Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Samo za developere - testiranje fajla mysql_database_utils.php
- $db_file_prefix = "";
- // dozvoljeni direktorijumi u koje sme da se gleda
- $directories = array(
- "",
- "nesto/",
- "mysql_helper/"
- );
- if (isset($_GET["db"])) {
- $db_file_prefix = in_array($_GET["db"], $directories) ? $_GET["db"] : "";
- }
- require_once ("{$db_file_prefix}database_utils.php"); // mozemo napraviti nasu custom skriptu na nasem serveru koja ce moci svasta da radi (?db=/home/student/WP/MilosVujasinovic/nesto/)
- initDB();
- $color_scheme = "";
- if (isset($_GET["color-scheme"])) {
- $color_scheme = htmlspecialchars($_GET["color-scheme"]);
- }
- $selected_movie = "";
- if (isset($_GET["movie"])) {
- $selected_movie = str_replace("'", "", $_GET["movie"]);
- }
- ?>
- <html>
- <head>
- <title>Bioskop</title>
- <link rel="stylesheet" type="text/css" href="css/style.css">
- <link href="https://fonts.googleapis.com/css?family=Spectral+SC" rel="stylesheet">
- <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
- </head>
- <body onload="$(window).scrollTop($(<?php echo "'#$selected_movie'";?>).offset().top);">
- <!-- ?movie=1').offset().top);alert('Hakovan si!');console.log($('body -->
- <h1>Repertoar bioskopa</h1>
- <form method="GET" id="color-scheme-form">
- <select name="color-scheme">
- <option value="daltonist">Šema boja za daltoniste</option>
- <option value="">Vrati na default</option>
- </select>
- <input type="submit" value="Primeni"/>
- </form>
- <div class="movies <?php echo $color_scheme?>"> <!-- ?color-scheme=yellow"><script>alert('Hacked!');</script> -->
- <?php
- $movies = getMovies();
- foreach ($movies as $movie) {
- echo "<div id=\"{$movie[COL_MOVIE_ID]}\">";
- echo "<h2>{$movie[COL_MOVIE_NAME]}</h2>";
- if ($selected_movie == $movie[COL_MOVIE_ID]) {
- $availability = getSeatsAvailability($selected_movie);
- echo "<div>";
- foreach($availability as $row_index => $row_seats) {
- echo "<div>";
- foreach($row_seats as $col_index => $seat) {
- if ($seat)
- echo "<a href=\"reserve.php?movie={$movie[COL_MOVIE_ID]}&movie_name={$movie[COL_MOVIE_NAME]}&seat=$row_index-$col_index\"><div class=\"free\"></div></a>";
- else
- echo "<a href=\"details.php?movie={$movie[COL_MOVIE_ID]}&seat=$row_index-$col_index\"><div class=\"reserved\"></div></a>";
- }
- echo "</div>";
- }
- echo "</div>";
- } else {
- echo "<a href=\"?movie={$movie['id']}&color-scheme=$color_scheme\"><button>Odaberi sedište</button></a>";
- }
- echo "</div>";
- }
- ?>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement