2017-02-06 21:55:36 +01:00
|
|
|
<?php
|
|
|
|
require('db.php');
|
2017-02-14 21:06:51 +01:00
|
|
|
// the function which varifies a users credentials
|
|
|
|
// against the database
|
2017-02-06 21:55:36 +01:00
|
|
|
function login ()
|
|
|
|
{
|
|
|
|
session_start();
|
|
|
|
if (isset($_REQUEST['username'])) {
|
2017-02-17 13:52:36 +01:00
|
|
|
//Checking if the user exists in the database or not
|
2017-02-06 21:55:36 +01:00
|
|
|
global $con;
|
|
|
|
$username = stripslashes($_REQUEST['username']);
|
|
|
|
//escapes special characters in a string
|
|
|
|
$username = mysqli_real_escape_string($con,$username);
|
2017-02-17 13:52:36 +01:00
|
|
|
global $current_user;
|
|
|
|
$current_user = $username;
|
2017-02-06 21:55:36 +01:00
|
|
|
$password = stripslashes($_REQUEST['password']);
|
|
|
|
$password = mysqli_real_escape_string($con,$password);
|
|
|
|
$query = "SELECT * FROM users WHERE userLogin='$username'
|
|
|
|
and userPass='$password'";
|
2017-02-06 22:34:20 +01:00
|
|
|
$result = mysqli_query($con,$query) or die(mysqli_error());
|
2017-02-06 21:55:36 +01:00
|
|
|
$rows = mysqli_num_rows($result);
|
|
|
|
if ($rows==1) {
|
|
|
|
$_SESSION['username'] = $username;
|
|
|
|
// Redirect user to home.php
|
|
|
|
header("Location: home.php");
|
|
|
|
} else {
|
|
|
|
echo "<h3>Username/password is incorrect.</h3>";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-02-14 21:06:51 +01:00
|
|
|
|
|
|
|
// A function to register a new user
|
2017-02-06 21:55:36 +01:00
|
|
|
function register ()
|
|
|
|
{
|
|
|
|
if (isset($_REQUEST['username'])) {
|
|
|
|
global $con;
|
|
|
|
// removes backslashes
|
|
|
|
$username = stripslashes($_REQUEST['username']);
|
|
|
|
//escapes special characters in a string
|
|
|
|
$username = mysqli_real_escape_string($con,$username);
|
|
|
|
$email = stripslashes($_REQUEST['email']);
|
|
|
|
$email = mysqli_real_escape_string($con,$email);
|
|
|
|
$password = stripslashes($_REQUEST['password']);
|
|
|
|
$password = mysqli_real_escape_string($con,$password);
|
|
|
|
$query = "INSERT into users (userLogin, userPass, userEmail)
|
|
|
|
VALUES ('$username', '$password', '$email')";
|
|
|
|
$result = mysqli_query($con,$query);
|
2017-02-14 21:06:51 +01:00
|
|
|
// checks if the username or email addresse is already taken
|
2017-02-06 21:55:36 +01:00
|
|
|
if ($result) {
|
|
|
|
echo "<div class='form'>
|
|
|
|
<h3>You are registered successfully.</h3>
|
|
|
|
<br/>Click here to <a href='index.php'>Login</a></div>";
|
2017-02-14 21:06:51 +01:00
|
|
|
} elseif (mysqli_errno($con) == 1062) {
|
|
|
|
echo "<h3>Username or Email already taken.</h3>";
|
2017-02-06 21:55:36 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-02-16 19:38:45 +01:00
|
|
|
|
2017-02-17 10:35:25 +01:00
|
|
|
//A function to read out the userId of the current user
|
|
|
|
function get_userid ($con)
|
|
|
|
{
|
|
|
|
global $con;
|
2017-02-17 13:52:36 +01:00
|
|
|
session_start();
|
|
|
|
$username = $_SESSION['username'];
|
2017-02-17 10:35:25 +01:00
|
|
|
$sql = "select userId from users where userLogin = '$username'";
|
|
|
|
$userId = mysqli_query($con, $sql) or die(mysqli_error($con));
|
2017-02-17 13:52:36 +01:00
|
|
|
$row = $userId->fetch_object();
|
|
|
|
return $row->userId;
|
2017-02-17 10:35:25 +01:00
|
|
|
}
|
|
|
|
|
2017-02-16 19:38:45 +01:00
|
|
|
// A function to post a demand
|
|
|
|
function pbinsert ($con)
|
|
|
|
{
|
|
|
|
if (isset($_POST['submit'])) {
|
|
|
|
global $con;
|
2017-02-17 10:35:25 +01:00
|
|
|
$userId = get_userid($con);
|
2017-02-16 19:38:45 +01:00
|
|
|
$piecesMax = $_POST['piecesMax'];
|
|
|
|
$piecesMin = $_POST['piecesMin'];
|
|
|
|
$date = $_POST['date'];
|
|
|
|
$text = $_POST['text'];
|
|
|
|
// Inserts Data into Database
|
2017-02-17 13:52:36 +01:00
|
|
|
$sql = "INSERT INTO demands ( piecesMax, piecesMin, text, date, userId)
|
|
|
|
VALUES ('$piecesMax', '$piecesMin', '$text', '$date', '$userId')";
|
2017-02-16 19:38:45 +01:00
|
|
|
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// A function to insert the own posts from the database into the webside
|
|
|
|
function pbget($con)
|
|
|
|
{
|
|
|
|
global $con;
|
2017-02-17 10:07:20 +01:00
|
|
|
$sql = "SELECT * FROM demands";
|
2017-02-16 19:38:45 +01:00
|
|
|
$result = mysqli_query($con, $sql);
|
2017-02-17 13:52:36 +01:00
|
|
|
while ($row = $result->fetch_assoc()) {
|
|
|
|
echo "<div class='post-box'><p>";
|
2017-02-16 19:38:45 +01:00
|
|
|
echo $row['date'] . "<br>";
|
|
|
|
echo $row['text'] ."<br>" , "<br /> Maximum<br/>";
|
|
|
|
echo $row['piecesMax'] ."<br /> Minimum<br/>";
|
|
|
|
echo $row['piecesMin'];
|
2017-02-17 13:52:36 +01:00
|
|
|
echo "</p>
|
|
|
|
<form class= 'delete-form' method= 'POST' action='".deletepost($con)."'>
|
|
|
|
<input type='hidden' name='demandId' value='".$row['demandId']."'>
|
|
|
|
<button type='submit' name= 'deletepost'> Delete</button>
|
2017-02-16 22:47:16 +01:00
|
|
|
</form>
|
|
|
|
|
2017-02-16 19:38:45 +01:00
|
|
|
<form class= 'edit-form' method= 'POST' action='editboard.php'>
|
|
|
|
<input type='hidden' name='userId' value='".$row['userId']."'>
|
|
|
|
<input type='hidden' name='demandId' value='".$row['demandId']."'>
|
|
|
|
<input type='hidden' name='piecesMax' value='".$row['piecesMax']."'>
|
|
|
|
<input type='hidden' name='piecesMin' value='".$row['piecesMin']."'>
|
|
|
|
<input type='hidden' name='date' value='".$row['date']."'>
|
|
|
|
<input type='hidden' name='text' value='".$row['text']."'>
|
|
|
|
<button>Edit</button>
|
|
|
|
</form>
|
|
|
|
</div>";
|
|
|
|
}
|
2017-02-17 13:52:36 +01:00
|
|
|
}
|
2017-02-16 22:47:16 +01:00
|
|
|
|
2017-02-16 19:38:45 +01:00
|
|
|
|
|
|
|
// A function to edit a demand
|
|
|
|
function editpost($con)
|
|
|
|
{
|
|
|
|
if (isset($_POST['submit'])) {
|
|
|
|
global $con;
|
|
|
|
$userId = $_POST['userId'];
|
|
|
|
$demandId = $_POST['demandId'];
|
|
|
|
$piecesMax = $_POST['piecesMax'];
|
|
|
|
$piecesMin = $_POST['piecesMin'];
|
|
|
|
$date = $_POST['date'];
|
|
|
|
$text = $_POST['text'];
|
|
|
|
|
|
|
|
// Inserts Updates Database
|
2017-02-17 10:07:20 +01:00
|
|
|
$sql = "UPDATE demands SET message='$message' WHERE demandId='$demandId'";
|
2017-02-16 19:38:45 +01:00
|
|
|
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
|
2017-02-16 22:47:16 +01:00
|
|
|
header("Location: board.php");
|
2017-02-16 19:38:45 +01:00
|
|
|
}
|
|
|
|
}
|
2017-02-16 22:47:16 +01:00
|
|
|
// A function to delete a post
|
|
|
|
function deletepost($con)
|
|
|
|
{
|
|
|
|
if (isset($_POST['deletepost'])) {
|
|
|
|
global $con;
|
|
|
|
$demandId = $_POST['demandId'];
|
|
|
|
|
|
|
|
// Delete Post from Database
|
2017-02-17 10:07:20 +01:00
|
|
|
$sql = "DELETE FROM demands WHERE demandId='$demandId'";
|
2017-02-16 22:47:16 +01:00
|
|
|
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
|
|
|
|
header('Location: board.php');
|
|
|
|
}
|
|
|
|
}
|
2017-02-06 21:55:36 +01:00
|
|
|
?>
|