with new user

Scytheb · Dec 31, 2011 · 46f972c · 46f972c
2 parents 2a17048 + 84668d5
commit 46f972c
Show file tree

Hide file tree

Showing 9 changed files with 191 additions and 91 deletions.
diff --git a/controllers/doregister.php b/controllers/doregister.php
diff --git a/controllers/globalblogs.php b/controllers/globalblogs.php
@@ -0,0 +1,23 @@
+<?php 
+	global $settings;
+    $settings = require( '../settings.php' );
+	require_once "../models/db.php";
+	include "../models/blog.php";
+	include "../views/header.php";
+
+
+	if (isset($_GET['page'])) {
+		$page=$_GET['page'];
+		$blog=allBlogPosts($page*10-10, $page*10, 'blogdate');
+	}
+	else {
+		$page=1;
+		$ground=0;
+		$ceiling=10;
+		$blog=allBlogPosts($ground, $ceiling, 'blogdate');
+	}
+
+	include "../views/globalblogs/view.php";
+	include "../views/footer.php";
+
+?>
diff --git a/controllers/register.php b/controllers/register.php
@@ -1,5 +1,16 @@
 <?php
-        include "views/header.php";
-		include "views/register/view.php";
-		include "views/footer.php";
+    global $settings;
+    $settings = require( "../settings.php");
+	require "../models/db.php";
+    require "../models/user.php";
+	include "views/header.php";
+
+		if (!isset($_POST['username'])||!isset($_POST['password'])||!isset($_POST['email'])) {
+			include "views/register/view.php";
+			include "views/footer.php";
+		}
+		else {
+			register($_POST['username'], $_POST['password'], $_POST['email']);
+			header('Location: globalblogs.php');
+		}			
 ?>
diff --git a/index.php b/index.php
@@ -7,9 +7,9 @@
     //$page = 'register';
 	$page='conpost';
 	//$page = $_POST[ 'page' ];
- //if( !isset( $_POST[ 'page' ] ) ){
- //      die("error");   
- //   }
+	//if( isset( $_GET[ 'page' ] ) ){
+     //$page = $_GET[ 'page' ];   
+    //}
     /*
     if( $user == false && !in_array( $page, array( 'login', 'register', 'dologin', 'doregister' ) ) ){
         header( 'Location: ./?page=login' );

diff --git a/models/blog.php b/models/blog.php
@@ -2,8 +2,8 @@
 	//A function that takes the number of results requested (smallest and biggest) and the
 	//way they are sorted (asc or desc) and returns all the information of the blogs
 	function allBlogPosts($ground, $ceiling, $sort, $sortStyle='DESC') {
-		if (!$ground||!$ceiling||!$sort) {
-			return false;
+		if (!isset($ground)||!isset($ceiling)||!isset($sort)) {
+			return "didn't send correct values";
         }
 		$res = mysql_query(
                 "SELECT
@@ -14,21 +14,23 @@ function allBlogPosts($ground, $ceiling, $sort, $sortStyle='DESC') {
 					$sort $sortStyle
                 LIMIT $ground, $ceiling ");
         if(!mysql_num_rows($res)) {
-			return false;
+			die(mysql_error());
         }
 		$i=0;
 		$blog=array();
-        while ($row = mysql_fetch_array($res)) {
-			$blog[i]=$row;
-			$i+=1;
+		$row=array();
+        while ($row = mysql_fetch_assoc($res)) {
+			$blog[$i]=$row;
+			$i++;
+			unset($blog[$i]); 
 		}
 		return $blog;
 	}
 
 	//A function that takes the userid and the number of results results requested (smallest and biggest) and the
 	//way they are sorted (asc or desc) and returns all the information of the blogs from this user
 	function userBlogPosts($userid, $ground, $ceiling, $sort, $sortStyle='DESC') {
-		if (!$ground||!$ceiling||!$sort||) {
+		if (!$ground||!$ceiling||!$sort) {
 			return false;
         }
 		$res = mysql_query(

diff --git a/models/user.php b/models/user.php
@@ -1,72 +1,136 @@
 <?php
-//A function that given the userid returns the details of the profile
-//of the requested user
-function getProfileDetails($userid) {
-if (!$userid) {
-return false;
+	//A function that given the userid returns the details of the profile
+	//of the requested user
+	function getProfileDetails($userid) {
+		if (!$userid) {
+			die("Not valid userid!");
         }
-$res = mysql_query(
+		$res = mysql_query(
                 "SELECT
-*
-FROM
-user
-WHERE
-userid = $userid
-LIMIT 1");
+                    *
+                FROM
+                    user
+                WHERE
+                    userid = :userid
+                LIMIT 1");
         if(!mysql_num_rows($res)) {
-                return false;
+                die("Error fetching from MySQL profile details");
         }
         $row = mysql_fetch_array( $res );
-return $row;
-}
+			return $row;
+	}
+
+	//User login function
+	function login( $username, $password ){
+		$username=sanitize( $username );
+		$passwordHash=hash("sha1", $password );
+
+		$res = mysql_query(
+			"SELECT
+				*
+		 	FROM 
+				login	
+			WHERE
+				username='$username'
+				
+				AND
+	
+				password='$passwordHash'
+			  ");
+		if( mysql_num_rows($res) == 0 ){
+            		die("Login error, username not found");
+       	 	}
+		mysql_query(
+			"UPDATE
+				login
+			SET
+				enter = 1
+			WHERE
+				username = '$username'
+			");
+
+        	return mysql_fetch_array( $res );	
+	}
+
+	//User registration function
+	function register( $name, $password, $email ){
+		$name = sanitize ( $name );
+		$email = sanitize ( $email );
+		$passwordHash = hash("sha1", $password );
+
+		$exists = mysql_query(
+			"SELECT
+				loginid
+			FROM
+				login
+			WHERE
+				username = '$name'
+			");
+		if( mysql_num_rows( $exists ) > 0 ){
+			die("Username exists!");
+		}
+
+
+		$insertToLogin = mysql_query(
+			"INSERT INTO 
+				login ( username, password, email, created )
+			VALUES
+				( '$name', '$passwordHash', '$email', NOW() )
+			");
 
-//User login function returns details of the user login info
-function login( $username, $password ){
-$username=sanitize( $username );
-$passwordHash=hash("sha1", sanitize( $password ) );
+
+		$loginId = mysql_query(
+			"SELECT
+				loginid
+			FROM
+				login
+			WHERE
+				username = '$name'
+			");
 
-$res = mysql_query(
-"SELECT
-*
-FROM
-login
-WHERE
-username=$username
-AND
-password=$passwordHash
-");
-if( mysql_num_rows($res) == 0 ){
-             return false;
-        }
-         return mysql_fetch_array( $res );
-}
+		$insertToUser = mysql_query(
+			"INSERT INTO
+				user ( loginid, email )
+			VALUES
+				( '$loginId', '$email' )
+			");
+
+		if( !$insertToLogin
+		   || !$insertToUser
+		   || !$loginId ){
+        	    	//If something went wrong, delete added records, just in case.
+        	    	//Basically maybe it doesn't work really well, what if duplicate username???
+			mysql_query(
+				"DELETE FROM
+					login
+				 WHERE
+					loginid = '$loginId'
+				");
 
-//User registration function
-function register( $username, $password, $email ) {
-mysql_query(
-"INSERT INTO
-login (username, password, email, created, enter)
-VALUES
-('sanitize($username)', 'sanitize($password)', 'sanitize($email)', 'NOW()', '1')
-");
-if( mysql_affected_rows() != 1 ){
-         return false;
-}
-         return
-array(
-             "id" => mysql_insert_id(),
-             "username" => $username
-         );
-     }
+			mysql_query(
+				"DELETE FROM
+					user
+				WHERE
+					loginid = '$loginId'
+				");
 
-//Sanitizes input to prevent SQl injections
-function sanitize($input){
-if( get_magic_quotes_gpc() ){
-$input=stripslashes($input);
-}
+			die( "MySQL error during register" );
+		}
+        	return array(
+			//mysql_insert_id return last auto-incremented value from last query
+			//in this case, userid from table user
+            		"userid" => mysql_insert_id(),
+            		"username" => $name
+        	);
+    	}		
 
-$input=mysql_real_escape_string($input);
-return $input;
-}
-?>
+	//Sanitizes input to prevent SQl injections
+	function sanitize($input){
+		if( get_magic_quotes_gpc() ){
+			$input=stripslashes($input);
+		}	
 
+		$input=mysql_real_escape_string($input);
+		return $input;
+	}
+?>
diff --git a/views/globalblogs/view.php b/views/globalblogs/view.php
@@ -0,0 +1,10 @@
+<div id="bloglist">
+		<ul class="list" id="globalblogs">
+			<?php 
+				for($i=0;$i<count($blog);$i++) {
+					echo "<li><a href=\"userblog.php?userid=".$blog[$i]['userid']."\">".$blog[$i]['title']."</a></li>";
+				}
+			?>
+		</ul>
+		<?php echo "<a href=globalblogs.php?page=".($page+1).">Next Page</a>"; ?>
+</div>
diff --git a/views/profile/view.php b/views/profile/view.php
@@ -3,16 +3,16 @@
 </div>
 
 <div id="user_inf">
-	<?php echo "<p>$login['username']</p><p>$user['email']</p>"?>
+	<?php echo "<p>".$login['username']."</p><p>".$user['email']."</p>"?>
 </div>
 
 <div id="profile_inf">
 		<ul class="list" id="profile">
-			<li>Full Name: <?php echo "$user['name']." ".$user['surname']"?></li>
-			<li>Location: <?php echo "$user['location']"?></li>
-			<li>Occupation: <?php echo "$user['occupation']"?></li>
-			<li>Interests: <?php echo "$user['interests']"?></li>
-			<li>Website: <?php echo "$user['website']"?></li>
-			<li>Posts: <?php echo "$user['posts']"?></li>
+			<li>Full Name: <?php echo $user['name']." ".$user['surname']?></li>
+			<li>Location: <?php echo $user['location']?></li>
+			<li>Occupation: <?php echo $user['occupation']?></li>
+			<li>Interests: <?php echo $user['interests']?></li>
+			<li>Website: <?php echo $user['website']?></li>
+			<li>Posts: <?php echo $user['posts']?></li>
 		</ul>
 </div>
diff --git a/views/register/view.php b/views/register/view.php
@@ -1,4 +1,4 @@
-<form method="POST" action="controllers/doregister.php" class="session">
+<form method="POST" action="controllers/register.php" class="session">
     <div class="notice">Do you already have an account? <a href="./?page=login">Enter here</a></div>
     <?php
         if( isset( $_GET[ 'error' ] ) ){