if (!isset($_SESSION['user_id'])) { echo "You need to log in first!"; header("refresh:3;url=login.php"); } else { // Check who is logged in $user_id = $_SESSION['user_id']; // Get the message id that the user wishes to open $message_id = $_GET['message_id']; try { // Establishing a connection to the database $conn = new DBCommunication(); // Query to get a message $query = "SELECT * FROM whwp_Message WHERE :user_id = message_recipient "; $conn->prepQuery($query); $conn->bind('user_id', $user_id); $message = $conn->single(); //$sender_id = $message -> receiver_id; // Check if the specified message belongs to the logged in user //if($user_id == $sender_id) //{ $sender_id = $message->message_sender; // Query to get the sender's username. $query = "SELECT user_firstname FROM whwp_User WHERE user_id = :user"; $conn->prepQuery($query); $conn->bind('user', $sender_id); $resultset = $conn->single(); // Get and output all the details. $sender = $resultset->user_firstname; $title = $message->message_subject; $message_text = $message->message_content; $date = $message->message_date;
} ?> <?php $receiver = ""; if (!isset($_SESSION['target_id'])) { echo "Invalid request"; } else { $receiver_id = $_SESSION['target_id']; // Establishing a connection to the database try { $conn = new DBCommunication(); $query = "SELECT whwp_User.user_firstname FROM whwp_User WHERE whwp_User.user_id = :receiver_id"; $conn->prepQuery($query); $conn->bind('receiver_id', $receiver_id); $username = $conn->single(); $receiver = $username->user_firstname; } catch (PDOException $e) { echo 'Something went wrong'; } } ?> <div class="container" id="userContent"> <div class="row"> <div class="col-lg-3"> <div class="panel panel-default"> <div class="panel-heading">My Account </div> <div class="panel-body"> <ul class="nav nav-list"> <li class="usermenuActive"><a href="userSettings.php"><i class="glyphicon glyphicon-user"></i> Edit profile</a>
</div> <div id="content"> <?php // Getting the id of the advertisement $advert_id = $_GET['advert_id']; // Getting the id of the logged in user if he is logged in. if (isset($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; } try { // Establishing a connection to the database $conn = new DBCommunication(); $query = "SELECT * FROM whwp_Advert, whwp_User " . "WHERE whwp_Advert.advert_id = :advert_id " . "AND whwp_User.user_id = whwp_Advert.advert_owner"; $conn->prepQuery($query); $conn->bind('advert_id', $advert_id); $resultset = $conn->single(); $price = $resultset->advert_price; $title = $resultset->advert_bookname; //$image = $resultset -> image; $author = $resultset->advert_bookauthor; $user = $resultset->advert_owner; $username = $resultset->user_firstname; //$description = $resultset -> description; $query = "SELECT whwp_Image.image_location FROM whwp_Advert " . "JOIN whwp_AdImage ON whwp_Advert.advert_id = whwp_AdImage.adimage_advert " . "JOIN whwp_Image ON whwp_AdImage.adimage_image = whwp_Image.image_id " . "WHERE whwp_Advert.advert_id = :advert_id"; $conn->prepQuery($query); $conn->bind('advert_id', $advert_id); $image = $conn->resultset(); foreach ($image as $element) { echo "<img src = itemPhotos/" . $element->image_location . " alt=" . $title . " title=" . $title . "<br/>"; } echo "Price: " . $price . "<br/>";
session_start(); require 'DBCommunication.php'; require 'crypting.php'; header('Content-type: application/json'); $response_array = array('success' => false, 'error_code' => array(), 'message' => ''); try { if (isset($_POST['password']) && isset($_SESSION['user_id'])) { $conn = new DBCommunication(); $conn->beginTransaction(); $user_id = $_SESSION['user_id']; $password = $_POST['password']; $query = "SELECT user_password FROM whwp_User WHERE user_id = :user_id"; $conn->prepQuery($query); $conn->bind('user_id', $user_id); $password_hash = $conn->single(); if (password_verify($password, $password_hash->user_password)) { if (password_needs_rehash($password_hash->user_password, PASSWORD_DEFAULT)) { $new_hash = password_hash($password, PASSWORD_DEFAULT); $query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_id=(:user_id)"; $conn->prepQuery($query); $conn->bindArrayValue(array('hashed_password' => $new_hash, 'user_id' => $user_id)); $conn->execute(); } if (isset($_POST['email'])) { if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { array_push($response_array['error_code'], 5); } else { $query = "UPDATE whwp_User SET user_email = :email WHERE user_id = :user_id"; $conn->prepQuery($query); $email = encrypt($_POST['email']);
<?php session_start(); require 'DBCommunication.php'; header('Content-type: application/json'); $response_array = array('success' => false, 'error_code' => 0, 'message' => ''); try { // Connect to the database $conn = new DBCommunication(); $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM whwp_User WHERE user_username = :username"; $conn->prepQuery($query); $conn->bind('username', $username); if ($user = $conn->single()) { if (password_verify($password, $user->user_password)) { if (password_needs_rehash($user->user_password, PASSWORD_DEFAULT)) { $new_hash = password_hash($password, PASSWORD_DEFAULT); $query = "UPDATE whwp_User SET user_password=(:hashed_password) WHERE user_username=(:username)"; $conn->prepQuery($query); $conn->bindArrayValue(array('hashed_password' => $new_hash, 'username' => $user->username)); $conn->execute(); } // echo "Congratulations! You have logged in on our website!"; $_SESSION['user_id'] = $user->user_id; $_SESSION['username'] = $user->user_username; $user_id = $_SESSION['user_id']; if (isset($_POST['rememberme'])) { $identifier = hash('md5', $username); $randomString = openssl_random_pseudo_bytes(64); $token = bin2hex($randomString);
<?php session_start(); require 'includes/DBCommunication.php'; if (isset($_COOKIE['Books4Cash'])) { try { $database = new DBCommunication(); $explodedCookie = explode(",", $_COOKIE['Books4Cash']); $identifier = $explodedCookie[0]; $token = $explodedCookie[1]; $query = "SELECT user_username, user_token FROM whwp_User WHERE user_indentifier = :identifier"; $database->prepQuery($query); $database->bind('identifier', $identifier); $user = $database->single(); if ($database->rowCount() > 0) { $username = $user->user_username; $user_token = $user->user_token; if ($token == $user_token) { $_SESSION['username'] = $username; } } } catch (PDOException $e) { } } ?> <!DOCTYPE html> <html lang="en"> <head> <link rel="Stylesheet" type="text/css" href="css/bootstrap.min.css"/> <link rel="Stylesheet" type="text/css" href="css/style.css"/> <link rel="Stylesheet" type="text/css" href="css/animate.css"/>
<?php // Getting the id of the advertisement $search_term = ""; if (isset($_GET['search'])) { $search_term = $_GET['search']; $search_string = "%" . $_GET['search'] . "%"; if (!empty($search_term)) { try { // Establishing a connection to the database $conn = new DBCommunication(); // Run the query. $query = "SELECT DISTINCT COUNT(*) as count FROM whwp_Advert, whwp_AdTag, whwp_Tag " . "WHERE whwp_Tag.tag_description LIKE :search_string " . "AND whwp_Tag.tag_id = whwp_AdTag.adtag_tag " . "AND whwp_AdTag.adtag_advert = whwp_Advert.advert_id"; $conn->prepQuery($query); $conn->bind('search_string', $search_string); // Counts how many results were returned from the search. $count = $conn->single()->count; if ($count == 1) { echo "Your search provided 1 result"; } else { echo "Your search provided " . $count . " results"; } // Paging system if (isset($_GET["page"])) { $page = $_GET["page"]; $search_term = $_GET["search"]; } else { //$page = 10; $page = 1; header("location:search.php?search={$search_term}&Search=Search&page=1"); } // Determine which results to show in which page.
} ?> </div> <div id="content"> <?php if (isset($_GET['user_id'])) { try { // Establishing a connection to the database $conn = new DBCommunication(); // Get the ID of which user's page to display $user_id = $_GET['user_id']; // Run query to get information about the user. $query = "SELECT * FROM whwp_User WHERE user_id = :user_id"; $conn->prepQuery($query); $conn->bind('user_id', $user_id); $user = $conn->single(); $username = $user->user_firstname; echo "The page of " . $username; // Set the target as a private message receiver $_SESSION['target_id'] = $user_id; // If the user is not in his own page - displaay the link to PM if (isset($_SESSION['user_id']) && $_SESSION['user_id'] !== $user_id) { echo "<a href='send_message.php'><img src='images/pm.png' id='pm' alt='Private Message' title='Private Message'/></a>"; } // Query to get all the ads from the user, whose page is accessed. $query = "SELECT * FROM whwp_Advert WHERE advert_owner = :user_id"; $conn->prepQuery($query); $conn->bind('user_id', $user_id); $ad = $conn->resultset(); $countAds = $conn->rowCount(); if ($countAds == 0) {