r0r-5chach/CSY2028-assignment-1
r0r-5chach
/
CSY2028-assignment-1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

comments

This commit is contained in:
Joshua Perry 2022-11-20 21:33:42 +00:00
parent 743b6bf6ca
commit 71a8656ecd
14 changed files with 49 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
functions.php
View File

@ -1,25 +1,22 @@
<?php <?php
function fetchCats() { function fetchCats() { //get all categories
$pdo = startDB();
$stmt = $pdo->prepare('SELECT * FROM category');
$stmt->execute();
$cats = executeQueryWithoutConstraint('category','*')->fetchAll(); $cats = executeQueryWithoutConstraint('category','*')->fetchAll();
return $cats; return $cats;
} }
function adminCheck() { function adminCheck() { //check to see if user is logged in as admin
if(isset($_SESSION['admin'])) { if(isset($_SESSION['admin'])) {
if($_SESSION['admin'] != 'y') { if($_SESSION['admin'] != 'y') {
echo '<script>window.location.href = "../index.php";</script>'; echo '<script>window.location.href = "../index.php";</script>'; //redirect
} }
} }
else { else {
echo'<script>window.location.href = "../index.php";</script>'; echo'<script>window.location.href = "../index.php";</script>'; //redirect
} }
} }
function startDB() { // Code for connecting to the database from https://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/ function startDB() { //Create a db connection
// Code for connecting to the database from https://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/
$server = 'mysql'; $server = 'mysql';
$username = 'student'; $username = 'student';
$password = 'student'; $password = 'student';
@ -28,23 +25,23 @@ function startDB() { // Code for connecting to the database from https://www.sit
return $pdo; return $pdo;
} }
function checkListing() { function checkListing() { //check if the get variables contains listing_id
if (!isset($_GET['listing_id'])) { if (!isset($_GET['listing_id'])) {
echo '<script>window.location.href = "index.php";</script>'; echo '<script>window.location.href = "index.php";</script>';
} }
} }
function checkId() { function checkId() { //check if the get variables contains user_id
if (!isset($_GET['user_id'])) { if (!isset($_GET['user_id'])) {
echo '<script>window.location.href = "index.php";</script>'; echo '<script>window.location.href = "index.php";</script>';
} }
} }
function getListing() { function getListing() { //get listing that matches listing_id stored in the get variables
return getFirstAllMatches('auction', 'listing_id', $_GET['listing_id']); return getFirstAllMatches('auction', 'listing_id', $_GET['listing_id']);
} }
function populateCatSelect() { function populateCatSelect() { //Populate a select input with all categories
$cats = fetchCats(); $cats = fetchCats();
$output = ''; $output = '';
foreach ($cats as &$cat) { foreach ($cats as &$cat) {
@ -53,7 +50,7 @@ function populateCatSelect() {
return $output; return $output;
} }
function executeQuery($tableName, $colName, $constraintCol, $constraint) { function executeQuery($tableName, $colName, $constraintCol, $constraint) { //execute a SELECT query that takes one constraint and one column name
$pdo = startDB(); $pdo = startDB();
$stmt = $pdo->prepare('SELECT '. $colName .' FROM '.$tableName.' WHERE '. $constraintCol .' = :constraint'); $stmt = $pdo->prepare('SELECT '. $colName .' FROM '.$tableName.' WHERE '. $constraintCol .' = :constraint');
$values = [ $values = [
@ -63,30 +60,30 @@ function executeQuery($tableName, $colName, $constraintCol, $constraint) {
return $stmt; return $stmt;
} }
function executeQueryWithoutConstraint($tableName, $colName) { function executeQueryWithoutConstraint($tableName, $colName) { //execute a SELECT query with no constraint and one column name
$pdo = startDB(); $pdo = startDB();
$stmt = $pdo->prepare('SELECT'.$colName.'FROM '.$tableName); $stmt = $pdo->prepare('SELECT'.$colName.'FROM '.$tableName);
$stmt->execute(); $stmt->execute();
return $stmt; return $stmt;
} }
function getFirstMatch($tableName, $colName, $constraintCol, $constraint){ function getFirstMatch($tableName, $colName, $constraintCol, $constraint){ //return the first match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetch(); return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetch();
} }
function getEveryMatch($tableName, $colName, $constraintCol, $constraint){ function getEveryMatch($tableName, $colName, $constraintCol, $constraint){ //return every match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetchAll(); return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetchAll();
} }
function executeAllQuery($tableName, $constraintCol, $constraint) { function executeAllQuery($tableName, $constraintCol, $constraint) { //execute a SELECT query with one constraint and all columns
return executeQuery($tableName, '*', $constraintCol, $constraint); return executeQuery($tableName, '*', $constraintCol, $constraint);
} }
function getEveryAllMatches($tableName, $constraintCol, $constraint) { function getEveryAllMatches($tableName, $constraintCol, $constraint) { //return every match of an executeALlQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetchAll(); return executeAllQuery($tableName, $constraintCol, $constraint)->fetchAll();
} }
function getFirstAllMatches($tableName, $constraintCol, $constraint) { function getFirstAllMatches($tableName, $constraintCol, $constraint) { //return the first match of an executeAllQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetch(); return executeAllQuery($tableName, $constraintCol, $constraint)->fetch();
} }

8
public/account/addAuction.php
View File

@ -3,8 +3,8 @@ session_start();
$pageTitle = 'iBuy - Add Auction'; $pageTitle = 'iBuy - Add Auction';
$stylesheet = '../assets/ibuy.css'; $stylesheet = '../assets/ibuy.css';
if (!isset($_SESSION['loggedin'])) { if (!isset($_SESSION['loggedin'])) { //redirects if user is not logged in
echo '<script>window.location.href = "../index.php";</script>'; echo '<script>window.location.href = "../index.php";</script>'; //redirect
} }
require_once '../../functions.php'; require_once '../../functions.php';
@ -21,8 +21,8 @@ $pageContent = '<h1>Add auction</h1>
require '../../layout.php'; require '../../layout.php';
if (isset($_POST['submit'])) { if (isset($_POST['submit'])) {
if(imageUpload($_POST['title'].$_POST['endDate'])) { if(imageUpload($_POST['title'].$_POST['endDate'])) { //if the image upload is successful add auction
$user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']); $user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']); //get the first match of an all column query
$pdo = startDB(); $pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email, imgUrl) $stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email, imgUrl)

6
public/account/editAuction.php
View File

@ -20,7 +20,7 @@ require '../../layout.php';
if(isset($_POST['submit'])) { if(isset($_POST['submit'])) {
$pdo = startDB(); $pdo = startDB();
if(isset($_POST['delete'])) { if(isset($_POST['delete'])) { //delete the auction if selected
$stmt = $pdo->prepare('DELETE FROM auction WHERE listing_id = :listing_id'); $stmt = $pdo->prepare('DELETE FROM auction WHERE listing_id = :listing_id');
$values = [ $values = [
'listing_id' => $listing['listing_id'] 'listing_id' => $listing['listing_id']
@ -28,7 +28,7 @@ if(isset($_POST['submit'])) {
$stmt->execute($values); $stmt->execute($values);
echo '<script>window.location.href = "../index.php";</script>'; echo '<script>window.location.href = "../index.php";</script>';
} }
if(imageUpload($_POST['title'].$_POST['endDate'])) { if(imageUpload($_POST['title'].$_POST['endDate'])) { //if image upload is successful update the auction
$stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description, imgUrl = :imgUrl WHERE listing_id = :listing_id'); $stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description, imgUrl = :imgUrl WHERE listing_id = :listing_id');
$values = [ $values = [
@ -40,7 +40,7 @@ if(isset($_POST['submit'])) {
'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate'] 'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate']
]; ];
$stmt->execute($values); $stmt->execute($values);
echo '<script>window.location.href = "../listing.php?listing_id='.$listing['listing_id'].'";</script>'; echo '<script>window.location.href = "../listing.php?listing_id='.$listing['listing_id'].'";</script>'; //redirect
} }
} }

8
public/account/login.php
View File

@ -15,14 +15,14 @@ require_once '../../functions.php';
$pdo = startDB(); $pdo = startDB();
if (isset($_POST['submit'])) { if (isset($_POST['submit'])) {
$user = getFirstAllMatches('users', 'email', $_POST['email']); $user = getFirstAllMatches('users', 'email', $_POST['email']); //get the first match of an all column query
if($user) { if($user) { //if the user exists
if (password_verify($_POST['password'], $user['password'])) { if (password_verify($_POST['password'], $user['password'])) { //if the entered and stored passwords match
$_SESSION['loggedin'] = $user['user_id']; $_SESSION['loggedin'] = $user['user_id'];
if ($user['admin'] === 'y') { if ($user['admin'] === 'y') {
$_SESSION['admin'] = 'y'; $_SESSION['admin'] = 'y';
} }
echo'<script>window.location.href = "../index.php";</script>'; echo'<script>window.location.href = "../index.php";</script>'; //redirect
} }
else { else {

3
public/account/logout.php
View File

@ -1,6 +1,7 @@
<?php <?php
session_start(); session_start();
//unset variables that manage login
unset($_SESSION['loggedin']); unset($_SESSION['loggedin']);
unset($_SESSION['admin']); unset($_SESSION['admin']);
echo'<script>window.location.href = "../index.php";</script>'; echo'<script>window.location.href = "../index.php";</script>'; //redirect
?> ?>

2
public/account/register.php
View File

@ -15,7 +15,7 @@ $pageContent = '<p>Already have an account?<a href=\'login.php\'>Click here to L
require '../../layout.php'; require '../../layout.php';
if (isset($_POST['submit'])) { if (isset($_POST['submit'])) {
addUser(false); addUser(false); //adds the user to the db without admin privileges
echo '<p>Successful account creation</p>'; echo '<p>Successful account creation</p>';
} }
?> ?>

4
public/account/userReviews.php
View File

@ -3,7 +3,7 @@ $pageTitle = 'iBuy - User Reviews';
require_once '../../functions.php'; require_once '../../functions.php';
checkId(); checkId();
$user = getFirstAllMatches('users', 'user_id', $_GET['user_id']); $user = getFirstAllMatches('users', 'user_id', $_GET['user_id']); //get the first match of an all column query
$pageContent = '<h1>'.$user['first_name'].$user['last_name'].'\'s Reviews</h1> $pageContent = '<h1>'.$user['first_name'].$user['last_name'].'\'s Reviews</h1>
<ul>'. populateList() .'</ul>'; <ul>'. populateList() .'</ul>';
@ -11,7 +11,7 @@ $stylesheet = '../assets/ibuy.css';
require '../../layout.php'; require '../../layout.php';
function populateList() { function populateList() {
$reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']); $reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']); //get every match of an all column query
$output = ''; $output = '';
foreach ($reviews as &$review) { foreach ($reviews as &$review) {

6
public/admin/addAdmin.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle ='iBuy - Add Admin'; $pageTitle ='iBuy - Add Admin';
$stylesheet = '../assets/ibuy.css'; $stylesheet = '../assets/ibuy.css';
require_once '../../functions.php'; require_once '../../functions.php';
adminCheck(); adminCheck(); //checks to see if user is logged in as an admin
$pageContent = '<h1> Add Admin</h1> $pageContent = '<h1> Add Admin</h1>
<form action="addAdmin.php" method="POST"> <form action="addAdmin.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/> <label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
@ -15,7 +15,7 @@ $pageContent = '<h1> Add Admin</h1>
require '../../layout.php'; require '../../layout.php';
if (isset($_POST['submit'])) { if (isset($_POST['submit'])) {
addUser(true); addUser(true); //adds user to the db with admin privileges
echo '<script>window.location.href = "manageAdmins.php";</script>'; echo '<script>window.location.href = "manageAdmins.php";</script>'; //redirect
} }
?> ?>

4
public/admin/addCategory.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle ='iBuy - Add Category'; $pageTitle ='iBuy - Add Category';
$stylesheet = '../assets/ibuy.css'; $stylesheet = '../assets/ibuy.css';
require_once '../../functions.php'; require_once '../../functions.php';
adminCheck(); adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Add Category</h1> $pageContent = '<h1> Add Category</h1>
<form action="addCategory.php" method="POST"> <form action="addCategory.php" method="POST">
<label>Name</label> <input name="name" type="text" placeholder="name"/> <label>Name</label> <input name="name" type="text" placeholder="name"/>
@ -19,6 +19,6 @@ if (isset($_POST['submit'])) {
'name' => $_POST['name'] 'name' => $_POST['name']
]; ];
$stmt->execute($values); $stmt->execute($values);
echo '<script>window.location.href = "adminCategories.php";</script>'; echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
} }
?> ?>

4
public/admin/adminCategories.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Admin'; $pageTitle = 'iBuy - Admin';
$stylesheet = '../assets/ibuy.css'; $stylesheet = '../assets/ibuy.css';
require_once '../../functions.php'; require_once '../../functions.php';
adminCheck(); adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1>Categories <a href="addCategory.php">Add</a></h1> $pageContent = '<h1>Categories <a href="addCategory.php">Add</a></h1>
<ul>'. populateContent() .'</ul>'; <ul>'. populateContent() .'</ul>';
@ -11,7 +11,7 @@ require '../../layout.php';
function populateContent() { function populateContent() {
$output = ''; $output = '';
$cats = fetchCats(); $cats = fetchCats(); //get all categories
foreach ($cats as &$cat) { foreach ($cats as &$cat) {
$output .= '<li>'. $cat['name'] . ' <a href="editCategory.php?category_id='. urlencode($cat['category_id']) .'">edit</a> <a href="deleteCategory.php?category_id='. urlencode($cat['category_id']). '">delete</a></li>'; $output .= '<li>'. $cat['name'] . ' <a href="editCategory.php?category_id='. urlencode($cat['category_id']) .'">edit</a> <a href="deleteCategory.php?category_id='. urlencode($cat['category_id']). '">delete</a></li>';
} }

6
public/admin/deleteAdmin.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Delete Admin'; $pageTitle = 'iBuy - Delete Admin';
$stylesheet = '../assets/ibuy.css'; $stylesheet = '../assets/ibuy.css';
require_once '../../functions.php'; require_once '../../functions.php';
adminCheck(); adminCheck(); //checks to see if user is logged in as admin
if (isset($_GET['admin_id'])) { if (isset($_GET['admin_id'])) {
$pdo = startDB(); $pdo = startDB();
@ -12,9 +12,9 @@ if (isset($_GET['admin_id'])) {
'category_id' => $_GET['admin_id'] 'category_id' => $_GET['admin_id']
]; ];
$stmt->execute($values); $stmt->execute($values);
echo '<script>window.location.href = "adminCategories.php";</script>'; echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
} }
else { else {
echo '<script>window.location.href = "adminCategories.php";</script>'; echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
} }
?> ?>

2
public/admin/deleteCategory.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Delete Category'; $pageTitle = 'iBuy - Delete Category';
$stylesheet = '../assets/ibuy.css'; $stylesheet = '../assets/ibuy.css';
require_once '../../functions.php'; require_once '../../functions.php';
adminCheck(); adminCheck(); //checks to see if user is logged in as admin
if (isset($_GET['category_id'])) { if (isset($_GET['category_id'])) {
$pdo = startDB(); $pdo = startDB();

6
public/admin/editAdmin.php
View File

@ -3,8 +3,8 @@ session_start();
$pageTitle = ''; $pageTitle = '';
$stylesheet = '../assets/ibuy.css'; $stylesheet = '../assets/ibuy.css';
require_once '../../functions.php'; require_once '../../functions.php';
$admin = getFirstAllMatches('users', 'user_id', $_GET['admin_id']); $admin = getFirstAllMatches('users', 'user_id', $_GET['admin_id']); //gets the first match from an all column query
adminCheck(); adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Edit Admin</h1> $pageContent = '<h1> Edit Admin</h1>
<form action="editCategory.php" method="POST"> <form action="editCategory.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/> <label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
@ -44,6 +44,6 @@ else if (isset($_POST['submit'])) {
$stmt->execute($values); $stmt->execute($values);
unset($_SESSION['admin_id']); unset($_SESSION['admin_id']);
echo '<script>window.location.href = "adminCategories.php";</script>'; echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
} }
?> ?>

4
public/admin/editCategory.php
View File

@ -4,7 +4,7 @@ $pageTitle = '';
$stylesheet = '../assets/ibuy.css'; $stylesheet = '../assets/ibuy.css';
require_once '../../functions.php'; require_once '../../functions.php';
$cat = getFirstAllMatches('category', 'category_id', $_GET['category_id']); $cat = getFirstAllMatches('category', 'category_id', $_GET['category_id']);
adminCheck(); adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Edit Category</h1> $pageContent = '<h1> Edit Category</h1>
<form action="editCategory.php" method="POST"> <form action="editCategory.php" method="POST">
<label>Name</label> <input name="name" type="text" placeholder="'.$cat.'"/> <label>Name</label> <input name="name" type="text" placeholder="'.$cat.'"/>
@ -24,6 +24,6 @@ else if (isset($_POST['submit'])) {
]; ];
$stmt->execute($values); $stmt->execute($values);
unset($_SESSION['cat_id']); unset($_SESSION['cat_id']);
echo '<script>window.location.href = "adminCategories.php";</script>'; echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
} }
?> ?>