<?php
$LINK = mysqli_connect('127.0.0.1','pisjo950','vjPRjFTxDVIoG7)t','pisjo950');
//Error display
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
session_name("cms");
session_start();
session_destroy();
//logout button
if(isset($_POST['logout']))
{
unset($_SESSION['password']);
unset($_SESSION['username']);
// session_destroy();
//not necessary to destroy all the items in my session
}
if(isset($_POST['login']))
{
$username=$_POST['email'];
$password=$_POST['password'];
//$hashPassword=md5($password);
//use prepared statements -> no SQL injection possible
$statement = $LINK->prepare("SELECT email, password
FROM CineUser
WHERE email= ?");
//s-->string, string,int,string --> sis
//i--integer
$statement->bind_param('s', $username);
$statement->execute();
//removed mysqli_query($LINK, $query), not user friendly
$result =$statement->get_result();
//check if the entered user was found, and the statement was successful
if($result->num_rows>0)
{
//echo "Query has succeeded";
//in row we save the result from our DB
$row=mysqli_fetch_array($result);
if($row)
{
// echo "We hare here 1";
if($row['email']==$username && $row['password']==md5($password))
{
//echo "We hare here 2";
//echo "You are logged in";
$_SESSION['username'] = $_POST['email'];//when all was correct put it into session
$_SESSION['password'] = $_POST['password'];
// var_dump($_SESSION);
}
}
else
{
echo "wrong username or password";
}
}
else
{
echo "Query has failed";
}
}
if(!isset($_SESSION['username']))
{
?>
<form id="form" method="POST">
<p>Login:</p>
<input type="text" name="email"></input>
<p>Password:</p>
<input type="password" name="password"></input><br><br>
<button type="submit" name="login">Login</button>
</form>
<?php
}
//show logout button when no session username
if(isset($_SESSION['username']))
{
?>
<!-- Logout Button -->
<form action="cms.php" method="POST">
<button type="submit" name="logout">Logout</button>
</form>
<?php
}
//check the databank pages that exist
$query="SELECT *
FROM pages";
$result = mysqli_query($LINK, $query);
$files=[];
// define the pages
for($i=0;$i<mysqli_num_rows($result);$i++)
{
$row=mysqli_fetch_array($result);
$files[]=$row['pagename'];
}
if(!isset($_POST['DATA_page']))
{
$_POST['DATA_page']=$files[0] ?? '';
}
// check if no page has been selected, when no one is selected show first
if(!in_array($_POST['DATA_page'],$files))
$_POST['DATA_page']=$files[0];
//save on this point
if(isset($_POST['BUTTON_save']))
{
//take the new content we just entered
$newContent = mysqli_real_escape_string($LINK, $_POST['DATA_content']);
//update the DB in here
$updateQuery ="UPDATE pages
SET content = '$newContent'
WHERE pagename = '".$_POST['DATA_page']."'";
$result = mysqli_query($LINK, $updateQuery);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>CMS</title>
</head>
<body>
<?php
if(isset($_SESSION['username']))
{
$title = "This is my CMS";
$description = "This is the description of my CMS";
echo "<h1>$title</h1>";
echo "<p>$description</p>";
?>
<!-- display dropdown menu with pages inside, to edit pages -->
<form id="form" method="POST">
<nav>
<select name="DATA_page" onchange="document.getElementById('form').submit();">
<?php
// display the select box
foreach($files as $file)
{
echo '<option';
// select the actual page
if($_POST['DATA_page'] == $file)
echo ' selected="selected"';
echo '>'.$file.'</option>';
}
?>
</select>
</nav>
<!-- <button type="submit" name="BUTTON_edit">Edit</button> -->
<div id="main">
<?php
//get the page we wanted first and display it
$query="SELECT content
FROM pages
WHERE pagename = '".$_POST['DATA_page']."'";
$result = mysqli_query($LINK, $query);
$row=mysqli_fetch_array($result);
$content = $row['content'] ?? 'No content available';
?>
<textarea name="DATA_content" cols="30" rows="10"><?php echo $content ?></textarea>
<br>
<button type="submit" name="BUTTON_save">Save</button>
</div>
</form>
<?php
}
?>
</body>
</html>