Exemplo n.º 1
0
if (!isset($_SESSION['user_id'])) {
    echo "You need to log in first!";
    header("refresh:3;url=login.php");
} else {
    // Check who is logged in
    $user_id = $_SESSION['user_id'];
    // Get the message id that the user wishes to open
    $message_id = $_GET['message_id'];
    try {
        // Establishing a connection to the database
        $conn = new DBCommunication();
        // Query to get a message
        $query = "SELECT * FROM whwp_Message WHERE :user_id = message_recipient ";
        $conn->prepQuery($query);
        $conn->bind('user_id', $user_id);
        $message = $conn->single();
        //$sender_id = $message -> receiver_id;
        // Check if the specified message belongs to the logged in user
        //if($user_id == $sender_id)
        //{
        $sender_id = $message->message_sender;
        // Query to get the sender's username.
        $query = "SELECT user_firstname FROM whwp_User WHERE user_id = :user";
        $conn->prepQuery($query);
        $conn->bind('user', $sender_id);
        $resultset = $conn->single();
        // Get and output all the details.
        $sender = $resultset->user_firstname;
        $title = $message->message_subject;
        $message_text = $message->message_content;
        $date = $message->message_date;
Exemplo n.º 2
0
}
?>
            
                <?php 
$receiver = "";
if (!isset($_SESSION['target_id'])) {
    echo "Invalid request";
} else {
    $receiver_id = $_SESSION['target_id'];
    // Establishing a connection to the database
    try {
        $conn = new DBCommunication();
        $query = "SELECT whwp_User.user_firstname FROM whwp_User WHERE whwp_User.user_id = :receiver_id";
        $conn->prepQuery($query);
        $conn->bind('receiver_id', $receiver_id);
        $username = $conn->single();
        $receiver = $username->user_firstname;
    } catch (PDOException $e) {
        echo 'Something went wrong';
    }
}
?>
<div class="container" id="userContent">
<div class="row">
<div class="col-lg-3">
          <div class="panel panel-default">
          <div class="panel-heading">My Account
          </div>
          <div class="panel-body">
               <ul class="nav nav-list">
                <li class="usermenuActive"><a href="userSettings.php"><i class="glyphicon glyphicon-user"></i> Edit profile</a>
Exemplo n.º 3
0
    </div>
    <div id="content">
        <?php 
// Getting the id of the advertisement
$advert_id = $_GET['advert_id'];
// Getting the id of the logged in user if he is logged in.
if (isset($_SESSION['user_id'])) {
    $user_id = $_SESSION['user_id'];
}
try {
    // Establishing a connection to the database
    $conn = new DBCommunication();
    $query = "SELECT * FROM whwp_Advert, whwp_User " . "WHERE whwp_Advert.advert_id = :advert_id " . "AND whwp_User.user_id = whwp_Advert.advert_owner";
    $conn->prepQuery($query);
    $conn->bind('advert_id', $advert_id);
    $resultset = $conn->single();
    $price = $resultset->advert_price;
    $title = $resultset->advert_bookname;
    //$image = $resultset -> image;
    $author = $resultset->advert_bookauthor;
    $user = $resultset->advert_owner;
    $username = $resultset->user_firstname;
    //$description = $resultset -> description;
    $query = "SELECT whwp_Image.image_location FROM whwp_Advert " . "JOIN whwp_AdImage ON whwp_Advert.advert_id = whwp_AdImage.adimage_advert " . "JOIN whwp_Image ON whwp_AdImage.adimage_image = whwp_Image.image_id " . "WHERE whwp_Advert.advert_id = :advert_id";
    $conn->prepQuery($query);
    $conn->bind('advert_id', $advert_id);
    $image = $conn->resultset();
    foreach ($image as $element) {
        echo "<img src = itemPhotos/" . $element->image_location . " alt=" . $title . " title=" . $title . "<br/>";
    }
    echo "Price: " . $price . "<br/>";
Exemplo n.º 4
0
session_start();
require 'DBCommunication.php';
require 'crypting.php';
header('Content-type: application/json');
$response_array = array('success' => false, 'error_code' => array(), 'message' => '');
try {
    if (isset($_POST['password']) && isset($_SESSION['user_id'])) {
        $conn = new DBCommunication();
        $conn->beginTransaction();
        $user_id = $_SESSION['user_id'];
        $password = $_POST['password'];
        $query = "SELECT user_password FROM whwp_User WHERE user_id = :user_id";
        $conn->prepQuery($query);
        $conn->bind('user_id', $user_id);
        $password_hash = $conn->single();
        if (password_verify($password, $password_hash->user_password)) {
            if (password_needs_rehash($password_hash->user_password, PASSWORD_DEFAULT)) {
                $new_hash = password_hash($password, PASSWORD_DEFAULT);
                $query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_id=(:user_id)";
                $conn->prepQuery($query);
                $conn->bindArrayValue(array('hashed_password' => $new_hash, 'user_id' => $user_id));
                $conn->execute();
            }
            if (isset($_POST['email'])) {
                if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
                    array_push($response_array['error_code'], 5);
                } else {
                    $query = "UPDATE whwp_User SET user_email = :email WHERE user_id = :user_id";
                    $conn->prepQuery($query);
                    $email = encrypt($_POST['email']);
Exemplo n.º 5
0
<?php

session_start();
require 'DBCommunication.php';
header('Content-type: application/json');
$response_array = array('success' => false, 'error_code' => 0, 'message' => '');
try {
    // Connect to the database
    $conn = new DBCommunication();
    $username = $_POST['username'];
    $password = $_POST['password'];
    $query = "SELECT * FROM whwp_User WHERE user_username = :username";
    $conn->prepQuery($query);
    $conn->bind('username', $username);
    if ($user = $conn->single()) {
        if (password_verify($password, $user->user_password)) {
            if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) {
                $new_hash = password_hash($password, PASSWORD_DEFAULT);
                $query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_username=(:username)";
                $conn->prepQuery($query);
                $conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username));
                $conn->execute();
            }
            // echo "Congratulations! You have logged in on our website!";
            $_SESSION['user_id'] = $user->user_id;
            $_SESSION['username'] = $user->user_username;
            $user_id = $_SESSION['user_id'];
            if (isset($_POST['rememberme'])) {
                $identifier = hash('md5', $username);
                $randomString = openssl_random_pseudo_bytes(64);
                $token = bin2hex($randomString);
Exemplo n.º 6
0
<?php

session_start();
require 'includes/DBCommunication.php';
if (isset($_COOKIE['Books4Cash'])) {
    try {
        $database = new DBCommunication();
        $explodedCookie = explode(",", $_COOKIE['Books4Cash']);
        $identifier = $explodedCookie[0];
        $token = $explodedCookie[1];
        $query = "SELECT user_username, user_token FROM whwp_User WHERE user_indentifier = :identifier";
        $database->prepQuery($query);
        $database->bind('identifier', $identifier);
        $user = $database->single();
        if ($database->rowCount() > 0) {
            $username = $user->user_username;
            $user_token = $user->user_token;
            if ($token == $user_token) {
                $_SESSION['username'] = $username;
            }
        }
    } catch (PDOException $e) {
    }
}
?>
<!DOCTYPE html>
<html lang="en">
 <head>
    <link rel="Stylesheet" type="text/css" href="css/bootstrap.min.css"/>
    <link rel="Stylesheet" type="text/css" href="css/style.css"/>
    <link rel="Stylesheet" type="text/css" href="css/animate.css"/>
Exemplo n.º 7
0
                <?php 
// Getting the id of the advertisement
$search_term = "";
if (isset($_GET['search'])) {
    $search_term = $_GET['search'];
    $search_string = "%" . $_GET['search'] . "%";
    if (!empty($search_term)) {
        try {
            // Establishing a connection to the database
            $conn = new DBCommunication();
            // Run the query.
            $query = "SELECT DISTINCT COUNT(*) as count FROM whwp_Advert, whwp_AdTag, whwp_Tag " . "WHERE whwp_Tag.tag_description LIKE :search_string " . "AND whwp_Tag.tag_id = whwp_AdTag.adtag_tag " . "AND whwp_AdTag.adtag_advert = whwp_Advert.advert_id";
            $conn->prepQuery($query);
            $conn->bind('search_string', $search_string);
            // Counts how many results were returned from the search.
            $count = $conn->single()->count;
            if ($count == 1) {
                echo "Your search provided 1 result";
            } else {
                echo "Your search provided " . $count . " results";
            }
            // Paging system
            if (isset($_GET["page"])) {
                $page = $_GET["page"];
                $search_term = $_GET["search"];
            } else {
                //$page = 10;
                $page = 1;
                header("location:search.php?search={$search_term}&Search=Search&page=1");
            }
            // Determine which results to show in which page.
Exemplo n.º 8
0
}
?>
    </div>
    <div id="content">
        <?php 
if (isset($_GET['user_id'])) {
    try {
        // Establishing a connection to the database
        $conn = new DBCommunication();
        // Get the ID of which user's page to display
        $user_id = $_GET['user_id'];
        // Run query to get information about the user.
        $query = "SELECT * FROM whwp_User WHERE user_id = :user_id";
        $conn->prepQuery($query);
        $conn->bind('user_id', $user_id);
        $user = $conn->single();
        $username = $user->user_firstname;
        echo "The page of " . $username;
        // Set the target as a private message receiver
        $_SESSION['target_id'] = $user_id;
        // If the user is not in his own page - displaay the link to PM
        if (isset($_SESSION['user_id']) && $_SESSION['user_id'] !== $user_id) {
            echo "<a href='send_message.php'><img src='images/pm.png' id='pm' alt='Private Message' title='Private Message'/></a>";
        }
        // Query to get all the ads from the user, whose page is accessed.
        $query = "SELECT * FROM whwp_Advert WHERE advert_owner = :user_id";
        $conn->prepQuery($query);
        $conn->bind('user_id', $user_id);
        $ad = $conn->resultset();
        $countAds = $conn->rowCount();
        if ($countAds == 0) {