/**
* Returns an instance of the database communication.
* @return DBCommunication
*/
public static function getInstance()
{
if (!self::$instance) {
self::$instance = new self();
}
return self::$instance;
}
echo "<a href='register.php'>Sign Up</a> ";
echo "<a href='login.php'>Log In</a>";
}
?>
</div>
<div id="content">
<?php
// Getting the id of the advertisement
$advert_id = $_GET['advert_id'];
// Getting the id of the logged in user if he is logged in.
if (isset($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
}
try {
// Establishing a connection to the database
$conn = new DBCommunication();
$query = "SELECT * FROM whwp_Advert, whwp_User " . "WHERE whwp_Advert.advert_id = :advert_id " . "AND whwp_User.user_id = whwp_Advert.advert_owner";
$conn->prepQuery($query);
$conn->bind('advert_id', $advert_id);
$resultset = $conn->single();
$price = $resultset->advert_price;
$title = $resultset->advert_bookname;
//$image = $resultset -> image;
$author = $resultset->advert_bookauthor;
$user = $resultset->advert_owner;
$username = $resultset->user_firstname;
//$description = $resultset -> description;
$query = "SELECT whwp_Image.image_location FROM whwp_Advert " . "JOIN whwp_AdImage ON whwp_Advert.advert_id = whwp_AdImage.adimage_advert " . "JOIN whwp_Image ON whwp_AdImage.adimage_image = whwp_Image.image_id " . "WHERE whwp_Advert.advert_id = :advert_id";
$conn->prepQuery($query);
$conn->bind('advert_id', $advert_id);
$image = $conn->resultset();
} elseif ($file_extension == 'png') {
$img = imagecreatefrompng($filepath);
}
$width = imagesx($img);
$height = imagesy($img);
$new_width = 200;
$new_height = floor($height * ($new_width / $width));
$tmp_img = imagecreatetruecolor($new_width, $new_height);
imagecopyresized($tmp_img, $img, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
imagejpeg($tmp_img, __DIR__ . "/../thumbnails/" . basename($image));
}
}
}
try {
// Connect to the database
$conn = new DBCommunication();
$conn->beginTransaction();
// Get user, who is logged in and posting ad, id
$query = "SELECT user_id FROM whwp_User WHERE user_username = :username";
$conn->prepQuery($query);
$conn->bind('username', $username);
$resultset = $conn->single();
$user_id = $resultset->user_id;
// Insert some data to the database.
$query = "INSERT INTO whwp_Advert (advert_owner, advert_price, advert_bookname, advert_date, advert_description, advert_category) " . "VALUES (:user_id, :price, :title, :date, :description, :category)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('user_id' => $user_id, 'price' => $price, 'title' => $title, 'date' => gmdate('Y-m-d'), 'description' => $description, 'category' => $category_id));
$conn->execute();
// Get the auto generated advert_id.
$advert_id = $conn->lastInsertId();
if (isset($_POST['condition'])) {
<?php
require 'DBCommunication.php';
header('Content-type: application/json');
$response_array = array('success' => false, 'data' => '');
try {
$conn = new DBCommunication();
$query = "SELECT category_id,category_Description FROM whwp_Category";
$conn->prepQuery($query);
$response_array['data'] = $conn->resultset();
$response_array['success'] = true;
} catch (PDOException $e) {
}
echo json_encode($response_array);
if (isset($_SESSION['user_id'])) {
include "includes/loggedMenu.php";
} else {
include "includes/menu.php";
}
?>
<?php
$receiver = "";
if (!isset($_SESSION['target_id'])) {
echo "Invalid request";
} else {
$receiver_id = $_SESSION['target_id'];
// Establishing a connection to the database
try {
$conn = new DBCommunication();
$query = "SELECT whwp_User.user_firstname FROM whwp_User WHERE whwp_User.user_id = :receiver_id";
$conn->prepQuery($query);
$conn->bind('receiver_id', $receiver_id);
$username = $conn->single();
$receiver = $username->user_firstname;
} catch (PDOException $e) {
echo 'Something went wrong';
}
}
?>
<div class="container" id="userContent">
<div class="row">
<div class="col-lg-3">
<div class="panel panel-default">
<div class="panel-heading">My Account
<li><a href="message.php"><i class="glyphicon glyphicon-envelope"></i> Inbox</a>
</li>
<li><a href="send_message.php"><i class="glyphicon glyphicon-pencil"></i> Send a Message</a>
</li>
</ul>
</div>
</div>
</div>
<div class="col-lg-9">
<div class="panel panel-default">
<div class="panel-heading">My Books</div>
<div class="panel-body">
<?php
try {
$conn = new DBCommunication();
if (isset($_SESSION['user_id'])) {
$query = "SELECT advert_id,advert_bookname,advert_price FROM whwp_Advert WHERE advert_owner=:user_id AND ((NOT advert_expired=1) OR (advert_expired IS NULL))";
$conn->prepQuery($query);
$conn->bind('user_id', $_SESSION['user_id']);
$result = $conn->resultset();
echo "<table class=\"table table-hover\">";
echo "<thead>";
echo "<tr>";
echo "<th style=\"width:20%\">ID</th>";
echo "<th style=\"width:20%\">Title</th>";
echo "<th style=\"width:20%\">Price</th>";
echo "<th style=\"width:40%\"></th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
include 'DBCommunication.php';
// if(isset($_SESSION['username']))
// {
// $username = $_SESSION['username'];
// echo "You are logged in as " . $username . " ";
// echo "<a href='logout.php'>Log Out</a>";
// }
// else
// {
// echo "<a href='register.php'>Sign Up</a> ";
// echo "<a href='login.php'>Log In</a>";
// }
//
if (isset($_REQUEST['username']) && isset($_REQUEST['password']) && isset($_REQUEST['email'])) {
try {
$database = new DBCommunication();
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$email = $_REQUEST['email'];
// Check if such username does not exist.
$query = "SELECT * FROM whwp_User WHERE user_firstname = :username";
$database->prepQuery($query);
$database->bind('username', $username);
$database->execute();
if ($database->rowCount() > 0) {
echo "Email already in use.";
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
// Insert these values into a database.
$query = "INSERT INTO whwp_User (user_firstname, user_email, user_password, user_ismoderator) VALUES (:username,:email, :hashed_password, 0)";
$database->prepQuery($query);
<?php
session_start();
require 'DBCommunication.php';
require 'crypting.php';
header('Content-type: application/json');
$response_array = array('success' => false, 'error_code' => array(), 'message' => '');
try {
$conn = new DBCommunication();
$conn->beginTransaction();
$user_id = $_SESSION['user_id'];
if (isset($_POST['firstname'])) {
$query = "UPDATE whwp_User SET user_firstname = :firstname WHERE user_id = :user_id";
$conn->prepQuery($query);
$firsname = encrypt($_POST['firstname']);
$conn->bindArrayValue(array('firstname' => $firsname, 'user_id' => $user_id));
$conn->execute();
}
if (isset($_POST['surname'])) {
$query = "UPDATE whwp_User SET user_surname = :surname WHERE user_id = :user_id";
$conn->prepQuery($query);
$surname = encrypt($_POST['surname']);
$conn->bindArrayValue(array('surname' => $surname, 'user_id' => $user_id));
$conn->execute();
}
if (isset($_POST['city'])) {
$query = "UPDATE whwp_User SET user_city = :city WHERE user_id = :user_id";
$conn->prepQuery($query);
$city = encrypt($_POST['city']);
$conn->bindArrayValue(array('city' => $city, 'user_id' => $user_id));
$conn->execute();
<?php
session_start();
require 'DBCommunication.php';
header('Content-type: application/json');
$response_array = array('success' => false, 'error_code' => 0, 'message' => '');
try {
// Connect to the database
$conn = new DBCommunication();
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM whwp_User WHERE user_username = :username";
$conn->prepQuery($query);
$conn->bind('username', $username);
if ($user = $conn->single()) {
if (password_verify($password, $user->user_password)) {
if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) {
$new_hash = password_hash($password, PASSWORD_DEFAULT);
$query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_username=(:username)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username));
$conn->execute();
}
// echo "Congratulations! You have logged in on our website!";
$_SESSION['user_id'] = $user->user_id;
$_SESSION['username'] = $user->user_username;
$user_id = $_SESSION['user_id'];
if (isset($_POST['rememberme'])) {
$identifier = hash('md5', $username);
$randomString = openssl_random_pseudo_bytes(64);
$token = bin2hex($randomString);
<?php
session_start();
require 'DBCommunication.php';
header('Content-type: application/json');
$response = 1;
if (isset($_POST['advert_id'])) {
if (isset($_SESSION['user_id'])) {
try {
$conn = new DBCommunication();
$query = "SELECT advert_owner FROM whwp_Advert WHERE advert_id=:advert_id";
$conn->prepQuery($query);
$conn->bind('advert_id', $_POST['advert_id']);
$result = $conn->single();
if ($result->advert_owner == $_SESSION['user_id']) {
$query = "UPDATE whwp_Advert SET advert_expired = 1 WHERE advert_id = :advert_id";
$conn->prepQuery($query);
$conn->bind('advert_id', $_POST['advert_id']);
$conn->execute();
$response = 0;
} else {
$response = 4;
}
} catch (PDOException $e) {
$response = 3;
}
} else {
$response = 2;
}
}
echo json_encode($response);
<?php
session_start();
require 'includes/DBCommunication.php';
if (isset($_COOKIE['Books4Cash'])) {
try {
$database = new DBCommunication();
$explodedCookie = explode(",", $_COOKIE['Books4Cash']);
$identifier = $explodedCookie[0];
$token = $explodedCookie[1];
$query = "SELECT user_username, user_token FROM whwp_User WHERE user_indentifier = :identifier";
$database->prepQuery($query);
$database->bind('identifier', $identifier);
$user = $database->single();
if ($database->rowCount() > 0) {
$username = $user->user_username;
$user_token = $user->user_token;
if ($token == $user_token) {
$_SESSION['username'] = $username;
}
}
} catch (PDOException $e) {
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<link rel="Stylesheet" type="text/css" href="css/bootstrap.min.css"/>
<link rel="Stylesheet" type="text/css" href="css/style.css"/>
<link rel="Stylesheet" type="text/css" href="css/animate.css"/>
<div id="content">
<form action="<?php
echo htmlentities($_SERVER['PHP_SELF']);
?>
" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username">
<label for="password" >Password:</label>
<input type="password" id="password" name="password">
<input type="submit" name="login" value="Log In">
</form>
<?php
if (isset($_POST['login'])) {
// Connect to the database
try {
$conn = new DBCommunication();
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM whwp_User WHERE user_email = :username";
$conn->prepQuery($query);
$conn->bind('username', $username);
if ($user = $conn->single()) {
if (password_verify($password, $user->user_password)) {
if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) {
$new_hash = password_hash($password, PASSWORD_DEFAULT);
$query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_email=(:username)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username));
$conn->execute();
}
echo "Congratulations! You have logged in on our website!";
echo "<a href='register.php'>Sign Up</a> ";
echo "<a href='login.php'>Log In</a>";
}
?>
</div>
<div id="content">
<?php
// Getting the id of the advertisement
$search_term = "";
if (isset($_GET['search'])) {
$search_term = $_GET['search'];
$search_string = "%" . $_GET['search'] . "%";
if (!empty($search_term)) {
try {
// Establishing a connection to the database
$conn = new DBCommunication();
// Run the query.
$query = "SELECT DISTINCT COUNT(*) as count FROM whwp_Advert, whwp_AdTag, whwp_Tag " . "WHERE whwp_Tag.tag_description LIKE :search_string " . "AND whwp_Tag.tag_id = whwp_AdTag.adtag_tag " . "AND whwp_AdTag.adtag_advert = whwp_Advert.advert_id";
$conn->prepQuery($query);
$conn->bind('search_string', $search_string);
// Counts how many results were returned from the search.
$count = $conn->single()->count;
if ($count == 1) {
echo "Your search provided 1 result";
} else {
echo "Your search provided " . $count . " results";
}
// Paging system
if (isset($_GET["page"])) {
$page = $_GET["page"];
$search_term = $_GET["search"];
/**
* TopicDbMapper constructor.
*/
public function __construct()
{
$this->connection = DBCommunication::getInstance()->getConnection();
}
<?php
session_start();
require 'DBCommunication.php';
require 'crypting.php';
header('Content-type: application/json');
$response_array = array('success' => false, 'error_code' => array(), 'message' => '');
try {
if (isset($_POST['password']) && isset($_SESSION['user_id'])) {
$conn = new DBCommunication();
$conn->beginTransaction();
$user_id = $_SESSION['user_id'];
$password = $_POST['password'];
$query = "SELECT user_password FROM whwp_User WHERE user_id = :user_id";
$conn->prepQuery($query);
$conn->bind('user_id', $user_id);
$password_hash = $conn->single();
if (password_verify($password, $password_hash->user_password)) {
if (password_needs_rehash($password_hash->user_password, PASSWORD_DEFAULT)) {
$new_hash = password_hash($password, PASSWORD_DEFAULT);
$query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_id=(:user_id)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('hashed_password' => $new_hash, 'user_id' => $user_id));
$conn->execute();
}
if (isset($_POST['email'])) {
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
array_push($response_array['error_code'], 5);
} else {
$query = "UPDATE whwp_User SET user_email = :email WHERE user_id = :user_id";
$conn->prepQuery($query);
<tbody>
<?php
// Check if the user is logged in
if (!isset($_SESSION['user_id'])) {
echo "You need to log in first!";
header("refresh:3;url=login.php");
} else {
// Check who is logged in
$user_id = $_SESSION['user_id'];
// Get the message id that the user wishes to open
$message_id = $_GET['message_id'];
try {
// Establishing a connection to the database
$conn = new DBCommunication();
// Query to get a message
$query = "SELECT * FROM whwp_Message WHERE :user_id = message_recipient ";
$conn->prepQuery($query);
$conn->bind('user_id', $user_id);
$message = $conn->single();
//$sender_id = $message -> receiver_id;
// Check if the specified message belongs to the logged in user
//if($user_id == $sender_id)
//{
$sender_id = $message->message_sender;
// Query to get the sender's username.
$query = "SELECT user_firstname FROM whwp_User WHERE user_id = :user";
$conn->prepQuery($query);
$conn->bind('user', $sender_id);
$resultset = $conn->single();
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
echo "You are logged in as " . $username . " ";
echo "<a href='logout.php'>Log Out</a>";
} else {
echo "<a href='register.php'>Sign Up</a> ";
echo "<a href='login.php'>Log In</a>";
}
?>
</div>
<div id="content">
<?php
if (isset($_GET['user_id'])) {
try {
// Establishing a connection to the database
$conn = new DBCommunication();
// Get the ID of which user's page to display
$user_id = $_GET['user_id'];
// Run query to get information about the user.
$query = "SELECT * FROM whwp_User WHERE user_id = :user_id";
$conn->prepQuery($query);
$conn->bind('user_id', $user_id);
$user = $conn->single();
$username = $user->user_firstname;
echo "The page of " . $username;
// Set the target as a private message receiver
$_SESSION['target_id'] = $user_id;
// If the user is not in his own page - displaay the link to PM
if (isset($_SESSION['user_id']) && $_SESSION['user_id'] !== $user_id) {
echo "<a href='send_message.php'><img src='images/pm.png' id='pm' alt='Private Message' title='Private Message'/></a>";
}
