Read 929 times | Created 2013-10-23 15:32:31 | Updated 2013-10-24 11:15:34 | | |

 

<?php
session_start();
include('inc/db.php');
try
{
  $conn=new PDO($dbdsn,$dbuser,$dbpass);
  $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  $cmd=isset($_POST['cmd'])?$_POST['cmd']:'';
  if($cmd=='login')
  {
    $username=isset($_POST['uname'])?$_POST['uname']:'';
    $password=isset($_POST['upass'])?$_POST['upass']:'';
    $sql="SELECT username FROM tbl_user WHERE password=SHA1(CONCAT(:password,salt)) AND username=:username";
    $stmt = $conn->prepare($sql);
    $stmt->bindParam(':password', $password, PDO::PARAM_STR);
    $stmt->bindParam(':username', $username, PDO::PARAM_STR);
    $stmt->execute();
    $result = $stmt->fetchAll(PDO::FETCH_CLASS, 'ArrayObject');
    if(count($result)>0) $_SESSION['u_script']=$result[0]->username;
    header('location:add.php');
  }
  elseif($cmd=='add')
  {
    $sql='INSERT INTO tbl_script(`id_script`,`title`,`created_date`,`updated_date`,`id_category`,`content`,`hits`) '
        .'VALUES(NULL,:title,NOW(),NOW(),:id_category,:content,1)';
    $stmt = $conn->prepare($sql);
    $title=isset($_POST['title'])?$_POST['title']:'';
    $id_category=isset($_POST['id_category'])?$_POST['id_category']:'';
    $content=isset($_POST['content'])?$_POST['content']:'';
    $id_category=isset($_POST['id_category'])?$_POST['id_category']:'';
    $stmt->bindParam(':title', $title, PDO::PARAM_STR);
    $stmt->bindParam(':id_category', $id_category, PDO::PARAM_INT);
    $stmt->bindValue(':content', $content, PDO::PARAM_STR);
    $stmt->bindParam(':id_category', $id_category, PDO::PARAM_INT);
    $stmt->execute();
    header('location:index.php');
  }
  elseif($cmd=='edit')
  {
    $sql='UPDATE tbl_script '
        .'SET `title`=:title,`updated_date`=NOW(),`content`=:content,`hits`=:hits,`id_category`=:id_category '
        .'WHERE `id_script`=:id_script';
    $stmt = $conn->prepare($sql);
    $id_script=isset($_POST['id_script'])?$_POST['id_script']:'';
    $hits=isset($_POST['hits'])?$_POST['hits']:'';
    $title=isset($_POST['title'])?$_POST['title']:'';
    $id_category=isset($_POST['id_category'])?$_POST['id_category']:'';
    $content=isset($_POST['content'])?$_POST['content']:'';
    $stmt->bindParam(':id_script', $id_script, PDO::PARAM_INT);
    $stmt->bindParam(':title', $title, PDO::PARAM_STR);
    $stmt->bindParam(':id_category', $id_category, PDO::PARAM_INT);
    $stmt->bindValue(':content', $content, PDO::PARAM_STR);
    $stmt->bindParam(':hits', $hits, PDO::PARAM_INT);
    $stmt->execute();
    header('location:index.php');
  }
  else
  {
    echo "<pre>";print_r($_POST);echo "</pre>";
  }
} 
catch(PDOException $e) 
{
    echo 'ERROR: ' . $e->getMessage();
}
?>