function generateSongPlayer($songArr) { $title = $songArr["title"]; $artist = $songArr["artist"]; $uploader = $songArr["uploader"]; $location = $songArr["location"]; $score = $songArr["score"] - 1; $html = "<div class='songPlayer'><table><tr><td>"; // Add the score $scoreID = "" . $title . ":" . $artist . ":" . $uploader . ":score"; $html = $html . "<span class='score'>⬆<b id='{$scoreID}'>{$score}</b></span>"; // Add the star button if (isset($_SESSION["username"]) and inputted_properly($_SESSION["username"])) { // See if the person logged in has starred this track already try { // This is for cases when we're using this method in a deeper page // e.g.: /account/index.php // It's also completely atrocious try { $db = new PDO("sqlite:database/noiseFactionDatabase.db"); } catch (PDOException $e) { $db = new PDO("sqlite:../database/noiseFactionDatabase.db"); } $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $starringUsername = $_SESSION["username"]; $statement = $db->prepare("select * from Starred where title = '{$title}' and artist = '{$artist}' and songUploader = '{$uploader}' and starringUsername = '******';"); $result = $statement->execute(); if (!$result) { throw new pdoDbException("Something's gone wrong with the prepared statement"); } else { if ($statement->fetch() === false) { $starID = $title . ":" . $artist . ":" . $uploader . ":star"; $username = $_SESSION["username"]; $html = $html . "<button class='playerButton' id='{$starID}' onClick='starSong(\"{$username}\", \"{$title}\", \"{$artist}\", \"{$uploader}\");'>★</button>"; } else { $starID = $title . ":" . $artist . ":" . $uploader . ":star"; $username = $_SESSION["username"]; $html = $html . "<button class='playerButton' id='{$starID}' disabled='true' style='color: #cca300;'>★</button>"; } } $db = null; } catch (PDOException $e) { echo 'Exceptions: ' . $e->getMessage(); } } else { $html = $html . "<button class='playerButton' disabled='true'>★</button>"; } // Add the play button $playID = "" . $title . ":" . $artist . ":" . $uploader . ":play"; $html = $html . "<button id='{$playID}' onClick='playPauseSong(\"{$playID}\", \"{$location}\");' class='playerButton'>▶</button>"; // Add the song details and time counter $html = $html . "<table class='songDetailsTable'><tr><td>{$title} - {$artist}</td></tr>"; $timerID = $title . ":" . $artist . ":" . $uploader . ":time"; $html = $html . "<tr><td><span id='{$timerID}'>00:00</span> - Uploader: <a href='/account/index.php?user={$uploader}'>{$uploader}</a></td></tr>"; // Clean up $html = $html . "</table></td></tr></table></div>"; return $html; }
$statement->execute(array($arg, $arg)); // Add the entry to PlaylistTags $statement = $db->prepare("insert into PlaylistTags values (?, ?, ?);"); $statement->execute(array($playlistName, $username, $arg)); } header("Location: viewPlaylist.php?playlistName={$playlistName}&owner={$username}"); exit; } } catch (PDOException $e) { echo 'Exception: ' . $e->getMessage(); } exit; } } else { // Something must be empty if (!inputted_properly($playlistName)) { $playlistNameErr = "Sorry, the playlist's name can't be empty!"; } } } ?> <!DOCTYPE html> <html> <head> <?php include "head.html"; ?> </head> <body>
} // If everything worked, then let's create an account! if (!$fail) { // When we use header, php turns the request into a GET and removes the POST variables $_SESSION["register/username"] = $username; $_SESSION["register/email"] = $email; $_SESSION["register/password"] = $_POST["password1"]; header("Location: createAccount.php"); exit; } } else { // Something must be empty if (!inputted_properly($username)) { $usernameErr = "Sorry, your username can't be empty!"; } if (!inputted_properly($email)) { $emailErr = "Sorry, your email can't be empty!"; } } } ?> <!DOCTYPE html> <html> <head> <?php include "head.html"; ?> <script src="/js/registerPasswordsMatch.js"></script> </head> <body>
<?php if (session_status() == PHP_SESSION_NONE) { session_start(); } require 'generalFunctions.php'; require 'PasswordHash.php'; $badLoginErr = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $username = clean_input($_POST["username"]); $password = clean_input($_POST["password"]); if (inputted_properly($username) and inputted_properly($password)) { try { $db = new PDO("sqlite:database/noiseFactionDatabase.db"); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $statement = $db->prepare("select * from Account where username = ?;"); $result = $statement->execute(array($username)); $usernameExists = $statement->fetch() !== false; //echo "asdf: " . ($usernameExists ? "yeah" : "nah"); //exit(); } catch (PDOException $e) { echo 'Exception: ' . $e->getMessage(); } if ($usernameExists and correct_credentials($username, $password)) { $_SESSION["username"] = $username; // TODO: Make the user go to the last page they were on after a successful login header("Location: index.php"); exit; } else { $badLoginErr = "Sorry, your account name or password was wrong."; }
<?php if (session_status() == PHP_SESSION_NONE) { session_start(); } require "generalFunctions.php"; $title = clean_input($_POST["title"]); $artist = clean_input($_POST["artist"]); $songUploader = clean_input($_POST["songUploader"]); $playlistName = clean_input($_POST["playlistName"]); $owner = clean_input($_POST["owner"]); if (inputted_properly($title) and inputted_properly($artist) and inputted_properly($songUploader) and inputted_properly($playlistName) and inputted_properly($owner)) { try { $db = new PDO("sqlite:database/noiseFactionDatabase.db"); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Check that the song we're looking for exists $statement = $db->prepare("select * from Song where title = ? and artist = ? and uploader = ?;"); $result = $statement->execute(array($title, $artist, $songUploader)); if (!$result) { throw new pdoDbException("Something's gone wrong with the prepared statement"); } else { if ($statement->fetch() === false) { // We don't necessarily need to do anything if the song didn't exist, just don't add it! header("Location: /viewPlaylist.php?playlistName={$playlistName}&owner={$owner}"); exit; } } // Get the next index for our playlist $statement = $db->prepare("select max(track_no) from PlaylistContainsSong where playlistName = ? and playlistOwner = ?;"); $result = $statement->execute(array($playlistName, $owner)); if (!$result) {