<?php
$LINK = mysqli_connect('127.0.0.1','pisjo950','vjPRjFTxDVIoG7)t','pisjo950');
//Error display
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
session_name("cms");
session_start();
//logout button
if(isset($_POST['logout']))
{
unset($_SESSION['password']);
unset($_SESSION['username']);
// session_destroy();
//not necessary to destroy all the items in my session
}
if(isset($_POST['login']))
{
$username=$_POST['Username'];
$password=$_POST['Password'];
//$hashPassword=md5($password);
//use prepared statements -> no SQL injection possible
$statement = $LINK->prepare("SELECT Username, Password
FROM User
WHERE Username= ?");
//s-->string, string,int,string --> sis
//i--integer
$statement->bind_param('s', $username);
$statement->execute();
//removed mysqli_query($LINK, $query), not user friendly
$result =$statement->get_result();
//check if the entered user was found, and the statement was successful
if($result->num_rows>0)
{
// echo "Query has succeeded";
//in row we save the result from our DB
$row=mysqli_fetch_array($result);
if($row)
{
if($row['Username']==$username && $row['Password']==md5($password))
{
//echo "You are logged in";
$_SESSION['username'] = $_POST['Username'];//when all was correct put it into session
$_SESSION['password'] = $_POST['Password'];
// var_dump($_SESSION);
}
}
else
{
echo "wrong username or password";
}
}
else
{
echo "Query has failed";
}
}
?>
<!-- Logout Button -->
<form action="index.php" method="POST">
<button type="submit" name="logout">Main Page</button>
</form>
<?php
if(!isset($_SESSION['username']))
{
?>
<form id="form" method="POST">
<p>Login:</p>
<input type="text" name="Username"></input>
<p>Password:</p>
<input type="password" name="Password"></input><br><br>
<button type="submit" name="login">Login</button>
</form>
<?php
}
//show logout button when no session username
if(isset($_SESSION['username']))
{
?>
<!-- Logout Button -->
<form action="cms.php" method="POST">
<button type="submit" name="logout">Logout</button>
</form>
<?php
}
//check the databank pages that exist
$query="SELECT *
FROM pages";
$result = mysqli_query($LINK, $query);
$files=[];
// define the pages
for($i=0;$i<mysqli_num_rows($result);$i++)
{
$row=mysqli_fetch_array($result);
$files[]=$row['pagename'];
}
if(!isset($_POST['DATA_page']))
{
$_POST['DATA_page']=$files[0] ?? '';
}
// check if no page has been selected, when no one is selected show first
if(!in_array($_POST['DATA_page'],$files))
$_POST['DATA_page']=$files[0];
//save on this point
if(isset($_POST['BUTTON_save']))
{
//take the new content we just entered
//$newContent = mysqli_real_escape_string($LINK, $_POST['DATA_content']);
$category=$_POST['category'];
$title=$_POST['title'];
$description=$_POST['description'];
$year=$_POST['year'];
//$image=$_POST['picture'];
$date=date("Y-m-d H:i:s");
// Handle the image upload
if (isset($_FILES['picture']) && $_FILES['picture']['error'] == 0) {
$uploadDir = 'Images/';
$imageName = basename($_FILES['picture']['name']);
$targetPath = $uploadDir . $imageName;
// Optional: only allow certain file types
$allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];
if (in_array($_FILES['picture']['type'], $allowedTypes)) {
// Move the uploaded file
if (move_uploaded_file($_FILES['picture']['tmp_name'], $targetPath)) {
// Insert into the correct table based on category
$stmt = $LINK->prepare("INSERT INTO $category (title, year, description, picture,uploadDate) VALUES (?, ?, ?, ?,?)");
$stmt->bind_param("sisss", $title, $year, $description, $imageName,$date);
if ($stmt->execute()) {
echo "<p>Saved successfully!</p>";
} else {
echo "<p>Error saving to database: " . $stmt->error . "</p>";
}
} else {
echo "<p>Failed to move uploaded image.</p>";
}
} else {
echo "<p>Invalid file type.</p>";
}
} else {
echo "<p>No image uploaded or upload error.</p>";
}
//$result = mysqli_query($LINK, $statement1);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>CMS</title>
</head>
<body>
<?php
if(isset($_SESSION['username']))
{
$title = "This is my CMS for the Nimax project";
$description = "Here you can add Elements to the DB";
echo "<h1>$title</h1>";
echo "<p>$description</p>";
?>
<!-- display dropdown menu with pages inside, to edit pages -->
<form id="form" method="POST" enctype="multipart/form-data">
<nav>
<select name="category">
<option value="Enfance">Line 1</option>
<option value="Adolescence">Line 2</option>
<option value="Oeuvres">Line 3</option>
<option value="Prix">Line 4</option>
</select>
</nav>
<br>
<br>
<!-- <button type="submit" name="BUTTON_edit">Edit</button> -->
<div id="main">
<table>
<tr>
<td>
<label>Title: </label>
<input type="text" name="title">
</td>
</tr>
<tr>
<td>
<label>Year:</label>
<input type="number" name="year">
</td>
</tr>
<tr>
<td>
<label>Description:</label>
<input type="text" name="description" style="height:70px;width=200px">
</td>
</tr>
<tr>
<td>
<label for="text">Image: </label>
<input type="file" name="picture">
</td>
</tr>
</table>
<button type="submit" name="BUTTON_save">Save</button>
</div>
</form>
<?php
//ADOLESCENCE EDIT
$statementAdo = $LINK->prepare("SELECT *
FROM Adolescence");
$statementAdo->execute();
$resultAdo =$statementAdo->get_result();
$rowAdo=mysqli_fetch_array($result);
//ENFANCE EDIT
$statementEnf = $LINK->prepare("SELECT *
FROM Enfance");
$statementEnf->execute();
$resultEnf = $statementEnf->get_result();
$rowEnf=mysqli_fetch_array($result);
//PRIX EDIT
$statementPrix = $LINK->prepare("SELECT *
FROM Prix");
$statementPrix->execute();
$resultPrix = $statementPrix->get_result();
$rowPrix=mysqli_fetch_array($result);
//OEUVRES EDIT
$statementOeu = $LINK->prepare("SELECT *
FROM Oeuvres");
$statementOeu->execute();
$resultOeu = $statementOeu->get_result();
$rowOeu=mysqli_fetch_array($result);
?>
<br>
<br>
<h2>Edit Entry's</h2>
<div>
<!-- Enfance -->
<h3>Line 1</h3>
<form method="POST" action="update_enfance.php" enctype="multipart/form-data">
<table>
<thead>
<th>Title</th>
<th>Description</th>
<th>Year</th>
<th>Image</th>
<th>Upload Date</th>
</thead>
<tbody>
<?php while ($rowEnf = $resultEnf->fetch_assoc()) { ?>
<tr>
<!-- <td><input type="hidden" name="id" value="<?= $rowEnf['id'] ?>"><?= $rowEnf['id'] ?></td> -->
<td><input type="text" name="title[<?= $rowEnf['id'] ?>]" value="<?= $rowEnf['title'] ?>"></td>
<td><input type="text" name="description[<?= $rowEnf['id'] ?>]" value="<?= $rowEnf['description'] ?>"></td>
<td><input type="number" name="year[<?= $rowEnf['id'] ?>]" value="<?= $rowEnf['year'] ?>"></td>
<td>
<input type="file" name="picture[<?= $rowEnf['id'] ?>]">
</td>
<td><input type="text" name="uploadDate[<?= $rowEnf['id'] ?>]" value="<?= $rowEnf['uploadDate'] ?>" disabled></td>
<td><button type="submit" name="update_id" value="<?= $rowEnf['id'] ?>">Update</button></td>
<td><button type="submit" name="remove_id" value="<?= $rowEnf['id'] ?>" onclick="return confirm('Are you sure you want to delete this entry?')">Remove</button></td>
</tr>
<?php } ?>
</tbody>
</table>
</form>
<!-- Adoles -->
<h3>Line 2</h3>
<form method="POST" action="update_adolescence.php" enctype="multipart/form-data">
<table>
<thead>
<th>Title</th>
<th>Description</th>
<th>Year</th>
<th>Image</th>
<th>Upload Date</th>
</thead>
<tbody>
<?php while ($rowAdo = $resultAdo->fetch_assoc()) { ?>
<tr>
<!-- <td><input type="hidden" name="id[]" value="<?= $rowAdo['id'] ?>"><?= $rowAdo['id'] ?></td> -->
<td><input type="text" name="title[<?= $rowAdo['id'] ?>]" value="<?= $rowAdo['title'] ?>"></td>
<td><input type="text" name="description[<?= $rowAdo['id'] ?>]" value="<?= $rowAdo['description'] ?>"></td>
<td><input type="number" name="year[<?= $rowAdo['id'] ?>]" value="<?= $rowAdo['year'] ?>"></td>
<td>
<input type="file" name="picture[<?= $rowAdo['id'] ?>]">
</td>
<td><input type="text" name="uploadDate[<?= $rowAdo['id'] ?>]" value="<?= $rowAdo['uploadDate'] ?>" disabled></td>
<td><button type="submit" name="update_id" value="<?= $rowAdo['id'] ?>">Update</button></td>
<td><button type="submit" name="remove_id" value="<?= $rowAdo['id'] ?>" onclick="return confirm('Are you sure you want to delete this entry?')">Remove</button></td>
</tr>
<?php } ?>
</tbody>
</table>
</form>
<!-- Oeuvres -->
<h3>Line 3</h3>
<form method="POST" action="update_oeuvres.php" enctype="multipart/form-data">
<table>
<thead>
<th>Title</th>
<th>Description</th>
<th>Year</th>
<th>Image</th>
<th>Upload Date</th>
</thead>
<tbody>
<?php while ($rowOeu = $resultOeu->fetch_assoc()) { ?>
<tr>
<!-- <td><input type="hidden" name="id[]" value="<?= $rowOeu['id'] ?>"><?= $rowOeu['id'] ?></td> -->
<td><input type="text" name="title[<?= $rowOeu['id'] ?>]" value="<?= $rowOeu['title'] ?>"></td>
<td><input type="text" name="description[<?= $rowOeu['id'] ?>]" value="<?= $rowOeu['description'] ?>"></td>
<td><input type="number" name="year[<?= $rowOeu['id'] ?>]" value="<?= $rowOeu['year'] ?>"></td>
<td>
<input type="file" name="picture[<?= $rowOeu['id'] ?>]">
</td>
<td><input type="text" name="uploadDate[<?= $rowOeu['id'] ?>]" value="<?= $rowOeu['uploadDate'] ?>" disabled></td>
<td><button type="submit" name="update_id" value="<?= $rowOeu['id'] ?>">Update</button></td>
<td><button type="submit" name="remove_id" value="<?= $rowOeu['id'] ?>" onclick="return confirm('Are you sure you want to delete this entry?')">Remove</button></td>
</tr>
<?php } ?>
</tbody>
</table>
</form>
<!-- Prix -->
<h3>Line 4</h3>
<form method="POST" action="update_prix.php" enctype="multipart/form-data">
<table>
<thead>
<th>Title</th>
<th>Description</th>
<th>Year</th>
<th>Image</th>
<th>Upload Date</th>
</thead>
<tbody>
<?php while ($rowPrix = $resultPrix->fetch_assoc()) { ?>
<tr>
<!-- <td><input type="hidden" name="id[<?= $rowPrix['id'] ?>]" value="<?= $rowPrix['id'] ?>"><?= $rowPrix['id'] ?></td> -->
<td><input type="text" name="title[<?= $rowPrix['id'] ?>]" value="<?= $rowPrix['title'] ?>"></td>
<td><input type="text" name="description[<?= $rowPrix['id'] ?>]" value="<?= $rowPrix['description'] ?>"></td>
<td><input type="number" name="year[<?= $rowPrix['id'] ?>]" value="<?= $rowPrix['year'] ?>"></td>
<td>
<input type="file" name="picture[<?= $rowPrix['id'] ?>]">
</td>
<td><input type="text" name="uploadDate[<?= $rowPrix['id'] ?>]" value="<?= $rowPrix['uploadDate'] ?>" disabled></td>
<td><button type="submit" name="update_id" value="<?= $rowPrix['id'] ?>">Update</button></td>
<td><button type="submit" name="remove_id" value="<?= $rowPrix['id'] ?>" onclick="return confirm('Are you sure you want to delete this entry?')">Remove</button></td>
</tr>
<?php } ?>
</tbody>
</table>
</form>
</div>
<?php
}
?>
</body>
</html>