Working at the moment

Author: Aurase-xnx

admin.php

@@ -0,0 +1,7 @@
+<?php
+  include_once('header.php');
+  include_once('footer.php');
+  include_once('db.php');
+?>
+<h1>Welcome Admin</h1>
+<h1>Ready to ban some kids ?</h1>

db.php

@@ -8,7 +8,6 @@
 try {
  $bd=new PDO('mysql:host='.$host.';dbname='.$dbName, $user, $mdp);
  $bd->exec("SET NAMES 'utf8'");
- echo 'connected to db';
 }
 catch (Exception $e) {
  echo 'Error connecting to DB';

header.php

@@ -1,4 +1,6 @@
-
+<?php
+session_start();
+ ?>
 <!DOCTYPE html>
 <html lang="en" dir="ltr">
   <head>
@@ -14,8 +16,34 @@
         <a href="index.php">Home</a>
         <a href="samples.php">Samples</a>
         <a href="songs.php">Songs</a>
-        <a href="profile.php">Profile</a>
-        <a href="login.php">Login</a>
+
+
+        <?php
+        if (isset($_SESSION['rights'])) {
+          if($_SESSION['rights']==3)
+          {
+            echo '<a href="admin.php">Admin</a>';
+          }
+          if ($_SESSION['rights']==2) {
+            echo '<a href="modo.php">Modo</a>';
+          }
+          if ($_SESSION['rights']==1) {
+            echo '<a href="profile.php">Profile</a>';
+          }
+        }
+        else {
+          echo '<a href="profile.php">Profile</a>';
+        }
+
+
+        ?>
+        <?php if (!isset($_SESSION['username']))
+          {
+            echo '<a href="login.php">Login</a>';
+          } else {
+            echo '<a href="logout.php">Logout</a>';
+          }
+         ?>
       </div>
     </header>
   </body>

index.php

@@ -2,7 +2,6 @@
   include_once('header.php');
   include_once('footer.php');
   include_once('db.php');
-
 ?>
 <!DOCTYPE html>
 <html lang="en" dir="ltr">
@@ -14,6 +13,13 @@
   </head>
   <body>
     <p>Welcome
+      <strong>
+        <?php
+        if (isset($_SESSION['username'])){echo $_SESSION['username'];}
+        else {}
+        ?>
+      </strong>
     </p>
+    <p>This is your new favorite website</p>
   </body>
 </html>

login.php

@@ -1,6 +1,6 @@
 <?php
-session_start();
 include("db.php");
+include_once('header.php');
 ?>
 <?php
 $msg = "";
@@ -10,30 +10,38 @@
   $passhash = sha1($password);
   if($email != "" && $password != "") {
     try {
-      $query = "select * from `users` where `email`=:email and `passhash`=:password";
+      $query = "select * from `users` where `email`=:email and `password`=:password";
       $stmt = $bd->prepare($query);
       $stmt->bindParam('email', $email, PDO::PARAM_STR);
       $hashed = sha1($password);
       $stmt->bindParam('password',$hashed, PDO::PARAM_STR);
+
       $stmt->execute();
+
       $count = $stmt->rowCount();
       $row   = $stmt->fetch(PDO::FETCH_ASSOC);
-      echo "test";
-      if($count == 1 && !empty($row)) {
-        /******************** Your code ***********************/
-        $_SESSION['sess_id']   = $row['id'];
-        $_SESSION['sess_username'] = $row['username'];
-        $_SESSION['sess_email'] = $row['email'];
-        $_SESSION['sess_firstName'] = $row['firstName'];
-        $_SESSION['sess_lastName'] = $row['lastName'];
-        $_SESSION['sess_rights'] = $row['rights'];
-        $_SESSION['sess_active'] = $row['active'];
-        echo '<pre>' . print_r($_SESSION, TRUE) . '</pre>';
-        echo "teub";
-      } else {
-        $msg = "Invalid username and password!";
+
+      if ($row['active']==1) {
+        if($count == 1 && !empty($row)) {
+          $_SESSION['id']   = $row['id'];
+          $_SESSION['username'] = $row['username'];
+          $_SESSION['email'] = $row['email'];
+          $_SESSION['firstName'] = $row['firstName'];
+          $_SESSION['lastName'] = $row['lastName'];
+          $_SESSION['rights'] = $row['rights'];
+          $_SESSION['active'] = $row['active'];
+          $_SESSION['loggedin'] = TRUE;
+          header("Location:index.php");
+        } else {
+          $msg = "Invalid username and password!";
+        }
       }
-    } catch (PDOException $e) {
+      else {
+        echo "Your account has been disabled by an admin";
+          }
+      }
+
+      catch (PDOException $e) {
       echo "Error : ".$e->getMessage();
     }
   } else {
@@ -42,9 +50,6 @@
 }
 ?>
 <!DOCTYPE html>
-<?php
-  include_once('header.php');
- ?>
 <html lang="en" dir="ltr">
   <head>
   <meta charset="utf-8">

modo.php

@@ -0,0 +1,6 @@
+<?php
+  include_once('header.php');
+  include_once('footer.php');
+  include_once('db.php');
+?>
+<h1>Moderation</h1>

profile.php

@@ -2,5 +2,91 @@
   include_once('header.php');
   include_once('footer.php');
   include_once('db.php');
+  if(!isset($_SESSION['loggedin']))
+  {
+    echo "You need to login first";
+    header("Location:profileN.php");
+  }
+
+  if ( isset($_POST['modify']) ) {
+   //un champ obligatoire
+   if ( !empty($_POST['firstName']) )
+   {
+      $username = trim($_POST['firstName']) ;
+   }
+   else
+   {
+       $mistakes['firstName'] = true;
+   }
+   if ( !empty($_POST['lastName']) )
+   {
+      $username = trim($_POST['lastName']) ;
+   }
+   else
+   {
+       $mistakes['lastName'] = true;
+   }
+
+
+
+   if ( !empty($_POST['passmod']) AND isset($_POST['passmodconf'])){
+     if ($_POST["passmod"]== $_POST["passmodconf"]) {
+       $passmod = trim($_POST['passmod']);
+       $passhash = sha1($passmod);
+     }
+   }
+   else
+   {
+       $mistakes['passmod'] = true;
+   }
+
+
+
+
+
+   //un champ obligatoire avec certaines valeurs rejetées
+
+
+
+
+   //s'il n'y a pas d'erreur...
+   if (!empty($mistakes))
+   {
+       include("db.php");
+       echo "sss";
+      $req=$bd->prepare('UPDATE  users WHERE id=:id SET (firstName,lastName,password) VALUES (:username,:email,:password)');
+      $req->bindValue(':id', $_SESSION['id'], PDO::PARAM_STR);
+      $req->bindValue(':firstNameMod', $firstNameMod, PDO::PARAM_STR);
+      $req->bindValue(':lastNameMod', $lastNameMod, PDO::PARAM_STR);
+      $req->bindValue(':passmod', $passhash, PDO::PARAM_STR);
+
+      $req->execute();
+      $req->closeCursor();
+      header("Location:profile.php");
+      exit();
+
+   }
+   else{
+     print_r($mistakes);
+   }
+  }
+
  ?>
-<p>C'te sale gueule</p>
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+  <head>
+    <meta charset="utf-8">
+    <title></title>
+  </head>
+  <body>
+    <p>Username : <strong><?php echo $_SESSION['username'];?></strong></p>
+    <p>First name : <strong><?php echo $_SESSION['firstName'];?></strong></p>
+    <input type="text" name="firstNameMod" value="First Name" id="firstNameMod">
+    <p>Last name : <strong><?php echo $_SESSION['lastName'];?></strong></p>
+    <input type="text" name="lastNameMod" value="Last Name" id="lastNameMod">
+    <p>Mail address : <strong><?php echo $_SESSION['email'];?></strong></p>
+    <input type="password" name="passmod" value="" id="passmod" placeholder="Modify your password">
+    <input type="password" name="passmodconf" value="" id="passmodconf" placeholder="Confirm the password">
+    <input type='submit' name="modify" value='Modify'>
+  </body>
+</html>

profileN.php

@@ -0,0 +1,7 @@
+<?php
+  include_once('header.php');
+  include_once('footer.php');
+  include_once('db.php');
+
+  echo "You need to login first";
+?>

samples.php

@@ -2,4 +2,4 @@
   include_once('header.php');
   include_once('footer.php');
  ?>
-<p>V'la les samples ma gozzzz</p>
+<p>Samples Here</p>

songs.php

@@ -2,4 +2,4 @@
   include_once('header.php');
   include_once('footer.php');
  ?>
-<p>Tema les sons de fous</p>
+<p>Songs Here</p>