commit c5f4e422b593ac50732ca08956e2121721164a07
parent b7bf7de87542026ddd7611ecfdbd67034ada9748
Author: MoiBaguette <[email protected]>
Date: Wed, 12 Apr 2023 01:54:31 +0200
shit gerco changed
Diffstat:
8 files changed, 310 insertions(+), 90 deletions(-)
diff --git a/Lollipop/DatabaseObject.php b/Lollipop/DatabaseObject.php
@@ -91,5 +91,127 @@ namespace Lollipop {
{
return $this->data;
}
+ function where(array $vars) : string
+ {
+ if (!sizeof($vars)) {
+ return false;
+ }
+
+ $sql = "SELECT * FROM {$this->get_table()} WHERE ";
+ $params = [];
+
+ $i = 0;
+ foreach ($vars as $key => $value) {
+ if ($i > 0) {
+ $sql .= ' AND ';
+ }
+ $sql .= " $key = ?";
+ $params[] = $value;
+ $i++;
+ }
+
+ $stmt = $this->db->conn->prepare($sql);
+ $stmt->execute($params);
+ $result = $stmt->get_result();
+
+ if (!$result || $result->num_rows == 0) {
+ return $sql;
+ }
+
+ while ($row = $result->fetch_assoc()){
+ $this->setData($row);
+ }
+ return true;
+ }
+
+ function all_where(array $vars): bool
+ /*
+ chat gpt look at this
+ */
+ {
+ $sql = "SELECT * FROM {$this->get_table()} WHERE ";
+ $params = [];
+
+ $i = 0;
+ foreach ($vars as $key => $value) {
+ if ($i > 0) {
+ $sql .= ' AND ';
+ }
+ $sql .= " $key = ?";
+ $params[] = $value;
+ $i++;
+ }
+
+ $result = $this->db->conn->prepare($sql);
+
+ if (!$result) {
+ return false;
+ }
+
+ // Bind parameters to the prepared statement
+ $types = str_repeat('s', count($params));
+ $result->bind_param($types, ...$params);
+
+ // Execute the prepared statement and get the result set
+ $result->execute();
+ $result_set = $result->get_result();
+
+ if (!$result_set || $result_set->num_rows == 0) {
+ return false;
+ }
+
+ // Get an array of mysqli_field objects representing the columns in the result set
+ $fields = $result_set->fetch_fields();
+
+ // Create an array to hold the column names
+ $column_names = array();
+
+ // Loop through the mysqli_field objects and get the column names
+ foreach ($fields as $field) {
+ $column_names[] = $field->name;
+ }
+
+ // Loop through the rows and add their column values to the PHP array
+ while ($row = $result_set->fetch_assoc()) {
+ $this->data[] = array_intersect_key($row, array_flip($column_names));
+ }
+
+ return true;
+ }
+
+ function insert(): bool
+ {
+ //first check if this primary key exists
+ $sql = "SELECT {$this->primary} FROM {$this->table} WHERE {$this->primary} = ?";
+ $stmt = $this->db->conn->prepare($sql);
+ $stmt->bind_param('s', $this->data['email']);
+ $stmt->execute();
+ $result = $stmt->get_result();
+ if ($result->num_rows > 0) {
+ return false;
+ }
+
+ //if this primay key does not exist add the data
+ $keys = implode(", ", array_keys($this->data));
+ $values = '';
+ $count = count($this->data);
+ $i = 0;
+ foreach ($this->data as $index => $data) {
+ $values .= '?';
+ if ($i < $count - 1) {
+ $values .= ', ';
+ }
+ $i++;
+ }
+
+ $sql = "INSERT INTO {$this->get_table()} ({$keys}) VALUES ({$values})";
+
+ $stmt = $this->db->conn->prepare($sql);
+ $stmt->execute(array_values($this->data));
+
+ $result = $stmt->get_result();
+
+ return true;
+ }
}
}
\ No newline at end of file
diff --git a/Lollipop/SQLDatabase.php b/Lollipop/SQLDatabase.php
@@ -12,68 +12,11 @@ namespace Lollipop {
$this->conn = new mysqli($host, $username, $password, $database, $port);
}
- function get(string $table_class, $name)
+ function loadtable(string $table_class)
{
$cls = new $table_class($this);
- $cls->load($name);
return $cls;
}
-
- function where(string $table_name, array $vars)
- {
- if (!sizeof($vars)) {
- return [];
- }
- $cls = new $table_name($this);
-
- $sql = "SELECT * FROM {$cls->get_table()} WHERE ";
- $params = [];
-
- $i = 0;
- foreach ($vars as $key => $value) {
- if ($i > 0) {
- $sql .= ' AND ';
- }
- $sql .= " $key = ?";
- $params[] = $value;
- $i++;
- }
-
- $stmt = $this->conn->prepare($sql);
- $stmt->execute($params);
- $result = $stmt->get_result();
-
- if (!$result || $result->num_rows == 0) {
- return [];
- }
-
- $objects = [];
- while ($row = $result->fetch_assoc()) {
- $o = new $table_name($this);
- $o->setData($row);
- $objects[] = $o;
- }
- return $objects;
- }
-
- function all(string $table_name)
- {
- $cls = new $table_name($this);
-
- $sql = "SELECT {$cls->get_primary()} FROM {$cls->get_table()}";
-
- $result = $this->conn->query($sql);
-
- if (!$result || $result->num_rows == 0) {
- return [];
- }
-
- $objects = [];
- while ($row = $result->fetch_assoc()) {
- $objects[] = $this->get($table_name, $row[$cls->get_primary()]);
- }
- return $objects;
- }
}
}
?>
\ No newline at end of file
diff --git a/backup.php b/backup.php
@@ -24,4 +24,12 @@
}
} else {
echo '<p style="color:red">Invalid username or password.</p>';
- }
-\ No newline at end of file
+ }
+
+ //Excecuting a sql statement for all the user permissions
+ foreach($permissions as $perm){
+ $sql = "INSERT INTO medewerkers_permissie (email, permissie_id) VALUES (?, ?);";
+ $stmt= $conn->prepare($sql);
+ $stmt->bind_param("si", $email, $perm);
+ $stmt->execute();
+ }
+\ No newline at end of file
diff --git a/crud_user.php b/crud_user.php
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<html lang="nl">
+ <head>
+ <title>User toevoegen</title>
+ <!-- Bootstrap CSS -->
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
+ </head>
+ <?php
+ include 'utils/autoloader.php';
+ if(!in_array(1, $_SESSION['permissions'])){
+ header('Location: dashboard.php');
+ exit;
+ }
+ ?>
+ <body>
+ <div class="container">
+ <h1>User toevoegen</h1>
+
+ <form action="crud_user.php" method="post">
+ <div class="mb-3">
+ <label for="voornaam" class="form-label"><b>Voornaam:</b></label>
+ <input type="text" class="form-control" name="voornaam" id="voornaam" placeholder="Voornaam">
+ </div>
+ <div class="mb-3">
+ <label for="achternaam" class="form-label"><b>Achternaam:</b></label>
+ <input type="text" class="form-control" name="achternaam" id="achternaam" placeholder="Achternaam">
+ </div>
+ <div class="mb-3">
+ <label for="email" class="form-label"><b>Email:</b></label>
+ <input type="text" class="form-control" name="email" id="email" placeholder="Email">
+ </div>
+ <div class="mb-3">
+ <label for="password" class="form-label"><b>Wachtwoord:</b></label>
+ <input type="password" class="form-control" name="password" id="password" placeholder="******">
+ </div>
+ <p>Please select the user permissions:</p>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Admin" name="permissions[]" value="1">
+ <label class="form-check-label" for="Admin">Admin</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Administratief medewerker" name="permissions[]" value="2">
+ <label class="form-check-label" for="Administratief medewerker">Administratief medewerker</label>
+ </div>
+ <div class="mb-3 form-check">
+ <input type="checkbox" class="form-check-input" id="Wetenschappelijk medewerker" name="permissions[]" value="3">
+ <label class="form-check-label" for="Wetenschappelijk medewerker">Wetenschappelijk medewerker</label>
+ </div>
+ <button type="submit" class="btn btn-primary" name="submit">Voeg toe</button>
+ </form>
+ </div>
+ <?php
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ $errors = array(); // initialize an empty array to store errors
+
+ // Check if voornaam is set and not empty
+ if (isset($_POST['voornaam']) && !empty($_POST['voornaam'])) {
+ $fname = $_POST['voornaam'];
+ } else {
+ $errors[] = "Voornaam is required";
+ }
+
+ // Check if achternaam is set and not empty
+ if (isset($_POST['achternaam']) && !empty($_POST['achternaam'])) {
+ $lname = $_POST['achternaam'];
+ } else {
+ $errors[] = "Achternaam is required";
+ }
+
+ // Check if email is set and not empty
+ if (isset($_POST['email']) && !empty($_POST['email'])) {
+ $email = $_POST['email'];
+ } else {
+ $errors[] = "E-mail is required";
+ }
+
+ // Check if password is set and not empty
+ if (isset($_POST['password']) && !empty($_POST['password'])) {
+ $pwd = $_POST['password'];
+ } else {
+ $errors[] = "Wachtwoord is required";
+ }
+
+ // Check if permissions is set
+ if (isset($_POST['permissions'])) {
+ $permissions = $_POST['permissions'];
+ } else {
+ $errors[] = "Permissies zijn vereist";
+ }
+
+ // Check if there are any errors
+ if (count($errors) > 0) {
+ // Print out the errors
+ foreach ($errors as $error) {
+ echo $error . "<br>";
+ }
+ } else {
+ // Pass the password through a hashing function
+ $hashed_pwd = password_hash($pwd, PASSWORD_DEFAULT);
+
+ // Making a sql statement to add user to the database, preparing it and excuting
+ $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
+
+ $u = $db->loadtable(User::class);
+
+ $data = array('email' => $email, 'fname' => $fname, 'lname' => $lname, 'pwd' => $hashed_pwd);
+
+ $u->setData($data);
+ $bool = $u->insert();
+ if(!$bool){
+ echo "user already exists";
+ }
+ }
+ }
+ // closing the connection
+ mysqli_close($conn);
+ ?>
+ </body>
+</html>
diff --git a/dashboard.php b/dashboard.php
@@ -7,14 +7,15 @@
?>
<body>
<?php
- echo file_get_contents('http://127.0.0.1/server-status');
+ //echo file_get_contents('http://127.0.0.1/server-status');
echo $_SESSION['first_name'];
echo " ";
echo $_SESSION['last_name'];
echo " ";
echo $_SESSION['email'];
- echo " ";
- echo " ";
+ foreach($_SESSION['permissions'] as $bs){
+ echo $bs;
+ }
echo "blablab";
?>
</body>
diff --git a/login.php b/login.php
@@ -33,9 +33,13 @@
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<?php
- include "autoloader.php";
+ include "utils\autoloader.php";
+ //make classes
$db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
- // check if a post request was sent
+ $u = $db->loadtable(User::class);
+ $p = $db->loadtable(Permission::class);
+
+ // check if a post request was sent
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// fetch data from the form
if(!isset($_POST['email']) or !isset($_POST['password'])){
@@ -43,19 +47,28 @@
} else {
$email = $_POST['email'];
$pwd = $_POST['password'];
- $u = $db->get(User::class, $email);
-
- if($u->pwd == $pwd){//password_verify($pwd, $u->pwd)
+
+ //excute query
+ $u->where(array('email' => $email));
+
+ //verify $pwd with $u->getData()['pwd']
+ if($pwd == password_verify($pwd, $u->getData()['pwd'])){
session_start();
- $_SESSION['email'] = $u->email;
- $_SESSION['first_name'] = $u->fname;
- $_SESSION['last_name'] = $u->lname;
- $p = $db->get(Permission::class, $email);
-
+ $_SESSION['email'] = $u->getData()['email'];
+ $_SESSION['first_name'] = $u->getData()['fname'];
+ $_SESSION['last_name'] = $u->getData()['lname'];
+
+ $p->all_where(array('email' => $email));
+ $permissions = [];
+ foreach($p->getData() as $permission){
+ array_push($permissions, $permission['id']);
+ };
+ $_SESSION['permissions'] = $permissions;
header('Location: dashboard.php');
}
}
}
+
?>
diff --git a/navbar.php b/navbar.php
@@ -12,7 +12,7 @@
$links = array();
// Define the links for each type of employee
- if (in_array(1, $permission_levels)) {
+ if (in_array(0, $permission_levels)) {
// Admin links
$admin_links = array(
array('url' => '/crud_user.php', 'title' => 'Add User'),
@@ -22,24 +22,24 @@
$links[] = array('name' => 'Admin', 'links' => $admin_links);
}
- if (in_array(2, $permission_levels)) {
+ if (in_array(1, $permission_levels)) {
// Administrative employee links
- $admin_employee_links = array(
- array('url' => 'admin_employee_page_1.php', 'title' => 'Admin Employee Page 1'),
- array('url' => 'admin_employee_page_2.php', 'title' => 'Admin Employee Page 2'),
- array('url' => 'admin_employee_page_3.php', 'title' => 'Admin Employee Page 3')
+ $lecturer_links = array(
+ array('url' => 'lecturer_1.php', 'title' => 'lecturer page 1'),
+ array('url' => 'lecturer_2.php', 'title' => 'lecturer Page 2'),
+ array('url' => 'lecturer_3.php', 'title' => 'lecturer Page 3')
);
- $links[] = array('name' => 'Administrative Employee', 'links' => $admin_employee_links);
+ $links[] = array('name' => 'lecturer', 'links' => $lecturer_links);
}
- if (in_array(3, $permission_levels)) {
- // Scientific employee links
- $scientific_employee_links = array(
- array('url' => 'scientific_employee_page_1.php', 'title' => 'Scientific Employee Page 1'),
- array('url' => 'scientific_employee_page_2.php', 'title' => 'Scientific Employee Page 2'),
- array('url' => 'scientific_employee_page_3.php', 'title' => 'Scientific Employee Page 3')
+ if (in_array(2, $permission_levels)) {
+ // student links
+ $student_links = array(
+ array('url' => 'student_1.php', 'title' => 'student Page 1'),
+ array('url' => 'student_2.php', 'title' => 'student Page 2'),
+ array('url' => 'student_3.php', 'title' => 'student Page 3')
);
- $links[] = array('name' => 'Scientific Employee', 'links' => $scientific_employee_links);
+ $links[] = array('name' => 'student', 'links' => $student_links);
}
if (empty($links)) {
diff --git a/test_orm.php b/test_orm.php
@@ -2,8 +2,22 @@
include "utils/autoloader.php";
+$email = '[email protected]';
+$fname = 'GERCO';
+$lname = 'GERCO';
+$pwd = 'GERCO';
+// Pass the password through a hashing function
+$hashed_pwd = password_hash($pwd, PASSWORD_DEFAULT);
+
+// Making a sql statement to add user to the database, preparing it and excuting
$db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "lollipop");
-$u = $db->where(User::class, ["fname" => "Harald"]);
+$u = $db->loadtable(User::class);
+
+$data = array('email' => $email, 'fname' => $fname, 'lname' => $lname, 'pwd' => $hashed_pwd);
+
+$u->setData($data);
+$result = $u->insert();
+var_dump($result);
-var_dump($u);
-\ No newline at end of file
+?>
+\ No newline at end of file
