diff --git a/panel_admin/includes/film_dao.php b/panel_admin/includes/film_dao.php index 07c41c6..8c58fbc 100644 --- a/panel_admin/includes/film_dao.php +++ b/panel_admin/includes/film_dao.php @@ -39,9 +39,15 @@ public function allFilmData(){ $sql = sprintf( "SELECT * FROM film "); $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); - return $resul; + + while($fila=$resul->fetch_assoc()){ + $films[] = $this->loadFilm($fila["id"], $fila["tittle"], $fila["duration"], $fila["language"], $fila["description"]); + } + $resul->free(); + return $films; } + //Returns a query to get all films tittles. public function tittleFilmData(){ $sql = sprintf( "SELECT DISTINCT tittle FROM film "); diff --git a/panel_admin/includes/formFilm.php b/panel_admin/includes/formFilm.php index f14bd0b..f65804c 100644 --- a/panel_admin/includes/formFilm.php +++ b/panel_admin/includes/formFilm.php @@ -47,15 +47,21 @@ class FormFilm extends Form { } //Process form: - public function processesForm($id,$tittle,$duration,$language,$description, $option) { + public function processesForm($_id,$_tittle,$_duration,$_language,$_description, $_option) { $this->correct = true; - $this->option = $option; + $this->option = $_option; + + $id= $this->test_input($_id); + $tittle=$this->test_input($_tittle); + $duration=$this->test_input($_duration); + $language=$this->test_input($_language); + $description=$this->test_input($_description); //Habria que validar todo para que encaje en la base de datos $bd = new Film_DAO('complucine'); - if($bd ){ - if($option == "new"){ + if($bd){ + if($this->option == "new"){ //Primero comprobar si los campos no son vacios y la duracion es mayor que 0 if(!empty($tittle)&&$duration>0&&!empty($language)&&!empty($description)){ // comprobar si existe una pelicula con el mismo titulo e idioma @@ -64,15 +70,15 @@ class FormFilm extends Form { $this->correct =false; } else{ - $resul=$bd->createFilm(null, $tittle,$duration,$language,$description); - $resul->free(); + $bd->createFilm(null, $tittle,$duration,$language,$description); + } $exist->free(); } else{ $this->correct =false; } - } else if ($option == "del"){ + } else if ($this->option == "del"){ //Primero comprobar si existe una pelicula con el mismo id $exist = $bd-> FilmData($id); if( mysqli_num_rows($exist) == 1){ @@ -81,14 +87,13 @@ class FormFilm extends Form { else{ $this->correct =false; } - } else if ($option == "edit"){ + } else if ($this->option == "edit"){ //Primero comprobar si los campos no son vacios y la duracion es mayor que 0 if(!empty($tittle)&&$duration>0&&!empty($language)&&!empty($description)){ //comprobar si existe una pelicula con el mismo id $exist = $bd-> FilmData($id); if( mysqli_num_rows($exist) == 1){ - $resul = $bd->editFilm($id,$tittle,$duration,$language,$description); - $resul->free(); + $bd->editFilm($id,$tittle,$duration,$language,$description); } else{ $this->correct =false; @@ -98,18 +103,19 @@ class FormFilm extends Form { else{ $this->correct =false; } - } else if($this->option == "show") { - $resul = $bd->allFilmData(); - while($fila=mysqli_fetch_assoc($resul)){ - $this->array = new FilmDTO($fila["id"], $fila["tittle"], $fila["duration"], $fila["language"], $fila["description"]); - } - $resul->free(); + } else if($this->option == "show") { + $this->array = $bd->allFilmData(); } - else {$this->correct = false;} + else {$this->correct = false;} } - $bd->__destruct(); + } + + protected function test_input($input){ + return htmlspecialchars(trim(strip_tags($input))); + } } + ?> \ No newline at end of file diff --git a/panel_admin/index.php b/panel_admin/index.php index a152f5c..1e4a500 100644 --- a/panel_admin/index.php +++ b/panel_admin/index.php @@ -5,12 +5,13 @@ require_once('../assets/php/template.php'); require_once('../panel_admin/panelAdmin.php'); $template = new Template(); - + $login=false; + if(isset($_SESSION["login"]) && $_SESSION["rol"] == "admin") $login = true; if(isset($_GET['state'])) { - $panel = new Panel($_GET['state']); + $panel = new Panel($_GET['state'], $login); } else { - $panel = new Panel(''); + $panel = new Panel('', $login); } // IMPORTANTE: // VERIFICAR QUE ES ADMIN, SI NO, MOSTRAR MENSAJE DE "ERROR" diff --git a/panel_admin/manage_films.php b/panel_admin/manage_films.php index 079dcc8..3fd8a87 100644 --- a/panel_admin/manage_films.php +++ b/panel_admin/manage_films.php @@ -11,9 +11,8 @@ $film = new FormFilm(); $film->processesForm(null, null, null, null, null, "show"); - - function drawFilms($films){ - + + function drawFilms($films){ echo "