<?php
session_start();
require_once "includes/db_credentials.php";
// Database Connection
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PW, DB_NAME);
if (!$dbc) {
die("Database connection failed: " . mysqli_connect_error());
}
// Handle Logout
if (isset($_GET['logout'])) {
session_destroy();
header("Location: cms.php");
exit();
}
// Login Handling
$error = "";
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT idUser, tdPassword FROM User WHERE tdUsername = ?";
$stmt = mysqli_prepare($dbc, $query);
if ($stmt) {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($result && mysqli_num_rows($result) === 1) {
$user = mysqli_fetch_assoc($result);
if (md5($password) === $user['tdPassword']) { // Consider using password_hash() for better security
$_SESSION['user_id'] = $user['idUser'];
header("Location: cms.php");
exit();
} else {
$error = "Invalid credentials";
}
} else {
$error = "Invalid credentials";
}
mysqli_stmt_close($stmt);
} else {
$error = "Database error";
}
}
// If not logged in, show login form
if (!isset($_SESSION['user_id'])) {
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<h2>Login</h2>
<form action="cms.php" method="post">
<label>Username:</label>
<input type="text" name="username" required><br>
<label>Password:</label>
<input type="password" name="password" required><br>
<button type="submit" name="login">Login</button>
</form>
<?php if (!empty($error)) { echo "<p>$error</p>"; } ?>
</body>
</html>
<?php
exit();
}
// CMS Functionality
$selectedFile = "";
$fileContent = "";
$pages = [];
// Fetch available pages
$query = "SELECT pageName FROM Pages";
$result = mysqli_query($dbc, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$pages[] = $row['pageName'];
}
mysqli_free_result($result);
} else {
die("Error fetching pages: " . mysqli_error($dbc));
}
// Load page content
if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["file"])) {
$selectedFile = mysqli_real_escape_string($dbc, $_POST["file"]);
if (!in_array($selectedFile, $pages)) {
die("Invalid file selection.");
}
$query = "SELECT pageContent FROM Pages WHERE pageName = ?";
$stmt = mysqli_prepare($dbc, $query);
mysqli_stmt_bind_param($stmt, "s", $selectedFile);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($result) {
$row = mysqli_fetch_assoc($result);
$fileContent = $row['pageContent'];
mysqli_free_result($result);
}
}
// Save page content
if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["save"])) {
$selectedFile = mysqli_real_escape_string($dbc, $_POST["file"]);
$fileContent = mysqli_real_escape_string($dbc, $_POST["content"]);
if (!in_array($selectedFile, $pages)) {
die("Invalid file selection.");
}
$query = "UPDATE Pages SET pageContent = ? WHERE pageName = ?";
$stmt = mysqli_prepare($dbc, $query);
mysqli_stmt_bind_param($stmt, "ss", $fileContent, $selectedFile);
if (mysqli_stmt_execute($stmt)) {
$message = "Page content saved successfully!";
} else {
$message = "Error saving content: " . mysqli_error($dbc);
}
mysqli_stmt_close($stmt);
}
// Close database connection
mysqli_close($dbc);
?>
<!DOCTYPE html>
<html>
<head>
<title>Simple CMS</title>
</head>
<body>
<h2>CMS Page</h2>
<p>Welcome to the CMS. <a href="cms.php?logout=1">Logout</a></p>
<!-- Page Selection -->
<form method="post">
<label>Choose a page:</label>
<select name="file">
<option value="">-- Select --</option>
<?php foreach ($pages as $page) { ?>
<option value="<?php echo htmlspecialchars($page); ?>" <?php if ($page == $selectedFile) echo "selected"; ?>>
<?php echo htmlspecialchars($page); ?>
</option>
<?php } ?>
</select>
<button type="submit">Load</button>
</form>
<!-- Page Editor -->
<?php if (!empty($selectedFile)) { ?>
<form method="post">
<input type="hidden" name="file" value="<?php echo htmlspecialchars($selectedFile); ?>">
<textarea name="content" rows="20" cols="80"><?php echo htmlspecialchars($fileContent); ?></textarea><br>
<button type="submit" name="save">Save</button>
</form>
<?php if (!empty($message)) echo "<p>$message</p>"; ?>
<?php } ?>
</body>
</html>