Web Exam help

From ICO wiki
Jump to navigationJump to search

IMAGE GALLERY

INDEX.php

<?php
require_once "config.php";
include "header.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
    $conn->connect_error);
$conn->query("set names utf8"); 

?>

<h1 style="color:Purple ;font-family:Indie Flower; float:Center"><em><center>Sheela's Image#Gallery</center></em></h1>
<p>
<?php 

if ($_SERVER['REQUEST_METHOD'] == "POST") {
  $statement = $conn->prepare(
      "select * from Sheela_gallery_user where email = ? and " .
      "password_hash = SHA1(CONCAT(password_salt, ?))");
  if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
  $statement->bind_param("ss", $_POST["email"], $_POST["password"]);
  $statement->execute();
  $results = $statement->get_result();
  $row = $results->fetch_assoc();
  if (!$row)
	  echo "Login failed!";
  $_SESSION["user"] = $row;
}

// Here we check if the user is logged in
if ($user = @$_SESSION["user"]) { // Extra lazy hack, use $user instead of $_SESSION["user"] from now on
  ?>
  <h1>Hello <?=$user["display_name"];?></h1>
  <p>
  Add albums <a href="addalbum.php">here</a>.
  Upload images <a href="upload.php">here</a>.
  </p>
  My albums:
  <?php
  // Here we list user's albums
  $statement = $conn->prepare("select * from Sheela_gallery_album where owner_id = ?");
  $statement->bind_param("i", $user["id"]);
  $statement->execute();
  ?><ul><?php
      foreach ($statement->get_result() as $row) {
        ?><li><a href="album.php?id=<?=$row['id']?>"><?=$row['name'];?></a>
		<a href="deletealbum.php?id=<?=$row['id']?>">[Delete]</a>
</li><?php
      }
  ?></ul>
  
 My recent uploads: 
  
  <?php

  // To show images of the user
$statement = $conn->prepare(
    "select Sheela_gallery_image.id, Sheela_gallery_image.hash, Sheela_gallery_image.created " .
	"from Sheela_gallery_image " .
	"join Sheela_gallery_album " .
	"on Sheela_gallery_album.id = Sheela_gallery_image.album_id " .
	"where Sheela_gallery_album.owner_id = ? " .
	"order by Sheela_gallery_image.created desc " .
	"limit 2");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);

  
$statement->bind_param("i", $user["id"]);
$statement->execute();
  ?><ul class="thumbnails"><?php
      foreach ($statement->get_result() as $row) {
        ?><li>
            <img src="thumbnails/<?=$row['hash']?>" title="<?=$row['name'];?>"/>
            uploaded <?=$row['created'] ?> <?=$row["id"]?>
            <?php
            $statement = $conn->prepare(
                "SELECT Sheela_gallery_user.display_name " .
                "FROM Sheela_gallery_likes " .
                "JOIN Sheela_gallery_user ON Sheela_gallery_likes.user_id = Sheela_gallery_user.id " .
                "WHERE Sheela_gallery_likes.image_id = ?");
            $statement->bind_param("i", $row["id"]);
            $statement->execute();
            $first = true; // First user shall not have comma prefixed
            foreach ($statement->get_result() as $like) {
              if (!$first) {
                 echo ", ";
              }
              echo $like["display_name"];
              $first = false; // All other users have their nicknames comma prefixed
            }
            ?>
            like this

          </li><?php

      }
  ?></ul><?php

} else {
?>
  <form method="post">
    <input type="mail" name="email"/>
    <input type="password" name="password"/>
    <input type="submit" value="Log in!"/>
  </form>
<?php
}
?>

<a href ="registration.php">Sign up</a> 
<p>
<a href="upload.php">Upload Page </a>



<?php include "footer.php" ?>

LAURI-INDEX.PHP

<?php
include "header.php";
require_once "config.php";

$SQL_IMAGES = "
     select
        lauri_gallery_image.id,
        lauri_gallery_image.hash,
        lauri_gallery_image.created
     from
        lauri_gallery_image
     join
        lauri_gallery_album
     on
        lauri_gallery_album.id = lauri_gallery_image.album_id
     where
        lauri_gallery_album.owner_id = ?
     order by
        lauri_gallery_image.created desc
     limit 2";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

// Here we check if user is attempting to log in
if ($_SERVER['REQUEST_METHOD'] == "POST") {
  $statement = $conn->prepare(
      "select * from lauri_gallery_user where email = ? and " .
      "password_hash = SHA1(CONCAT(password_salt, ?))");
  $statement->bind_param("ss", $_POST["email"], $_POST["password"]);
  $statement->execute();
  $results = $statement->get_result();
  $row = $results->fetch_assoc();
  if (!$row)
	  echo "Login failed!";
  $_SESSION["user"] = $row; // Set user as logged in
}

// Here we check if the user is logged in
if ($user = @$_SESSION["user"]) { // Extra lazy hack, use $user instead of $_SESSION["user"] from now on
  ?>
  <h1>Hello <?=$user["display_name"];?></h1>
  <p>
  Add albums <a href="addalbum.php">here</a>.
  Upload images <a href="upload.php">here</a>.
  </p>
  My albums:
  <?php
  // Here we list user's albums
  $statement = $conn->prepare("select * from lauri_gallery_album where owner_id = ?");
  $statement->bind_param("i", $user["id"]);
  $statement->execute();
  ?><ul><?php
      foreach ($statement->get_result() as $row) {
        ?><li><a href="album.php?id=<?=$row['id']?>"><?=$row['name'];?></a>
		<a href="deletealbum.php?id=<?=$row['id']?>">[Delete]</a>
		</li><?php
      }
  ?></ul>
  
  My uploads: 
  
  <?php

  // To show images of the user
  $statement = $conn->prepare($SQL_IMAGES);
  if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
  $statement->bind_param("i", $user["id"]);
  $statement->execute();
  ?><ul class="thumbnails"><?php
      foreach ($statement->get_result() as $row) {
        ?><li>
            <img src="thumbnails/<?=$row['hash']?>" title="<?=$row['name'];?>"/>
            uploaded <?=$row['created'] ?>
            <div id="likes_<?=$row["id"]?>">
            <?php
            require_once "common.php";
            show_likes($row["id"]); // show_likes function is defined in common.php
            ?>
            like this
            </div>

          </li><?php
      }
  ?></ul><?php

} else {
?>
  <form method="post">
    <input type="mail" name="email"/>
    <input type="password" name="password"/>
    <input type="submit" value="Log in!"/>
  </form>
<?php
}
?>

ADDALBUM.PHP

<?php
include "header.php";
require_once "config.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);

if ($_SERVER['REQUEST_METHOD'] == "POST") {
  $statement = $conn->prepare(
      "insert into Sheela_gallery_album(name, owner_id) values(?,?)");
  $statement->bind_param("si", $_POST["album_name"], $_SESSION["user"]["id"]);
  $statement->execute();
}

?>

<form method="post">
   <p>Here you can create a new album, it's basically a group of images that are to be uploaded</p>
   <label>Enter album name</label>
   <input type="text" name="album_name"/>
   <input type="submit"/>
</form>

LAURI-ADDALBUM.PHP

<?php
include "header.php";
require_once "config.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);

if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $statement = $conn->prepare(
        "insert into lauri_gallery_album(name, owner_id) values(?,?)");
    if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error); // check all the errors!
    $statement->bind_param("si", $_POST["album_name"], $_SESSION["user"]["id"]);
    if (!$statement->execute()) die("Execute failed (" . $conn->errno . ") " . $conn->error);	// check all the errors!
    header("Location: album.php?id=" . mysqli_insert_id($conn)); // This will redirect to newly created album page
}
?>

<form method="post">
   <p>Here you can create a new album, it's basically a group of images that are to be uploaded</p>
   <label>Enter album name</label>
   <input type="text" name="album_name"/>
   <input type="submit"/>
</form>

ALBUM.PHP

<?php
include "header.php";
require_once "config.php";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);
?>

Back to landing page <a href="index.php">here</a>.
Upload images <a href="upload.php">here</a>

Images of album:

ss<?php

// To show images of the album
$statement = $conn->prepare(
"select Sheela_gallery_image.hash, Sheela_gallery_image.created " .
"from Sheela_gallery_image " .
"where Sheela_gallery_image.album_id = ? " .
"order by Sheela_gallery_image.created desc");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("i", $_GET["id"]);
$statement->execute();
?><ul><?php
  foreach ($statement->get_result() as $row) {
	?><li><img src="thumbnails/<?=$row['hash']?>"
  title="<?=$row['name'];?>"/> uploaded <?=$row['created']?></li><?php
  }
?></ul>

LAURI-ALBUM.PHP

<?php
include "header.php";
require_once "config.php";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);
?>

Back to landing page <a href="index.php">here</a>.
Upload images <a href="upload.php">here</a>

Images of album:
 
<?php

// To show images of the album
$statement = $conn->prepare(
"select lauri_gallery_image.hash, lauri_gallery_image.created " .
"from lauri_gallery_image " .
"where lauri_gallery_image.album_id = ? " .
"order by lauri_gallery_image.created desc");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("i", $_GET["id"]);
$statement->execute();
?><ul><?php
  foreach ($statement->get_result() as $row) {
	?><li><img src="thumbnails/<?=$row['hash']?>"
  title="<?=$row['name'];?>"/> uploaded <?=$row['created']?></li><?php
  }
?></ul>

COMMOM.PHP

<?php

function show_likes($image_id) {
  $conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
  if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

  $statement = $conn->prepare("
     select id
     from Sheela_gallery_like
     where image_id = ? and user_id = ?");
  $statement->bind_param("ii", $image_id, $_SESSION["user"]["id"]);
  $statement->execute();

  $result = $statement->get_result(); // Consume the results of the executed query
  
  // Here we will check if user already likes this image
  if ( $result->fetch_array() ) {
    // we got a row -> user already likes this image
    echo '<button onClick="unlike(' . $image_id . ');">Unlike!</button>';
  } else {
    // or if no rows -> user hasn't liked it yet
    echo '<button onClick="like(' . $image_id . ');">Like!</button>';
  }

  $statement = $conn->prepare(
    "SELECT Sheela_gallery_user.display_name " .
    "FROM Sheela_gallery_like " .
    "JOIN Sheela_gallery_user ON Sheela_gallery_like.user_id = Sheela_gallery_user.id " .
    "WHERE Sheela_gallery_like.image_id = ?");
  if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);

  $statement->bind_param("i", $image_id);
  $statement->execute();


  $first = true; // First user shall not have comma prefixed
  foreach ($statement->get_result() as $like) {
    if (!$first) {
     echo ", ";
    }
    echo $like["display_name"];
    $first = false; // All other users have their nicknames comma prefixed
  }
};

?>

LAURI-COMMON.PHP

<?php

function show_likes($image_id) {
  $conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
  if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

  $statement = $conn->prepare("
     select id
     from lauri_gallery_like
     where image_id = ? and user_id = ?");
  $statement->bind_param("ii", $image_id, $_SESSION["user"]["id"]);
  $statement->execute();

  $result = $statement->get_result(); // Consume the results of the executed query
  
  // Here we will check if user already likes this image
  if ( $result->fetch_array() ) {
    // we got a row -> user already likes this image
    echo '<button onClick="unlike(' . $image_id . ');">Unlike!</button>';
  } else {
    // or if no rows -> user hasn't liked it yet
    echo '<button onClick="like(' . $image_id . ');">Like!</button>';
  }

  $statement = $conn->prepare(
    "SELECT lauri_gallery_user.display_name " .
    "FROM lauri_gallery_like " .
    "JOIN lauri_gallery_user ON lauri_gallery_like.user_id = lauri_gallery_user.id " .
    "WHERE lauri_gallery_like.image_id = ?");
  if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);

  $statement->bind_param("i", $image_id);
  $statement->execute();


  $first = true; // First user shall not have comma prefixed
  foreach ($statement->get_result() as $like) {
    if (!$first) {
     echo ", ";
    }
    echo $like["display_name"];
    $first = false; // All other users have their nicknames comma prefixed
  }
};

?>

CONFIG.PHP

<?php
// This is site specific configuration! Do not commit this to Git!
define("DB_SERVER", "localhost");
define("DB_USER",   "test");
define("DB_PASS",   "t3st3r123");
define("DB_NAME",   "test");
define("DB_PREFIX", "Sheela_");
?>

DELETEALBUM.PHP

<?php
include "header.php";
require_once "config.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);


$statement = $conn->prepare(
	"delete from Sheela_gallery_album where id = ?");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error); // check all the errors!
$statement->bind_param("i", $_GET["id"]);
if (!$statement->execute()) die("Execute failed (" . $conn->errno . ") " . $conn->error);	// check all the errors!
header("Location: index.php");

FOOTER.PHP

</div>
    <footer>
      <ul>
        <li>Phone: +372 1234 4567</li>
        <li><a href="http://facebook.com">Visit us on Facebook!</a></li>
      </ul>
    </footer>
  </body>
</html>

HEADER.PHP

<?php
session_set_cookie_params(0, '/~ssumathi', 'enos.itcollege.ee', 0, 1);
session_start();

?>


<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <meta name="description" content="Introduction to this Image_Gallery">
    <title>This goes into the titlebar</title>
    <link type="text/css" rel="stylesheet" href="css/style.css"/>
    <script type="text/javascript"src="js/main.js"></script>
  </head>
  <body>
  <div id ="content">

LIKE.PHP

<?php

// like.php?image_id=123 will attempt to add like to an image for currenty logged in user
session_start();
require_once "config.php";
require_once "common.php";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

$statement = $conn->prepare("
    insert into Sheela_gallery_like (image_id, user_id)
    values (?, ?)");
$statement->bind_param("ii", $_GET["image_id"], $_SESSION["user"]["id"]);
$statement->execute();

show_likes($_GET["image_id"]); // This will simply return a fragment of HTML
?>

LOGOUT.PHP

<?php
session_start();
session_destroy();
unset($_SESSION["user"]);
header('Location: index.php'); // This will redirect back to index

REGISTRATION.PHP

<?php
require_once "config.php";
include "header.php";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
    $statement = $conn->prepare(
        "INSERT INTO `Sheela_gallery_user` (`email`, `password_salt`, `password_hash`, `display_name`) " .
        "VALUES (?, ?, ?, ?)");
    if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
    $salt = substr(str_shuffle(
        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 20);
    $statement->bind_param("ssss",
        $_POST["email"],
        $salt,
        sha1($salt . $_POST["password"]),
        $_POST["display_name"]);
    if ($statement->execute()) {
        header("Location: index.php");
    } else {
        if ($statement->errno == 1062) {
            echo "This e-mail is already registered";
       } else {
            die("Execute failed: (" . $statement->errno . ") " . $statement->error);
       }
    }
}
?>
<form method="post"><!-- This form is submitted to the same reg.php file with POST method -->
  <ul>
    <li>e-mail: <input type="mail" name="email" value="<?=@$_POST['email'];?>" required/></li>
    <li>password: <input type="password" name="password" pattern="[a-zA-Z0-9]{8,16}" title="Password has to be at least 8 characters" required/></li>
    <li>nickname: <input type="text" name="display_name" placeholder="cute honeybunny" pattern="[a-z]{3,10}" required/></li>
  </ul>
  <input type="submit"/>
</form>

UPLOAD.PHP

<?php
include "header.php";
require_once "config.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);

if (array_key_exists("uploaded_image", $_FILES)) {
    if ($_FILES["uploaded_image"]["error"] == 1) die("Too big image!"); // File size check
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $mimetype = finfo_file($finfo, $_FILES["uploaded_image"]["tmp_name"]);
    if (strpos($mimetype, "image/") != 0) // This is basically mimetype.startswith("image/")
        die("Go away! Only images allowed!");
    $checksum = sha1(file_get_contents(
        $_FILES["uploaded_image"]["tmp_name"])) . "." .
        pathinfo($_FILES["uploaded_image"]["name"], PATHINFO_EXTENSION);

    // Keep the original image in uploads/ folder
    if (!file_exists("uploads/" . $checksum)) {
        copy(
          $_FILES["uploaded_image"]["tmp_name"],
          "uploads/" . $checksum);
    }
	
	// Generate thumbnail, this assumes you have created thumbnails/ folder and set permissions to 777
	if (!file_exists("thumbnails/" . $checksum)) {
		$im = new Imagick("uploads/" . $checksum);
		$im->thumbnailImage(128, 0); // Width of 128px and automatically determine height based on aspect ratio
		$im->writeImage("thumbnails/" . $checksum);
	}
	
	// Generate smaller version of the image
	if (!file_exists("small/" . $checksum)) {
		$im = new Imagick("uploads/" . $checksum);
		$im->thumbnailImage(960, 0); // Width of 960px and automatically determined height
		$im->writeImage("small/" . $checksum);
	}
	
    // TODO: Check that specified album is owned by the currently logged in user (SQL select query!)
    // something like this, if you find a matching row the upload permission is granted:
    // select * from Sheela_gallery_album where owner_id = $_SESSION["user]["id"] and id = $_POST['album_id']

    // These four lines are the new stuff!
    $statement = $conn->prepare("insert into `Sheela_gallery_image` (`album_id`, `name`, `hash`) values (?,?,?)");
    $statement->bind_param("iss", $_POST["album_id"], $_FILES["uploaded_image"]["name"], $checksum);
    $statement->execute();

    ?>
    <p>Mimetype was: <?= $mimetype; ?></p>
    <p>Original was: <a href="uploads/<?=$checksum;?>"><?=$checksum;?></a>
	<p>960px was: <a href="small/<?=$checksum;?>"><?=$checksum;?></a>

	<p>Thumbnail was: <a href="thumbnails/<?=$checksum;?>"><?=$checksum;?></a>

    <p>Filename was: <?=$_FILES["uploaded_image"]["name"];?></p>
    <p>File stored at: <?=$_FILES["uploaded_image"]["tmp_name"];?></p>
<?php
}
?>

<form method="post" enctype="multipart/form-data">
	<select name="album_id">
    <?php
    $statement = $conn->prepare("select id, name from Sheela_gallery_album where owner_id = ?");
	$statement->bind_param("i", $_SESSION["user"]["id"]);
	$statement->execute();
	foreach ($statement->get_result() as $row) {
		?>
			<option value="<?=$row['id']?>"><?=$row['name']?></option>
		<?php
		}
	?>
    </select>
  Select file for upload: <input id="file" type="file" name="uploaded_image" accept="image/*">
  <input type="submit"/>
</form>

UNLIKE.PHP

<?php

// unlike.php?image_id=123 will attempt to remove a like
session_start();
require_once "config.php";
require_once "common.php";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

$statement = $conn->prepare("
    delete from lauri_gallery_like
    where image_id = ? and user_id = ?
    limit 1");
$statement->bind_param("ii", $_GET["image_id"], $_SESSION["user"]["id"]);
$statement->execute();
show_likes( $_GET["image_id"]);

?>

LAURI-MAIN.JS

function like(image_id) {
  var request = new XMLHttpRequest();
  request.open('GET', 'like.php?image_id=' + image_id, true);
 
  // This is an example of callback
  request.onload = function() {
    // This function runs once response has been received
    if (request.status >= 200 && request.status < 400) {
      document.querySelector("#likes_" + image_id).innerHTML =
        request.responseText;
    }
  };
 
  // This will only start the request
  request.send();
}


function unlike(image_id) {
  var request = new XMLHttpRequest();
  request.open('GET', 'unlike.php?image_id=' + image_id, true);

  // This is an example of callback
  request.onload = function() {
    // This function runs once response has been received
    if (request.status >= 200 && request.status < 400) {
      document.querySelector("#likes_" + image_id).innerHTML =
        request.responseText;
    }
  };

  // This will only start the request
  request.send();
}

CSS-STYLE.CSS

ul.thumbnails {
	list-style: none;
}

ul#thumbnails li {
	float: left;
	display: block;
	width: 160px;

LAURI-Index.php

<?php
include "header.php";
require_once "config.php";

$SQL_IMAGES = "
     select
        lauri_gallery_image.id,
        lauri_gallery_image.hash,
        lauri_gallery_image.created
     from
        lauri_gallery_image
     join
        lauri_gallery_album
     on
        lauri_gallery_album.id = lauri_gallery_image.album_id
     where
        lauri_gallery_album.owner_id = ?
     order by
        lauri_gallery_image.created desc
     limit 2";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

// Here we check if user is attempting to log in
if ($_SERVER['REQUEST_METHOD'] == "POST") {
  $statement = $conn->prepare(
      "select * from lauri_gallery_user where email = ? and " .
      "password_hash = SHA1(CONCAT(password_salt, ?))");
  $statement->bind_param("ss", $_POST["email"], $_POST["password"]);
  $statement->execute();
  $results = $statement->get_result();
  $row = $results->fetch_assoc();
  if (!$row)
	  echo "Login failed!";
  $_SESSION["user"] = $row; // Set user as logged in
}

// Here we check if the user is logged in
if ($user = @$_SESSION["user"]) { // Extra lazy hack, use $user instead of $_SESSION["user"] from now on
  ?>
  <h1>Hello <?=$user["display_name"];?></h1>
  <p>
  Add albums <a href="addalbum.php">here</a>.
  Upload images <a href="upload.php">here</a>.
  </p>
  My albums:
  <?php
  // Here we list user's albums
  $statement = $conn->prepare("select * from lauri_gallery_album where owner_id = ?");
  $statement->bind_param("i", $user["id"]);
  $statement->execute();
  ?><ul><?php
      foreach ($statement->get_result() as $row) {
        ?><li><a href="album.php?id=<?=$row['id']?>"><?=$row['name'];?></a>
		<a href="deletealbum.php?id=<?=$row['id']?>">[Delete]</a>
		</li><?php
      }
  ?></ul>
  
  My uploads: 
  
  <?php

  // To show images of the user
  $statement = $conn->prepare($SQL_IMAGES);
  if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
  $statement->bind_param("i", $user["id"]);
  $statement->execute();
  ?><ul class="thumbnails"><?php
      foreach ($statement->get_result() as $row) {
        ?><li>
            <img src="thumbnails/<?=$row['hash']?>" title="<?=$row['name'];?>"/>
            uploaded <?=$row['created'] ?>
            <div id="likes_<?=$row["id"]?>">
            <?php
            require_once "common.php";
            show_likes($row["id"]); // show_likes function is defined in common.php
            ?>
            like this
            </div>

          </li><?php
      }
  ?></ul><?php

} else {
?>
  <form method="post">
    <input type="mail" name="email"/>
    <input type="password" name="password"/>
    <input type="submit" value="Log in!"/>
  </form>
<?php
}
?>