Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --blank.php--
- <?php
- include 'common-top.php';
- print '<h2 id="message">Please Login To Access Page</h2>';
- header( 'refresh:3;url=form-login.php' );
- include 'common-bottom.php';
- ?>
- --common-bottom--
- <footer>
- Site/Contact Info
- </footer>
- </div>
- </body>
- </html>
- --common-top--
- <!doctype html>
- <html lang="en">
- <?php
- session_name('Genji');
- session_start();
- if(isset($_SESSION['id']) && isset($_SESSION['name'])){
- $id = $_SESSION['id'];
- $name = $_SESSION["name"];
- $logged_in = true;
- }
- else{
- $logged_in = false;
- }
- ?>
- <head>
- <meta charset="utf-8">
- <title>Blog</title>
- <meta name="author" content="Cam Austin">
- <link rel="stylesheet" href="css/styles.css">
- </head>
- <body>
- <div id="wrapper">
- <header>
- <h1>Site Title</h1>
- </header>
- <section id="info">
- <?php
- if($logged_in){
- print $name.' [<a href = "do-logout.php">Logout</a>]';
- }
- else{
- print '<a href = "form-login.php">Login</a>';
- }
- ?>
- </section>
- <nav>
- <a href="form-new-post.php">New Post</a>
- <a href="index.php">Home</a>
- <a href="form-new-user.php">New User</a>
- <?php
- if( $logged_in ) {
- print '<a href="form-admin.php">Admin</a>';
- }
- ?>
- </nav>
- --connect--
- <?php
- $link = mysqli_connect( 'localhost',
- 'cd16588_db',
- 'D5l',
- 'cd16588_blog' );
- ?>
- --do-add-post--
- <?php
- require_once("connect.php");
- $postTitle = $_POST['title'];
- $postAuthor = $_POST['author'];
- $postText = $_POST['entry'];
- $postTitle = strip_tags($postTitle);
- $postText = strip_tags($postText);
- $statment = mysqli_prepare($link, "INSERT INTO posts
- (title, author_id, entry)
- VALUES (?,?,?)");
- if($statment){
- mysqli_stmt_bind_param($statment, "sss", $postTitle,
- $postAuthor,
- $postText);
- mysqli_stmt_execute($statment);
- mysqli_stmt_close($statment);
- }
- mysqli_close($link);
- header( 'location:index.php' ) ;
- ?>
- --do-delete-post--
- <?php
- require_once('connect.php');
- $blog_post_id = $_POST['id'];
- $query = "DELETE FROM posts
- WHERE id='".$blog_post_id."'";
- $result = mysqli_query($link, $query) or die(mysqli_error($link) );
- mysqli_close($link);
- header('location:index.php');
- ?>
- --edit-post--
- <?php
- require_once 'connect.php';
- $post_id = $_POST['id'];
- $post_title = $_POST['title'];
- $post_author = $_POST['author'];
- $post_text = $_POST['entry'];
- $post_title = strip_tags($post_title);
- $post_text = strip_tags($post_text);
- $statment = mysqli_prepare($link,"UPDATE posts
- SET title=?, author_id=?, entry=?
- WHERE id=?" );
- if($statment){
- mysqli_stmt_bind_param( $statement, "ssss", $post_title,
- $post_author,
- $post_text,
- $post_id);
- mysqli_stmt_execute($statment);
- mysqli_stmt_close($statment);
- }
- mysqli_close($statment);
- header('refresh:2;url=index.php');
- ?>
- --do-login--
- <?php
- include('common-top.php');
- require_once('connect.php');
- $username = $_POST['username'];
- $password = $_POST['password'];
- print '<p>Attempting to login user '.$username.'...';
- $statment = mysqli_prepare($link, "SELECT id, name, hash, salt
- FROM authors
- WHERE username=?");
- if($statment){
- print '<p>Querying the database...';
- mysqli_stmt_bind_param($statment,'s',$username);
- mysqli_stmt_execute($statment);
- mysqli_stmt_bind_result($statment,
- $id,
- $name,
- $hash,
- $salt);
- print '<p>Checking for matching user...';
- if(mysqli_stmt_fetch($statment)){
- print '<p>User account found. Checking password...';
- if(hash('sha256', $password.$salt) == $hash){
- $_SESSION['id'] = $id;
- $_SESSION['name'] = $name;
- print '<P>Password is correct...';
- header('refresh:2;url=index.php');
- }
- else{
- print '<p class="error">Incorrect password';
- header('refresh:2;url=form-login.php');
- }
- }
- else{
- print'<p class="error">Unknown User';
- header('refresh:3;url=form-login.php');
- }
- mysqli_stmt_close($statment);
- }
- mysqli_close($link);
- include'common-bottom.php'
- ?>
- --do-logout--
- <?php
- include 'common-top.php';
- unset($_SESSION["id"] );
- unset($_SESSION["name"] );
- print '<h2 id="message">You Have been logged out</h2>';
- header('refresh:2;url=index.php');
- include 'common-bottom.php';
- ?>
- --do-new-user--
- <?php
- require_once("connect.php");
- $username = $_POST['username'];
- $fullname = $_POST['name'];
- $password = $_POST['password'];
- $fullname = strip_tags($fullname);
- print '<h2>Attempting to create user '.$fullname.' ('.$username.')</h2>';
- $salt = md5(microtime(true)*100000);
- $hash = hash('sha256', $password.$salt);
- print '<p>Salt for hashing:'.$salt;
- print '<p>Hashed password: '.$hash;
- print '<p>Connecting to database...';
- $statement = mysqli_prepare($link, "INSERT INTO authors
- (name, username, hash, salt)
- VALUES (?,?,?,?)");
- if($statement){
- print '<p>Adding new user record...';
- mysqli_stmt_bind_param($statement, "ssss", $fullname,
- $username,
- $hash,
- $salt);
- mysqli_stmt_execute($statement);
- mysqli_stmt_close($statement);
- print '<p>User successfully added';
- header( 'refresh:5;url=index.php' );
- }
- mysqli_close($link);
- ?>
- --form-delete-post--
- <?php
- include 'common-top.php';
- $blog_post_id = $_GET['id'];
- ?>
- <h2>Delete Blog Post #<?php print $blog_post_id?> </h2>
- <p>Are you sure that you want ot <strong>permanently</strong> delete this blog post?</p>
- <form method="post" action="do-delete-post.php">
- <input type="hidden" name="id" value="<?php print $blog_post_id ?>">
- <input type="submit" value="Delete It">
- <input type="button" value="Cancel" onclick="window.location.replace('index.php')">
- </form>
- --form-edit-post--
- <?php
- include 'common-top.php';
- $blog_post_id = $_GET['id'];
- require_once('connect.php');
- $query = "SELECT * FROM posts
- WHERE id='".$blog_post_id."'";
- $all_posts = mysqli_query($link, $query) or die(mysqli_error($link) );
- $blog_post = mysqli_fetch_assoc($all_posts);
- mysqli_close($link);
- ?>
- <form method="post" action="do-edit-post.php">
- <input type="hidden" name="id" value="<?php print $blog_post_id ?>">
- <label for="title">Title</label>
- <input type="text" name="title" value="<?php print $blog_post['title'] ?>">
- <br>
- <label for="author">Author</label>
- <input type="text" name="author" value="<?php print $blog_post['author_id'] ?>">
- <br>
- <label for="entry">Post Text</label>
- <textarea name="entry" rows="10">
- <?php print $blog_post['entry'] ?>
- </textarea>
- <br>
- <input type="submit" value="Post Updated Blog Entry">
- </form>
- --form-login--
- <?php
- include('common-top.php');
- ?>
- <form name="form" method="post" action="do-login.php">
- <label for="username">Username</label>
- <input name="username" type="text">
- <br>
- <label for="password">Password</label>
- <input name="password" type="password">
- <br>
- <input type="submit" name="Submit" value="Login">
- </form>
- <?php
- include('common-bottom.php');
- ?>
- --form-new-post--
- <?php
- include("common-top.php");
- if( !$logged_in ) {
- print 'Please Login';
- header( 'location:blank.php' );
- }
- ?>
- <form method="post" action="do-add-post.php">
- <label for="title">Title</label>
- <input type="text" name="title" size="50">
- <br>
- <label for="author">Author ID</label>
- <input type="number" name="author" size="3" value="1">
- <br>
- <label for="entry">Post Text</label>
- <textarea name="entry" rows="10"></textarea>
- <br>
- <input type="submit" value="Post This Blog Entry">
- <input type="button" value="Cancel" onclick="window.location.replace( 'index.php');">
- </form>
- <?php
- include("common-bottom.php");
- ?>
- --form-new-user--
- <?php
- include("common-top.php");
- if( !$logged_in ) {
- print 'Please Login';
- header( 'location:blank.php' );
- }
- ?>
- <form method="post" action="do-add-post.php">
- <label for="title">Title</label>
- <input type="text" name="title" size="50">
- <br>
- <label for="author">Author ID</label>
- <input type="number" name="author" size="3" value="1">
- <br>
- <label for="entry">Post Text</label>
- <textarea name="entry" rows="10"></textarea>
- <br>
- <input type="submit" value="Post This Blog Entry">
- <input type="button" value="Cancel" onclick="window.location.replace( 'index.php');">
- </form>
- <?php
- include("common-bottom.php");
- ?>
- --index.php--
- <?php
- require_once( "connect.php" );
- include("common-top.php");
- ?>
- <section id="content">
- <h2>Page Title</h2>
- <?php
- $query = ('select * from posts');
- $results = mysqli_query( $link, $query ) or die( mysql_error($link) );
- while( $blog_post = mysqli_fetch_assoc($results) ){
- $post_text = htmlspecialchars($blog_post['entry']);
- $post_text = str_replace("\n", '<p>', $blog_post['entry']);
- date_default_timezone_set("Pacific/Auckland");
- $date = date("d M Y", strtotime($blog_post['date']));
- print '<article>';
- print ' <header>';
- print ' <h3>'.$blog_post['title'].'</h3>';
- print ' Posted on <strong>'.$blog_post['date'].'</strong>';
- print ' by author #<strong>'.$blog_post['author_id'].'</strong>';
- print ' </header>';
- print ' <p id="text">'.$blog_post['entry'].'</p>';
- if($logged_in){
- print ' <footer>';
- print ' <a href="form-delete-post.php?id='.$blog_post['id'].'">Delete</a>';
- print ' <a href="form-edit-post.php?id='.$blog_post['id'].'">Edit</a>';
- print ' </footer>';
- }
- print '</article>';
- }
- ?>
- </section>
- <?php
- include("common-bottom.php");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement