Show sourcecode
The following files exists in this folder. Click to view.
public_html/exercises/databas/ovn_db2/admin/
adduser.php
createtable.php
deleteuser.php
edituser.php
edituser.php
164 lines ASCII Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Edit User</title>
</head>
<body>
<form action="../home.php" method="get"><button type="submit">Back to home</button></form>
<?php
session_start();
if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] != 1) {
die("Access denied.");
}
include('../../dbconnection.php');
if (!$dbconn) {
die("Connection failed: Can't connect to database.");
}
$message = null;
$getid = null;
$getusername = null;
$getpassword = null;
$getfirstname = null;
$getlastname = null;
if (
isset($_POST['username']) && isset($_POST['password']) &&
isset($_POST['firstname']) && isset($_POST['lastname']) &&
isset($_POST['id']) && !empty($_POST['username']) &&
!empty($_POST['password']) && !empty($_POST['firstname']) &&
!empty($_POST['lastname']) && !empty($_POST['id'])
) {
$id = $_POST['id'];
$username = $_POST['username'];
$password = $_POST['password'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
try {
# prepare
$sql = "UPDATE users SET username=?, password=?, firstname=?, lastname=? WHERE id=?";
$stmt = $dbconn->prepare($sql);
# the data we want to insert
$data = array($username, $password, $firstname, $lastname, $id);
# execute width array-parameter
$stmt->execute($data);
$message .= "<p>User updated successfully.</p>";
// clear form from info
$_GET['id'] = null;
} catch (PDOException $e) {
$message .= $sql . "<br>" . $e->getMessage();
}
}
if (isset($_GET['id']) && !empty($_GET['id'])) {
$id = $_GET['id'];
try {
# prepare
$sql = "SELECT * FROM users WHERE id=?";
$stmt = $dbconn->prepare($sql);
# the data we want to insert
$data = array($id);
# execute width array-parameter
$stmt->execute($data);
$res = $stmt->fetch(PDO::FETCH_ASSOC);
$getid = htmlentities($res['id']);
$getusername = htmlentities($res['username']);
$getpassword = htmlentities($res['password']);
$getfirstname = htmlentities($res['firstname']);
$getlastname = htmlentities($res['lastname']);
$message .= "<p>User was selected successfully.</p>";
} catch (PDOException $e) {
$message .= $sql . "<br>" . $e->getMessage();
}
}
echo $message;
?>
<form method="post" action="">
<h2>Edit User Details</h2>
<table>
<tr>
<td>Username*:</td>
<td>
<input type="text" name="username" size="40" maxlength="40"
value="<?= $getusername; ?>">
</td>
</tr>
<tr>
<td>Password*:</td>
<td>
<input type="text" name="password" size="40" maxlength="40"
value="<?= $getpassword; ?>">
</td>
</tr>
<tr>
<td>Firstname*:</td>
<td>
<input type="text" name="firstname" size="40" maxlength="30"
value="<?= $getfirstname; ?>">
</td>
</tr>
<tr>
<td>Lastname*:</td>
<td>
<input type="text" name="lastname" size="40" maxlength="30"
value="<?= $getlastname; ?>">
</td>
</tr>
<tr>
<td>
<p>* = Required</p>
</td>
<td>
<button type="submit">Submit</button>
<input type="hidden" name="id" value="<?= $getid; ?>">
</td>
</tr>
</table>
</form>
<?php
// Ouput table with all posts
/*** The SQL SELECT statement ***/
$sql = "SELECT * FROM users";
$stmt = $dbconn->prepare($sql);
// fetch width column names, create a table
$data = array();
$stmt->execute($data);
$output = '<table><caption>Choose a user to edit</caption>';
$output .= '<tr><th>ID</th><th>Username</th><th>Password</th><th>Firstname</th><th>Lastname</th><th>Last Modified</th></tr>';
while ($res = $stmt->fetch(PDO::FETCH_ASSOC)) {
$idx = htmlentities($res['id']);
$user = htmlentities($res['username']);
$pass = htmlentities($res['password']);
$first = htmlentities($res['firstname']);
$last = htmlentities($res['lastname']);
$date = htmlentities($res['last_modified']);
$output .= "<tr>" .
"<td><a href='?id=$idx'>$idx</a></td>" .
"<td>$user</td>" .
"<td>$pass</td>" .
"<td>$first</td>" .
"<td>$last</td>" .
"<td>$date</td>" .
"</tr>";
}
$output .= "</table>";
echo "$output";
$dbconn = null;
?>
</body>
</html>