//YES WE FOUND A MATCH! if ($count > 0) { $query2 = "SELECT role, userId FROM tbl_users\r\n\t\t\t\t\t\t WHERE username = '******'"; $result = mysqli_query($conn, $query2) or die("Error in query: " . mysqli_error($conn)); $row2 = mysqli_fetch_row($result); $role = $row2[0]; $userId = $row2[1]; header("Location:index.php"); if ($role == 'admin') { $_SESSION['admin'] = true; //Create a session for the admin $_SESSION['username'] = $username; $_SESSION['userId'] = $userId; $_SESSION['dateTime'] = $date; write_mysql_log($_SESSION['username'] . " successfully logged in!", $conn); //write log } else { $_SESSION['registered'] = true; //Create a session for the user $_SESSION['username'] = $username; $_SESSION['userId'] = $userId; $_SESSION['dateTime'] = $date; write_mysql_log($_SESSION['username'] . " successfully logged in!", $conn); } } else { $loginFailed = "Incorrect username and/or password"; $_SESSION['loginFailed'] = $loginFailed; write_mysql_log("Login failed!", $conn); } } }
//Variables from the form $title = $_POST['title']; $content = $_POST['content']; $file = $_FILES['file']['name']; //Check to see if the user left any space empty! if ($title == "" || $content == "") { echo "Please fill all the fields!"; } else { if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"]; } else { //write image details to log write_mysql_log("Upload: " . $_FILES["file"]["name"], $conn); write_mysql_log("Type: " . $_FILES["file"]["type"], $conn); write_mysql_log("Size: " . $_FILES["file"]["size"] / 1024, $conn); write_mysql_log("Stored in: " . $_FILES["file"]["tmp_name"], $conn); //move image from temp location to images folder $final_save_dir = 'images/'; move_uploaded_file($_FILES['file']['tmp_name'], $final_save_dir . $_FILES['file']['name']); $image = $final_save_dir . $_FILES['file']['name']; $query2 = "UPDATE tbl_articles SET title='{$title}', content='{$content}', imgPath='{$image}' \r\n\t\t\t\t\t\t\t\t WHERE articleId='{$artId}'"; $result2 = mysqli_query($conn, $query2) or die(mysqli_error($conn)); header("Location:page.php"); } } } else { //getting article Id which was passed from in page.php in link and can be seen in URL $query = "SELECT * FROM tbl_articles WHERE articleId = '{$artId}'"; $result = mysqli_query($conn, $query) or die("Error in query: " . mysqli_error($conn)); $row = mysqli_fetch_assoc($result); ?>
<?php /** * The logout template file * */ session_start(); require_once "functions.php"; $conn = connectToMySQL(); //grabbing the username from the session if (isset($_SESSION['username'])) { write_mysql_log($_SESSION['username'] . " successfully logged out!", $conn); } header("Location:index.php"); //destroying the session $_SESSION = array(); session_destroy();
<?php /** * The posts template file * */ include "header.php"; require_once "functions.php"; if (isset($_SESSION['admin'])) { $conn = connectToMySQL(); //getting article Id which was passed from in page.php in link and can be seen in URL if (isset($_GET['artId'])) { $artId = $_GET['artId']; } //deleting selected article from the database $query = "DELETE FROM tbl_articles WHERE articleId = '{$artId}'"; $result = mysqli_query($conn, $query) or die("Error in query: " . mysqli_error($conn)); write_mysql_log($_SESSION['username'] . " successfully deleted an article!", $conn); header("Location:page.php"); include "sidebar.php"; include "footer.php"; } else { header("Location:404.php"); }
<?php /** * The article comments template file * */ session_start(); require_once "functions.php"; $conn = connectToMySQL(); if (isset($_GET['artId'])) { $artId = $_GET['artId']; } if (isset($_POST['submit'])) { //Variables from the form $comment = $_POST['comment']; //Check to see if the user left any space empty! if ($comment == "") { echo "Please fill all the fields!"; } else { //Inserting the comment into the database $query = "INSERT INTO tbl_comments (comment, articleId, userId)\r\n\t\t\t\t\t VALUES ('{$comment}', '{$artId}', '{$_SESSION['userId']}')"; $result = mysqli_query($conn, $query) or die("Error in query: " . mysqli_error($conn)); write_mysql_log("User successfully posted a comment!", $conn); header("Location:index.php"); } }
echo "You have entered an invalid email!"; } else { //check to see if username exists $query = "SELECT count(*) FROM tbl_users \r\n\t\t\t\t\t WHERE username='******'"; $result = mysqli_query($conn, $query) or die("Error in query: " . mysqli_error($conn)); $row = mysqli_fetch_row($result); $count = $row[0]; //if the username exists if ($count > 0) { $failedRegistration = "Incorrect username and/or password"; $_SESSION['failedRegistration'] = $failedRegistration; write_mysql_log("Registration unsuccessful!", $conn); } else { $query2 = "INSERT INTO tbl_users (username, email, password, role)\r\n\t\t\t\t\t\t VALUES ('{$username}', '{$email}', sha1('{$password}'), 'registered')"; $result2 = mysqli_query($conn, $query2) or die("Error in query: " . mysqli_error($conn)); write_mysql_log("Registration successful!", $conn); header("Location:index.php"); } } } } } } else { ?> <article id="register"> <form action="register.php" method="post" onsubmit="return validate(this);"> <label for="email">Email: </label> <br /> <input type="text" id="email" name="email"> <br /> <label for="username">Username: </label> <br /> <input type="text" id="registerUsername" name="username"> <br /> <label for="password">Password: </label> <br />