<?php //Authors: Joseph Smith and Christopher Bowen session_start(); //Start the session if (!isset($_SESSION['name'])) { header("location:login.php?msg=You must log in to access this page."); } else { header('Content-Type: text/html; charset=utf-8'); } // Query the database for the current user's priveleges // Store the user type for later use $db = new SQLITE3('SQLiteDB/OfficeLayout.db', SQLITE3_OPEN_READONLY); $query = 'SELECT userType FROM User Where Username=:username'; $statement = $db->prepare($query); $statement->bindParam(':username', $_SESSION['name'], SQLITE3_TEXT); $result = $statement->execute(); if (!$result) { $statement->close(); $db->close(); die('Query could not be executed.'); } $row = $result->fetchArray(SQLITE3_ASSOC); $result->finalize(); $statement->close(); $db->close(); ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
$search_text = $_REQUEST['search_text']; $filter = $_REQUEST['filter']; // Initial SELECT query string without any filtering. This will be concatenated // with filtering constraints if the user has selected any. $query_text = "SELECT EmployeeID, CubicleNumber, FirstName, LastName, DeptName, Email, Phone FROM Personnel WHERE"; // Split the text in the search boxes by commas. // This is in case the user wishes to search for multiple items. $exploded_string = explode(",", $search_text); for ($i = 0; $i < count($exploded_string); $i++) { $query_text = generate_query($query_text, $db->escapeString($exploded_string[$i]), $filter); if ($i < count($exploded_string) - 1) { $query_text .= " OR"; } } // Query the database for all matches with our search constraints. $statement = $db->prepare($query_text); $results = $statement->execute(); $have_result = false; // Display the search results by echoing back HTML to the AJAX/Javascript, // which will display the results to the user in plain text. while ($results_row = $results->fetchArray(SQLITE3_ASSOC)) { $have_result = true; echo "<p id=\"search_result\"><strong>"; echo $results_row['FirstName']; echo " "; echo $results_row['LastName']; echo "</strong><br />"; echo "Department: " . $results_row['DeptName']; echo "<br />"; echo "Cubicle #: " . $results_row['CubicleNumber']; echo "<br />";