function userHasRole($role)
{
include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
try {
$sql = 'SELECT COUNT(*) FROM author
INNER JOIN authorrole ON author.id = authorid
INNER JOIN role ON roleid = role.id
WHERE email = :email AND role.id = :roleid';
$s = $pdo->prepare($sql);
$s->bindValue(':email', $_SESSION['email']);
$s->bindValue(':roleid', $role);
$s->execute();
} catch (PDOException $e) {
errorText('Error with check the permission', $e);
}
$row = $s->fetch();
if ($row[0] > 0) {
return true;
} else {
return false;
}
}
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/helpers.inc.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
try {
$sql = 'SELECT id, joketext FROM joke ORDER BY jokedate DESC LIMIT 3';
$result = $pdo->query($sql);
} catch (PDOException $e) {
errorText('Unable to select jokes: ', $e);
}
foreach ($result as $row) {
$jokes[] = array('text' => $row['joketext']);
}
include 'jokes.html.php';
include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
try {
$sql = 'DELETE FROM jokecategory WHERE jokeid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
} catch (PDOException $e) {
errorText('Error with deleting the joke from DB', $e);
}
try {
$sql = 'DELETE FROM joke WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
} catch (PDOException $e) {
errorText('Error with deleting the joke from DB', $e);
}
header('Location: .');
exit;
}
if (isset($_GET['action']) && $_GET['action'] == 'search') {
include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
//базовое выражение SELECT
$select = 'SELECT id, joketext';
$from = ' FROM joke';
$where = ' WHERE TRUE';
$placeholders = array();
if ($_GET['author'] != '') {
$where .= ' AND authorid = :authorid';
$placeholders[':authorid'] = $_GET['author'];
}
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
} catch (PDOException $e) {
errorText('Unable to delete role from database', $e);
}
if (isset($_POST['roles'])) {
foreach ($_POST['roles'] as $role) {
try {
$sql = 'INSERT INTO authorrole SET authorid = :authorid, roleid = :roleid';
$s = $pdo->prepare($sql);
$s->bindValue(':authorid', $_POST['id']);
$s->bindValue(':roleid', $role);
$s->execute();
} catch (PDOException $e) {
errorText('Unable to insert author role', $e);
}
}
}
header('Location: .');
exit;
}
include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php';
try {
$result = $pdo->query('SELECT id, name FROM author');
} catch (PDOException $e) {
$error = 'Unable to select authors: ' . '<br>' . $e->getMessage();
include $_SERVER['DOCUMENT_ROOT'] . 'inc/error.html.php';
exit;
}
//вывод авторов через массив
//Заголовок Content-type должен идти перед Content-disposition для работоспособности в старых браузерах
header('Content-length: ' . strlen($fileData));
header("Content-type: {$mimeType}");
header("Content-disposition: {$disposition}; filename = {$fileName}");
echo $fileData;
exit;
}
if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id'])) {
include $_SERVER['DOCUMENT_ROOT'] . '/chapter12/inc/db.inc.php';
try {
$sql = 'DELETE FROM filestore WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
} catch (PDOException $e) {
errorText('Unable to delete file: ', $e);
}
header('Location: .');
exit;
}
include $_SERVER['DOCUMENT_ROOT'] . '/chapter12/inc/db.inc.php';
try {
$result = $pdo->query('SELECT id, filename, mimetype, description FROM filestore');
} catch (PDOException $e) {
errorText('Unable to select files: ', $e);
}
$files = array();
foreach ($result as $row) {
$files[] = array('id' => $row['id'], 'filename' => $row['filename'], 'mimetype' => $row['mimetype'], 'description' => $row['description']);
}
include 'filestore.html.php';
