aboutsummaryrefslogtreecommitdiff
path: root/bootstrap
diff options
context:
space:
mode:
Diffstat (limited to 'bootstrap')
-rw-r--r--bootstrap/action.php50
-rw-r--r--bootstrap/class/user.php4
2 files changed, 53 insertions, 1 deletions
diff --git a/bootstrap/action.php b/bootstrap/action.php
index e6ce5c6..533ef0a 100644
--- a/bootstrap/action.php
+++ b/bootstrap/action.php
@@ -12,6 +12,56 @@ if ( ! isset($_GET["task"]) || $_GET["task"] == "" ){
switch($_GET["task"]){
case("login"):
+ if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
+ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
+ echo "Method not allowed";
+ exit;
+ }
+ if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["password"]) || $_POST["password"] == "" ){
+ failure("not enough information", "400 Bad Request");
+ }
+ if ( $jg->login($_POST["name"], $_POST["password"]) ){
+ header($_SERVER["SERVER_PROTCOL"] . " 302 Moved");
+ header("Location: /?page=" . $_GET["goto"]);
+ exit;
+ }
+ break;
+ case("update"):
+ if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
+ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
+ echo "Method not allowed";
+ exit;
+ }
+ if ( ! isset($_GET["id"]) || $_GET["id"] == 0 || $_GET["id"] == "" ){
+ exit;
+ }
+ $sql = $db->prepare("UPDATE " . DBPREFIX . "member SET name = %s AND adresse = %s AND telefonnummer = %s AND handynummer = %s AND email = %s AND geburtstag = %s WHERE id = %d;",
+ $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"], $_GET["id"]
+ );
+ if ( ! $sql )
+ exit;
+ if ( $result = $db->doQuery($sql) ){
+ header($_SERVER["SERVER_PROTCOL"] . " 302 Moved");
+ header("Location: /?page=" . $_GET["goto"]);
+ }
+ exit;
break;
+
+ case("add"):
+ if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
+ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
+ echo "Method not allowed";
+ exit;
+ }
+ $sql = $db->prepare("INSERT INTO " . DBPREFIX . "member (id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES (NULL, %s, %s, %s, %s, %s, %s);",
+ $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"]
+ );
+ if ( ! $sql )
+ exit;
+ if ( $result = $db->doQuery($sql) ){
+ header($_SERVER["SERVER_PROTCOL"] . " 302 Moved");
+ header("Location: /?page=" . $_GET["goto"]);
+ }
+ exit;
}
diff --git a/bootstrap/class/user.php b/bootstrap/class/user.php
index 321ca57..edbcaa6 100644
--- a/bootstrap/class/user.php
+++ b/bootstrap/class/user.php
@@ -74,7 +74,9 @@ class jg {
return $this->login;
}
- public function login($password){
+ public function login($user, $password){
+ if ( is_null($this->username) )
+ $this->__construct($user);
# get hashed password from the database
$hashed_password = $this->getPassword();