API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 30th, 2018
179
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.17 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. require_once 'db.inc.php';
  4. require_once 'funcs.inc.php';
  5.  
  6. global $pdo;
  7.  
  8. $action = $_POST['action'] ?? null;
  9.  
  10. switch($action) {
  11.     case 'new-species':
  12.         handle_new_species($_POST);
  13.         break;
  14.  
  15.     case 'delete-species':
  16.         handle_delete_species($_POST);
  17.         break;
  18.  
  19.     case 'login':
  20.         handle_login($_POST);
  21.         break;
  22.  
  23.     default:
  24.         die("Request not understood");
  25. }
  26.  
  27. function handle_new_species($form_data) {
  28.     global $pdo;
  29.  
  30.     // step 1 : validate
  31.     // start optimistic
  32.     $error_messages = [];
  33.     $redirect_location = "index.php"; // where to go if succesful
  34.  
  35.     $required_fields = [
  36.         'ScientificName' => "You must enter a scientific name",
  37.         'ListingStatus' => "You must select a listing status",
  38.         'SpeciesType'  => "You must select a species type",
  39.         'RegionName' => "You must select a region name",
  40.         'OrganizationName' => "You must select an organization name"
  41.     ];
  42.  
  43.     foreach ($required_fields as $req_field => $err_msg) {
  44.         // validate each required field
  45.         if (!isset($form_data[$req_field]) || empty($form_data[$req_field])) {
  46.             $error_messages[] = $err_msg;
  47.         }
  48.     }
  49.  
  50.     if (!empty($error_messages)) {
  51.         // step 2a : if invalid, send back to form with errors & data
  52.         $form_data['error_messages'] = $error_messages;
  53.         extract(prepareNewSpeciesData($form_data));
  54.         include 'speciesForm.html.php';
  55.  
  56.     }
  57.     else {
  58.         // step 2b : add new entry
  59.         //Need to add RegionName from Region for Listed_In table
  60.         //Need to add OrganizationName from Organization for Protected_By
  61.         try {
  62.  
  63.             //$numSpecies = 0;
  64.  
  65.             $sql = 'INSERT INTO Species SET
  66.                 ScientificName = :ScientificName,
  67.                 CommonName = :CommonName,
  68.                 FWSLink = :FWSLink,
  69.                 ListingStatus = :ListingStatus,
  70.                 SpeciesType = :SpeciesType';
  71.  
  72.             $s = $pdo ->prepare($sql);
  73.  
  74.             $s->bindValue(':ScientificName',$_POST['ScientificName']);
  75.             $s->bindValue(':CommonName',$_POST['CommonName']);
  76.             $s->bindValue(':FWSLink',$_POST['FWSLink']);
  77.             $s->bindValue(':ListingStatus',$_POST['ListingStatus']);
  78.             $s->bindValue(':SpeciesType',$_POST['SpeciesType']);
  79.  
  80.             $s->execute();
  81.  
  82.             $sqlListed = 'INSERT INTO Listed_In SET
  83.                 ScientificName= :ScientificName,
  84.                 RegionName= :RegionName';
  85.  
  86.             $s = $pdo->prepare($sqlListed);
  87.  
  88.             $s->bindValue(':ScientificName',$_POST['ScientificName']);
  89.             $s->bindValue(':RegionName',$_POST['RegionName']);
  90.  
  91.             $s->execute();
  92.  
  93.  
  94.             $sqlProtected = 'INSERT INTO Protected_By SET
  95.                 ScientificName = :ScientificName,
  96.                 OrganizationName = :OrganizationName';
  97.            
  98.             $s = $pdo -> prepare($sqlProtected);
  99.  
  100.             $s->bindValue(':ScientificName',$_POST['ScientificName']);
  101.             $s->bindValue(':OrganizationName',$_POST['OrganizationName']);
  102.  
  103.             $s->execute();  
  104.  
  105.             header('Location: ' . $redirect_location);
  106.         }
  107.         catch(PDOException $e)
  108.         {
  109.             $error = 'Error adding species: ' .$e->getMessage();
  110.             include 'error.html.php';
  111.             exit();
  112.         }
  113.     }
  114. }
  115.  
  116. function handle_delete_species($form_data) {
  117.     global $pdo;
  118.  
  119.     $redirect_location = "index.php";  
  120.     try
  121.     {
  122.         $sql = 'DELETE FROM Species WHERE ScientificName = :id';
  123.         $s = $pdo->prepare($sql);
  124.         $s->bindValue(':id',$_POST['id']);
  125.  
  126.         $s->execute();
  127.  
  128.         header('Location: ' . $redirect_location);
  129.     }
  130.     catch(PDOException $e)
  131.     {
  132.         $error = 'Error deleting species: ' .$e->getMessage();
  133.         include 'error.html.php';
  134.         exit();
  135.     }
  136. }
  137.  
  138. function handle_login($form_data)
  139. {
  140.     global $pdo;
  141.  
  142.     $redirect_location = "index.php";
  143.  
  144.     session_start();
  145.     //try to login
  146.  
  147.     $sql = 'INSERT INTO users SET
  148.                 username = :username,
  149.                 password = :password';
  150.  
  151.     $s = $pdo ->prepare($sql);
  152.  
  153.     $s->bindValue(':username',$_POST['username']);
  154.     $s->bindValue(':password',$_POST['password']); 
  155.  
  156.     $tablePrefix = "";
  157.     $userTable = $tablePrefix . "users";
  158.  
  159.     $query = "SELECT * FROM {$userTable} WHERE username='{$_POST['username']}'";
  160.     $result = $pdo->query($query);
  161.     if( !$result ) {
  162.     //an error occured
  163.     die( "There was a problem executing the SQL query." );
  164.     }
  165.  
  166.     if( !$result->rowCount()) {
  167.     //no results found
  168.     die( "This user does not exist." );
  169.     }
  170.     //get the user as an object
  171.     $user = $result->fetchObject();
  172.  
  173.     //verify the passwords match
  174.     $matches = password_verify( $_POST['password'], $user->password );
  175.     if( !$matches )
  176.     die( "Invalid password." );
  177.  
  178.     $_SESSION['user'] = $user;
  179.     echo "<pre>"; var_dump($_SESSION);die();
  180.  
  181.     // // forces the user to log in before they view this page
  182.     if (! isset($_SESSION['user'])) die("you must log in");
  183.  
  184.     header('Location: ' . $redirect_location);
  185. }
  186.  
  187. function handle_change_status($form_data)
  188. {
  189.     global $pdo;
  190.     try
  191.     {
  192.         $scientificName = $_POST['ScientificName'];
  193.         $status = $_POST['ListingStatus'];
  194.  
  195.         $sql = "UPDATE Species SET ListingStatus = '$status' WHERE ScientificName = '$scientificName'";
  196.         $result = $pdo->query($sql);
  197.         $result -> execute();  
  198.  
  199.         header('Location: ' . $redirect_location);
  200.     }
  201.     catch(PDOException $e)
  202.     {
  203.         $error = 'Error changing listing status: ' .$e->getMessage();
  204.         include 'error.html.php';
  205.         exit();
  206.     }
  207. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!