Mitch Examen Morgen

1. <?php
2. $database = new database;
3. ob_start();
4. session_start();
5.  
6. class database {
7. private $pdo;
8.  
9. public function __construct() {
10. // Connection information
11. $host = 'localhost';
12. $dbname = 'proeven';
13. $user = 'root';
14. $pass = '';
15.  
16. // Attempt DB connection
17. try
18. {
19. $this->pdo = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
20. $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
21. //echo 'Successfully connected to the database!';
22. }
23. catch(PDOException $e)
24. {
25. echo $e->getMessage();
26. }
27. }
28. //When you login the CMS, it checks for you'r CMS id.
29. //if all is right, you will be logged in.
30. function cms_login() {
31. $sql = "SELECT * FROM users WHERE username = :username AND (cms_id = '1' OR cms_id = '2')";
32. $sth = $this->pdo->prepare($sql);
33. $sth->bindParam(':username', $_POST['username'], PDO::PARAM_STR);
34. $sth->execute();
35.  
36. if (($row = $sth->fetchObject())) {
37. if ($_POST['password'] == $row->password) {
38. $_SESSION['cms_login'] = '1';
39. $_SESSION['user_id'] = $row->user_id;
40. $_SESSION['username'] = $row->username;
41. header('Location: index.php');
42. }
43. /*If the password/email_adres is inccorect. it gives you a warning message*/
44. else { ?>
45. Username or password is incorrect!
46. <?php }
47. } else { ?>
48. Username or password is incorrect!
49. <?php }
50. }
51. //When loggin in to the forum, it just checks wheter you'r username and password are correct.
52. //no need for other checks.
53. function forum_login() {
54. $sql = "SELECT * FROM users WHERE username = :username";
55. $sth = $this->pdo->prepare($sql);
56. $sth->bindParam(':username', $_POST['username'], PDO::PARAM_STR);
57. $sth->execute();
58.  
59. if (($row = $sth->fetchObject())) {
60. if ($_POST['password'] == $row->password) {
61. $_SESSION['forum_login'] = '1';
62. $_SESSION['user_id'] = $row->user_id;
63. $_SESSION['user_rank'] = $row->cms_id;
64. $_SESSION['username'] = $row->username;
65. header('Location: ../index.php');
66. }
67. /*If the password/email_adres is inccorect. it gives you a warning message*/
68. else { ?>
69. Username or password is incorrect!
70. <?php }
71. } else { ?>
72. Username or password is incorrect!
73. <?php }
74. }
75.  
76. //When making a new thread, everything will be inserted inside here.
77. function new_thread($user_id, $user_name, $thread_name, $category, $message, $thread_date) {
78. $sql = "INSERT INTO threads "
79. . "(thread_id, user_id, user_name, category, thread_title, thread_message, thread_time)"
80. . "VALUES (thread_id, :user_id, :user_name, :category, :thread_title, :thread_message, :thread_time) ";
81. $sth = $this->pdo->prepare($sql);
82. $sth->bindParam(':user_id', $_POST['user_id'], PDO::PARAM_STR);
83. $sth->bindParam(':user_name', $_POST['user_name'], PDO::PARAM_STR);
84. $sth->bindParam(':category', $_POST['thread_category'], PDO::PARAM_STR);
85. $sth->bindParam(':thread_title', $_POST['thread_name'], PDO::PARAM_STR);
86. $sth->bindParam(':thread_message', $message, PDO::PARAM_STR);
87. $sth->bindParam(':thread_time', $_POST['date'], PDO::PARAM_STR);
88. $sth->execute();
89. $get_insert_id = $this->pdo->lastInsertId();
90. header('Location: thread.php?thread_id=' . $get_insert_id);
91. }
92. }
93.  
94.  
95. if(isset($_POST['add_new_thread'])){
96. $user_id = $_POST['user_id'];
97. $thread_date = $_POST['date'];
98. $user_name = $_POST['user_name'];
99. $thread_name = $_POST['thread_name'];
100. $show_category = $_POST['thread_category'];
101. $message_raw = $_POST['thread_message'];
102. $message = str_replace($replace, $search, $message_raw);
103. $database->add_user_post($user_id, $user_name, $thread_name, $category, $message, $thread_date);
104. unset($_POST['add_new_thread']);
105. }