202 lines
5.2 KiB
PHP
202 lines
5.2 KiB
PHP
<?php
|
|
session_start();
|
|
require_once __DIR__ . '/db/config.php';
|
|
|
|
$action = $_GET['action'] ?? '';
|
|
|
|
switch ($action) {
|
|
case 'register':
|
|
handle_register();
|
|
break;
|
|
case 'login':
|
|
handle_login();
|
|
break;
|
|
case 'logout':
|
|
handle_logout();
|
|
break;
|
|
case 'update_profile':
|
|
handle_update_profile();
|
|
break;
|
|
case 'create_thread':
|
|
handle_create_thread();
|
|
break;
|
|
case 'create_post':
|
|
handle_create_post();
|
|
break;
|
|
default:
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
function handle_update_profile() {
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: profile.php');
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: login.php');
|
|
exit;
|
|
}
|
|
|
|
$user_id = $_SESSION['user_id'];
|
|
$name = $_POST['name'] ?? '';
|
|
$email = $_POST['email'] ?? '';
|
|
$bio = $_POST['bio'] ?? '';
|
|
$skills = $_POST['skills'] ?? '';
|
|
$interests = $_POST['interests'] ?? '';
|
|
$goals = $_POST['goals'] ?? '';
|
|
|
|
if (empty($name) || empty($email)) {
|
|
die('Name and Email are required');
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("UPDATE users SET name = ?, email = ?, bio = ?, skills = ?, interests = ?, goals = ? WHERE id = ?");
|
|
$stmt->execute([$name, $email, $bio, $skills, $interests, $goals, $user_id]);
|
|
|
|
$_SESSION['user_name'] = $name; // Update session name
|
|
|
|
header('Location: profile.php?success=1');
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
die("Profile update failed: " . $e->getMessage());
|
|
}
|
|
}
|
|
|
|
function handle_register() {
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: register.php');
|
|
exit;
|
|
}
|
|
|
|
$name = $_POST['name'] ?? '';
|
|
$email = $_POST['email'] ?? '';
|
|
$password = $_POST['password'] ?? '';
|
|
|
|
if (empty($name) || empty($email) || empty($password)) {
|
|
die('Please fill all fields');
|
|
}
|
|
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("INSERT INTO users (name, email, password) VALUES (?, ?, ?)");
|
|
$stmt->execute([$name, $email, $hashed_password]);
|
|
header('Location: login.php');
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
die("Registration failed: " . $e->getMessage());
|
|
}
|
|
}
|
|
|
|
function handle_login() {
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: login.php');
|
|
exit;
|
|
}
|
|
|
|
$email = $_POST['email'] ?? '';
|
|
$password = $_POST['password'] ?? '';
|
|
|
|
if (empty($email) || empty($password)) {
|
|
die('Please fill all fields');
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch();
|
|
|
|
if ($user && password_verify($password, $user['password'])) {
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['user_name'] = $user['name'];
|
|
$_SESSION['user_role'] = $user['role'];
|
|
header('Location: dashboard.php');
|
|
exit;
|
|
} else {
|
|
die('Invalid login');
|
|
}
|
|
} catch (PDOException $e) {
|
|
die("Login failed: " . $e->getMessage());
|
|
}
|
|
}
|
|
|
|
function handle_logout() {
|
|
session_destroy();
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
function handle_create_thread() {
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: forums.php');
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: login.php');
|
|
exit;
|
|
}
|
|
|
|
$forum_id = $_POST['forum_id'] ?? null;
|
|
$title = $_POST['title'] ?? '';
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
if (empty($forum_id) || empty($title)) {
|
|
// Or redirect with an error message
|
|
die('Forum ID and Title are required.');
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("INSERT INTO discussion_threads (forum_id, user_id, title) VALUES (?, ?, ?)");
|
|
$stmt->execute([$forum_id, $user_id, $title]);
|
|
|
|
$new_thread_id = $pdo->lastInsertId();
|
|
|
|
// Redirect to the new thread page
|
|
header('Location: thread.php?id=' . $new_thread_id);
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
die("Failed to create thread: " . $e->getMessage());
|
|
}
|
|
}
|
|
|
|
function handle_create_post() {
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: forums.php');
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: login.php');
|
|
exit;
|
|
}
|
|
|
|
$thread_id = $_POST['thread_id'] ?? null;
|
|
$content = $_POST['content'] ?? '';
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
if (empty($thread_id) || empty($content)) {
|
|
// Redirect back to the thread with an error
|
|
header('Location: thread.php?id=' . $thread_id . '&error=1');
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("INSERT INTO discussion_posts (thread_id, user_id, content) VALUES (?, ?, ?)");
|
|
$stmt->execute([$thread_id, $user_id, $content]);
|
|
|
|
// Redirect back to the thread page
|
|
header('Location: thread.php?id=' . $thread_id);
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
die("Failed to create post: " . $e->getMessage());
|
|
}
|
|
}
|