myPhp

1. functions.php
2. <?php
3. session_start();
4.  
5. // connect to database
6. $db = mysqli_connect('localhost', 'root', '', 'trainingsystem1');
7.  
8. // variable declaration
9. $username = "";
10. $name = "";
11. $ecnumber = "";
12. $gender = "";
13. $jobTitle = "";
14. $desiredCourses = "";
15. $coursesforSuperior = "";
16. $coursesforSubordinates = "";
17. $region = "";
18. $station = "";
19. $department = "";
20. $section = "";
21. $supervisor = "";
22. $email = "";
23. $courseName = "";
24. $courseObjectives = "";
25. $courseHighlights = "";
26. $targetGroup = "";
27. $dateFrom = date('Y-m-d');
28. $dateTo = date('Y-m-d');
29. $venue = "";
30. $emp_id = "";
31. $description = "";
32. $year = "";
33. $errors = array();
34.  
35. // call the register() function if register_btn is clicked
36. if (isset($_POST['register_btn'])) {
37. register();
38. }
39. /*if (isset($_POST['register_course'])) {
40. createCourse();
41. }*/
42.  
43. // REGISTER USER
44. function register(){
45. // call these variables with the global keyword to make them available in function
46. global $db, $errors, $username, $email, $ecnumber, $region, $station, $department, $section, $supervisor;
47.  
48. // receive all input values from the form. Call the e() function
49. // defined below to escape form values
50. $username = e($_POST['username']);
51. $ecnumber = e($_POST['ecnumber']);
52. $region = e($_POST['region']);
53. $station = e($_POST['station']);
54. $department = e($_POST['department']);
55. $section = e($_POST['section']);
56. $supervisor = e($_POST['supervisor']);
57. $email = e($_POST['email']);
58. $password_1 = e($_POST['password_1']);
59. $password_2 = e($_POST['password_2']);
60.  
61. // form validation: ensure that the form is correctly filled
62. if (empty($username)) {
63. array_push($errors, "Username is required");
64. }
65. if (empty($ecnumber)) {
66. array_push($errors, "Ec Number is required");
67. }
68. if (empty($region)) {
69. array_push($errors, "Region is required");
70. }
71. if (empty($station)) {
72. array_push($errors, "Station is required");
73. }
74. if (empty($department)) {
75. array_push($errors, "Department is required");
76. }
77. if (empty($section)) {
78. array_push($errors, "Section is required");
79. }
80. if (empty($supervisor)) {
81. array_push($errors, "Supervisor is required");
82. }
83. if (empty($email)) {
84. array_push($errors, "Email is required");
85. }
86. if (empty($password_1)) {
87. array_push($errors, "Password is required");
88. }
89. if ($password_1 != $password_2) {
90. array_push($errors, "The two passwords do not match");
91. }
92.  
93. // register user if there are no errors in the form
94. if (count($errors) == 0) {
95. $password = md5($password_1);//encrypt the password before saving in the database
96.  
97. if (isset($_POST['user_type'])) {
98. $user_type = e($_POST['user_type']);
99. $query = "INSERT INTO users (username, ecnumber, region, station, department, section, supervisor, email, user_type, password)
100. VALUES('$username', '$ecnumber', '$region', '$station', '$department', '$section', '$supervisor', '$email', '$user_type', '$password')";
101. mysqli_query($db, $query);
102. $_SESSION['success'] = "New user successfully created!!";
103. header('location: home.php');
104. }else{
105. $query = "INSERT INTO users (username, ecnumber, region, station, department, section, supervisor, email, user_type, password)
106. VALUES('$username', '$ecnumber', '$region', '$station', '$department', '$section', '$supervisor', '$email', '$user_type', '$password')";
107. mysqli_query($db, $query);
108.  
109. // get id of the created user
110. $logged_in_user_id = mysqli_insert_id($db);
111.  
112. $_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
113. $_SESSION['success'] = "You are now logged in";
114. header('location: index.php');
115. }
116. }
117. }
118.  
119. // return user array from their id
120. function getUserById($id){
121. global $db;
122. $query = "SELECT * FROM users WHERE id=" . $id;
123. $result = mysqli_query($db, $query);
124.  
125. $user = mysqli_fetch_assoc($result);
126. return $user;
127. }
128.  
129. // escape string
130. function e($val){
131. global $db;
132. return mysqli_real_escape_string($db, trim($val));
133. }
134.  
135. function display_error() {
136. global $errors;
137.  
138. if (count($errors) > 0){
139. echo '<div class="error">';
140. foreach ($errors as $error){
141. echo $error .'<br>';
142. }
143. echo '</div>';
144. }
145. }
146. function isLoggedIn()
147. {
148. if (isset($_SESSION['user'])) {
149. return true;
150. }else{
151. return false;
152. }
153. }
154. // log user out if logout button clicked
155. if (isset($_GET['logout'])) {
156. session_destroy();
157. unset($_SESSION['user']);
158. header("location: login.php");
159. }// call the login() function if register_btn is clicked
160. if (isset($_POST['login_btn'])) {
161. login();
162. }
163.  
164. // LOGIN USER
165. function login(){
166. global $db, $username, $errors;
167.  
168. // grap form values
169. $username = e($_POST['username']);
170. $password = e($_POST['password']);
171.  
172. // make sure form is filled properly
173. if (empty($username)) {
174. array_push($errors, "Username is required");
175. }
176. if (empty($password)) {
177. array_push($errors, "Password is required");
178. }
179.  
180. // attempt login if no errors on form
181. if (count($errors) == 0) {
182. $password = md5($password);
183.  
184. $query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
185. $results = mysqli_query($db, $query);
186.  
187. if (mysqli_num_rows($results) == 1) { // user found
188. // check if user is admin or user
189. $logged_in_user = mysqli_fetch_assoc($results);
190. if ($logged_in_user['user_type'] == 'admin') {
191.  
192. $_SESSION['user'] = $logged_in_user;
193. $_SESSION['success'] = "You are now logged in";
194. header('location: admin/home.php');
195. }else{
196. $_SESSION['user'] = $logged_in_user;
197. $_SESSION['success'] = "You are now logged in";
198.  
199. header('location: index.php');
200. }
201. }else {
202. array_push($errors, "Wrong username/password combination");
203. }
204. }
205. }
206.  
207. function isAdmin()
208. {
209. if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
210. return true;
211. }else{
212. return false;
213. }
214. }
215.  
216. if(isset($_POST['submitDeleteBtn'])){
217. deleteCourse();
218. }
219. function deleteCourse(){
220.  
221. $key = $_POST['keyToDelete'];
222.  
223. $check = mysqli_query($db, "SELECT * from courses where id = 'key' ") or die("not found".mysql_error());
224. if (mysqli_num_rows($check)>0) {
225. $queryDelete = mysqli_query($db, "Delete form courses where id = '$key'")
226. or die("not deleted".mysqli_error());?>
227.  
228. <div class = "alert alert-success">
229. <p>record deleted</p>
230. </div>
231. <?php
232. header('Location: courses.php');
233. }else{
234. ?>
235.  
236. <div class = "alert alert-success">
237. <p>record does not exist</p>
238. </div>
239. <?php
240.  
241. }
242. }
243.  
244.  
245. if (isset($_POST['register_course'])) {
246. createCourse();
247. }
248.  
249.  
250. function createCourse(){
251. global $db, $errors, $courseName, $courseObjectives, $courseHighlights, $targetGroup, $dateFrom, $venue;
252. global $dateTo;
253.  
254. $courseName = e($_POST['courseName']);
255. $courseObjectives = e($_POST['courseObjectives']);
256. $courseHighlights = e($_POST['courseHighlights']);
257. $targetGroup = e($_POST['targetGroup']);
258. $dateFrom = e($_POST['dateFrom']);
259. $dateTo = e($_POST['dateTo']);
260. $venue = e($_POST['venue']);
261.  
262. if (empty($courseName)) {
263. array_push($errors, "Coursename is required");
264. }
265. if (empty($courseObjectives)) {
266. array_push($errors, "Course Objectives are required");
267. }
268. if (empty($courseHighlights)) {
269. array_push($errors, "Course Highligths are required");
270. }
271. if (empty($targetGroup)) {
272. array_push($errors, "Target Group is required");
273. }
274. if (empty($dateFrom)) {
275. array_push($errors, "Datefrom is required");
276. }
277. if (empty($dateTo)) {
278. array_push($errors, "DateTo is required");
279. }
280. if($dateFrom > $dateTo){
281. array_push($error, " ToDate should be greater than FromDate ");
282. }
283. if (empty($venue)) {
284. array_push($errors, "Venue is required");
285. }
286. //attempt insert query
287. $query = "INSERT INTO courses (courseName, courseObjectives, courseHighlights,targetGroup, dateFrom, dateTo, venue)
288. VALUES('$courseName','$courseObjectives','$courseHighlights','$targetGroup', '$dateFrom', '$dateTo', '$venue')";
289.  
290. if(mysqli_query($db, $query)){
291.  
292. header("Location: courses.php?course=updated_successfully");
293.  
294. //exit();
295. }else{
296. echo "ERROR: unable to execute $query. " . mysqli_error($db);
297. }
298. }
299.  
300. if (isset($_POST['request_course'])) {
301. requestCourse();
302. }
303.  
304. if (isset($_POST['request_course'])) {
305. requestCourse();
306. }
307.  
308. function requestCourse(){
309. global $db, $errors, $ecnumber, $gender, $region, $station, $section, $supervisor, $jobTitle, $desiredCourses, $coursesforSuperior, $coursesforSubordinates, $name;
310.  
311. $name = e($_POST['name']);
312. $ecnumber = e($_POST['ecnumber']);
313. $gender = e($_POST['gender']);
314. $region = e($_POST['region']);
315. $station = e($_POST['station']);
316. $section = e($_POST['section']);
317. $supervisor = e($_POST['supervisor']);
318. $jobTitle = e($_POST['jobTitle']);
319. $desiredCourses = e($_POST['desiredCourses']);
320. $coursesforSuperior = e($_POST['coursesforSuperior']);
321. $coursesforSubordinates = e($_POST['coursesforSubordinates']);
322.  
323.  
324. if (empty($ame)) {
325. array_push($errors, "Name is required");
326. }
327. if (empty($ecnumber)) {
328. array_push($errors, "Ec Number is required");
329. }
330. if (empty($gender )) {
331. array_push($errors, "gender is required");
332. }
333. if (empty($region )) {
334. array_push($errors, "region is required");
335. }
336. if (empty($station)) {
337. array_push($errors, "station is required");
338. }
339. if (empty($section )) {
340. array_push($errors, "section is required");
341. }
342. if (empty($supervisor)) {
343. array_push($errors, "supervisor is required");
344. }
345. if (empty($jobTitle)) {
346. array_push($errors, "jobTitle is required");
347. }
348. if (empty($desiredCourses)) {
349. array_push($errors, "desiredCourses is required");
350. }
351. if (empty($coursesforSuperior )) {
352. array_push($errors, "coursesforSuperior is required");
353. }
354.  
355. if (empty($coursesforSubordinates)) {
356. array_push($errors, "coursesforSubordinates is required");
357. }
358.  
359. //attempt insert query
360. $query = "INSERT INTO requested_courses (name , ecnumber, gender, region, station, section, supervisor, jobTitle, desiredCourses, coursesforSuperior, coursesforSubordinates)
361. VALUES('$name', '$ecnumber', '$gender', '$region', '$station', '$section', '$supervisor', '$jobTitle', '$desiredCourses', '$coursesforSuperior', '$coursesforSubordinates')";
362.  
363. if(mysqli_query($db, $query)){
364.  
365. header("Location: apply-course.php?courserequest=updated_successfully");
366.  
367. //exit();
368. }else{
369. echo "ERROR: unable to execute $query. " . mysqli_error($db);
370. }
371. }
372.  
373. requested_courses.php
374. <?php
375. include 'functions.php';
376. ?>
377. <!DOCTYPE html>
378. <html>
379. <head>
380. <title>Zimra Training System</title>
381. <link rel="stylesheet" type ="text/css" href="style.css">
382. </head>
383. <form action="includes/search.php" method="POST">
384. <input type="text" name="search" placeholder="Search">
385. <button type="submit" name="submit-search">Search</button>
386. </form>
387.  
388. <h1>Front page</h1>
389. <h2>All articles: </h2>
390.  
391. <div class="article-container">
392. <table id="courses">
393. <tr>
394. <th><h2>Available Courses</h2></th>
395. </tr>
396. <tr>
397. <th>Full Name</th>
398. <th>EC Number</th>
399. <th>Gender</th>
400. <th>Job Title</th>
401. <th>Region</th>
402. <th>Station</th>
403. <th>Section</th>
404. <th>Supervisor</th>
405. <th>Desired Courses</th>
406. <th>Courses for Superior</th>
407. <th>courses For Subordinates</th>
408. </tr>
409. <?php
410.  
411.  
412. $sql = "SELECT * FROM requested_courses";
413. $result = mysqli_query($db, $sql);
414. $queryResults = mysqli_num_rows($result);
415.  
416. if ($queryResults > 0) {
417. while ($row = mysqli_fetch_assoc($result)) {
418.  
419. echo"
420. <tr>
421. <td>".$row["name"]."</td>
422. <td>".$row["ecnumber"]."</td>
423. <td>".$row["gender"]."</td>
424. <td>".$row["jobTitle"]."</td>
425. <td>".$row["region"]."</td>
426. <td>".$row["station"]."</td>
427. <td>".$row["section"]."</td>
428. <td>".$row["supervisor"]."</td>
429. <td>".$row["desiredCourses"]."</td>
430. <td>".$row["coursesforSuperior"]."</td>
431. <td>".$row["coursesforSubordinates"]."</td>
432. </tr>";
433. /*echo "<div class='article-box'>
434. <h3>".$row['a_title']."</h3>
435. <p>".$row['a_text']."</p>
436. <p>".$row['a_date']."</p>
437. <p>".$row['a_author']."</p>
438. </div>";*/
439. # code...
440.  
441. }
442. echo "</table>";
443.  
444. }else{
445. echo "Currently there are no courses";
446. }
447.  
448. ?>
449.  
450.  
451. </div>