-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupdate-single.php
93 lines (81 loc) · 2.66 KB
/
update-single.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
include('functions.php');
if (!isLevel1()) {
$_SESSION['msg'] = "You must log in first";
header('location: login.php');
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: login.php");
}
?>
<?php
/**
* Use an HTML form to edit an entry in the
* users table.
*
*/
require "config.php";
require "common.php";
//Decryption Keys
$cardkey = 'pass1234';
$cvvkey = 'pass5678';
if (isset($_POST['submit'])) {
try {
$connection = new PDO($dsn, $username, $password, $options);
$user =[
"id" => $_POST['id'],
"firstname" => $_POST['firstname'],
"lastname" => $_POST['lastname'],
"cardnumber" => $_POST['cardnumber'],
"cvv" => $_POST['cvv'],
"location" => $_POST['location'],
"date" => $_POST['date']
];
$sql = "UPDATE subscribers
SET id = :id,
firstname = :firstname,
lastname = :lastname,
cardnumber = AES_ENCRYPT(:cardnumber, '$cardkey'),
cvv = AES_ENCRYPT(:cvv, '$cvvkey'),
location = :location,
date = :date
WHERE id = :id";
$statement = $connection->prepare($sql);
$statement->execute($user);
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_GET['id'])) {
try {
$connection = new PDO($dsn, $username, $password, $options);
$id = $_GET['id'];
$sql = "SELECT id, firstname, lastname, AES_DECRYPT(cardnumber, '$cardkey') as cardnumber, AES_DECRYPT(cvv, '$cvvkey') as cvv, location, date FROM subscribers WHERE id = :id";
$statement = $connection->prepare($sql);
$statement->bindValue(':id', $id);
$statement->execute();
$user = $statement->fetch(PDO::FETCH_ASSOC);
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
} else {
echo "Something went wrong!";
exit;
}
?>
<?php require "templates/header.php"; ?>
<?php if (isset($_POST['submit']) && $statement) : ?>
<?php echo escape($_POST['firstname']); ?> successfully updated.
<?php endif; ?>
<h2>Edit a user</h2>
<form method="post">
<?php foreach ($user as $key => $value) : ?>
<label for="<?php echo $key; ?>"><?php echo ucfirst($key); ?></label>
<input type="text" name="<?php echo $key; ?>" id="<?php echo $key; ?>" value="<?php echo escape($value); ?>" <?php echo ($key === 'id' ? 'readonly' : null); ?>>
<?php endforeach; ?>
<input type="submit" name="submit" value="Submit">
</form>
<a href="userLogin.php">Back to home</a>
<?php require "templates/footer.php"; ?>