|
|
@@ -1,4 +1,6 @@ |
|
|
|
<?php |
|
|
|
namespace Blog; |
|
|
|
|
|
|
|
session_start(); |
|
|
|
|
|
|
|
use Psr\Http\Message\ResponseInterface as Response; |
|
|
@@ -8,7 +10,7 @@ use Slim\Factory\AppFactory; |
|
|
|
require __DIR__ . '/../vendor/autoload.php'; |
|
|
|
|
|
|
|
$app = AppFactory::create(); |
|
|
|
class MyDB extends SQLite3 { |
|
|
|
class MyDB extends \SQLite3 { |
|
|
|
function __construct() { |
|
|
|
$this->open('../private/test.db'); |
|
|
|
} |
|
|
@@ -71,6 +73,9 @@ $app->get('/', function (Request $request, Response $response, array $args) { |
|
|
|
addNavbar($response); |
|
|
|
$response->getBody()->write('<hr/><h1>Onze blog</h1>'); |
|
|
|
$response->getBody()->write('<ul>'); |
|
|
|
// opdracht: lees de blogs in en toon een lijst met links naar artikels |
|
|
|
// commentaar fetchArray bekijken in documentatie voor loop tips |
|
|
|
|
|
|
|
foreach ($_SESSION['blogs'] as $art) { |
|
|
|
$response->getBody()->write('<li><a href="/blog/' . $art['slug'] . '">' . $art['title'] . '</a></li>'); |
|
|
|
} |
|
|
@@ -91,7 +96,7 @@ $app->map(['GET', 'POST'], '/blog/create', function (Request $request, Response |
|
|
|
$response->getBody()->write('<hr/>'); |
|
|
|
unset($_SESSION['error']); |
|
|
|
} |
|
|
|
|
|
|
|
// toon reeds ingevoerde ggevens in geval van foutmelding |
|
|
|
$response->getBody()->write('<form action="/blog/create" method="POST">'); |
|
|
|
$response->getBody()->write('<label for="slug">slug:</label>'); |
|
|
|
$response->getBody()->write('<input type="text" name="slug"/><br/>'); |
|
|
@@ -104,7 +109,6 @@ $app->map(['GET', 'POST'], '/blog/create', function (Request $request, Response |
|
|
|
} else { |
|
|
|
$data = $request->getParsedBody(); |
|
|
|
global $db; |
|
|
|
// $insertQuery = "INSERT INTO blogs (slug, title, content) VALUES ('" . $data['slug'] . "', '" . $data['title'] . "', '" . $data['content'] ."')"; |
|
|
|
$stmt = $db->prepare("INSERT INTO blogs (slug, title, content) VALUES (:slug, :title, :content)"); |
|
|
|
$stmt->bindValue(':slug', $data['slug'], SQLITE3_TEXT); |
|
|
|
$stmt->bindValue(':title', $data['title'], SQLITE3_TEXT); |
|
|
@@ -163,7 +167,8 @@ $app->map(['GET', 'POST'], '/login', function (Request $request, Response $respo |
|
|
|
$postdata = $request->getParsedBody(); |
|
|
|
|
|
|
|
global $db; |
|
|
|
$sql = "SELECT COUNT(*) as count FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "'"; |
|
|
|
$sql = "SELECT COUNT(*) as count FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "'"; |
|
|
|
// herweken, beveiligen tegen injection |
|
|
|
$ret = $db->query($sql); |
|
|
|
$rows = $ret->fetchArray(SQLITE3_ASSOC); |
|
|
|
$rowcount = $rows['count']; |