<?php
session_start();
require_once "db_credentials.php";
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PW, DB_NAME);
if (!$dbc) {
die("Database connection failed: " . mysqli_connect_error());
}
if (isset($_POST['login'])) {
$username = mysqli_real_escape_string($dbc, $_POST['username']);
$password = $_POST['password'];
$query = "SELECT id, password FROM Users WHERE username = '$username'";
$result = mysqli_query($dbc, $query);
if (mysqli_num_rows($result) === 1) {
$user = mysqli_fetch_assoc($result);
if (password_verify(md5($password), $user['password'])) {
$_SESSION['user_id'] = $user['id'];
} else {
$error = "Invalid credentials";
}
} else {
$error = "Invalid credentials";
}
}
if (isset($_GET['logout'])) {
session_destroy();
header("Location: cms.php");
exit();
}
if (!isset($_SESSION['user_id'])) {
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<h2>Login Page</h2>
<form action="cms.php" method="post">
<label>Username:</label>
<input type="text" name="username" required><br>
<label>Password:</label>
<input type="password" name="password" required><br>
<button type="submit" name="login">Login</button>
</form>
<?php if (isset($error)) echo '<p>' . $error . '</p>'; ?>
</body>
</html>
<?php
exit();
}
$selectedFile = "";
$fileContent = "";
$query = "SELECT pageName FROM Pages";
$result = mysqli_query($dbc, $query);
$pages = [];
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$pages[] = $row['pageName'];
}
mysqli_free_result($result);
} else {
die("Error fetching pages: " . mysqli_error($dbc));
}
if (!empty($_POST["file"])) {
$selectedFile = mysqli_real_escape_string($dbc, $_POST["file"]);
if (!in_array($selectedFile, $pages)) {
die("Invalid file selection.");
}
$query = "SELECT pageContent FROM Pages WHERE pageName = '$selectedFile'";
$result = mysqli_query($dbc, $query);
if ($result) {
$row = mysqli_fetch_assoc($result);
$fileContent = $row['pageContent'];
mysqli_free_result($result);
}
}
if (isset($_POST["save"]) && !empty($_POST["file"])) {
$selectedFile = mysqli_real_escape_string($dbc, $_POST["file"]);
$fileContent = mysqli_real_escape_string($dbc, $_POST["content"]);
if (!in_array($selectedFile, $pages)) {
die("Invalid file selection.");
}
$query = "UPDATE Pages SET pageContent = '$fileContent' WHERE pageName = '$selectedFile'";
if (mysqli_query($dbc, $query)) {
echo "<p>Page content saved successfully!</p>";
} else {
echo "<p>Error saving content: " . mysqli_error($dbc) . "</p>";
}
}
mysqli_close($dbc);
?>
<!DOCTYPE html>
<html>
<head>
<title>Simple CMS</title>
</head>
<body>
<h2>CMS Page</h2>
<p>Welcome to the CMS. <a href="cms.php?logout=1">Logout</a></p>
<form method="post">
<label>Choose a page:</label>
<select name="file">
<option value="">-- Select --</option>
<?php foreach ($pages as $page) { ?>
<option value="<?php echo htmlspecialchars($page); ?>" <?php if ($page == $selectedFile) echo "selected"; ?>>
<?php echo htmlspecialchars($page); ?>
</option>
<?php } ?>
</select>
<button type="submit" name="load">Load</button>
</form>
<?php if ($selectedFile) { ?>
<form method="post">
<input type="hidden" name="file" value="<?php echo htmlspecialchars($selectedFile); ?>">
<textarea name="content" rows="20" cols="80"><?php echo htmlspecialchars($fileContent, ENT_QUOTES, 'UTF-8'); ?></textarea><br>
<button type="submit" name="save">Save</button>
</form>
<?php } ?>
</body>
</html>