<?php
require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'bootstrap.php';
// check if there is query string with book id. If not, redirect.
if (Input::exists('get') === false || Input::found('id') === false) {
Redirect::to('index.php');
}
if (Token::check(Input::get('token'))) {
//delete book from database
$bookManager = new BookManage();
$bookManager->delete(Input::get('id'));
/**
*
* The following block of code if responsible for deleting book cover
*
**/
$destination = dirname(__DIR__) . DIRECTORY_SEPARATOR . Config::get('upload_book_cover/default_folder');
// adding trailing slash if there isn't one
if ($destination[strlen($destination) - 1] != '/') {
$destination .= '/';
}
// find the file by given name no mater what extension it has and delete it
$pattern = $destination . Input::get('id') . '.*';
$file = glob($pattern)[0];
unlink($file);
$logMessage = 'Книга удалена (' . Input::get('id') . ')';
Log::getInstance()->message($logMessage, 'book_manage');
Session::flash('home', 'Товар удален из каталога');
Redirect::to('manage.php');
} else {
Session::flash('home', 'Неправильный токен');
/**
* establish error handler outside the following if block because
* of a need to output error information to the user
**/
$errorHandler = new ErrorHandler();
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validator = new Validate($errorHandler);
$validator->check($_POST, ['address' => ['required' => true, 'minLength' => 5, 'maxLength' => 240], 'customer_name' => ['required' => true, 'minLength' => 8, 'maxLength' => 120], 'quantity' => ['digit' => true], 'info' => ['maxLength' => 600]]);
/**
* Google reCAPTCHA check (if enabled in config.ini)
**/
if ($recaptchaEnabled) {
$reCaptcha = new ReCaptcha(Config::get('google_recaptcha/secret_key'));
// Was there a proper reCAPTCHA response?
if (Input::found('g-recaptcha-response')) {
$response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], Input::get('g-recaptcha-response'));
} else {
$response = null;
}
if ($response === null || $response->success !== true) {
$message = 'Пожалуйста, подтвердите, что вы не робот.<span class="smile">☺</span>';
$errorHandler->addError($message, 'recaptcha');
}
}
// continue only if there aren't any errors
if ($errorHandler->hasErrors() === false) {
$phpmailer = new PHPMailer();
$mailer = new Mail($errorHandler, $phpmailer);
/*===========================================================
= Composing email with customer order =
$library = $bookSelector->loadLibrary($limit);
}
}
}
/**
* Find out the name of current php file to use in links with query string
* A bit of explanation: PHP_SELF isn't good due to being vulnerable to XSS
**/
$current = basename(__FILE__);
// generate controls to navigate through different pages
$controls = '';
if ($last != 1) {
// Define possible contexts for pagination
$specifiers = ['author', 'genre', 'title'];
foreach ($specifiers as $specifier) {
if (Input::exists('get') && Input::found($specifier)) {
$specifier = $specifier . '=' . Input::get($specifier) . '&';
break;
// otherwise we will end up with empty specifier
} else {
$specifier = '';
}
}
$controls = '<div class="controls"><ul>';
/**
* First we check if we are on the page one. If we are then we don't need a
* link to the previous page or the first page so we do nothing. If we aren't
* then we generate links to the first page, and to the previous page.
**/
if ($page > 1) {
$previous = $page - 1;
// we need to include header first because of search functionality
$pageTitle = 'BkShp| Изменить';
include dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR . 'header.php';
if (Input::exists('get') && Input::found('id')) {
$sql = 'SELECT id, name, name_secondary FROM author WHERE id = ?;';
$author = Database::getInstance()->query($sql, [Input::get('id')])->first();
if ($author === false) {
Session::flash('home', 'Автора с указанным id(' . Input::get('id') . ') не существует');
Redirect::to('manage.php');
}
} else {
Session::flash('home', 'Не указан автор для редактирования');
Redirect::to('manage.php');
}
$errorHandler = new ErrorHandler();
if (Input::found('submit')) {
if (Token::check(Input::get('token'))) {
$validator = new Validate($errorHandler);
$validator->check($_POST, ['name' => ['required' => true, 'minLength' => 3, 'maxLength' => 60], 'name_secondary' => ['minLength' => 3, 'maxLength' => 60]]);
if ($errorHandler->hasErrors() === false) {
$data = ['name' => Input::get('name'), 'name_secondary' => Input::get('name_secondary')];
$update = Database::getInstance()->update('author', $author->id, $data)->count();
if ($update > 0) {
$message = 'Информация об авторе(' . $author->name . ', ' . $author->id . ') была отредактирована.';
Log::getInstance()->message($message, 'book_manage');
Session::flash('home', $message);
} else {
Session::flash('home', 'Информация об авторе(' . $author->name . ', ' . $author->id . ') осталась неизмененной.');
}
Redirect::to('manage.php');
}
<?php
require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'bootstrap.php';
// we need to include header first because of search functionality
$pageTitle = 'BkShp| Изменить';
include dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR . 'header.php';
// check if there is query string with book id and if it's valid. Load book data.
if (Input::exists('get') && Input::found('id')) {
$bookSelector = new BookSelect();
$id = Input::get('id');
$book = $bookSelector->getBook($id, true);
if ($book === false) {
Session::flash('home', 'Книги с указанным id(' . Input::get('id') . ') не существует');
Redirect::to('manage.php');
}
} else {
Session::flash('home', 'Не указана книга для редактирования');
Redirect::to('manage.php');
}
/**
* There isn't a way to properly check if uploaded file exceeds post_max_size
* limit in php.ini, so we validate $_SERVER['CONTENT_LENGTH'] to avoid unnecessary
* warnings and to make overall experience a bit more user friendly
**/
$postMaxSize = Info::convertToBytes(ini_get('post_max_size'));
if (isset($_SERVER['CONTENT_LENGTH']) && $_SERVER['CONTENT_LENGTH'] > $postMaxSize) {
Session::flash('home', 'Вы пытаетесь загрузить слишком большой файл.');
Redirect::to();
}
$errorHandler = new ErrorHandler();
if (Input::exists()) {
<?php
require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'bootstrap.php';
if (Input::exists('get') && Input::found('search')) {
if (Input::found('search_category') && Input::found('search_id')) {
if (Input::get('search_category') === 'book') {
Redirect::to('book.php?id=' . Input::get('search_id'));
} else {
Redirect::to('index.php?' . Input::get('search_category') . '=' . Input::get('search_id'));
}
}
Redirect::to('index.php?title=' . Input::get('search'));
}
$defaultTitle = 'Bookshop';
$defaultDescription = 'Продаем художественную, учебную и другую литературу с доставкой
на дом. Николаев.';
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="google" content="notranslate">
<title><?php
echo isset($pageTitle) ? $pageTitle : $defaultTitle;
?>
</title>
<meta name="description" content="<?php
echo isset($pageDescription) ? $pageDescription : $defaultDescription;
?>
">
require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'bootstrap.php';
$pageTitle = 'BkShp| Управление';
include dirname(__DIR__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR . 'header.php';
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
if (Input::found('book_edit')) {
$sql = 'SELECT id FROM book WHERE title = ?;';
$id = Database::getInstance()->query($sql, [Input::get('book_edit')])->first()->id;
if (isset($id) == false) {
$input = Input::escape(Input::get('book_edit'));
Session::flash('home', 'Книги под названием "' . $input . '" не существует');
Redirect::to();
}
Redirect::to('editbook.php?id=' . $id);
}
if (Input::found('author_edit')) {
$sql = 'SELECT id FROM author WHERE name = ?;';
$id = Database::getInstance()->query($sql, [Input::get('author_edit')])->first()->id;
if (isset($id) == false) {
$input = Input::escape(Input::get('author_edit'));
Session::flash('home', 'Автора под именем "' . $input . '" не существует');
Redirect::to();
}
Redirect::to('editauthor.php?id=' . $id);
}
}
}
// there would be 2 forms on this page so we need to generate anti-csrf token beforehand
$token = Token::generate();
?>
<div class="wrapper">
