Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once 'db.inc.php';
- require_once 'funcs.inc.php';
- global $pdo;
- $action = $_POST['action'] ?? null;
- switch($action) {
- case 'new-species':
- handle_new_species($_POST);
- break;
- case 'delete-species':
- handle_delete_species($_POST);
- break;
- case 'login':
- handle_login($_POST);
- break;
- default:
- die("Request not understood");
- }
- function handle_new_species($form_data) {
- global $pdo;
- // step 1 : validate
- // start optimistic
- $error_messages = [];
- $redirect_location = "index.php"; // where to go if succesful
- $required_fields = [
- 'ScientificName' => "You must enter a scientific name",
- 'ListingStatus' => "You must select a listing status",
- 'SpeciesType' => "You must select a species type",
- 'RegionName' => "You must select a region name",
- 'OrganizationName' => "You must select an organization name"
- ];
- foreach ($required_fields as $req_field => $err_msg) {
- // validate each required field
- if (!isset($form_data[$req_field]) || empty($form_data[$req_field])) {
- $error_messages[] = $err_msg;
- }
- }
- if (!empty($error_messages)) {
- // step 2a : if invalid, send back to form with errors & data
- $form_data['error_messages'] = $error_messages;
- extract(prepareNewSpeciesData($form_data));
- include 'speciesForm.html.php';
- }
- else {
- // step 2b : add new entry
- //Need to add RegionName from Region for Listed_In table
- //Need to add OrganizationName from Organization for Protected_By
- try {
- //$numSpecies = 0;
- $sql = 'INSERT INTO Species SET
- ScientificName = :ScientificName,
- CommonName = :CommonName,
- FWSLink = :FWSLink,
- ListingStatus = :ListingStatus,
- SpeciesType = :SpeciesType';
- $s = $pdo ->prepare($sql);
- $s->bindValue(':ScientificName',$_POST['ScientificName']);
- $s->bindValue(':CommonName',$_POST['CommonName']);
- $s->bindValue(':FWSLink',$_POST['FWSLink']);
- $s->bindValue(':ListingStatus',$_POST['ListingStatus']);
- $s->bindValue(':SpeciesType',$_POST['SpeciesType']);
- $s->execute();
- $sqlListed = 'INSERT INTO Listed_In SET
- ScientificName= :ScientificName,
- RegionName= :RegionName';
- $s = $pdo->prepare($sqlListed);
- $s->bindValue(':ScientificName',$_POST['ScientificName']);
- $s->bindValue(':RegionName',$_POST['RegionName']);
- $s->execute();
- $sqlProtected = 'INSERT INTO Protected_By SET
- ScientificName = :ScientificName,
- OrganizationName = :OrganizationName';
- $s = $pdo -> prepare($sqlProtected);
- $s->bindValue(':ScientificName',$_POST['ScientificName']);
- $s->bindValue(':OrganizationName',$_POST['OrganizationName']);
- $s->execute();
- header('Location: ' . $redirect_location);
- }
- catch(PDOException $e)
- {
- $error = 'Error adding species: ' .$e->getMessage();
- include 'error.html.php';
- exit();
- }
- }
- }
- function handle_delete_species($form_data) {
- global $pdo;
- $redirect_location = "index.php";
- try
- {
- $sql = 'DELETE FROM Species WHERE ScientificName = :id';
- $s = $pdo->prepare($sql);
- $s->bindValue(':id',$_POST['id']);
- $s->execute();
- header('Location: ' . $redirect_location);
- }
- catch(PDOException $e)
- {
- $error = 'Error deleting species: ' .$e->getMessage();
- include 'error.html.php';
- exit();
- }
- }
- function handle_login($form_data)
- {
- global $pdo;
- $redirect_location = "index.php";
- session_start();
- //try to login
- $sql = 'INSERT INTO users SET
- username = :username,
- password = :password';
- $s = $pdo ->prepare($sql);
- $s->bindValue(':username',$_POST['username']);
- $s->bindValue(':password',$_POST['password']);
- $tablePrefix = "";
- $userTable = $tablePrefix . "users";
- $query = "SELECT * FROM {$userTable} WHERE username='{$_POST['username']}'";
- $result = $pdo->query($query);
- if( !$result ) {
- //an error occured
- die( "There was a problem executing the SQL query." );
- }
- if( !$result->rowCount()) {
- //no results found
- die( "This user does not exist." );
- }
- //get the user as an object
- $user = $result->fetchObject();
- //verify the passwords match
- $matches = password_verify( $_POST['password'], $user->password );
- if( !$matches )
- die( "Invalid password." );
- $_SESSION['user'] = $user;
- echo "<pre>"; var_dump($_SESSION);die();
- // // forces the user to log in before they view this page
- if (! isset($_SESSION['user'])) die("you must log in");
- header('Location: ' . $redirect_location);
- }
- function handle_change_status($form_data)
- {
- global $pdo;
- try
- {
- $scientificName = $_POST['ScientificName'];
- $status = $_POST['ListingStatus'];
- $sql = "UPDATE Species SET ListingStatus = '$status' WHERE ScientificName = '$scientificName'";
- $result = $pdo->query($sql);
- $result -> execute();
- header('Location: ' . $redirect_location);
- }
- catch(PDOException $e)
- {
- $error = 'Error changing listing status: ' .$e->getMessage();
- include 'error.html.php';
- exit();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement