initial commit

everything from my local includes directory

includes/title-select.php

@@ -0,0 +1,11 @@
+<?php
+$stmtview = $con->prepare("SELECT * FROM gwtitles ORDER BY titlename");
+$stmtview->execute();
+$result = $stmtview->get_result();
+while ($row = $result->fetch_assoc()) {
+	$tid = $row['titlenameid'];
+	$tname = $row['titlename'];
+	echo '<option value="' . $tid . '">' . $tname . '</option>';
+}
+$stmtview->close();
+?>

includes/title-submit.php

@@ -0,0 +1,19 @@
+<?php
+$stmtins = $con->prepare("INSERT INTO gwtitles (titlename, titletype) VALUES (?, ?)");
+$stmtins->bind_param("si", $_POST['titlename'], $_POST['titletype']);
+$stmtins->execute();
+$stmtins->close();
+echo 'New title added!<br /><br />';
+$stmtview = $con->prepare("SELECT * FROM gwtitles ORDER BY titlenameid DESC LIMIT 1");
+$stmtview->execute();
+$result = $stmtview->get_result();
+while ($row = $result->fetch_assoc()) {
+	$tid = $row['titlenameid'];
+	$tname = $row['titlename'];
+	$ttype = $row['titletype'];
+	echo '<table border="1"><tr><th>titleid</th><th>titlename</th><th>titletype</th></tr>';
+	echo '<tr><td>' . $tid . '</td><td>' . $tname . '</td><td>' . $ttype . '</td></tr></table><br />';
+}
+$stmtview->close();
+echo 'Return to <a href="titlemanager.php" class="navlink">title manager</a>';
+?>

includes/title-update.php

@@ -0,0 +1,26 @@
+<?php
+if (isset($_POST['deltitle'])) {
+	if ($_POST['deltitle'] =="yes") {
+		// this title makes you verify that you want to delete this title
+		echo '<form action="titlemanager.php" method="post">Please check the box to verify you want to delete: <b>' . $_POST['titlename'] . '</b> <input type="checkbox" name="deltitle" value="iamsure">';
+		echo '<input type="hidden" name="titlenameid" value="' . $_POST['titlenameid'] . '"><input type="hidden" name="title" value="updatetitle"><input type="submit" value="Delete title"></form><br /><br />';
+	} else if ($_POST['deltitle'] == "iamsure") {
+		// this section actually deletes the title
+		$stmtdel = $con->prepare("DELETE FROM gwtitles WHERE titlenameid = ?");
+		$stmtdel->bind_param("i", $_POST['titlenameid']);
+		$stmtdel->execute();
+		$stmtdel->close();
+		echo 'Title has been deleted, redirecting!';
+		header ("Refresh:1; url=titlemanager.php");
+	}
+} else {
+	// this section updates the title name
+	$stmtupd = $con->prepare("UPDATE gwtitles SET titlename = ?, titletype = ? WHERE titlenameid = ?");
+	$stmtupd->bind_param("sii", $_POST['titlename'], $_POST['titletype'], $_POST['titlenameid']);
+	$stmtupd->execute();
+	$stmtupd->close();
+	echo 'Title updated, redirecting!';
+	header ("Refresh:1; url=titlemanager.php");
+}
+//echo 'Return to <a href="titlemanager.php" class="navlink">title manager</a>'; //this line needs to go away soon
+?>

includes/verifications.php

@@ -0,0 +1,55 @@
+<?php
+# this function verifies that the e-mail address passed doesn't contain any illegal characters
+function validateEmail($email) {
+	return filter_var($email, FILTER_VALIDATE_EMAIL);
+}
+
+# this function verifies the desired e-mail address doesn't already exist in the database
+function usedEmail($usedemail) {
+	$con = mysqli_connect(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
+	$sqlemailcheck = "SELECT usermail FROM userinfo WHERE userinfo.usermail = '" . $usedemail . "'";
+	$results = mysqli_query($con, $sqlemailcheck);
+	if (mysqli_num_rows($results) >= 1) {
+		echo '<hr><center>This e-mail address is already registered, please click on the forgot password link.<br /><a href="register.php" class="navlink">Please try again!</a><hr><br />';
+		include_once ('footer.php');
+		exit();
+	}
+}
+	
+# this function verifies that a username doesn't already exist in the database
+function validateUsername($uname) {
+	$con = mysqli_connect(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
+	$sqlunamecheck = "SELECT username FROM userinfo WHERE userinfo.username = '" . $uname . "'";
+	$results = mysqli_query($con, $sqlunamecheck);
+	if (mysqli_num_rows($results) >= 1) {
+		echo '<center>This username has already been taken, please choose another one<br /><a href="register.php" class="navlink">Please try again!</a><br />';
+		include_once ('footer.php');
+		exit();
+	}
+}
+
+####################
+# verifying the username doesn't already exist in the database
+$username = mysqli_real_escape_string($con, $_POST['username']);
+validateUsername($username);
+
+####################
+# verifying the e-mail address is in a valid format
+$verifyemail = validateEmail($_POST['useremail']);
+if (empty($verifyemail)) {
+	echo '<center>This address: ' . $_POST['useremail'] . ' is not a valid e-mail address!<br />Please verify and type it again.<br />';
+	include_once ('footer.php');
+	exit();
+}
+
+usedEmail($_POST['useremail']);
+
+####################
+# verifying passwords match each other
+
+if (($_POST['userpass1']) != ($_POST['userpass2'])) {
+	echo '<center>The passwords don\'t match!<br /><a href="register.php">Please try again!</a>';
+	include_once ('footer.php');
+	exit();
+}
+?>