|
|
@@ -56,6 +56,9 @@ $app->get('/', function (Request $request, Response $response, array $args) { |
|
|
|
addNavbar($response); |
|
|
|
$response->getBody()->write('<hr/><h1>Onze blog</h1>'); |
|
|
|
$response->getBody()->write('<ul>'); |
|
|
|
# Opdracht : lees de blogs in, en toon het lijstje met links naar de artikels. |
|
|
|
# $ret->fetchArray(SQLITE3_ASSOC); Dit geeft steeds 1 rij terug als Associative array |
|
|
|
# https://www.php.net/manual/en/sqlite3result.fetcharray.php : commentaar "4" geeft clues hoe aan te pakken |
|
|
|
foreach ($_SESSION['blogs'] as $art) { |
|
|
|
$response->getBody()->write('<li><a href="/blog/' . $art['slug'] . '">' . $art['title'] . '</a></li>'); |
|
|
|
} |
|
|
@@ -77,6 +80,7 @@ $app->map(['GET', 'POST'], '/blog/create', function (Request $request, Response |
|
|
|
unset($_SESSION['error']); |
|
|
|
} |
|
|
|
|
|
|
|
// Opdracht : Toon reeds ingevoerde gegevens in geval van foutmelding |
|
|
|
$response->getBody()->write('<form action="/blog/create" method="POST">'); |
|
|
|
$response->getBody()->write('<label for="slug">slug:</label>'); |
|
|
|
$response->getBody()->write('<input type="text" name="slug"/><br/>'); |
|
|
@@ -96,8 +100,6 @@ $app->map(['GET', 'POST'], '/blog/create', function (Request $request, Response |
|
|
|
$stmt->bindValue(':title', $data['title'], SQLITE3_TEXT); |
|
|
|
$stmt->bindValue(':content', $data['content'], SQLITE3_TEXT); |
|
|
|
$res = $stmt->execute(); |
|
|
|
//$ret = $db->exec($sql); |
|
|
|
//$_SESSION['blogs'][] = ["slug" => $data['slug'], "title" => $data['title'], "content" => "Lorem ipsum 4"]; |
|
|
|
|
|
|
|
if ($res) { |
|
|
|
return $response->withHeader('Location', '/')->withStatus(302); |
|
|
@@ -152,6 +154,7 @@ $app->map(['GET', 'POST'], '/login', function (Request $request, Response $respo |
|
|
|
|
|
|
|
|
|
|
|
global $db; |
|
|
|
// OPDRACHT : herwerk deze om te beveiligen tegen SQL Attack |
|
|
|
$sql = "SELECT count(*) as count FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "';"; |
|
|
|
$ret = $db->query($sql); |
|
|
|
$rows = $ret->fetchArray(SQLITE3_ASSOC); |