Create a gist now

Instantly share code, notes, and snippets.

anonymous /admin.php
Created Apr 20, 2017

What would you like to do?
<?php
session_start();
include 'db_connect.php';
if(!$_SESSION['logged_in']) {
print "You must login to view this page. Click here to login: <a href=\"login.php\">login.php";
} else {
if ($_SESSION['logged_in_user_access'] == "administrator") {
$select_games_query = "SELECT r.review_id, r.game_name, r.game_review, r.game_rating, r.game_image_url, DATE_FORMAT(r.review_creation_date, '%b %e') AS review_date
FROM a5p2_reviews r, a5p2_users u
WHERE r.user_id = u.user_id";
$select_games_result = $mysqli->query($select_games_query);
} else if ($_SESSION['logged_in_user_access'] == "reviewer") {
$select_games_query = "SELECT r.review_id, r.game_name, r.game_review, r.game_rating, r.game_image_url, DATE_FORMAT(r.review_creation_date, '%b %e') AS review_date
FROM a5p2_reviews r, a5p2_users u
WHERE r.user_id = u.user_id AND u.user_id = ".$_SESSION['logged_in_user_id']."";
$select_games_result = $mysqli->query($select_games_query);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>a5p2 admin.php</title>
<style type="text/css">@import url('css/styles.css');</style>
</head>
<body>
<p>Congratulations <?php print $_SESSION['logged_in_user_fullname']; ?>, you have successfully logged in!</p>
<?php if($_SESSION['logged_in_user_access'] == 'reviewer') { ?> <p>Click here to insert a new story: <a href="insert.php">insert.php</a></p> <?php } ?>
<p>Click here to logout: <a href="logout.php">logout.php</a></p>
<hr />
<p>
<table border="1">
<tr>
<td>Game Name</td>
<td>Game Review</td>
<td>Game Rating</td>
<td>Game Image</td>
<td>Review Creation Date</td>
<td>View Comments</td>
<?php if($_SESSION['logged_in_user_access'] == "administrator") { ?>
<td>Delete Row</td> <?php
} ?>
</tr>
<?php
while($row = $select_games_result->fetch_object()) {
print "<tr>";
print "<td>".$row->game_name."</td>";
print "<td>".$row->game_review."</td>";
print "<td>".$row->game_rating."</td>";
print "<td><img src=\"".$row->game_image_url."\" height=\"320\" width=\"223\" alt=\"image\" /></td>";
print "<td>".$row->review_date."</td>";
print "<td><a href=\"review.php\">View Comments</td>";
if($_SESSION['logged_in_user_access'] == "administrator") {
print "<td>
<a href=\"delete.php?review_id=".$row->review_id."\">delete</a>
</td>";
}
print "</tr>";
$_SESSION['comment_row'] = $row->review_id;
}
?>
</table>
</p>
</body>
</html>
<?php } $mysqli->close(); ?>
<?php
session_start();
include("db_connect.php");
if(isset($_POST['submit']) && (!$_SESSION['logged_in'])) {
$select_query = "SELECT * FROM a5p2_users"; // query to select all users/passwords
$select_result = $mysqli->query($select_query);
if($mysqli->error) {
print "Select query error! Message: ".$mysqli->error;
}
while($row = $select_result->fetch_object()) {
if ((($_POST['username']) == ($row->username)) && (md5($_POST['password']) == ($row->password))) { // check if user input = a record in the database
$_SESSION['logged_in'] = true;
$_SESSION['logged_in_user_id'] = $row->user_id;
$_SESSION['logged_in_user_name'] = $row->username;
$_SESSION['logged_in_user_fullname'] = $row->first_name.' '.$row->last_name;
$_SESSION['logged_in_user_access'] = $row->access_level;
} else {
// do nothing
}
}
}
if (isset($_SESSION['logged_in'])) {
header("Location: admin.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>a5p2 Login</title>
<style type="text/css">@import url('css/styles.css');</style>
</head>
<body>
<form method="post" action="">
<label for="username">Username</label>
<input name="username" id="username" type="text" /><br />
<label for="password">Password</label>
<input name="password" id="password" type="password" /><br />
<input name="submit" id="submit" type="submit" value="Login" />
</form>
<table border="1">
<thead>
<th>Username</th>
<th>Password</th>
</thead>
<tbody>
<tr>
<td>admin</td>
<td>admin</td>
</tr>
<tr>
<td>reviewer1</td>
<td>reviewer1pw</td>
</tr>
<tr>
<td>reviewer2</td>
<td>reviewer2pw</td>
</tr>
<tr>
<td>reviewer3</td>
<td>reviewer3pw</td>
</tr>
</tbody>
</table>
</body>
</html>
<?php $mysqli->close(); ?>
<?php
session_start();
include 'db_connect.php';
if ($_SESSION['logged_in_user_access'] == "reviewer") {
$select_comments_query = "SELECT c.comment_id, DATE_FORMAT(c.comment_creation_date, '%b %e')
FROM a5p2_comments c, a5p2_reviews r
WHERE r.review_id = c.review_id AND r.review_id = ".$_SESSION['comment_row']."";
$select_comments_result = $mysqli->query($select_comments_query);
}
if(isset($_POST['submit'])) {
if(empty($_POST['comment'])) {
print "<span class='error'>Insert text!</span>";
} else {
$insert_comment_query = "INSERT INTO a5p2_comments(comment)
VALUES ('".$_POST['comment'].
$_SESSION['comment_row']."')";
$mysqli->query($insert_comment_query);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Review.php</title>
<style type="text/css">@import url('css/styles.css');</style>
</head>
<body>
<p>Comments for <?php print $_SESSION['comment_row']; ?></p>
<table border="1">
<tr>
<td>Comment</td>
<td>Creation Date</td>
</tr>
<?php
while($row = $select_comments_result->fetch_object()) {
print "<tr>";
print "<td>".$row->comment."</td>";
print "<td>".$row->comment_creation_date."</td>";
print "</tr>";
}
?>
<form method="post" action="">
<label for="comment">Comment</label>
<input name="comment" id="comment" type="text" /><br />
<input name="submit" id="submit" type="submit" value="Submit Comment" />
</form>
</body>
</html>
<?php $mysqli->close(); ?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment