<textarea name="comment" rows="5" cols='50'></textarea> <input type="submit" name="submit_comment" value="Post Comment!"> </form> <hr/> </div> <?php try { if (isset($_POST['submit_comment'])) { $date_time = gmdate('Y-m-d H:i:s'); if (isset($_SESSION['user_id'])) { //$user_id = $_SESSION['user_id']; if (!empty($_POST['comment'])) { $comment = $_POST['comment']; $query = "INSERT INTO whwp_Comment ( comment_advert, comment_author, comment_contents) " . "VALUES (:advert_id, :user_id, :comment)"; $conn->prepQuery($query); $conn->bindArrayValue(array('advert_id' => $advert_id, 'user_id' => $user_id, 'comment' => $comment)); //$prepared_statement3 -> bindValue(':date_time', $date_time); $conn->execute(); echo "Your comment was posted!"; header("refresh:3;url='showAdvert.php?advert_id={$advert_id}'"); } else { echo "Your comment cannot be empty!"; } } else { echo "Only those who have logged in can post comments!<br/>"; echo "<a href='login.php'>Click here to enter login page.</a>"; } } echo "<hr/><br/>"; $query = "SELECT ac.*, whwp_User.user_firstname FROM whwp_User, whwp_Comment AS ac WHERE ac.comment_advert = :advert_id " . "AND whwp_User.user_id = ac.comment_author"; $conn->prepQuery($query);
if (!isset($_SESSION['user_id'])) { echo "You need to log in to send a message!"; header("refresh:0;url=login.php"); } else { if (isset($_POST['send'])) { if (!empty([$_POST['title']])) { if (isset($_POST['message']) && !empty($_POST['message'])) { $sender_id = $_SESSION['user_id']; $title = $_POST['title']; $message = $_POST['message']; $time_sent = gmdate('Y-m-d H:i:s'); try { // Running the queries $query = "INSERT INTO whwp_Message (message_sender, message_recipient, " . "message_subject, message_content, message_time,message_date) VALUES " . "(:sender_id, :receiver_id, :title, :content, :time_sent, :date_sent)"; $conn->prepQuery($query); $conn->bindArrayValue(array('sender_id' => $sender_id, 'receiver_id' => $receiver_id, 'title' => $title, 'time_sent' => $time_sent, 'content' => $message, 'date_sent' => $time_sent)); $conn->execute(); // Give the user some feedback echo "Message sent!"; } catch (PDOException $e) { echo "Something went wrong..."; } } else { echo "Can't send an empty message!"; } } else { echo "Enter a title!"; } } } ?>
} } try { // Connect to the database $conn = new DBCommunication(); $conn->beginTransaction(); // Get user, who is logged in and posting ad, id $query = "SELECT user_id FROM whwp_User WHERE user_username = :username"; $conn->prepQuery($query); $conn->bind('username', $username); $resultset = $conn->single(); $user_id = $resultset->user_id; // Insert some data to the database. $query = "INSERT INTO whwp_Advert (advert_owner, advert_price, advert_bookname, advert_date, advert_description, advert_category) " . "VALUES (:user_id, :price, :title, :date, :description, :category)"; $conn->prepQuery($query); $conn->bindArrayValue(array('user_id' => $user_id, 'price' => $price, 'title' => $title, 'date' => gmdate('Y-m-d'), 'description' => $description, 'category' => $category_id)); $conn->execute(); // Get the auto generated advert_id. $advert_id = $conn->lastInsertId(); if (isset($_POST['condition'])) { $query = "UPDATE whwp_Advert SET advert_condition=:condition WHERE advert_id = :advert_id"; $conn->prepQuery($query); $conn->bindArrayValue(array('condition' => $_POST['condition'], 'advert_id' => $advert_id)); $conn->execute(); } if (isset($_POST['author'])) { $query = "UPDATE whwp_Advert SET advert_bookauthor=:advert_author WHERE advert_id = :advert_id"; $conn->prepQuery($query); $conn->bindArrayValue(array('advert_author' => $_POST['author'], 'advert_id' => $advert_id)); $conn->execute(); }
try { if (isset($_POST['password']) && isset($_SESSION['user_id'])) { $conn = new DBCommunication(); $conn->beginTransaction(); $user_id = $_SESSION['user_id']; $password = $_POST['password']; $query = "SELECT user_password FROM whwp_User WHERE user_id = :user_id"; $conn->prepQuery($query); $conn->bind('user_id', $user_id); $password_hash = $conn->single(); if (password_verify($password, $password_hash->user_password)) { if (password_needs_rehash($password_hash->user_password, PASSWORD_DEFAULT)) { $new_hash = password_hash($password, PASSWORD_DEFAULT); $query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_id=(:user_id)"; $conn->prepQuery($query); $conn->bindArrayValue(array('hashed_password' => $new_hash, 'user_id' => $user_id)); $conn->execute(); } if (isset($_POST['email'])) { if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { array_push($response_array['error_code'], 5); } else { $query = "UPDATE whwp_User SET user_email = :email WHERE user_id = :user_id"; $conn->prepQuery($query); $email = encrypt($_POST['email']); $conn->bindArrayValue(array('email' => $email, 'user_id' => $user_id)); $conn->execute(); } } if (isset($_POST['new_password'])) { $new_password = $_POST['new_password'];
// if (isset($_REQUEST['username']) && isset($_REQUEST['password']) && isset($_REQUEST['email'])) { try { $database = new DBCommunication(); $username = $_REQUEST['username']; $password = $_REQUEST['password']; $email = $_REQUEST['email']; // Check if such username does not exist. $query = "SELECT * FROM whwp_User WHERE user_firstname = :username"; $database->prepQuery($query); $database->bind('username', $username); $database->execute(); if ($database->rowCount() > 0) { echo "Email already in use."; } else { $hashed_password = password_hash($password, PASSWORD_DEFAULT); // Insert these values into a database. $query = "INSERT INTO whwp_User (user_firstname, user_email, user_password, user_ismoderator) VALUES (:username,:email, :hashed_password, 0)"; $database->prepQuery($query); $database->bindArrayValue(array('username' => $username, 'hashed_password' => $hashed_password, 'email' => $email)); $database->execute(); if ($database->rowCount() > 0) { echo "Congratulations! You have registered on our website!"; } } } catch (PDOException $e) { echo "Something went wrong..."; } } else { echo "Error"; }
$response_array = array('success' => false, 'error_code' => 0, 'message' => ''); try { // Connect to the database $conn = new DBCommunication(); $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM whwp_User WHERE user_username = :username"; $conn->prepQuery($query); $conn->bind('username', $username); if ($user = $conn->single()) { if (password_verify($password, $user->user_password)) { if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) { $new_hash = password_hash($password, PASSWORD_DEFAULT); $query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_username=(:username)"; $conn->prepQuery($query); $conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username)); $conn->execute(); } // echo "Congratulations! You have logged in on our website!"; $_SESSION['user_id'] = $user->user_id; $_SESSION['username'] = $user->user_username; $user_id = $_SESSION['user_id']; if (isset($_POST['rememberme'])) { $identifier = hash('md5', $username); $randomString = openssl_random_pseudo_bytes(64); $token = bin2hex($randomString); $query = "UPDATE whwp_User SET user_indentifier = :identifier, user_token = :token WHERE user_id = :user_id"; $conn->prepQuery($query); $conn->bindArrayValue(array('identifier' => $identifier, 'token' => $token, 'user_id' => $user_id)); $conn->execute(); $cookie_name = 'Books4Cash';
if (isset($_POST['login'])) { // Connect to the database try { $conn = new DBCommunication(); $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM whwp_User WHERE user_email = :username"; $conn->prepQuery($query); $conn->bind('username', $username); if ($user = $conn->single()) { if (password_verify($password, $user->user_password)) { if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) { $new_hash = password_hash($password, PASSWORD_DEFAULT); $query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_email=(:username)"; $conn->prepQuery($query); $conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username)); $conn->execute(); } echo "Congratulations! You have logged in on our website!"; $_SESSION['user_id'] = $user->user_id; $_SESSION['username'] = $user->user_email; header("refresh:3;url=index.php"); } else { //header("Location: https://selene.hud.ac.uk/u1467200/login.php"); } } else { echo "Incorrect username!"; } } catch (PDOException $e) { echo 'Something went wrong.'; }
$img = imagecreatefrompng($filepath); } $width = imagesx($img); $height = imagesy($img); $new_width = 200; $new_height = floor($height * ($new_width / $width)); $tmp_img = imagecreatetruecolor($new_width, $new_height); imagecopyresized($tmp_img, $img, 0, 0, 0, 0, $new_width, $new_height, $width, $height); imagejpeg($tmp_img, __DIR__ . "/../thumbnails/" . basename($image)); } } } if (!empty($_POST['title'])) { $query = "UPDATE whwp_Advert SET advert_bookname=:title WHERE advert_id = :advert_id"; $conn->prepQuery($query); $conn->bindArrayValue(array('title' => $_POST['title'], 'advert_id' => $advert_id)); $conn->execute(); } if (!empty($_POST['condition'])) { $query = "UPDATE whwp_Advert SET advert_condition=:condition WHERE advert_id = :advert_id"; $conn->prepQuery($query); $conn->bindArrayValue(array('condition' => $_POST['condition'], 'advert_id' => $advert_id)); $conn->execute(); } if (!empty($_POST['category'])) { $query = "UPDATE whwp_Advert SET advert_category=:category WHERE advert_id = :advert_id"; $conn->prepQuery($query); $conn->bindArrayValue(array('category' => $_POST['category'], 'advert_id' => $advert_id)); $conn->execute(); } if (!empty($_POST['price'])) {
} try { $conn = new DBCommunication(); $conn->beginTransaction(); // Get user, who is logged in and posting ad, id $query = "SELECT user_id FROM whwp_User WHERE user_username = :username"; $conn->prepQuery($query); $conn->bind('username', $username); $resultset = $conn->single(); $user_id = $resultset->user_id; // Insert some data to the database. // $query2 = "INSERT INTO whwp_advert (advert_owner, advert_price, advert_bookname, image) " // . "VALUES (:user_id, :price, :title, :image)"; $query = "INSERT INTO whwp_Advert (advert_owner, advert_price, advert_bookname, advert_date) " . "VALUES (:user_id, :price, :title, :date)"; $conn->prepQuery($query); $conn->bindArrayValue(array('user_id' => $user_id, 'price' => $price, 'title' => $title, 'date' => gmdate('Y-m-d'))); // $prepared_statement2 -> bindValue(':image', $image); $conn->execute(); // Get the auto generated advert_id. // $query3 = "SELECT advert_id FROM whwp_advert ORDER BY advert_id DESC LIMIT 1"; // $prepared_statement3 = $conn -> prepare($query3); // $prepared_statement3 -> execute(); // $resultset = $prepared_statement3 -> fetch(PDO::FETCH_OBJ); // $advert_id = $resultset -> advert_id; $advert_id = $conn->lastInsertId(); // Insert image data into table $query = "INSERT INTO whwp_Image (image_location) " . "VALUES (:image)"; $conn->prepQuery($query); $conn->bind('image', $image); $conn->execute(); $image_id = $conn->lastInsertId();
<?php session_start(); require 'DBCommunication.php'; require 'crypting.php'; header('Content-type: application/json'); $response_array = array('success' => false, 'error_code' => array(), 'message' => ''); try { $conn = new DBCommunication(); $conn->beginTransaction(); $user_id = $_SESSION['user_id']; if (isset($_POST['firstname'])) { $query = "UPDATE whwp_User SET user_firstname = :firstname WHERE user_id = :user_id"; $conn->prepQuery($query); $firsname = encrypt($_POST['firstname']); $conn->bindArrayValue(array('firstname' => $firsname, 'user_id' => $user_id)); $conn->execute(); } if (isset($_POST['surname'])) { $query = "UPDATE whwp_User SET user_surname = :surname WHERE user_id = :user_id"; $conn->prepQuery($query); $surname = encrypt($_POST['surname']); $conn->bindArrayValue(array('surname' => $surname, 'user_id' => $user_id)); $conn->execute(); } if (isset($_POST['city'])) { $query = "UPDATE whwp_User SET user_city = :city WHERE user_id = :user_id"; $conn->prepQuery($query); $city = encrypt($_POST['city']); $conn->bindArrayValue(array('city' => $city, 'user_id' => $user_id)); $conn->execute();