Add admin features - survey_seahorse - Software Engineering Project

commit b2a9735b8bdba01fe9908772716ee91a9d8ad50c
parent eb90768e7e4783e3df4593284eea5e9beacf3539
Author: John Kubach <johnkubach@gmail.com>
Date:   Mon, 10 Dec 2018 19:56:27 -0500

Add admin features

Diffstat:
A website/res/block.php  | 39 +++++++++++++++++++++++++++++++++++++++
A website/res/delete-survey.php  | 32 ++++++++++++++++++++++++++++++++
A website/res/register-admin.php  | 44 ++++++++++++++++++++++++++++++++++++++++++++

3 files changed, 115 insertions(+), 0 deletions(-)
diff --git a/website/res/block.php b/website/res/block.php
@@ -0,0 +1,39 @@
+<?php
+ini_set('display_errors', 'On');
+error_reporting(E_ALL | E_STRICT);
+
+session_start();
+
+include_once '../config.php';
+$username = mysqli_real_escape_string($connect, $_POST['username']);
+
+if (empty($username)) {
+    header("Location: ../controlpanel.php?username=error");
+    exit();
+} elseif (isset($_POST['revoke-creation'])) {
+    $sql = "UPDATE user SET blocked=b'01' WHERE username='$username';";
+    mysqli_query($connect, $sql) or die(mysqli_error($connect));
+    echo $username, " can no longer create surveys <br>";
+    echo "<a href = '../controlpanel.php'> Return to control panel </a>";
+    exit();
+} elseif (isset($_POST['revoke-access'])) {
+    $sql = "UPDATE user SET blocked=b'10' WHERE username='$username';";
+    mysqli_query($connect, $sql) or die(mysqli_error($connect));
+    echo $username, " can no longer create or take surveys <br>";
+    echo "<a href = '../controlpanel.php'> Return to control panel </a>";
+    exit();
+} elseif (isset($_POST['ban'])) {
+    $sql = "UPDATE user SET blocked=b'11' WHERE username='$username';";
+    mysqli_query($connect, $sql) or die(mysqli_error($connect));
+    echo $username, " has been banned from Survey Seahorse";
+    echo "<a href = '../controlpanel.php'> Return to control panel </a>";
+    exit();
+} elseif (isset($_POST['unban'])) {
+    $sql = "UPDATE user SET blocked=b'00' WHERE username='$username';";
+    mysqli_query($connect, $sql) or die(mysqli_error($connect));
+    echo $username, " now has full user privileges";
+    echo "<a href = '../controlpanel.php'> Return to control panel </a>";
+    exit();
+}
+
+
diff --git a/website/res/delete-survey.php b/website/res/delete-survey.php
@@ -0,0 +1,32 @@
+<?php
+ini_set('display_errors', 'On');
+error_reporting(E_ALL | E_STRICT);
+
+session_start();
+
+if (isset($_POST['delete-survey'])) {
+    include_once '../config.php';
+
+    $code = mysqli_real_escape_string($connect, $_POST['survey-code']);
+    if (empty($code)) {
+        header("Location: ../controlpanel.php?item=empty");
+        exit();
+    } else {
+        echo "Survey ", $code, " deleted ";
+        echo "<a href = '../controlpanel.php'> Control Panel </a>";
+        $sql ="SELECT * FROM survey WHERE access_code='$code';";
+        $result = mysqli_query($connect, $sql);
+        $row = mysqli_fetch_assoc($result);
+        $sid = $row['survey_id'];
+        $deleteSurvey ="DELETE FROM survey WHERE survey_id=$sid;";
+        $deleteQuestions ="DELETE FROM question WHERE survey_id=$sid;";
+        $deleteAnswers ="DELETE FROM answer_numeric WHERE survey_id=$sid;";
+
+        mysqli_query($connect, $deleteSurvey) or die(mysqli_error($connect));
+        mysqli_query($connect, $deleteQuestions) or die(mysqli_error($connect));
+        mysqli_query($connect, $deleteAnswers) or die(mysqli_error($connect));
+        exit();
+    }
+}
+?>
+
diff --git a/website/res/register-admin.php b/website/res/register-admin.php
@@ -0,0 +1,44 @@
+<?php
+ini_set('display_errors', 'On');
+error_reporting(E_ALL | E_STRICT);
+
+if (isset($_POST['admin'])) {
+    include_once '../config.php';
+    $email = mysqli_real_escape_string($connect, $_POST['email']);
+    $username = mysqli_real_escape_string($connect, $_POST['username']);
+    $password = mysqli_real_escape_string($connect, $_POST['password']);
+
+    if (empty($email) || empty($username) || empty($password)) {
+        header("Location: ../controlpanel.php?signup=empty");
+        exit();
+    } else {
+        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+          header("Location: ../controlpanel.php?signup=email");
+         exit();
+       } else {
+            $sql = "SELECT * FROM user WHERE username = '$username'";
+            $result = mysqli_query($connect, $sql);
+            $check = mysqli_num_rows($result);
+            
+            if ($check > 0) {
+                header("Location: ../controlpanel.php?signup=email");
+                exit();
+            } else {
+                $hashPass = password_hash($password, PASSWORD_DEFAULT);
+                $date = date("Y-m-d H:i:s");
+                $sql = "INSERT INTO user (email, username, password, admin,
+                    registration_date) 
+                VALUES ('$email', '$username', '$hashPass', 1, '$date');";
+
+                mysqli_query($connect, $sql) or die(mysqli_error($connect));
+                header("Location: ../controlpanel.php?signup=success");
+                exit();
+            }
+       }
+    }
+
+} else {
+    header("Location: ../profile.php");
+    exit();
+}
+?>

	survey_seahorse Software Engineering Project - Fall 2018
	Log \| Files \| Refs \| README

A	website/res/block.php	\|	39	+++++++++++++++++++++++++++++++++++++++
A	website/res/delete-survey.php	\|	32	++++++++++++++++++++++++++++++++
A	website/res/register-admin.php	\|	44	++++++++++++++++++++++++++++++++++++++++++++