From f38123a5d3eafd9af6fb25e1dd5ccf29c5508b36 Mon Sep 17 00:00:00 2001
From: =?utf8?q?J=C3=A9r=C3=B4me=20Benoit?= <jerome.benoit@piment-noir.org>
Date: Sat, 20 Jan 2018 11:43:13 +0100
Subject: [PATCH] Fix the SQL for reservations class modification.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: JÃ©rÃ´me Benoit <jerome.benoit@piment-noir.org>
---
 includes/formaccount.php      | 11 +++++++++--
 includes/formmodify.php       | 14 +++++++++++---
 includes/formreservations.php | 10 +++++++++-
 includes/formsearch.php       |  4 ++--
 includes/modify.php           |  3 ++-
 includes/search.php           |  4 ++--
 6 files changed, 35 insertions(+), 11 deletions(-)
diff --git a/includes/formaccount.php b/includes/formaccount.php
index fda90b6..6e17999 100644
--- a/includes/formaccount.php
+++ b/includes/formaccount.php
@@ -11,6 +11,13 @@ $form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRI
 $form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
 $form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);
 
+global $is_logged_in;
+if (!$is_logged_in) {
+    echo "Please login first. <br>";
+    $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
+    redirect("index.php?page=login", 2);
+}
+
 $input_failure = false;
 $password_failure = false;
 
@@ -39,7 +46,7 @@ if (strcmp($form_password, $form_confirmpassword) !== 0) {
 
 if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
     !empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
-    !$input_failure) {
+    !$input_failure && $is_logged_in) {
     global $connection;
     $client_id = get_client_id($_SESSION['email']);
     $sql_pquery = "update CLIENTS
@@ -52,7 +59,7 @@ if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) &&
     echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>";
     redirect("index.php?page=account", 3);
 } elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
-          !$password_failure) {
+          !$password_failure && $is_logged_in) {
     if (chk_password($_SESSION['email'], $form_oldpassword)) {
         global $connection;
         $client_id = get_client_id($_SESSION['email']);
diff --git a/includes/formmodify.php b/includes/formmodify.php
index 2a612a6..6b64906 100644
--- a/includes/formmodify.php
+++ b/includes/formmodify.php
@@ -1,8 +1,16 @@
 <?php
 $form_flight_id = filter_input(INPUT_POST, "flight_id", FILTER_SANITIZE_STRING);
 $form_nb_place = filter_input(INPUT_POST, "nb_place", FILTER_VALIDATE_INT);
+$form_previous_class_name = filter_input(INPUT_POST, "previous_class_name", FILTER_SANITIZE_STRING);
 $form_class_name = filter_input(INPUT_POST, "class_name", FILTER_SANITIZE_STRING);
 
+global $is_logged_in;
+if (!$is_logged_in) {
+    echo "Please login first. <br>";
+    $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
+    redirect("index.php?page=login", 2);
+}
+
 $input_failure = false;
 
 if (!$form_nb_place) {
@@ -10,14 +18,14 @@ if (!$form_nb_place) {
     $input_failure = true;
 }
 
-if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
+if (!$input_failure && $is_logged_in && !empty($form_nb_place) && !empty($form_class_name)) {
     global $connection;
     $client_id = get_client_id($_SESSION['email']);
     $sql_pquery = "update RESERVATIONS
                    set NbPlaces = ?, Classe = ?
-                   where NumCl = ? and NumVol = ?";
+                   where NumCl = ? and NumVol = ? and Classe = ?";
     $connection->prepare_query($sql_pquery);
-    $connection->prepared_query_bind_param("isis", array($form_nb_place, $form_class_name, $client_id, $form_flight_id));
+    $connection->prepared_query_bind_param("isiss", array($form_nb_place, $form_class_name, $client_id, $form_flight_id, $form_previous_class_name));
     $connection->run_prepared_query();
     $connection->close_prepared_query();
     echo "Modifications enregistre&#769;es. <br>";
diff --git a/includes/formreservations.php b/includes/formreservations.php
index 0698900..e8a162c 100644
--- a/includes/formreservations.php
+++ b/includes/formreservations.php
@@ -3,7 +3,15 @@ $form_flight_id = filter_input(INPUT_POST, "flight_id", FILTER_SANITIZE_STRING);
 $form_class_name = filter_input(INPUT_POST, "class_name", FILTER_SANITIZE_STRING);
 $form_cancel = filter_input(INPUT_POST, "cancel", FILTER_SANITIZE_STRING);
 
-if (isset($form_cancel) && isset($form_flight_id) && isset($form_class_name)) {
+global $is_logged_in;
+if (!$is_logged_in) {
+    echo "Please login first. <br>";
+    $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
+    redirect("index.php?page=login", 2);
+}
+
+if (isset($form_cancel) && isset($form_flight_id) && isset($form_class_name) &&
+    $is_logged_in) {
     $client_id = get_client_id($_SESSION['email']);
     global $connection;
     $sql_pquery = "delete from RESERVATIONS
diff --git a/includes/formsearch.php b/includes/formsearch.php
index ba1572a..6bd0fa1 100644
--- a/includes/formsearch.php
+++ b/includes/formsearch.php
@@ -50,7 +50,7 @@ if (empty($form_arrival_date)) {
  <select size="1" name="departure_city" required>
   <optgroup label="Se&#769;lectionner une ville">
  <?php
- $sql_pquery = "select distinct VilleD from VOLS";
+ $sql_pquery = "select distinct VilleD from VOLS order by VilleD";
  global $connection;
  $connection->prepare_query($sql_pquery);
  $connection->run_prepared_query();
@@ -73,7 +73,7 @@ if (empty($form_arrival_date)) {
  <select size="1" name="arrival_city" required>
   <optgroup label="Se&#769;lectionner une ville">
  <?php
- $sql_pquery = "select distinct VilleA from VOLS";
+ $sql_pquery = "select distinct VilleA from VOLS order by VilleA";
  global $connection;
  $connection->prepare_query($sql_pquery);
  $connection->run_prepared_query();
diff --git a/includes/modify.php b/includes/modify.php
index 7915c48..045d84a 100644
--- a/includes/modify.php
+++ b/includes/modify.php
@@ -25,13 +25,14 @@ $connection->close_prepared_query();
 <form action="index.php" id="modify" method="post">
   <input type="hidden" name="form" value="modify" />
   <input type="hidden" name="flight_id" value="<?php echo $rows[0]['NumVol'] ?>" />
+  <input type="hidden" name="previous_class_name" value="<?php echo $rows[0]['Classe'] ?>" />
   <label> Nombre de place(s) : </label>
   <input type="number" name="nb_place" min="1" max="9" value="<?php echo $rows[0]['NbPlaces'] ?>" required/>
   <label> Classe : </label>
   <select size="1" name="class_name" required>
    <optgroup label="Se&#769;lectionner une classe">
   <?php
-  $sql_pquery = "select distinct Classe from DEFCLASSES where NumVol = ?";
+  $sql_pquery = "select distinct Classe from DEFCLASSES where NumVol = ? order by Classe";
   global $connection;
   $connection->prepare_query($sql_pquery);
   $connection->prepared_query_bind_param("s", array($flight_id));
diff --git a/includes/search.php b/includes/search.php
index e2503d9..6ae2621 100644
--- a/includes/search.php
+++ b/includes/search.php
@@ -28,7 +28,7 @@ if ($action === "return_flight") {
  <select size="1" name="departure_city" required>
   <optgroup label="Se&#769;lectionner une ville">
  <?php
- $sql_pquery = "select distinct VilleD from VOLS";
+ $sql_pquery = "select distinct VilleD from VOLS order by VilleD";
  global $connection;
  $connection->prepare_query($sql_pquery);
  $connection->run_prepared_query();
@@ -51,7 +51,7 @@ if ($action === "return_flight") {
  <select size="1" name="arrival_city" required>
   <optgroup label="Se&#769;lectionner une ville">
  <?php
- $sql_pquery = "select distinct VilleA from VOLS";
+ $sql_pquery = "select distinct VilleA from VOLS order by VilleA";
  global $connection;
  $connection->prepare_query($sql_pquery);
  $connection->run_prepared_query();
-- 
2.34.1

