View sourcecode

The following files exists in this folder. Click to view.

do.php

91 lines UTF-8 Unix (LF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<?php

session_start();

require_once("databaseconnection.php");

if($_GET["mess"]=="logout"){
    session_unset();
    session_destroy();
    header("location:index.php");
    exit();
}


if(!isset($_GET["mess"])){
    header("location:account.php?mess=error");
    exit();
}


list($action$id) = explode("|"$_GET["mess"]);  

switch($action){
    case "create":
        $sql "SELECT 1 FROM users WHERE username = :username LIMIT 1"#kollar om inmatat användarnamn är upptagen
        $stm $pdo->prepare($sql);
        $stm->execute([
            ':username' => $_POST['n-usn']
        ]);

        if ($stm->fetch()) {
            header("location:account.php?mess=the_username_you_picked_is_occupied");
            exit();
        }
        $encryptedPass password_hash($_POST["n-pwd"], PASSWORD_DEFAULT); 

        $sql "INSERT INTO users (`username`, `password`, `role`) 
                VALUES (:username, :password, :role);";
        $stm $pdo->prepare($sql);
        $stm->execute([
            ':username'   => $_POST["n-usn"],
            ':password' => $encryptedPass,
            ':role' => "user"
        ]);
        header("location:account.php?mess=CREATED");
        exit();
        break;
    case "delete":
        $sql "DELETE FROM `users` WHERE userId = :userId";
        $stm $pdo->prepare($sql);
        $stm->execute([
            ':userId'   => $id
        ]);
        header("location:account.php?mess=THEY_ARE_GONE");
        exit();
        break;
    case "username":
        $sql "SELECT 1 FROM users WHERE username = :username LIMIT 1"#kollar om inmatat användarnamn är upptagen
        $stm $pdo->prepare($sql);
        $stm->execute([
            ':username' => $_POST['c-usn']
        ]);

        if ($stm->fetch()) {
            header("location:account.php?mess=the_username_you_picked_is_occupied");
            exit();
        }

        $sql "UPDATE users SET `username` = :username WHERE `userId` = :userId";
        $stm $pdo->prepare($sql);
        $stm->execute([
            ':username' => $_POST["c-usn"],
            ':userId' => $_POST["userchange"]
        ]);
        header("location:account.php?mess=username_changed");
        exit();
        break;
    case "password":
        $assword password_hash($_POST["c-pwd"], PASSWORD_DEFAULT);
        $sql "UPDATE users SET `password` = :password WHERE `userId` = :userId";
        $stm $pdo->prepare($sql);
        $stm->execute([
            ':password' => $assword,
            ':userId' => $_POST["passchange"]
        ]);
        header("location:account.php?mess=password_changed");
        exit();
        break;
}

?>