upload fucked

prax4/src/auth.php

@@ -50,7 +50,7 @@
     if (isset($_REQUEST['username']) and isset($_REQUEST['password'])) {
         $username = $_REQUEST['username'];
         $password = $_REQUEST['password'];
-        $password = hash('md5', $password);
+        $password = hash('sha512', $password);
         $query = "SELECT * FROM 164347_users WHERE user_name = '$username' AND password = '$password'";
         if (count(mysqli_fetch_array(mysqli_query($connection, $query)))) {
             $_SESSION['username'] = $username;

prax4/src/createpost.php

@@ -1,6 +1,7 @@
 <?php
 session_start();
 include("config.php");
+include("upload.php");
 
 $connection = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
 
@@ -29,24 +30,30 @@
 ?>
 <body class="centered-wrapper">
 <div class="centered-content">
-    <form method="post">
+    <form action="upload.php" method="post" enctype="multipart/form-data">
         <legend>Hello create new post thanks</legend>
         <label><b>The title of your new postitus</b></label><br>
         <input type="text" style="width: 500px" name="title"/><br>
         <label><b>The content of your new postitus</b></label><br>
         <input type="text" style="width: 500px; height: 250px" name="content"/><br><br>
+        <input type="file" name="fileToUpload"/>
         <input type="submit">
         <?php
 
-        if (isset($_REQUEST['title']) and isset($_REQUEST['content'])) {
+        if (isset($_REQUEST['title']) and isset($_REQUEST['content']) and isset($_FILES['fileToUpload'])) {
             $title = escape($connection, $_REQUEST['title']);
             $content = escape($connection, $_REQUEST['content']);
             $name = $_SESSION['username'];
-            $sql = "INSERT INTO 164347_posts (content, time, username, title) VALUES ('$content', NOW(), '$name', '$title')";
+            $target = "uploads/";
+            $target = $target . basename($_FILES['fileToUpload']);
+            $picture = $_FILES['fileToUpload'];
+            $sql = "INSERT INTO 164347_posts (content, time, username, title, picture) VALUES ('$content', NOW(),
+            '$name', '$title', '$picture')";
             if ($connection->query($sql) === true) {
                 $message = "Success!";
                 echo "<script type='text/javascript'>alert('$message');</script>";
                 header("Location: index.php");
+
             }
         }
         ?>

prax4/src/index.php

@@ -26,13 +26,20 @@
 <body class="centered-wrapper">
 
 <?php
-$query = "SELECT * FROM 164347_posts ORDER BY username ASC";
+$query = "SELECT 164347_posts.* ,
+                  IFNULL(SUM(164347_votes.vote), 0) AS score,
+                   (IFNULL(SUM(164347_votes.vote), 0) - 1 / POWER((time_to_sec(timediff(NOW(), 164347_posts.time)) / 3600) + 2, 1.8)) AS hotness
+                FROM
+                  164347_posts
+                LEFT JOIN 164347_votes ON 164347_posts.id = 164347_votes.post
+                GROUP BY 164347_posts.id
+                ORDER BY  hotness DESC";
 $res = mysqli_query($connection, $query);
 while ($row = mysqli_fetch_assoc($res)) {
     $row = array_values($row);
-    $sql = "SELECT IFNULL(SUM(vote), 0) AS score FROM 164347_votes WHERE post = $row[0]";
-    $points = mysqli_fetch_array(mysqli_query($connection, $sql))[0];
-    echo '<div style="border: 1px solid black; padding: 10px" class="centered-content">
+    //$sql = "SELECT IFNULL(SUM(vote), 0) AS score FROM 164347_votes WHERE post = $row[0]";
+    $points = $row[2];
+    echo '<div style="border: 1px solid black; padding: 10px" class="container centered-content">
     <a href="viewpost.php?id=' . $row[0] . '"><h3>' . htmlspecialchars($row[4]) . '</h3></a><p>' . htmlspecialchars($row[1]) . '</p>
     <p>created by <b>' . $row[3] . '</b></p><p>at ' . $row[2] . '</p><p><i>points </i>' . $points . '</p>
 <a href="vote.php?post=' . $row[0] . '&score=up"><i class="fa fa-smile-o fa-2x" aria-hidden="true"></i></a>

prax4/src/signup.php

@@ -76,7 +76,7 @@ function validifyData($username, $db) {
 if (isset($_REQUEST['username']) and isset($_REQUEST['password']) and isset($_REQUEST['fullname']) and isset($_REQUEST['email'])) {
     $username = escape($connection, $_REQUEST['username']);
     $password = escape($connection, $_REQUEST['password']);
-    $hash = hash('md5', $password);
+    $hash = hash('sha512', $password);
     $fullname = escape($connection, $_REQUEST["fullname"]);
     $email = escape($connection, $_REQUEST["email"]);
     if (validifyData($username, $connection)) {

prax4/src/upload.php

@@ -0,0 +1,52 @@
+<?php
+function upload_my_file($fileid) {
+    echo "starting";
+    $target_dir = "uploads/";
+    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
+
+    echo "<p>$target_file " . $target_file;
+    $uploadOk = 1;
+    $imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);
+    echo "<p>$imageFileType " . $imageFileType;
+    $saved_file = $target_dir . $fileid . "." . $imageFileType;
+    // Check if image file is a actual image or fake image
+    if (isset($_POST["submit"])) {
+        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
+        if ($check !== false) {
+            echo "File is an image - " . $check["mime"] . ".";
+            $uploadOk = 1;
+        } else {
+            echo "File is not an image.";
+            $uploadOk = 0;
+        }
+    }
+    echo "all is fine before checks";
+    // Check if file already exists
+    if (file_exists($target_file)) {
+        echo "Sorry, file already exists.";
+        $uploadOk = 0;
+    }
+    // Check file size
+    if ($_FILES["fileToUpload"]["size"] > 5000000) {
+        echo "Sorry, your file is too large.";
+        $uploadOk = 0;
+    }
+    // Allow certain file formats
+    if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {
+        echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
+        $uploadOk = 0;
+    }
+    // Check if $uploadOk is set to 0 by an error
+    if ($uploadOk == 0) {
+        echo "Sorry, your file was not uploaded.";
+        // if everything is ok, try to upload file
+    } else {
+        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $saved_file)) {
+            echo "<p>The file " . basename($_FILES["fileToUpload"]["name"]) . " has been uploaded.";
+        } else {
+            echo "<p>Sorry, there was an error uploading your file.";
+        }
+    }
+}
+
+upload_my_file(10);

prax5/app.js

@@ -1,56 +1,3 @@
-var playerPicks = [];
-
-var paper = 0;
-var rock = 1;
-var scissors = 2;
-
-
-function play(choice) {
-
-    if (playerPicks.length < 3) {
-        makeRandomChoice(choice);
-    } else {
-        //control if player chose more than 3 same in a row
-        if (playerPicks[playerPicks.length - 1] === playerPicks[playerPicks.length - 2]
-            && playerPicks[playerPicks.length - 2] === playerPicks[playerPicks.length - 3]) {
-
-            console.log('other person TURN');
-
-            if (playerPicks[playerPicks.length - 1] === 0) {
-                makeTurn(choice, 2);
-            } else {
-                makeTurn(choice, playerPicks[playerPicks.length - 1] - 1);
-            }
-        } else {
-            makeRandomChoice(choice);
-        }
-
-    }
-    playerPicks.push(choice);
-}
-
-function makeTurn(playerChoice, secondPlayerChoice) {
-    if (!(playerChoice === 0 && secondPlayerChoice === 2)
-        && ((playerChoice === 2 && secondPlayerChoice === 0)
-            || playerChoice < secondPlayerChoice)) {
-        //WON
-        console.log('Win ' + playerChoice + ' ' + secondPlayerChoice);
-    } else if (playerChoice === secondPlayerChoice) {
-        //DRAW
-        console.log('Draw ' + playerChoice + ' ' + secondPlayerChoice);
-    } else {
-        //LOSE
-        console.log('Lose ' + playerChoice + ' ' + secondPlayerChoice);
-    }
-}
-
-$('#playerpaper').click(function () {
-    play(paper);
-});
-$('#playerrock').click(function () {
-    play(rock);
-});
-$('#playerscissors').click(function () {
-    play(scissors);
-});
+function move(move) {
 
+}