if (!isset($_SESSION['user_id'])) {
echo "You need to log in first!";
header("refresh:3;url=login.php");
} else {
// Check who is logged in
$user_id = $_SESSION['user_id'];
// Get the message id that the user wishes to open
$message_id = $_GET['message_id'];
try {
// Establishing a connection to the database
$conn = new DBCommunication();
// Query to get a message
$query = "SELECT * FROM whwp_Message WHERE :user_id = message_recipient ";
$conn->prepQuery($query);
$conn->bind('user_id', $user_id);
$message = $conn->single();
//$sender_id = $message -> receiver_id;
// Check if the specified message belongs to the logged in user
//if($user_id == $sender_id)
//{
$sender_id = $message->message_sender;
// Query to get the sender's username.
$query = "SELECT user_firstname FROM whwp_User WHERE user_id = :user";
$conn->prepQuery($query);
$conn->bind('user', $sender_id);
$resultset = $conn->single();
// Get and output all the details.
$sender = $resultset->user_firstname;
$title = $message->message_subject;
$message_text = $message->message_content;
$date = $message->message_date;
}
?>
<?php
$receiver = "";
if (!isset($_SESSION['target_id'])) {
echo "Invalid request";
} else {
$receiver_id = $_SESSION['target_id'];
// Establishing a connection to the database
try {
$conn = new DBCommunication();
$query = "SELECT whwp_User.user_firstname FROM whwp_User WHERE whwp_User.user_id = :receiver_id";
$conn->prepQuery($query);
$conn->bind('receiver_id', $receiver_id);
$username = $conn->single();
$receiver = $username->user_firstname;
} catch (PDOException $e) {
echo 'Something went wrong';
}
}
?>
<div class="container" id="userContent">
<div class="row">
<div class="col-lg-3">
<div class="panel panel-default">
<div class="panel-heading">My Account
</div>
<div class="panel-body">
<ul class="nav nav-list">
<li class="usermenuActive"><a href="userSettings.php"><i class="glyphicon glyphicon-user"></i> Edit profile</a>
</div>
<div id="content">
<?php
// Getting the id of the advertisement
$advert_id = $_GET['advert_id'];
// Getting the id of the logged in user if he is logged in.
if (isset($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
}
try {
// Establishing a connection to the database
$conn = new DBCommunication();
$query = "SELECT * FROM whwp_Advert, whwp_User " . "WHERE whwp_Advert.advert_id = :advert_id " . "AND whwp_User.user_id = whwp_Advert.advert_owner";
$conn->prepQuery($query);
$conn->bind('advert_id', $advert_id);
$resultset = $conn->single();
$price = $resultset->advert_price;
$title = $resultset->advert_bookname;
//$image = $resultset -> image;
$author = $resultset->advert_bookauthor;
$user = $resultset->advert_owner;
$username = $resultset->user_firstname;
//$description = $resultset -> description;
$query = "SELECT whwp_Image.image_location FROM whwp_Advert " . "JOIN whwp_AdImage ON whwp_Advert.advert_id = whwp_AdImage.adimage_advert " . "JOIN whwp_Image ON whwp_AdImage.adimage_image = whwp_Image.image_id " . "WHERE whwp_Advert.advert_id = :advert_id";
$conn->prepQuery($query);
$conn->bind('advert_id', $advert_id);
$image = $conn->resultset();
foreach ($image as $element) {
echo "<img src = itemPhotos/" . $element->image_location . " alt=" . $title . " title=" . $title . "<br/>";
}
echo "Price: " . $price . "<br/>";
session_start();
require 'DBCommunication.php';
require 'crypting.php';
header('Content-type: application/json');
$response_array = array('success' => false, 'error_code' => array(), 'message' => '');
try {
if (isset($_POST['password']) && isset($_SESSION['user_id'])) {
$conn = new DBCommunication();
$conn->beginTransaction();
$user_id = $_SESSION['user_id'];
$password = $_POST['password'];
$query = "SELECT user_password FROM whwp_User WHERE user_id = :user_id";
$conn->prepQuery($query);
$conn->bind('user_id', $user_id);
$password_hash = $conn->single();
if (password_verify($password, $password_hash->user_password)) {
if (password_needs_rehash($password_hash->user_password, PASSWORD_DEFAULT)) {
$new_hash = password_hash($password, PASSWORD_DEFAULT);
$query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_id=(:user_id)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('hashed_password' => $new_hash, 'user_id' => $user_id));
$conn->execute();
}
if (isset($_POST['email'])) {
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
array_push($response_array['error_code'], 5);
} else {
$query = "UPDATE whwp_User SET user_email = :email WHERE user_id = :user_id";
$conn->prepQuery($query);
$email = encrypt($_POST['email']);
<?php
session_start();
require 'DBCommunication.php';
header('Content-type: application/json');
$response_array = array('success' => false, 'error_code' => 0, 'message' => '');
try {
// Connect to the database
$conn = new DBCommunication();
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM whwp_User WHERE user_username = :username";
$conn->prepQuery($query);
$conn->bind('username', $username);
if ($user = $conn->single()) {
if (password_verify($password, $user->user_password)) {
if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) {
$new_hash = password_hash($password, PASSWORD_DEFAULT);
$query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_username=(:username)";
$conn->prepQuery($query);
$conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username));
$conn->execute();
}
// echo "Congratulations! You have logged in on our website!";
$_SESSION['user_id'] = $user->user_id;
$_SESSION['username'] = $user->user_username;
$user_id = $_SESSION['user_id'];
if (isset($_POST['rememberme'])) {
$identifier = hash('md5', $username);
$randomString = openssl_random_pseudo_bytes(64);
$token = bin2hex($randomString);
<?php
session_start();
require 'includes/DBCommunication.php';
if (isset($_COOKIE['Books4Cash'])) {
try {
$database = new DBCommunication();
$explodedCookie = explode(",", $_COOKIE['Books4Cash']);
$identifier = $explodedCookie[0];
$token = $explodedCookie[1];
$query = "SELECT user_username, user_token FROM whwp_User WHERE user_indentifier = :identifier";
$database->prepQuery($query);
$database->bind('identifier', $identifier);
$user = $database->single();
if ($database->rowCount() > 0) {
$username = $user->user_username;
$user_token = $user->user_token;
if ($token == $user_token) {
$_SESSION['username'] = $username;
}
}
} catch (PDOException $e) {
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<link rel="Stylesheet" type="text/css" href="css/bootstrap.min.css"/>
<link rel="Stylesheet" type="text/css" href="css/style.css"/>
<link rel="Stylesheet" type="text/css" href="css/animate.css"/>
<?php
// Getting the id of the advertisement
$search_term = "";
if (isset($_GET['search'])) {
$search_term = $_GET['search'];
$search_string = "%" . $_GET['search'] . "%";
if (!empty($search_term)) {
try {
// Establishing a connection to the database
$conn = new DBCommunication();
// Run the query.
$query = "SELECT DISTINCT COUNT(*) as count FROM whwp_Advert, whwp_AdTag, whwp_Tag " . "WHERE whwp_Tag.tag_description LIKE :search_string " . "AND whwp_Tag.tag_id = whwp_AdTag.adtag_tag " . "AND whwp_AdTag.adtag_advert = whwp_Advert.advert_id";
$conn->prepQuery($query);
$conn->bind('search_string', $search_string);
// Counts how many results were returned from the search.
$count = $conn->single()->count;
if ($count == 1) {
echo "Your search provided 1 result";
} else {
echo "Your search provided " . $count . " results";
}
// Paging system
if (isset($_GET["page"])) {
$page = $_GET["page"];
$search_term = $_GET["search"];
} else {
//$page = 10;
$page = 1;
header("location:search.php?search={$search_term}&Search=Search&page=1");
}
// Determine which results to show in which page.
}
?>
</div>
<div id="content">
<?php
if (isset($_GET['user_id'])) {
try {
// Establishing a connection to the database
$conn = new DBCommunication();
// Get the ID of which user's page to display
$user_id = $_GET['user_id'];
// Run query to get information about the user.
$query = "SELECT * FROM whwp_User WHERE user_id = :user_id";
$conn->prepQuery($query);
$conn->bind('user_id', $user_id);
$user = $conn->single();
$username = $user->user_firstname;
echo "The page of " . $username;
// Set the target as a private message receiver
$_SESSION['target_id'] = $user_id;
// If the user is not in his own page - displaay the link to PM
if (isset($_SESSION['user_id']) && $_SESSION['user_id'] !== $user_id) {
echo "<a href='send_message.php'><img src='images/pm.png' id='pm' alt='Private Message' title='Private Message'/></a>";
}
// Query to get all the ads from the user, whose page is accessed.
$query = "SELECT * FROM whwp_Advert WHERE advert_owner = :user_id";
$conn->prepQuery($query);
$conn->bind('user_id', $user_id);
$ad = $conn->resultset();
$countAds = $conn->rowCount();
if ($countAds == 0) {
