commit 3874984bdc909c9931c151f7e7ba1d18d25466cd
parent 754782f0764349c261a583223531798e4abab412
Author: MoiBaguette <[email protected]>
Date: Sun, 16 Apr 2023 17:46:45 +0200
orm
Diffstat:
24 files changed, 859 insertions(+), 96 deletions(-)
diff --git a/Lollipop/DatabaseObject.php b/Lollipop/DatabaseObject.php
@@ -0,0 +1,136 @@
+<?php
+
+namespace Lollipop {
+ require_once "SQLDatabase.php";
+
+ abstract class DatabaseObject
+ {
+ protected string $table;
+ protected string $primary;
+
+ protected SQLDatabase $db;
+ protected array $data = [];
+ protected array $changed_keys = [];
+
+ function __construct(SQLDatabase $db)
+ {
+ $this->db = $db;
+ $this->primary = $this->get_primary();
+ $this->table = $this->get_table();
+ }
+
+ abstract static function get_primary(): string;
+ abstract static function get_table(): string;
+
+ public function setData($data)
+ {
+ $this->data = $data;
+ }
+ public function where(string $key, string $value){
+ $sql = "SELECT * FROM {$this->table} WHERE $key = ?";
+ $value = array($value);
+ $stmt = $this->db->conn->prepare($sql);
+ $stmt->execute($value);
+ $result = $stmt->get_result();
+ $this->data = $result->fetch_assoc();
+ }
+ public function load(string $id): bool
+ {
+ /*this fuction accepts an $id value for the primary key
+ * loads the row into data[]
+ * returns bool if row is found
+ */
+ $sql = "SELECT * FROM {$this->table} WHERE {$this->primary} = ?";
+
+ $stmt = $this->db->conn->prepare($sql);
+ $stmt->execute([$id]);
+ $result = $stmt->get_result();
+
+ if ($result->num_rows == 0) {
+ return false;
+ }
+
+ $this->data = $result->fetch_assoc();
+ return true;
+ }
+
+ public function save()
+ {
+ if (!$this->changed_keys)
+ return;
+
+ $sql = "UPDATE {$this->table} SET ";
+
+ $values = [];
+ foreach ($this->changed_keys as $index => $key) {
+ if ($index > 0)
+ $sql .= ', ';
+ $sql .= "$key = ?";
+ $values[] = $this->data[$key];
+ }
+
+ $sql .= " WHERE {$this->primary} = ?";
+ $values[] = $this->data[$this->primary];
+
+ $stmt = $this->db->conn->prepare($sql);
+ $stmt->execute($values);
+
+ $this->changed_keys = [];
+ }
+
+ public function add() : bool
+ /* this function add the set variables to the database */
+ {
+ if (!$this->changed_keys)
+ return false;
+
+ $sql = "INSERT INTO {$this->table} (";
+ $sql_val = ") VALUES (";
+ $values = [];
+
+ foreach ($this->changed_keys as $index => $key) {
+ if ($index > 0){
+ $sql .= ', ';
+ $sql_val .= ', ';
+ }
+ $sql .= $key;
+ $sql_val .= "?";
+ $values[] = $this->data[$key];
+ }
+
+ $sql .= $sql_val . ")";
+ $stmt = $this->db->conn->prepare($sql);
+
+ $this->changed_keys = [];
+
+ if($stmt->execute($values))
+ return true;
+ else
+ return false;
+ }
+ public function delete()
+ {
+ $sql = "DELETE FROM {$this->table} WHERE {$this->primary} = ?";
+ $stmt = $this->db->conn->prepare($sql);
+ $stmt->execute([$this->data[$this->primary]]);
+ $this->data = [];
+ $this->changed_keys = [];
+ }
+
+ public function __get(string $name)
+ {
+ return $this->data[$name];
+ }
+
+ public function __set(string $name, $value)
+ {
+ $this->data[$name] = $value;
+ $this->changed_keys[] = $name;
+ }
+
+ public function getData()
+ {
+ return $this->data;
+ }
+ }
+}
+\ No newline at end of file
diff --git a/Lollipop/Router.php b/Lollipop/Router.php
@@ -0,0 +1,60 @@
+<?php
+
+namespace Lollipop {
+ class Router
+ {
+ protected array $routes = [];
+ protected string $path;
+
+ protected function match(string $match, array &$route_vars): bool
+ {
+ $route_split = explode('/', $this->path);
+ $match_split = explode('/', $match);
+
+ if (sizeof($route_split) != sizeof($match_split)) {
+ return false;
+ }
+
+ foreach ($match_split as $index => $m) {
+ if (str_starts_with($m, ':')) {
+ $route_vars[substr($m, 1)] = $route_split[$index];
+ } else if ($m != $route_split[$index]) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+
+ function addRoute(string $method, string $match, callable $func)
+ {
+ $this->routes[] = array(
+ "method" => $method,
+ "match" => $match,
+ "func" => $func,
+ );
+ }
+
+ function route(string $base = null)
+ {
+ $this->path = $_SERVER["REQUEST_URI"];
+
+ if ($base && strpos($this->path, $base))
+ $this->path = explode($base, $this->path)[1];
+
+ $method = $_SERVER["REQUEST_METHOD"];
+
+ foreach ($this->routes as $route) {
+ if ($route["method"] != null && $route["method"] != $method)
+ continue;
+
+ $vars = [];
+ if ($this->match($route["match"], $vars))
+ return $route["func"]($vars);
+ }
+
+ echo "404 '$this->path' not found!";
+ return null;
+ }
+ }
+}
+\ No newline at end of file
diff --git a/Lollipop/SQLDatabase.php b/Lollipop/SQLDatabase.php
@@ -0,0 +1,90 @@
+<?php
+
+namespace Lollipop {
+ use mysqli;
+
+ class SQLDatabase
+ {
+ public mysqli $conn;
+
+ function __construct(string $host, string $username, string $password, string $database = null, int $port = null)
+ {
+ $this->conn = new mysqli($host, $username, $password, $database, $port);
+ }
+
+ function get(string $table_class)
+ {
+ /* this function accepts a $table_name creates a Database object with the class $table_name
+ * retuns a Database object
+ */
+ $cls = new $table_class($this);
+ return $cls;
+ }
+
+ function all_where(string $table_name, array $vars)
+ {
+ /* this function accepts a table name and an array[$column_name => $value]
+ * statement is select * from $table_name where $column_name = $value AND etc...
+ * returns an array of classes
+ */
+ if (!sizeof($vars)) {
+ return [];
+ }
+ $cls = new $table_name($this);
+
+ $sql = "SELECT * FROM {$cls->get_table()} WHERE ";
+ $params = [];
+
+ $i = 0;
+ foreach ($vars as $key => $value) {
+ if ($i > 0) {
+ $sql .= ' AND ';
+ }
+ $sql .= " $key LIKE ?";
+ $params[] = $value;
+ $i++;
+ }
+
+ $stmt = $this->conn->prepare($sql);
+ $stmt->execute($params);
+ $result = $stmt->get_result();
+
+ if (!$result || $result->num_rows == 0) {
+ return [];
+ }
+
+ $objects = [];
+ while ($row = $result->fetch_assoc()) {
+ $o = new $table_name($this);
+ $o->setData($row);
+ $objects[] = $o;
+ }
+ return $objects;
+ }
+
+ function all(string $table_name)
+ {
+ /* loads whole table $table_name
+ * returns array of objects
+ */
+ $cls = new $table_name($this);
+
+ $sql = "SELECT * FROM {$cls->get_table()}";
+
+ $result = $this->conn->query($sql);
+
+ if (!$result || $result->num_rows == 0) {
+ return [];
+ }
+
+ $objects = [];
+ while ($row = $result->fetch_assoc()) {
+ $o = new $table_name($this);
+ $o->setData($row);
+ $objects[] = $o;
+ }
+ return $objects;
+ }
+ }
+}
+?>
+\ No newline at end of file
diff --git a/add_user.php b/add_user.php
@@ -0,0 +1,145 @@
+<!DOCTYPE html>
+<html lang="eng">
+ <head>
+ <title>Add user</title>
+ <!-- Bootstrap CSS -->
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+ </head>
+ <?php
+ include "navbar.php";
+ include "utils/autoloader.php";
+ var_dump($_SESSION['user_permissions']);
+ if(!in_array(0, $_SESSION['user_permissions'])){
+ //header('Location: dashboard.php');
+ //exit;
+ }
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "wap2");
+ //select the available permissions from the database
+ $all_p = $db->all(Permissions::class);
+ $available_permissions = [];
+ foreach($all_p as $tmp){
+ $available_permissions[] = ['id' => $tmp->permission_id, 'name' => $tmp->permission_name];
+ }
+ ?>
+ <body>
+ <div class="container">
+ <h1>Add user</h1>
+
+ <form action="add_user.php" method="post">
+ <div class="mb-3">
+ <label for="voornaam" class="form-label"><b>Voornaam:</b></label>
+ <input type="text" class="form-control" name="voornaam" id="voornaam" placeholder="Voornaam">
+ </div>
+ <div class="mb-3">
+ <label for="achternaam" class="form-label"><b>Achternaam:</b></label>
+ <input type="text" class="form-control" name="achternaam" id="achternaam" placeholder="Achternaam">
+ </div>
+ <div class="mb-3">
+ <label for="email" class="form-label"><b>Email:</b></label>
+ <input type="text" class="form-control" name="email" id="email" placeholder="Email">
+ </div>
+ <div class="mb-3">
+ <label for="password" class="form-label"><b>Wachtwoord:</b></label>
+ <input type="password" class="form-control" name="password" id="password" placeholder="******">
+ </div>
+ <p>Please select the user permissions:</p>
+ <?php
+ foreach($available_permissions as $db_permission){
+ echo "<div class=\"mb-3 form-check\">
+ <input type=\"checkbox\" class=\"form-check-input\" name=\"permissions[]\" value=" . $db_permission['id'] . "\">
+ <label class=\"form-check-label\" for=" . $db_permission['name'] . ">" . $db_permission['name'] . "</label>
+ </div>";
+ }
+ ?>
+ <button type="submit" class="btn btn-primary" name="submit">Add user</button>
+ </form>
+ </div>
+ <?php
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ $errors = array(); // initialize an empty array to store errors
+
+ // Check if voornaam is set and not empty
+ if (isset($_POST['voornaam']) && !empty($_POST['voornaam'])) {
+ $fname = $_POST['voornaam'];
+ } else {
+ $errors[] = "Voornaam is required";
+ }
+
+ // Check if achternaam is set and not empty
+ if (isset($_POST['achternaam']) && !empty($_POST['achternaam'])) {
+ $lname = $_POST['achternaam'];
+ } else {
+ $errors[] = "Achternaam is required";
+ }
+
+ // Check if email is set and not empty
+ if (isset($_POST['email']) && !empty($_POST['email'])) {
+ $email = $_POST['email'];
+ } else {
+ $errors[] = "E-mail is required";
+ }
+
+ // Check if password is set and not empty
+ if (isset($_POST['password']) && !empty($_POST['password'])) {
+ $password = $_POST['password'];
+ } else {
+ $errors[] = "Wachtwoord is required";
+ }
+
+ // Check if permissions is set
+ if (isset($_POST['permissions'])) {
+ $permissions = $_POST['permissions'];
+ } else {
+ $errors[] = "Permissies zijn vereist";
+ }
+
+ // Check if there are any errors
+ if (count($errors) > 0) {
+ // Print out the errors
+ foreach ($errors as $error) {
+ echo $error . "<br>";
+ }
+ } else {
+ // Pass the password through a hashing function
+ $hashed_pwd = password_hash($password, PASSWORD_DEFAULT);
+
+ //create a database object with table user
+ $u = $db->get(User::class);
+ $u->where("email", $email);
+ //check if email already exists
+ if($u->email != null){
+ echo"this email address is taken: " . $email;
+ }else{
+ $u = $db->get(User::class);
+ $succes = false;
+ //set new user data
+ $u->email = $email;
+ $u->first_name = $fname;
+ $u->last_name = $lname;
+ $u->password = $hashed_pwd;
+
+ //add user with the add function
+ if($u->add()){
+ $succes = true;
+ };
+ $u->where("email", $email);
+ //create a database object with table permission for each permission
+ //set the data and execute the add function
+ foreach($permissions as $permission){
+ $p = $db->get(Permission_user::class);
+ $p->user_id = $u->user_id;
+ $p->permission_id = (int) $permission;
+ if($p->add())
+ {
+ $succes = true;
+ }
+ }
+ if($succes){
+ echo"succes!";
+ }
+ }
+ }
+ }
+ ?>
+ </body>
+</html>
diff --git a/alter_user.php b/alter_user.php
@@ -0,0 +1,180 @@
+<!DOCTYPE html>
+<html lang="eng">
+
+<head>
+ <title>User toevoegen</title>
+ <!-- Bootstrap CSS -->
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+</head>
+<?php
+use Lollipop\DatabaseObject;
+use Lollipop\SQLDatabase;
+ include "navbar.php";
+ include "utils/autoloader.php";
+ //if(!in_array(0, $_SESSION['user_permissions'])){
+ //header('Location: dashboard.php');
+ //exit;
+ //}
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "wap2");
+
+ //select the available permissions from the database
+ $all_p = $db->all(Permissions::class);
+ $available_permissions = [];
+ foreach($all_p as $tmp){
+ $available_permissions[] = ['id' => $tmp->permission_id, 'name' => $tmp->permission_name];
+ }
+ //if not found set to empty if not GET
+ $fname = "";
+ $lname = "";
+ $email = "";
+ $user_permissions = [];
+
+ if($_SERVER["REQUEST_METHOD"] == "GET"){
+ //if the get var isset and user is found in the database load data into forms
+ if(!isset($_GET['email'])){
+ echo"";
+ }else{
+ $get_email = $_GET['email'];
+ $u = $db->get(User::class);
+ $u->where("email", $get_email);
+ if($u->email != null){
+ $fname = $u->first_name;
+ $lname = $u->last_name;
+ $email = $u->email;
+ $p = $db->all_where(Permission_user::class, array('user_id' => $u->user_id));
+ foreach($p as $permission){
+ $user_permissions[] = $permission->permission_id;
+ }
+ }
+ }
+ }
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ $errors = array(); // initialize an empty array to store errors
+
+ // Check if voornaam is set and not empty
+ if (isset($_POST['voornaam']) && !empty($_POST['voornaam'])) {
+ $fname = $_POST['voornaam'];
+ } else {
+ $errors[] = "Voornaam is required";
+ }
+
+ // Check if achternaam is set and not empty
+ if (isset($_POST['achternaam']) && !empty($_POST['achternaam'])) {
+ $lname = $_POST['achternaam'];
+ } else {
+ $errors[] = "Achternaam is required";
+ }
+
+ // Check if email is set and not empty
+ if (isset($_POST['email']) && !empty($_POST['email'])) {
+ $email = $_POST['email'];
+ } else {
+ $errors[] = "E-mail is required";
+ }
+
+ // Check if permissions is set
+ if (isset($_POST['permissions'])) {
+ $permissions = $_POST['permissions'];
+ }
+
+ // Check if there are any errors
+ if (count($errors) > 0) {
+ // Print out the errors
+ foreach ($errors as $error) {
+ echo $error . "<br>";
+ }
+ } else {
+ //create a database object with table user
+ $u = $db->get(User::class);
+ $u->where("email", $email);
+ $user_id = $u->user_id;
+ //check if email already exists
+ if($u->email == null){
+ echo"this user does not exist " . $email;
+ }else{
+ $succes = false;
+ //set new user data
+ $u->email = $email;
+ $u->user_id = $user_id;
+ $u->first_name = $fname;
+ $u->last_name = $lname;
+ echo $u->save();
+ //add user with the add function
+ if(true){
+ $succes = true;
+ };
+
+ $p = $db->get(Permission_user::class);
+ //delete all permissions
+ foreach($available_permissions as $available){
+ $p->user_id = $user_id;
+ $p->permission_id = $available['id'];
+ $p->delete();
+ }
+
+ //add permissions
+ if(isset($permissions)){
+ foreach($permissions as $keep){
+ $p->user_id = $user_id;
+ $p->permission_id = (int)$keep;
+ $p->add();
+ }
+ }
+ if($succes){
+ echo"succes!";
+ }
+ }
+ }
+ //if the get var isset and user is found in the database load data into forms
+ if(!isset($_GET['email'])){
+ echo"";
+ }else{
+ $get_email = $_GET['email'];
+ $u = $db->get(User::class);
+ $u->where("email", $email);
+ if($u->email != null){
+ $fname = $u->first_name;
+ $lname = $u->last_name;
+ $email = $u->email;
+ $p = $db->all_where(Permission_user::class, array('user_id' => $u->user_id));
+ foreach($p as $permission){
+ $user_permissions[] = $permission->permission_id;
+ }
+ }
+ }
+ }
+?>
+
+<body>
+ <div class="container">
+ <h1>Alter user</h1>
+ <form action="alter_user.php?email=<?php echo $email;?>" method="post">
+ <div class="mb-3">
+ <label for="voornaam" class="form-label"><b>Voornaam:</b></label>
+ <input type="text" class="form-control" name="voornaam" id="voornaam" placeholder="Voornaam" value=<?php echo$fname?>>
+ </div>
+ <div class="mb-3">
+ <label for="achternaam" class="form-label"><b>Achternaam:</b></label>
+ <input type="text" class="form-control" name="achternaam" id="achternaam" placeholder="Achternaam" value=<?php echo$lname?>>
+ </div>
+ <div class="mb-3">
+ <label for="email" class="form-label"><b>Email:</b></label>
+ <input type="text" class="form-control" name="email" id="email" placeholder="Email" value=<?php echo$email?>>
+ </div>
+ <p>Please select the user permissions:</p>
+ <?php
+ foreach($available_permissions as $db_permission){
+ echo "<div class=\"mb-3 form-check\">" .
+ "<input type=\"checkbox\" class=\"form-check-input\" name=\"permissions[]\" value=" . $db_permission['id'] . "\"";
+ if ($user_permissions != null && in_array($db_permission['id'], $user_permissions)) {
+ echo " checked";
+ }
+ echo "><label class=\"form-check-label\" for=" . $db_permission['name'] . ">" . $db_permission['name'] . "</label>" .
+ "</div>";
+ }
+ ?>
+ <button type="submit" class="btn btn-primary" name="submit">Alter user</button>
+ </form>
+ </div>
+</body>
+</html>
+\ No newline at end of file
diff --git a/alteruser.php b/back-up/alteruser.php
diff --git a/crud_user.php b/back-up/crud_user.php
diff --git a/form.html b/back-up/form.html
diff --git a/includes.html b/back-up/includes.html
diff --git a/login.html b/back-up/login.html
diff --git a/login.php b/back-up/login.php
diff --git a/loginhandler.php b/back-up/loginhandler.php
diff --git a/searchuser.php b/back-up/searchuser.php
diff --git a/classes/Permission_user.php b/classes/Permission_user.php
@@ -0,0 +1,14 @@
+<?php
+class Permission_user extends Lollipop\DatabaseObject
+{
+ static function get_table(): string
+ {
+ return "user_permission";
+ }
+
+ static function get_primary(): string
+ {
+ return "user_id";
+ }
+}
+?>
+\ No newline at end of file
diff --git a/classes/Permissions.php b/classes/Permissions.php
@@ -0,0 +1,14 @@
+<?php
+class Permissions extends Lollipop\DatabaseObject
+{
+ static function get_table(): string
+ {
+ return "permission";
+ }
+
+ static function get_primary(): string
+ {
+ return "id";
+ }
+}
+?>
+\ No newline at end of file
diff --git a/classes/User.php b/classes/User.php
@@ -0,0 +1,14 @@
+<?php
+class User extends Lollipop\DatabaseObject
+{
+ static function get_table(): string
+ {
+ return "user";
+ }
+
+ static function get_primary(): string
+ {
+ return "user_id";
+ }
+}
+?>
+\ No newline at end of file
diff --git a/dashboard.php b/dashboard.php
@@ -4,5 +4,17 @@
</head>
<?php
include "navbar.php";
+ echo "voornaam = ";
+ echo $_SESSION['first_name'];
+ echo "<br>";
+ echo "achternaam = ";
+ echo $_SESSION['last_name'];
+ echo "<br>";
+ echo "email = ";
+ echo $_SESSION['email'];
+ echo "<br>";
+ foreach($_SESSION['user_permissions'] as $tmp){
+ echo $tmp;
+ }
?>
</html>
diff --git a/index.php b/index.php
@@ -24,13 +24,24 @@ $router->get('/uitloggen', function () {
include 'templates/login.html';
});
+$router->get('/login_handler', function () {
+ include '../login_handler.php';
+});
$router->get('/login', function () {
include 'templates/login.html';
});
-
+$router->get('/add_user', function () {
+ include 'add_user.php';
+});
+$router->get('/search_user', function () {
+ include 'search_user.php';
+});
+$router->get('/alter_user', function () {
+ include 'search_user.php';
+});
$router->get('/dashboard', function () {
- include 'searchdata.php';
+ include 'search_data.php';
});
//$router->get('/data', function () {
diff --git a/login_handler.php b/login_handler.php
@@ -0,0 +1,52 @@
+<?php
+ include "utils/autoloader.php";
+ if(isset($_SESSION['email'])){
+ header('Location: dashboard.php');
+ }
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "wap2");
+ // check if a post request was sent
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ // fetch data from the form
+ if(isset($_POST['login_btn'])){
+ if(!isset($_POST['email']) || !isset($_POST['password'])){
+ echo "<p style=\"color:red\">One of the forms was empty.</p>";
+ } else {
+ //store data from the form in a variable
+ $email = $_POST['email'];
+ $pwd = $_POST['password'];
+
+ //create a User orm class
+ $u = $db->all_where(User::class, array('email' => $email));
+ //tm 26 is workaround
+ foreach($u as $userdata){
+ $userdata->email;
+ }
+ $u = $userdata;
+ var_dump($u);
+ if($u->email == null){
+ //user incorrect, but to give out as little person info as possible just show either is wrong
+ echo"<p style=\"color:red\">Invalid username or password. cannot find user</p>";
+ }else{
+ //password verification logic
+ if(password_verify($pwd, $u->password)){
+ //start session and set session variables
+ session_start();
+ $_SESSION['email'] = $u->email;
+ $_SESSION['first_name'] = $u->first_name;
+ $_SESSION['last_name'] = $u->last_name;
+
+ $p = $db->all_where(Permission_user::class, array('user_id' => $u->user_id));
+ foreach($p as $permission){
+ $user_permissions[] = $permission->permission_id;
+ }
+ $_SESSION['user_permissions'] = $user_permissions;
+ header('Location: dashboard.php');
+ }else{
+ //password incorrect, but to give out as little person info as possible just show either is wrong
+ echo"<p style=\"color:red\">Invalid username or password.</p>";
+ }
+ }
+ }
+ }
+}
+?>
+\ No newline at end of file
diff --git a/navbar.php b/navbar.php
@@ -12,12 +12,13 @@
$links = array();
// Define the links for each type of employee
+ // Define the links for each type of employee
if (in_array(1, $permission_levels)) {
// Admin links
$admin_links = array(
- array('url' => '/crud_user.php', 'title' => 'Add User'),
- array('url' => '/searchuser.php', 'title' => 'Search for user'),
-// array('url' => '/alteruser', 'title' => 'Alter user')
+ array('url' => '/add_user.php', 'title' => 'Add User'),
+ array('url' => '/search_user.php', 'title' => 'Search for user'),
+ array('url' => '/alter_user.php', 'title' => 'Alter user')
);
$links[] = array('name' => 'Admin', 'links' => $admin_links);
}
@@ -25,9 +26,9 @@
if (in_array(2, $permission_levels)) {
// Administrative employee links
$admin_employee_links = array(
- array('url' => 'admin_employee_page_1.php', 'title' => 'Admin Employee Page 1'),
- array('url' => 'admin_employee_page_2.php', 'title' => 'Admin Employee Page 2'),
- array('url' => 'admin_employee_page_3.php', 'title' => 'Admin Employee Page 3')
+ array('url' => 'admin_employee_page_1.php', 'title' => 'Admin Employee Page 1'),
+ array('url' => 'admin_employee_page_2.php', 'title' => 'Admin Employee Page 2'),
+ array('url' => 'admin_employee_page_3.php', 'title' => 'Admin Employee Page 3')
);
$links[] = array('name' => 'Administrative Employee', 'links' => $admin_employee_links);
}
@@ -35,24 +36,25 @@
if (in_array(3, $permission_levels)) {
// Scientific employee links
$scientific_employee_links = array(
- array('url' => 'scientific_employee_page_1.php', 'title' => 'Scientific Employee Page 1'),
- array('url' => 'scientific_employee_page_2.php', 'title' => 'Scientific Employee Page 2'),
- array('url' => 'scientific_employee_page_3.php', 'title' => 'Scientific Employee Page 3')
+ array('url' => 'scientific_employee_page_1.php', 'title' => 'Scientific Employee Page 1'),
+ array('url' => 'scientific_employee_page_2.php', 'title' => 'Scientific Employee Page 2'),
+ array('url' => 'scientific_employee_page_3.php', 'title' => 'Scientific Employee Page 3')
);
$links[] = array('name' => 'Scientific Employee', 'links' => $scientific_employee_links);
}
-
- if (empty($links)) {
- // Guest links
- $guest_links = array(
- array('url' => 'guest_page_1.php', 'title' => 'Guest Page 1')
- );
- $links[] = array('name' => 'Guest', 'links' => $guest_links);
+
+ if($_SERVER["REQUEST_METHOD"] == "POST"){
+ if(isset($_POST['logout'])){
+ session_unset();
+ session_destroy();
+ header('Location: login.php');
+ exit;
+ }
}
?>
<nav class="navbar navbar-expand-lg navbar-light bg-light">
- <a class="navbar-brand" href="/dashboard">Dashboard</a>
+ <a class="navbar-brand" href="dashboard.php">Dashboard</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
@@ -71,8 +73,11 @@
</li>
<?php } ?>
</ul>
+ <form method="post" action="templates/homepage.php">
+ <button type="submit" id='logout' class="btn btn-primary">log out</button>
+ </form>
</div>
</nav>
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/@popperjs/[email protected]/dist/umd/popper.min.js"></script>
-<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js"></script>
-\ No newline at end of file
+<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js"></script>
diff --git a/search_user.php b/search_user.php
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html lang="eng">
+ <head>
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+ <?php
+ include "navbar.php";
+ include "utils/autoloader.php";
+ //if(!in_array(0, $_SESSION['user_permissions'])){
+ // header('Location: dashboard.php');
+ // exit;
+ //}
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "wap2");
+ ?>
+ </head>
+<body>
+ <form class="d-flex" action="search_user.php" method="post">
+ <input class="form-control me-2" type="search" name="search" placeholder="Email" aria-label="Search">
+ <button class="btn btn-outline-success" type="submit">Search</button>
+</form>
+ <?php
+ if ($_SERVER["REQUEST_METHOD"] == "POST"){
+ if(isset($_POST['search'])) {
+ //set $query
+ $query = "%" . $_POST['search'] . "%";
+ display_results($db, $query);
+ }elseif(isset($_POST['delete'])){
+ $u = $db->get(User::class);
+ $u->where("email", $_POST['delete']);
+ $u->delete();
+ display_results($db, $_POST['query']);
+ }
+ }
+ function display_results($db, $query){
+ //create a User orm class and load all the records where user like query
+ $results = $db->all_where(User::class, array('email' => $query));
+
+ // display results
+ if($results != null){
+ echo "<table class=\"table table-striped\">
+ <thead>
+ <tr>
+ <th>E-mail</th>
+ <th>First name</th>
+ <th>Last name</th>
+ <th>Alter</th>
+ <th>Delete</th>
+ </tr>
+ </thead>
+ <tbody>";
+ foreach($results as $data) {
+ $link = "/alter_user.php?email=" . $data->email;
+ echo "<tr>";
+ echo "<td>" . $data->email . "</td>";
+ echo "<td>" . $data->first_name . "</td>";
+ echo "<td>" . $data->last_name . "</td>";
+ echo "<td><a href='" . $link . "'>Edit</a></td>";
+ echo "
+ <td>
+ <form method=\"post\" action=\"search_user.php\">
+ <input type=\"hidden\" name=\"query\" value=" . $query. ">
+ <button type=\"submit\" name='delete' value=" . $data->email ." ' class=\"btn btn-primary\">delete</button>
+ </form>
+ </td>";
+ echo "</tr>";
+ }
+ echo"
+ </tbody>
+ </table>";
+ }else{
+ echo "No users with this email address were found.";
+ }
+ }
+ ?>
+ </body>
+</html>
+
diff --git a/searchdata.php b/searchdata.php
@@ -1,72 +0,0 @@
-<?php
-error_reporting(0);
-
- include "navbar.php";
- include "Connect.php";
-?>
-<html>
- <head>
- <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
- </head>
-<body>
- <form class="d-flex" action="searchdata.php" method="get">
- <input class="form-control me-2" type="text" name="date-begin" placeholder="Date begin (YYYY-MM-DD)" pattern="\d{4}-\d{2}-\d{2}" required>
- <input class="form-control me-2" type="text" name="date-end" placeholder="Date end (YYYY-MM-DD)" pattern="\d{4}-\d{2}-\d{2}" required>
- <input class="form-control me-2" type="text" name="station" placeholder="Search" aria-label="Search">
- <button class="btn btn-outline-success" type="submit">Search</button>
- </form>
- <?php
- $connect = new Connect;
- $conn = $connect->getConn();
-
- $sql = "SELECT station_name, date_time, validated, temperature FROM weather_data";
- if (isset($_GET['date-begin']) && $_GET['date-begin'])
- $sql .= " WHERE date_time >= ?";
- if (isset($_GET['date-end']) && $_GET['date-end'])
- $sql .= " WHERE date_time <= ?";
- if (isset($_GET['station']) && $_GET['station'])
- $sql .= " WHERE station_name = ?";
-
- $stmt = $conn->prepare($sql);
- if (isset($_GET['date-begin']) && $_GET['date-start'])
- $stmt->bind_param('s', $_GET['date-begin']);
- if (isset($_GET['date-end']) && $_GET['date-end'])
- $stmt->bind_param('s', $_GET['date-end']);
- if (isset($_GET['station']) && $_GET['station']) {
- $stmt->bind_param('d', $_GET['station']);
- }
-
- $stmt->execute();
-
- $result = $stmt->get_result();
-
- // verification logic and $_SESSION start
- if ($result->num_rows > 0) {
- echo "<table class=\"table table-striped\">
- <thead>
- <tr>
- <th>Station</th>
- <th>Date</th>
- <th>Validated</th>
- <th>Temperature</th>
- </tr>
- </thead>
- <tbody>";
- while ($row = mysqli_fetch_assoc($result)) {
- $link = "/searchdata.php?station=" . $row['station_name'];
- echo "<tr>";
- echo "<td><a href='" . $link . "'>" . $row['station_name'] . "</a></td>";
- echo "<td>" . $row['date_time'] . "</td>";
- echo "<td>" . $row['validated'] . "</td>";
- echo "<td>" . $row['temperature'] . "</td>";
- echo "</tr>";
- }
- echo "
- </tbody>
- </table>";
- } else {
- echo "No data found.";
- }
- ?>
-</body>
-</html>
-\ No newline at end of file
diff --git a/templates/homepage.php b/templates/homepage.php
@@ -20,12 +20,12 @@
</div>
<div class="login-section">
<h2>Login</h2>
- <form class="login-form" action="loginhandler.php" method="post">
+ <form class="login-form" action="../login_handler.php" method="post">
<label for="email">Email:</label>
<input type="text" name="email" required>
<label for="password">Password:</label>
<input type="password" name="password" required>
- <button type="submit">Login</button>
+ <button type="submit" name='login_btn'>Login</button>
</form>
</div>
</div>
diff --git a/utils/autoloader.php b/utils/autoloader.php
@@ -0,0 +1,19 @@
+<?php
+
+spl_autoload_register(function ($class_name) {
+ if (DIRECTORY_SEPARATOR != "\\")
+ $class_name = str_replace("\\", DIRECTORY_SEPARATOR, $class_name);
+
+ $sr = DIRECTORY_SEPARATOR;
+ $filename = $class_name . '.php';
+ if (!file_exists($filename)) {
+ $filename = 'classes' . $sr . $class_name . '.php';
+ if (!file_exists($filename)) {
+ return false;
+ } else {
+ include 'classes' . $sr . $class_name . '.php';
+ }
+ } else {
+ include $class_name . '.php';
+ }
+});
+\ No newline at end of file
