comment, delete unnescessary code

142cce75 · sopham · 53c6c4d7 · 142cce75 · 142cce75 · 142cce75
Commit 142cce75 authored May 13, 2019 by sopham
Showing with 140 additions and 16 deletions
authentication.php
avatar-display.php
delete-all.php
delete-complete.php
display.php
function.js
index.php
insert.php
login_page.php → login_page.html
logout.php
upload.php
--- a/authentication.php
+++ b/authentication.php
 <?php
 session_start();
+
+//include the database connection data
 require_once "dbconnection.php";
+
+//make the query
 if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
+  
+  //bind user input to query
  $stmt->bind_param('s', $_POST['username']);
+  
+  //execute query
  $stmt->execute();
+
+  //transfer a result set from last query
  $stmt->store_result();
  
  if ($stmt->num_rows > 0) {
+
+    //bind variables to a prepared statement for result storage
    $stmt->bind_result($id, $password);
+
+    //fetch results from the prepared statement to bound variables
    $stmt->fetch();
+
+    //if password is correct, establish session
    if ($_POST['password'] ===  $password) {
      session_regenerate_id();
      $_SESSION['loggedin'] = TRUE;
@@ -17,8 +33,13 @@ if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
      header('Location:index.php');
    } else {
      echo "Incorrect password";
-    }	    
+    }    
  }
+
+  //close the statement
  $stmt->close();
 }
+
+//close the connection
+$link->close();
 ?>
--- a/avatar-display.php
+++ b/avatar-display.php
+<?php
+session_start();
+
+//include database connection data
+include_once "dbconnection.php";
+
+//make the query
+$query="SELECT image FROM users WHERE username=?";
+
+//prepare the query with empty values as placeholder
+$query = $link->prepare($query);
+
+//bind value to the prepared query
+$query->bind_param('s', $_SESSION['name']);
+
+//execute the query
+$query->execute();
+
+//bind variable to the prepared query
+$query->bind_result($location);
+
+//fetch the result to variable
+$query->fetch();
+
+//return the location folder as response
+echo $location;
+
+//close the statement
+$query->close();
+
+//close the connection
+$link->close();
+?>
--- a/delete-all.php
+++ b/delete-all.php
 <?php
+
+//include database connection data
 include_once "dbconnection.php";

+//make a query
 $query = "TRUNCATE TABLE toDoList;";

+//perform the query on the database
 $result = $link -> query($query);

+//check if there is any task deleted
 if($result->num_rows <= 0) {
  echo "No task was deleted";
 }

+//close the connection
 $link -> close();
 ?>
--- a/delete-complete.php
+++ b/delete-complete.php
 <?php
+
+//include database connection data
 include_once "dbconnection.php";

+//make the query
 $query ="DELETE FROM toDoList WHERE ID=?";
+
+//prepare empty values as placeholders
 $query = $link->prepare($query);

+//bind variable to the prepared query
 $query->bind_param('s', $_GET['id']);
+
+//execute the query
 $query->execute();

+//close the statement
 $query->close();
+
+//close the connection
 $link->close();
 ?>
--- a/display.php
+++ b/display.php
 <?php
-header('Content-type: application/json');
+//include database connection data
 include_once "dbconnection.php";

+//make the query
 $query = "SELECT ID,task FROM toDoList;";
 $result = $link -> query($query);

+//error handling
 if (!$result) die ("Database access failed");

+//define an array to store query results
 $data = array();

+//store id and task as key, value
 for ($i = 0; $i < $result->num_rows; ++$i) {
-  //$task = array();
  $row = $result->fetch_array(MYSQLI_NUM);
  $data[$row[0]] = $row[1];
 }
+
+//return json data
 header('Content-Type: application/json');
 echo json_encode($data);

+//close the connection
 $link->close();
 ?>
--- a/function.js
+++ b/function.js
@@ -62,7 +62,7 @@ $(document).ready(function() {
      type: "POST",
      success: function(data) {
        var e = document.getElementById("doList");
-        while(e.firstChild) {
+        while(e.firstChild) {	
          e.removeChild(e.firstChild);
        }
      }

--- a/index.php
+++ b/index.php
 <?php
 session_start();

-//if the user is not logged in, redirect to login page
+//if the user is not logged in, delete the session cookie, redirect to login page
 if(!isset($_SESSION['loggedin'])) {
-  session_destroy();
+
+  //delete the session cookie
  $params = session_get_cookie_params();
  setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));	
-  header('Location: login_page.php');
-  exit();
+
+  //redirect to the login page
+  header('Location: login_page.html');
 }
 ?>
 <!DOCTYPE html>

--- a/insert.php
+++ b/insert.php
 <?php
 session_start();
+
+//include database connection data
 include_once "dbconnection.php";
-//$query = "INSERT INTO toDoList (task) VALUES (?) ";
-$query1 = "INSERT INTO toDoList (task, userID) VALUES (?,?) ";
-$query1 = $link->prepare($query1);
-$query1 -> bind_param('si', $_POST['task'], $_SESSION['id']);
-//$query -> bind_param('si', $_POST['task']);
-$query1 -> execute();

+//make the query
+$query = "INSERT INTO toDoList (task, userID) VALUES (?,?) ";
+
+//prepare empty values as placeholders
+$query = $link->prepare($query1);
+
+//bind variables to the prepared query
+$query -> bind_param('si', $_POST['task'], $_SESSION['id']);
+
+//execute the query
+$query -> execute();
+
+//return the last id task as response
 $last_id = mysqli_insert_id($link);
 echo $last_id;
-$query1 -> close();
+
+//close the statement
+$query -> close();
+
+//close the connection
 $link -> close();
 ?>
--- a/login_page.php
+++ b/login_page.php
--- a/logout.php
+++ b/logout.php
 <?php
 session_start();
+
+//unset all the session variables
 session_unset();
+
+//destroy session
 session_destroy();
+
+//delete the session cookie
 $params = session_get_cookie_params();
 setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
-header("Location: login_page.php");
+
+//redirect to login page
+header("Location: login_page.html");
 ?>
--- a/upload.php
+++ b/upload.php
 <?php
  session_start();
+  
+  //include database connection data
  include_once 'dbconnection.php';
+
+  //check if the image is uploaded
  if(is_uploaded_file($_FILES['file']['tmp_name'])) {
+    
+    //save source and target to variables	  
    $sourcePath = $_FILES['file']['tmp_name'];
    $targetPath = "upload/".basename($_SESSION['name'].'.'.end((explode(".", $_FILES['file']['name']))));
+
+    //move uploaded file to target folder
    if(move_uploaded_file($sourcePath, $targetPath)) {
+      
+      //set session variable to the image location
      $_SESSION['avatar'] = $targetPath;
+      
+      //make a query to update database with image location
      $query = "UPDATE users SET image=? WHERE username=?";
+
+      //prepare empty values as placeholders
      $query = $link->prepare($query);
+
+      //bind variables to the prepared query
      $query->bind_param('ss', $targetPath,$_SESSION['name']);
+
+      //execute the query
      $query->execute();
+
+      //close the prepared statement
      $query->close();
+
+      //close the connection
      $link->close();
+
+      //return the image location as the response
      echo $targetPath;
    }
  }