commit 2a24e022ad321936bc3606722dff7a09d7efe158
parent 80ab285f91c59627915ccfc7cc6b32bb000e50ce
Author: Gerco van Woudenbergh <[email protected]>
Date: Tue, 16 May 2023 17:15:30 +0200
working in the train
Diffstat:
17 files changed, 400 insertions(+), 298 deletions(-)
diff --git a/Lollipop/DatabaseObject.php b/Lollipop/DatabaseObject.php
@@ -5,6 +5,9 @@ namespace Lollipop {
abstract class DatabaseObject
{
+ protected string $table;
+ protected string $primary;
+
protected SQLDatabase $db;
protected array $data = [];
protected array $changed_keys = [];
@@ -12,34 +15,67 @@ namespace Lollipop {
function __construct(SQLDatabase $db)
{
$this->db = $db;
+ $this->primary = $this->get_primary();
+ $this->table = $this->get_table();
}
- public abstract static function get_primary(): string;
- public abstract static function get_table(): string;
+ abstract static function get_primary(): string;
+ abstract static function get_table(): string;
public function setData($data)
{
$this->data = $data;
}
-
- public function getData()
+ public function where(string $key, string $value)
{
- return $this->data;
+ $sql = "SELECT * FROM {$this->table} WHERE $key = ?";
+ $value = array($value);
+ $stmt = $this->db->conn->prepare($sql);
+ $stmt->execute($value);
+ $result = $stmt->get_result();
+ if ($result->num_rows == 0) {
+ return false;
+ }
+ $this->data = $result->fetch_assoc();
+ return true;
}
- /** this fuction accepts an $id value for the primary key
- * loads the row into data[]
- * returns bool if row is found
- */
+ public function where_array(array $values) : bool
+ {
+ $sql = "SELECT * FROM {$this->table} WHERE ";
+ $params = [];
+ $i = 0;
+ foreach($values as $key => $param){
+ if($i > 0)
+ $sql .= " and ";
+ $sql .= "{$key} = ?";
+ $params[] = $param;
+ }
+
+ $stmt = $this->db->conn->prepare($sql);
+ $stmt->execute($params);
+ $result = $stmt->get_result();
+
+ if ($result->num_rows == 0) {
+ return false;
+ }
+
+ $this->data = $result->fetch_assoc();
+ return true;
+ }
public function load(string $id): bool
{
- $sql = "SELECT * FROM {$this->get_table()} WHERE {$this->get_primary()} = ?";
+ /*this fuction accepts an $id value for the primary key
+ * loads the row into data[]
+ * returns bool if row is found
+ */
+ $sql = "SELECT * FROM {$this->table} WHERE {$this->primary} = ?";
$stmt = $this->db->conn->prepare($sql);
$stmt->execute([$id]);
$result = $stmt->get_result();
- if (!$result || $result->num_rows == 0) {
+ if ($result->num_rows == 0) {
return false;
}
@@ -47,12 +83,12 @@ namespace Lollipop {
return true;
}
- public function save()
+ public function save() : bool
{
if (!$this->changed_keys)
- return;
+ return false;
- $sql = "UPDATE {$this->get_table()} SET ";
+ $sql = "UPDATE {$this->table} SET ";
$values = [];
foreach ($this->changed_keys as $index => $key) {
@@ -62,37 +98,54 @@ namespace Lollipop {
$values[] = $this->data[$key];
}
- $sql .= " WHERE {$this->get_primary()} = ?";
- $values[] = $this->data[$this->get_primary()];
+ $sql .= " WHERE {$this->primary} = ?";
+ $values[] = $this->data[$this->primary];
$stmt = $this->db->conn->prepare($sql);
- $stmt->execute($values);
-
+
$this->changed_keys = [];
+
+ if($stmt->execute($values))
+ return true;
+ else
+ return false;
}
+ public function add() : bool
+ /* this function add the set variables to the database */
+ {
+ if (!$this->changed_keys)
+ return false;
+
+ $sql = "INSERT INTO {$this->table} (";
+ $sql_val = ") VALUES (";
+ $values = [];
+
+ foreach ($this->changed_keys as $index => $key) {
+ if ($index > 0){
+ $sql .= ', ';
+ $sql_val .= ', ';
+ }
+ $sql .= $key;
+ $sql_val .= "?";
+ $values[] = $this->data[$key];
+ }
+
+ $sql .= $sql_val . ")";
+ $stmt = $this->db->conn->prepare($sql);
+
+ $this->changed_keys = [];
+
+ if($stmt->execute($values))
+ return true;
+ else
+ return false;
+ }
public function delete()
{
- $sql = "DELETE FROM {$this->get_table()} WHERE";
-
- $i = 0;
- foreach ($this->data as $key => $value) {
- if ($i > 0) {
- $sql .= ' AND ';
- }
- $sql .= " $key = ?";
- $i++;
- }
-
+ $sql = "DELETE FROM {$this->table} WHERE {$this->primary} = ?";
$stmt = $this->db->conn->prepare($sql);
- $stmt->execute(array_values($this->data));
- $result = $stmt->get_result();
-
- if (!$result || $result->num_rows == 0) {
- return [];
- }
-
-
+ $stmt->execute([$this->data[$this->primary]]);
$this->data = [];
$this->changed_keys = [];
}
@@ -108,29 +161,9 @@ namespace Lollipop {
$this->changed_keys[] = $name;
}
- function insert(): bool
+ public function getData()
{
- //first check if this primary key exists
- $sql = "SELECT {$this->get_primary()} FROM {$this->get_table()} WHERE {$this->get_primary()} = ?";
- $stmt = $this->db->conn->prepare($sql);
- $stmt->bind_param('s', $this->data['email']);
- $stmt->execute();
- $result = $stmt->get_result();
- if ($result && $result->num_rows > 0)
- return false;
-
- //if this primay key does not exist add the data
- $keys = implode(", ", array_keys($this->data));
- $values = implode(", ", array_fill(0, count($this->data), '?'));
-
- $sql = "INSERT INTO {$this->get_table()} ({$keys}) VALUES ({$values})";
-
- $stmt = $this->db->conn->prepare($sql);
- $stmt->execute(array_values($this->data));
-
- $result = $stmt->get_result();
-
- return $result && $result->num_rows > 0;
+ return $this->data;
}
}
}
\ No newline at end of file
diff --git a/Lollipop/SQLDatabase.php b/Lollipop/SQLDatabase.php
@@ -15,69 +15,115 @@ namespace Lollipop {
function get(string $table_class)
{
/* this function accepts a $table_name creates a Database object with the class $table_name
- * retuns a Database object
- */
+ * retuns a Database object
+ */
$cls = new $table_class($this);
return $cls;
}
- function all(string $table_class): array
+ function all_where(string $table_name, array $vars)
{
- $cls = new $table_class($this);
+ /* this function accepts a table name and an array[$column_name => $value]
+ * statement is select * from $table_name where $column_name = $value AND etc...
+ * returns an array of classes
+ */
+ if (!sizeof($vars)) {
+ return [];
+ }
+ $cls = new $table_name($this);
- $sql = "SELECT * FROM {$cls->get_table()}";
+ $sql = "SELECT * FROM {$cls->get_table()} WHERE ";
+ $params = [];
+
+ $i = 0;
+ foreach ($vars as $key => $value) {
+ if ($i > 0) {
+ $sql .= ' AND ';
+ }
+ $sql .= " $key LIKE ?";
+ $params[] = $value;
+ $i++;
+ }
$stmt = $this->conn->prepare($sql);
- $stmt->execute();
+ $stmt->execute($params);
$result = $stmt->get_result();
if (!$result || $result->num_rows == 0) {
return [];
}
- $rows = [];
+ $objects = [];
while ($row = $result->fetch_assoc()) {
- $r = new $table_class($this);
- $r->setData($row);
- $rows[] = $r;
+ $o = new $table_name($this);
+ $o->setData($row);
+ $objects[] = $o;
}
- return $rows;
+ return $objects;
}
- function where(string $table_class, array $vars, bool $like = false): array
+ function all(string $table_name)
{
- $cls = new $table_class($this);
+ /* loads whole table $table_name
+ * returns array of objects
+ */
+ $cls = new $table_name($this);
- if (!sizeof($vars))
- return [];
-
- $sql = "SELECT * FROM {$cls->get_table()} WHERE";
-
- $i = 0;
- foreach ($vars as $key => $value) {
- if ($i > 0) {
- $sql .= ' AND ';
- }
- $sql .= $like ? " $key LIKE ?" : " $key = ?";
- $i++;
- }
+ $sql = "SELECT * FROM {$cls->get_table()}";
- $stmt = $this->conn->prepare($sql);
- $stmt->execute(array_values($vars));
- $result = $stmt->get_result();
+ $result = $this->conn->query($sql);
if (!$result || $result->num_rows == 0) {
return [];
}
- $rows = [];
+ $objects = [];
while ($row = $result->fetch_assoc()) {
- $o = new $table_class($this);
+ $o = new $table_name($this);
$o->setData($row);
- $rows[] = $o;
+ $objects[] = $o;
}
- return $rows;
+ return $objects;
}
+ public function getDateRange(string $table_name, array $query, $order)
+ {
+ if($query == null)
+ return [];
+
+ $cls = new $table_name($this);
+
+ $sql = "SELECT * FROM {$cls->get_table()} WHERE ";
+ $index = 0;
+ $values = [];
+ foreach($query as $key => $q) {
+ foreach ($q as $k => $value) {
+ if ($index > 0) {
+ $sql .= " AND ";
+ }
+ $sql .= "{$key} {$k} ?";
+ $values[] = $value;
+ $index++;
+ }
+ }
+
+ $sql .= " ORDER BY date_time " . $order;
+ $sql .= " LIMIT 1000";
+ $stmt = $this->conn->prepare($sql);
+ $stmt->execute($values);
+ $result = $stmt->get_result();
+
+ if ($result->num_rows == 0) {
+ return [];
+ }
+
+ $objects = [];
+ while ($row = $result->fetch_assoc()) {
+ $o = new $table_name($this);
+ $o->setData($row);
+ $objects[] = $o;
+ }
+ return $objects;
+ }
}
}
?>
\ No newline at end of file
diff --git a/Model/Login_handler.php b/Model/Login_handler.php
@@ -0,0 +1,46 @@
+<?php
+class Login_handler
+{
+ function login(string $email, string $pwd) : bool
+ //this function return true when user is autheticated uses set_globals to set $_SESSION variables
+ {
+ //create a SQLDatabase class
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
+ //create a Database object class, with the table User
+ $u = $db->get(Model\User::class);
+
+ //check if the email exists in db
+ if(!$u->where('email', $email)){
+ //email does not exist
+ return false;
+ }else{
+ if(password_verify($pwd, $u->pwd)){
+ //authenticated -> set $_SESSION variables
+ $this->set_globals($u, $db);
+ return true;
+ } else {
+ //password did not match
+ return false;
+ }
+ }
+ }
+
+ private function set_globals(Lollipop\DatabaseObject $u, Lollipop\SQLDatabase $db)
+ //this function sets Session variables which incluse
+ //email, first_name, last_name and array user_permissions
+ {
+ //start session and set
+ session_start();
+ $_SESSION['email'] = $u->email;
+ $_SESSION['first_name'] = $u->fname;
+ $_SESSION['last_name'] = $u->lname;
+
+ //get permissions form db and set sessions_permissions
+ $p = $db->all_where(Model\Permission_user::class, array('email' => $u->email));
+ foreach($p as $permission){
+ $user_permissions[] = $permission->id;
+ }
+ $_SESSION['user_permissions'] = $user_permissions;
+ }
+}
+?>
+\ No newline at end of file
diff --git a/Model/PermissionUser.php b/Model/PermissionUser.php
@@ -1,15 +0,0 @@
-<?php
-namespace Model {
- class PermissionUser extends \Lollipop\DatabaseObject
- {
- static function get_table(): string
- {
- return "permission_user";
- }
-
- static function get_primary(): string
- {
- return 'id';
- }
- }
-}
-\ No newline at end of file
diff --git a/Model/Permission_User.php b/Model/Permission_User.php
@@ -0,0 +1,15 @@
+<?php
+namespace Model {
+ class Permission_User extends \Lollipop\DatabaseObject
+ {
+ static function get_table(): string
+ {
+ return "permission_user";
+ }
+
+ static function get_primary(): string
+ {
+ return 'id';
+ }
+ }
+}
+\ No newline at end of file
diff --git a/hello.php b/hello.php
@@ -1 +0,0 @@
-<?php var_dump($_PARAM);
-\ No newline at end of file
diff --git a/index.php b/index.php
@@ -8,7 +8,8 @@ $router->addRoute(["GET", "POST"], "/user/add", "views/add_user.php");
$router->addRoute(["GET", "POST"], "/user/:email/crud", "views/crud_user.php");
$router->addRoute(["GET", "POST"], "/user/search", "views/search_user.php");
$router->addRoute(["GET", "POST"], "/dashboard", "views/dashboard.php");
-$router->addRoute(["GET", "POST"], "/login", "views/login.php");
+$router->addRoute(["GET", "POST"], "/", "views/login.php");
+$router->addRoute(["GET", "POST"], "/logout", "logic/logout.php");
$router->addRoute(["GET", "POST"], "/course/search", "views/search_course.php");
$router->addRoute(["GET", "POST"], "/course/:enroll/enroll", "views/search_course.php");
$router->addRoute(["GET", "POST"], "/course/:unsubscribe/unsubscribe", "views/search_course.php");
diff --git a/logic/dashboard.php b/logic/dashboard.php
@@ -0,0 +1,15 @@
+<?php
+ //echo file_get_contents('http://127.0.0.1/server-status');
+ session_start();
+ echo "voornaam = ";
+ echo $_SESSION['first_name'];
+ echo "<br>";
+ echo "achternaam = ";
+ echo $_SESSION['last_name'];
+ echo "<br>";
+ echo "email = ";
+ echo $_SESSION['email'];
+ echo "<br>";
+ echo "perm = ";
+ var_dump($_SESSION['user_permissions']);
+?>
+\ No newline at end of file
diff --git a/logic/login.php b/logic/login.php
@@ -0,0 +1,18 @@
+<?php
+include "utils\autoloader.php";
+
+//create login class
+$login_handler = new Login_handler;
+$msg = "";
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ if(isset($_POST['email']) || !isset($_POST['password'])){
+ // fetch data from the form pass to login_handler function
+ if(($login_handler->login($_POST['email'], $_POST['password']))){
+ //authenticated
+ header('Location: /dashboard');
+ }else{
+ $msg = "<p style=\"color:red\">Incorrect username of password.</p>";
+ }
+ }
+}
+?>
+\ No newline at end of file
diff --git a/logic/logout.php b/logic/logout.php
@@ -0,0 +1,8 @@
+<?php
+session_start();
+session_unset();
+session_destroy();
+session_abort();
+header('Location: /');
+exit;
+?>
+\ No newline at end of file
diff --git a/logic/navbar.php b/logic/navbar.php
@@ -0,0 +1,42 @@
+<?php
+session_start();
+if (!isset($_SESSION['email'])) {
+ header('Location: /');
+ exit;
+}
+// Get the permission level of the user
+
+$permission_levels = $_SESSION['user_permissions'];
+
+// Assume $permission_levels is an array containing the user's permission levels
+
+$links = array();
+
+// Define the links for each type of employee
+if (in_array(0, $permission_levels)) {
+ // Admin links
+ $admin_links = array(
+ array('url' => '/user/add', 'title' => 'Add User'),
+ array('url' => '/user/search', 'title' => 'Search for user'),
+ );
+ $links[] = array('name' => 'Admin', 'links' => $admin_links);
+}
+
+if (in_array(1, $permission_levels)) {
+ // Lecturer links
+ $lecturer_links = array(
+ array('url' => 'lecturer_page_1.php', 'title' => 'Lecturer Page 1'),
+ array('url' => 'lecturer_page_2.php', 'title' => 'Lecturer Page 2'),
+ array('url' => 'lecturer_page_3.php', 'title' => 'Lecturer Page 3')
+ );
+ $links[] = array('name' => 'Lecturer', 'links' => $lecturer_links);
+}
+
+if (in_array(2, $permission_levels)) {
+ // Student links
+ $student_links = array(
+ array('url' => '/course/search', 'title' => 'Courses'),
+ );
+ $links[] = array('name' => 'Student', 'links' => $student_links);
+}
+?>
+\ No newline at end of file
diff --git a/navbar.php b/navbar.php
@@ -1,91 +0,0 @@
-<?php
-session_start();
-if (!isset($_SESSION['email'])) {
- header('Location: /login');
- exit;
-}
-// Get the permission level of the user
-$permission_levels = $_SESSION['permissions'];
-
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (isset($_POST['logout'])) {
- echo "This is Button1 that is selected";
- session_abort();
- header('Location: /login');
- }
-}
-// Assume $permission_levels is an array containing the user's permission levels
-
-$links = array();
-
-// Define the links for each type of employee
-if (in_array(0, $permission_levels)) {
- // Admin links
- $admin_links = array(
- array('url' => '/user/add', 'title' => 'Add User'),
- array('url' => '/user/search', 'title' => 'Search for user'),
- );
- $links[] = array('name' => 'Admin', 'links' => $admin_links);
-}
-
-if (in_array(1, $permission_levels)) {
- // Lecturer links
- $lecturer_links = array(
- array('url' => 'lecturer_page_1.php', 'title' => 'Lecturer Page 1'),
- array('url' => 'lecturer_page_2.php', 'title' => 'Lecturer Page 2'),
- array('url' => 'lecturer_page_3.php', 'title' => 'Lecturer Page 3')
- );
- $links[] = array('name' => 'Lecturer', 'links' => $lecturer_links);
-}
-
-if (in_array(2, $permission_levels)) {
- // Student links
- $student_links = array(
- array('url' => '/course/search', 'title' => 'Courses'),
- );
- $links[] = array('name' => 'Student', 'links' => $student_links);
-}
-
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (isset($_POST['logout'])) {
- session_unset();
- session_destroy();
- header('Location: /login');
- exit;
- }
-}
-?>
-
-<nav class="navbar navbar-expand-lg navbar-light bg-light">
- <a class="navbar-brand" href="/dashboard">Dashboard</a>
- <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNavDropdown"
- aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation">
- <span class="navbar-toggler-icon"></span>
- </button>
- <div class="collapse navbar-collapse" id="navbarNavDropdown">
- <ul class="navbar-nav">
- <?php foreach ($links as $employee_links) { ?>
- <li class="nav-item dropdown">
- <a class="nav-link dropdown-toggle" href="#"
- id="navbarDropdownMenuLink<?php echo $employee_links['name']; ?>" role="button"
- data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
- <?php echo $employee_links['name']; ?>
- </a>
- <ul class="dropdown-menu"
- aria-labelledby="navbarDropdownMenuLink<?php echo $employee_links['name']; ?>">
- <?php foreach ($employee_links['links'] as $link) { ?>
- <li><a class="dropdown-item" href="<?php echo $link['url']; ?>"><?php echo $link['title']; ?></a>
- </li>
- <?php } ?>
- </ul>
- </li>
- <?php } ?>
- </ul>
- <form method="post" action="/login">
- <button type="submit" id='logout' class="btn btn-primary">log out</button>
- </form>
- </div>
-</nav>
-<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>
-<script src="https://cdn.jsdelivr.net/npm/@popperjs/[email protected]/dist/umd/popper.min.js"></script>
-<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js"></script>
-\ No newline at end of file
diff --git a/utils/autoloader.php b/utils/autoloader.php
@@ -7,11 +7,11 @@ spl_autoload_register(function ($class_name) {
$sr = DIRECTORY_SEPARATOR;
$filename = $class_name . '.php';
if (!file_exists($filename)) {
- $filename = 'classes' . $sr . $class_name . '.php';
+ $filename = 'Model' . $sr . $class_name . '.php';
if (!file_exists($filename)) {
return false;
} else {
- include 'classes' . $sr . $class_name . '.php';
+ include 'Model' . $sr . $class_name . '.php';
}
} else {
include $class_name . '.php';
diff --git a/views/dashboard.php b/views/dashboard.php
@@ -1,31 +1,14 @@
<html>
-
-<head>
- <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
-</head>
-<?php
-include "navbar.php";
-?>
-
-<body>
- <?php
- //echo file_get_contents('http://127.0.0.1/server-status');
- echo "voornaam = ";
- echo $_SESSION['first_name'];
- echo "<br>";
- echo "achternaam = ";
- echo $_SESSION['last_name'];
- echo "<br>";
- echo "email = ";
- echo $_SESSION['email'];
- echo "<br>";
- echo "perm = ";
- var_dump($_SESSION['permissions']);
-
- echo "<pre>";
- var_dump($_SESSION);
- echo "</pre>";
- ?>
-</body>
-
+ <head>
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+ <?php
+ include "navbar.php";
+ include "logic/dashboard.php";
+ ?>
+ </head>
+ <body>
+ <!-- make a course overview-->
+ <!-- option to apply to course-->
+ <!-- overview of grades-->
+ </body>
</html>
\ No newline at end of file
diff --git a/views/login.php b/views/login.php
@@ -1,28 +1,33 @@
<!DOCTYPE html>
+<?php
+ session_start();
+ if (isset($_SESSION['email'])) {
+ header('Location: /dashboard');
+ }
+ include "logic/login.php";
+?>
<html>
-
<head>
<title>Login Page</title>
- <!-- Add the Bootstrap CSS stylesheet -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css"
integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
- <?php
- include "utils/autoloader.php";
- if (isset($_SESSION['email'])) {
- header('Location: /dashboard');
- }
- $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
- ?>
</head>
-
<body>
+ <div class="container mx-auto text-center">
+ <div class="row">
+ <div class="col-md-12 title">
+ <h1>Welcome to Lollipop</h1>
+ <h4>Please log in</h4>
+ </div>
+ </div>
+ </div>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">Login</div>
<div class="card-body">
- <form method="POST" action="/login">
+ <form method="POST" action="/">
<div class="form-group">
<label for="email">Email:</label>
<input type="email" class="form-control" id="email" name="email"
@@ -36,59 +41,16 @@
<button type="submit" name='login_btn' class="btn btn-primary">Login</button>
</form>
</div>
+ <div class="row justify-content-center">
+ <?php
+ //display login $msg
+ echo $msg;
+ ?>
+ </div>
</div>
</div>
</div>
</div>
- </div>
- <?php
- // check if a post request was sent
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- // fetch data from the form
- if (isset($_POST['login_btn'])) {
- if (!isset($_POST['email']) || !isset($_POST['password'])) {
- echo "One of the forms was empty";
- } else {
- //store data from the form in a variable
- $email = $_POST['email'];
- $pwd = $_POST['password'];
-
- //create a User orm class
- $u = $db->get(Model\User::class);
-
- if (!$u->load($email)) {
- //user incorrect, but to give out as little person info as possible just show either is wrong
- echo "password or user incorrect";
- } else {
- //password verification logic
- if (password_verify($pwd, $u->pwd)) {
- //start session and set session variables
- session_start();
- $_SESSION['email'] = $u->email;
- $_SESSION['first_name'] = $u->fname;
- $_SESSION['last_name'] = $u->lname;
-
- $user_permissions = [];
- $p = $db->where(Model\PermissionUser::class, array('email' => $email));
- foreach ($p as $permission) {
- $user_permissions[] = $permission->id;
- }
- $_SESSION['permissions'] = $user_permissions;
-
- header('Location: /dashboard');
- } else {
- //password incorrect, but to give out as little person info as possible just show either is wrong
- echo "password or user incorrect";
- }
- }
- }
- header('Location: /dashboard');
- }
- }
-
-
-
- ?>
</body>
</html>
\ No newline at end of file
diff --git a/views/navbar.php b/views/navbar.php
@@ -0,0 +1,36 @@
+<?php
+include "logic/navbar.php";
+?>
+<nav class="navbar navbar-expand-lg navbar-light bg-light">
+ <a class="navbar-brand" href="/dashboard">Dashboard</a>
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNavDropdown"
+ aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+ <div class="collapse navbar-collapse" id="navbarNavDropdown">
+ <ul class="navbar-nav">
+ <?php foreach ($links as $employee_links) { ?>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#"
+ id="navbarDropdownMenuLink<?php echo $employee_links['name']; ?>" role="button"
+ data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+ <?php echo $employee_links['name']; ?>
+ </a>
+ <ul class="dropdown-menu"
+ aria-labelledby="navbarDropdownMenuLink<?php echo $employee_links['name']; ?>">
+ <?php foreach ($employee_links['links'] as $link) { ?>
+ <li><a class="dropdown-item" href="<?php echo $link['url']; ?>"><?php echo $link['title']; ?></a>
+ </li>
+ <?php } ?>
+ </ul>
+ </li>
+ <?php } ?>
+ </ul>
+ <form method="post" action="/logout">
+ <button type="submit" name='logout' class="btn btn-primary">log out</button>
+ </form>
+ </div>
+</nav>
+<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>
+<script src="https://cdn.jsdelivr.net/npm/@popperjs/[email protected]/dist/umd/popper.min.js"></script>
+<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js"></script>
+\ No newline at end of file
diff --git a/views/search_course.php b/views/search_course.php
@@ -4,10 +4,10 @@ include "utils/autoloader.php";
session_start();
$db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
-if (!isset($_SESSION['permissions']) || !in_array(1, $_SESSION['permissions'])) {
- header('Location: /dashboard');
- exit;
-}
+// if (!isset($_SESSION['permissions']) || !in_array(1, $_SESSION['permissions'])) {
+// header('Location: /dashboard');
+// exit;
+// }
if (isset($_PARAM['enroll'])) {
$c = $db->get(Model\CourseUser::class);
