Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- functions.php
- <?php
- session_start();
- // connect to database
- $db = mysqli_connect('localhost', 'root', '', 'trainingsystem1');
- // variable declaration
- $username = "";
- $name = "";
- $ecnumber = "";
- $gender = "";
- $jobTitle = "";
- $desiredCourses = "";
- $coursesforSuperior = "";
- $coursesforSubordinates = "";
- $region = "";
- $station = "";
- $department = "";
- $section = "";
- $supervisor = "";
- $email = "";
- $courseName = "";
- $courseObjectives = "";
- $courseHighlights = "";
- $targetGroup = "";
- $dateFrom = date('Y-m-d');
- $dateTo = date('Y-m-d');
- $venue = "";
- $emp_id = "";
- $description = "";
- $year = "";
- $errors = array();
- // call the register() function if register_btn is clicked
- if (isset($_POST['register_btn'])) {
- register();
- }
- /*if (isset($_POST['register_course'])) {
- createCourse();
- }*/
- // REGISTER USER
- function register(){
- // call these variables with the global keyword to make them available in function
- global $db, $errors, $username, $email, $ecnumber, $region, $station, $department, $section, $supervisor;
- // receive all input values from the form. Call the e() function
- // defined below to escape form values
- $username = e($_POST['username']);
- $ecnumber = e($_POST['ecnumber']);
- $region = e($_POST['region']);
- $station = e($_POST['station']);
- $department = e($_POST['department']);
- $section = e($_POST['section']);
- $supervisor = e($_POST['supervisor']);
- $email = e($_POST['email']);
- $password_1 = e($_POST['password_1']);
- $password_2 = e($_POST['password_2']);
- // form validation: ensure that the form is correctly filled
- if (empty($username)) {
- array_push($errors, "Username is required");
- }
- if (empty($ecnumber)) {
- array_push($errors, "Ec Number is required");
- }
- if (empty($region)) {
- array_push($errors, "Region is required");
- }
- if (empty($station)) {
- array_push($errors, "Station is required");
- }
- if (empty($department)) {
- array_push($errors, "Department is required");
- }
- if (empty($section)) {
- array_push($errors, "Section is required");
- }
- if (empty($supervisor)) {
- array_push($errors, "Supervisor is required");
- }
- if (empty($email)) {
- array_push($errors, "Email is required");
- }
- if (empty($password_1)) {
- array_push($errors, "Password is required");
- }
- if ($password_1 != $password_2) {
- array_push($errors, "The two passwords do not match");
- }
- // register user if there are no errors in the form
- if (count($errors) == 0) {
- $password = md5($password_1);//encrypt the password before saving in the database
- if (isset($_POST['user_type'])) {
- $user_type = e($_POST['user_type']);
- $query = "INSERT INTO users (username, ecnumber, region, station, department, section, supervisor, email, user_type, password)
- VALUES('$username', '$ecnumber', '$region', '$station', '$department', '$section', '$supervisor', '$email', '$user_type', '$password')";
- mysqli_query($db, $query);
- $_SESSION['success'] = "New user successfully created!!";
- header('location: home.php');
- }else{
- $query = "INSERT INTO users (username, ecnumber, region, station, department, section, supervisor, email, user_type, password)
- VALUES('$username', '$ecnumber', '$region', '$station', '$department', '$section', '$supervisor', '$email', '$user_type', '$password')";
- mysqli_query($db, $query);
- // get id of the created user
- $logged_in_user_id = mysqli_insert_id($db);
- $_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
- $_SESSION['success'] = "You are now logged in";
- header('location: index.php');
- }
- }
- }
- // return user array from their id
- function getUserById($id){
- global $db;
- $query = "SELECT * FROM users WHERE id=" . $id;
- $result = mysqli_query($db, $query);
- $user = mysqli_fetch_assoc($result);
- return $user;
- }
- // escape string
- function e($val){
- global $db;
- return mysqli_real_escape_string($db, trim($val));
- }
- function display_error() {
- global $errors;
- if (count($errors) > 0){
- echo '<div class="error">';
- foreach ($errors as $error){
- echo $error .'<br>';
- }
- echo '</div>';
- }
- }
- function isLoggedIn()
- {
- if (isset($_SESSION['user'])) {
- return true;
- }else{
- return false;
- }
- }
- // log user out if logout button clicked
- if (isset($_GET['logout'])) {
- session_destroy();
- unset($_SESSION['user']);
- header("location: login.php");
- }// call the login() function if register_btn is clicked
- if (isset($_POST['login_btn'])) {
- login();
- }
- // LOGIN USER
- function login(){
- global $db, $username, $errors;
- // grap form values
- $username = e($_POST['username']);
- $password = e($_POST['password']);
- // make sure form is filled properly
- if (empty($username)) {
- array_push($errors, "Username is required");
- }
- if (empty($password)) {
- array_push($errors, "Password is required");
- }
- // attempt login if no errors on form
- if (count($errors) == 0) {
- $password = md5($password);
- $query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
- $results = mysqli_query($db, $query);
- if (mysqli_num_rows($results) == 1) { // user found
- // check if user is admin or user
- $logged_in_user = mysqli_fetch_assoc($results);
- if ($logged_in_user['user_type'] == 'admin') {
- $_SESSION['user'] = $logged_in_user;
- $_SESSION['success'] = "You are now logged in";
- header('location: admin/home.php');
- }else{
- $_SESSION['user'] = $logged_in_user;
- $_SESSION['success'] = "You are now logged in";
- header('location: index.php');
- }
- }else {
- array_push($errors, "Wrong username/password combination");
- }
- }
- }
- function isAdmin()
- {
- if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
- return true;
- }else{
- return false;
- }
- }
- if(isset($_POST['submitDeleteBtn'])){
- deleteCourse();
- }
- function deleteCourse(){
- $key = $_POST['keyToDelete'];
- $check = mysqli_query($db, "SELECT * from courses where id = 'key' ") or die("not found".mysql_error());
- if (mysqli_num_rows($check)>0) {
- $queryDelete = mysqli_query($db, "Delete form courses where id = '$key'")
- or die("not deleted".mysqli_error());?>
- <div class = "alert alert-success">
- <p>record deleted</p>
- </div>
- <?php
- header('Location: courses.php');
- }else{
- ?>
- <div class = "alert alert-success">
- <p>record does not exist</p>
- </div>
- <?php
- }
- }
- if (isset($_POST['register_course'])) {
- createCourse();
- }
- function createCourse(){
- global $db, $errors, $courseName, $courseObjectives, $courseHighlights, $targetGroup, $dateFrom, $venue;
- global $dateTo;
- $courseName = e($_POST['courseName']);
- $courseObjectives = e($_POST['courseObjectives']);
- $courseHighlights = e($_POST['courseHighlights']);
- $targetGroup = e($_POST['targetGroup']);
- $dateFrom = e($_POST['dateFrom']);
- $dateTo = e($_POST['dateTo']);
- $venue = e($_POST['venue']);
- if (empty($courseName)) {
- array_push($errors, "Coursename is required");
- }
- if (empty($courseObjectives)) {
- array_push($errors, "Course Objectives are required");
- }
- if (empty($courseHighlights)) {
- array_push($errors, "Course Highligths are required");
- }
- if (empty($targetGroup)) {
- array_push($errors, "Target Group is required");
- }
- if (empty($dateFrom)) {
- array_push($errors, "Datefrom is required");
- }
- if (empty($dateTo)) {
- array_push($errors, "DateTo is required");
- }
- if($dateFrom > $dateTo){
- array_push($error, " ToDate should be greater than FromDate ");
- }
- if (empty($venue)) {
- array_push($errors, "Venue is required");
- }
- //attempt insert query
- $query = "INSERT INTO courses (courseName, courseObjectives, courseHighlights,targetGroup, dateFrom, dateTo, venue)
- VALUES('$courseName','$courseObjectives','$courseHighlights','$targetGroup', '$dateFrom', '$dateTo', '$venue')";
- if(mysqli_query($db, $query)){
- header("Location: courses.php?course=updated_successfully");
- //exit();
- }else{
- echo "ERROR: unable to execute $query. " . mysqli_error($db);
- }
- }
- if (isset($_POST['request_course'])) {
- requestCourse();
- }
- if (isset($_POST['request_course'])) {
- requestCourse();
- }
- function requestCourse(){
- global $db, $errors, $ecnumber, $gender, $region, $station, $section, $supervisor, $jobTitle, $desiredCourses, $coursesforSuperior, $coursesforSubordinates, $name;
- $name = e($_POST['name']);
- $ecnumber = e($_POST['ecnumber']);
- $gender = e($_POST['gender']);
- $region = e($_POST['region']);
- $station = e($_POST['station']);
- $section = e($_POST['section']);
- $supervisor = e($_POST['supervisor']);
- $jobTitle = e($_POST['jobTitle']);
- $desiredCourses = e($_POST['desiredCourses']);
- $coursesforSuperior = e($_POST['coursesforSuperior']);
- $coursesforSubordinates = e($_POST['coursesforSubordinates']);
- if (empty($ame)) {
- array_push($errors, "Name is required");
- }
- if (empty($ecnumber)) {
- array_push($errors, "Ec Number is required");
- }
- if (empty($gender )) {
- array_push($errors, "gender is required");
- }
- if (empty($region )) {
- array_push($errors, "region is required");
- }
- if (empty($station)) {
- array_push($errors, "station is required");
- }
- if (empty($section )) {
- array_push($errors, "section is required");
- }
- if (empty($supervisor)) {
- array_push($errors, "supervisor is required");
- }
- if (empty($jobTitle)) {
- array_push($errors, "jobTitle is required");
- }
- if (empty($desiredCourses)) {
- array_push($errors, "desiredCourses is required");
- }
- if (empty($coursesforSuperior )) {
- array_push($errors, "coursesforSuperior is required");
- }
- if (empty($coursesforSubordinates)) {
- array_push($errors, "coursesforSubordinates is required");
- }
- //attempt insert query
- $query = "INSERT INTO requested_courses (name , ecnumber, gender, region, station, section, supervisor, jobTitle, desiredCourses, coursesforSuperior, coursesforSubordinates)
- VALUES('$name', '$ecnumber', '$gender', '$region', '$station', '$section', '$supervisor', '$jobTitle', '$desiredCourses', '$coursesforSuperior', '$coursesforSubordinates')";
- if(mysqli_query($db, $query)){
- header("Location: apply-course.php?courserequest=updated_successfully");
- //exit();
- }else{
- echo "ERROR: unable to execute $query. " . mysqli_error($db);
- }
- }
- requested_courses.php
- <?php
- include 'functions.php';
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <title>Zimra Training System</title>
- <link rel="stylesheet" type ="text/css" href="style.css">
- </head>
- <form action="includes/search.php" method="POST">
- <input type="text" name="search" placeholder="Search">
- <button type="submit" name="submit-search">Search</button>
- </form>
- <h1>Front page</h1>
- <h2>All articles: </h2>
- <div class="article-container">
- <table id="courses">
- <tr>
- <th><h2>Available Courses</h2></th>
- </tr>
- <tr>
- <th>Full Name</th>
- <th>EC Number</th>
- <th>Gender</th>
- <th>Job Title</th>
- <th>Region</th>
- <th>Station</th>
- <th>Section</th>
- <th>Supervisor</th>
- <th>Desired Courses</th>
- <th>Courses for Superior</th>
- <th>courses For Subordinates</th>
- </tr>
- <?php
- $sql = "SELECT * FROM requested_courses";
- $result = mysqli_query($db, $sql);
- $queryResults = mysqli_num_rows($result);
- if ($queryResults > 0) {
- while ($row = mysqli_fetch_assoc($result)) {
- echo"
- <tr>
- <td>".$row["name"]."</td>
- <td>".$row["ecnumber"]."</td>
- <td>".$row["gender"]."</td>
- <td>".$row["jobTitle"]."</td>
- <td>".$row["region"]."</td>
- <td>".$row["station"]."</td>
- <td>".$row["section"]."</td>
- <td>".$row["supervisor"]."</td>
- <td>".$row["desiredCourses"]."</td>
- <td>".$row["coursesforSuperior"]."</td>
- <td>".$row["coursesforSubordinates"]."</td>
- </tr>";
- /*echo "<div class='article-box'>
- <h3>".$row['a_title']."</h3>
- <p>".$row['a_text']."</p>
- <p>".$row['a_date']."</p>
- <p>".$row['a_author']."</p>
- </div>";*/
- # code...
- }
- echo "</table>";
- }else{
- echo "Currently there are no courses";
- }
- ?>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement