diff options
| author | Horus3 | 2014-09-24 19:29:32 +0200 |
|---|---|---|
| committer | Horus3 | 2014-09-24 19:29:32 +0200 |
| commit | 7ea240aef9b75758d05cb5212ef7c99b47b4180b (patch) | |
| tree | 5b92d9e05067284a5e93a8ad3d353cb32820fa84 | |
| parent | 3256717165436e4e90bc5ca764babf1bd8d97f0a (diff) | |
| download | jungegemeinde-7ea240aef9b75758d05cb5212ef7c99b47b4180b.tar.gz | |
action.php
| -rw-r--r-- | bootstrap/action.php | 50 | ||||
| -rw-r--r-- | bootstrap/class/user.php | 4 | ||||
| -rwxr-xr-x[-rw-r--r--] | database/README | 0 |
3 files changed, 53 insertions, 1 deletions
diff --git a/bootstrap/action.php b/bootstrap/action.php index e6ce5c6..533ef0a 100644 --- a/bootstrap/action.php +++ b/bootstrap/action.php @@ -12,6 +12,56 @@ if ( ! isset($_GET["task"]) || $_GET["task"] == "" ){ switch($_GET["task"]){ case("login"): + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + echo "Method not allowed"; + exit; + } + if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["password"]) || $_POST["password"] == "" ){ + failure("not enough information", "400 Bad Request"); + } + if ( $jg->login($_POST["name"], $_POST["password"]) ){ + header($_SERVER["SERVER_PROTCOL"] . " 302 Moved"); + header("Location: /?page=" . $_GET["goto"]); + exit; + } + break; + case("update"): + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + echo "Method not allowed"; + exit; + } + if ( ! isset($_GET["id"]) || $_GET["id"] == 0 || $_GET["id"] == "" ){ + exit; + } + $sql = $db->prepare("UPDATE " . DBPREFIX . "member SET name = %s AND adresse = %s AND telefonnummer = %s AND handynummer = %s AND email = %s AND geburtstag = %s WHERE id = %d;", + $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"], $_GET["id"] + ); + if ( ! $sql ) + exit; + if ( $result = $db->doQuery($sql) ){ + header($_SERVER["SERVER_PROTCOL"] . " 302 Moved"); + header("Location: /?page=" . $_GET["goto"]); + } + exit; break; + + case("add"): + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + echo "Method not allowed"; + exit; + } + $sql = $db->prepare("INSERT INTO " . DBPREFIX . "member (id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES (NULL, %s, %s, %s, %s, %s, %s);", + $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"] + ); + if ( ! $sql ) + exit; + if ( $result = $db->doQuery($sql) ){ + header($_SERVER["SERVER_PROTCOL"] . " 302 Moved"); + header("Location: /?page=" . $_GET["goto"]); + } + exit; } diff --git a/bootstrap/class/user.php b/bootstrap/class/user.php index 321ca57..edbcaa6 100644 --- a/bootstrap/class/user.php +++ b/bootstrap/class/user.php @@ -74,7 +74,9 @@ class jg { return $this->login; } - public function login($password){ + public function login($user, $password){ + if ( is_null($this->username) ) + $this->__construct($user); # get hashed password from the database $hashed_password = $this->getPassword(); diff --git a/database/README b/database/README index 1ebbdb6..1ebbdb6 100644..100755 --- a/database/README +++ b/database/README |