Updated some code based of feedback

fixed some small stuff
maxemiliang · May 19, 2015 · 4462451 · 4462451
1 parent b499572
commit 4462451
Show file tree

Hide file tree

Showing 17 changed files with 19 additions and 46 deletions.
diff --git a/assign_id.php b/assign_id.php
@@ -1,5 +1,4 @@
 <?php
-require_once("require/start_session.php");
 require_once("require/database.php");
 
 $username = $_SESSION["username"];

diff --git a/index.php b/index.php
@@ -1,5 +1,4 @@
 <?php
-require_once("require/start_session.php");
 require_once("require/database.php");
 
 error_reporting(E_ALL & ~E_WARNING); 
@@ -28,6 +27,7 @@
     <?php
       if (isset($_SESSION["db_error"])) {
         echo '<nav class="menu"><h1>You have an error with the database! If this is the first time starting this webapp run <a href="install/install.php">install.php</a></h1></nav>';
+        unset($_SESSION["db-error"]);
       }
       if (isset($_SESSION["installed"])) {
         echo "<strong>IMPORTANT!!!!</strong> INSTALLATION DONE! PLEASE REMOVE THE INSTALL FOLDER!!!";

diff --git a/install/install.php b/install/install.php
@@ -19,18 +19,12 @@
 	<h1 class="Name">Installation</h1>
 	<li> <a href="../index.php">Back to homepage</a> </li>
 </nav>
-<h3><strong>IMPORTANT!</strong> Add this to your htaccess file for:<br/></h3>
-	<?php 
-	echo '<p>&lt; Files *.inc&gt;  
-    Order deny,allow
-    Deny from all
-	&lt;/Files&gt;</p><br/>';
 	if (isset($_SESSION["dberror"])) {
 		echo "<h4>There was an error creating the database:"; print_r($_SESSION["dberror"]); echo "<h4>";
 	}
 	?>
 	<br/>
-	<p>next go edit the config.ini file in require/conf/ with your database info!</p>
+	<p>next go edit the configinst.php file in require/with your database info!</p>
 	<br/>
 	<a href="setupdata.php"><button class="uploads">Next</button></a>
 </body>

diff --git a/ladda.php b/ladda.php
@@ -1,5 +1,4 @@
 <?php
-require_once("require/start_session.php");
 require_once("require/database.php");
 ?>
 <html>

diff --git a/like.php b/like.php
@@ -1,5 +1,4 @@
 <?php 
-require_once("require/start_session.php");
 require_once("require/database.php");
 
 $user = mysqli_real_escape_string($conn, $_SESSION["user_id"]);

diff --git a/login.php b/login.php
@@ -28,7 +28,7 @@
         header("location: index.php");
     } else {
         $_SESSION["userorpass"] = 1;
-        header("location: index.php");
+        header("location: signin.php");
     }
 } else {
     $_SESSION["error"] = 1;

diff --git a/require/conf/config.ini b/require/conf/config.ini
diff --git a/require/confinst.php b/require/confinst.php
@@ -1,12 +1,10 @@
 <?php 
-var_dump($_POST);
-$conf["dbhost"] = $_POST["db-host"];
-$conf["dbuser"] = $_POST["db-user"];
-$conf["dbpass"] = $_POST["db-password"];
-$file = "../require/conf/config.ini";
-var_dump($conf);
+ $conf = array(
+ 		"db-host" => "localhost",
+ 		"db-username" => "root",
+ 		"db-password" => "",
+ 		"db-name" => "img"
+ 	);
+
 
-file_put_contents($file, str_ireplace("Array","",print_r($conf, TRUE)), FILE_APPEND | LOCK_EX);
-header("location: ../index.php");
-
 ?>
diff --git a/require/database.php b/require/database.php
@@ -1,9 +1,10 @@
 <?php
-require_once("parse.php");
-$servername = $conf["db_host"];
-$username = $conf["db_username"];
-$password = $conf["db_password"];
-$dbname = $conf["db_database"];
+require("confinst.php");
+require("start_session.php");
+$servername = $conf["db-host"];
+$username = $conf["db-username"];
+$password = $conf["db-password"];
+$dbname = $conf["db-name"];
 
 $conn = new mysqli($servername, $username, $password, $dbname);
 if ($conn->connect_error) {

diff --git a/require/parse.php b/require/parse.php
diff --git a/signin.php b/signin.php
@@ -1,5 +1,4 @@
 <?php
-require_once("require/start_session.php");
 require_once("require/database.php");
 ?>
 <html>

diff --git a/signup.php b/signup.php
@@ -1,5 +1,4 @@
 <?php
-require_once("require/start_session.php");
 require_once("require/database.php");
 
 if(empty($_POST['signuser'])){

diff --git a/upload.php b/upload.php
@@ -1,5 +1,4 @@
 <?php
-require_once("require/start_session.php");
 require_once("require/database.php");
 
 
@@ -33,6 +32,8 @@
     $_SESSION["img_error"] = 1;
 } else {
     $desc = mysqli_real_escape_string($conn ,$_POST["desc"]);
+    $desc_fix = trim($desc);
+    $desc_inp = filter_input(INPUT_POST, $desc_fix, FILTER_SANITIZE_SPECIAL_CHARS);
     if (strlen($desc) > 1000) {
         $_SESSION["descerr"] = 1;
     } else {
@@ -45,7 +46,7 @@
      echo "The file has been uploaded.";
      $useruploading = $_SESSION["user_id"];
      $date = date("Y-m-d");
-     $sql = "INSERT INTO imgs (images, date, description, userid) VALUES ('$file', '$date', '$desc', '$useruploading')";
+     $sql = "INSERT INTO imgs (images, date, description, userid) VALUES ('$file', '$date', '$desc_input', '$useruploading')";
         if ($conn->query($sql) === TRUE) {
             echo "New record created successfully";
         } else {

diff --git a/uploads/img625E b/uploads/img625E
diff --git a/uploads/img91D9 b/uploads/img91D9
diff --git a/uploads/imgBE51 b/uploads/imgBE51
diff --git a/user_panel.php b/user_panel.php
@@ -1,5 +1,4 @@
 <?php
-require_once("require/database.php");
 require_once("require/start_session.php");
 
 $user_info = array($_SESSION["username"], $_SESSION["user_id"]);