Web Exam help
From ICO wiki
IMAGE GALLERY
Index.php
<?php
require_once "config.php";
include "header.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
die("Connection to database failed:" .
$conn->connect_error);
$conn->query("set names utf8");
?>
<h1 style="color:Purple ;font-family:Indie Flower; float:Center"><em><center>Sheela's Image#Gallery</center></em></h1>
<p>
<?php
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$statement = $conn->prepare(
"select * from Sheela_gallery_user where email = ? and " .
"password_hash = SHA1(CONCAT(password_salt, ?))");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("ss", $_POST["email"], $_POST["password"]);
$statement->execute();
$results = $statement->get_result();
$row = $results->fetch_assoc();
if (!$row)
echo "Login failed!";
$_SESSION["user"] = $row;
}
// Here we check if the user is logged in
if ($user = @$_SESSION["user"]) { // Extra lazy hack, use $user instead of $_SESSION["user"] from now on
?>
<h1>Hello <?=$user["display_name"];?></h1>
<p>
Add albums <a href="addalbum.php">here</a>.
Upload images <a href="upload.php">here</a>.
</p>
My albums:
<?php
// Here we list user's albums
$statement = $conn->prepare("select * from Sheela_gallery_album where owner_id = ?");
$statement->bind_param("i", $user["id"]);
$statement->execute();
?><ul><?php
foreach ($statement->get_result() as $row) {
?><li><a href="album.php?id=<?=$row['id']?>"><?=$row['name'];?></a>
<a href="deletealbum.php?id=<?=$row['id']?>">[Delete]</a>
</li><?php
}
?></ul>
My recent uploads:
<?php
// To show images of the user
$statement = $conn->prepare(
"select Sheela_gallery_image.id, Sheela_gallery_image.hash, Sheela_gallery_image.created " .
"from Sheela_gallery_image " .
"join Sheela_gallery_album " .
"on Sheela_gallery_album.id = Sheela_gallery_image.album_id " .
"where Sheela_gallery_album.owner_id = ? " .
"order by Sheela_gallery_image.created desc " .
"limit 2");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("i", $user["id"]);
$statement->execute();
?><ul class="thumbnails"><?php
foreach ($statement->get_result() as $row) {
?><li>
<img src="thumbnails/<?=$row['hash']?>" title="<?=$row['name'];?>"/>
uploaded <?=$row['created'] ?> <?=$row["id"]?>
<?php
$statement = $conn->prepare(
"SELECT Sheela_gallery_user.display_name " .
"FROM Sheela_gallery_likes " .
"JOIN Sheela_gallery_user ON Sheela_gallery_likes.user_id = Sheela_gallery_user.id " .
"WHERE Sheela_gallery_likes.image_id = ?");
$statement->bind_param("i", $row["id"]);
$statement->execute();
$first = true; // First user shall not have comma prefixed
foreach ($statement->get_result() as $like) {
if (!$first) {
echo ", ";
}
echo $like["display_name"];
$first = false; // All other users have their nicknames comma prefixed
}
?>
like this
</li><?php
}
?></ul><?php
} else {
?>
<form method="post">
<input type="mail" name="email"/>
<input type="password" name="password"/>
<input type="submit" value="Log in!"/>
</form>
<?php
}
?>
<a href ="registration.php">Sign up</a>
<p>
<a href="upload.php">Upload Page </a>
<?php include "footer.php" ?>
LAURI-Index.php
<?php
include "header.php";
require_once "config.php";
$SQL_IMAGES = "
select
lauri_gallery_image.id,
lauri_gallery_image.hash,
lauri_gallery_image.created
from
lauri_gallery_image
join
lauri_gallery_album
on
lauri_gallery_album.id = lauri_gallery_image.album_id
where
lauri_gallery_album.owner_id = ?
order by
lauri_gallery_image.created desc
limit 2";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);
// Here we check if user is attempting to log in
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$statement = $conn->prepare(
"select * from lauri_gallery_user where email = ? and " .
"password_hash = SHA1(CONCAT(password_salt, ?))");
$statement->bind_param("ss", $_POST["email"], $_POST["password"]);
$statement->execute();
$results = $statement->get_result();
$row = $results->fetch_assoc();
if (!$row)
echo "Login failed!";
$_SESSION["user"] = $row; // Set user as logged in
}
// Here we check if the user is logged in
if ($user = @$_SESSION["user"]) { // Extra lazy hack, use $user instead of $_SESSION["user"] from now on
?>
<h1>Hello <?=$user["display_name"];?></h1>
<p>
Add albums <a href="addalbum.php">here</a>.
Upload images <a href="upload.php">here</a>.
</p>
My albums:
<?php
// Here we list user's albums
$statement = $conn->prepare("select * from lauri_gallery_album where owner_id = ?");
$statement->bind_param("i", $user["id"]);
$statement->execute();
?><ul><?php
foreach ($statement->get_result() as $row) {
?><li><a href="album.php?id=<?=$row['id']?>"><?=$row['name'];?></a>
<a href="deletealbum.php?id=<?=$row['id']?>">[Delete]</a>
</li><?php
}
?></ul>
My uploads:
<?php
// To show images of the user
$statement = $conn->prepare($SQL_IMAGES);
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("i", $user["id"]);
$statement->execute();
?><ul class="thumbnails"><?php
foreach ($statement->get_result() as $row) {
?><li>
<img src="thumbnails/<?=$row['hash']?>" title="<?=$row['name'];?>"/>
uploaded <?=$row['created'] ?>
<div id="likes_<?=$row["id"]?>">
<?php
require_once "common.php";
show_likes($row["id"]); // show_likes function is defined in common.php
?>
like this
</div>
</li><?php
}
?></ul><?php
} else {
?>
<form method="post">
<input type="mail" name="email"/>
<input type="password" name="password"/>
<input type="submit" value="Log in!"/>
</form>
<?php
}
?>
