<form id="add-char-form" class="form-horizontal" id="register" action="/Public/User/editprofile.php" enctype="multipart/form-data" method="post">
<?php
require $_SERVER['DOCUMENT_ROOT'] . "/include.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/config.php";
$post_array = ["about"];
$avatar_img = !empty($_FILES) ? $_FILES['files']['tmp_name'] : null;
/*
Not considering session security at the moment. This is easily hijackable.
*/
$connection = $DB->connect();
$user_query = new sqlDBQueryResult($connection, "SELECT * FROM USERINFO WHERE UserID=\$1", $params = [$USERSESS->getUserID()]);
$user_query->query();
$user_fields = $user_query->getRow();
$rendlist = new RenderList(new Text('<div class="form-group">'));
$rendlist->addRenderable(new Text('<textarea rows="7" columns="20" name="about">' . $user_fields["about"] . '</textarea>'));
$rendlist->addRenderable(new Text('<img src="' . Config::USER_IMAGE_ROOT . $user_fields["avatarpath"] . '">'));
$rendlist->addRenderable(new Text('</div>'));
$RENDENGINE->render($rendlist);
?>
<input name="files" type="file" accept="image/*">
<div class="form-group">
<button type="submit" class="btn" value="Submit">Submit</button>
</div>
</form>
<?php
if (isset($_POST) && !array_diff($post_array, array_keys($_POST))) {
$SANTIZER = new InputSanitizer($_POST);
if (isset($_GET['characterid'])) {
$SANTIZER = new InputSanitizer($_GET);
$SANTIZER->addFilter("characterid", FILTER_SANITIZE_NUMBER_INT);
//Add Validation
$sant_arr = $SANTIZER->filter();
$connection = $DB->connect();
$character_query = new sqlDBQueryResult($connection, "SELECT * FROM CHARACTER WHERE characterid = \$1 LIMIT 1", $params = $sant_arr);
$character_query->query();
$char_stat_arr = $character_query->getRow();
if ($char_stat_arr == null) {
$RENDENGINE->render(new Text("NO WAIFU DESU!!!! Nonexistent Character!"));
} else {
$rendList = new RenderList();
$rendList->addRenderable(new Text('<div id="waifu">
<div class="waifuinfo">
<table>
<tr> <th> Field </th>
<th> Value </th></tr>'));
$key_arr = ["CharacterID" => "pub", "First Name" => "pub", "Last Name" => "pub", "Hair Color" => "pub", "Eye Color" => "pub", "Height" => "pub", "Weight" => "pub", "Bust" => "pub", "Waist" => "pub", "Hips" => "pub", "Body Type" => "pub", "Personality" => "pub", "Description" => "protect", "AvatarPath" => "protect", "AvatarThumbPath" => "protect"];
$val_arr = array_combine(array_keys($key_arr), array_values($char_stat_arr));
foreach ($val_arr as $key => $value) {
if ($key_arr[$key] == "pub") {
$rendList->addRenderable(new Text("<tr> <td> {$key} </td> <td> {$value} </td> </tr>"));
}
}
$rendList->addRenderable(new Text("</table>"));
$rendList->addRenderable(new Text('<h3> Description </h3> <div class="waifudescrip">' . $val_arr["Description"] . '</div> <a href="#"> Edit this page </a> </div>'));
$rendList->addRenderable(new Text('<img src="' . Config::IMAGE_ROOT . $val_arr["AvatarPath"] . '"style=float: right; margin-left: auto;>'));
$rendList->addRenderable(new Text("</div>"));
$RENDENGINE->render($rendList);
}
<?php
include $_SERVER['DOCUMENT_ROOT'] . "/include.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/config.php";
$post_array = array("firstname", "lastname");
if (isset($_POST) && !array_diff($post_array, array_keys($_POST))) {
$SANTIZER = new InputSanitizer($_POST);
$SANTIZER->addFilter("firstname", FILTER_SANITIZE_STRING);
$SANTIZER->addFilter("lastname", FILTER_SANITIZE_STRING);
$sant_array = $SANTIZER->filter();
$conn = $DB->connect();
$char_query = new sqlDBQueryResult($conn, "SELECT CharacterID, FirstName, LastName, AvatarThumbPath FROM Character WHERE FirstName=\$1 or LastName=\$2;", array($sant_array[0], $sant_array[1]));
$char_query->query();
$result_list = new RenderList();
$media_head = '<div class="media">';
$result_list->addRenderable(new Text($media_head));
//Turn this into a file. More convenient.
while ($row = $char_query->getRow()) {
$media_rend = new RenderList(new Text('<a class="media-left" href="/Public/Waifu/waifu.php?characterid=' . $row["characterid"] . '">'), new Text('<img class="media-object" src="' . Config::THUMB_IMAGE_ROOT . $row["avatarthumbpath"] . '">'), new Text('<div class="media-body">' . $row["firstname"] . $row["lastname"]));
$result_list->addRenderable($media_rend);
}
$result_list->addRenderable(new Text("</a></div></div>"));
//Add this encapsulation functionality in render list class? or different object?
$RENDENGINE->render($result_list);
}
<?php
require $_SERVER['DOCUMENT_ROOT'] . '/include.php';
if (!$USERSESS->isLoggedIn()) {
$REDIRECTOR->redirectFromRoot('Public/Auth/login');
} else {
$connection = $DB->connect();
$key_arr = ["Username", "About", "AvatarPath"];
$user_query = new sqlDBQueryResult($connection, "SELECT " . implode(", ", $key_arr) . " FROM USERINFO WHERE UserID = \$1", $params = [$USERSESS->getUserID()]);
$user_result = $user_query->query();
$user_val_arr = $user_query->getRow();
if ($user_val_arr == null) {
$RENDENGINE->render(new Text("Invalid or Nonexistent UserID"));
} else {
$rendlist = new RenderList();
$rendlist->addRenderable(new Text('<legend>' . $user_val_arr["username"] . '\'s Profile </legend>'));
//var_dump($user_val_arr);
$rendlist->addRenderable(new Text('<div id="user">'), new Text('<div class="userinfo">'));
$rendlist->addRenderable(new Text('<div class="aboutuser">' . $user_val_arr["about"] . "</div></div>"));
$rendlist->addRenderable(new Text('<img src="' . Config::USER_IMAGE_ROOT . $user_val_arr["avatarpath"] . '">'));
$rendlist->addRenderable(new Text('</div>'));
$rendlist->addRenderable(new Text('<a href ="/Public/User/editprofile.php"> Edit your profile</a>'));
$RENDENGINE->render($rendlist, $standard = True);
}
}