Get started

app.js

@@ -9,6 +9,8 @@ var bodyParser = require('body-parser');
 var session= require('express-session');
 var multer = require('multer');
 var mysql = require('mysql');
+var sanitizeHtml = require('sanitize-html');
+var multiparty = require('multiparty');
 var con = mysql.createConnection({
     host: "localhost",
     user: "root",
@@ -21,7 +23,7 @@ con.connect(function (err) {
 });
 app.use(express.static(path.join(__dirname, 'www')));
 app.use(bodyParser.json() );
-app.use(bodyParser.urlencoded({ extended: true}));
+app.use(bodyParser.urlencoded({extended: true}));
 app.use(session({
     secret: 'ted-x-gawds',
     resave: true,
@@ -32,7 +34,7 @@ var Storage = multer.diskStorage({
         callback(null, "./www/images");
     },
     filename: function(req, file, callback) {
-        callback(null, file.fieldname + "_" + Date.now() + "_" + file.originalname);
+        callback(null,  sanitizeHtml(req.body.speakername)+".jpg");
     }
 });
 var upload = multer({
@@ -73,9 +75,8 @@ app.post("/speakerinsert", function(req, res) {
         if (err) {
             return res.end("Something went wrong!");
         }
-        return res.end("File uploaded sucessfully!.");
+        insertSpeaker(req , res);
     });
-    insertSpeaker(req , res);
 });
 app.get('/logout', function (req, res) {
     req.session.destroy();
@@ -95,10 +96,15 @@ app.post('/blog' , function (req , res) {
         res.send(jsonData);
     });
 });
+app.post("/videoinsert", function(req, res) {
+    insertVideo(req , res);
+});
 function login(req,res){
     var post = req.body;
     var username  = post.user;
     var password = post.password;
+    username = sanitizeHtml(username);
+    password = sanitizeHtml(password);
     var sql = "SELECT * FROM login WHERE username='"+username+"'";
     con.query(sql, function (err, result, fields) {
         var jsonString = JSON.stringify(result);
@@ -117,13 +123,28 @@ function insertSpeaker(req , res ) {
     var name  = post.speakername;
     var topic = post.topic;
     var description = post.description;
-    var sql = "INSERT INTO speaker(name, topic, description, pic_url) values('"+name+"','"+topic+"','"+description+"','/images/"+post.images+"')";
+    name = sanitizeHtml(name);
+    topic = sanitizeHtml(topic);
+    description = sanitizeHtml(description);
+    var sql = "INSERT INTO speaker(name, topic, description, pic_url) values('"+name+"','"+topic+"','"+description+"','/images/"+name+".jpg')";
+    con.query(sql, function (err, result, fields) {
+        res.redirect('/admin');
+    });
+}
+function insertVideo(req , res ) {
+    var post = req.body;
+    var title  = post.title;
+    var description = post.description;
+    var url = post.url;
+    title = sanitizeHtml(title);
+    description = sanitizeHtml(description);
+    var sql = "INSERT INTO videos(title, description, video_url) values('"+title+"','"+description+"','"+url+"')";
     con.query(sql, function (err, result, fields) {
-        console.log(result);
+        res.redirect('/admin');
     });
 }
 // Starting Server
-server.listen(3000, function(){
+const port = process.env.PORT || 3000;
+server.listen(port, function(){
     console.log('listening on *:3000');
 });
-

package.json

@@ -4,7 +4,7 @@
   "description": "backend for tedx nit k",
   "main": "app.js",
   "scripts": {
-    "test": "node app.js"
+    "start": "node app.js"
   },
   "author": "Narendra and Rishabh",
   "license": "ISC",
@@ -14,8 +14,10 @@
     "express": "^4.15.3",
     "express-session": "^1.15.3",
     "jquery": "^3.2.1",
+    "multer": "^1.2.0",
+    "multiparty": "^4.1.3",
     "mysql": "^2.13.0",
     "path": "^0.12.7",
-    "multer": "^1.2.0"
+    "sanitize-html": "^1.14.1"
   }
 }

www/admin.html

@@ -2,7 +2,7 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <title>Admin Pannel</title>
+    <title>Admin Panel</title>
     <link rel="stylesheet" href="/css/bootstrap.min.css">
     <link rel="stylesheet" href="/css/main.css">
 </head>
@@ -27,7 +27,7 @@
                 </ul>
                 <div class="tab-content">
                     <div id="menu1" class="tab-pane fade in active" >
-                        <form class="form-inline" action="/speakerinsert" method="post" >
+                        <form class="form-inline" action="/speakerinsert" method="post" enctype="multipart/form-data" >
                             <div class="form-group">
                                 <input type="text" name="speakername" placeholder="Name" class="form-control fields" id="name">
                             </div><br><br>
@@ -37,7 +37,7 @@
                             <div class="form-group">
                                 <textarea type="text" name="description" placeholder="Description" class="form-control fields" id="description"></textarea>
                             </div><br><br>
-                                <input type="file" placeholder="File" name="images" multiple  id="file">
+                            <input type="file" placeholder="File" name="images" multiple  id="file">
                             <br>
                             <button type="submit" class="btn btn-default">Submit</button>
                         </form>
@@ -72,4 +72,4 @@
     });
 </script>
 </body>
-</html>
+</html>

www/blog.html

@@ -21,4 +21,4 @@
    });
 </script>
 </body>
-</html>
+</html>

www/login.html

@@ -37,4 +37,4 @@ <h2 class="form-signin-heading">TEDx NIT Kurukshetra</h2>
     });
 </script>
 </body>
-</html>
+</html>

www/speaker.html

@@ -3,6 +3,8 @@
 <head>
     <meta charset="UTF-8">
     <title>Speakers</title>
+    <link rel="stylesheet" href="/css/bootstrap.min.css">
+    <link rel="stylesheet" href="/css/main.css">
 </head>
 <body>
 <div class="container">
@@ -21,4 +23,4 @@
     });
 </script>s
 </body>
-</html>
+</html>