Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include('inc/db.php');
- try
- {
- $conn=new PDO($dbdsn,$dbuser,$dbpass);
- $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $cmd=isset($_POST['cmd'])?$_POST['cmd']:'';
- if($cmd=='login')
- {
- $username=isset($_POST['uname'])?$_POST['uname']:'';
- $password=isset($_POST['upass'])?$_POST['upass']:'';
- $sql="SELECT username FROM tbl_user WHERE password=SHA1(CONCAT(:password,salt)) AND username=:username";
- $stmt = $conn->prepare($sql);
- $stmt->bindParam(':password', $password, PDO::PARAM_STR);
- $stmt->bindParam(':username', $username, PDO::PARAM_STR);
- $stmt->execute();
- $result = $stmt->fetchAll(PDO::FETCH_CLASS, 'ArrayObject');
- if(count($result)>0) $_SESSION['u_script']=$result[0]->username;
- header('location:add.php');
- }
- elseif($cmd=='add')
- {
- $sql='INSERT INTO tbl_script(`id_script`,`title`,`created_date`,`updated_date`,`id_category`,`content`,`hits`) '
- .'VALUES(NULL,:title,NOW(),NOW(),:id_category,:content,1)';
- $stmt = $conn->prepare($sql);
- $title=isset($_POST['title'])?$_POST['title']:'';
- $id_category=isset($_POST['id_category'])?$_POST['id_category']:'';
- $content=isset($_POST['content'])?$_POST['content']:'';
- $id_category=isset($_POST['id_category'])?$_POST['id_category']:'';
- $stmt->bindParam(':title', $title, PDO::PARAM_STR);
- $stmt->bindParam(':id_category', $id_category, PDO::PARAM_INT);
- $stmt->bindValue(':content', $content, PDO::PARAM_STR);
- $stmt->bindParam(':id_category', $id_category, PDO::PARAM_INT);
- $stmt->execute();
- header('location:index.php');
- }
- elseif($cmd=='edit')
- {
- $sql='UPDATE tbl_script '
- .'SET `title`=:title,`updated_date`=NOW(),`content`=:content,`hits`=:hits,`id_category`=:id_category '
- .'WHERE `id_script`=:id_script';
- $stmt = $conn->prepare($sql);
- $id_script=isset($_POST['id_script'])?$_POST['id_script']:'';
- $hits=isset($_POST['hits'])?$_POST['hits']:'';
- $title=isset($_POST['title'])?$_POST['title']:'';
- $id_category=isset($_POST['id_category'])?$_POST['id_category']:'';
- $content=isset($_POST['content'])?$_POST['content']:'';
- $stmt->bindParam(':id_script', $id_script, PDO::PARAM_INT);
- $stmt->bindParam(':title', $title, PDO::PARAM_STR);
- $stmt->bindParam(':id_category', $id_category, PDO::PARAM_INT);
- $stmt->bindValue(':content', $content, PDO::PARAM_STR);
- $stmt->bindParam(':hits', $hits, PDO::PARAM_INT);
- $stmt->execute();
- header('location:index.php');
- }
- else
- {
- echo "<pre>";print_r($_POST);echo "</pre>";
- }
- }
- catch(PDOException $e)
- {
- echo 'ERROR: ' . $e->getMessage();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement