From 71a8656ecd8027c83e74be54a0b7514365162c47 Mon Sep 17 00:00:00 2001
From: Joshua Perry <45966243+jpez-development@users.noreply.github.com>
Date: Sun, 20 Nov 2022 21:33:42 +0000
Subject: [PATCH] comments
---
functions.php | 37 +++++++++++++++-----------------
public/account/addAuction.php | 8 +++----
public/account/editAuction.php | 6 +++---
public/account/login.php | 8 +++----
public/account/logout.php | 3 ++-
public/account/register.php | 2 +-
public/account/userReviews.php | 4 ++--
public/admin/addAdmin.php | 6 +++---
public/admin/addCategory.php | 4 ++--
public/admin/adminCategories.php | 4 ++--
public/admin/deleteAdmin.php | 6 +++---
public/admin/deleteCategory.php | 2 +-
public/admin/editAdmin.php | 6 +++---
public/admin/editCategory.php | 4 ++--
14 files changed, 49 insertions(+), 51 deletions(-)
diff --git a/functions.php b/functions.php
index 7956451..f67947e 100644
--- a/functions.php
+++ b/functions.php
@@ -1,25 +1,22 @@
prepare('SELECT * FROM category');
- $stmt->execute();
+function fetchCats() { //get all categories
$cats = executeQueryWithoutConstraint('category','*')->fetchAll();
-
return $cats;
}
-function adminCheck() {
+function adminCheck() { //check to see if user is logged in as admin
if(isset($_SESSION['admin'])) {
if($_SESSION['admin'] != 'y') {
- echo '';
+ echo ''; //redirect
}
}
else {
- echo'';
+ echo''; //redirect
}
}
-function startDB() { // Code for connecting to the database from https://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/
+function startDB() { //Create a db connection
+ // Code for connecting to the database from https://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/
$server = 'mysql';
$username = 'student';
$password = 'student';
@@ -28,23 +25,23 @@ function startDB() { // Code for connecting to the database from https://www.sit
return $pdo;
}
-function checkListing() {
+function checkListing() { //check if the get variables contains listing_id
if (!isset($_GET['listing_id'])) {
echo '';
}
}
-function checkId() {
+function checkId() { //check if the get variables contains user_id
if (!isset($_GET['user_id'])) {
echo '';
}
}
-function getListing() {
+function getListing() { //get listing that matches listing_id stored in the get variables
return getFirstAllMatches('auction', 'listing_id', $_GET['listing_id']);
}
-function populateCatSelect() {
+function populateCatSelect() { //Populate a select input with all categories
$cats = fetchCats();
$output = '';
foreach ($cats as &$cat) {
@@ -53,7 +50,7 @@ function populateCatSelect() {
return $output;
}
-function executeQuery($tableName, $colName, $constraintCol, $constraint) {
+function executeQuery($tableName, $colName, $constraintCol, $constraint) { //execute a SELECT query that takes one constraint and one column name
$pdo = startDB();
$stmt = $pdo->prepare('SELECT '. $colName .' FROM '.$tableName.' WHERE '. $constraintCol .' = :constraint');
$values = [
@@ -63,30 +60,30 @@ function executeQuery($tableName, $colName, $constraintCol, $constraint) {
return $stmt;
}
-function executeQueryWithoutConstraint($tableName, $colName) {
+function executeQueryWithoutConstraint($tableName, $colName) { //execute a SELECT query with no constraint and one column name
$pdo = startDB();
$stmt = $pdo->prepare('SELECT'.$colName.'FROM '.$tableName);
$stmt->execute();
return $stmt;
}
-function getFirstMatch($tableName, $colName, $constraintCol, $constraint){
+function getFirstMatch($tableName, $colName, $constraintCol, $constraint){ //return the first match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetch();
}
-function getEveryMatch($tableName, $colName, $constraintCol, $constraint){
+function getEveryMatch($tableName, $colName, $constraintCol, $constraint){ //return every match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetchAll();
}
-function executeAllQuery($tableName, $constraintCol, $constraint) {
+function executeAllQuery($tableName, $constraintCol, $constraint) { //execute a SELECT query with one constraint and all columns
return executeQuery($tableName, '*', $constraintCol, $constraint);
}
-function getEveryAllMatches($tableName, $constraintCol, $constraint) {
+function getEveryAllMatches($tableName, $constraintCol, $constraint) { //return every match of an executeALlQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetchAll();
}
-function getFirstAllMatches($tableName, $constraintCol, $constraint) {
+function getFirstAllMatches($tableName, $constraintCol, $constraint) { //return the first match of an executeAllQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetch();
}
diff --git a/public/account/addAuction.php b/public/account/addAuction.php
index 32568c7..6666b60 100644
--- a/public/account/addAuction.php
+++ b/public/account/addAuction.php
@@ -3,8 +3,8 @@ session_start();
$pageTitle = 'iBuy - Add Auction';
$stylesheet = '../assets/ibuy.css';
-if (!isset($_SESSION['loggedin'])) {
- echo '';
+if (!isset($_SESSION['loggedin'])) { //redirects if user is not logged in
+ echo ''; //redirect
}
require_once '../../functions.php';
@@ -21,8 +21,8 @@ $pageContent = 'Add auction
require '../../layout.php';
if (isset($_POST['submit'])) {
- if(imageUpload($_POST['title'].$_POST['endDate'])) {
- $user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']);
+ if(imageUpload($_POST['title'].$_POST['endDate'])) { //if the image upload is successful add auction
+ $user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']); //get the first match of an all column query
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email, imgUrl)
diff --git a/public/account/editAuction.php b/public/account/editAuction.php
index 99a7962..254d26b 100644
--- a/public/account/editAuction.php
+++ b/public/account/editAuction.php
@@ -20,7 +20,7 @@ require '../../layout.php';
if(isset($_POST['submit'])) {
$pdo = startDB();
- if(isset($_POST['delete'])) {
+ if(isset($_POST['delete'])) { //delete the auction if selected
$stmt = $pdo->prepare('DELETE FROM auction WHERE listing_id = :listing_id');
$values = [
'listing_id' => $listing['listing_id']
@@ -28,7 +28,7 @@ if(isset($_POST['submit'])) {
$stmt->execute($values);
echo '';
}
- if(imageUpload($_POST['title'].$_POST['endDate'])) {
+ if(imageUpload($_POST['title'].$_POST['endDate'])) { //if image upload is successful update the auction
$stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description, imgUrl = :imgUrl WHERE listing_id = :listing_id');
$values = [
@@ -40,7 +40,7 @@ if(isset($_POST['submit'])) {
'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate']
];
$stmt->execute($values);
- echo '';
+ echo ''; //redirect
}
}
diff --git a/public/account/login.php b/public/account/login.php
index 3b437b7..4562ea7 100644
--- a/public/account/login.php
+++ b/public/account/login.php
@@ -15,14 +15,14 @@ require_once '../../functions.php';
$pdo = startDB();
if (isset($_POST['submit'])) {
- $user = getFirstAllMatches('users', 'email', $_POST['email']);
- if($user) {
- if (password_verify($_POST['password'], $user['password'])) {
+ $user = getFirstAllMatches('users', 'email', $_POST['email']); //get the first match of an all column query
+ if($user) { //if the user exists
+ if (password_verify($_POST['password'], $user['password'])) { //if the entered and stored passwords match
$_SESSION['loggedin'] = $user['user_id'];
if ($user['admin'] === 'y') {
$_SESSION['admin'] = 'y';
}
- echo'';
+ echo''; //redirect
}
else {
diff --git a/public/account/logout.php b/public/account/logout.php
index 6d4ec10..4d8a6e0 100644
--- a/public/account/logout.php
+++ b/public/account/logout.php
@@ -1,6 +1,7 @@
window.location.href = "../index.php";';
+echo''; //redirect
?>
\ No newline at end of file
diff --git a/public/account/register.php b/public/account/register.php
index 02b47d9..b783b8b 100644
--- a/public/account/register.php
+++ b/public/account/register.php
@@ -15,7 +15,7 @@ $pageContent = 'Already have an account?Click here to L
require '../../layout.php';
if (isset($_POST['submit'])) {
- addUser(false);
+ addUser(false); //adds the user to the db without admin privileges
echo 'Successful account creation
';
}
?>
\ No newline at end of file
diff --git a/public/account/userReviews.php b/public/account/userReviews.php
index 6c92e27..7ae9288 100644
--- a/public/account/userReviews.php
+++ b/public/account/userReviews.php
@@ -3,7 +3,7 @@ $pageTitle = 'iBuy - User Reviews';
require_once '../../functions.php';
checkId();
-$user = getFirstAllMatches('users', 'user_id', $_GET['user_id']);
+$user = getFirstAllMatches('users', 'user_id', $_GET['user_id']); //get the first match of an all column query
$pageContent = ''.$user['first_name'].$user['last_name'].'\'s Reviews
';
@@ -11,7 +11,7 @@ $stylesheet = '../assets/ibuy.css';
require '../../layout.php';
function populateList() {
- $reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']);
+ $reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']); //get every match of an all column query
$output = '';
foreach ($reviews as &$review) {
diff --git a/public/admin/addAdmin.php b/public/admin/addAdmin.php
index a7a2775..c907628 100644
--- a/public/admin/addAdmin.php
+++ b/public/admin/addAdmin.php
@@ -3,7 +3,7 @@ session_start();
$pageTitle ='iBuy - Add Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
-adminCheck();
+adminCheck(); //checks to see if user is logged in as an admin
$pageContent = ' Add Admin