commit 1170a7b34eef670e908d6f6789612d5786070a74
parent 53699ad9cdb84515b307d505dee8ea6169d4ea8a
Author: MoiBaguette <[email protected]>
Date: Sat, 15 Apr 2023 15:58:44 +0200
orm in search_user
Diffstat:
| M | Lollipop/DatabaseObject.php | | | 30 | ++++++++++++++++++++++++++++++ |
| M | Lollipop/SQLDatabase.php | | | 6 | +++--- |
| A | add_user.php | | | 134 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | alter_user.php | | | 155 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| D | alteruser.php | | | 153 | ------------------------------------------------------------------------------- |
| D | crud_user.php | | | 118 | ------------------------------------------------------------------------------- |
| M | login.php | | | 66 | ++++++++++++++++++++++++++++++++++++------------------------------ |
| M | navbar.php | | | 14 | +++++++++++++- |
| A | search_user.php | | | 59 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| D | searchuser.php | | | 61 | ------------------------------------------------------------- |
10 files changed, 430 insertions(+), 366 deletions(-)
diff --git a/Lollipop/DatabaseObject.php b/Lollipop/DatabaseObject.php
@@ -71,6 +71,36 @@ namespace Lollipop {
$this->changed_keys = [];
}
+ public function add() : bool
+ /* this function add the set variables to the database */
+ {
+ if (!$this->changed_keys)
+ return false;
+
+ $sql = "INSERT INTO {$this->table} (";
+ $sql_val = ") VALUES (";
+ $values = [];
+
+ foreach ($this->changed_keys as $index => $key) {
+ if ($index > 0){
+ $sql .= ', ';
+ $sql_val .= ', ';
+ }
+ $sql .= $key;
+ $sql_val .= "?";
+ $values[] = $this->data[$key];
+ }
+
+ $sql .= $sql_val . ")";
+ $stmt = $this->db->conn->prepare($sql);
+
+ $this->changed_keys = [];
+
+ if($stmt->execute($values))
+ return true;
+ else
+ return false;
+ }
public function delete()
{
$sql = "DELETE FROM {$this->table} WHERE {$this->primary} = ?";
diff --git a/Lollipop/SQLDatabase.php b/Lollipop/SQLDatabase.php
@@ -12,9 +12,9 @@ namespace Lollipop {
$this->conn = new mysqli($host, $username, $password, $database, $port);
}
- function get(string $table_class, $name)
+ function get(string $table_class)
{
- /* this function accepts a $table_name and a value, $name for the primary get of the table
+ /* this function accepts a $table_name creates a Database object with the class $table_name
* retuns a Database object
*/
$cls = new $table_class($this);
@@ -40,7 +40,7 @@ namespace Lollipop {
if ($i > 0) {
$sql .= ' AND ';
}
- $sql .= " $key = ?";
+ $sql .= " $key LIKE ?";
$params[] = $value;
$i++;
}
diff --git a/add_user.php b/add_user.php
@@ -0,0 +1,134 @@
+<!DOCTYPE html>
+<html lang="eng">
+ <head>
+ <title>Add user</title>
+ <!-- Bootstrap CSS -->
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+ </head>
+ <?php
+ include "navbar.php";
+ include "utils/autoloader.php";
+ if(!in_array(0, $_SESSION['permissions'])){
+ header('Location: dashboard.php');
+ exit;
+ }
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
+ ?>
+ <body>
+ <div class="container">
+ <h1>Add user</h1>
+
+ <form action="add_user.php" method="post">
+ <div class="mb-3">
+ <label for="voornaam" class="form-label"><b>Voornaam:</b></label>
+ <input type="text" class="form-control" name="voornaam" id="voornaam" placeholder="Voornaam">
+ </div>
+ <div class="mb-3">
+ <label for="achternaam" class="form-label"><b>Achternaam:</b></label>
+ <input type="text" class="form-control" name="achternaam" id="achternaam" placeholder="Achternaam">
+ </div>
+ <div class="mb-3">
+ <label for="email" class="form-label"><b>Email:</b></label>
+ <input type="text" class="form-control" name="email" id="email" placeholder="Email">
+ </div>
+ <div class="mb-3">
+ <label for="password" class="form-label"><b>Wachtwoord:</b></label>
+ <input type="password" class="form-control" name="password" id="password" placeholder="******">
+ </div>
+ <p>Please select the user permissions:</p>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Admin" name="permissions[]" value="0">
+ <label class="form-check-label" for="Admin">Admin</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Administratief medewerker" name="permissions[]" value="1">
+ <label class="form-check-label" for="Administratief medewerker">Administratief medewerker</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Wetenschappelijk medewerker" name="permissions[]" value="2">
+ <label class="form-check-label" for="Wetenschappelijk medewerker">Wetenschappelijk medewerker</label>
+ </div>
+ <button type="submit" class="btn btn-primary" name="submit">Voeg toe</button>
+ </form>
+ </div>
+ <?php
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ $errors = array(); // initialize an empty array to store errors
+
+ // Check if voornaam is set and not empty
+ if (isset($_POST['voornaam']) && !empty($_POST['voornaam'])) {
+ $fname = $_POST['voornaam'];
+ } else {
+ $errors[] = "Voornaam is required";
+ }
+
+ // Check if achternaam is set and not empty
+ if (isset($_POST['achternaam']) && !empty($_POST['achternaam'])) {
+ $lname = $_POST['achternaam'];
+ } else {
+ $errors[] = "Achternaam is required";
+ }
+
+ // Check if email is set and not empty
+ if (isset($_POST['email']) && !empty($_POST['email'])) {
+ $email = $_POST['email'];
+ } else {
+ $errors[] = "E-mail is required";
+ }
+
+ // Check if password is set and not empty
+ if (isset($_POST['password']) && !empty($_POST['password'])) {
+ $password = $_POST['password'];
+ } else {
+ $errors[] = "Wachtwoord is required";
+ }
+
+ // Check if permissions is set
+ if (isset($_POST['permissions'])) {
+ $permissions = $_POST['permissions'];
+ } else {
+ $errors[] = "Permissies zijn vereist";
+ }
+
+ // Check if there are any errors
+ if (count($errors) > 0) {
+ // Print out the errors
+ foreach ($errors as $error) {
+ echo $error . "<br>";
+ }
+ } else {
+ // Pass the password through a hashing function
+ $hashed_pwd = password_hash($password, PASSWORD_DEFAULT);
+
+ //create a database object with table user
+ $u = $db->get(User::class);
+
+ //check if email already exists
+ if($u->load($email)){
+ echo"this email address is taken: " . $email;
+ }else{
+ //set new user data
+ $u->email = $email;
+ $u->fname = $fname;
+ $u->lname = $lname;
+ $u->pwd = $hashed_pwd;
+
+ //add user with the add function
+ if($u->add()){
+ echo"succes!";
+ };
+
+ //create a database object with table permission for each permission
+ //set the data and execute the add function
+ foreach($permissions as $permission){
+ $p = $db->get(Permission::class);
+ $p->email = $email;
+ $p->id = $permission;
+ $p->add();
+ }
+ }
+ }
+ }
+ ?>
+ </body>
+</html>
diff --git a/alter_user.php b/alter_user.php
@@ -0,0 +1,154 @@
+<!DOCTYPE html>
+<html lang="eng">
+
+<head>
+ <title>User toevoegen</title>
+ <!-- Bootstrap CSS -->
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+</head>
+<?php
+ include "navbar.php";
+ include "utils/autoloader.php";
+ if(!in_array(0, $_SESSION['permissions'])){
+ header('Location: dashboard.php');
+ exit;
+ }
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
+?>
+
+<body>
+ <div class="container">
+ <h1>Alter user</h1>
+
+ <form action="alter_user.php" method="post">
+ <div class="mb-3">
+ <label for="voornaam" class="form-label"><b>Voornaam:</b></label>
+ <input type="text" class="form-control" name="voornaam" id="voornaam" placeholder="Voornaam">
+ </div>
+ <div class="mb-3">
+ <label for="achternaam" class="form-label"><b>Achternaam:</b></label>
+ <input type="text" class="form-control" name="achternaam" id="achternaam" placeholder="Achternaam">
+ </div>
+ <div class="mb-3">
+ <label for="email" class="form-label"><b>Email:</b></label>
+ <input type="text" class="form-control" name="email" id="email" placeholder="Email">
+ </div>
+ <div class="mb-3">
+ <label for="password" class="form-label"><b>Wachtwoord:</b></label>
+ <input type="password" class="form-control" name="password" id="password" placeholder="******">
+ </div>
+ <p>Please select the user permissions:</p>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Admin" name="permissions[]" value="1">
+ <label class="form-check-label" for="Admin">Admin</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Administratief medewerker" name="permissions[]"
+ value="2">
+ <label class="form-check-label" for="Administratief medewerker">Administratief medewerker</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Wetenschappelijk medewerker" name="permissions[]"
+ value="3">
+ <label class="form-check-label" for="Wetenschappelijk medewerker">Wetenschappelijk medewerker</label>
+ </div>
+ <button type="submit" class="btn btn-primary" name="submit">Voeg toe</button>
+ </form>
+ </div>
+ <?php
+ $servername = "86.92.67.21";
+ $username = "friedel";
+ $password = "hailiwa";
+ $dbname = "wap2";
+ // Create connection
+ $conn = mysqli_connect($servername, $username, $password, $dbname);
+ // Check connection
+ if (!$conn) {
+ die("Connection failed: " . mysqli_connect_error());
+ }
+
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ $errors = array(); // initialize an empty array to store errors
+
+ // Check if voornaam is set and not empty
+ if (isset($_POST['voornaam']) && !empty($_POST['voornaam'])) {
+ $fname = $_POST['voornaam'];
+ } else {
+ $errors[] = "Voornaam is required";
+ }
+
+ // Check if achternaam is set and not empty
+ if (isset($_POST['achternaam']) && !empty($_POST['achternaam'])) {
+ $lname = $_POST['achternaam'];
+ } else {
+ $errors[] = "Achternaam is required";
+ }
+
+ // Check if email is set and not empty
+ if (isset($_POST['email']) && !empty($_POST['email'])) {
+ $email = $_POST['email'];
+ } else {
+ $errors[] = "E-mail is required";
+ }
+
+ // Check if password is set and not empty
+ if (isset($_POST['password']) && !empty($_POST['password'])) {
+ $password = $_POST['password'];
+ } else {
+ $password = null;
+ }
+
+ // Check if permissions is set
+ if (isset($_POST['permissions'])) {
+ $permissions = $_POST['permissions'];
+ } else {
+ $errors[] = "Permissies zijn vereist";
+ }
+
+ // Check if there are any errors
+ if (count($errors) > 0) {
+ // Print out the errors
+ foreach ($errors as $error) {
+ echo $error . "<br>";
+ }
+ } else {
+ // Pass the password through a hashing function
+
+ // Making a sql statement to add user to the database, preparing it and excuting
+ $sql = "UPDATE medewerkers
+ SET voornaam = ?, achternaam = ?
+ WHERE email = ?";
+ $stmt = $conn->prepare($sql);
+ $stmt->bind_param("sss", $fname, $lname, $email);
+ $stmt->execute();
+
+ if ($password) {
+ $hash = password_hash($password, PASSWORD_DEFAULT);
+ $sql = "UPDATE medewerkers
+ SET wachtwoord = ?
+ WHERE email = ?";
+ $stmt = $conn->prepare($sql);
+ $stmt->bind_param("ss", $hash, $email);
+ $stmt->execute();
+ }
+
+ $sql = "DELETE medewerkers WHERE email = ?";
+ $stmt = $conn->prepare($sql);
+ $stmt->bind_param("s", $email);
+ $stmt->execute();
+
+ //Excecuting a sql statement for all the user permissions
+ foreach ($permissions as $perm) {
+ $sql = "INSERT INTO medewerkers_permissie (email, permissie_id) VALUES (?, ?);";
+ $stmt = $conn->prepare($sql);
+ $stmt->bind_param("si", $email, $perm);
+ $stmt->execute();
+ }
+ }
+ }
+ // closing the connection
+ mysqli_close($conn);
+ ?>
+</body>
+
+</html>
+\ No newline at end of file
diff --git a/alteruser.php b/alteruser.php
@@ -1,152 +0,0 @@
-<!DOCTYPE html>
-<html lang="nl">
-
-<head>
- <title>User toevoegen</title>
- <!-- Bootstrap CSS -->
- <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
-</head>
-<?php
-include "navbar.php";
-if (!in_array(1, $_SESSION['permissions'])) {
- header('Location: dashboard.php');
- exit;
-}
-?>
-
-<body>
- <div class="container">
- <h1>User toevoegen</h1>
-
- <form action="crud_user.php" method="post">
- <div class="mb-3">
- <label for="voornaam" class="form-label"><b>Voornaam:</b></label>
- <input type="text" class="form-control" name="voornaam" id="voornaam" placeholder="Voornaam">
- </div>
- <div class="mb-3">
- <label for="achternaam" class="form-label"><b>Achternaam:</b></label>
- <input type="text" class="form-control" name="achternaam" id="achternaam" placeholder="Achternaam">
- </div>
- <div class="mb-3">
- <label for="email" class="form-label"><b>Email:</b></label>
- <input type="text" class="form-control" name="email" id="email" placeholder="Email">
- </div>
- <div class="mb-3">
- <label for="password" class="form-label"><b>Wachtwoord:</b></label>
- <input type="password" class="form-control" name="password" id="password" placeholder="******">
- </div>
- <p>Please select the user permissions:</p>
- <div class="mb-3 form-check">
- <input type="checkbox" class="form-check-input" id="Admin" name="permissions[]" value="1">
- <label class="form-check-label" for="Admin">Admin</label>
- </div>
- <div class="mb-3 form-check">
- <input type="checkbox" class="form-check-input" id="Administratief medewerker" name="permissions[]"
- value="2">
- <label class="form-check-label" for="Administratief medewerker">Administratief medewerker</label>
- </div>
- <div class="mb-3 form-check">
- <input type="checkbox" class="form-check-input" id="Wetenschappelijk medewerker" name="permissions[]"
- value="3">
- <label class="form-check-label" for="Wetenschappelijk medewerker">Wetenschappelijk medewerker</label>
- </div>
- <button type="submit" class="btn btn-primary" name="submit">Voeg toe</button>
- </form>
- </div>
- <?php
- $servername = "86.92.67.21";
- $username = "friedel";
- $password = "hailiwa";
- $dbname = "wap2";
- // Create connection
- $conn = mysqli_connect($servername, $username, $password, $dbname);
- // Check connection
- if (!$conn) {
- die("Connection failed: " . mysqli_connect_error());
- }
-
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- $errors = array(); // initialize an empty array to store errors
-
- // Check if voornaam is set and not empty
- if (isset($_POST['voornaam']) && !empty($_POST['voornaam'])) {
- $fname = $_POST['voornaam'];
- } else {
- $errors[] = "Voornaam is required";
- }
-
- // Check if achternaam is set and not empty
- if (isset($_POST['achternaam']) && !empty($_POST['achternaam'])) {
- $lname = $_POST['achternaam'];
- } else {
- $errors[] = "Achternaam is required";
- }
-
- // Check if email is set and not empty
- if (isset($_POST['email']) && !empty($_POST['email'])) {
- $email = $_POST['email'];
- } else {
- $errors[] = "E-mail is required";
- }
-
- // Check if password is set and not empty
- if (isset($_POST['password']) && !empty($_POST['password'])) {
- $password = $_POST['password'];
- } else {
- $password = null;
- }
-
- // Check if permissions is set
- if (isset($_POST['permissions'])) {
- $permissions = $_POST['permissions'];
- } else {
- $errors[] = "Permissies zijn vereist";
- }
-
- // Check if there are any errors
- if (count($errors) > 0) {
- // Print out the errors
- foreach ($errors as $error) {
- echo $error . "<br>";
- }
- } else {
- // Pass the password through a hashing function
-
- // Making a sql statement to add user to the database, preparing it and excuting
- $sql = "UPDATE medewerkers
- SET voornaam = ?, achternaam = ?
- WHERE email = ?";
- $stmt = $conn->prepare($sql);
- $stmt->bind_param("sss", $fname, $lname, $email);
- $stmt->execute();
-
- if ($password) {
- $hash = password_hash($password, PASSWORD_DEFAULT);
- $sql = "UPDATE medewerkers
- SET wachtwoord = ?
- WHERE email = ?";
- $stmt = $conn->prepare($sql);
- $stmt->bind_param("ss", $hash, $email);
- $stmt->execute();
- }
-
- $sql = "DELETE medewerkers WHERE email = ?";
- $stmt = $conn->prepare($sql);
- $stmt->bind_param("s", $email);
- $stmt->execute();
-
- //Excecuting a sql statement for all the user permissions
- foreach ($permissions as $perm) {
- $sql = "INSERT INTO medewerkers_permissie (email, permissie_id) VALUES (?, ?);";
- $stmt = $conn->prepare($sql);
- $stmt->bind_param("si", $email, $perm);
- $stmt->execute();
- }
- }
- }
- // closing the connection
- mysqli_close($conn);
- ?>
-</body>
-
-</html>
-\ No newline at end of file
diff --git a/crud_user.php b/crud_user.php
@@ -1,118 +0,0 @@
-<!DOCTYPE html>
-<html lang="nl">
- <head>
- <title>Add user</title>
- <!-- Bootstrap CSS -->
- <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
- </head>
- <?php
- include "navbar.php";
- include "utils/autoloader.php";
- if(!in_array(0, $_SESSION['permissions'])){
- header('Location: dashboard.php');
- exit;
- }
- $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
- ?>
- <body>
- <div class="container">
- <h1>User toevoegen</h1>
-
- <form action="crud_user.php" method="post">
- <div class="mb-3">
- <label for="voornaam" class="form-label"><b>Voornaam:</b></label>
- <input type="text" class="form-control" name="voornaam" id="voornaam" placeholder="Voornaam">
- </div>
- <div class="mb-3">
- <label for="achternaam" class="form-label"><b>Achternaam:</b></label>
- <input type="text" class="form-control" name="achternaam" id="achternaam" placeholder="Achternaam">
- </div>
- <div class="mb-3">
- <label for="email" class="form-label"><b>Email:</b></label>
- <input type="text" class="form-control" name="email" id="email" placeholder="Email">
- </div>
- <div class="mb-3">
- <label for="password" class="form-label"><b>Wachtwoord:</b></label>
- <input type="password" class="form-control" name="password" id="password" placeholder="******">
- </div>
- <p>Please select the user permissions:</p>
- <div class="mb-3 form-check">
- <input type="checkbox" class="form-check-input" id="Admin" name="permissions[]" value="1">
- <label class="form-check-label" for="Admin">Admin</label>
- </div>
- <div class="mb-3 form-check">
- <input type="checkbox" class="form-check-input" id="Administratief medewerker" name="permissions[]" value="2">
- <label class="form-check-label" for="Administratief medewerker">Administratief medewerker</label>
- </div>
- <div class="mb-3 form-check">
- <input type="checkbox" class="form-check-input" id="Wetenschappelijk medewerker" name="permissions[]" value="3">
- <label class="form-check-label" for="Wetenschappelijk medewerker">Wetenschappelijk medewerker</label>
- </div>
- <button type="submit" class="btn btn-primary" name="submit">Voeg toe</button>
- </form>
- </div>
- <?php
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- $errors = array(); // initialize an empty array to store errors
-
- // Check if voornaam is set and not empty
- if (isset($_POST['voornaam']) && !empty($_POST['voornaam'])) {
- $fname = $_POST['voornaam'];
- } else {
- $errors[] = "Voornaam is required";
- }
-
- // Check if achternaam is set and not empty
- if (isset($_POST['achternaam']) && !empty($_POST['achternaam'])) {
- $lname = $_POST['achternaam'];
- } else {
- $errors[] = "Achternaam is required";
- }
-
- // Check if email is set and not empty
- if (isset($_POST['email']) && !empty($_POST['email'])) {
- $email = $_POST['email'];
- } else {
- $errors[] = "E-mail is required";
- }
-
- // Check if password is set and not empty
- if (isset($_POST['password']) && !empty($_POST['password'])) {
- $password = $_POST['password'];
- } else {
- $errors[] = "Wachtwoord is required";
- }
-
- // Check if permissions is set
- if (isset($_POST['permissions'])) {
- $permissions = $_POST['permissions'];
- } else {
- $errors[] = "Permissies zijn vereist";
- }
-
- // Check if there are any errors
- if (count($errors) > 0) {
- // Print out the errors
- foreach ($errors as $error) {
- echo $error . "<br>";
- }
- } else {
- // Pass the password through a hashing function
- $hash = password_hash($password, PASSWORD_DEFAULT);
-
- //
-
- //Excecuting a sql statement for all the user permissions
- foreach($permissions as $perm){
- $sql = "INSERT INTO medewerkers_permissie (email, permissie_id) VALUES (?, ?);";
- $stmt= $conn->prepare($sql);
- $stmt->bind_param("si", $email, $perm);
- $stmt->execute();
- }
- }
- }
- // closing the connection
- mysqli_close($conn);
- ?>
- </body>
-</html>
diff --git a/login.php b/login.php
@@ -6,6 +6,9 @@
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<?php
include "utils/autoloader.php";
+ if(isset($_SESSION['email'])){
+ header('Location: dashboard.php');
+ }
$db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
?>
</head>
@@ -25,7 +28,7 @@
<label for="password">Password:</label>
<input type="password" class="form-control" id="password" name="password" placeholder="Enter password">
</div>
- <button type="submit" class="btn btn-primary">Login</button>
+ <button type="submit" name='login_btn' class="btn btn-primary">Login</button>
</form>
</div>
</div>
@@ -36,42 +39,45 @@
// check if a post request was sent
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// fetch data from the form
- if(!isset($_POST['email']) or !isset($_POST['password'])){
- echo "One of the forms was empty";
- } else {
- //store data from the form in a variable
- $email = $_POST['email'];
- $pwd = $_POST['password'];
+ if(isset($_POST['login_btn'])){
+ if(!isset($_POST['email']) || !isset($_POST['password'])){
+ echo "One of the forms was empty";
+ } else {
+ //store data from the form in a variable
+ $email = $_POST['email'];
+ $pwd = $_POST['password'];
- //create a User orm class
- $u = $db->get(User::class, $email);
-
- if(!$u->load($email)){
- //user incorrect, but to give out as little person info as possible just show either is wrong
- echo"password or user incorrect";
- }else{
- //password verification logic
- if(password_verify($pwd, $u->pwd)){
- //start session and set session variables
- session_start();
- $_SESSION['email'] = $u->email;
- $_SESSION['first_name'] = $u->fname;
- $_SESSION['last_name'] = $u->lname;
+ //create a User orm class
+ $u = $db->get(User::class);
+
+ if(!$u->load($email)){
+ //user incorrect, but to give out as little person info as possible just show either is wrong
+ echo"password or user incorrect";
+ }else{
+ //password verification logic
+ if(password_verify($pwd, $u->pwd)){
+ //start session and set session variables
+ session_start();
+ $_SESSION['email'] = $u->email;
+ $_SESSION['first_name'] = $u->fname;
+ $_SESSION['last_name'] = $u->lname;
- $p = $db->all_where(Permission::class, array('email' => $email));
- foreach($p as $permission){
- $user_permissions[] = $permission->id;
- };
- $_SESSION['user_permissions'] = $user_permissions;
+ $p = $db->all_where(Permission::class, array('email' => $email));
+ foreach($p as $permission){
+ $user_permissions[] = $permission->id;
+ };
+ $_SESSION['user_permissions'] = $user_permissions;
- header('Location: dashboard.php');
- }else{
- //password incorrect, but to give out as little person info as possible just show either is wrong
- echo"password or user incorrect";
+ header('Location: dashboard.php');
+ }else{
+ //password incorrect, but to give out as little person info as possible just show either is wrong
+ echo"password or user incorrect";
+ }
}
}
}
}
+
?>
diff --git a/navbar.php b/navbar.php
@@ -15,7 +15,7 @@
if (in_array(0, $permission_levels)) {
// Admin links
$admin_links = array(
- array('url' => '/crud_user.php', 'title' => 'Add User'),
+ array('url' => '/add_user.php', 'title' => 'Add User'),
array('url' => '/searchuser.php', 'title' => 'Search for user'),
array('url' => '/alteruser.php', 'title' => 'Alter user')
);
@@ -41,6 +41,15 @@
);
$links[] = array('name' => 'Student', 'links' => $student_links);
}
+
+ if($_SERVER["REQUEST_METHOD"] == "POST"){
+ if(isset($_POST['logout'])){
+ session_unset();
+ session_destroy();
+ header('Location: login.php');
+ exit;
+ }
+ }
?>
<nav class="navbar navbar-expand-lg navbar-light bg-light">
@@ -63,6 +72,9 @@
</li>
<?php } ?>
</ul>
+ <form method="post" action="login.php">
+ <button type="submit" id='logout' class="btn btn-primary">log out</button>
+ </form>
</div>
</nav>
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>
diff --git a/search_user.php b/search_user.php
@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<html lang="eng">
+ <head>
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+ <?php
+ include "navbar.php";
+ include "utils/autoloader.php";
+ if(!in_array(0, $_SESSION['permissions'])){
+ header('Location: dashboard.php');
+ exit;
+ }
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
+ ?>
+ </head>
+<body>
+ <form class="d-flex" action="search_user.php" method="post">
+ <input class="form-control me-2" type="search" name="search" placeholder="Email" aria-label="Search">
+ <button class="btn btn-outline-success" type="submit">Search</button>
+</form>
+ <?php
+ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['search'])) {
+ //set $query
+ $query = "%" . $_POST['search'] . "%";
+
+ //create a User orm class and load all the records where user like query
+ $results = $db->all_where(User::class, array('email' => $query));
+
+ // display results
+ if($results != null){
+ echo "<table class=\"table table-striped\">
+ <thead>
+ <tr>
+ <th>E-mail</th>
+ <th>First name</th>
+ <th>Last name</th>
+ <th>Action</th>
+ </tr>
+ </thead>
+ <tbody>";
+ foreach($results as $data) {
+ $link = "/alteruser.php?email=" . $data->email;
+ echo "<tr>";
+ echo "<td>" . $data->email . "</td>";
+ echo "<td>" . $data->fname . "</td>";
+ echo "<td>" . $data->lname . "</td>";
+ echo "<td><a href='" . $link . "'>Edit</a></td>";
+ echo "</tr>";
+ }
+ echo"
+ </tbody>
+ </table>";
+ }else{
+ echo "No users with this email address were found.";
+ }
+ }
+ ?>
+ </body>
+</html>
+
diff --git a/searchuser.php b/searchuser.php
@@ -1,61 +0,0 @@
-<?php
- include "navbar.php";
- include "Connect.php";
-?>
-<html>
- <head>
- <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
- </head>
-<body>
- <form class="d-flex" action="searchuser.php" method="post">
- <input class="form-control me-2" type="search" name="search" placeholder="Search" aria-label="Search">
- <button class="btn btn-outline-success" type="submit">Search</button>
-</form>
- <?php
- $connect = new Connect;
- $conn = $connect->getConn();
-
- if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['search'])) {
- $search = $_POST['search'];
- $search = "%" . $search . "%";
- $sql = "SELECT u.email, u.first_name, u.last_name
- FROM user u
- where u.email LIKE ?";
- $stmt= $conn->prepare($sql);
- $stmt->bind_param("s", $search);
- $stmt->execute();
-
- $result = $stmt->get_result();
-
- // verification logic and $_SESSION start
- if($result->num_rows > 0){
- echo "<table class=\"table table-striped\">
- <thead>
- <tr>
- <th>E-mail</th>
- <th>First name</th>
- <th>Last name</th>
- <th>Action</th>
- </tr>
- </thead>
- <tbody>";
- while ($row = mysqli_fetch_assoc($result)) {
- $link = "/alteruser.php?email=" . $row['email'];
- echo "<tr>";
- echo "<td>" . $row['email'] . "</td>";
- echo "<td>" . $row['first_name'] . "</td>";
- echo "<td>" . $row['last_name'] . "</td>";
- echo "<td><a href='" . $link . "'>Edit</a></td>";
- echo "</tr>";
- }
- echo"
- </tbody>
- </table>";
- }else{
- echo "No users with this email address were found.";
- }
- }
- ?>
- </body>
-</html>
-
