public function view() { if ($this->isValidating()) return $this->validate(RT_JSON); if ($this->isPosting() && $_POST['form']=='signinForm') return $this->processPost(); $ret = session_start(); if (getLoggedInUsername() != '') { echo('Welcome! '.getLoggedInUsername()); echo('<p/><a href="/sign-out">Sign out</a>'); } else { // show Signin Form $v = $this->smarty; $v->setTemplateDir(BASEEXT.'/authentication/view'); $this->display($v, 'signin_form.html'); } }
public function view() { if ($this->isPosting()) { return $this->processPost(); } session_start(); if (getLoggedInUsername() != '') { if (isset($this->params[0])) { $viewToEdit = $this->params[0]; $viewPath = BASEVIEW . '/' . currentViewDir() . '/' . $viewToEdit; if (file_exists($viewPath)) { $viewContent = file_get_contents($viewPath); if (isDemoMode()) { $viewContent .= "<p/><b>Demo Mode: This page is set to readonly in demo mode.</b>"; } } $html = file_get_contents_with_vars(BASEEXT . '/editor/page_editor.html', array('{$viewFile}' => $viewToEdit, '{$viewContent}' => $viewContent)); echo $html; } } else { echo ''; } }
function genUserBar() { if (loggedIn()) { ?> <!--including script here bad? where should we then?--> <script src="js/user.js"></script> <div id = "loginDiv"> <div id = "innerLoginDiv"> Welcome <?php echo getLoggedInUsername(); ?> ! <button id = 'buttonMyBooks' onClick="document.location.href='mybooks.php'">My Books</button> <button id = 'buttonLogout' onclick = "logout()"> Logout </button> </div> </div> <?php } else { ?> <!--including script here bad? where should we then?--> <script src="js/user.js"></script> <!--TODO: build css file for this--> <div id = "loginDiv"> <div id = "innerLoginDiv"> Username: <input id = 'usernameInput' type='text' maxlength='30' value=''/> Password: <input id = 'passwordInput' type='password' maxlength='30' value=''/> <button id = 'buttonLogin' onclick='login()'> Login </button> <form id = "signUpForm" action="signup.php"> <input type="submit" value="Sign Up"> </form> </div> </div> <?php } }
function insertNewBook() { require 'connector.php'; //TODO: no serverside validation. $generalWithISBN = mysqli_query($con, 'SELECT isbn FROM bookgeneral WHERE isbn="' . $_POST['isbn'] . '"'); if ($generalWithISBN->num_rows < 1) { error_log('GENERAL INSERT RUNNING. VALUES:', 0); error_log('====================================', 0); error_log('isbn: ' . $_POST['isbn'], 0); error_log('title: ' . $_POST['title'], 0); error_log('description: ' . $_POST['description'], 0); error_log('category: ' . $_POST['category'], 0); $generalSQL = 'INSERT INTO bookgeneral VALUES("' . $_POST['isbn'] . '","' . $_POST['title'] . '","' . $_POST['description'] . '","' . $_POST['category'] . '");'; error_log('GENERAL SQL: ' . $generalSQL, 0); //isbn imageName description if (!mysqli_query($con, $generalSQL)) { error_log('Error: Insert into bookgeneral failed.', 0); return false; } } $username = getLoggedInUsername(); error_log('SPECIFIC INSERT RUNNING. VALUES:', 0); error_log('------------------------------------', 0); error_log('isbn: ' . $_POST['isbn'], 0); error_log('price: ' . $_POST['title'], 0); error_log('condition: ' . $_POST['description'], 0); error_log('username: '******'datafile']['error'] === UPLOAD_ERR_OK) { $specificSQL = 'INSERT INTO bookspecific (isbn, price, bookCondition, status, ownerUsername, imageName) ' . 'VALUES("' . $_POST['isbn'] . '",' . $_POST['price'] . ',"' . $_POST['condition'] . '","available","' . $username . '","' . 'tempValue' . '");'; error_log('SPECIFIC SQL: ' . $specificSQL, 0); //save specific image details if (!mysqli_query($con, $specificSQL)) { error_log('Error: Insert into bookspecific failed.', 0); return false; } else { //get id for specific $id = $con->insert_id; if (!$id) { error_log('Error: Previous insert id is undefined!', 0); return false; } //copy image to directory $info = pathinfo($_FILES['datafile']['name']); $ext = $info['extension']; // get the extension of the file $newname = strval($id) . "." . $ext; //update temp value $updateSQL = 'UPDATE bookspecific SET imageName= "' . $newname . '" WHERE id = ' . strval($id) . ';'; if (!mysqli_query($con, $updateSQL)) { error_log('Error: Update imagename of bookspecific failed.', 0); return false; } $target = 'images/' . $newname; move_uploaded_file($_FILES['datafile']['tmp_name'], $target); } } else { error_log('Error: Image Upload Failed', 0); return false; } return true; }
function genBody() { if (!loggedIn()) { ?> You are not logged in. Login before looking at your books. How did you even get here? <?php return; } ?> <div class = 'outerDiv'> <table id = 'bookTable' class = 'bookTable'> <tr> <th class = "tableElementFirst">Title</th> <th class = "tableElement">Description</th> <th class = "tableElement">Category</th> <th class = "tableElement">ISBN</th> <th class = "tableElement">Asking Price</th> <th class = "tableElement">Condition</th> <th class = "tableElement">Status</th> <th class = "tableElement">Operations</th> <th class = "tableElementLast">Picture</th> </tr> <?php require 'connector.php'; $ownerUsername = getLoggedInUsername(); error_log('Username:'******'SELECT * FROM bookspecific WHERE ownerUsername="******"'; $books = mysqli_query($con, $specificSQL); if (!$books) { error_log('SPECIFIC QUERY FAILED WITH SQL: ' . $specificSQL, 0); } $pos = 0; while ($book = mysqli_fetch_object($books)) { $generalSQL = 'SELECT * FROM bookgeneral WHERE isbn="' . $book->isbn . '"'; $booksg = mysqli_query($con, $generalSQL); if (!$booksg) { error_log('GENERAL QUERY FAILED WITH SQL: ' . $generalSQL, 0); } // not optimal while ($bookg = mysqli_fetch_object($booksg)) { //draw book echo '<tr>'; echo '<td class = "tableElementFirst">' . $bookg->title . '</td>'; echo '<td class = "tableElement">' . $bookg->description . '</td>'; echo '<td class = "tableElement">' . $bookg->category . '</td>'; echo '<td class = "tableElement">' . $bookg->isbn . '</td>'; echo '<td class = "tableElement">' . $book->price . '</td>'; echo '<td class = "tableElement">' . $book->bookCondition . '</td>'; if ($book->status == 'reserved') { $orderSQL = 'SELECT * FROM orders WHERE bookId="' . $book->id . '"'; $orders = mysqli_query($con, $orderSQL); if (!$orders) { error_log('ERROR: ' . $orderSQL . '" failed to exetute', 0); } $order = mysqli_fetch_object($orders); error_log('clientUsername:'******'SELECT username, name, lastName, email, phone FROM client WHERE username ="******";'; $clients = mysqli_query($con, $clientSQL); if (!$clients) { error_log('ERROR: "' . $clientSQL . '" failed to exetute', 0); } while ($client = mysqli_fetch_object($clients)) { error_log("Client Client username: '******' Order Client Username '" . $order->clientUsername . "'", 0); if (trim($client->username) === trim($order->clientUsername)) { $name = $client->name; $lname = $client->lastName; $email = $client->email; $phone = $client->phone; echo '<td class = "tableElement">' . $book->status . '</br>By ' . $name . ' ' . $lname . '</br>' . 'Email: ' . $email . '</br>Telephone: ' . $phone . '</td>'; echo '<td class = "tableElement"><button onclick = "deleteBook(' . $book->id . ',' . $pos . ')">Delete</button><br><button onclick = "unreserveBook(' . $book->id . ',' . $pos . ')">Unreserve</button></td>'; } } } else { echo '<td class = "tableElement">' . $book->status . '</td>'; echo '<td class = "tableElement"><button onclick = "deleteBook(' . $book->id . ',' . $pos . ')">Delete</button></td>'; } echo '<td class = "tableElementLast"> <img class = "imgTable" src = images/' . $book->imageName . '></img></td>'; echo '</tr>'; } $pos = $pos + 1; } ?> </table> </div> <?php }