Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /****************************************************************************************************
- Modified by Nicholas Mingo
- *****************************************************************************************************
- R. V. Sampangi. 2017. Solution for Server Side Scripting Assignment 5. In INFX2670: Introduction to
- Server Side Scripting, Faculty of Computer Science, Dalhousie University, NS, Canada.
- *****************************************************************************************************/
- if(isset($_POST['create_user'])) {
- /*
- * Retrieve all the form values using the $_POST superglobal.
- */
- if($_POST['password']){
- die("passwords too short!");
- }
- if($_POST['password']){
- die("The password requires one uppercase letter a lower case letter and one number!");
- }
- if($_POST['password'] != $_POST['passwordagain']){
- die("passwords do not match");
- }
- $user_firstname = test_form_input($_POST['user_firstname']);
- $user_lastname = test_form_input($_POST['user_lastname']);
- $user_role = test_form_input($_POST['user_role']);
- $user_email = test_form_input($_POST['user_email']);
- $username = test_form_input($_POST['username']);
- $password = test_form_input($_POST['password']);
- $user_image = $_FILES['user_image']['name'];
- $user_image_temp = $_FILES['user_image']['tmp_name'];
- $user_image_filesize = $_FILES['user_image']['size'];
- if($user_image != "") {
- /*
- * This section of the code manages image uploads. As discussed in class,
- * we check if the file is of a specified type, and within the allowed file-size.
- */
- $target_file = "../images/" . $user_image;
- $finfo = finfo_open(FILEINFO_MIME_TYPE);
- $mime = finfo_file($finfo, $user_image_temp);
- /*
- * A list of MIME types are available here:
- * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
- */
- switch ($mime) {
- case 'image/jpeg':
- case 'image/png':
- if ($user_image_filesize < TWO_MEGA_BYTES) {
- //Upload the image.
- move_uploaded_file($user_image_temp, "$target_file");
- }
- break;
- default:
- die("<br>Unknown file type. Your image cannot be uploaded.<br>");
- }
- }
- else {
- //Otherwise, the user has not set any user image.
- $user_image = "";
- }
- $sql = "INSERT INTO users(user_firstname, user_lastname, user_email, user_role, user_image) ";
- $sql .= "VALUES('$user_firstname','$user_lastname','$user_email',$user_role,'$user_image')";
- $submit_user_result = $conn->query($sql);
- if (!$submit_user_result) {
- die ("Error creating user.<br>" . $conn->error . "<br>");
- }
- $sql = "SELECT user_id FROM users WHERE user_firstname = '{$user_firstname}' AND user_email = '{$user_email}'";
- $check_user = $conn->query($sql);
- if (!$check_user) {
- die ("<p>Sorry. Your request could not be completed. You can see the detailed error report below:</p>" . $conn->error);
- }
- while ($row = $check_user->fetch_assoc()) {
- $user_id = $row['user_id'];
- }
- $random_salt = rand();
- $sql = "INSERT INTO login(user_id, username, password, random_salt) ";
- $sql .= "VALUES('$user_id','$username','$password',$random_salt)";
- $submit_userlogin_result = $conn->query($sql);
- if (!$submit_userlogin_result) {
- die ("Error creating user.<br>" . $conn->error . "<br>");
- }
- header("Location: view_users.php");
- }
- //CODE TO UPDATE THE POST AFTER USER SUBMITS THE FORM.
- if(isset($_GET['u_id'])) {
- $update_this_user_id = $_GET['u_id'];
- }
- if(isset($_POST['update_user'])) {
- /*
- * Retrieve all the form values using the $_POST superglobal.
- */
- $user_firstname = test_form_input($_POST['user_firstname']);
- $user_lastname = test_form_input($_POST['user_lastname']);
- $user_email = test_form_input($_POST['user_email']);
- $user_image = $_FILES['user_image']['name'];
- $user_image_temp = $_FILES['user_image']['tmp_name'];
- $user_image_filesize = $_FILES['user_image']['size'];
- $sql = "SELECT user_image FROM users WHERE user_id = {$update_this_user_id}";
- $check_if_image_exists = $conn->query($sql);
- if (!$check_if_image_exists) {
- die ("<p>Sorry. Your request could not be completed. You can see the detailed error report below:</p>" . $conn->error);
- }
- while ($row = $check_if_image_exists->fetch_assoc()) {
- $image_name_check = $row['user_image'];
- }
- if (($image_name_check == "" && $user_image != "") || ($image_name_check != "" && $user_image != "" && $image_name_check != $user_image)) {
- /*
- * This section of the code manages image uploads. As discussed in class,
- * we check if the file is of a specified type, and within the allowed file-size.
- */
- $target_file = "../images/" . $user_image;
- $finfo = finfo_open(FILEINFO_MIME_TYPE);
- $mime = finfo_file($finfo, $user_image_temp);
- /*
- * A list of MIME types are available here:
- * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
- */
- switch ($mime) {
- case 'image/jpeg':
- case 'image/png':
- if ($user_image_filesize < TWO_MEGA_BYTES) {
- //Upload the image.
- move_uploaded_file($user_image_temp, "$target_file");
- }
- break;
- default:
- die("<br>Unknown file type. Your image cannot be uploaded.<br>");
- }
- }
- else {
- $user_image = $image_name_check;
- }
- $sql = "UPDATE users SET ";
- $sql .= "user_firstname = '{$user_firstname}', ";
- $sql .= "user_lastname = '{$user_lastname}', ";
- $sql .= "user_email = '{$user_email}', ";
- $sql .= "user_image = '{$user_image}' ";
- $sql .= "WHERE user_id = '{$update_this_user_id}'";
- $update_post_result = $conn->query($sql);
- if (!$update_post_result) {
- die ("Error updating user.<br>" . $conn->error . "<br>");
- }
- header("Location: view_users.php");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement