|
|
(6 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
| ==Config== | | ==Operating systems basic terms and introduction== |
| <source lang="php">
| | ===Tasks of the kernel, operating system, RAM, processor etc=== |
| <?php
| | Applications use the kernel to connect to computer system resources (CPU; memory and devices). It manages input/output requests from software, translating them into data processing instructions for the central processing unit. It is also responsible for managing memory, and for managing and communicating with computing peripherals, like printers, speakers, etc. It is crucial part of the operating system. |
| //Specific configuration
| |
| define("DB_SERVER", "localhost");
| |
| define("DB_USER", "root");
| |
| define("DB_PASS", "student");
| |
| define("DB_NAME", "webshop");
| |
| ?>
| |
| </source>
| |
|
| |
|
| ==PDO server connection==
| | Tasks: |
| <source lang="php">
| | *CPU time planning |
| <?php
| | **Real time vs Package processing |
| try {
| | **Syncing |
| $conn = new PDO('mysql:host='.DB_SERVER.';dbname='.DB_NAME.';charset=utf8', DB_USER, DB_PASS);
| | **Multitasking with multiple CPUs |
| // set the PDO error mode to exception
| | *Memory management |
| $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
| | **MMU - memory management unit |
| //echo "Connected successfully";
| | **Cache and swap |
| }
| | *I/O management |
| catch(PDOException $e)
| | **Syncronous |
| {
| | **Asyncronous |
| echo "Connection failed: " . $e->getMessage();
| | *File management |
| }
| | **Permissions |
| $conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
| | **File system hierarchy |
| ?>
| |
| </source>
| |
|
| |
|
| ==Header session start==
| |
| <source lang="html5">
| |
| <?php
| |
| // Set session variables
| |
| session_start();
| |
| if (!array_key_exists("cart", $_SESSION)) {
| |
| $_SESSION["cart"] = array();
| |
| // Here we store product -> count mapping
| |
| }
| |
| ?>
| |
|
| |
|
| <!DOCTYPE html>
| | An operating system (OS) is system software that manages computer hardware and software resources and provides common services for computer programs (API). |
| <html>
| | Tasks: |
| <head>
| | *Hardware management |
| <meta charset="utf-8"/>
| | **CPU time |
| <meta name="description" content="Etienne's webshop">
| | **Memory management |
| <meta name="viewport" content="width=device-width, initial-scale=1.0">
| | **Input/output management |
| <link rel="stylesheet" type="text/css" href="css/main.css">
| | **Network management |
| <title>Etienne's webshop</title>
| | *Computer system management |
| </head>
| | **Application management |
| | **Input/output device management |
| | **User authentication and authorization |
| | **Data management between devices |
|
| |
|
| <body>
| | ==User management== |
| </source>
| | ===What is authorization and authentication?=== |
| | | ===What is password salt and what is it used for?=== |
| ==Footer JSscript== | | ==Working with files and permissions== |
| <source lang="html5">
| | ===Explain the way why permissions are needed and how they are set for users=== |
| <script src="js/myJS.js"></script>
| | ===Explain special permissions=== |
| </body>
| | ==User environment== |
| | | ===What are user environment variables used for? Name two reasons=== |
| <footer>
| | ==Processes== |
| <div class="footer">
| | ===How to stream data between processes=== |
| <a href="http://www.itcollege.ee">itcollege.ee</a>
| | ===What are different type of processes (running, stopped, killed, zombie etc)=== |
| <p>For any question, please contact us!</p>
| | ===Different examples of how to benefit from sending signals between processes=== |
| </div>
| | ==Software management== |
| </footer>
| | ===Name various ways how to manage software in LInux=== |
| | | ===What are the pros and cons of Linux software management=== |
| </html>
| | ===What are software repositories?=== |
| </source>
| | ===What are libraries?=== |
| | | ==Filesystem hierarchy== |
| ==Log out - destroy session==
| | ===Explain the hierarchy according to FHS=== |
| <source lang="php">
| | ===Name specific folder meanings and usage=== |
| <?php
| | ==Documentation== |
| session_start();
| | ===Best practices of a good documentation=== |
| $_SESSION = array();
| | ===Why should we document?=== |
| if (ini_get("session.use_cookies")) {
| | ==Security== |
| $params = session_get_cookie_params();
| | ===List the different type of security breaches=== |
| setcookie(session_name(), '', time() - 42000,
| | ===What should the user/admin do to prevent the attack?=== |
| $params["path"], $params["domain"],
| | ==Partitioning and swap area== |
| $params["secure"], $params["httponly"]);
| | ===What are the primary, extended and logical partitions? What limitations are set with these partitions types?=== |
| }
| | ===When isn’t it a good idea to use swap area?=== |
| session_destroy();
| | ==RAID and LVM technologies== |
| //unset($_SESSION["userid"]);
| | ===Name main uses and features of both technologies=== |
| header("Location: index.php");
| | ==SAN, NAS and CAS technologies== |
| ?>
| | ===Name main uses and features of all the technologies=== |
| </source>
| | ==Backup and recovery== |
| | | ===Backup and recovery plans=== |
| ==Registration - Hash password==
| | ==Monitoring and log files== |
| <source lang="php">
| | ===Active and passive monitoring=== |
| <?php
| | ===Types of alerts=== |
| include "header.php";
| | ===Benefits of monitoring=== |
| require_once "config.php";
| | ===Centralized logs=== |
| include "dbconn.php";
| | ==Ethical, social and personal aspects of working in IT field== |
| | | ===Impostor syndrome, teamwork, burnout=== |
| if($_SERVER['REQUEST_METHOD'] != "POST") {
| |
| header("index.php");
| |
| }
| |
| | |
| $validFields = true;
| |
| | |
| if($_POST["username"] == null || preg_match("[\w.]{1,64}", $_POST["username"]) != 1) {
| |
| $validFields = false;
| |
| echo "<p>Your username is missing or invalid</p>";
| |
| }
| |
| | |
| if($_POST["email"] == null || preg_match("^[a-z0-9._%+-]+@(?:[a-z0-9-]+\.)+[a-z]{2,}$", $_POST["email"]) != 1) {
| |
| $validFields = false;
| |
| echo "<p>Your email is missing or invalid</p>";
| |
| }
| |
| | |
| if($_POST["password1"] == null || preg_match(".{8,256}", $_POST["password1"]) != 1 || $_POST["password1"] !== $_POST["password2"]) {
| |
| $validFields = false;
| |
| echo "<p>Your password is missing or invalid</p>";
| |
| }
| |
| | |
| if($_POST["firstname"] == null || preg_match("[-a-zA-z]{1,30}", $_POST["firstname"]) != 1) {
| |
| $validFields = false;
| |
| echo "<p>Your firstname is missing or invalid</p>";
| |
| }
| |
| | |
| if($_POST["lastname"] == null || preg_match("[-a-zA-z]{1,30}", $_POST["lastname"]) != 1) {
| |
| $validFields = false;
| |
| echo "<p>Your lastname is missing or invalid</p>";
| |
| }
| |
| | |
| if($validFields) {
| |
| //Statement to create user in DB
| |
| $statement = $conn->prepare(
| |
| "INSERT INTO `user` (
| |
| `username`,
| |
| `email`,
| |
| `password`,
| |
| `fname`,
| |
| `lname`)
| |
| VALUES (:username, :email, :hashed_password, :firstname, :lastname)"); //the :arguments will be replaced below
| |
| | |
| if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error); //check if an error happens
| |
| | |
| //We bind all the parameters
| |
| $statement->bindParam(':username', $_POST["username"]);
| |
| $statement->bindParam(':email', $_POST["email"]);
| |
| $statement->bindParam(':hashed_password', password_hash($_POST["password"], PASSWORD_DEFAULT));
| |
| $statement->bindParam(':firstname', $_POST["firstname"]);
| |
| $statement->bindParam(':lastname', $_POST["lastname"]);
| |
| | |
| //We execute the statement to create user with POST values
| |
| if ($statement->execute()) {
| |
| echo "Registration successful. Thank you! <br> <a href=\"index.php\">Go back to main page</a>";
| |
| } else {
| |
| if ($statement->errorCode() == 1062) {
| |
| //This is result in 200 OK
| |
| echo "This e-mail or username is already registered";
| |
| } else {
| |
| //This will result in 500 internal server error
| |
| die("Execute failed: (" . $statement->errorCode() . ") " . $statement->errorInfo()); //check if an error happens
| |
| }
| |
| }
| |
| }
| |
| ?>
| |
| </source>
| |
| | |
| ==Log in - Check password==
| |
| <source lang="php">
| |
| //function to check if the email or username provided match the password
| |
| function checkCredentials($dbFieldToCheck, $conn, $username, $password) {
| |
| $statement = $conn->prepare("
| |
| SELECT id, password
| |
| FROM user
| |
| WHERE ".$dbFieldToCheck." = :credential");
| |
| if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
| |
| $statement->bindParam(':credential', $username);
| |
| if (!$statement->execute()) die("Execute failed: (" . $statement->errorCode() . ") " . $statement->errorInfo());
| |
| $row = $statement->fetch(PDO::FETCH_ASSOC);
| |
| | |
| if(password_verify($password, $row["password"])) {
| |
| return $row["id"];
| |
| }
| |
| return false;
| |
| }
| |
| | |
| //we call the function above twice (for email and for username)
| |
| $row1 = checkCredentials('email', $conn, $_POST["username/email"], $_POST["password"]);
| |
| $row2 = checkCredentials('username', $conn, $_POST["username/email"], $_POST["password"]);
| |
| | |
| //if one of the function calls above is succesful, user is logged in, otherwise we ask him to try again or to sign up
| |
| if($row1) { //if the key-value pair user_id-password exists
| |
| $_SESSION["userid"] = $row1; // This just stores user row number
| |
| header('Location:'.$_SERVER['HTTP_REFERER']); //This will redirect back to index.php
| |
| } elseif($row2) {
| |
| $_SESSION["userid"] = $row2;
| |
| header('Location:'.$_SERVER['HTTP_REFERER']);
| |
| } else { ?>
| |
| <p>It looks like you are not known sorry. Please <a href="registration.php">sign up</a> to enjoy our services or go back to <a href="index.php">main page</a>.</p>
| |
| </source>
| |
| | |
| ==Form validation== | |
| <source lang="html5">
| |
| <div class="content">
| |
| <h2>Create your account</h2>
| |
| | |
| <form method="post" action="regsubmit.php">
| |
| <div>
| |
| <label for="username">Username</label>
| |
| <input type="text"
| |
| name="username"
| |
| id="username"
| |
| pattern="[\w\.]{1,64}"
| |
| placeholder="your username"
| |
| title="Numbers, letters (case sensitive), underscore and dot are allowed. 64 characters max" required/>
| |
| </div>
| |
| | |
| <div>
| |
| <label for="email">E-mail</label>
| |
| <input type="email"
| |
| name="email"
| |
| id="email"
| |
| placeholder="your email" required/>
| |
| </div>
| |
| | |
| <div>
| |
| <label for="password1">Password</label>
| |
| <input type="password"
| |
| name="password1"
| |
| id="password1"
| |
| pattern=".{8,256}"
| |
| placeholder="type a password"
| |
| title="8 characters minimum" required/>
| |
| </div>
| |
| | |
| <div>
| |
| <label for="password2">Repeat password</label>
| |
| <input type="password"
| |
| name="password2"
| |
| id="password2"
| |
| onkeyup="checkPass(); return false;"
| |
| placeholder="retype your password"
| |
| pattern=".{8,256}" required/>
| |
| <span id="confirmMessage" class="confirmMessage"></span>
| |
| </div>
| |
| | |
| <div>
| |
| <label for="firstname">First-name</label>
| |
| <input type="text"
| |
| name="firstname"
| |
| id="firstname"
| |
| pattern="[-a-zA-z]{1,30}"
| |
| placeholder="your firstname"
| |
| title="Only letters" required/>
| |
| </div>
| |
| | |
| <div>
| |
| <label for="lastname">Last-name</label>
| |
| <input type="text"
| |
| name="lastname"
| |
| id="lastname"
| |
| pattern="[-a-zA-z]{1,30}"
| |
| placeholder="your lastname"
| |
| title="Only letters" required/>
| |
| </div>
| |
| | |
| <div>
| |
| <input type="submit" value="Sign-up"/>
| |
| </div>
| |
|
| |
| </form>
| |
| | |
| <div id="backToMain">
| |
| <a href="index.php">Go back to main page</a>
| |
| </div>
| |
| </div>
| |
| </source>
| |
| | |
| ==Profile form== | |
| <source lang="html5">
| |
| if($_SESSION["userid"] != null && $_SERVER['REQUEST_METHOD'] == "POST") {
| |
| $statement0 = $conn->prepare("
| |
| UPDATE `user`
| |
| SET username=:username,
| |
| email=:email,
| |
| fname=:fname,
| |
| lname=:lname,
| |
| gender=:gender,
| |
| phonecode=:phonecode,
| |
| phonenum=:phonenum,
| |
| dob=:dob,
| |
| address=:address,
| |
| city=:city,
| |
| postal_code=:postalcode,
| |
| countryname=:countryname
| |
| WHERE id = :userid");
| |
| if (!$statement0) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
| |
| $statement0->bindParam(':username', $_POST["username"]);
| |
| $statement0->bindParam(':email', $_POST["email"]);
| |
| $statement0->bindParam(':fname', $_POST["firstname"]);
| |
| $statement0->bindParam(':lname', $_POST["lastname"]);
| |
| $statement0->bindParam(':gender', $_POST["gender"]);
| |
| $statement0->bindParam(':phonecode', $_POST["phonecode"]);
| |
| $statement0->bindParam(':phonenum', $_POST["phonenum"]);
| |
| $statement0->bindParam(':dob', $_POST["dob"]);
| |
| $statement0->bindParam(':address', $_POST["address"]);
| |
| $statement0->bindParam(':city', $_POST["city"]);
| |
| $statement0->bindParam(':postalcode', $_POST["postalcode"]);
| |
| $statement0->bindParam(':countryname', $_POST["country"]);
| |
| $statement0->bindParam(':userid', $_SESSION["userid"]);
| |
| if (!$statement0->execute()) die("Execute failed: (" . $statement->errorCode() . ") " . $statement->errorInfo());
| |
| } else {
| |
| header("index.php");
| |
| }
| |
| | |
| $statement1 = $conn->prepare("
| |
| SELECT username, email, fname, lname, gender, phonecode, phonenum,
| |
| dob, address, city, postal_code, countryname
| |
| FROM `user`
| |
| WHERE id = :userid");
| |
| if (!$statement1) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
| |
| $statement1->bindParam(':userid', $_SESSION["userid"]);
| |
| if (!$statement1->execute()) die("Execute failed: (" . $statement->errorCode() . ") " . $statement->errorInfo());
| |
| $row1 = $statement1->fetch(PDO::FETCH_ASSOC);
| |
| ?> | |
| | |
| <div class="content">
| |
| <h2>My profile</h2>
| |
| | |
| <form method="post">
| |
| <div>
| |
| <label for="username">Username</label>
| |
| <input type="text"
| |
| name="username"
| |
| id="username"
| |
| value="<?php echo $row1["username"];?>"
| |
| pattern="[\w\.]{1,64}"
| |
| placeholder="your username"
| |
| title="Numbers, letters (case sensitive), underscore and dot are allowed. 64 characters max" required/>
| |
| </div>
| |
| | |
| <div>
| |
| <label for="email">E-mail</label>
| |
| <input type="email"
| |
| name="email"
| |
| id="email"
| |
| value="<?php echo $row1["email"];?>"
| |
| placeholder="your email" required/>
| |
| </div>
| |
| | |
| <div>
| |
| <label for="firstname">First name</label>
| |
| <input type="text"
| |
| name="firstname"
| |
| id="firstname"
| |
| value="<?php echo $row1["fname"];?>"
| |
| pattern="[-a-zA-z]{1,30}"
| |
| title="Only letters"
| |
| placeholder="your first name" required/>
| |
| </div>
| |
| | |
| <div>
| |
| <label for="lastname">Last name</label>
| |
| <input type="text"
| |
| name="lastname"
| |
| id="lastname"
| |
| value="<?php echo $row1["lname"];?>"
| |
| pattern="[-a-zA-z]{1,30}"
| |
| title="Only letters"
| |
| placeholder="your last name" required/>
| |
| </div>
| |
|
| |
| <a href="changepass.php">Change password</a>
| |
| | |
| <div>
| |
| <label for="gender">Gender</label><br>
| |
| <?php
| |
| if ($row1["gender"] == null) { ?>
| |
| <input type="radio" name="gender" value="male"> Male
| |
| <input type="radio" name="gender" value="female"> Female
| |
| <?php
| |
| }
| |
| elseif ($row1["gender"] == "male") { ?>
| |
| <input type="radio" name="gender" value="male" checked> Male
| |
| <input type="radio" name="gender" value="female"> Female
| |
| <?php
| |
| }
| |
| else { ?>
| |
| <input type="radio" name="gender" value="male" > Male
| |
| <input type="radio" name="gender" value="female" checked> Female
| |
| <?php
| |
| } ?>
| |
| </div>
| |
| | |
| <div>
| |
| <label for="phonenumber">Phone number</label>
| |
| <select name="phonecode" id="phonecode" onchange="" size="1">
| |
| <?php
| |
| $statement2 = $conn->query('
| |
| SELECT phonecode
| |
| FROM country
| |
| GROUP BY phonecode
| |
| ORDER BY phonecode');
| |
| if ($row1["phonecode"] == 0) {
| |
| echo "<option value=\"null\">-</option>";
| |
| }
| |
| else {
| |
| echo "<option value=".$row1["phonecode"].">+".
| |
| $row1["phonecode"]."</option>";
| |
| }
| |
| while($row2 = $statement2->fetch(PDO::FETCH_ASSOC)) {
| |
| echo "<option value=".$row2["phonecode"].">+".
| |
| $row2["phonecode"]."</option>";
| |
| }
| |
|
| |
| if ($row1["phonenum"] == 0) { ?>
| |
| <input type="text"
| |
| name="phonenum"
| |
| id="phonenum"
| |
| value="-"
| |
| pattern="[0-9]*"
| |
| title="Only numbers"
| |
| placeholder="phone number"/>
| |
| <?php
| |
| }
| |
| else { ?>
| |
| <input type="text"
| |
| name="phonenum"
| |
| id="phonenum"
| |
| value="<?php echo $row1["phonenum"];?>"
| |
| pattern="[0-9]*"
| |
| title="Only numbers"
| |
| placeholder="phone number"/>
| |
| <?php
| |
| }
| |
| ?>
| |
| </select>
| |
| </div>
| |
|
| |
| <div>
| |
| <label for="dob">Date of birth</label>
| |
| <?php
| |
| if($row1["dob"] == "0000-00-00") { ?>
| |
| <input type="text"
| |
| name="dob"
| |
| min="(Date('Y')-90)-01-01"
| |
| pattern="[19|20][0-9]{2}-[0|1][0-9]-[0-3][0-9]"
| |
| title="The date format must be YYYY-MM-DD"
| |
| placeholder="yyyy-mm-dd">
| |
| <?php
| |
| }
| |
| else { ?>
| |
| <input type="text"
| |
| name="dob"
| |
| value="<?php echo $row1["dob"]; ?>"
| |
| min="(Date('Y')-90)-01-01"
| |
| pattern="(19|20)[0-9]{2}-(0|1)[0-9]-[0-3][0-9]"
| |
| title="The date format must be YYYY-MM-DD"
| |
| placeholder="yyyy-mm-dd">
| |
| <?php
| |
| }
| |
| ?>
| |
| </div>
| |
|
| |
| <fieldset>
| |
| <legend>Address of residence:</legend>
| |
| <div>
| |
| <label for="address">Street</label>
| |
| <?php
| |
| if($row1["address"] == null) { ?>
| |
| <input type="text"
| |
| name="address"
| |
| id="address"
| |
| placeholder="your address"/>
| |
| <?php
| |
| }
| |
| else { ?>
| |
| <input type="text"
| |
| name="address" id="address"
| |
| value="<?php echo $row1["address"];?>"
| |
| placeholder="your address"/>
| |
| <?php
| |
| }
| |
| ?>
| |
| </div>
| |
|
| |
| <div>
| |
| <label for="city">City</label>
| |
| <?php
| |
| if($row1["city"] == null) { ?>
| |
| <input type="text" name="city" id="city" placeholder="your city"/>
| |
| <?php
| |
| }
| |
| else { ?>
| |
| <input type="text"
| |
| name="city"
| |
| id="city"
| |
| value="<?php echo $row1["city"];?>"
| |
| placeholder="your city"/>
| |
| <?php
| |
| }
| |
| ?>
| |
| </div>
| |
|
| |
| <div>
| |
| <label for="postalcode">Postal code</label>
| |
| <?php
| |
| if($row1["postal_code"] == 0) { ?>
| |
| <input type="text"
| |
| name="postalcode"
| |
| id="postalcode"
| |
| placeholder="your postal code"/>
| |
| <?php
| |
| }
| |
| else { ?>
| |
| <input type="text"
| |
| name="postalcode"
| |
| id="postalcode"
| |
| value="<?php echo $row1["postal_code"];?>"
| |
| placeholder="your postal code"/>
| |
| <?php
| |
| }
| |
| ?>
| |
| </div>
| |
|
| |
| <div>
| |
| <label for="country">Country</label>
| |
| <select name="country" id="country" onchange="" size="1">
| |
| <?php
| |
| $statement3 = $conn->query('SELECT nicename FROM country');
| |
| if ($row1["countryname"] == "0") {
| |
| echo "<option value=\"null\">-</option>";
| |
| }
| |
| else {
| |
| echo "<option value=" . $row1["countryname"] . ">" .
| |
| $row1["countryname"] . "</option>";
| |
| }
| |
| while ($row3 = $statement3->fetch(PDO::FETCH_ASSOC)) {
| |
| echo "<option value=" . $row3["nicename"] . ">" .
| |
| $row3["nicename"] . "</option>";
| |
| }
| |
| ?>
| |
| </select>
| |
| </div>
| |
| </fieldset>
| |
|
| |
| <div>
| |
| <input type="submit" value="Save"/>
| |
| </div>
| |
|
| |
| </form>
| |
| </div>
| |
| | |
| ==Image upload with hash of picture's path== | |
| <source lang="html5">
| |
| <?php
| |
| include "header.php";
| |
| require_once "config.php";
| |
| include "dbconn.php";
| |
| | |
| if (array_key_exists("uploaded_image", $_FILES)) {
| |
| if ($_FILES["uploaded_image"]["error"] == 1) die("Too big image!"); // File size check
| |
| $finfo = finfo_open(FILEINFO_MIME_TYPE);
| |
| $mimetype = finfo_file($finfo, $_FILES["uploaded_image"]["tmp_name"]);
| |
| if (strpos($mimetype, "image/") != 0) // This is basically mimetype.startswith("image/")
| |
| die("Go away! Only images allowed!");
| |
| $checksum = sha1(file_get_contents(
| |
| $_FILES["uploaded_image"]["tmp_name"])) . "." .
| |
| pathinfo($_FILES["uploaded_image"]["name"], PATHINFO_EXTENSION);
| |
| | |
| // Keep the original image in uploads/ folder
| |
| if (!file_exists("uploads/" . $checksum)) {
| |
| copy(
| |
| $_FILES["uploaded_image"]["tmp_name"],
| |
| "uploads/" . $checksum);
| |
| }
| |
|
| |
| // Generate thumbnail, this assumes you have created thumbnails/ folder and set permissions to 777
| |
| if (!file_exists("thumbnails/" . $checksum)) {
| |
| $im = new Imagick("uploads/" . $checksum);
| |
| $im->thumbnailImage(128, 0); // Width of 128px and automatically determine height based on aspect ratio
| |
| $im->writeImage("thumbnails/" . $checksum);
| |
| }
| |
|
| |
| // Generate smaller version of the image
| |
| if (!file_exists("small/" . $checksum)) {
| |
| $im = new Imagick("uploads/" . $checksum);
| |
| $im->thumbnailImage(960, 0); // Width of 960px and automatically determined height
| |
| $im->writeImage("small/" . $checksum);
| |
| }
| |
| | |
| //DB query
| |
| $statement = $conn->prepare("
| |
| INSERT INTO product (name, description, type, price, hash)
| |
| VALUES (:name, :desc, :type, :price, :hash)");
| |
| $statement->bindParam(':name', $_POST["product_name"]);
| |
| $statement->bindParam(':desc', $_POST["product_desc"]);
| |
| $statement->bindParam(':type', $_POST["product_type"]);
| |
| $statement->bindParam(':price', $_POST["product_price"]);
| |
| $statement->bindParam(':hash', $checksum);
| |
| if (!$statement->execute()) die("Execute failed: (" . $statement->errno . ") " . $statement->error);
| |
| | |
| ?>
| |
| <p>The product <?=$_POST["product_name"]?> has been added successfully!</p>
| |
| | |
| <?php
| |
| }
| |
| ?>
| |
| <h1>Add a new product</h1>
| |
| <ul>
| |
| </ul>
| |
| <form method="post" enctype="multipart/form-data">
| |
| <label for="product_name">Product name: </label>
| |
| <input type="text" name="product_name" placeholder="Product name" required/><br>
| |
|
| |
| <label for="product_type">Product type: </label>
| |
| <input type="text" name="product_type" placeholder="Product type" required/><br>
| |
|
| |
| <label for="product_price">Product price: </label>
| |
| <input type="number" name="product_price" placeholder="Product price" min="0" required/><br>
| |
|
| |
| <label for="product_desc">Product description: </label><br>
| |
| <textarea name="product_desc" rows="10" cols="50"></textarea><br>
| |
|
| |
| <input type="hidden" name="MAX_FILE_SIZE" value="2000000" />
| |
| Select product picture (max 2M):
| |
| <input id="file" type="file" name="uploaded_image" accept="image/*"/><br>
| |
| <input type="submit" value="Add product"/>
| |
| </form><br>
| |
| | |
| <?php
| |
| $statement = $conn->prepare("SELECT id, name, price FROM product");
| |
| //$result = $conn->query("SELECT id, name, price FROM product");
| |
| $statement->execute();
| |
| | |
| while ($row = $statement->fetch(PDO::FETCH_ASSOC)) {
| |
| echo "<li><a href=\"description.php?id=" . $row["id"] . "\">" .
| |
| $row["name"] . "</a> " . $row["price"] . "eur</li>";
| |
| }
| |
| ?>
| |
| </source>
| |