From 8e061ec901846bb9a7aaa71a298c9c69caa8f6b6 Mon Sep 17 00:00:00 2001
From: Andreas Zweili <andreas@2li.ch>
Date: Fri, 17 Feb 2017 13:52:36 +0100
Subject: [PATCH] finalize the function to request the user id

I've had to correct an error in the demands table. Tags can be empty.
---
 functions.php     | 30 ++++++++++++++++--------------
 sql/create_db.sql |  2 +-
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/functions.php b/functions.php
index e547e27..5e561a1 100644
--- a/functions.php
+++ b/functions.php
@@ -6,12 +6,13 @@ function login ()
 {
     session_start();
     if (isset($_REQUEST['username'])) {
-        //Checking is user existing in the database or not
+        //Checking if the user exists in the database or not
         global $con;
-        global $username;
         $username = stripslashes($_REQUEST['username']);
         //escapes special characters in a string
         $username = mysqli_real_escape_string($con,$username);
+        global $current_user;
+        $current_user = $username;
         $password = stripslashes($_REQUEST['password']);
         $password = mysqli_real_escape_string($con,$password);
         $query = "SELECT * FROM users WHERE userLogin='$username'
@@ -59,10 +60,12 @@ function register ()
 function get_userid ($con)
 {
     global $con;
-    global $username;
+    session_start();
+    $username = $_SESSION['username'];
     $sql = "select userId from users where userLogin = '$username'";
     $userId = mysqli_query($con, $sql) or die(mysqli_error($con));
-    return $userId;
+    $row = $userId->fetch_object();
+    return $row->userId;
 }
 
 // A function to post a demand
@@ -76,9 +79,8 @@ function pbinsert ($con)
         $date = $_POST['date'];
         $text = $_POST['text'];
         // Inserts Data into Database
-        $sql = "INSERT INTO demands ( piecesMax, piecesMin, text, date,
-                                     fk_demands_userId)
-        VALUES ('$piecesMax', '$piecesMin', '$text', '$date', $userId)";
+        $sql = "INSERT INTO demands ( piecesMax, piecesMin, text, date, userId)
+        VALUES ('$piecesMax', '$piecesMin', '$text', '$date', '$userId')";
         $result = mysqli_query($con, $sql) or die(mysqli_error($con));
     }
 }
@@ -89,16 +91,16 @@ function pbget($con)
         global $con;
         $sql = "SELECT * FROM demands";
         $result = mysqli_query($con, $sql);
-        while($row = $result->fetch_assoc()){
-         echo "<div class='post-box'><p>";
+        while ($row = $result->fetch_assoc()) {
+            echo "<div class='post-box'><p>";
             echo $row['date'] . "<br>";
             echo $row['text'] ."<br>" , "<br /> Maximum<br/>";
             echo $row['piecesMax'] ."<br /> Minimum<br/>";
             echo $row['piecesMin'];
-         echo "</p>
-           <form class= 'delete-form' method= 'POST' action='".deletepost($con)."'>
-             <input type='hidden' name='demandId' value='".$row['demandId']."'>
-           <button type='submit' name= 'deletepost'> Delete</button>
+            echo "</p>
+            <form class= 'delete-form' method= 'POST' action='".deletepost($con)."'>
+            <input type='hidden' name='demandId' value='".$row['demandId']."'>
+            <button type='submit' name= 'deletepost'> Delete</button>
             </form>
 
             <form class= 'edit-form' method= 'POST' action='editboard.php'>
@@ -112,7 +114,7 @@ function pbget($con)
             </form>
          </div>";
     }
-  }
+}
 
 
 // A function to edit a demand
diff --git a/sql/create_db.sql b/sql/create_db.sql
index b48805c..7c25d06 100644
--- a/sql/create_db.sql
+++ b/sql/create_db.sql
@@ -38,7 +38,7 @@ CREATE TABLE if not exists `demands` (
   `piecesMax` int(11) DEFAULT NULL,
   `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, 
   `userId` int(11) NOT NULL,
-  `tagId` int(11) NOT NULL,
+  `tagId` int(11) NULL,
   CONSTRAINT `fk_demands_userId`
         FOREIGN KEY (userId) REFERENCES users (userId),
   CONSTRAINT `fk_tagId`