Skip to content

Instantly share code, notes, and snippets.

@mocavada mocavada/index.html
Created Dec 18, 2017

Embed
What would you like to do?
MySQL
<?php
// load configuration settings
require( 'includes/config.inc.php' );
// load helpful functions into memory
require( 'includes/functions.inc.php' );
// check login status
$logged_in = false;
if( !$logged_in and ( !isset( $_GET[ 'login' ] ) ) ){
redirect( '?login' );
}
// connect to mysql server
$db = mysqli_connect( DB_HOST, DB_USER, DB_PASSWORD, DB_NAME )
or die( mysqli_connect_error() );
$errors = array();
// login attempt handler
if( isset( $_POST[ 'email' ] ) ){
$email = sanitize( $db, $_POST[ 'email' ] );
// is there an email
if( !filter_var( $email, FILTER_VALIDATE_EMAIL ) ){
$errors[ 'email' ]
= '<p class="error">Please enter a valid email address.</p>';
}
// is there a password
if( strlen( $_POST[ 'password' ] ) < 1 ){
$errors[ 'password' ]
= '<p class="error">Please enter your password.</p>';
}
if( count( $errors ) == 0 ){
// retrieve user record matching entered email
$query = "SELECT id, password FROM todo_users
WHERE email='$email' LIMIT 1";
$result = mysqli_query( $db, $query )
or die( mysqli_error( $db ) );
if( mysqli_num_rows( $result ) == 1 ){
// 1 record returned - user exists in our system
// the entered password is encrypted
$password = sha1( $_POST[ 'password' ] );
$row = mysqli_fetch_assoc( $result );
// compare entered password to stored password
if( strcmp( $password, $row[ 'password' ] ) == 0 ){
// match - log user in
echo '<h1>LOG IN SUCCESSFUL</h1>';
echo '<br>';
echo $_SERVER['REQUEST_URI'];
echo '<br>';
if( isset( $_GET[ 'login' ] ) ) {
echo 'IT IS NOT EMPTY';
}
exit();
header( 'Location: ' . $_SERVER[ 'PHP_SELF' ] );
} else {
// no match - reject login
$errors[ 'password' ]
= '<p class="error">The password was incorrect.</p>';
}
} else {
// 0 records returned - no such user, or incorrect email
$errors[ 'email' ]
= '<p class="error">No such email, please check your login.</p>';
}
}
}
// content creation handler
if( isset( $_POST[ 'task_name' ] ) ){
if( strlen( $_POST[ 'task_name' ] ) > 0 ){
// a new task was submitted
// clean up the input data
$task_name = sanitize( $db, $_POST[ 'task_name' ] );
if( is_numeric( $_POST[ 'edit_id' ] ) ){
$edit_id = sanitize( $db, $_POST[ 'edit_id' ] );
// we are editing an existing task
$query = "UPDATE todo_tasks SET task_name='$task_name'
WHERE id=$edit_id";
} else {
// not editing, so just insert a new task
$query = "INSERT INTO todo_tasks(task_name)
VALUES('$task_name')";
}
$result = mysqli_query( $db, $query )
or die( mysqli_error( $db ) );
// drop all from data
redirect();
}
}
// content deletion handler
if( isset( $_GET[ 'delete_id' ] ) ){
$delete_id = sanitize( $db, $_GET[ 'delete_id' ] );
if( is_numeric( $delete_id ) ){
$query = "DELETE FROM todo_tasks
WHERE id = $delete_id";
$result = mysqli_query( $db, $query )
or die( mysqli_error( $db ) );
// drop all from data
redirect();
}
}
// retrieve all existing tasks
$query = 'SELECT * FROM todo_tasks
ORDER BY created_date DESC';
$result = mysqli_query( $db, $query )
or die( mysqli_error( $db ) );
// load and render the appropriate template
if( !isset( $_GET[ 'login' ] ) ){
include( 'includes/templates/main.tpl.php' );
} else {
include( 'includes/templates/login.tpl.php' );
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.