diff options
| -rw-r--r-- | admin.php | 55 | ||||
| -rw-r--r-- | edit.php | 15 | ||||
| -rw-r--r-- | test/notes.sql (renamed from notes.sql) | 0 |
3 files changed, 38 insertions, 32 deletions
@@ -1,41 +1,32 @@ <?php session_start(); -# DB CONNECT -try { - $user = "yota_user"; - $password = "leex3EThieK0ieLaiVaicaifef5eecei"; - $database = "yota_call_db"; - $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password); - $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -} catch (PDOException $e) { - echo "<p>Error!: " . $e->getMessage() . "</p>"; - die(); -} - -# SHOLUD SOMETHING BE APPROVED? -if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['id']) ) { - $stmt = $conn->prepare("UPDATE activities SET approved = true WHERE id=:id"); -echo "lol:" . $_POST['id']; - $stmt->bindParam(':id', $_POST['id']); - $stmt->execute(); -} - # IS LOGIN LEGITIMATE? if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['email']) && isset($_POST['password'])) { - try { - $stmt = $conn->prepare("SELECT * FROM admins WHERE email=:email"); - $stmt->bindParam(':email', $_POST['email']); - $stmt->execute(); - $row = $stmt->fetch(); - if (password_verify($_POST['password'], $row['password'])){ - $_SESSION['admin'] = true; - } else { - $_SESSION['admin'] = false; + # DB CONNECT + try { + $user = "yota_user"; + $password = "gahdeer6shai9hogai2sai4quuaj1eVu"; + $database = "yota_call_db"; + + $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password); + $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + + $stmt = $conn->prepare("SELECT * FROM admins WHERE email=:email"); + $stmt->bindParam(':email', $_POST['email']); + $stmt->execute(); + $row = $stmt->fetch(); + + if (password_verify($_POST['password'], $row['password'])){ + $_SESSION['admin'] = true; + } else { + $_SESSION['admin'] = false; + } + } catch (PDOException $e) { + echo "<p>Error!: " . $e->getMessage() . "</p>"; } - } catch (PDOException $e) { - echo "<p>Error!: " . $e->getMessage() . "</p>"; - } + $stmt=null; + $conn=null; } ?> <!DOCTYPE html> diff --git a/edit.php b/edit.php new file mode 100644 index 0000000..3ddada5 --- /dev/null +++ b/edit.php @@ -0,0 +1,15 @@ +<?php +session_start(); + +if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) { + try { + $user = "yota_admin"; + $password = "quaequaquagh6ahwoh6Chahx1EiFooGh"; + $database = "yota_call_db"; + $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password); + $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + } catch (PDOException $e) { + echo "<p>Error!: " . $e->getMessage() . "</p>"; + } + +} diff --git a/notes.sql b/test/notes.sql index dd59770..dd59770 100644 --- a/notes.sql +++ b/test/notes.sql |