Read 929 times | Created 2013-10-23 15:32:31 | Updated 2013-10-24 11:15:34 | | |
<?php session_start(); include('inc/db.php'); try { $conn=new PDO($dbdsn,$dbuser,$dbpass); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $cmd=isset($_POST['cmd'])?$_POST['cmd']:''; if($cmd=='login') { $username=isset($_POST['uname'])?$_POST['uname']:''; $password=isset($_POST['upass'])?$_POST['upass']:''; $sql="SELECT username FROM tbl_user WHERE password=SHA1(CONCAT(:password,salt)) AND username=:username"; $stmt = $conn->prepare($sql); $stmt->bindParam(':password', $password, PDO::PARAM_STR); $stmt->bindParam(':username', $username, PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetchAll(PDO::FETCH_CLASS, 'ArrayObject'); if(count($result)>0) $_SESSION['u_script']=$result[0]->username; header('location:add.php'); } elseif($cmd=='add') { $sql='INSERT INTO tbl_script(`id_script`,`title`,`created_date`,`updated_date`,`id_category`,`content`,`hits`) ' .'VALUES(NULL,:title,NOW(),NOW(),:id_category,:content,1)'; $stmt = $conn->prepare($sql); $title=isset($_POST['title'])?$_POST['title']:''; $id_category=isset($_POST['id_category'])?$_POST['id_category']:''; $content=isset($_POST['content'])?$_POST['content']:''; $id_category=isset($_POST['id_category'])?$_POST['id_category']:''; $stmt->bindParam(':title', $title, PDO::PARAM_STR); $stmt->bindParam(':id_category', $id_category, PDO::PARAM_INT); $stmt->bindValue(':content', $content, PDO::PARAM_STR); $stmt->bindParam(':id_category', $id_category, PDO::PARAM_INT); $stmt->execute(); header('location:index.php'); } elseif($cmd=='edit') { $sql='UPDATE tbl_script ' .'SET `title`=:title,`updated_date`=NOW(),`content`=:content,`hits`=:hits,`id_category`=:id_category ' .'WHERE `id_script`=:id_script'; $stmt = $conn->prepare($sql); $id_script=isset($_POST['id_script'])?$_POST['id_script']:''; $hits=isset($_POST['hits'])?$_POST['hits']:''; $title=isset($_POST['title'])?$_POST['title']:''; $id_category=isset($_POST['id_category'])?$_POST['id_category']:''; $content=isset($_POST['content'])?$_POST['content']:''; $stmt->bindParam(':id_script', $id_script, PDO::PARAM_INT); $stmt->bindParam(':title', $title, PDO::PARAM_STR); $stmt->bindParam(':id_category', $id_category, PDO::PARAM_INT); $stmt->bindValue(':content', $content, PDO::PARAM_STR); $stmt->bindParam(':hits', $hits, PDO::PARAM_INT); $stmt->execute(); header('location:index.php'); } else { echo "<pre>";print_r($_POST);echo "</pre>"; } } catch(PDOException $e) { echo 'ERROR: ' . $e->getMessage(); } ?>