<?
session_start();//all sessions need  this...in the logout as well.
?>
<link rel="stylesheet" href="http://yui.yahooapis.com/pure/0.3.0/base-min.css"><!--This is from pure forms io http://purecss.io/ -->
<?php
/*
we should always keep our table structure
CREATE TABLE IF NOT EXISTS `contacts` (
  `id` int(5) NOT NULL auto_increment,
  `fullname` varchar(255) NOT NULL,
  `height` varchar(255) NOT NULL,
  `weight` varchar(255) NOT NULL,
  PRIMARY KEY  (`id`)
*/
include 'dbconnect.php';//this connects to the db with a refenceable object: $dbh
//login section
//needs to get submission and check with database
//need a form with 2 fields
//this is my log in block
$submit = $_POST['submit']; //grabs the submit button's value and puts it in a variable named submit
if ($submit  ==  'Sign up'){ //test the value of the submit button ....is it from the login form?
	$username = $_POST['username'];//gets name field of username from a form that is post method
	$password = $_POST['password'];//get password  from a form that is post method
	$sql = $dbh->prepare("select username from contacts_control where username = ? and password = ?");
//simple select statement to see if there is a match of what the user entered 
  $sql->execute(array($username,$password));//executes an array with the variables becoming the question marks...for security!
	
	$nummatches = 0;//need to know the number of matches from our statement
	while ($row = $sql->fetch()){ //loops through all matches if there are any and increments the variable 
	$uname = $row['username']; //for welcome message
	$nummatches++;	//is there a match?
	}//close while loop
	
	//this block is if there is a a match 
	if ($nummatches > 0) {
	$_SESSION['approved'] = 'yes';//sets a session that can be referenced with "approved" 
	$_SESSION['uname'] = $uname;	 
	}
	
}


if ($_SESSION['approved'] == 'yes'){ 
echo ' Welcome, '.$_SESSION['uname'].'<br/>';
//$dbh = new PDO("mysql:host=localhost;dbname=mmaaaco_jmoreland", "mmaaaco_jmorelan", "jmoreland361521");
//insert
$status = 'Enter Name';//for the button value 
$deleteid = $_GET['deleteid'];//gets the query string when the user clicks delete lnk
$fullname = $_POST['fullname'];//fullname field from the form via post method
$editid = $_GET['editid'];//if edit link is clicked
$height = $_POST['height'];
$weight = $_POST['weight'];

//if delete is clicked 
 if (is_numeric($deleteid)){  //is the url value a number? 
 $delsql = $dbh->prepare("delete from contacts where id = ?");//prepare statement
 $delsql->bindValue(1,$deleteid);//bind the value of the variable to the ?
 $delsql->execute();//run it
if ($delsql) echo 'Record Deleted<br/>';//$delsql is boolean...did it work?
 }



//edit block!
if ($submit == 'Edit Name'){//tests value of dynamic button
$updatesql = $dbh->prepare("update contacts set fullname = ?,height=?,weight=? where id = ?");//update statement
$updatesql->execute(array($fullname,$height,$weight,$editid));//an array because more than one ?
if ($updatesql) echo 'Record updated!<br/>';//confirmation
}

//insert block
if ($submit == 'Enter Name'){
//$insql = $dbh->prepare("insert into contacts (fullname) values ('$fullname')"); 
//bind value for security:
$insql = $dbh->prepare("insert into contacts (fullname,height,weight) values (?,?,?)"); //prepared statement
$insql->execute(array($fullname,$height,$weight));//run it

  if ($insql) echo 'Record Inserted <br/>';//confirm
  else print_r($insql->errorInfo());//how to error handle!!!!!!
}

//this is the block to populate the text field with the id of what is being edited...note $editid 
if (is_numeric($editid)){
$status = 'Edit Name';
$upsql = $dbh->prepare("select fullname,height,weight from contacts where id = ?");
$upsql->bindValue(1,$editid);
$upsql->execute();
$uprow = $upsql->fetch();
$upfullname = $uprow['fullname'];//a variable to put in the text field so the user can edit!
$upheight = $uprow['height'];
$upweight = $uprow['weight'];
}


//display records!!
$sql = $dbh->prepare("select id,fullname from contacts");
$sql->execute();

while($row = $sql->fetch()){//fetches records in a loop 
$id = $row['id'];//get id to display in links
$fullname = $row['fullname'];//get id to display name
echo $fullname.'   <a href = "cms.php?deleteid='.$id.'" 
onclick="return confirm(\' Are you sure you want to delete '.$fullname.'\');">Delete</a> 
 <a href = "cms.php?editid='.$id.'"> Edit</a><br/>';  //what the user sees!!!!!!!
}

?>

<form action = "cms.php?<?= $_SERVER['QUERY_STRING'];//keep query string so we can see record being edited?>" method = "post">
Name: <input type = "text" name = "fullname" value="<?= $upfullname;?>"/>
Height: <input type = "text" name = "height" value="<?= $upheight;?>"/>
Weight: <input type = "text" name = "weight" value="<?= $upweight;?>"/>
<input type = "submit" name = "submit" value = "<?= $status;//either edit or add?>"/>
</form> 
<br/>
<a href = "logout.php">Log Out</a><br/>
<?
if ($editid){
?>
<a href = "cms.php">Return to add mode</a> <!-- gets us out of edit mode!-->
<?
}
}
else
{
?>
<form  method="post" class="pure-form pure-form-stacked" action ="cms.php"  >
    <fieldset>
        <legend>Login</legend>

        <input type="text" name = "username" placeholder="Username">
        <input type="password" name="password" placeholder="Password">

        <label for="remember">
            <input id="remember" type="checkbox"> Remember me
        </label>

        <input  type="submit" name = "submit" class="pure-button pure-button-primary " value = "Sign up">
    </fieldset>
</form>
<?
}
?>