-
Notifications
You must be signed in to change notification settings - Fork 0
/
updaterating.php
147 lines (135 loc) · 6.25 KB
/
updaterating.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Login page of the LoveNotes site.">
<meta http-equiv='cache-control' content='no-cache'>
<meta http-equiv='expires' content='0'>
<meta http-equiv='pragma' content='no-cache'>
<title>LoveNotes</title>
<link rel="stylesheet" href="style.css" />
<script src="landing.js"></script>
<link rel="icon" href= "public/music.png" type="image/x-icon">
<script src="https://kit.fontawesome.com/289e976bd2.js" crossorigin="anonymous"></script>
</head>
<body>
<?php
//establish and check connection
if (!$_SESSION["loggedin"]) {
header('Location: ratings.php');
}
$servername = "localhost";
$username = "root";
$password = "";
$out_value = "";
$dbname = "music_db";
$user = $_SESSION["username"];
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$id = isset($_GET['id']) ? $_GET['id'] : null;
$song = "";
$artist = "";
$rating = "";
if ($id !== null) {
//parameterized query to prevent SQL Injections
$sql = "SELECT * FROM ratings WHERE id = ?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, "i", $id);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$num = mysqli_num_rows($result);
if ($num > 0) {
// get info for rating entry
$row = mysqli_fetch_assoc($result);
$song = $row['song'];
$artist = $row['artist'];
$rating = $row['rating'];
$username = $row['username'];
}
// if submit button is hit
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["submit"])) {
$updatedRating = $_POST['rating'];
// make sure current user is owner of the rating (should only be necessary if page is requested manually)
if ($username != $user){
$out_value = "You can only edit your own ratings!";
}
// confirm rating is an int between 1 and 5 inclusive
elseif (!is_numeric($updatedRating) || $updatedRating < 1 || $updatedRating > 5) {
$out_value = "Rating must be an integer between 1 and 5.";
}
else {
// update entry
//parameterized query to prevent SQL Injections
$sql = "UPDATE ratings SET song = ?, artist = ?, rating =? WHERE id = ?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, "ssii", $song, $artist, $updatedRating, $id);
mysqli_stmt_execute($stmt);
$num = mysqli_affected_rows($conn);
if ($num > 0) {
echo "Record updated successfully.";
header('Location: ratings.php');
} else {
echo "Error updating record: " . $conn->error;
}
}
}
}
$conn->close();
?>
<!-- Navigation Bar -->
<div id="navbar" class="row navbar">
<div class="navbar_logo" style= "padding-top:20px;">
<p style="margin: 0; height: 60px;"><a href="logout.php" style="cursor: pointer;" aria-label="Return to top of landing page">
<img src="images/logo.webp" id="logo" alt="lovenotes logo" style="width: 178px; height: 50px;" loading="lazy"/>
</a></p>
</div>
<div id="hi-message" style="padding-top: 35px; font-family: 'Lobster Two', cursive; color: rgb(233, 175, 204);">
<?php if($_SESSION["loggedin"]) {echo "Hi, $user";}?>
</div>
<ul id="navbar_items">
<li><a id="login-btn" href="ratings.php">Home</a></li>
</ul>
<button id="more-button" aria-label="Show navigation links" onclick="showNavItems()">
<i id="more-icon" class="fa-solid fa-list" style="color:rgb(233, 175, 204); font-size: 25px;"></i>
</button>
<ul id="navbar_list">
<li style="margin-bottom: 10px;"><a id="nav_item_list" href="ratings.php">Home</a></li>
</ul>
</div>
<!-- Rating section -->
<div id="Rating" class="container">
<div class="row home">
<div class="update_form" id="form">
<h1 style="font-size:60px; color: rgb(4, 57, 94); text-align:center;";>Update Rating</h1>
<form name="ratings" method="POST" action="">
<div style="text-align:center;" class="login_info">
<label class="label_text" for="song">Song Name:</label>
<span class="label_text"> <?php echo $song;?> </span>
</div>
<div style="text-align:center;" class="login_info">
<label class="label_text" for="artist">Artist:</label>
<span class="label_text"> <?php echo $artist;?> </span>
</div>
<div style="text-align:center;" class="login_info">
<label class="label_text" for="rating">Rating:</label>
<input required type="text" id="rating" name="rating" value= "<?php echo $rating;?>">
</div>
<p class="label_text" style="text-align: center; font-size: 17px; color: rgb(221, 84, 84);">
<?php if(!empty($out_value)){echo $out_value;}?>
</p>
<div style="text-align: center;">
<input type="submit" name="submit" value="Submit" class="submit_btn" style="padding:10px 30px; font-size: 22px;"/>
<a href="ratings.php" class="submit_btn" style="padding:10px 30px; font-size: 22px; text-decoration: none;">Cancel</a>
</div>
</form>
</div>
</div>
</div>
</body>