:::
3-7 templates/regist_form.tpl
4-1 index.php
<?php
//引入檔案(設定)
require_once "header.php";
$action_id = isset($_REQUEST['action_id']) ? intval($_REQUEST['action_id']) : '';
try
{
//跑流程
switch ($op) {
case 'login':
login();
header("location: index.php");
exit;
case 'logout':
logout();
header("location: index.php");
exit;
case 'regist':
break;
case 'save_regist':
save_regist();
header("location: index.php");
exit;
case 'save_signup':
save_signup($action_id);
header("location: index.php?action_id=$action_id");
exit;
default:
if ($action_id) {
$op = 'show_action';
show_action($action_id);
list_signups($action_id);
} else {
$op = 'list_action';
list_action();
}
break;
}
} catch (exception $e) {
$error = $e->getMessage();
}
//函數區
//列出所有活動
function list_action()
{
global $db, $smarty;
$sql = "SELECT * FROM `actions` ORDER BY `action_date` DESC";
if (!$result = $db->query($sql)) {
throw new Exception($db->error);
}
$actions = [];
while ($data = $result->fetch_assoc()) {
$actions[] = $data;
}
$smarty->assign('actions', $actions);
}
//列出某個活動
function show_action($action_id)
{
global $db, $smarty;
$sql = "SELECT * FROM `actions` WHERE `action_id`='$action_id'";
if (!$result = $db->query($sql)) {
throw new Exception($db->error);
}
if ($data = $result->fetch_assoc()) {
$smarty->assign('data', $data);
} else {
throw new Exception("讀取 $action_id 失敗");
}
}
//登入
function login()
{
global $admin_id, $db;
$email = clean_var('email', 'Email', FILTER_VALIDATE_EMAIL);
$pass = clean_var('pass', '密碼');
$sql = "SELECT * FROM `users` WHERE `email`='$email'";
if (!$result = $db->query($sql)) {
throw new Exception($db->error);
}
$data = $result->fetch_assoc();
if (password_verify($pass, $data['pass'])) {
$_SESSION['group'] = $data['group'];
$_SESSION['name'] = $data['name'];
$_SESSION['email'] = $data['email'];
$_SESSION['uid'] = $data['uid'];
} else {
throw new Exception('登入失敗!請確認帳號密碼是否正確。');
}
}
//登出
function logout()
{
unset($_SESSION['group']);
unset($_SESSION['name']);
unset($_SESSION['uid']);
unset($_SESSION['email']);
}
//新增使用者
function save_regist()
{
global $db, $admin_id;
$name = clean_var('name', '姓名');
$email = clean_var('email', 'Email', FILTER_VALIDATE_EMAIL);
$pass = clean_var('pass', '密碼');
$pass = password_hash($pass, PASSWORD_DEFAULT);
$group = ($admin_id == $email) ? 'admin' : 'user';
$sql = "INSERT INTO `users` (`name`, `email`, `pass`, `group`) VALUES('{$name}', '{$email}','{$pass}','{$group}')";
if (!$db->query($sql)) {
throw new Exception($db->error);
}
$uid = $db->insert_id;
return $uid;
}
//報名
function save_signup($action_id)
{
global $db;
$sql = "INSERT INTO `signups` (`uid`, `action_id`, `signup_date`) VALUES('{$_SESSION['uid']}', '{$action_id}', NOW())";
if (!$db->query($sql)) {
throw new Exception($db->error);
}
}
//列出已報名名單
function list_signups($action_id)
{
global $db, $smarty;
$sql = "SELECT a.*, b.* FROM `signups` AS a
JOIN `users` AS b ON a.`uid`=b.`uid`
WHERE a.`action_id`='$action_id'";
if (!$result = $db->query($sql)) {
throw new Exception($db->error);
}
$signups = [];
while ($data = $result->fetch_assoc()) {
$signups[] = $data;
}
$smarty->assign('signups', $signups);
}
//結果送至樣板
$page_title = "活動報名系統";
require_once "footer.php";
