function edit_user() { if (!is_logged_in() || !is_post_parameter_complete(array('salutation', 'gender', 'firstname', 'lastname', 'birthyear', 'birthmonth', 'birthday', 'password', 'aboutme'))) { Redirect('../edit_user.php'); } $userDetails['salutation'] = $_POST['salutation']; $userDetails['firstname'] = $_POST['firstname']; $userDetails['lastname'] = $_POST['lastname']; $userDetails['gender'] = $_POST['gender']; $userDetails['birthdate'] = "{$_POST['birthyear']}-{$_POST['birthmonth']}-{$_POST['birthday']}"; $userDetails['username'] = $_SESSION['user']['username']; $userDetails['password'] = $_POST['password']; $userDetails['aboutme'] = $_POST['aboutme']; if (is_admin()) { if (is_post_parameter_complete(array('accesslevel'))) { $userDetails['accesslevel'] = $_POST['accesslevel']; } else { Redirect('../edit_user.php'); } } else { $userDetails['accesslevel'] = 'User'; } if (EditUser($userDetails)) { if ($_SESSION['user']['accesslevel'] == $userDetails['accesslevel']) { $_SESSION['user'] = SelectUser($userDetails['username']); Redirect('../index.php'); } else { Redirect('../landing.php/logout'); } } else { Error('Edit Failed'); } }
function register_user() { if (!is_post_parameter_complete(array('salutation', 'gender', 'firstname', 'lastname', 'birthyear', 'birthmonth', 'birthday', 'username', 'password', 'aboutme'))) { Redirect('../register.php'); } $userDetails['salutation'] = $_POST['salutation']; $userDetails['firstname'] = $_POST['firstname']; $userDetails['lastname'] = $_POST['lastname']; $userDetails['gender'] = $_POST['gender']; $userDetails['birthdate'] = "{$_POST['birthyear']}-{$_POST['birthmonth']}-{$_POST['birthday']}"; $userDetails['username'] = $_POST['username']; $userDetails['password'] = $_POST['password']; $userDetails['aboutme'] = $_POST['aboutme']; if (is_admin()) { if (is_post_parameter_complete(array('accesslevel'))) { $userDetails['accesslevel'] = $_POST['accesslevel']; } else { Redirect('../register.php'); } } else { $userDetails['accesslevel'] = 'User'; } if (AddUser($userDetails)) { Redirect('../index.php'); } else { Error('Registration Failed'); } }
function edit_message() { if (!is_logged_in() || !is_post_parameter_complete(array('username', 'date', 'message')) || !(is_admin() || is_logged_username($_POST['username']))) { Error('Invalid Access'); } if (EditPost($_POST['username'], $_POST['date'], $_POST['message'])) { echo 'success'; } else { echo 'Edit failed'; } }
function create_post() { if (!is_logged_in() || !is_post_parameter_complete(array('post-message'))) { Error('Forbidden Access'); } if (AddPost($_SESSION['user']['username'], $_POST['post-message'])) { echo 'success'; die; } else { echo 'Message was not posted successfully.'; die; } }
function login() { if (!is_post_parameter_complete(array('username', 'password'))) { echo 'Nice try :P'; die; } IncludeModel('user'); $user = IsUsernamePasswordMatch($_POST['username'], $_POST['password']); if ($user != null) { $_SESSION['user'] = $user; echo 'success'; } else { echo 'Username and password do not match <br>'; } }
function create_item() { if (!is_admin() || !is_post_parameter_complete(GetFormInputNames($GLOBALS['itemForm']))) { Error('Invalid Access'); } $item = CleanFormInput($GLOBALS['itemForm'], $_POST); if (!$item) { Error('Erroneous Parameters'); } if (AddItem($item)) { echo 'success'; } else { echo 'create item unsuccessfull'; } }