function handleEditPage()
{
include_once 'login.php';
include_once 'showEventFunction.php';
$backURL = "<br/><a href = \"index.php\">Back to Home</a>";
// client side validation, if error, disable submit
// if form is set and not empty, continue
$showError = true;
$errOutput = isFormFilled($showError);
if ($errOutput) {
$output = "<h1>Error</h1>";
return $output . $errOutput . $backURL;
}
$event = array();
$errMsg = array();
// prevent sql injection & data sanitize
foreach ($_POST as $field => $value) {
$event[$field] = sanitizeData($value);
}
include_once 'database_conn.php';
$columnLengthSql = "\n\t\tSELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH\n\t\tFROM INFORMATION_SCHEMA.COLUMNS\n\t\tWHERE TABLE_NAME = 'te_events'\n\t\tAND (column_name = 'eventTitle'\n\t\tOR column_name = 'eventDescription')";
//, DATA_TYPE
$COLUMN_LENGTH = getColumnLength($conn, $columnLengthSql);
// check data type and length validation
$isError = false;
$errMsg[] = validateStringLength($event['title'], $COLUMN_LENGTH['eventTitle']);
//title
$errMsg[] = validateStringLength($event['desc'], $COLUMN_LENGTH['eventDescription']);
//desc
$errMsg[] = validateDate($event['startTime']);
//startTime
$errMsg[] = validateDate($event['endTime']);
//endTime
$errMsg[] = validateDecimal($event['price']);
//price
for ($i = 0; $i < count($errMsg); $i++) {
if (!($errMsg[$i] === true)) {
$pageHeader = "Error";
$output = "<h1>{$pageHeader}</h1>";
$output . "{$errMsg[$i]}";
$isError = true;
}
}
//if contain error, halt continue executing the code
if ($isError) {
return $output . $backURL;
}
// prepare sql statement
$sql = "UPDATE te_events SET \n\t\teventTitle=?, eventDescription=?, \n\t\tvenueID=?, catID=?, eventStartDate=?, \n\t\teventEndDate=?, eventPrice=? WHERE eventID=?;";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, "ssssssss", $event['title'], $event['desc'], $event['venue'], $event['category'], $event['startTime'], $event['endTime'], $event['price'], $event['e_id']);
// execute update statement
mysqli_stmt_execute($stmt);
// check is it sucess update
if (mysqli_stmt_affected_rows($stmt)) {
$output = "<h1>{$event['title']} was successfully updated.</h1>";
return $output . $backURL;
} else {
$output = "<h1>Nothing update for {$event['title']}</h1>";
return $output . $backURL;
}
echo "<br/>";
return;
}
function login()
{
include_once 'database_conn.php';
// check is form filled
if (isFormFilled()) {
// if not filled, stop
return;
}
$uid = sanitizeData($_POST['username']);
$pswd = sanitizeData($_POST['password']);
$columnLengthSql = "\n\t\t\tSELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH\n\t\t\tFROM INFORMATION_SCHEMA.COLUMNS\n\t\t\tWHERE TABLE_NAME = 'te_users'\n\t\t\tAND (column_name = 'username'\n\t\t\tOR column_name = 'passwd')";
$COLUMN_LENGTH = getColumnLength($conn, $columnLengthSql);
$isError = false;
$errMsg[] = validateStringLength($uid, $COLUMN_LENGTH['username']);
//uid
$errMsg[] = validateStringLength($pswd, $COLUMN_LENGTH['passwd']);
//pswd
for ($i = 0; $i < count($errMsg); $i++) {
if (!($errMsg[$i] === true)) {
echo "{$errMsg[$i]}";
$isError = true;
}
}
//if contain error, halt continue executing the code
if ($isError) {
return;
}
// check is uid exist
$checkUIDSql = "SELECT passwd, salt FROM te_users WHERE username = ?";
$stmt = mysqli_prepare($conn, $checkUIDSql);
mysqli_stmt_bind_param($stmt, "s", $uid);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) <= 0) {
echo "Sorry we don't seem to have that username.";
return;
}
mysqli_stmt_bind_result($stmt, $getHashpswd, $getSalt);
while (mysqli_stmt_fetch($stmt)) {
$hashPswd = $getHashpswd;
$salt = $getSalt;
}
// if exist, then get salt and db hashed password
// create hash based on password
// hash pswd using sha256 algorithm
// concat salt in db by uid
// hash using sha256 algorithm
$pswd = hash("sha256", $salt . hash("sha256", $pswd));
// check does it match with hased password from db
if (strcmp($pswd, $hashPswd) === 0) {
echo "Success login<br/>";
// add session
$_SESSION['logged-in'] = $uid;
// go to url
$url = $_SERVER['REQUEST_URI'];
header("Location: {$url}");
} else {
echo "Fail login<br/>";
}
}
<td>
<input type="hidden" name="amount" id="amount_input" value="15" />
<div id="amount_div">15 $</div>
</td>
</tr>
</table>
<input type="submit" value="Book ticket" />
</form>
<br/><br/><br/><br/><br/>
<h3>People who already bought hackathon tickets:</h3>
<?php
error_log("Checking");
require_once 'ticket_booking.php';
function isFormFilled()
{
return isset($_POST["name"], $_POST["email"], $_POST["tickets"], $_POST["amount"]);
}
if (isFormFilled()) {
book_ticket($_POST["name"], $_POST["email"], $_POST["tickets"], $_POST["amount"]);
}
echo list_all_hackers();
?>
<center>
</body>
</html>
