From: Jérôme Benoit Date: Sat, 20 Jan 2018 10:43:13 +0000 (+0100) Subject: Fix the SQL for reservations class modification. X-Git-Url: https://git.piment-noir.org/?a=commitdiff_plain;h=f38123a5d3eafd9af6fb25e1dd5ccf29c5508b36;p=Project_webapp.git Fix the SQL for reservations class modification. Signed-off-by: Jérôme Benoit --- diff --git a/includes/formaccount.php b/includes/formaccount.php index fda90b6..6e17999 100644 --- a/includes/formaccount.php +++ b/includes/formaccount.php @@ -11,6 +11,13 @@ $form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRI $form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING); $form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING); +global $is_logged_in; +if (!$is_logged_in) { + echo "Please login first.
"; + $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER']; + redirect("index.php?page=login", 2); +} + $input_failure = false; $password_failure = false; @@ -39,7 +46,7 @@ if (strcmp($form_password, $form_confirmpassword) !== 0) { if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) && !empty($form_postalcode) && !empty($form_city) && !empty($form_email) && - !$input_failure) { + !$input_failure && $is_logged_in) { global $connection; $client_id = get_client_id($_SESSION['email']); $sql_pquery = "update CLIENTS @@ -52,7 +59,7 @@ if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && echo "You've updated your personal informations, you will be redirected to your account in 3 seconds.
"; redirect("index.php?page=account", 3); } elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) && - !$password_failure) { + !$password_failure && $is_logged_in) { if (chk_password($_SESSION['email'], $form_oldpassword)) { global $connection; $client_id = get_client_id($_SESSION['email']); diff --git a/includes/formmodify.php b/includes/formmodify.php index 2a612a6..6b64906 100644 --- a/includes/formmodify.php +++ b/includes/formmodify.php @@ -1,8 +1,16 @@ "; + $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER']; + redirect("index.php?page=login", 2); +} + $input_failure = false; if (!$form_nb_place) { @@ -10,14 +18,14 @@ if (!$form_nb_place) { $input_failure = true; } -if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) { +if (!$input_failure && $is_logged_in && !empty($form_nb_place) && !empty($form_class_name)) { global $connection; $client_id = get_client_id($_SESSION['email']); $sql_pquery = "update RESERVATIONS set NbPlaces = ?, Classe = ? - where NumCl = ? and NumVol = ?"; + where NumCl = ? and NumVol = ? and Classe = ?"; $connection->prepare_query($sql_pquery); - $connection->prepared_query_bind_param("isis", array($form_nb_place, $form_class_name, $client_id, $form_flight_id)); + $connection->prepared_query_bind_param("isiss", array($form_nb_place, $form_class_name, $client_id, $form_flight_id, $form_previous_class_name)); $connection->run_prepared_query(); $connection->close_prepared_query(); echo "Modifications enregistrées.
"; diff --git a/includes/formreservations.php b/includes/formreservations.php index 0698900..e8a162c 100644 --- a/includes/formreservations.php +++ b/includes/formreservations.php @@ -3,7 +3,15 @@ $form_flight_id = filter_input(INPUT_POST, "flight_id", FILTER_SANITIZE_STRING); $form_class_name = filter_input(INPUT_POST, "class_name", FILTER_SANITIZE_STRING); $form_cancel = filter_input(INPUT_POST, "cancel", FILTER_SANITIZE_STRING); -if (isset($form_cancel) && isset($form_flight_id) && isset($form_class_name)) { +global $is_logged_in; +if (!$is_logged_in) { + echo "Please login first.
"; + $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER']; + redirect("index.php?page=login", 2); +} + +if (isset($form_cancel) && isset($form_flight_id) && isset($form_class_name) && + $is_logged_in) { $client_id = get_client_id($_SESSION['email']); global $connection; $sql_pquery = "delete from RESERVATIONS diff --git a/includes/formsearch.php b/includes/formsearch.php index ba1572a..6bd0fa1 100644 --- a/includes/formsearch.php +++ b/includes/formsearch.php @@ -50,7 +50,7 @@ if (empty($form_arrival_date)) { prepare_query($sql_pquery); $connection->run_prepared_query(); diff --git a/includes/modify.php b/includes/modify.php index 7915c48..045d84a 100644 --- a/includes/modify.php +++ b/includes/modify.php @@ -25,13 +25,14 @@ $connection->close_prepared_query();
+ prepare_query($sql_pquery); $connection->run_prepared_query(); @@ -51,7 +51,7 @@ if ($action === "return_flight") {