Webbserverprogrammering 1

Show sourcecode

The following files exists in this folder. Click to view.

webbsrvprg/exercises/projekt/incl/

addfilters.php
dbconnection.php
default.php
footer.php
header.php
playertable.php
protected.php
sort.php
stylesheet.css

sort.php

127 lines UTF-8 Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
include("default.php");
$sortmethod $_GET['method'];
$sortorder $_GET['order'] ?? 'ASC';
if (isset($_GET['filters'])) {
    $filters json_decode($_GET['filters'], true);
    $owned false;
} elseif (isset($_GET['ownedfilters'])) {
    $filters json_decode($_GET['ownedfilters'], true);
    $owned true;
    $filterset 'AND';
}
$allowed_columns = ['name''age''nation''position''rating''pace''shooting''passing''dribbling''defending''physical'];
$allowed_orders = ['ASC''DESC'];
if (!in_array($sortmethod$allowed_columns)) {
    die("Invalid sorting column.");
}
if (!in_array($sortorder$allowed_orders)) {
    die("Invalid sorting order.");
}
if (!empty($filters)) {
    if ($owned != true) {
        $filterset 'WHERE ';
    }
    else{
        $filterset 'AND ';
    }
    $lastKey array_key_last($filters);

    foreach ($filters as $x => $y) {
        if ($x  == 'nation') {
            $y htmlspecialchars($yENT_QUOTES'UTF-8');
            $filterset .= 'nation = \'' $y '\'';
        } else if ($x  == 'name') {
            $y htmlspecialchars($yENT_QUOTES'UTF-8');
            $filterset .= 'name LIKE \'' $y '%\'';
        } else if ($x  == 'position') {
            $filterset .= '(';
            foreach ($filters['position'] as $z => $a) {
                $a htmlspecialchars($aENT_QUOTES'UTF-8');
                $last array_key_last($filters['position']);
                $filterset .= 'position = \'' $a '\'';
                if ($z != $last) {
                    $filterset .= ' OR ';
                    //inte lägga and på slutet
                } else {
                    $filterset .= ')';
                }
            }
        } else if ($x  == 'minage') {
            $y htmlspecialchars($yENT_QUOTES'UTF-8');
            $filterset .= $y ' < age';
        } else if ($x  == 'maxage') {
            $y htmlspecialchars($yENT_QUOTES'UTF-8');
            $filterset .= $y ' > age';
        } else if ($x  == 'minrating') {
            $y htmlspecialchars($yENT_QUOTES'UTF-8');
            $filterset .= $y ' < rating';
        } else if ($x  == 'maxrating') {
            $y htmlspecialchars($yENT_QUOTES'UTF-8');
            $filterset .= $y ' > rating';
        }
        if ($x != $lastKey) {
            $filterset .= ' AND ';
            //inte lägga and på slutet
        }
    }
} else {
    $filterset '';
}
//hindra SQL-injektioner
try {
    if ($owned == true) {
        $userid $_SESSION['userid'];
        $sql "SELECT players.id, players.name AS name, players.age AS age, players.nation AS nation,
            players.rating AS rating, players.pace AS pace, players.position AS position,
            players.shooting AS shooting, players.passing AS passing, players.dribbling AS
             dribbling, players.defending AS defending, players.physical AS physical  
            FROM owned_cards
            RIGHT JOIN players ON owned_cards.player_id = players.id
            WHERE owned_cards.user_id = $userid
            $filterset ORDER BY $sortmethod $sortorder";
    } else {
        $sql "SELECT id, name, age, nation, position, rating, pace, shooting, passing, dribbling, defending, physical 
        FROM players $filterset ORDER BY $sortmethod $sortorder";
    }
    $stmt $dbconn->prepare($sql);
    $data = array();
    $stmt->execute($data);
    $output '
                <tr>
                    <th><a onclick="sortplayers(\'name\')" id="sortname" >Namn</a></th>
                    <th><a onclick="sortplayers(\'age\')" id="sortage">Ålder</a></th>
                    <th><a onclick="sortplayers(\'nation\')" id="sortnation">Land</a></th>
                    <th><a onclick="sortplayers(\'position\')" id="sortposition">Position</a></th>
                    <th><a onclick="sortplayers(\'rating\')" id="sortrating">Rating</a></th>
                    <th><a onclick="sortplayers(\'pace\')" id="sortpace">Snabb</a></th>
                    <th><a onclick="sortplayers(\'shooting\')" id="sortshooting">Skott</a></th>
                    <th><a onclick="sortplayers(\'passing\')" id="sortpassing">Pass</a></th>
                    <th><a onclick="sortplayers(\'dribbling\')" id="sortdribbling">Dribbling</a></th>
                    <th><a onclick="sortplayers(\'defending\')" id="sortdefending">Försvar</a></th>
                    <th><a onclick="sortplayers(\'physical\')" id="sortphysical">Fysik</a></th>
                </tr>
    ';
    while ($res $stmt->fetch(PDO::FETCH_ASSOC)) {

        $output .= "<tr onclick =\"playerinfo('" htmlentities($res['id']) . "')\">" .
            "<td>" htmlentities($res['name']) . "</td>" .
            "<td>" htmlentities($res['age']) . "</td>" .
            "<td>" htmlentities($res['nation']) . "</td>" .
            "<td>" htmlentities($res['position']) . "</td>" .
            "<td>" htmlentities($res['rating']) . "</td>" .
            "<td>" htmlentities($res['pace']) . "</td>" .
            "<td>" htmlentities($res['shooting']) . "</td>" .
            "<td>" htmlentities($res['passing']) . "</td>" .
            "<td>" htmlentities($res['dribbling']) . "</td>" .
            "<td>" htmlentities($res['defending']) . "</td>" .
            "<td>" htmlentities($res['physical']) . "</td>" .
            "</tr>";
    }
    echo "$output";
} catch (PDOException $e) {
    echo $sql "<br />" $e->getMessage();
}

$dbconn null;