->user_id; // Insert some data to the database. $query = "INSERT INTO whwp_Advert (advert_owner, advert_price, advert_bookname, advert_date, advert_description, advert_category) " . "VALUES (:user_id, :price, :title, :date, :description, :category)"; $conn->prepQuery($query); $conn->bindArrayValue(array('user_id' => $user_id, 'price' => $price, 'title' => $title, 'date' => gmdate('Y-m-d'), 'description' => $description, 'category' => $category_id)); $conn->execute(); // Get the auto generated advert_id. $advert_id = $conn->lastInsertId(); if (isset($_POST['condition'])) { $query = "UPDATE whwp_Advert SET advert_condition=:condition WHERE advert_id = :advert_id"; $conn->prepQuery($query); $conn->bindArrayValue(array('condition' => $_POST['condition'], 'advert_id' => $advert_id)); $conn->execute(); }
?> </div> <div id="content"> <?php // Getting the id of the advertisement $advert_id = $_GET['advert_id']; // Getting the id of the logged in user if he is logged in. if (isset($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; } try { // Establishing a connection to the database $conn = new DBCommunication(); $query = "SELECT * FROM whwp_Advert, whwp_User " . "WHERE whwp_Advert.advert_id = :advert_id " . "AND whwp_User.user_id = whwp_Advert.advert_owner"; $conn->prepQuery($query); $conn->bind('advert_id', $advert_id); $resultset = $conn->single(); $price = $resultset->advert_price; $title = $resultset->advert_bookname; //$image = $resultset -> image; $author = $resultset->advert_bookauthor; $user = $resultset->advert_owner; $username = $resultset->user_firstname; //$description = $resultset -> description; $query = "SELECT whwp_Image.image_location FROM whwp_Advert " . "JOIN whwp_AdImage ON whwp_Advert.advert_id = whwp_AdImage.adimage_advert " . "JOIN whwp_Image ON whwp_AdImage.adimage_image = whwp_Image.image_id " . "WHERE whwp_Advert.advert_id = :advert_id"; $conn->prepQuery($query); $conn->bind('advert_id', $advert_id); $image = $conn->resultset(); foreach ($image as $element) { echo "<img src = itemPhotos/" . $element->image_location . " alt=" . $title . " title=" . $title . "<br/>"; }
</ul> </div> </div> </div> <div class="col-lg-9"> <div class="panel panel-default"> <div class="panel-heading">My Books</div> <div class="panel-body"> <?php try { $conn = new DBCommunication(); if (isset($_SESSION['user_id'])) { $query = "SELECT advert_id,advert_bookname,advert_price FROM whwp_Advert WHERE advert_owner=:user_id AND ((NOT advert_expired=1) OR (advert_expired IS NULL))"; $conn->prepQuery($query); $conn->bind('user_id', $_SESSION['user_id']); $result = $conn->resultset(); echo "<table class=\"table table-hover\">"; echo "<thead>"; echo "<tr>"; echo "<th style=\"width:20%\">ID</th>"; echo "<th style=\"width:20%\">Title</th>"; echo "<th style=\"width:20%\">Price</th>"; echo "<th style=\"width:40%\"></th>"; echo "</tr>"; echo "</thead>"; echo "<tbody>"; foreach ($result as $item) { echo "<tr id='book" . $item->advert_id . "'>"; echo "<td>" . $item->advert_id . "</td>"; echo "<td>" . $item->advert_bookname . "</td>";
include "includes/menu.php"; } ?> <?php $receiver = ""; if (!isset($_SESSION['target_id'])) { echo "Invalid request"; } else { $receiver_id = $_SESSION['target_id']; // Establishing a connection to the database try { $conn = new DBCommunication(); $query = "SELECT whwp_User.user_firstname FROM whwp_User WHERE whwp_User.user_id = :receiver_id"; $conn->prepQuery($query); $conn->bind('receiver_id', $receiver_id); $username = $conn->single(); $receiver = $username->user_firstname; } catch (PDOException $e) { echo 'Something went wrong'; } } ?> <div class="container" id="userContent"> <div class="row"> <div class="col-lg-3"> <div class="panel panel-default"> <div class="panel-heading">My Account </div> <div class="panel-body"> <ul class="nav nav-list">
<?php session_start(); require 'DBCommunication.php'; require 'crypting.php'; header('Content-type: application/json'); $response_array = array('success' => false, 'error_code' => array(), 'message' => ''); try { if (isset($_POST['password']) && isset($_SESSION['user_id'])) { $conn = new DBCommunication(); $conn->beginTransaction(); $user_id = $_SESSION['user_id']; $password = $_POST['password']; $query = "SELECT user_password FROM whwp_User WHERE user_id = :user_id"; $conn->prepQuery($query); $conn->bind('user_id', $user_id); $password_hash = $conn->single(); if (password_verify($password, $password_hash->user_password)) { if (password_needs_rehash($password_hash->user_password, PASSWORD_DEFAULT)) { $new_hash = password_hash($password, PASSWORD_DEFAULT); $query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_id=(:user_id)"; $conn->prepQuery($query); $conn->bindArrayValue(array('hashed_password' => $new_hash, 'user_id' => $user_id)); $conn->execute(); } if (isset($_POST['email'])) { if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { array_push($response_array['error_code'], 5); } else { $query = "UPDATE whwp_User SET user_email = :email WHERE user_id = :user_id"; $conn->prepQuery($query);
// else // { // echo "<a href='register.php'>Sign Up</a> "; // echo "<a href='login.php'>Log In</a>"; // } // if (isset($_REQUEST['username']) && isset($_REQUEST['password']) && isset($_REQUEST['email'])) { try { $database = new DBCommunication(); $username = $_REQUEST['username']; $password = $_REQUEST['password']; $email = $_REQUEST['email']; // Check if such username does not exist. $query = "SELECT * FROM whwp_User WHERE user_firstname = :username"; $database->prepQuery($query); $database->bind('username', $username); $database->execute(); if ($database->rowCount() > 0) { echo "Email already in use."; } else { $hashed_password = password_hash($password, PASSWORD_DEFAULT); // Insert these values into a database. $query = "INSERT INTO whwp_User (user_firstname, user_email, user_password, user_ismoderator) VALUES (:username,:email, :hashed_password, 0)"; $database->prepQuery($query); $database->bindArrayValue(array('username' => $username, 'hashed_password' => $hashed_password, 'email' => $email)); $database->execute(); if ($database->rowCount() > 0) { echo "Congratulations! You have registered on our website!"; } } } catch (PDOException $e) {
<?php session_start(); require 'DBCommunication.php'; header('Content-type: application/json'); $response_array = array('success' => false, 'error_code' => 0, 'message' => ''); try { // Connect to the database $conn = new DBCommunication(); $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM whwp_User WHERE user_username = :username"; $conn->prepQuery($query); $conn->bind('username', $username); if ($user = $conn->single()) { if (password_verify($password, $user->user_password)) { if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) { $new_hash = password_hash($password, PASSWORD_DEFAULT); $query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_username=(:username)"; $conn->prepQuery($query); $conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username)); $conn->execute(); } // echo "Congratulations! You have logged in on our website!"; $_SESSION['user_id'] = $user->user_id; $_SESSION['username'] = $user->user_username; $user_id = $_SESSION['user_id']; if (isset($_POST['rememberme'])) { $identifier = hash('md5', $username); $randomString = openssl_random_pseudo_bytes(64); $token = bin2hex($randomString);
<?php session_start(); require 'DBCommunication.php'; header('Content-type: application/json'); $response = 1; if (isset($_POST['advert_id'])) { if (isset($_SESSION['user_id'])) { try { $conn = new DBCommunication(); $query = "SELECT advert_owner FROM whwp_Advert WHERE advert_id=:advert_id"; $conn->prepQuery($query); $conn->bind('advert_id', $_POST['advert_id']); $result = $conn->single(); if ($result->advert_owner == $_SESSION['user_id']) { $query = "UPDATE whwp_Advert SET advert_expired = 1 WHERE advert_id = :advert_id"; $conn->prepQuery($query); $conn->bind('advert_id', $_POST['advert_id']); $conn->execute(); $response = 0; } else { $response = 4; } } catch (PDOException $e) { $response = 3; } } else { $response = 2; } } echo json_encode($response);
<?php session_start(); require 'includes/DBCommunication.php'; if (isset($_COOKIE['Books4Cash'])) { try { $database = new DBCommunication(); $explodedCookie = explode(",", $_COOKIE['Books4Cash']); $identifier = $explodedCookie[0]; $token = $explodedCookie[1]; $query = "SELECT user_username, user_token FROM whwp_User WHERE user_indentifier = :identifier"; $database->prepQuery($query); $database->bind('identifier', $identifier); $user = $database->single(); if ($database->rowCount() > 0) { $username = $user->user_username; $user_token = $user->user_token; if ($token == $user_token) { $_SESSION['username'] = $username; } } } catch (PDOException $e) { } } ?> <!DOCTYPE html> <html lang="en"> <head> <link rel="Stylesheet" type="text/css" href="css/bootstrap.min.css"/> <link rel="Stylesheet" type="text/css" href="css/style.css"/> <link rel="Stylesheet" type="text/css" href="css/animate.css"/>
$file_tmp = $_FILES['image']['tmp_name']; $image = "itemPhotos/" . basename($file); // Folder to move the file move_uploaded_file($file_tmp, $image); // Move the uploaded file to the desired folder $image = substr($image, 11); } else { $image = ""; } try { $conn = new DBCommunication(); $conn->beginTransaction(); // Get user, who is logged in and posting ad, id $query = "SELECT user_id FROM whwp_User WHERE user_username = :username"; $conn->prepQuery($query); $conn->bind('username', $username); $resultset = $conn->single(); $user_id = $resultset->user_id; // Insert some data to the database. // $query2 = "INSERT INTO whwp_advert (advert_owner, advert_price, advert_bookname, image) " // . "VALUES (:user_id, :price, :title, :image)"; $query = "INSERT INTO whwp_Advert (advert_owner, advert_price, advert_bookname, advert_date) " . "VALUES (:user_id, :price, :title, :date)"; $conn->prepQuery($query); $conn->bindArrayValue(array('user_id' => $user_id, 'price' => $price, 'title' => $title, 'date' => gmdate('Y-m-d'))); // $prepared_statement2 -> bindValue(':image', $image); $conn->execute(); // Get the auto generated advert_id. // $query3 = "SELECT advert_id FROM whwp_advert ORDER BY advert_id DESC LIMIT 1"; // $prepared_statement3 = $conn -> prepare($query3); // $prepared_statement3 -> execute(); // $resultset = $prepared_statement3 -> fetch(PDO::FETCH_OBJ);
</div> <div id="content"> <?php // Getting the id of the advertisement $search_term = ""; if (isset($_GET['search'])) { $search_term = $_GET['search']; $search_string = "%" . $_GET['search'] . "%"; if (!empty($search_term)) { try { // Establishing a connection to the database $conn = new DBCommunication(); // Run the query. $query = "SELECT DISTINCT COUNT(*) as count FROM whwp_Advert, whwp_AdTag, whwp_Tag " . "WHERE whwp_Tag.tag_description LIKE :search_string " . "AND whwp_Tag.tag_id = whwp_AdTag.adtag_tag " . "AND whwp_AdTag.adtag_advert = whwp_Advert.advert_id"; $conn->prepQuery($query); $conn->bind('search_string', $search_string); // Counts how many results were returned from the search. $count = $conn->single()->count; if ($count == 1) { echo "Your search provided 1 result"; } else { echo "Your search provided " . $count . " results"; } // Paging system if (isset($_GET["page"])) { $page = $_GET["page"]; $search_term = $_GET["search"]; } else { //$page = 10; $page = 1; header("location:search.php?search={$search_term}&Search=Search&page=1");