I am creating a contest website on my localhost using PHP. The project works as follows:
The user can log in and is directed to a page level.php?n=getUserData()['level'] , the logic is that if the user submits the right answer the user is redirected to the next level and the level field in the database must be updated so that the user can redirected to the next level level.php?n=2 and so on...., during login the users credentials are being stored in a session variable.(user_id,level,email ..etc).
My login controller:
include 'core/init.php';
$id = isset($_GET['n']) ? $_GET['n'] : null;
$validate = new Validator;
$template = new Template("templates/question.php");
$template->title = $validate->getQuestion($id)->body;
//$template->answer = $validate->getQuestion($id)->answer;
$userid = getUserData()['user_id'];
if(isset($_POST['submit']))
{
// echo getUserData()['level']; die();
$data = array();
$data['answer'] = $_POST['answer'];
$required_fields = array("answer");
if($validate->isRequired($required_fields))
{
if($validate->check_answer($_POST['answer']))
{
if($validate->update_level($userid))
{
redirect("level.php?n=".getUserData()['level'],"Correct Anwser","success");
}
}
else
{
redirect("level.php?n=".getUserData()['level'],"Incorrect","error");
}
}
else
{
redirect("level.php?n=".getUserData()['level'],"Empty","error");
}
}
echo $template;
?>
`
My Validation class:
<?php
class Validator
{
private $db;
public function __construct()
{
$this->db = new Database;
}
public function isrequired($field_array)
{
foreach($field_array as $field)
{
if(empty($_POST[''.$field.'']))
{
return false;
}
}
return true;
}
public function login($username,$password)
{
$this->db->query("SELECT * FROM users WHERE username=:username AND password=:password");
$this->db->bind(":username",$username);
$this->db->bind(":password",$password);
$result = $this->db->single();
$row = $this->db->rowCount();
if($row>0)
{
$this->getData($result);
return true;
}
else
{
return false;
}
}
public function getData($row)
{
$_SESSION['is_logged_in'] = true;
$_SESSION['user_id'] = $row->id;
$_SESSION['username'] = $row->username;
$_SESSION['email'] = $row->email;
$_SESSION['level'] = $row->level;
}
public function getQuestion($id)
{
$this->db->query("SELECT * FROM question WHERE question_id = :id");
$this->db->bind(":id",$id);
$result = $this->db->single();
return $result;
}
public function logout()
{
unset($_SESSION['is_logged_in']);
unset($_SESSION['username']);
unset($_SESSION['user_id']);
unset($_SESSION['email']);
return true;
}
public function update_level($id)
{
$level = getUserData()['level']+1;
$this->db->query("UPDATE users SET level = :level WHERE id = :id");
$this->db->bind(":level",$level);
$this->db->bind(":id",getUserData()['user_id']);
$this->db->execute();
return true;
}
function check_answer($answer)
{
$this->db->query("SELECT * FROM question WHERE correct = :answer");
$this->db->bind(":answer",$answer);
$row = $this->db->single();
return $row;
}
}
?>
The getUserData() function:
function getUserData()
{
$userarray = array();
$userarray['username'] = $_SESSION['username'];
$userarray['user_id'] = $_SESSION['user_id'];
$userarray['email'] = $_SESSION['email'];
$userarray['level'] = $_SESSION['level'];
return $userarray;
}
