server.php
<?php
session_start();
define("DB_SERVERNAME", "localhost");
define("DB_USERNAME", "root");
define("DB_PASSWORD", "root");
define("DB_NAME", "db_php_blog");
$conn = new mysqli(DB_SERVERNAME, DB_USERNAME, DB_PASSWORD, DB_NAME);
if ($conn->connect_error) {
die("Connessione al database non riuscita: " . $conn->connect_error);
} else {
$connection_message = "Connessione al database avvenuta con successo.";
}
?>
login.php
<?php
require "server.php";
$password = $_POST['password'];
$username = $_POST['username'];
// PERPARES THE CONNECTION AND SELECTS THE PASSWORD IN THE ROW CORRESPONDING WITH THE username
$stmn = $conn->prepare("SELECT * FROM users WHERE username = ?");
// BINDS THE $username VARIABLE WITH THE PARAMETER
$stmn->bind_param("s", $username);
// EXECUTES THE STATEMENT
$stmn->execute();
// GETS THE RESULTS
$result = $stmn->get_result();
// IF THERE IS AT LEAST 1 ROW IN THE $result
if ($result->num_rows === 1) {
// EXTRACTS THE ROW IN AN ASSOCIATIVE ARRAY
$row = $result->fetch_assoc();
$stored_password = $row['password'];
// CHECKS IF THE $stored_password IS EQUAL TO THE HASHED VERSION OF THE $password GIVEN BY THE USER
if (password_verify($password, $stored_password)) {
$_SESSION['message'] = "Utente trovato nel database e password corretta. / Accesso Effettuato correttamente!";
// SETS THE SESSION VARIABLES
$_SESSION['user_name'] = $row['username'];
$_SESSION['user_id'] = $row['id'];
var_dump($_SESSION['message']);
var_dump($_SESSION['user_name']);
// REDIRECTS TO THE HOME PAGE
header("Location: index.php");
} else {
$_SESSION['user_name'] = "WRONG PASSWORD";
$_SESSION['user_id'] = "NONE";
$_SESSION['message'] = "Utente trovato nel database ma password non corretta. / Nome Utente o Password errati.";
var_dump($_SESSION['message']);
var_dump($_SESSION['user_name']);
header("Location: index.php");
}
} else {
// IF THERE IS NO ROW IN THE $result WE DO NOT HAVE A MATCHING USER REGISTERED IN THE DB
$_SESSION['user_name'] = "USER NOT FOUND";
$_SESSION['user_id'] = "NONE";
$_SESSION['message'] = "Utente non trovato nel database. / Nome Utente o Password errati.";
header("Location: index.php");
}
functions.php
<?php
function getAllPosts()
{
global $conn;
$result = mysqli_query($conn, "SELECT * FROM posts");
$posts = mysqli_fetch_all($result, MYSQLI_ASSOC);
$final_posts = array();
// FOREACH DOES NOT EDIT THE ORIGINAL ARRAY!
foreach ($posts as $post) {
$post['author'] = getAuthorById(($post['user_id']));
// var_dump($post['author']);
array_push($final_posts, $post);
};
return $final_posts;
};
function getAuthorById($user_id)
{
global $conn;
$result = mysqli_query($conn, "SELECT username FROM users WHERE id=$user_id");
return mysqli_fetch_assoc($result)['username'];
};
// WE TELL THE EDITOR THAT $posts IS AN ARRAY TO PREVENT ALERTS
/** @var array $posts */
$posts = getAllPosts();
index.php
<?php foreach ($posts as $key => $post) : ?>
<div class="card my-3">
<div class="card-body">
<h5 class="card-title">TITLE: <?php echo $post['title'] ?></h5>
<h6>POST ID <?php echo $post['id'] ?></h6>
<h6 class="card-subtitle mb-2 text-muted ">AUTHOR: <?php echo $post['author'] ?></h6>
<p class="card-text"><?php echo $post['content'] ?></p>
</div>
</div>
<?php endforeach ?>
link to the post edit page on index.php
<?php foreach ($posts as $key => $post) : ?>
<a class="btn btn-warning w-25" href="<?php echo 'edit.php?post_id=' . $post['id']; ?>">Modifica Post</a>
<?php endforeach ?>
functions.php
function getSinglePostById($post_id)
{
global $conn;
$result = mysqli_query($conn, "SELECT * FROM posts WHERE id=$post_id AND user_id={$_SESSION['user_id']}");
return mysqli_fetch_assoc($result);
};
edit.php
<?php
include __DIR__ . "/Partials/head.php";
?>
<?php
if (isset($_GET['post_id'])) {
$post_id = $_GET['post_id'];
}
$post = getSinglePostById($post_id);
if ($_SESSION['user_id'] == $post['user_id']) {
$_SESSION['message'] = "L'utente " . $_SESSION['user_name'] . " (ID " . $_SESSION['user_id'] . ") è autorizzato a modificare il post con ID " . $post_id;
} else {
$_SESSION['error'] = "Messaggio per gli utenti con ID diverso da quello autenticato.";
}
?>
<body>
questa è la bozza della pagina di modifica.
<?php if (isset($_SESSION)) : ?>
<?php if (isset($_SESSION['message'])) : ?>
<p><?php echo "Session message: " . $_SESSION['message']; ?></p>
<?php endif; ?>
<?php if (isset($post)) : ?>
<p><?php echo "Post Title: " . $post['title']; ?></p>
<?php endif; ?>
<?php if (isset($_SESSION['error'])) : ?>
<p><?php echo "Session error: " . $_SESSION['error']; ?></p>
<?php endif; ?>
<?php endif; ?>
<a href="index.php">Torna alla home</a>
</body>
</html>
edit.php
<form method="POST" action="Controllers/PostController.php?action=updatePost" class=" border rounded p-3">
<input type="hidden" name="post_id" value="<?php echo $post_id; ?>">
<div class="mb-3">
<label for="title" class="form-label">Title</label>
<input type="text" class="form-control" id="title" name="title" placeholder="Enter your post title" value="<?php echo $post['title']; ?>">
</div>
<button type="submit" name="update_btn" class="btn btn-primary">Update Post</button>
</form>
PostController.php
// UPDATE - WE INTERCEPT THE POST REQUEST AND CHECK IF THE ACTION IS updatePost
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['action']) && $_GET['action'] === 'updatePost') {
$post_id = $_POST['post_id'];
$post = getSinglePostById($post_id);
// THEN WE RUN THE UPDATE METHOD
updatePost($post);
}
function updatePost($post)
{
global $conn;
$original_title = $post['title'];
$new_title = $_POST['title'];
if ($new_title !== $original_title) {
$stmt = mysqli_prepare($conn, "UPDATE posts SET title = ? WHERE id = ?");
if ($stmt) {
mysqli_stmt_bind_param($stmt, "si", $new_title, $post['id']);
if (mysqli_stmt_execute($stmt)) {
$_SESSION['error'] = NULL;
$_SESSION['message'] = "Il post è stato aggiornato con successo!";
header("Location: /index.php");
exit;
} else {
$_SESSION['message'] = NULL;
$_SESSION['error'] = "Si è verificato un errore durante l'aggiornamento del post.";
header("Location: /index.php");
exit;
}
mysqli_stmt_close($stmt);
} else {
$_SESSION['message'] = NULL;
$_SESSION['error'] = "Si è verificato un errore durante la preparazione della query.";
header("Location: /index.php");
exit;
}
} else {
$_SESSION['message'] = NULL;
$_SESSION['error'] = "Il titolo del post è lo stesso. Nessuna modifica effettuata.";
header("Location: /index.php");
exit;
}
}