Source Code for index2.php:
<?php
define("internal", true);
require 'config.php';
function getPageNumber(){
if (isset($_GET['page'])) {
if (is_numeric($_GET['page'])) {
return $_GET['page'];
} else {
return "1";
}
} else {
return "1";
}
}
// Stuff to handle D:
class gbookHandler {
public function __construct() {
return false;
}
public function addComment($gbook_connection, $post){
$name = ((isset($post['name']) && (empty($post['name']) == false)) ? self::strEscape($gbook_connection, $post['name']) : "Anonymous");
$email = ((isset($post['email']) && (empty($post['email']) == false)) ? self::strEscape($gbook_connection, $post['email']) : "anonymous@" . $_SERVER['HTTP_HOST']);
$msg = ((isset($post['msg']) && (empty($post['msg']) == false)) ? self::strEscape($gbook_connection, $post['msg']) : "No message sent.");
$gbook_connection->query("INSERT INTO guestbook (gbookNAME, gbookMAIL, gbookMEMO) VALUES ('$name','$email','$msg')");
return true;
}
public function delComment($gbook_connection, $post, $password){
if (self::passwordValid($password)) {
if (isset($post['id']) && (empty($post['id']) == false)) {
$id = self::strEscape($gbook_connection, $post['id']);
$gbook_connection->query("DELETE FROM guestbook WHERE gbookID = $id");
return true;
} else {
return false;
}
} else {
return false;
}
}
public function editComment($gbook_connection, $post, $password){
if (self::passwordValid($password)) {
if (isset($post['id']) && (empty($post['id']) == false)) {
$id = self::strEscape($gbook_connection, $post['id']);
$name = ((isset($post['name']) && (empty($post['name']) == false)) ? self::strEscape($gbook_connection, $post['name']) : "Anonymous");
$email = ((isset($post['email']) && (empty($post['email']) == false)) ? self::strEscape($gbook_connection, $post['email']) : "anonymous@" . $_SERVER['HTTP_HOST']);
$msg = ((isset($post['msg']) && (empty($post['msg']) == false)) ? self::strEscape($gbook_connection, $post['msg']) : "No message sent.");
$dateTime = ((isset($post['dateTime']) && (empty($post['dateTime'])== false)) ? self::strEscape($gbook_connection, $post['dateTime']) : date("Y-m-d H:m:s"));
$gbook_connection->query("UPDATE guestbook SET gbookNAME='$name', gbookMAIL='$email', gbookMEMO='$msg', gbookTIME='$dateTime' WHERE gbookID = $id");
return true;
} else {
return false;
}
} else {
return false;
}
}
public function truncComment($gbook_connection, $post, $password){
if (self::passwordValid($password)) {
$gbook_connection->query("TRUNCATE TABLE guestbook");
return true;
} else {
return false;
}
}
public function getPageNumber($number){
return (isset($number) && (is_numeric($number)) ? $number: "1");
}
private function strEscape($gbook_connection, $string){
return mysqli_real_escape_string($gbook_connection, htmlspecialchars($string));
}
private function passwordValid($string){
return ($string == gbook_TRUNCATEPASSWORD);
}
}
if (isset($_POST['do'])) {
$do = $_POST['do'];
if (gbookHandler::$do($gbook_connection, $_POST, $_POST['password']) == true) {
header("Location: " . basename(__FILE__));
} else {
echo "false";
}
exit();
}
// //Add comments
// if (isset($_POST['function']) && $_POST['function'] == "add") {
// $name = isset($_POST['name']) ? mysqli_real_escape_string($gbook_connection, htmlspecialchars($_POST['name'])) : "Anonymous";
// $email = isset($_POST['email']) ? mysqli_real_escape_string($gbook_connection, htmlspecialchars($_POST['email'])) : "Anonymous@jamiephan.net";
// $message = isset($_POST['message']) ? mysqli_real_escape_string($gbook_connection, htmlspecialchars($_POST['message'])) : "Message is empty.";
// $gbook_connection->query("INSERT INTO guestbook (gbookNAME, gbookMAIL, gbookMEMO) VALUES ('$name','$email','$message')");
// header('Location: ' . basename(__FILE__));
// }
// //Delete comments
// if (isset($_POST["action"]) && isset($_POST["password"]) && isset($_POST["id"]) && $_POST['action'] == "delComment") {
// if ($_POST['password'] == gbook_TRUNCATEPASSWORD) {
// $id = $_POST["id"];
// $gbook_connection->query("DELETE FROM guestbook WHERE gbookID = $id");
// echo "true";
// exit();
// } else {
// echo "Error Administrative Password.";
// exit();
// }
// }
// //Edit comments
// if (isset($_POST["action"]) && isset($_POST["password"]) && $_POST['action'] == "addComment") {
// if ($_POST['password'] == gbook_TRUNCATEPASSWORD) {
// $id = $_POST["id"];
// $name = (empty($_POST['name']) !== TRUE) ? mysqli_real_escape_string($gbook_connection, htmlspecialchars($_POST['name'])) : "Anonymous";
// $email = (empty($_POST['email']) !== TRUE) ? mysqli_real_escape_string($gbook_connection, htmlspecialchars($_POST['email'])) : "Anonymous@jamiephan.net";
// $msg = (empty($_POST['msg']) !== TRUE) ? mysqli_real_escape_string($gbook_connection, htmlspecialchars($_POST['msg'])) : "Message is empty.";
// $dateTime = (empty($_POST['dateTime']) !== TRUE) ? mysqli_real_escape_string($gbook_connection, htmlspecialchars($_POST['dateTime'])) : date("Y-m-d H:m:s");
// if (!$gbook_connection->query("UPDATE guestbook SET gbookNAME='$name', gbookMAIL='$email', gbookMEMO='$msg', gbookTIME='$dateTime' WHERE gbookID = $id")) {
// printf("Errormessage: %s\n", $gbook_connection->error);
// exit();
// }
// echo "true";
// exit();
// } else {
// echo "Error Administrative Password.";
// exit();
// }
// }
// //Truncate comments
// if (isset($_POST["action"]) && isset($_POST["password"])) {
// if ($_POST['action'] == "truncate" && $_POST['password'] == gbook_TRUNCATEPASSWORD) {
// $gbook_connection->query("TRUNCATE TABLE guestbook");
// echo "true";
// exit();
// } else {
// echo "Error Administrative Password.";
// exit();
// }
// }
$limit = (String)((intval(getPageNumber())) - 1) * 5;
$query = $gbook_connection->query((String)"SELECT * FROM guestbook ORDER BY gbookID DESC LIMIT " . $limit . ",5");
if ($query->num_rows == 0 && isset($_GET['add']) == false) {
header("Location: " . basename(__FILE__) . "?add" );
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Jamie Phan's Material gbook</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.6/css/materialize.min.css">
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<script type="text/javascript" src="https://code.jquery.com/jquery-2.1.1.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.6/js/materialize.min.js"></script>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<meta name="theme-color" content="#4CAF50">
<style>
body {
display: flex;
flex-direction: column;
min-height: 100vh;
}
main {
flex: 1 0 auto;
}
td, th {
display: flex;
}
td {
text-indent: 20px;
}
.force-menu {
display: block !important;
}
</style>
<script>
$(function(){
$(".button-collapse").sideNav();
$('.modal-trigger').leanModal();
function adminCtrl(action, obj){
var password = prompt("Please Enter Administrative Password.")
var defObj = {do: action, password: password};
var obj = (obj==undefined) ? defObj : $.extend(defObj, obj);
$.post("<?= basename(__FILE__)?>", obj, function(data){
if (data !== "false") {
document.location = "<?= basename(__FILE__)?>";
} else {
alert("Error");
}
})
}
//TODO: optional inplement into data-action="{{action}}"
$("#truncater").click(function(){
adminCtrl("truncComment")
})
$(".del-btn").click(function(){
adminCtrl("delComment", {id: $(this).attr("data-delete-id")})
})
//TODO: CHANGE THIS SHIT
$(".edit-btn").click(function(){
var id = $(this).attr("data-edit-id")
var data = $(".card[data-comment-id=" + id + "]")
var arr = ["name","email", "dateTime", "msg"]
$(data).find("td[data-record]").each(function(i){
var val = $(this).text()
var par = $(this).parent()
$(this).remove()
$(par).addClass('row')
$(par).append('<div class="input-field col s12 m12 l12"><td class="row"><div class="input-field col s12 m12 l12"><input type="text" class="validate" data-item="' + arr[i] + '" value="' + val + '"></div>')
})
var td = $(data).find("td[data-admin-btn]")
var par = td.parent()
$(par).addClass('row')
$(td).html('<div class="input-field col s12"><button class="btn waves-effect waves-light" type="button" name="action" data-edit-submit data-edit-id="' + id + '">Submit<i class="material-icons right">send</i></button></div>')
})
//Dynamic event binding
$(document).on("click","button[data-edit-submit]",function(){
var id = $(this).attr("data-edit-id")
var data = $(".card[data-comment-id=" + id + "]")
var obj = {id: id}
$(data).find("input[type=text]").each(function(){
field = $(this).attr("data-item")
value = $(this).val()
obj[field] = value
})
adminCtrl("editComment", obj)
})
})
</script>
</head>
<body>
<header>
<nav class="green">
<div class="nav-wrapper container">
<!-- Title -->
<a href="<?= basename(__FILE__)?>" class="brand-logo center">Guest book</a>
<!-- Mobile menu button -->
<a href="#" data-activates="menu" class="button-collapse force-menu"><i class="material-icons">menu</i></a>
<!-- Large screen nav -->
<!-- <ul class="right hide-on-med-and-down">
<li><a href="<?= basename(__FILE__); ?>"><i class="material-icons left">message</i>Guest Book</a></li>
<li><a href="<?= basename(__FILE__) . '?add'; ?>"><i class="material-icons left">note_add</i>New Comment</a></li>
<li><a href="#" id="truncater"><i class="material-icons left">delete</i>Truncate Comment</a></li>
<li><a href="//<?=$_SERVER['HTTP_HOST']?>"><i class="material-icons left">perm_identity</i>Jamie Phan</a></li>
</ul> -->
<!-- Small screen side nav -->
<ul class="side-nav" id="menu">
<li><a href="<?= basename(__FILE__); ?>"><i class="material-icons left">message</i>Guest Book</a></li>
<li><a href="<?= basename(__FILE__) . '?add'; ?>"><i class="material-icons left">note_add</i>New Comment</a></li>
<li><a href="#" id="truncater"><i class="material-icons left">delete</i>Truncate Comment</a></li>
<li><a href="#modal1" class="modal-trigger"><i class="material-icons left">code</i>Show Source Code</a></li>
<li><a href="//<?=$_SERVER['HTTP_HOST']?>"><i class="material-icons left">perm_identity</i>Jamie Phan</a></li>
</ul>
</div>
</nav>
</header>
<main>
<div class="container">
<?php
if (!isset($_GET['add'])) {
echo "<!-- List record section -->";
while($record = $query->fetch_assoc()){
?>
<div class="card hoverable" data-comment-id="<?= $record['gbookID']?>">
<div class="card-content">
<table class="bordered highlight">
<tr>
<th>Name:</td>
<td data-record><?= $record['gbookNAME']?></td>
</tr>
<tr>
<th>Email:</td>
<td data-record><?= $record['gbookMAIL']; ?></td>
</tr>
<tr>
<th>Date Time:</td>
<td data-record><?= $record['gbookTIME']; ?></td>
</tr>
<tr>
<th>Message:</td>
<td data-record><?= $record['gbookMEMO']; ?></td>
</tr>
<tr>
<th>Administrative Control: (Password required.)</td>
<td data-admin-btn>
<a class="waves-effect waves-light btn edit-btn" data-edit-id="<?= $record['gbookID']?>"><i class="material-icons right">edit</i>Edit</a>
<a class="waves-effect waves-light btn red del-btn" data-delete-id="<?= $record['gbookID']?>"><i class="material-icons right">delete</i>Delete</a></td>
</tr>
</table>
</div>
</div>
<?php
}; //End while() db data loop
//start pengation
$recordsNumber = $gbook_connection->query("SELECT * FROM guestbook")->num_rows;
$totalPage = ceil($recordsNumber/gbook_MAXPERPAGE);
?>
<ul class="pagination right">
<li class="<?= ((getPageNumber() == '1')?"disabled":"wave-effect")?>">
<a<?= ((getPageNumber() == '1')?'':(' href="?page='.intval(getPageNumber()-1)).'"')?>>
<i class="material-icons">chevron_left</i>
</a>
</li> <!-- Left navigator -->
<!-- Start loop for pages -->
<?php
for($i = 1; $i <= $totalPage; $i++){
?>
<li class="<?= (getPageNumber() == $i?"active green":"waves-effect") ?>">
<a href="?page=<?=$i?>">
<?=$i?>
</a>
</li>
<?php
}
?>
<!-- End loop for pages -->
<li class="<?= ((intval(getPageNumber()) == intval($totalPage))?"disabled":"wave-effect")?>">
<a<?= ((getPageNumber() == '1')?"":(' href="?page='.intval(getPageNumber()+1)).'"')?>>
<i class="material-icons">chevron_right</i>
</a>
</li> <!-- Right navigator -->
</ul>
<?php
//end if($_GET['add']) - true
} else { ?>
<!-- Add comment section -->
<h4>Add your own comment!</h4>
<div class="row">
<form class="col s12 m12 l12" action="<?= basename(__FILE__)?>" method="POST">
<div class="row">
<div class="input-field col s12 m12 l6">
<i class="material-icons prefix">account_circle</i>
<input type="hidden" name="do" value="addComment">
<input id="name" type="text" name="name" class="validate" required>
<label for="name">Your Name</label>
</div>
<div class="input-field col s12 m12 l6">
<i class="material-icons prefix">email</i>
<input id="email" type="email" name="email" class="validate" required>
<label for="email">Your Email</label>
</div>
</div>
</div>
<div class="row">
<div class="input-field col s12">
<i class="material-icons prefix">message</i>
<textarea id="message" name="msg" class="materialize-textarea" required></textarea>
<label for="message">Your Message</label>
</div>
</div>
<div class="row">
<div class="input-field col s12 center">
<button class="btn waves-effect waves-light" type="submit" name="action">Submit
<i class="material-icons right">send</i>
</button>
</div>
</div>
</form>
</div>
<?php } //end if($_GET['add']) - else
?>
<div id="modal1" class="modal">
<div class="modal-content">
<h4>Source Code for <?= basename(__FILE__) ?>:</h4>
<p>
<?= show_source(basename(__FILE__))?>
</p>
</div>
<div class="modal-footer">
<a href="#!" class=" modal-action modal-close waves-effect waves-green btn-flat">Close</a>
</div>
</div>
</div> <!-- Main container -->
</main>
<footer class="page-footer green">
<div class="container">
<div class="row">
<div class="col l6 s12">
<h5 class="white-text">Guest book 2</h5>
<p class="grey-text text-lighten-4">Simple, single messaging system, with in-browser editing. Featuring material design, used by Google.</p>
</div>
<div class="col l4 offset-l2 s12">
<h5 class="white-text">Links</h5>
<ul>
<li><a class="grey-text text-lighten-3" href="#">Facebook</a></li>
<li><a class="grey-text text-lighten-3" href="#">Twitter</a></li>
<li><a class="grey-text text-lighten-3" href="https://www.youtube.com/user/jamiephan9898989898">Youtube</a></li>
<li><a class="grey-text text-lighten-3" href="http://tw.gamelet.com/user.do?username=100000380302236%40facebook.com">Gamelet</a></li>
</ul>
</div>
</div>
</div>
<div class="footer-copyright green darken-1">
<div class="container">
© <?= date("Y")?> Jamie Phan
<a class="grey-text text-lighten-4 right" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>
</div>
</div>
</footer>
</body>
</html>
1