dame changes

ImageResizeException.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace Gumlet;
+
+/**
+ * PHP Exception used in the ImageResize class
+ */
+class ImageResizeException extends \Exception
+{
+}

captcha.php

@@ -0,0 +1,23 @@
+<?php
+/*******w******** 
+Name: John Kelvin A. Valerio
+Date: 03/13/23
+Description: Project
+****************/
+
+session_start();
+header("Content-type: image/png");
+$random_str = md5(rand());
+$captcha_text = substr($random_str, 0, 5);
+$_SESSION['captcha_text'] = $captcha_text;
+$image = imagecreate(120, 40);
+$background_color = imagecolorallocate($image, 255, 255, 255);
+$text_color = imagecolorallocate($image, 0, 0, 0);
+imagestring($image, 5, 35, 10, $captcha_text, $text_color);
+for ($i = 0; $i < 100; $i++) {
+    $pixel_color = imagecolorallocate($image, rand(0, 255), rand(0, 255), rand(0, 255));
+    imagesetpixel($image, rand(0, 120), rand(0, 40), $pixel_color);
+}
+
+imagepng($image);
+imagedestroy($image);

create.php

@@ -11,6 +11,15 @@
 //require('authenticate.php');
 session_start();
 
+if(isset($_SESSION['alert_message'])) {
+    $message = $_SESSION['alert_message'];
+    //echo "<script>document.getElementById('error').style.visibility = 'visible';</script>"; 
+    //echo "<p>('$message')</p>";
+    echo "<script>alert('$message');</script>";
+    unset($_SESSION['alert_message']);
+    echo "<script>window.location.reload();</script>";
+}
+
 // SQL is written as a String.
 $query = "SELECT * FROM categories ORDER BY categorie_id DESC";
 
@@ -26,6 +35,9 @@
         $tagList[$row['categorie_id']] = $row['categorie_name'];
     }
 }
+
+
+
 ?>
 
 <!DOCTYPE html>
@@ -122,7 +134,7 @@
             <?php endif ?>
         </ul>
         <div id="all_blogs">
-            <form action="post.php" method="post">
+            <form action="post.php" method="post" enctype="multipart/form-data">
                 <fieldset>
                     <legend>Create Drip Post</legend>
                     <p>
@@ -133,6 +145,11 @@
                         <label for="content">Content</label>
                         <textarea name="content" id="content"></textarea>
                     </p>
+
+                    <p>
+                        <input type="file" id="file" name="file[]" multiple>
+                    </p>
+
                     <p>
                         <label for="tag">Select a tag:</label>
                         <select name="tag" id="tag">

edit.php

@@ -146,6 +146,22 @@ function filteredData()
                         <label for="content">Content</label>
                         <textarea name="content" id="content"><?= $blogData['content'] ?></textarea>
                     </p>
+
+                    <?php if (isset($blogPost['filename']) && !empty($blogPost['filename']) && $blogPost['filename'] !== null): ?>
+                             <div id="existing-image-container"> 
+                                <label>Existing Image:</label> 
+                                <?php $img_src = '../Create/uploads/' . $blogPost['filename']; ?> 
+                                <img src="<?= $img_src ?>" alt="<?= $blogPost['title'] ?>" style="width: 400px; height: auto;"> 
+                                <div> <input type="checkbox" name="delete_image" value="1"> 
+                                <label>Delete existing image</label> 
+                            </div> 
+                        </div> 
+                        <?php endif; ?>
+
+
+                    <p>
+                        <input type="file" id="file" name="file[]" multiple>
+                    </p>
                     <p>
                         <label for="tag">Select a tag:</label>
                         <select name="tag" id="tag">

index.php

@@ -158,10 +158,15 @@
                                     <?php else: ?>
                                         <?php $content = $row['content'] ?>
                                     <?php endif ?>
+                                    <?php if(!empty($row['image_path'])): ?>
+                                        <div>
+                                        <img src="<?php echo $row['image_path']; ?>" alt="No preview">
+                                    </div>
+                                    <?php endif?>
                                     <div class='blog_content'>
                                         <?= $content ?>
                                     </div>
-
+                                    
                                     <div>
                                         <?php foreach ($tagList as $tag => $value): ?>
                                             <?php if ($row['categorie_id'] === $tag): ?>

post.php

@@ -6,9 +6,32 @@
 Description: Project
 ****************/
 
+// Required libraries for Gumlet Library
+require 'ImageResize.php';
+require 'ImageResizeException.php';
+
 require('connect.php');
 session_start();
 
+
+function resize_images($file_type,$file_name,$file_path,$file_directory,$allowed_mime_types){
+    if (in_array($file_type, $allowed_mime_types)) {
+
+       $medium_file = $file_directory . pathinfo($file_name, PATHINFO_FILENAME) . '_medium.' . pathinfo($file_name, PATHINFO_EXTENSION);
+       $thumbnail_file = $file_directory . pathinfo($file_name, PATHINFO_FILENAME) . '_thumbnail.' . pathinfo($file_name, PATHINFO_EXTENSION);
+
+       // Resized Max Width 50px
+       $image_thumbnail = new \Gumlet\ImageResize($file_path);
+       $image_thumbnail->resizeToWidth(50);
+       $image_thumbnail->save($thumbnail_file);
+
+       // Resized Max Width 400px
+       $image_medium = new \Gumlet\ImageResize($file_path);
+       $image_medium->resizeToWidth(400);
+       $image_medium->save($medium_file);
+   }
+}
+
 if (
     $_POST && !empty($_POST['title']) && strlen($_POST['title']) >= 1 &&
     strlen($_POST['title']) <= 100 && !empty($_POST['content']) && strlen($_POST['content']) >= 1
@@ -23,17 +46,66 @@
 
         $user_id = $_SESSION['user_id'];
 
+        $file_path = "";
+        $file_path_medium = "";
+
+        //$file = $_FILES['file'];
+
+        if(isset($_FILES['file']) && isset($_POST['file'])){
+            echo 'File is exisisting';
+            $allowed_mime_types = ['image/jpeg', 'image/png', 'image/gif', 'application/pdf'];
+            $file_directory = 'images/';
+
+            // Create images directory if not existing
+            if(!file_exists($file_directory)){
+                mkdir("images");
+            }
+
+            for ($i = 0; $i < count($_FILES['file']['name']); $i++) {
+                echo 'Loop is running';
+                $file_type = mime_content_type($_FILES['file']['tmp_name'][$i]);
+                $file_name = $_FILES['file']['name'][$i];
+                $file_path = $file_directory . $file_name;
+
+                $pos = strrpos($file_path, "."); // Find the last occurrence of the "." character
+                if ($pos !== false) {
+                // If the "." character is found, insert "_medium" before it
+                $file_path_medium = substr_replace($file_path, "_medium", $pos, 0);
+                }
+
+
+                if (!in_array($file_type, $allowed_mime_types)) {
+                    $errorMessage = "File is type is invalid";
+                    $_SESSION['alert_message'] = $errorMessage;
+                     header("Location: authenticate.php");
+                     exit;
+                }
+
+                if (file_exists($file_path)) {
+                    $errorMessage = "File is already existing";
+                    $_SESSION['alert_message'] = $errorMessage ;
+                     header("Location: authenticate.php");
+                     exit;
+                }
+
+                move_uploaded_file($_FILES['file']['tmp_name'][$i], $file_path);
+
+                resize_images($file_type,$file_name,$file_path,$file_directory,$allowed_mime_types);
+        }
+    }
+
         $slug = trim($_POST['title']);
         $slug = strtolower($slug);
-        $slug = preg_replace('/[^a-z0-9]+/', '-', $slug);
-        $slug = trim($slug, '-');
+        $slug = preg_replace('/[^a-z0-9]+/', '/', $slug);
+        $slug = trim($slug, '&');
 
         //  Build the parameterized SQL query and bind to the above sanitized values.
-        $query = "INSERT INTO content_post (user_id, title, content, categorie_id, slug) VALUES (:user_id, :title, :content, :categorie_id, :slug)";
+        $query = "INSERT INTO content_post (user_id,image_path, title, content, categorie_id, slug) VALUES (:user_id, :image_path, :title, :content, :categorie_id, :slug)";
         $statement = $db->prepare($query);
 
         //  Bind values to the parameters
         $statement->bindValue(":user_id", $user_id);
+        $statement->bindValue(":image_path", $file_path_medium);
         $statement->bindValue(":title", $title);
         $statement->bindValue(":content", $content);
         $statement->bindValue(":categorie_id", $categorie_id);
@@ -42,8 +114,8 @@
         //  Execute the INSERT.
         //  execute() will check for possible SQL injection and remove if necessary
         if ($statement->execute()) {
-            header("Location: index.php");
-            exit;
+          header("Location: index.php");
+           exit;
         }
     } else if (isset($_POST['update'])) {
         //  Sanitize user input to escape HTML entities and filter out dangerous characters.

register_post.php

@@ -13,71 +13,77 @@
     $_POST
 ) {
     if (isset($_POST['register'])) {
-        if (
-            isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']) && isset($_POST['reenter_password']) && !empty($_POST['reenter_password']) && 
-            filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) && !empty(($_POST['email']) && $_POST['password'] == $_POST['reenter_password'])
-        ) {
-
-            //  Sanitize user input to escape HTML entities and filter out dangerous characters.
-            $client_name = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRIPPED);
-            $client_email = $_POST['email'];
-            $client_password = $_POST['password'];
-            $client_lvl = '3';
-            $hashed_password = password_hash($client_password,PASSWORD_DEFAULT);
-
-            //  Build the parameterized SQL query and bind to the above sanitized values.
-            $query = "INSERT INTO users (name, email, password,user_lvl) VALUES (:name, :email, :password, :user_lvl)";
-            $statement = $db->prepare($query);
-
-            //  Bind values to the parameters
-            $statement->bindValue(":name", $client_name);
-            $statement->bindValue(":email", $client_email);
-            $statement->bindValue(":password", $hashed_password);
-            $statement->bindValue(":user_lvl", $client_lvl);
-
-
-            //  Execute the INSERT.
-            //  execute() will check for possible SQL injection and remove if necessary
-            if ($statement->execute()) {
-                     // Check if remember me is selected  
-            $remember_is_selected = $_POST['remember'];
-            if ($remember_is_selected) {
-                // Set client to cookies
-                setcookie('client_name', $client_name, time() + (86400 * 30), '/');
-                setcookie('client_email', $client_email, time() + (86400 * 30), '/');
-                setcookie('client_lvl', $client_lvl, time() + (86400 * 30), '/');
-                // Set client to session 
-                echo ('Client Saved on session ');
-                // session_unset();
-                // session_destroy();
-
-                $query = "SELECT * FROM users WHERE email = :email";
-
-                // A PDO::Statement is prepared from the query.
-                $statementFetch = $db->prepare($query);
-                $statementFetch->bindParam(':email', $client_email);
-                // Execution on the DB server is delayed until we execute().
-                $statementFetch->execute();
-
-                $row = $statementFetch->fetch();
-
-                $_SESSION['user_name'] = $row['name'];
-                $_SESSION['user_id'] = $row['user_id'];
-                $_SESSION['user_lvl'] = $row['user_lvl'];
-                $_SESSION['user_email'] = ($_POST['email']);
-
-                     echo($_SESSION['user_id']);
-
-                // $_SESSION['user_name'] = ($client_name);
-                // $_SESSION['user_email'] = ($client_email);
-                // $_SESSION['client_lvl'] = ($client_lvl);
-            }
-               header("Location: index.php");
+        $captcha_input = $_POST['captcha-input'];
 
-            }
+        if ($_SESSION['captcha_text'] != $captcha_input) {
+            echo ('Invalid captcha.');
         } else {
-            echo ('Registration Failed please complete all the required fields.');
-            exit;
+            if (
+                isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']) && isset($_POST['reenter_password']) && !empty($_POST['reenter_password']) &&
+                filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) && !empty(($_POST['email']) && $_POST['password'] == $_POST['reenter_password'])
+            ) {
+
+                //  Sanitize user input to escape HTML entities and filter out dangerous characters.
+                $client_name = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRIPPED);
+                $client_email = $_POST['email'];
+                $client_password = $_POST['password'];
+                $client_lvl = '3';
+                $hashed_password = password_hash($client_password, PASSWORD_DEFAULT);
+
+                //  Build the parameterized SQL query and bind to the above sanitized values.
+                $query = "INSERT INTO users (name, email, password,user_lvl) VALUES (:name, :email, :password, :user_lvl)";
+                $statement = $db->prepare($query);
+
+                //  Bind values to the parameters
+                $statement->bindValue(":name", $client_name);
+                $statement->bindValue(":email", $client_email);
+                $statement->bindValue(":password", $hashed_password);
+                $statement->bindValue(":user_lvl", $client_lvl);
+
+
+                //  Execute the INSERT.
+                //  execute() will check for possible SQL injection and remove if necessary
+                if ($statement->execute()) {
+                    // Check if remember me is selected  
+                    $remember_is_selected = $_POST['remember'];
+                    if ($remember_is_selected) {
+                        // Set client to cookies
+                        setcookie('client_name', $client_name, time() + (86400 * 30), '/');
+                        setcookie('client_email', $client_email, time() + (86400 * 30), '/');
+                        setcookie('client_lvl', $client_lvl, time() + (86400 * 30), '/');
+                        // Set client to session 
+                        echo ('Client Saved on session ');
+                        // session_unset();
+                        // session_destroy();
+
+                        $query = "SELECT * FROM users WHERE email = :email";
+
+                        // A PDO::Statement is prepared from the query.
+                        $statementFetch = $db->prepare($query);
+                        $statementFetch->bindParam(':email', $client_email);
+                        // Execution on the DB server is delayed until we execute().
+                        $statementFetch->execute();
+
+                        $row = $statementFetch->fetch();
+
+                        $_SESSION['user_name'] = $row['name'];
+                        $_SESSION['user_id'] = $row['user_id'];
+                        $_SESSION['user_lvl'] = $row['user_lvl'];
+                        $_SESSION['user_email'] = ($_POST['email']);
+
+                        echo ($_SESSION['user_id']);
+
+                        // $_SESSION['user_name'] = ($client_name);
+                        // $_SESSION['user_email'] = ($client_email);
+                        // $_SESSION['client_lvl'] = ($client_lvl);
+                    }
+                    header("Location: index.php");
+
+                }
+            } else {
+                echo ('Registration Failed please complete all the required fields.');
+                exit;
+            }
         }
     }