ibz
/
web_AI-3
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
web_AI-3/functions.php

157 lines
5.6 KiB
PHP
Raw Blame History

<?php
require('db.php');
// the function which varifies a users credentials
// against the database
function login ()
{
session_start();
if (isset($_REQUEST['username'])) {
//Checking if the user exists in the database or not
global $con;
$username = stripslashes($_REQUEST['username']);
//escapes special characters in a string
$username = mysqli_real_escape_string($con,$username);
global $current_user;
$current_user = $username;
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con,$password);
$query = "SELECT * FROM users WHERE userLogin='$username'
and userPass='$password'";
$result = mysqli_query($con,$query) or die(mysqli_error());
$rows = mysqli_num_rows($result);
if ($rows==1) {
$_SESSION['username'] = $username;
// Redirect user to home.php
header("Location: home.php");
} else {
echo "<h3>Username/password is incorrect.</h3>";
}
}
}
// A function to register a new user
function register ()
{
if (isset($_REQUEST['username'])) {
global $con;
// removes backslashes
$username = stripslashes($_REQUEST['username']);
//escapes special characters in a string
$username = mysqli_real_escape_string($con,$username);
$email = stripslashes($_REQUEST['email']);
$email = mysqli_real_escape_string($con,$email);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con,$password);
$query = "INSERT into users (userLogin, userPass, userEmail)
VALUES ('$username', '$password', '$email')";
$result = mysqli_query($con,$query);
// checks if the username or email addresse is already taken
if ($result) {
echo "<div class='form'>
<h3>You are registered successfully.</h3>
<br/>Click here to <a href='index.php'>Login</a></div>";
} elseif (mysqli_errno($con) == 1062) {
echo "<h3>Username or Email already taken.</h3>";
}
}
}
//A function to read out the userId of the current user
function get_userid ($con)
{
global $con;
session_start();
$username = $_SESSION['username'];
$sql = "select userId from users where userLogin = '$username'";
$userId = mysqli_query($con, $sql) or die(mysqli_error($con));
$row = $userId->fetch_object();
return $row->userId;
}
// A function to post a demand
function post_demand ($con)
{
if (isset($_POST['submit'])) {
global $con;
$userId = get_userid($con);
$piecesMax = $_POST['piecesMax'];
$piecesMin = $_POST['piecesMin'];
$qualityId = $_POST['quality'];
$title = $_POST['title'];
$text = $_POST['text'];
// Inserts Data into Database
$sql = "INSERT INTO demands (piecesMax, piecesMin, demandText,
demandTitle, userId, qualityId)
VALUES ('$piecesMax', '$piecesMin', '$text', '$title',
'$userId', '$qualityId')";
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
}
}
// A function to insert the own posts from the database into the website
function get_demand_titles ($con)
{
global $con;
$sql = "SELECT * FROM demands";
$result = mysqli_query($con, $sql);
while ($row = $result->fetch_assoc()) {
echo "<div class='post-box'><p>";
echo "<strong>" . $row['demandTitle'] . "</strong>" . "<br>";
echo $row['date'] . "<br>";
echo "</p>
<form class= 'delete-form' method= 'POST'
action='".delete_post($con)."'>
<input type='hidden' name='demandId' value='".$row['demandId']."'>
<button type='submit' name= 'deletepost'> Delete</button>
</form>
<form class= 'edit-form' method= 'POST' action='edit_demand.php'>
<input type='hidden' name='userId' value='".$row['userId']."'>
<input type='hidden' name='demandId' value='".$row['demandId']."'>
<input type='hidden' name='piecesMax' value='".$row['piecesMax']."'>
<input type='hidden' name='piecesMin' value='".$row['piecesMin']."'>
<input type='hidden' name='title' value='".$row['demandTitle']."'>
<input type='hidden' name='text' value='".$row['demandText']."'>
<button>Edit</button>
</form>
</div>";
}
}
// A function to edit a demand
function edit_demand ($con)
{
if (isset($_POST['edit'])) {
global $con;
$demandId = $_POST['demandId'];
$piecesMax = $_POST['piecesMax'];
$piecesMin = $_POST['piecesMin'];
$title = $_POST['title'];
$text = $_POST['text'];
// Inserts Updates Database
$sql = "UPDATE demands
SET piecesMax='$piecesMax',
piecesMin='$piecesMin',
demandTitle='$title',
demandText='$text'
WHERE demandId='$demandId'";
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
header("Location: board.php");
}
}
// A function to delete a post
function delete_demand($con)
{
if (isset($_POST['deletepost'])) {
global $con;
$demandId = $_POST['demandId'];
// Delete Post from Database
$sql = "DELETE FROM demands WHERE demandId='$demandId'";
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
header('Location: board.php');
}
}
?>
Reference in New Issue View Git Blame Copy Permalink