Untitled

<?php
/****************************************************************************************************
Modified by Nicholas Mingo
*****************************************************************************************************
R. V. Sampangi. 2017. Solution for Server Side Scripting Assignment 5. In INFX2670: Introduction to
Server Side Scripting, Faculty of Computer Science, Dalhousie University, NS, Canada.
*****************************************************************************************************/

	if(isset($_POST['create_user'])) {
		/*
		 * Retrieve all the form values using the $_POST superglobal.
		 */
		 if($_POST['password']){
			 die("passwords too short!");
		 }
		 if($_POST['password']){
			 die("The password requires one uppercase letter a lower case letter and one number!");
		 }
		 if($_POST['password'] != $_POST['passwordagain']){
			 die("passwords do not match");
		 }
		$user_firstname = test_form_input($_POST['user_firstname']);
		$user_lastname = test_form_input($_POST['user_lastname']);
		$user_role = test_form_input($_POST['user_role']);
		$user_email = test_form_input($_POST['user_email']);
		$username = test_form_input($_POST['username']);
		$password = test_form_input($_POST['password']);

		$user_image = $_FILES['user_image']['name'];
		$user_image_temp = $_FILES['user_image']['tmp_name'];
		$user_image_filesize = $_FILES['user_image']['size'];

		if($user_image != "") {
			/*
			 * This section of the code manages image uploads. As discussed in class,
			 * we check if the file is of a specified type, and within the allowed file-size.
			 */
			$target_file = "../images/" . $user_image;
			$finfo = finfo_open(FILEINFO_MIME_TYPE);
			$mime = finfo_file($finfo, $user_image_temp);

			/*
			 * A list of MIME types are available here:
			 * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
			 */

			switch ($mime) {
				case 'image/jpeg':
				case 'image/png':
					if ($user_image_filesize < TWO_MEGA_BYTES) {
						//Upload the image.
						move_uploaded_file($user_image_temp, "$target_file");
					}
					break;

				default:
					die("<br>Unknown file type. Your image cannot be uploaded.<br>");
			}
		}
		else {
			//Otherwise, the user has not set any user image.
			$user_image = "";
		}

		$sql = "INSERT INTO users(user_firstname, user_lastname, user_email, user_role, user_image) ";
		$sql .= "VALUES('$user_firstname','$user_lastname','$user_email',$user_role,'$user_image')";

		$submit_user_result = $conn->query($sql);

		if (!$submit_user_result) {
			die ("Error creating user.<br>" . $conn->error . "<br>");
		}


		$sql = "SELECT user_id FROM users WHERE user_firstname = '{$user_firstname}' AND user_email = '{$user_email}'";
		$check_user = $conn->query($sql);

		if (!$check_user) {
			die ("<p>Sorry. Your request could not be completed. You can see the detailed error report below:</p>" . $conn->error);
		}

		while ($row = $check_user->fetch_assoc()) {
			$user_id = $row['user_id'];
		}


		$random_salt = rand();

		$sql = "INSERT INTO login(user_id, username, password, random_salt) ";
		$sql .= "VALUES('$user_id','$username','$password',$random_salt)";

		$submit_userlogin_result = $conn->query($sql);

		if (!$submit_userlogin_result) {
			die ("Error creating user.<br>" . $conn->error . "<br>");
		}

		header("Location: view_users.php");

	}


	//CODE TO UPDATE THE POST AFTER USER SUBMITS THE FORM.
	if(isset($_GET['u_id'])) {
		$update_this_user_id = $_GET['u_id'];
	}
	if(isset($_POST['update_user'])) {
		/*
		 * Retrieve all the form values using the $_POST superglobal.
		 */
		$user_firstname = test_form_input($_POST['user_firstname']);
		$user_lastname = test_form_input($_POST['user_lastname']);
		$user_email = test_form_input($_POST['user_email']);

		$user_image = $_FILES['user_image']['name'];
		$user_image_temp = $_FILES['user_image']['tmp_name'];
		$user_image_filesize = $_FILES['user_image']['size'];


		$sql = "SELECT user_image FROM users WHERE user_id = {$update_this_user_id}";
		$check_if_image_exists = $conn->query($sql);

		if (!$check_if_image_exists) {
			die ("<p>Sorry. Your request could not be completed. You can see the detailed error report below:</p>" . $conn->error);
		}

		while ($row = $check_if_image_exists->fetch_assoc()) {
			$image_name_check = $row['user_image'];
		}

		if (($image_name_check == "" && $user_image != "") || ($image_name_check != "" && $user_image != "" && $image_name_check != $user_image)) {
			/*
			 * This section of the code manages image uploads. As discussed in class,
			 * we check if the file is of a specified type, and within the allowed file-size.
			 */
			$target_file = "../images/" . $user_image;
			$finfo = finfo_open(FILEINFO_MIME_TYPE);
			$mime = finfo_file($finfo, $user_image_temp);

			/*
			 * A list of MIME types are available here:
			 * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
			 */

			switch ($mime) {
				case 'image/jpeg':
				case 'image/png':
					if ($user_image_filesize < TWO_MEGA_BYTES) {
						//Upload the image.
						move_uploaded_file($user_image_temp, "$target_file");
					}
					break;

				default:
					die("<br>Unknown file type. Your image cannot be uploaded.<br>");
			}
		}
		else {
			$user_image = $image_name_check;
		}


		$sql = "UPDATE users SET ";
		$sql .= "user_firstname = '{$user_firstname}', ";
		$sql .= "user_lastname = '{$user_lastname}', ";
		$sql .= "user_email = '{$user_email}', ";
		$sql .= "user_image = '{$user_image}' ";
		$sql .= "WHERE user_id = '{$update_this_user_id}'";

		$update_post_result = $conn->query($sql);

		if (!$update_post_result) {
			die ("Error updating user.<br>" . $conn->error . "<br>");
		}

		header("Location: view_users.php");

	}

?>