Fix the SQL for reservations class modification.

Signed-off-by: Jérôme Benoit <jerome.benoit@piment-noir.org>

diff --git a/includes/formaccount.php b/includes/formaccount.php
index fda90b671bbf8d8e2d0e3e0d876063f36df37b39..6e1799995948e2fd7b47520aecc3f074d6eb5dad 100644 (file)
--- a/includes/formaccount.php
+++ b/includes/formaccount.php
@@ -11,6 +11,13 @@ $form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRI
 $form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
 $form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);
 
+global $is_logged_in;
+if (!$is_logged_in) {
+    echo "Please login first. <br>";
+    $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
+    redirect("index.php?page=login", 2);
+}
+
 $input_failure = false;
 $password_failure = false;
 
@@ -39,7 +46,7 @@ if (strcmp($form_password, $form_confirmpassword) !== 0) {
 
 if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
     !empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
-    !$input_failure) {
+    !$input_failure && $is_logged_in) {
     global $connection;
     $client_id = get_client_id($_SESSION['email']);
     $sql_pquery = "update CLIENTS
@@ -52,7 +59,7 @@ if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) &&
     echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>";
     redirect("index.php?page=account", 3);
 } elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
-          !$password_failure) {
+          !$password_failure && $is_logged_in) {
     if (chk_password($_SESSION['email'], $form_oldpassword)) {
         global $connection;
         $client_id = get_client_id($_SESSION['email']);

diff --git a/includes/formmodify.php b/includes/formmodify.php
index 2a612a65101ae4926b1983a4fd358b7ac7ff3f7d..6b6490612b85681dedc8cbc15bd7ca3fa4389a88 100644 (file)
--- a/includes/formmodify.php
+++ b/includes/formmodify.php
@@ -1,8 +1,16 @@
 <?php
 $form_flight_id = filter_input(INPUT_POST, "flight_id", FILTER_SANITIZE_STRING);
 $form_nb_place = filter_input(INPUT_POST, "nb_place", FILTER_VALIDATE_INT);
+$form_previous_class_name = filter_input(INPUT_POST, "previous_class_name", FILTER_SANITIZE_STRING);
 $form_class_name = filter_input(INPUT_POST, "class_name", FILTER_SANITIZE_STRING);
 
+global $is_logged_in;
+if (!$is_logged_in) {
+    echo "Please login first. <br>";
+    $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
+    redirect("index.php?page=login", 2);
+}
+
 $input_failure = false;
 
 if (!$form_nb_place) {
@@ -10,14 +18,14 @@ if (!$form_nb_place) {
     $input_failure = true;
 }
 
-if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
+if (!$input_failure && $is_logged_in && !empty($form_nb_place) && !empty($form_class_name)) {
     global $connection;
     $client_id = get_client_id($_SESSION['email']);
     $sql_pquery = "update RESERVATIONS
                    set NbPlaces = ?, Classe = ?
-                   where NumCl = ? and NumVol = ?";
+                   where NumCl = ? and NumVol = ? and Classe = ?";
     $connection->prepare_query($sql_pquery);
-    $connection->prepared_query_bind_param("isis", array($form_nb_place, $form_class_name, $client_id, $form_flight_id));
+    $connection->prepared_query_bind_param("isiss", array($form_nb_place, $form_class_name, $client_id, $form_flight_id, $form_previous_class_name));
     $connection->run_prepared_query();
     $connection->close_prepared_query();
     echo "Modifications enregistre&#769;es. <br>";

diff --git a/includes/formreservations.php b/includes/formreservations.php
index 06989006b122921a4d7b44cda15b3897780ac1fd..e8a162c254e9e286d093f3f8107327130a949ca4 100644 (file)
--- a/includes/formreservations.php
+++ b/includes/formreservations.php
@@ -3,7 +3,15 @@ $form_flight_id = filter_input(INPUT_POST, "flight_id", FILTER_SANITIZE_STRING);
 $form_class_name = filter_input(INPUT_POST, "class_name", FILTER_SANITIZE_STRING);
 $form_cancel = filter_input(INPUT_POST, "cancel", FILTER_SANITIZE_STRING);
 
-if (isset($form_cancel) && isset($form_flight_id) && isset($form_class_name)) {
+global $is_logged_in;
+if (!$is_logged_in) {
+    echo "Please login first. <br>";
+    $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
+    redirect("index.php?page=login", 2);
+}
+
+if (isset($form_cancel) && isset($form_flight_id) && isset($form_class_name) &&
+    $is_logged_in) {
     $client_id = get_client_id($_SESSION['email']);
     global $connection;
     $sql_pquery = "delete from RESERVATIONS

diff --git a/includes/formsearch.php b/includes/formsearch.php
index ba1572a904bc4273ada71b5f8a49de9f1cc50fa1..6bd0fa1850372714c2224ecda11385873441e8fd 100644 (file)
--- a/includes/formsearch.php
+++ b/includes/formsearch.php
@@ -50,7 +50,7 @@ if (empty($form_arrival_date)) {
  <select size="1" name="departure_city" required>
   <optgroup label="Se&#769;lectionner une ville">
  <?php
- $sql_pquery = "select distinct VilleD from VOLS";
+ $sql_pquery = "select distinct VilleD from VOLS order by VilleD";
  global $connection;
  $connection->prepare_query($sql_pquery);
  $connection->run_prepared_query();
@@ -73,7 +73,7 @@ if (empty($form_arrival_date)) {
  <select size="1" name="arrival_city" required>
   <optgroup label="Se&#769;lectionner une ville">
  <?php
- $sql_pquery = "select distinct VilleA from VOLS";
+ $sql_pquery = "select distinct VilleA from VOLS order by VilleA";
  global $connection;
  $connection->prepare_query($sql_pquery);
  $connection->run_prepared_query();

diff --git a/includes/modify.php b/includes/modify.php
index 7915c48e53fe40688bb07bc288bb40c41839071e..045d84acfe511c93b11a0cc955c09d917311b9cc 100644 (file)
--- a/includes/modify.php
+++ b/includes/modify.php
@@ -25,13 +25,14 @@ $connection->close_prepared_query();
 <form action="index.php" id="modify" method="post">
   <input type="hidden" name="form" value="modify" />
   <input type="hidden" name="flight_id" value="<?php echo $rows[0]['NumVol'] ?>" />
+  <input type="hidden" name="previous_class_name" value="<?php echo $rows[0]['Classe'] ?>" />
   <label> Nombre de place(s) : </label>
   <input type="number" name="nb_place" min="1" max="9" value="<?php echo $rows[0]['NbPlaces'] ?>" required/>
   <label> Classe : </label>
   <select size="1" name="class_name" required>
    <optgroup label="Se&#769;lectionner une classe">
   <?php
-  $sql_pquery = "select distinct Classe from DEFCLASSES where NumVol = ?";
+  $sql_pquery = "select distinct Classe from DEFCLASSES where NumVol = ? order by Classe";
   global $connection;
   $connection->prepare_query($sql_pquery);
   $connection->prepared_query_bind_param("s", array($flight_id));

diff --git a/includes/search.php b/includes/search.php
index e2503d96536f5e1988e5a485cf3b77d09ef5595d..6ae2621888f0b1e2d0252df0b85446746aa63de8 100644 (file)
--- a/includes/search.php
+++ b/includes/search.php
@@ -28,7 +28,7 @@ if ($action === "return_flight") {
  <select size="1" name="departure_city" required>
   <optgroup label="Se&#769;lectionner une ville">
  <?php
- $sql_pquery = "select distinct VilleD from VOLS";
+ $sql_pquery = "select distinct VilleD from VOLS order by VilleD";
  global $connection;
  $connection->prepare_query($sql_pquery);
  $connection->run_prepared_query();
@@ -51,7 +51,7 @@ if ($action === "return_flight") {
  <select size="1" name="arrival_city" required>
   <optgroup label="Se&#769;lectionner une ville">
  <?php
- $sql_pquery = "select distinct VilleA from VOLS";
+ $sql_pquery = "select distinct VilleA from VOLS order by VilleA";
  global $connection;
  $connection->prepare_query($sql_pquery);
  $connection->run_prepared_query();