function edit_user()
{
if (!is_logged_in() || !is_post_parameter_complete(array('salutation', 'gender', 'firstname', 'lastname', 'birthyear', 'birthmonth', 'birthday', 'password', 'aboutme'))) {
Redirect('../edit_user.php');
}
$userDetails['salutation'] = $_POST['salutation'];
$userDetails['firstname'] = $_POST['firstname'];
$userDetails['lastname'] = $_POST['lastname'];
$userDetails['gender'] = $_POST['gender'];
$userDetails['birthdate'] = "{$_POST['birthyear']}-{$_POST['birthmonth']}-{$_POST['birthday']}";
$userDetails['username'] = $_SESSION['user']['username'];
$userDetails['password'] = $_POST['password'];
$userDetails['aboutme'] = $_POST['aboutme'];
if (is_admin()) {
if (is_post_parameter_complete(array('accesslevel'))) {
$userDetails['accesslevel'] = $_POST['accesslevel'];
} else {
Redirect('../edit_user.php');
}
} else {
$userDetails['accesslevel'] = 'User';
}
if (EditUser($userDetails)) {
if ($_SESSION['user']['accesslevel'] == $userDetails['accesslevel']) {
$_SESSION['user'] = SelectUser($userDetails['username']);
Redirect('../index.php');
} else {
Redirect('../landing.php/logout');
}
} else {
Error('Edit Failed');
}
}
function register_user()
{
if (!is_post_parameter_complete(array('salutation', 'gender', 'firstname', 'lastname', 'birthyear', 'birthmonth', 'birthday', 'username', 'password', 'aboutme'))) {
Redirect('../register.php');
}
$userDetails['salutation'] = $_POST['salutation'];
$userDetails['firstname'] = $_POST['firstname'];
$userDetails['lastname'] = $_POST['lastname'];
$userDetails['gender'] = $_POST['gender'];
$userDetails['birthdate'] = "{$_POST['birthyear']}-{$_POST['birthmonth']}-{$_POST['birthday']}";
$userDetails['username'] = $_POST['username'];
$userDetails['password'] = $_POST['password'];
$userDetails['aboutme'] = $_POST['aboutme'];
if (is_admin()) {
if (is_post_parameter_complete(array('accesslevel'))) {
$userDetails['accesslevel'] = $_POST['accesslevel'];
} else {
Redirect('../register.php');
}
} else {
$userDetails['accesslevel'] = 'User';
}
if (AddUser($userDetails)) {
Redirect('../index.php');
} else {
Error('Registration Failed');
}
}
function edit_message()
{
if (!is_logged_in() || !is_post_parameter_complete(array('username', 'date', 'message')) || !(is_admin() || is_logged_username($_POST['username']))) {
Error('Invalid Access');
}
if (EditPost($_POST['username'], $_POST['date'], $_POST['message'])) {
echo 'success';
} else {
echo 'Edit failed';
}
}
function create_post()
{
if (!is_logged_in() || !is_post_parameter_complete(array('post-message'))) {
Error('Forbidden Access');
}
if (AddPost($_SESSION['user']['username'], $_POST['post-message'])) {
echo 'success';
die;
} else {
echo 'Message was not posted successfully.';
die;
}
}
function login()
{
if (!is_post_parameter_complete(array('username', 'password'))) {
echo 'Nice try :P';
die;
}
IncludeModel('user');
$user = IsUsernamePasswordMatch($_POST['username'], $_POST['password']);
if ($user != null) {
$_SESSION['user'] = $user;
echo 'success';
} else {
echo 'Username and password do not match <br>';
}
}
function create_item()
{
if (!is_admin() || !is_post_parameter_complete(GetFormInputNames($GLOBALS['itemForm']))) {
Error('Invalid Access');
}
$item = CleanFormInput($GLOBALS['itemForm'], $_POST);
if (!$item) {
Error('Erroneous Parameters');
}
if (AddItem($item)) {
echo 'success';
} else {
echo 'create item unsuccessfull';
}
}
