}
} else {
if (isset($_POST['file-url']) && !empty($_POST['file-url']) && !!filter_var($_POST['file-url'], FILTER_VALIDATE_URL)) {
$url = $_POST['file-url'];
$fullname = basename($url);
list($filename, $extension) = explode(".", $fullname);
$uploadfile = $uploadDir . $fullname;
$f = fopen($url, 'rb');
if ($f) {
$content = "";
while ($data = fread($f, 1024)) {
$content .= $data;
}
fclose($f);
file_put_contents($uploadfile, $content);
try {
updateUserImage($_SESSION['id'], $filename, $path, $extension);
} catch (Exception $e) {
ecvdphp\addFlashMessage('error', $e->getMessage());
header('Location:profile.php', true, 301);
exit;
}
} else {
ecvdphp\addFlashMessage('error', 'The URL couldn\'t not be found');
}
} else {
ecvdphp\addFlashMessage('error', 'The uploaded file couldn\'t be found');
}
}
ecvdphp\redirect("profile.php");
<?php
require_once 'session.php';
require_once 'functions.php';
require_once 'connect.php';
session_destroy();
$stmt = $conn->prepare("DELETE FROM users WHERE id=:id");
$stmt->bindParam(':id', $_SESSION['id']);
if (!$stmt->execute()) {
ecvdphp\addFlashMessage('error', 'Could not delete the user');
} else {
ecvdphp\addFlashMessage('success', 'Your account has been deleted');
}
ecvdphp\redirect('index.php');
<?php
require_once '../session.php';
require_once '../functions.php';
require_once '../connect.php';
if (!isset($_SESSION['id'])) {
// The user must be logged in
ecvdphp\redirect('../index.php');
}
if (!isset($_GET['id']) && $_GET['id'] != '') {
// The user must be logged in
ecvdphp\redirect('../index.php');
}
$postId = intval($_GET['id']);
$post = ecvdphp\DB\Post\getPostById($postId);
include '../header.php';
?>
<div>
<form enctype="multipart/form-data" method="post" action="">
<fieldset>
<legend>New post</legend>
<p>
<label for="title">Title :</label>
<input name="title" type="text" id="title" value=""/>
<br />
<label for="body">Content :</label>
<textarea name="body" id="body" ></textarea>
<br />
<label for="filedata">Picture :</label>
<input name="filedata" type="file" />
<br>
list($filename, $extension) = ecvdphp\saveUploadedImage($_FILES['filedata']['name']);
$imageData = array('filename' => $filename, 'path' => $path, 'extension' => $extension);
}
} else {
if (isset($_POST['file-url']) && !empty($_POST['file-url']) && !!filter_var($_POST['file-url'], FILTER_VALIDATE_URL)) {
$fileUrl = $_POST['file-url'];
list($filename, $extension) = ecvdphp\downloadImageFromUrl($fileUrl);
$imageData = array('filename' => $filename, 'path' => $path, 'extension' => $extension);
} else {
ecvdphp\addFlashMessage('error', 'The uploaded file couldn\'t be found');
}
}
try {
$postId = ecvdphp\DB\Post\insertNewPost($_SESSION['id'], $title, $body, $imageData);
ecvdphp\addFlashMessage('success', 'You\'ve successfully created a new post');
ecvdphp\redirect('show.php?id=' . $postId);
} catch (Exception $e) {
ecvdphp\addFlashMessage('error', $e->getMessage());
}
}
include '../header.php';
?>
<div>
<form enctype="multipart/form-data" method="post" action="">
<fieldset>
<legend>New post</legend>
<p>
<label for="title">Title :</label>
<input name="title" type="text" id="title" value=""/>
<br />
<label for="body">Content :</label>
<?php
require_once 'session.php';
require_once 'functions.php';
require_once 'connect.php';
if (!isset($_SESSION['id'])) {
// The user must be logged in
ecvdphp\redirect('login.php');
}
$message = "";
if ($_SERVER['REQUEST_METHOD'] === "POST") {
$newUsername = $_POST['username'] != null ? trim($_POST['username']) : "";
$newEmail = $_POST['email'] != null ? trim($_POST['email']) : "";
$newPassword = $_POST['password'] != null ? trim($_POST['password']) : "";
$newDescription = trim($_POST['description']);
if ($newPassword != "") {
$stmt = $conn->prepare("UPDATE users SET password = :password WHERE id=:id");
$stmt->bindParam(':password', password_hash($newPassword, PASSWORD_BCRYPT));
$stmt->bindParam(':id', $_SESSION['id']);
} else {
$stmt = $conn->prepare("UPDATE users SET username = :username, email = :email, description = :description WHERE id=:id");
$stmt->bindParam(':username', $newUsername);
$stmt->bindParam(':email', $newEmail);
$stmt->bindParam(':description', $newDescription);
$stmt->bindParam(':id', $_SESSION['id']);
}
if (!$stmt->execute()) {
}
}
$result = $conn->query("SELECT id, username, email, description,image_id FROM users WHERE id=" . $_SESSION['id'])->fetchAll();
$user = $result[0];
} else {
if ($_SERVER['REQUEST_METHOD'] === "POST") {
if (empty($_POST['username']) || empty($_POST['password'])) {
ecvdphp\addFlashMessage('error', 'Something went wrong. You must fill all the fields');
} else {
$username = trim($_POST['username']);
// To improve the ux of the user, you can trim the input
$password = trim($_POST['password']);
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
if ($stmt->execute(array($username))) {
$result = $stmt->fetchAll();
if (count($result) === 1 && password_verify($password, $result[0]['password'])) {
$_SESSION['id'] = $result[0]["id"];
$_SESSION['username'] = $result[0]["username"];
ecvdphp\addFlashMessage('success', 'You\'ve successfully logged in');
ecvdphp\redirect($_SERVER['PHP_SELF']);
}
}
ecvdphp\addFlashMessage('error', 'Something went wrong. You must fill all the fields');
}
}
}
?>
<div>
<form method="post" action="">
<fieldset>
<legend>Connexion</legend>
<p>
<label for="username">Pseudo :</label>
<input name="username" type="text" id="username" /><br />
