<textarea name="comment" rows="5" cols='50'></textarea>
<input type="submit" name="submit_comment" value="Post Comment!">
</form>
<hr/>
</div>
<?php
try {
if (isset($_POST['submit_comment'])) {
$date_time = gmdate('Y-m-d H:i:s');
if (isset($_SESSION['user_id'])) {
//$user_id = $_SESSION['user_id'];
if (!empty($_POST['comment'])) {
$comment = $_POST['comment'];
$query = "INSERT INTO whwp_Comment ( comment_advert, comment_author, comment_contents) " . "VALUES (:advert_id, :user_id, :comment)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('advert_id' => $advert_id, 'user_id' => $user_id, 'comment' => $comment));
//$prepared_statement3 -> bindValue(':date_time', $date_time);
$conn->execute();
echo "Your comment was posted!";
header("refresh:3;url='showAdvert.php?advert_id={$advert_id}'");
} else {
echo "Your comment cannot be empty!";
}
} else {
echo "Only those who have logged in can post comments!<br/>";
echo "<a href='login.php'>Click here to enter login page.</a>";
}
}
echo "<hr/><br/>";
$query = "SELECT ac.*, whwp_User.user_firstname FROM whwp_User, whwp_Comment AS ac WHERE ac.comment_advert = :advert_id " . "AND whwp_User.user_id = ac.comment_author";
$conn->prepQuery($query);
if (!isset($_SESSION['user_id'])) {
echo "You need to log in to send a message!";
header("refresh:0;url=login.php");
} else {
if (isset($_POST['send'])) {
if (!empty([$_POST['title']])) {
if (isset($_POST['message']) && !empty($_POST['message'])) {
$sender_id = $_SESSION['user_id'];
$title = $_POST['title'];
$message = $_POST['message'];
$time_sent = gmdate('Y-m-d H:i:s');
try {
// Running the queries
$query = "INSERT INTO whwp_Message (message_sender, message_recipient, " . "message_subject, message_content, message_time,message_date) VALUES " . "(:sender_id, :receiver_id, :title, :content, :time_sent, :date_sent)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('sender_id' => $sender_id, 'receiver_id' => $receiver_id, 'title' => $title, 'time_sent' => $time_sent, 'content' => $message, 'date_sent' => $time_sent));
$conn->execute();
// Give the user some feedback
echo "Message sent!";
} catch (PDOException $e) {
echo "Something went wrong...";
}
} else {
echo "Can't send an empty message!";
}
} else {
echo "Enter a title!";
}
}
}
?>
}
}
try {
// Connect to the database
$conn = new DBCommunication();
$conn->beginTransaction();
// Get user, who is logged in and posting ad, id
$query = "SELECT user_id FROM whwp_User WHERE user_username = :username";
$conn->prepQuery($query);
$conn->bind('username', $username);
$resultset = $conn->single();
$user_id = $resultset->user_id;
// Insert some data to the database.
$query = "INSERT INTO whwp_Advert (advert_owner, advert_price, advert_bookname, advert_date, advert_description, advert_category) " . "VALUES (:user_id, :price, :title, :date, :description, :category)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('user_id' => $user_id, 'price' => $price, 'title' => $title, 'date' => gmdate('Y-m-d'), 'description' => $description, 'category' => $category_id));
$conn->execute();
// Get the auto generated advert_id.
$advert_id = $conn->lastInsertId();
if (isset($_POST['condition'])) {
$query = "UPDATE whwp_Advert SET advert_condition=:condition WHERE advert_id = :advert_id";
$conn->prepQuery($query);
$conn->bindArrayValue(array('condition' => $_POST['condition'], 'advert_id' => $advert_id));
$conn->execute();
}
if (isset($_POST['author'])) {
$query = "UPDATE whwp_Advert SET advert_bookauthor=:advert_author WHERE advert_id = :advert_id";
$conn->prepQuery($query);
$conn->bindArrayValue(array('advert_author' => $_POST['author'], 'advert_id' => $advert_id));
$conn->execute();
}
try {
if (isset($_POST['password']) && isset($_SESSION['user_id'])) {
$conn = new DBCommunication();
$conn->beginTransaction();
$user_id = $_SESSION['user_id'];
$password = $_POST['password'];
$query = "SELECT user_password FROM whwp_User WHERE user_id = :user_id";
$conn->prepQuery($query);
$conn->bind('user_id', $user_id);
$password_hash = $conn->single();
if (password_verify($password, $password_hash->user_password)) {
if (password_needs_rehash($password_hash->user_password, PASSWORD_DEFAULT)) {
$new_hash = password_hash($password, PASSWORD_DEFAULT);
$query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_id=(:user_id)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('hashed_password' => $new_hash, 'user_id' => $user_id));
$conn->execute();
}
if (isset($_POST['email'])) {
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
array_push($response_array['error_code'], 5);
} else {
$query = "UPDATE whwp_User SET user_email = :email WHERE user_id = :user_id";
$conn->prepQuery($query);
$email = encrypt($_POST['email']);
$conn->bindArrayValue(array('email' => $email, 'user_id' => $user_id));
$conn->execute();
}
}
if (isset($_POST['new_password'])) {
$new_password = $_POST['new_password'];
//
if (isset($_REQUEST['username']) && isset($_REQUEST['password']) && isset($_REQUEST['email'])) {
try {
$database = new DBCommunication();
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$email = $_REQUEST['email'];
// Check if such username does not exist.
$query = "SELECT * FROM whwp_User WHERE user_firstname = :username";
$database->prepQuery($query);
$database->bind('username', $username);
$database->execute();
if ($database->rowCount() > 0) {
echo "Email already in use.";
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
// Insert these values into a database.
$query = "INSERT INTO whwp_User (user_firstname, user_email, user_password, user_ismoderator) VALUES (:username,:email, :hashed_password, 0)";
$database->prepQuery($query);
$database->bindArrayValue(array('username' => $username, 'hashed_password' => $hashed_password, 'email' => $email));
$database->execute();
if ($database->rowCount() > 0) {
echo "Congratulations! You have registered on our website!";
}
}
} catch (PDOException $e) {
echo "Something went wrong...";
}
} else {
echo "Error";
}
$response_array = array('success' => false, 'error_code' => 0, 'message' => '');
try {
// Connect to the database
$conn = new DBCommunication();
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM whwp_User WHERE user_username = :username";
$conn->prepQuery($query);
$conn->bind('username', $username);
if ($user = $conn->single()) {
if (password_verify($password, $user->user_password)) {
if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) {
$new_hash = password_hash($password, PASSWORD_DEFAULT);
$query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_username=(:username)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username));
$conn->execute();
}
// echo "Congratulations! You have logged in on our website!";
$_SESSION['user_id'] = $user->user_id;
$_SESSION['username'] = $user->user_username;
$user_id = $_SESSION['user_id'];
if (isset($_POST['rememberme'])) {
$identifier = hash('md5', $username);
$randomString = openssl_random_pseudo_bytes(64);
$token = bin2hex($randomString);
$query = "UPDATE whwp_User SET user_indentifier = :identifier, user_token = :token WHERE user_id = :user_id";
$conn->prepQuery($query);
$conn->bindArrayValue(array('identifier' => $identifier, 'token' => $token, 'user_id' => $user_id));
$conn->execute();
$cookie_name = 'Books4Cash';
if (isset($_POST['login'])) {
// Connect to the database
try {
$conn = new DBCommunication();
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM whwp_User WHERE user_email = :username";
$conn->prepQuery($query);
$conn->bind('username', $username);
if ($user = $conn->single()) {
if (password_verify($password, $user->user_password)) {
if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) {
$new_hash = password_hash($password, PASSWORD_DEFAULT);
$query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_email=(:username)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username));
$conn->execute();
}
echo "Congratulations! You have logged in on our website!";
$_SESSION['user_id'] = $user->user_id;
$_SESSION['username'] = $user->user_email;
header("refresh:3;url=index.php");
} else {
//header("Location: https://selene.hud.ac.uk/u1467200/login.php");
}
} else {
echo "Incorrect username!";
}
} catch (PDOException $e) {
echo 'Something went wrong.';
}
$img = imagecreatefrompng($filepath);
}
$width = imagesx($img);
$height = imagesy($img);
$new_width = 200;
$new_height = floor($height * ($new_width / $width));
$tmp_img = imagecreatetruecolor($new_width, $new_height);
imagecopyresized($tmp_img, $img, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
imagejpeg($tmp_img, __DIR__ . "/../thumbnails/" . basename($image));
}
}
}
if (!empty($_POST['title'])) {
$query = "UPDATE whwp_Advert SET advert_bookname=:title WHERE advert_id = :advert_id";
$conn->prepQuery($query);
$conn->bindArrayValue(array('title' => $_POST['title'], 'advert_id' => $advert_id));
$conn->execute();
}
if (!empty($_POST['condition'])) {
$query = "UPDATE whwp_Advert SET advert_condition=:condition WHERE advert_id = :advert_id";
$conn->prepQuery($query);
$conn->bindArrayValue(array('condition' => $_POST['condition'], 'advert_id' => $advert_id));
$conn->execute();
}
if (!empty($_POST['category'])) {
$query = "UPDATE whwp_Advert SET advert_category=:category WHERE advert_id = :advert_id";
$conn->prepQuery($query);
$conn->bindArrayValue(array('category' => $_POST['category'], 'advert_id' => $advert_id));
$conn->execute();
}
if (!empty($_POST['price'])) {
}
try {
$conn = new DBCommunication();
$conn->beginTransaction();
// Get user, who is logged in and posting ad, id
$query = "SELECT user_id FROM whwp_User WHERE user_username = :username";
$conn->prepQuery($query);
$conn->bind('username', $username);
$resultset = $conn->single();
$user_id = $resultset->user_id;
// Insert some data to the database.
// $query2 = "INSERT INTO whwp_advert (advert_owner, advert_price, advert_bookname, image) "
// . "VALUES (:user_id, :price, :title, :image)";
$query = "INSERT INTO whwp_Advert (advert_owner, advert_price, advert_bookname, advert_date) " . "VALUES (:user_id, :price, :title, :date)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('user_id' => $user_id, 'price' => $price, 'title' => $title, 'date' => gmdate('Y-m-d')));
// $prepared_statement2 -> bindValue(':image', $image);
$conn->execute();
// Get the auto generated advert_id.
// $query3 = "SELECT advert_id FROM whwp_advert ORDER BY advert_id DESC LIMIT 1";
// $prepared_statement3 = $conn -> prepare($query3);
// $prepared_statement3 -> execute();
// $resultset = $prepared_statement3 -> fetch(PDO::FETCH_OBJ);
// $advert_id = $resultset -> advert_id;
$advert_id = $conn->lastInsertId();
// Insert image data into table
$query = "INSERT INTO whwp_Image (image_location) " . "VALUES (:image)";
$conn->prepQuery($query);
$conn->bind('image', $image);
$conn->execute();
$image_id = $conn->lastInsertId();
<?php
session_start();
require 'DBCommunication.php';
require 'crypting.php';
header('Content-type: application/json');
$response_array = array('success' => false, 'error_code' => array(), 'message' => '');
try {
$conn = new DBCommunication();
$conn->beginTransaction();
$user_id = $_SESSION['user_id'];
if (isset($_POST['firstname'])) {
$query = "UPDATE whwp_User SET user_firstname = :firstname WHERE user_id = :user_id";
$conn->prepQuery($query);
$firsname = encrypt($_POST['firstname']);
$conn->bindArrayValue(array('firstname' => $firsname, 'user_id' => $user_id));
$conn->execute();
}
if (isset($_POST['surname'])) {
$query = "UPDATE whwp_User SET user_surname = :surname WHERE user_id = :user_id";
$conn->prepQuery($query);
$surname = encrypt($_POST['surname']);
$conn->bindArrayValue(array('surname' => $surname, 'user_id' => $user_id));
$conn->execute();
}
if (isset($_POST['city'])) {
$query = "UPDATE whwp_User SET user_city = :city WHERE user_id = :user_id";
$conn->prepQuery($query);
$city = encrypt($_POST['city']);
$conn->bindArrayValue(array('city' => $city, 'user_id' => $user_id));
$conn->execute();
