mirror of
https://github.com/tim-krehan/shopping-list.git
synced 2024-11-27 15:40:00 +01:00
Merge branch 'prevent-sqlinjection' into 'develop'
Prevent sqlinjection See merge request bluekay/shopping-list!12
This commit is contained in:
commit
5b41ed338c
78 changed files with 78603 additions and 2283 deletions
|
@ -6,7 +6,7 @@
|
|||
RewriteRule ^([a-zA-Z0-9-]+)$ ?site=$1
|
||||
|
||||
#alles, was versucht ein Script aufzurufen
|
||||
RewriteRule /bin/(.+) /bin/$1
|
||||
RewriteRule /js/(.+) /js/$1
|
||||
|
||||
#Error Seite
|
||||
RewriteRule ^error/([a-zA-Z0-9-_]+)$ ?site=error&id=$1
|
||||
|
|
|
@ -2,4 +2,5 @@
|
|||
$CONFIG = array (
|
||||
'installed' => false,
|
||||
);
|
||||
|
||||
?>
|
|
@ -1,6 +1,6 @@
|
|||
<head>
|
||||
<link rel="stylesheet" href="/style/adduser.css">
|
||||
<script src="/bin/adduser.js" charset="utf-8"></script>
|
||||
<script src="/js/adduser.js" charset="utf-8"></script>
|
||||
</head>
|
||||
<h1>Benutzer hinzufügen</h1>
|
||||
<div class="adduser">
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
<head>
|
||||
<title>Installationsfehler</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<script src="/bin/error.js" charset="utf-8"></script>
|
||||
<script src="/js/error.js" charset="utf-8"></script>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<script src="/bin/list.js" charset="utf-8"></script>
|
||||
<script src="/js/list.js" charset="utf-8"></script>
|
||||
<div class="container mt-5">
|
||||
<h1>Liste</h1>
|
||||
</div>
|
||||
|
@ -28,7 +28,7 @@
|
|||
$checked = "";
|
||||
}
|
||||
|
||||
print_r("<div class='$div_item_row_classes $div_item_row_color_classes'>");
|
||||
print_r("<div class='list-row $div_item_row_classes $div_item_row_color_classes'>");
|
||||
print_r("<div class='$div_item_checkbox_classes'><input type='checkbox' class='$input_item_checkbox_classes' data-color='$color_theme' data-id='$item->ID' $checked></div>");
|
||||
print_r("<div class='$div_item_quantity_classes'>$item->Anzahl $item->Einheit</div>");
|
||||
print_r("<div class='$div_item_name_classes'>$item->Name</div>");
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<input type="password" class="form-control" name="pass" id="pass" placeholder="**********" required="required">
|
||||
</div>
|
||||
<div class="form-group form-check">
|
||||
<input type="checkbox" class="form-check-input" id="rememberme">
|
||||
<input type="checkbox" class="form-check-input" id="rememberme" name="rememberme">
|
||||
<label class="form-check-label" for="rememberme">Angemeldet bleiben</label>
|
||||
</div>
|
||||
<button type="submit" class="btn btn-primary">Login</button>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
if($_SERVER["REQUEST_URI"]!="/new-recipe"){
|
||||
$submitFunction = "update";
|
||||
$title = "Bearbeiten";
|
||||
$script = '<script src="/bin/edit-recipe.js" charset="utf-8"></script>';
|
||||
$script = '<script src="/js/edit-recipe.js" charset="utf-8"></script>';
|
||||
$additionalInput = "<input type='hidden' name='id' value=''>";
|
||||
}
|
||||
else{
|
||||
|
@ -12,8 +12,8 @@
|
|||
$additionalInput = "";
|
||||
}
|
||||
?>
|
||||
<script src="/bin/manageRecipe.js" charset="utf-8"></script>
|
||||
<script src="/bin/autocomplete.js" charset="utf-8"></script>
|
||||
<script src="/js/manageRecipe.js" charset="utf-8"></script>
|
||||
<script src="/js/autocomplete.js" charset="utf-8"></script>
|
||||
<?php echo $script; ?>
|
||||
<div class="container mt-5">
|
||||
<h1><?php echo $title ?></h1>
|
||||
|
|
55
cont/nav.php
55
cont/nav.php
|
@ -1,16 +1,47 @@
|
|||
<nav class="navbar navbar-inverse bg-secondary rounded-bottom pt-0 pb-0">
|
||||
<div class="container-fluid">
|
||||
<nav class="navbar navbar-expand-sm navbar-dark bg-dark rounded-bottom fixed-top">
|
||||
<a class="navbar-brand" href="/">
|
||||
<i class="fas fa-check-square w-auto"></i>
|
||||
ShoppingList
|
||||
</a>
|
||||
|
||||
<ul class="nav navbar-left">
|
||||
<a class="navbar-brand text-light font-weight-bold p-2" href="/"><i class="fas fa-check-square w-auto"></i></a>
|
||||
<a class="text-light font-weight-bold text-decoration-none p-2 ml-1" href="/list">Liste</a>
|
||||
<a class="text-light font-weight-bold text-decoration-none p-2 ml-1" href="/recipes">Rezepte</a>
|
||||
</ul>
|
||||
<button class="navbar-toggler float-right" type="button" data-toggle="collapse" data-target="#navbarToggleResponsive" aria-controls="navbarToggleResponsive" aria-expanded="false" aria-label="Toggle navigation">
|
||||
<i class="fas fa-bars"></i>
|
||||
</button>
|
||||
|
||||
<ul class="nav navbar-right text-light">
|
||||
<a class="fas fa-user-cog text-light text-decoration-none p-1" href="/settings"></a>
|
||||
<a class="fas fa-sign-out-alt text-light text-decoration-none p-1" href="/php/logout.php" id='logout'></a>
|
||||
</ul>
|
||||
<div class="collapse navbar-collapse">
|
||||
<ul class="navbar-nav mr-auto">
|
||||
<li class="nav-item <?php if(($site=="list")||($site=="-1")){print_r("active");} ?>">
|
||||
<a class="nav-link" href="/list"><i class="fas fa-list"></i> Liste</a>
|
||||
</li>
|
||||
<li class="nav-item <?php if($site=="recipes"){print_r("active");} ?>">
|
||||
<a class="nav-link" href="/recipes"><i class="fas fa-book"></i> Rezepte</a>
|
||||
</li>
|
||||
</ul>
|
||||
<ul class="navbar-nav">
|
||||
<li class="nav-item <?php if($site=="settings"){print_r("active");} ?>">
|
||||
<a class="nav-link" href="/settings"><i class="fas fa-user-cog"></i></a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="/php/logout.php"><i class="fas fa-sign-out-alt"></i></a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="collapse w-75 pl-2" id="navbarToggleResponsive">
|
||||
<ul class="navbar-nav mr-auto">
|
||||
<li class="nav-item <?php if($site=="list"){print_r("active");} ?>">
|
||||
<a class="nav-link" href="/list"><i class="fas fa-list"></i> Liste</a>
|
||||
</li>
|
||||
<li class="nav-item <?php if($site=="recipes"){print_r("active");} ?>">
|
||||
<a class="nav-link" href="/recipes"><i class="fas fa-book"></i> Rezepte</a>
|
||||
</li>
|
||||
<li class="nav-item <?php if($site=="settings"){print_r("active");} ?>">
|
||||
<a class="nav-link" href="/settings"><i class="fas fa-user-cog"></i> Einstellungen</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="/php/logout.php"><i class="fas fa-sign-out-alt"></i> Logout</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</nav>
|
|
@ -1,13 +1,12 @@
|
|||
<script src="/bin/recipe.js" charset="utf-8"></script>
|
||||
<script src="/js/recipe.js" charset="utf-8"></script>
|
||||
<?php
|
||||
include $_SESSION["docroot"].'/php/classes.recipe.php';
|
||||
include $_SESSION["docroot"].'/php/classes.parsedown.php';
|
||||
$book = new cookbook;
|
||||
$book->getRecipe($_GET["number"]);
|
||||
$recipe = $book->sites[0];
|
||||
?>
|
||||
|
||||
<div class="dropdown text-right mt-4">
|
||||
<div class="dropdown text-right mt-5">
|
||||
<button class="btn btn-primary dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
|
||||
Menü
|
||||
</button>
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
<!-- <link rel="stylesheet" href="/style/recipes.css"> -->
|
||||
<script src="/bin/search.js" charset="utf-8"></script>
|
||||
<script src="/js/search.js" charset="utf-8"></script>
|
||||
|
||||
<div class="container mt-5 mb-5">
|
||||
<h1>Rezepte</h1>
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<script src="/bin/settings.js" charset="utf-8"></script>
|
||||
<script src="/js/settings.js" charset="utf-8"></script>
|
||||
<div class="container mt-5">
|
||||
<h1>Einstellungen</h1>
|
||||
</div>
|
||||
|
@ -112,11 +112,8 @@
|
|||
|
||||
<div class="toast fixed-bottom m-2" role="alert" id="toast-pw-success" aria-live="assertive" aria-atomic="true" data-delay="4000" data-animation="true">
|
||||
<div class="toast-header">
|
||||
<i class="close_toast fas fa-check-square w-auto mr-2"></i>
|
||||
<i class="fas fa-check-square w-auto mr-2"></i>
|
||||
<strong class="mr-auto">ShoppingList</strong>
|
||||
<button type="button" class="ml-2 mb-1 close" data-dismiss="toast" aria-label="Close">
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="toast-body">
|
||||
Passwort erfolgreich geändert!
|
||||
|
@ -125,11 +122,8 @@
|
|||
|
||||
<div class="toast fixed-bottom m-2" role="alert" id="toast-list-import-success" aria-live="assertive" aria-atomic="true" data-delay="4000" data-animation="true">
|
||||
<div class="toast-header">
|
||||
<i class="close_toast fas fa-check-square w-auto mr-2"></i>
|
||||
<i class="fas fa-check-square w-auto mr-2"></i>
|
||||
<strong class="mr-auto">ShoppingList</strong>
|
||||
<button type="button" class="ml-2 mb-1 close" data-dismiss="toast" aria-label="Close">
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="toast-body">
|
||||
Liste erfolgreich importiert!
|
||||
|
@ -138,24 +132,18 @@
|
|||
|
||||
<div class="toast fixed-bottom m-2" role="alert" id="toast-recipe-import-success" aria-live="assertive" aria-atomic="true" data-delay="4000" data-animation="true">
|
||||
<div class="toast-header">
|
||||
<i class="close_toast fas fa-check-square w-auto mr-2"></i>
|
||||
<i class="fas fa-check-square w-auto mr-2"></i>
|
||||
<strong class="mr-auto">ShoppingList</strong>
|
||||
<button type="button" class="ml-2 mb-1 close" data-dismiss="toast" aria-label="Close">
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="toast-body">
|
||||
Rezepte erfolgreich importiert!
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="toast fixed-bottom m-2" role="alert" id="toast-recipe-import-warning" aria-live="assertive" aria-atomic="true" data-autohide="false" data-animation="true">
|
||||
<div class="toast fixed-bottom m-2" role="alert" id="toast-recipe-import-warning" aria-live="assertive" aria-atomic="true" data-autohide="4000" data-animation="true">
|
||||
<div class="toast-header">
|
||||
<i class="close_toast fas fa-check-square w-auto mr-2"></i>
|
||||
<strong class="mr-auto">ShoppingList</strong>
|
||||
<button type="button" class="ml-2 mb-1 close" data-dismiss="toast" aria-label="Close">
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="toast-body">
|
||||
Nicht alle Rezepte konnten importiert werden! Fehlerhafte Rezepte wieder exportiert.
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,93 +0,0 @@
|
|||
Copyright (c) 2010-2014 by tyPoland Lukasz Dziedzic (team@latofonts.com) with Reserved Font Name "Lato"
|
||||
|
||||
This Font Software is licensed under the SIL Open Font License, Version 1.1.
|
||||
This license is copied below, and is also available with a FAQ at:
|
||||
http://scripts.sil.org/OFL
|
||||
|
||||
|
||||
-----------------------------------------------------------
|
||||
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
|
||||
-----------------------------------------------------------
|
||||
|
||||
PREAMBLE
|
||||
The goals of the Open Font License (OFL) are to stimulate worldwide
|
||||
development of collaborative font projects, to support the font creation
|
||||
efforts of academic and linguistic communities, and to provide a free and
|
||||
open framework in which fonts may be shared and improved in partnership
|
||||
with others.
|
||||
|
||||
The OFL allows the licensed fonts to be used, studied, modified and
|
||||
redistributed freely as long as they are not sold by themselves. The
|
||||
fonts, including any derivative works, can be bundled, embedded,
|
||||
redistributed and/or sold with any software provided that any reserved
|
||||
names are not used by derivative works. The fonts and derivatives,
|
||||
however, cannot be released under any other type of license. The
|
||||
requirement for fonts to remain under this license does not apply
|
||||
to any document created using the fonts or their derivatives.
|
||||
|
||||
DEFINITIONS
|
||||
"Font Software" refers to the set of files released by the Copyright
|
||||
Holder(s) under this license and clearly marked as such. This may
|
||||
include source files, build scripts and documentation.
|
||||
|
||||
"Reserved Font Name" refers to any names specified as such after the
|
||||
copyright statement(s).
|
||||
|
||||
"Original Version" refers to the collection of Font Software components as
|
||||
distributed by the Copyright Holder(s).
|
||||
|
||||
"Modified Version" refers to any derivative made by adding to, deleting,
|
||||
or substituting -- in part or in whole -- any of the components of the
|
||||
Original Version, by changing formats or by porting the Font Software to a
|
||||
new environment.
|
||||
|
||||
"Author" refers to any designer, engineer, programmer, technical
|
||||
writer or other person who contributed to the Font Software.
|
||||
|
||||
PERMISSION & CONDITIONS
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of the Font Software, to use, study, copy, merge, embed, modify,
|
||||
redistribute, and sell modified and unmodified copies of the Font
|
||||
Software, subject to the following conditions:
|
||||
|
||||
1) Neither the Font Software nor any of its individual components,
|
||||
in Original or Modified Versions, may be sold by itself.
|
||||
|
||||
2) Original or Modified Versions of the Font Software may be bundled,
|
||||
redistributed and/or sold with any software, provided that each copy
|
||||
contains the above copyright notice and this license. These can be
|
||||
included either as stand-alone text files, human-readable headers or
|
||||
in the appropriate machine-readable metadata fields within text or
|
||||
binary files as long as those fields can be easily viewed by the user.
|
||||
|
||||
3) No Modified Version of the Font Software may use the Reserved Font
|
||||
Name(s) unless explicit written permission is granted by the corresponding
|
||||
Copyright Holder. This restriction only applies to the primary font name as
|
||||
presented to the users.
|
||||
|
||||
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
|
||||
Software shall not be used to promote, endorse or advertise any
|
||||
Modified Version, except to acknowledge the contribution(s) of the
|
||||
Copyright Holder(s) and the Author(s) or with their explicit written
|
||||
permission.
|
||||
|
||||
5) The Font Software, modified or unmodified, in part or in whole,
|
||||
must be distributed entirely under this license, and must not be
|
||||
distributed under any other license. The requirement for fonts to
|
||||
remain under this license does not apply to any document created
|
||||
using the Font Software.
|
||||
|
||||
TERMINATION
|
||||
This license becomes null and void if any of the above conditions are
|
||||
not met.
|
||||
|
||||
DISCLAIMER
|
||||
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
|
||||
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
|
||||
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
|
||||
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
|
||||
OTHER DEALINGS IN THE FONT SOFTWARE.
|
Binary file not shown.
Binary file not shown.
|
@ -1,93 +0,0 @@
|
|||
Copyright (c) 2010-2011, Nathan Willis (nwillis@glyphography.com), with Reserved Font Name "News Cycle."
|
||||
|
||||
This Font Software is licensed under the SIL Open Font License, Version 1.1.
|
||||
This license is copied below, and is also available with a FAQ at:
|
||||
http://scripts.sil.org/OFL
|
||||
|
||||
|
||||
-----------------------------------------------------------
|
||||
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
|
||||
-----------------------------------------------------------
|
||||
|
||||
PREAMBLE
|
||||
The goals of the Open Font License (OFL) are to stimulate worldwide
|
||||
development of collaborative font projects, to support the font creation
|
||||
efforts of academic and linguistic communities, and to provide a free and
|
||||
open framework in which fonts may be shared and improved in partnership
|
||||
with others.
|
||||
|
||||
The OFL allows the licensed fonts to be used, studied, modified and
|
||||
redistributed freely as long as they are not sold by themselves. The
|
||||
fonts, including any derivative works, can be bundled, embedded,
|
||||
redistributed and/or sold with any software provided that any reserved
|
||||
names are not used by derivative works. The fonts and derivatives,
|
||||
however, cannot be released under any other type of license. The
|
||||
requirement for fonts to remain under this license does not apply
|
||||
to any document created using the fonts or their derivatives.
|
||||
|
||||
DEFINITIONS
|
||||
"Font Software" refers to the set of files released by the Copyright
|
||||
Holder(s) under this license and clearly marked as such. This may
|
||||
include source files, build scripts and documentation.
|
||||
|
||||
"Reserved Font Name" refers to any names specified as such after the
|
||||
copyright statement(s).
|
||||
|
||||
"Original Version" refers to the collection of Font Software components as
|
||||
distributed by the Copyright Holder(s).
|
||||
|
||||
"Modified Version" refers to any derivative made by adding to, deleting,
|
||||
or substituting -- in part or in whole -- any of the components of the
|
||||
Original Version, by changing formats or by porting the Font Software to a
|
||||
new environment.
|
||||
|
||||
"Author" refers to any designer, engineer, programmer, technical
|
||||
writer or other person who contributed to the Font Software.
|
||||
|
||||
PERMISSION & CONDITIONS
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of the Font Software, to use, study, copy, merge, embed, modify,
|
||||
redistribute, and sell modified and unmodified copies of the Font
|
||||
Software, subject to the following conditions:
|
||||
|
||||
1) Neither the Font Software nor any of its individual components,
|
||||
in Original or Modified Versions, may be sold by itself.
|
||||
|
||||
2) Original or Modified Versions of the Font Software may be bundled,
|
||||
redistributed and/or sold with any software, provided that each copy
|
||||
contains the above copyright notice and this license. These can be
|
||||
included either as stand-alone text files, human-readable headers or
|
||||
in the appropriate machine-readable metadata fields within text or
|
||||
binary files as long as those fields can be easily viewed by the user.
|
||||
|
||||
3) No Modified Version of the Font Software may use the Reserved Font
|
||||
Name(s) unless explicit written permission is granted by the corresponding
|
||||
Copyright Holder. This restriction only applies to the primary font name as
|
||||
presented to the users.
|
||||
|
||||
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
|
||||
Software shall not be used to promote, endorse or advertise any
|
||||
Modified Version, except to acknowledge the contribution(s) of the
|
||||
Copyright Holder(s) and the Author(s) or with their explicit written
|
||||
permission.
|
||||
|
||||
5) The Font Software, modified or unmodified, in part or in whole,
|
||||
must be distributed entirely under this license, and must not be
|
||||
distributed under any other license. The requirement for fonts to
|
||||
remain under this license does not apply to any document created
|
||||
using the Font Software.
|
||||
|
||||
TERMINATION
|
||||
This license becomes null and void if any of the above conditions are
|
||||
not met.
|
||||
|
||||
DISCLAIMER
|
||||
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
|
||||
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
|
||||
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
|
||||
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
|
||||
OTHER DEALINGS IN THE FONT SOFTWARE.
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
10
index.php
10
index.php
|
@ -45,9 +45,9 @@ $user->get_info($_COOKIE["token"]);
|
|||
}
|
||||
?>
|
||||
<link rel="stylesheet" href="/style/helper.css">
|
||||
<script src="/bin/jquery.js"></script>
|
||||
<script src="/bin/main.js"></script>
|
||||
<title>Einkaufsliste</title>
|
||||
<script src="/js/jquery.js"></script>
|
||||
<script src="/js/main.js"></script>
|
||||
<title>ShoppingList</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
@ -55,7 +55,7 @@ $user->get_info($_COOKIE["token"]);
|
|||
if ($site && ($site != "login")) {
|
||||
include $_SESSION["docroot"] . '/cont/nav.php';
|
||||
}
|
||||
echo '<div id="content" class="container">';
|
||||
echo '<div id="content" class="container pt-4">';
|
||||
switch ($site) {
|
||||
case "login":
|
||||
include $_SESSION["docroot"] . '/cont/login.php';
|
||||
|
@ -100,7 +100,7 @@ $user->get_info($_COOKIE["token"]);
|
|||
}
|
||||
echo "</div>";
|
||||
?>
|
||||
<script src="bin/bootstrap.bundle.min.js"></script>
|
||||
<script src="js/bootstrap.bundle.min.js"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<link rel="stylesheet" href="/style/fontawesome/css/all.css">
|
||||
<link rel="stylesheet" href="/style/main.css">
|
||||
<script src="/bin/jquery.js"></script>
|
||||
<script src="/js/jquery.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
|
|
|
@ -45,7 +45,6 @@ $CONFIG["host"] = $_POST['dbhost'];
|
|||
$CONFIG["username"] = $_POST['username'];
|
||||
$CONFIG["passwd"] = $_POST['passwd'];
|
||||
$CONFIG["database"] = $_POST['database'];
|
||||
$CONFIG["theme"] = "default";
|
||||
|
||||
file_put_contents($_SESSION["docroot"].'/config/config.php', '<?php '."\r\n".'$CONFIG = '.var_export($CONFIG, true).";\n\r?>");
|
||||
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<link rel="stylesheet" href="/style/fontawesome/css/all.css">
|
||||
<link rel="stylesheet" href="/style/main.css">
|
||||
<script src="/bin/jquery.js"></script>
|
||||
<script src="/bin/adduser.js" charset="utf-8"></script>
|
||||
<script src="/js/jquery.js"></script>
|
||||
<script src="/js/adduser.js" charset="utf-8"></script>
|
||||
<title>Benutzer hinzufügen</title>
|
||||
</head>
|
||||
<body>
|
||||
|
|
0
bin/jquery.js → js/jquery.js
vendored
0
bin/jquery.js → js/jquery.js
vendored
|
@ -1,4 +1,5 @@
|
|||
$(document).ready(function () {
|
||||
highlightNewEntry();
|
||||
$("input[type=checkbox]").change(checkItem);
|
||||
$("#remove").click(deleteCheckeditems);
|
||||
$("#nameField").focus();
|
||||
|
@ -6,6 +7,25 @@ $(document).ready(function () {
|
|||
$("#nameField").on("focus", function () { $(this).select(); });
|
||||
});
|
||||
|
||||
function highlightNewEntry(){
|
||||
var cookies = document.cookie;
|
||||
var cookieRegExp = new RegExp(/;?\s+newItem=(\d+)/g);
|
||||
var match = cookieRegExp.exec(cookies);
|
||||
if(match!=null){
|
||||
var newID = match[1];
|
||||
var checkBox = $("[data-id=" + newID + "]");
|
||||
var newRow = checkBox.parent().parent();
|
||||
newRow.removeClass($(checkBox).data("color"));
|
||||
newRow.addClass("alert-primary");
|
||||
setTimeout(function () {
|
||||
newRow.removeClass("alert-primary");
|
||||
newRow.addClass($(checkBox).data("color"));
|
||||
}, 1000);
|
||||
document.cookie = "newItem=-1"
|
||||
console.log(document.cookie);
|
||||
}
|
||||
}
|
||||
|
||||
function deleteCheckeditems() {
|
||||
$.post({
|
||||
url: "api/list/del",
|
|
@ -13,7 +13,10 @@
|
|||
$token = "-1";
|
||||
}
|
||||
|
||||
$result = $mysqli->query('SELECT * FROM `sessions` WHERE `session_id` = \''.$token.'\';');
|
||||
$selectQuery = $mysqli->prepare('SELECT * FROM `sessions` WHERE `session_id` = ?;');
|
||||
$selectQuery->bind_param("s", $token);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
|
||||
if(($result->num_rows) == 0 && (!(in_array("site", array_keys($_GET))) || $_GET["site"]!="login"))
|
||||
{
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
function shopping(){
|
||||
include $_SESSION["docroot"].'/config/config.php';
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$result = $mysqli->query("SELECT * FROM `ViewEinkauf` ORDER BY `ViewEinkauf`.`Name` ASC");
|
||||
$result = $mysqli->query("SELECT * FROM `ViewEinkauf` ORDER BY `ViewEinkauf`.`Name` ASC;");
|
||||
while($item = $result->fetch_assoc()){
|
||||
$this->addItem($item["ID"], $item["Anzahl"], $item["Einheit"], $item["Name"], $item["Erledigt"]);
|
||||
}
|
||||
|
@ -30,15 +30,20 @@
|
|||
include $_SESSION["docroot"].'/config/config.php';
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
if(!is_int($einheit)){
|
||||
$unit_query = "SELECT * FROM `Einheit` WHERE `Name` = \"$einheit\"";
|
||||
$result = $mysqli->query($unit_query);
|
||||
$selectQuery = $mysqli->prepare("SELECT * FROM `Einheit` WHERE `Name` = ?;");
|
||||
$selectQuery->bind_param("s", $einheit);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
while($row = $result->fetch_assoc()){
|
||||
$einheit = $row["ID"];
|
||||
}
|
||||
}
|
||||
$insertQuery = "INSERT INTO `Einkauf` (`Anzahl`, `Einheit`, `Name`, `Erledigt`) VALUES (".$anzahl.", ".$einheit.", '".$name."', 0)";
|
||||
$mysqli->query($insertQuery);
|
||||
$insertQuery = $mysqli->prepare("INSERT INTO `Einkauf` (`Anzahl`, `Einheit`, `Name`, `Erledigt`) VALUES (?, ?, ?, 0);");
|
||||
$insertQuery->bind_param("sss", $anzahl, $einheit, $name);
|
||||
$result = $insertQuery->execute();
|
||||
$insertID = $mysqli->insert_id;
|
||||
$mysqli->close();
|
||||
return $insertID;
|
||||
}
|
||||
|
||||
function newItems($itemList){
|
||||
|
@ -50,14 +55,16 @@
|
|||
function removeChecked(){
|
||||
include $_SESSION["docroot"].'/config/config.php';
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$mysqli->query("DELETE FROM `Einkauf` WHERE `Erledigt`=1");
|
||||
$mysqli->query("DELETE FROM `Einkauf` WHERE `Erledigt`=1;");
|
||||
$mysqli->close();
|
||||
}
|
||||
|
||||
function check($id, $status){
|
||||
include $_SESSION["docroot"].'/config/config.php';
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$mysqli->query("UPDATE `Einkauf` SET `Erledigt` = $status WHERE `Einkauf`.`ID` = $id");
|
||||
$updateQuery = $mysqli->prepare("UPDATE `Einkauf` SET `Erledigt` = $status WHERE `Einkauf`.`ID` = ?;");
|
||||
$updateQuery->bind_param("s", $id);
|
||||
$updateQuery->execute();
|
||||
$mysqli->close();
|
||||
}
|
||||
|
||||
|
@ -89,7 +96,7 @@
|
|||
function units(){
|
||||
include $_SESSION["docroot"].'/config/config.php';
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$result = $mysqli->query("SELECT * FROM `Einheit`");
|
||||
$result = $mysqli->query("SELECT * FROM `Einheit`;");
|
||||
while($item = $result->fetch_assoc()){
|
||||
$this->addItem($item["ID"], $item["Name"], $item["Standard"]);
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -14,7 +14,7 @@
|
|||
}
|
||||
function unitList(){
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$result = $mysqli->query("SELECT * FROM `Einheit`");
|
||||
$result = $mysqli->query("SELECT * FROM `Einheit`;");
|
||||
while($item = $result->fetch_assoc()){
|
||||
$this->addItem($item["ID"], $item["Name"], $item["Standard"]);
|
||||
}
|
||||
|
@ -22,7 +22,10 @@
|
|||
}
|
||||
function getID($Name){
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$result = $mysqli->query("SELECT `ID` FROM `Einheit` WHERE `Name` = '$Name'");
|
||||
$selectQuery = $mysqli->prepare("SELECT `ID` FROM `Einheit` WHERE `Name` = ?;");
|
||||
$selectQuery->bind_param("s", "$Name");
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
$ID = $result->fetch_assoc();
|
||||
return $ID["ID"];
|
||||
}
|
||||
|
@ -57,16 +60,28 @@
|
|||
public $sites = array();
|
||||
function getRecipe($ID){
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$recipes = $mysqli->query("SELECT * FROM `Rezept` WHERE `ID` = $ID ORDER BY Name ASC");
|
||||
$selectQuery = $mysqli->prepare("SELECT * FROM `Rezept` WHERE `ID` = ? ORDER BY Name ASC;");
|
||||
$selectQuery->bind_param("s", $ID);
|
||||
$selectQuery->execute();
|
||||
$recipes = $selectQuery->get_result();
|
||||
while($recipe = $recipes->fetch_assoc()){
|
||||
$current = new recipe($RID = $recipe["ID"], $RName = $recipe["Name"], $RDuration = $recipe["Dauer"], $RDescription = $recipe["Beschreibung"]);
|
||||
$recepieIngredients = $mysqli->query("SELECT * FROM `RezeptZutat` WHERE `Rezept` = $RID");
|
||||
$selectIngredientsQuery = $mysqli->prepare("SELECT * FROM `RezeptZutat` WHERE `Rezept` = ?;");
|
||||
$selectIngredientsQuery->bind_param("s", $RID);
|
||||
$selectIngredientsQuery->execute();
|
||||
$recepieIngredients = $selectIngredientsQuery->get_result();
|
||||
while($recepieIngredient = $recepieIngredients->fetch_assoc()){
|
||||
$IID = $recepieIngredient["Zutat"];
|
||||
$IAmount = $recepieIngredient["Menge"];
|
||||
$units = $mysqli->query("SELECT `Name` FROM `Einheit` WHERE `ID` = ".$recepieIngredient["Einheit"]);
|
||||
$selectUnitQuery = $mysqli->prepare("SELECT `Name` FROM `Einheit` WHERE `ID` = ?;");
|
||||
$selectUnitQuery->bind_param("s", $recepieIngredient["Einheit"]);
|
||||
$selectUnitQuery->execute();
|
||||
$units = $selectUnitQuery->get_result();
|
||||
while($unit = $units->fetch_assoc()){$IUnit = $unit["Name"];}
|
||||
$names = $mysqli->query("SELECT `Name` FROM `Zutat` WHERE `ID` = ".$recepieIngredient["Zutat"]);
|
||||
$selectNamesQuery = $mysqli->prepare("SELECT `Name` FROM `Zutat` WHERE `ID` = ?;");
|
||||
$selectNamesQuery->bind_param("s", $recepieIngredient["Zutat"]);
|
||||
$selectNamesQuery->execute();
|
||||
$names = $selectNamesQuery->get_result();
|
||||
while($name = $names->fetch_assoc()){$IName = $name["Name"];}
|
||||
$current->addIngredient($IID, $IAmount, $IUnit, $IName);
|
||||
}
|
||||
|
@ -80,13 +95,22 @@
|
|||
$recipes = $mysqli->query("SELECT * FROM `Rezept` ORDER BY Name ASC");
|
||||
while($recipe = $recipes->fetch_assoc()){
|
||||
$current = new recipe($RID = $recipe["ID"], $RName = $recipe["Name"], $RDuration = $recipe["Dauer"], $RDescription = $recipe["Beschreibung"]);
|
||||
$recepieIngredients = $mysqli->query("SELECT * FROM `RezeptZutat` WHERE `Rezept` = $RID");
|
||||
$selectIngredientsQuery = $mysqli->prepare("SELECT * FROM `RezeptZutat` WHERE `Rezept` = ?;");
|
||||
$selectIngredientsQuery->bind_param("s", $RID);
|
||||
$selectIngredientsQuery->execute();
|
||||
$recepieIngredients = $selectIngredientsQuery->get_result();
|
||||
while($recepieIngredient = $recepieIngredients->fetch_assoc()){
|
||||
$IID = $recepieIngredient["Zutat"];
|
||||
$IAmount = $recepieIngredient["Menge"];
|
||||
$units = $mysqli->query("SELECT `Name` FROM `Einheit` WHERE `ID` = ".$recepieIngredient["Einheit"]);
|
||||
$selectUnitQuery = $mysqli->prepare("SELECT `Name` FROM `Einheit` WHERE `ID` = ?;");
|
||||
$selectUnitQuery->bind_param("s", $recepieIngredient["Einheit"]);
|
||||
$selectUnitQuery->execute();
|
||||
$units = $selectUnitQuery->get_result();
|
||||
while($unit = $units->fetch_assoc()){$IUnit = $unit["Name"];}
|
||||
$names = $mysqli->query("SELECT `Name` FROM `Zutat` WHERE `ID` = ".$recepieIngredient["Zutat"]);
|
||||
$selectNamesQuery = $mysqli->prepare("SELECT `Name` FROM `Zutat` WHERE `ID` = ?;");
|
||||
$selectNamesQuery->bind_param("s", $recepieIngredient["Zutat"]);
|
||||
$selectNamesQuery->execute();
|
||||
$names = $selectNamesQuery->get_result();
|
||||
while($name = $names->fetch_assoc()){$IName = $name["Name"];}
|
||||
$current->addIngredient($IID, $IAmount, $IUnit, $IName);
|
||||
}
|
||||
|
@ -103,7 +127,10 @@
|
|||
$import = json_decode($_POST["content"]);
|
||||
if($import->sites!=null){
|
||||
foreach ($import->sites as $site) {
|
||||
$result = $mysqli->query("SELECT * FROM `Rezept` WHERE `Name`='$site->Name'");
|
||||
$selectQuery = $mysqli->prepare("SELECT * FROM `Rezept` WHERE `Name`=?;");
|
||||
$selectQuery->bind_param("s", $site->Name);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
if($result->num_rows>0){
|
||||
array_push($failed_sites, $site);
|
||||
}
|
||||
|
@ -132,53 +159,83 @@
|
|||
|
||||
function newRecipe($Name, $Dauer, $Beschreibung, $Zutaten){
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$mysqli->query("INSERT INTO `Rezept` (`Name`, `Dauer`, `Beschreibung`) VALUES ('$Name', '$Dauer', '$Beschreibung')");
|
||||
$insertQuery = $mysqli->prepare("INSERT INTO `Rezept` (`Name`, `Dauer`, `Beschreibung`) VALUES (?, ?, ?);");
|
||||
$insertQuery->bind_param("sss", $Name, $Dauer, $Beschreibung);
|
||||
$insertQuery->execute();
|
||||
$RezeptID = $mysqli->insert_id;
|
||||
foreach ($Zutaten as $Zutat) {
|
||||
$ZutatID = null;
|
||||
$result = $mysqli->query("SELECT ID FROM `Zutat` WHERE `Name` LIKE '".$Zutat["Name"]."'");
|
||||
$selectIngredientsQuery = $mysqli->prepare("SELECT ID FROM `Zutat` WHERE `Name` LIKE ?;");
|
||||
$selectIngredientsQuery->bind_param("s", $Zutat["Name"]);
|
||||
$selectIngredientsQuery->execute();
|
||||
$result = $selectIngredientsQuery->get_result();
|
||||
if($result->num_rows>0){
|
||||
$item = $result->fetch_assoc();
|
||||
$ZutatID = $item["ID"];
|
||||
}
|
||||
else{
|
||||
$mysqli->query("INSERT INTO `Zutat` (`Name`) VALUES ('".ucwords($Zutat["Name"])."')");
|
||||
$UppercaseName = ucwords($Zutat["Name"]);
|
||||
$insertIngredientsQuery = $mysqli->prepare("INSERT INTO `Zutat` (`Name`) VALUES (?);");
|
||||
$insertIngredientsQuery->bind_param("s", $UppercaseName);
|
||||
$insertIngredientsQuery->execute();
|
||||
$ZutatID = $mysqli->insert_id;
|
||||
}
|
||||
$mysqli->query("INSERT INTO `RezeptZutat` (`Rezept`,`Menge`,`Einheit`,`Zutat`) VALUES ('{$RezeptID}','{$Zutat["Amount"]}','{$Zutat["Unit"]}','{$ZutatID}');");
|
||||
$inserRecipeQuery = $mysqli->prepare("INSERT INTO `RezeptZutat` (`Rezept`,`Menge`,`Einheit`,`Zutat`) VALUES (?,?,?,?);");
|
||||
$inserRecipeQuery->bind_param("ssss", $RezeptID, $Zutat["Amount"], $Zutat["Unit"], $ZutatID);
|
||||
$inserRecipeQuery->execute();
|
||||
}
|
||||
$mysqli->close();
|
||||
}
|
||||
|
||||
function updateRecipe($ID, $Name, $Dauer, $Beschreibung, $Zutaten){
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$mysqli->query("UPDATE `Rezept` SET `Name` = '$Name', `Dauer` = '$Dauer', `Beschreibung` = '$Beschreibung' WHERE `Rezept`.`ID` = $ID;");
|
||||
$mysqli->query("DELETE FROM RezeptZutat WHERE Rezept = $ID");
|
||||
$updateQuery = $mysqli->prepare("UPDATE `Rezept` SET `Name` = ?, `Dauer` = ?, `Beschreibung` = ? WHERE `Rezept`.`ID` = ?;");
|
||||
$updateQuery->bind_param("ssss", $Name, $Dauer, $Beschreibung, $ID);
|
||||
$updateQuery->execute();
|
||||
$deleteQuery = $mysqli->prepare("DELETE FROM RezeptZutat WHERE Rezept = ?;");
|
||||
$deleteQuery->bind_param("s", $ID);
|
||||
$deleteQuery->execute();
|
||||
foreach ($Zutaten as $Zutat) {
|
||||
$ZutatID = null;
|
||||
$result = $mysqli->query("SELECT ID FROM `Zutat` WHERE `Name` LIKE '".$Zutat["Name"]."'");
|
||||
$selectIngredientsQuery = $mysqli->prepare("SELECT ID FROM `Zutat` WHERE `Name` LIKE ?;");
|
||||
$selectIngredientsQuery->bind_param("s", $Zutat["Name"]);
|
||||
$selectIngredientsQuery->execute();
|
||||
$result = $selectIngredientsQuery->get_result();
|
||||
if($result->num_rows>0){
|
||||
while($item = $result->fetch_assoc()){ $ZutatID = $item["ID"];}
|
||||
}
|
||||
else{
|
||||
$mysqli->query("INSERT INTO `Zutat` (`Name`) VALUES ('".ucwords($Zutat["Name"])."')");
|
||||
$uppercaseName = ucwords($Zutat["Name"]);
|
||||
$insertIngredientsQuery = $mysqli->prepare("INSERT INTO `Zutat` (`Name`) VALUES (?);");
|
||||
$insertIngredientsQuery->bind_param("s", $uppercaseName);
|
||||
$insertIngredientsQuery->execute();
|
||||
$ZutatID = $mysqli->insert_id;
|
||||
}
|
||||
$mysqli->query("INSERT INTO `RezeptZutat` (`Rezept`,`Menge`,`Einheit`,`Zutat`) VALUES ('{$ID}','{$Zutat["Amount"]}','{$Zutat["Unit"]}','{$ZutatID}');");
|
||||
$insertRecipeIngredientsQuery = $mysqli->prepare("INSERT INTO `RezeptZutat` (`Rezept`,`Menge`,`Einheit`,`Zutat`) VALUES (?,?,?,?);");
|
||||
$insertRecipeIngredientsQuery->bind_param("ssss", $ID, $Zutat["Amount"], $Zutat["Unit"], $ZutatID);
|
||||
$insertRecipeIngredientsQuery->execute();
|
||||
}
|
||||
}
|
||||
|
||||
function removeRecipe($ID){
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$mysqli->query("DELETE FROM `RezeptZutat` WHERE `Rezept`=$ID");
|
||||
$mysqli->query("DELETE FROM Rezept WHERE ID=$ID");
|
||||
$deleteQuery = $mysqli->prepare("DELETE FROM `RezeptZutat` WHERE `Rezept`=?;");
|
||||
$deleteQuery->bind_param("s", $ID);
|
||||
$deleteQuery->execute();
|
||||
$deleteQuery = $mysqli->prepare("DELETE FROM Rezept WHERE ID=?;");
|
||||
$deleteQuery->bind_param("s", $ID);
|
||||
$deleteQuery->execute();
|
||||
$mysqli->close();
|
||||
}
|
||||
|
||||
function getAllIngredientsContaining($q){
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$values = array();
|
||||
$result = $mysqli->query("SELECT Name FROM Zutat WHERE Name LIKE '%$q%' ORDER BY Name ASC");
|
||||
$filterValue = "%$q%";
|
||||
$selectQuery = $mysqli->prepare("SELECT Name FROM Zutat WHERE Name LIKE ? ORDER BY Name ASC");
|
||||
$selectQuery->bind_param("s", $filterValue);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
while($item = $result->fetch_assoc()){
|
||||
array_push($values, $item["Name"]);
|
||||
}
|
||||
|
|
|
@ -5,8 +5,10 @@
|
|||
|
||||
function get_info($session_id) {
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$query = "SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = \"$session_id\")";
|
||||
$result = $mysqli->query($query);
|
||||
$selectQuery = $mysqli->prepare("SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = ?);");
|
||||
$selectQuery->bind_param("s", $session_id);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
$user = $result->fetch_assoc();
|
||||
$this->uid = $user["uid"];
|
||||
$this->username = $user["username"];
|
||||
|
@ -21,11 +23,15 @@
|
|||
include $_SESSION["docroot"].'/php/hash.php';
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$current_pwhash = hash_password($current, $this->salt);
|
||||
$query = "SELECT `uid` FROM `users` WHERE `uid` = $this->uid AND `password` = '$current_pwhash'";
|
||||
$result = $mysqli->query($query);
|
||||
$selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `uid` = ? AND `password` = ?;");
|
||||
$selectQuery->bind_param("ss", $this->uid, $current_pwhash);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
if($result->num_rows===1){
|
||||
$new_pwdhash = hash_password($new, $this->salt);
|
||||
$mysqli->query("UPDATE `users` SET `password` = '$new_pwdhash' WHERE `users`.`uid` = $this->uid;");
|
||||
$updateQuery = $mysqli->prepare("UPDATE `users` SET `password` = ? WHERE `users`.`uid` = ?;");
|
||||
$updateQuery->bind_param("ss", $new_pwdhash, $this->uid);
|
||||
$updateQuery->execute();
|
||||
$mysqli->close();
|
||||
print_r("0");
|
||||
}
|
||||
|
@ -35,20 +41,25 @@
|
|||
}
|
||||
|
||||
function change_mail($mailaddress){
|
||||
include $_SESSION["docroot"].'/php/hash.php';
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$this->mail = $mailaddress;
|
||||
$result = $mysqli->query("UPDATE `users` SET `email` = '$mailaddress' WHERE `users`.`uid` = $this->uid;");
|
||||
$updateQuery = $mysqli->prepare("UPDATE `users` SET `email` = ? WHERE `users`.`uid` = ?;");
|
||||
$updateQuery->bind_param("ss", $mailaddress, $this->uid);
|
||||
$updateQuery->execute();
|
||||
$mysqli->close();
|
||||
}
|
||||
|
||||
function change_username($newname){
|
||||
include $_SESSION["docroot"].'/php/hash.php';
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$this->username = $newname;
|
||||
$result = $mysqli->query("SELECT * WHERE `username` = $this->username;");
|
||||
$selectQuery = $mysqli->prepare("SELECT * FROM `users` WHERE `username` = ?;");
|
||||
$selectQuery->bind_param("s", $this->username);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
if($result->num_rows==0){
|
||||
$result = $mysqli->query("UPDATE `users` SET `username` = '$newname' WHERE `users`.`uid` = $this->uid;");
|
||||
$updateQuery = $mysqli->prepare("UPDATE `users` SET `username` = ? WHERE `users`.`uid` = ?;");
|
||||
$updateQuery->bind_param("ss", $newname, $this->uid);
|
||||
$updateQuery->execute();
|
||||
print_r("0");
|
||||
}
|
||||
else{
|
||||
|
@ -59,7 +70,9 @@
|
|||
|
||||
function change_theme($theme){
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
$result = $mysqli->query("UPDATE `users` SET `theme` = '$theme' WHERE `users`.`uid` = $this->uid;");
|
||||
$updateQuery = $mysqli->prepare("UPDATE `users` SET `theme` = ? WHERE `users`.`uid` = ?;");
|
||||
$updateQuery->bind_param("ss", $theme, $this->uid);
|
||||
$updateQuery->execute();
|
||||
if($result){
|
||||
print_r("0");
|
||||
}
|
||||
|
@ -72,13 +85,17 @@
|
|||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
include $_SESSION["docroot"].'/php/hash.php';
|
||||
|
||||
$query = "SELECT `uid` FROM `users` WHERE `username` = '$uname'";
|
||||
$result = $mysqli->query($query);
|
||||
$selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `username` = ?;");
|
||||
$selectQuery->bind_param("s", $uname);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
if($result->num_rows==0){
|
||||
$salt = create_salt();
|
||||
$passhash = hash_password($password, $salt);
|
||||
$query = "INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES ('$uname', '$passhash', '$salt', CURRENT_TIMESTAMP);";
|
||||
$result = $mysqli->query($query);
|
||||
$insertQuery = $mysqli->prepare("INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES (?, ?, ?, CURRENT_TIMESTAMP);");
|
||||
$insertQuery->bind_param("sss", $uname, $passhash, $salt);
|
||||
$insertQuery->execute();
|
||||
$result = $insertQuery->get_result();
|
||||
unset($salt);
|
||||
unset($password);
|
||||
print_r(0);
|
||||
|
|
|
@ -4,7 +4,8 @@
|
|||
|
||||
switch ($_GET["function"]) {
|
||||
case 'new':
|
||||
$shopping->newItem($_POST["anzahl"], $_POST["einheit"], $_POST["name"]);
|
||||
$newID = $shopping->newItem($_POST["anzahl"], $_POST["einheit"], $_POST["name"]);
|
||||
setcookie("newItem", "$newID", 0, "/", "");
|
||||
header("Location: /list");
|
||||
break;
|
||||
|
||||
|
|
|
@ -4,9 +4,10 @@ include $_SESSION["docroot"].'/config/config.php';
|
|||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
include $_SESSION["docroot"].'/php/hash.php';
|
||||
|
||||
|
||||
$query = 'SELECT `uid`,`username`,`password`,`salt` FROM users WHERE `username`=\''.$_POST['user'].'\';';
|
||||
$result = $mysqli->query($query);
|
||||
$selectQuery = $mysqli->prepare('SELECT `uid`,`username`,`password`,`salt` FROM users WHERE `username`=?;');
|
||||
$selectQuery->bind_param("s", $_POST['user']);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
|
||||
if ($result->num_rows == 1)
|
||||
{
|
||||
|
@ -27,13 +28,24 @@ if ($result->num_rows == 1)
|
|||
$session_expiry = date('Y-m-d H:i:s', time()+86400);
|
||||
}
|
||||
|
||||
$mysqli->query('INSERT INTO `sessions` (`session_id`, `user`, `expires`) VALUES (\''.$token.'\', \''.$userdetails["uid"].'\', \''.$session_expiry.'\'); ');
|
||||
$insertQuery = $mysqli->prepare('INSERT INTO `sessions` (`session_id`, `user`, `expires`) VALUES (?,?,?);');
|
||||
$insertQuery->bind_param("sss", $token, $userdetails["uid"], $session_expiry);
|
||||
$insertQuery->execute();
|
||||
|
||||
}
|
||||
$mysqli->query('UPDATE `users` SET `last_login` = \''.date("Y-m-d H:i:s").'\' WHERE `uid` = \''.$userdetails["uid"].'\';');
|
||||
$mysqli->close();
|
||||
header("Location: ".$_POST["refurl"]);
|
||||
exit(0);
|
||||
else
|
||||
{
|
||||
setcookie("token", "false", 0, "/", "");
|
||||
header("Location: /");
|
||||
exit(1);
|
||||
}
|
||||
$lastLoginDate = date("Y-m-d H:i:s");
|
||||
$updateQuery = $mysqli->prepare("UPDATE `users` SET `last_login` = ? WHERE `uid` = ?;");
|
||||
$updateQuery->bind_param("ss", $lastLoginDate, $userdetails["uid"]);
|
||||
$updateQuery->execute();
|
||||
$mysqli->close();
|
||||
header("Location: ".$_POST["refurl"]);
|
||||
exit(0);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
@ -3,7 +3,9 @@ session_start();
|
|||
include $_SESSION["docroot"].'/config/config.php';
|
||||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
|
||||
$mysqli->query('DELETE FROM `sessions` WHERE `session_id`=\''.$_COOKIE["token"].'\';');
|
||||
$deleteQuery = $mysqli->prepare('DELETE FROM `sessions` WHERE `session_id`=?;');
|
||||
$deleteQuery->bind_param("s", $_COOKIE["token"]);
|
||||
$deleteQuery->execute();
|
||||
|
||||
unset($_SESSION);
|
||||
session_destroy();
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
.toast {
|
||||
right: 0;
|
||||
left: unset !important;
|
||||
pointer-events: none
|
||||
pointer-events: none;
|
||||
}
|
||||
|
||||
.close_toast {
|
||||
pointer-events: all;
|
||||
.list-row {
|
||||
transition: .5s;
|
||||
}
|
7108
style/themes/cerulan.css
Normal file
7108
style/themes/cerulan.css
Normal file
File diff suppressed because it is too large
Load diff
6819
style/themes/cosmo.css
Normal file
6819
style/themes/cosmo.css
Normal file
File diff suppressed because it is too large
Load diff
|
@ -1,4 +1,4 @@
|
|||
@import url("/fonts/roboto/Roboto-Regular.ttf");
|
||||
@import url("https://fonts.googleapis.com/css?family=Roboto:400,700");
|
||||
:root {
|
||||
--blue: #2A9FD6;
|
||||
--indigo: #6610f2;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
@import url("/fonts/lato/Lato-Regular.ttf");
|
||||
@import url("https://fonts.googleapis.com/css?family=Lato:400,700,400italic");
|
||||
:root {
|
||||
--blue: #2C3E50;
|
||||
--indigo: #6610f2;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
@import url("/fonts/newscycle/NewsCycle-Regular.ttf");
|
||||
@import url("https://fonts.googleapis.com/css?family=News+Cycle:400,700");
|
||||
:root {
|
||||
--blue: #EB6864;
|
||||
--indigo: #6610f2;
|
||||
|
|
7188
style/themes/litera.css
Normal file
7188
style/themes/litera.css
Normal file
File diff suppressed because it is too large
Load diff
7190
style/themes/minty.css
Normal file
7190
style/themes/minty.css
Normal file
File diff suppressed because it is too large
Load diff
6893
style/themes/pulse.css
Normal file
6893
style/themes/pulse.css
Normal file
File diff suppressed because it is too large
Load diff
|
@ -1,4 +1,4 @@
|
|||
@import url("/fonts/roboto/Roboto-Regular.ttf");
|
||||
@import url("https://fonts.googleapis.com/css?family=Roboto:400,500,700");
|
||||
:root {
|
||||
--blue: #325D88;
|
||||
--indigo: #6610f2;
|
||||
|
|
7270
style/themes/sketchy.css
Normal file
7270
style/themes/sketchy.css
Normal file
File diff suppressed because it is too large
Load diff
7334
style/themes/slate.css
Normal file
7334
style/themes/slate.css
Normal file
File diff suppressed because it is too large
Load diff
7186
style/themes/solar.css
Normal file
7186
style/themes/solar.css
Normal file
File diff suppressed because it is too large
Load diff
7164
style/themes/spacelab.css
Normal file
7164
style/themes/spacelab.css
Normal file
File diff suppressed because it is too large
Load diff
7182
style/themes/superhero.css
Normal file
7182
style/themes/superhero.css
Normal file
File diff suppressed because it is too large
Load diff
7016
style/themes/united.css
Normal file
7016
style/themes/united.css
Normal file
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue