commit 53699ad9cdb84515b307d505dee8ea6169d4ea8a
parent 02d87526c847e371bd65e5bc03bf0fe9cb69d7c0
Author: MoiBaguette <[email protected]>
Date: Sat, 15 Apr 2023 14:17:56 +0200
login met orm
Diffstat:
7 files changed, 382 insertions(+), 43 deletions(-)
diff --git a/Lollipop/SQLDatabase.php b/Lollipop/SQLDatabase.php
@@ -18,15 +18,14 @@ namespace Lollipop {
* retuns a Database object
*/
$cls = new $table_class($this);
- $cls->load($name);
return $cls;
}
- function where(string $table_name, array $vars)
+ function all_where(string $table_name, array $vars)
{
/* this function accepts a table name and an array[$column_name => $value]
* statement is select * from $table_name where $column_name = $value AND etc...
- * returns an array of objects
+ * returns an array of classes
*/
if (!sizeof($vars)) {
return [];
diff --git a/alteruser.php b/alteruser.php
@@ -0,0 +1,152 @@
+<!DOCTYPE html>
+<html lang="nl">
+
+<head>
+ <title>User toevoegen</title>
+ <!-- Bootstrap CSS -->
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+</head>
+<?php
+include "navbar.php";
+if (!in_array(1, $_SESSION['permissions'])) {
+ header('Location: dashboard.php');
+ exit;
+}
+?>
+
+<body>
+ <div class="container">
+ <h1>User toevoegen</h1>
+
+ <form action="crud_user.php" method="post">
+ <div class="mb-3">
+ <label for="voornaam" class="form-label"><b>Voornaam:</b></label>
+ <input type="text" class="form-control" name="voornaam" id="voornaam" placeholder="Voornaam">
+ </div>
+ <div class="mb-3">
+ <label for="achternaam" class="form-label"><b>Achternaam:</b></label>
+ <input type="text" class="form-control" name="achternaam" id="achternaam" placeholder="Achternaam">
+ </div>
+ <div class="mb-3">
+ <label for="email" class="form-label"><b>Email:</b></label>
+ <input type="text" class="form-control" name="email" id="email" placeholder="Email">
+ </div>
+ <div class="mb-3">
+ <label for="password" class="form-label"><b>Wachtwoord:</b></label>
+ <input type="password" class="form-control" name="password" id="password" placeholder="******">
+ </div>
+ <p>Please select the user permissions:</p>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Admin" name="permissions[]" value="1">
+ <label class="form-check-label" for="Admin">Admin</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Administratief medewerker" name="permissions[]"
+ value="2">
+ <label class="form-check-label" for="Administratief medewerker">Administratief medewerker</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Wetenschappelijk medewerker" name="permissions[]"
+ value="3">
+ <label class="form-check-label" for="Wetenschappelijk medewerker">Wetenschappelijk medewerker</label>
+ </div>
+ <button type="submit" class="btn btn-primary" name="submit">Voeg toe</button>
+ </form>
+ </div>
+ <?php
+ $servername = "86.92.67.21";
+ $username = "friedel";
+ $password = "hailiwa";
+ $dbname = "wap2";
+ // Create connection
+ $conn = mysqli_connect($servername, $username, $password, $dbname);
+ // Check connection
+ if (!$conn) {
+ die("Connection failed: " . mysqli_connect_error());
+ }
+
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ $errors = array(); // initialize an empty array to store errors
+
+ // Check if voornaam is set and not empty
+ if (isset($_POST['voornaam']) && !empty($_POST['voornaam'])) {
+ $fname = $_POST['voornaam'];
+ } else {
+ $errors[] = "Voornaam is required";
+ }
+
+ // Check if achternaam is set and not empty
+ if (isset($_POST['achternaam']) && !empty($_POST['achternaam'])) {
+ $lname = $_POST['achternaam'];
+ } else {
+ $errors[] = "Achternaam is required";
+ }
+
+ // Check if email is set and not empty
+ if (isset($_POST['email']) && !empty($_POST['email'])) {
+ $email = $_POST['email'];
+ } else {
+ $errors[] = "E-mail is required";
+ }
+
+ // Check if password is set and not empty
+ if (isset($_POST['password']) && !empty($_POST['password'])) {
+ $password = $_POST['password'];
+ } else {
+ $password = null;
+ }
+
+ // Check if permissions is set
+ if (isset($_POST['permissions'])) {
+ $permissions = $_POST['permissions'];
+ } else {
+ $errors[] = "Permissies zijn vereist";
+ }
+
+ // Check if there are any errors
+ if (count($errors) > 0) {
+ // Print out the errors
+ foreach ($errors as $error) {
+ echo $error . "<br>";
+ }
+ } else {
+ // Pass the password through a hashing function
+
+ // Making a sql statement to add user to the database, preparing it and excuting
+ $sql = "UPDATE medewerkers
+ SET voornaam = ?, achternaam = ?
+ WHERE email = ?";
+ $stmt = $conn->prepare($sql);
+ $stmt->bind_param("sss", $fname, $lname, $email);
+ $stmt->execute();
+
+ if ($password) {
+ $hash = password_hash($password, PASSWORD_DEFAULT);
+ $sql = "UPDATE medewerkers
+ SET wachtwoord = ?
+ WHERE email = ?";
+ $stmt = $conn->prepare($sql);
+ $stmt->bind_param("ss", $hash, $email);
+ $stmt->execute();
+ }
+
+ $sql = "DELETE medewerkers WHERE email = ?";
+ $stmt = $conn->prepare($sql);
+ $stmt->bind_param("s", $email);
+ $stmt->execute();
+
+ //Excecuting a sql statement for all the user permissions
+ foreach ($permissions as $perm) {
+ $sql = "INSERT INTO medewerkers_permissie (email, permissie_id) VALUES (?, ?);";
+ $stmt = $conn->prepare($sql);
+ $stmt->bind_param("si", $email, $perm);
+ $stmt->execute();
+ }
+ }
+ }
+ // closing the connection
+ mysqli_close($conn);
+ ?>
+</body>
+
+</html>
+\ No newline at end of file
diff --git a/crud_user.php b/crud_user.php
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<html lang="nl">
+ <head>
+ <title>Add user</title>
+ <!-- Bootstrap CSS -->
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+ </head>
+ <?php
+ include "navbar.php";
+ include "utils/autoloader.php";
+ if(!in_array(0, $_SESSION['permissions'])){
+ header('Location: dashboard.php');
+ exit;
+ }
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
+ ?>
+ <body>
+ <div class="container">
+ <h1>User toevoegen</h1>
+
+ <form action="crud_user.php" method="post">
+ <div class="mb-3">
+ <label for="voornaam" class="form-label"><b>Voornaam:</b></label>
+ <input type="text" class="form-control" name="voornaam" id="voornaam" placeholder="Voornaam">
+ </div>
+ <div class="mb-3">
+ <label for="achternaam" class="form-label"><b>Achternaam:</b></label>
+ <input type="text" class="form-control" name="achternaam" id="achternaam" placeholder="Achternaam">
+ </div>
+ <div class="mb-3">
+ <label for="email" class="form-label"><b>Email:</b></label>
+ <input type="text" class="form-control" name="email" id="email" placeholder="Email">
+ </div>
+ <div class="mb-3">
+ <label for="password" class="form-label"><b>Wachtwoord:</b></label>
+ <input type="password" class="form-control" name="password" id="password" placeholder="******">
+ </div>
+ <p>Please select the user permissions:</p>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Admin" name="permissions[]" value="1">
+ <label class="form-check-label" for="Admin">Admin</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Administratief medewerker" name="permissions[]" value="2">
+ <label class="form-check-label" for="Administratief medewerker">Administratief medewerker</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Wetenschappelijk medewerker" name="permissions[]" value="3">
+ <label class="form-check-label" for="Wetenschappelijk medewerker">Wetenschappelijk medewerker</label>
+ </div>
+ <button type="submit" class="btn btn-primary" name="submit">Voeg toe</button>
+ </form>
+ </div>
+ <?php
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ $errors = array(); // initialize an empty array to store errors
+
+ // Check if voornaam is set and not empty
+ if (isset($_POST['voornaam']) && !empty($_POST['voornaam'])) {
+ $fname = $_POST['voornaam'];
+ } else {
+ $errors[] = "Voornaam is required";
+ }
+
+ // Check if achternaam is set and not empty
+ if (isset($_POST['achternaam']) && !empty($_POST['achternaam'])) {
+ $lname = $_POST['achternaam'];
+ } else {
+ $errors[] = "Achternaam is required";
+ }
+
+ // Check if email is set and not empty
+ if (isset($_POST['email']) && !empty($_POST['email'])) {
+ $email = $_POST['email'];
+ } else {
+ $errors[] = "E-mail is required";
+ }
+
+ // Check if password is set and not empty
+ if (isset($_POST['password']) && !empty($_POST['password'])) {
+ $password = $_POST['password'];
+ } else {
+ $errors[] = "Wachtwoord is required";
+ }
+
+ // Check if permissions is set
+ if (isset($_POST['permissions'])) {
+ $permissions = $_POST['permissions'];
+ } else {
+ $errors[] = "Permissies zijn vereist";
+ }
+
+ // Check if there are any errors
+ if (count($errors) > 0) {
+ // Print out the errors
+ foreach ($errors as $error) {
+ echo $error . "<br>";
+ }
+ } else {
+ // Pass the password through a hashing function
+ $hash = password_hash($password, PASSWORD_DEFAULT);
+
+ //
+
+ //Excecuting a sql statement for all the user permissions
+ foreach($permissions as $perm){
+ $sql = "INSERT INTO medewerkers_permissie (email, permissie_id) VALUES (?, ?);";
+ $stmt= $conn->prepare($sql);
+ $stmt->bind_param("si", $email, $perm);
+ $stmt->execute();
+ }
+ }
+ }
+ // closing the connection
+ mysqli_close($conn);
+ ?>
+ </body>
+</html>
diff --git a/dashboard.php b/dashboard.php
@@ -7,7 +7,7 @@
?>
<body>
<?php
- echo file_get_contents('http://127.0.0.1/server-status');
+ //echo file_get_contents('http://127.0.0.1/server-status');
echo $_SESSION['first_name'];
echo " ";
echo $_SESSION['last_name'];
diff --git a/login.php b/login.php
@@ -4,7 +4,11 @@
<title>Login Page</title>
<!-- Add the Bootstrap CSS stylesheet -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
-</head>
+ <?php
+ include "utils/autoloader.php";
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
+ ?>
+ </head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
@@ -28,31 +32,43 @@
</div>
</div>
</div>
- <!-- Add the Bootstrap JavaScript library (optional) -->
- <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
- <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
- <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<?php
- include "autoloader.php";
- $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
- // check if a post request was sent
+ // check if a post request was sent
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// fetch data from the form
if(!isset($_POST['email']) or !isset($_POST['password'])){
echo "One of the forms was empty";
} else {
+ //store data from the form in a variable
$email = $_POST['email'];
$pwd = $_POST['password'];
+
+ //create a User orm class
$u = $db->get(User::class, $email);
- if($u->pwd == $pwd){//password_verify($pwd, $u->pwd)
- session_start();
- $_SESSION['email'] = $u->email;
- $_SESSION['first_name'] = $u->fname;
- $_SESSION['last_name'] = $u->lname;
- $p = $db->get(Permission::class, $email);
-
- header('Location: dashboard.php');
+ if(!$u->load($email)){
+ //user incorrect, but to give out as little person info as possible just show either is wrong
+ echo"password or user incorrect";
+ }else{
+ //password verification logic
+ if(password_verify($pwd, $u->pwd)){
+ //start session and set session variables
+ session_start();
+ $_SESSION['email'] = $u->email;
+ $_SESSION['first_name'] = $u->fname;
+ $_SESSION['last_name'] = $u->lname;
+
+ $p = $db->all_where(Permission::class, array('email' => $email));
+ foreach($p as $permission){
+ $user_permissions[] = $permission->id;
+ };
+ $_SESSION['user_permissions'] = $user_permissions;
+
+ header('Location: dashboard.php');
+ }else{
+ //password incorrect, but to give out as little person info as possible just show either is wrong
+ echo"password or user incorrect";
+ }
}
}
}
diff --git a/navbar.php b/navbar.php
@@ -12,7 +12,7 @@
$links = array();
// Define the links for each type of employee
- if (in_array(1, $permission_levels)) {
+ if (in_array(0, $permission_levels)) {
// Admin links
$admin_links = array(
array('url' => '/crud_user.php', 'title' => 'Add User'),
@@ -22,32 +22,24 @@
$links[] = array('name' => 'Admin', 'links' => $admin_links);
}
- if (in_array(2, $permission_levels)) {
- // Administrative employee links
- $admin_employee_links = array(
- array('url' => 'admin_employee_page_1.php', 'title' => 'Admin Employee Page 1'),
- array('url' => 'admin_employee_page_2.php', 'title' => 'Admin Employee Page 2'),
- array('url' => 'admin_employee_page_3.php', 'title' => 'Admin Employee Page 3')
- );
- $links[] = array('name' => 'Administrative Employee', 'links' => $admin_employee_links);
- }
-
- if (in_array(3, $permission_levels)) {
- // Scientific employee links
- $scientific_employee_links = array(
- array('url' => 'scientific_employee_page_1.php', 'title' => 'Scientific Employee Page 1'),
- array('url' => 'scientific_employee_page_2.php', 'title' => 'Scientific Employee Page 2'),
- array('url' => 'scientific_employee_page_3.php', 'title' => 'Scientific Employee Page 3')
+ if (in_array(1, $permission_levels)) {
+ // Lecturer links
+ $lecturer_links = array(
+ array('url' => 'lecturer_page_1.php', 'title' => 'Lecturer Page 1'),
+ array('url' => 'lecturer_page_2.php', 'title' => 'Lecturer Page 2'),
+ array('url' => 'lecturer_page_3.php', 'title' => 'Lecturer Page 3')
);
- $links[] = array('name' => 'Scientific Employee', 'links' => $scientific_employee_links);
+ $links[] = array('name' => 'Lecturer', 'links' => $lecturer_links);
}
- if (empty($links)) {
- // Guest links
- $guest_links = array(
- array('url' => 'guest_page_1.php', 'title' => 'Guest Page 1')
+ if (in_array(2, $permission_levels)) {
+ // Student links
+ $student_links = array(
+ array('url' => 'student_page_1.php', 'title' => 'Student Page 1'),
+ array('url' => 'student_page_2.php', 'title' => 'Student Page 2'),
+ array('url' => 'student_page_3.php', 'title' => 'Student Page 3')
);
- $links[] = array('name' => 'Guest', 'links' => $guest_links);
+ $links[] = array('name' => 'Student', 'links' => $student_links);
}
?>
diff --git a/searchuser.php b/searchuser.php
@@ -0,0 +1,61 @@
+<?php
+ include "navbar.php";
+ include "Connect.php";
+?>
+<html>
+ <head>
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+ </head>
+<body>
+ <form class="d-flex" action="searchuser.php" method="post">
+ <input class="form-control me-2" type="search" name="search" placeholder="Search" aria-label="Search">
+ <button class="btn btn-outline-success" type="submit">Search</button>
+</form>
+ <?php
+ $connect = new Connect;
+ $conn = $connect->getConn();
+
+ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['search'])) {
+ $search = $_POST['search'];
+ $search = "%" . $search . "%";
+ $sql = "SELECT u.email, u.first_name, u.last_name
+ FROM user u
+ where u.email LIKE ?";
+ $stmt= $conn->prepare($sql);
+ $stmt->bind_param("s", $search);
+ $stmt->execute();
+
+ $result = $stmt->get_result();
+
+ // verification logic and $_SESSION start
+ if($result->num_rows > 0){
+ echo "<table class=\"table table-striped\">
+ <thead>
+ <tr>
+ <th>E-mail</th>
+ <th>First name</th>
+ <th>Last name</th>
+ <th>Action</th>
+ </tr>
+ </thead>
+ <tbody>";
+ while ($row = mysqli_fetch_assoc($result)) {
+ $link = "/alteruser.php?email=" . $row['email'];
+ echo "<tr>";
+ echo "<td>" . $row['email'] . "</td>";
+ echo "<td>" . $row['first_name'] . "</td>";
+ echo "<td>" . $row['last_name'] . "</td>";
+ echo "<td><a href='" . $link . "'>Edit</a></td>";
+ echo "</tr>";
+ }
+ echo"
+ </tbody>
+ </table>";
+ }else{
+ echo "No users with this email address were found.";
+ }
+ }
+ ?>
+ </body>
+</html>
+
