Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once ("database_utils.php");
- initDB();
- $errors = array();
- ?>
- <html>
- <head>
- <title>Bioskop | Rezervacija</title>
- <link rel="stylesheet" type="text/css" href="css/style.css">
- <link href="https://fonts.googleapis.com/css?family=Spectral+SC" rel="stylesheet">
- </head>
- <body>
- <h1>Pravljenje rezervacije</h1>
- <a href="./"><button>Povratak na početnu stranu</button></a>
- <?php
- $reservation_movie_id = "";
- $reservation_movie_name = "";
- $reservation_seat = "";
- // vurnable
- if (isset($_GET["movie"])) {
- $reservation_movie_id = htmlspecialchars($_GET["movie"]);
- }
- if (isset($_GET["movie_name"])) {
- $reservation_movie_name = htmlspecialchars($_GET["movie_name"]);
- }
- if (isset($_GET["seat"])) {
- $reservation_seat = htmlspecialchars($_GET["seat"]);
- }
- $seat_exploded = explode("-", $reservation_seat);
- $row = "-";
- $col = "-";
- if (count($seat_exploded) == 2) {
- $row = $seat_exploded[0];
- $col = $seat_exploded[1];
- } else {
- $errors[] = "Format sedišta nije odgovarajući.";
- }
- if (isset($_POST["rezervisi"]) && count($errors) == 0) {
- $reservation_name = htmlspecialchars($_POST['name']);
- $reservation_phone = htmlspecialchars($_POST['phone']);
- $reservation_email = htmlspecialchars($_POST['email']);
- $success = makeReservation($reservation_movie_id, $reservation_seat, $reservation_name, $reservation_phone, $reservation_email);
- if (!$success) {
- $errors[] = "Rezervacija nije uspešno napravljena.";
- }
- } else {
- ?>
- <!-- ?movie="><script>alert("Hacked!");</script><a href=" -->
- <!-- ?movie_name="><script>alert("Hacked!");</script><a href=" -->
- <!-- ?seat="><script>alert("Hacked!");</script><a href=" -->
- <!-- reserve.php/"><script>alert('Hacked');</script><a href=" -->
- <form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"])."?movie=$reservation_movie_id&movie_name=$reservation_movie_name&seat=$reservation_seat";?>">
- <h2>
- <?php
- echo "Rezervacija za film $reservation_movie_name, red $row, kolona $col";
- ?>
- </h2>
- <div>
- <label for="name">Ime i prezime</label><br>
- <input type="text" name="name"/> <!-- </b></p><script>alert("Hacked!");</script><p><b> -->
- </div>
- <div>
- <label for="phone">Broj telefona</label><br>
- <input type="text" name="phone"/> <!-- </b></p><script>alert("Hacked!");</script><p><b> -->
- </div>
- <div>
- <label for="email">Email</label><br>
- <input type="text" name="email"/> <!-- </b></p><script>alert("Hacked!");</script><p><b> -->
- </div>
- <input type="submit" name="rezervisi" value="Rezerviši"/>
- </form>
- <?php
- }
- ?>
- <div class="errors">
- <?php
- foreach ($errors as $error) {
- echo "<div>$error</div>";
- }
- ?>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement