<?php
// Session Start + LINK variable ----------------------------------------------------------------------
session_start();
$LINK = mysqli_connect(
"127.0.0.1",
"janya763",
"vOOxhXUhWhgCPWFC",
"janya763"
);
// ---------------------------------------------------------------------------------------------------
$message = null;
// Login check ---------------------------------------------------------------------------------------
if (isset($_POST["login_data"])) {
$usernameTemp = $_POST["username"];
$password = $_POST["password"];
// query returns user with the name typed in
$stmt = mysqli_prepare($LINK, "SELECT AES_DECRYPT(passwd,'Pa\$\$w0rd')" .
"FROM NimaxLogin WHERE username LIKE ?");
$stmt->bind_param("s", $usernameTemp);
$stmt->execute();
$stmt->bind_result($databasePassword);
$stmt->fetch();
$stmt->close();
// checks if password is the same as the password in the database with a hash encryption
if ($password == $databasePassword && $databasePassword != "") {
$_SESSION["username"] = $usernameTemp;
}
}
// ---------------------------------------------------------------------------------------------------
// Entry adding --------------------------------------------------------------------------------------
if (isset($_POST["get_entry"])) {
$year = $_POST["year_input"];
$title = $_POST["title_input"];
$paragraph = $_POST["get_page"];
$work = -1;
if (isset($_POST["isWork"]))
$work = 1;
else
$work = 0;
$image = [];
$file = $_FILES["get_image"];
$query = "SELECT date FROM data";
$result = mysqli_query($LINK, $query);
$isInside = false;
while (($row = $result->fetch_assoc()) && !$isInside) {
if ($row["date"] == $year) {
$isInside = true;
}
}
if (!$isInside) {
for ($i = 0; $i < count($file["name"]); $i++) {
$fileName = $file["name"][$i];
$fileTmpName = $file["tmp_name"][$i];
$fileSize = $file["size"][$i];
$fileError = $file["error"][$i];
$fileType = $file["type"][$i];
$fileExt = explode(".", $fileName);
$fileActualExt = strtolower(end($fileExt));
$allowed = array("jpg", "png", "jpeg", "svg", "heic");
if (in_array($fileActualExt, $allowed)) {
if ($fileError === 0) {
$fileNameNew = uniqid("", true) . "." . $fileActualExt;
$fileDestination = "../Images/" . $fileNameNew;
$image += [substr($fileDestination, 3)];
move_uploaded_file($fileTmpName, $fileDestination);
$message = "The image upload was successsful!";
} else {
$message = "There was an error uploading your file! Try again.";
}
} else {
$message = "Error, cannot upload this file. (Wrong Extension)";
}
}
$title_json = mysqli_real_escape_string(
$LINK,
json_encode($title)
);
$paragraph_json = mysqli_real_escape_string(
$LINK,
json_encode($paragraph)
);
$image_json = mysqli_real_escape_string(
$LINK,
json_encode($image)
);
$stmt = $LINK->prepare("INSERT INTO data (date, title, text, images, work, music) VALUES (?, ?, ?, ?, ?, ?)");
$title_json = json_encode($title);
$paragraph_json = json_encode($paragraph);
$image_json = json_encode($image);
$stmt->bind_param("ssssss", $year, $title_json, $paragraph_json, $image_json, $work, $music);
$stmt->execute();
$stmt->close();
}
}
// ---------------------------------------------------------------------------------------------------
// Checks if the editbutton is set -------------------------------------------------------------------
if (isset($_GET["deleteButton"])) {
$query = "DELETE FROM data WHERE date LIKE '" . $_GET["deleteButton"] . "';";
$toDelete = mysqli_query($LINK, $query);
}
if (isset($_GET["editButton"])) {
header("Location: edit.php?date=" . $_GET["editButton"]);
}
// ---------------------------------------------------------------------------------------------------
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Nimax - CMS</title>
<link rel="stylesheet" href="../Styles/newstyle.css">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link
href="https://fonts.googleapis.com/css2?family=Host+Grotesk:ital,wght@0,300..800;1,300..800&family=IBM+Plex+Mono:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;1,100;1,200;1,300;1,400;1,500;1,600;1,700&display=swap"
rel="stylesheet">
<script src="https://code.jquery.com/jquery-3.7.1.min.js"
integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
<script src="https://kit.fontawesome.com/2fe7e211fb.js" crossorigin="anonymous"></script>
</head>
<body>
<?php
if (session_status() == PHP_SESSION_ACTIVE && !isset($_SESSION["username"])) {
?>
<div class="login_overlay">
<?php
include "login.php";
?>
</div>
<?php
} else {
?>
<section id="sidePanel">
<h1 id="welcomeHeading">Welcome back, <?= $_SESSION["username"] ?>.</h1>
<button id="addButton" onclick="addTab()">Add new Date</button>
<button id="viewEntriesButton" onclick="viewEntries()">View Entries</button>
<form action="logout.php" id="logoutButton">
<button type="submit">Logout</button>
</form>
</section>
<main>
<div id="overlay">
<form action="cms.php" method="GET" id="delForm">
<div id="askTab">
<h2>Are you sure?</h2>
<div id="buttonDiv">
<button class="askButton" id="noButton" onclick="closeAsk()">NO</button>
<button class="askButton" onclick="closeAsk()" name="deleteButton" id="deleteButton"
type="submit">YES</button>
</div>
</div>
</form>
</div>
<div id="addTab">
<h1>Add new Entry</h1>
<form action="cms.php" id="form" method="POST" enctype="multipart/form-data">
<!-- TO DO, implement the select from the years -->
<div id="date_container">
<label for="year_input" id="yearLabel">Years: </label>
<input type="text" name="year_input" id="year_input" required>
</div>
<div id="heading_container">
<div class="upperLayer">
<label id="hdLabel">Headings: </label>
<button class="deleteInput" type="button" onclick="removeHeadings()">-</button>
<button class="addInput" type="button" onclick="addHeadings()">+</button>
</div>
<div id="heading_input"></div>
</div>
<div id="paragraph_container">
<div class="upperLayer">
<label id="pgLabel">Paragraphs: <span id="count">1 </span></label>
<button class="deleteInput" type="button" onclick="removeParagraph()">-</button>
<button class="addInput" type="button" onclick="addParagraph()">+</button>
</div>
<div id="paragraph_textareas"></div>
</div>
<div id="image_container">
<div class="upperLayer">
<label id="addImLabel">Add Image: </label>
<button class="deleteInput" type="button" onclick="removeImage()">-</button>
<button class="addInput" type="button" onclick="addImage()">+</button>
</div>
<div id="file_input"></div>
</div>
<div id="music_container">
<label for="get_music" id="addMusLabel">Add Music: </label>
<input type="file" name="get_music" id="get_music">
</div>
<div id="work_container">
<input type="checkbox" id="isWork" name="isWork" value="isWork">
<label for="isWork">Add to work tab?</label><br>
</div>
<!-- Add a description container for all the images -->
<input id="get_entry" name="get_entry" type="submit" value="Add new Entry">
</form>
</div>
<div id="viewEntries">
<h1>Data - NIMAX</h1>
<div id="year_case">
<?php
$result = mysqli_query($LINK, "SELECT date FROM data");
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
?>
<div class="year_content">
<p><?= $row["date"] ?></p>
<form action="cms.php" method="GET">
<button class="deleteButton_bef" type="button" onclick="askFunction(<?= $row['date'] ?>)"><i
class="fa-solid fa-trash"></i></button>
<button class="editButton" name="editButton" type="submit" value=<?= $row["date"] ?>><i
class="fa-solid fa-pen"></i>
Edit</button>
</form>
</div>
<?php
}
}
?>
</div>
</div>
</main>
<?php
}
?>
<script src="../Scripts/cmscript.js">
</script>
<?php
if (isset($message)) {
echo "<script>openPanel(" . json_encode($message) . ");</script>";
$message = null;
}
?>
</body>
</html>