r0r-5chach/CSY2028-assignment-1
r0r-5chach
/
CSY2028-assignment-1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

comments

This commit is contained in:
Joshua Perry 2022-11-20 21:33:42 +00:00
parent 743b6bf6ca
commit 71a8656ecd
14 changed files with 49 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
functions.php
View File

@ -1,25 +1,22 @@
<?php
function fetchCats() {
$pdo = startDB();
$stmt = $pdo->prepare('SELECT * FROM category');
$stmt->execute();
function fetchCats() { //get all categories
$cats = executeQueryWithoutConstraint('category','*')->fetchAll();
return $cats;
}
function adminCheck() {
function adminCheck() { //check to see if user is logged in as admin
if(isset($_SESSION['admin'])) {
if($_SESSION['admin'] != 'y') {
echo '<script>window.location.href = "../index.php";</script>';
echo '<script>window.location.href = "../index.php";</script>'; //redirect
}
}
else {
echo'<script>window.location.href = "../index.php";</script>';
echo'<script>window.location.href = "../index.php";</script>'; //redirect
}
}
function startDB() { // Code for connecting to the database from https://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/
function startDB() { //Create a db connection
// Code for connecting to the database from https://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/
$server = 'mysql';
$username = 'student';
$password = 'student';
@ -28,23 +25,23 @@ function startDB() { // Code for connecting to the database from https://www.sit
return $pdo;
}
function checkListing() {
function checkListing() { //check if the get variables contains listing_id
if (!isset($_GET['listing_id'])) {
echo '<script>window.location.href = "index.php";</script>';
}
}
function checkId() {
function checkId() { //check if the get variables contains user_id
if (!isset($_GET['user_id'])) {
echo '<script>window.location.href = "index.php";</script>';
}
}
function getListing() {
function getListing() { //get listing that matches listing_id stored in the get variables
return getFirstAllMatches('auction', 'listing_id', $_GET['listing_id']);
}
function populateCatSelect() {
function populateCatSelect() { //Populate a select input with all categories
$cats = fetchCats();
$output = '';
foreach ($cats as &$cat) {
@ -53,7 +50,7 @@ function populateCatSelect() {
return $output;
}
function executeQuery($tableName, $colName, $constraintCol, $constraint) {
function executeQuery($tableName, $colName, $constraintCol, $constraint) { //execute a SELECT query that takes one constraint and one column name
$pdo = startDB();
$stmt = $pdo->prepare('SELECT '. $colName .' FROM '.$tableName.' WHERE '. $constraintCol .' = :constraint');
$values = [
@ -63,30 +60,30 @@ function executeQuery($tableName, $colName, $constraintCol, $constraint) {
return $stmt;
}
function executeQueryWithoutConstraint($tableName, $colName) {
function executeQueryWithoutConstraint($tableName, $colName) { //execute a SELECT query with no constraint and one column name
$pdo = startDB();
$stmt = $pdo->prepare('SELECT'.$colName.'FROM '.$tableName);
$stmt->execute();
return $stmt;
}
function getFirstMatch($tableName, $colName, $constraintCol, $constraint){
function getFirstMatch($tableName, $colName, $constraintCol, $constraint){ //return the first match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetch();
}
function getEveryMatch($tableName, $colName, $constraintCol, $constraint){
function getEveryMatch($tableName, $colName, $constraintCol, $constraint){ //return every match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetchAll();
}
function executeAllQuery($tableName, $constraintCol, $constraint) {
function executeAllQuery($tableName, $constraintCol, $constraint) { //execute a SELECT query with one constraint and all columns
return executeQuery($tableName, '*', $constraintCol, $constraint);
}
function getEveryAllMatches($tableName, $constraintCol, $constraint) {
function getEveryAllMatches($tableName, $constraintCol, $constraint) { //return every match of an executeALlQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetchAll();
}
function getFirstAllMatches($tableName, $constraintCol, $constraint) {
function getFirstAllMatches($tableName, $constraintCol, $constraint) { //return the first match of an executeAllQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetch();
}

8
public/account/addAuction.php
View File

@ -3,8 +3,8 @@ session_start();
$pageTitle = 'iBuy - Add Auction';
$stylesheet = '../assets/ibuy.css';
if (!isset($_SESSION['loggedin'])) {
echo '<script>window.location.href = "../index.php";</script>';
if (!isset($_SESSION['loggedin'])) { //redirects if user is not logged in
echo '<script>window.location.href = "../index.php";</script>'; //redirect
}
require_once '../../functions.php';
@ -21,8 +21,8 @@ $pageContent = '<h1>Add auction</h1>
require '../../layout.php';
if (isset($_POST['submit'])) {
if(imageUpload($_POST['title'].$_POST['endDate'])) {
$user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']);
if(imageUpload($_POST['title'].$_POST['endDate'])) { //if the image upload is successful add auction
$user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']); //get the first match of an all column query
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email, imgUrl)

6
public/account/editAuction.php
View File

@ -20,7 +20,7 @@ require '../../layout.php';
if(isset($_POST['submit'])) {
$pdo = startDB();
if(isset($_POST['delete'])) {
if(isset($_POST['delete'])) { //delete the auction if selected
$stmt = $pdo->prepare('DELETE FROM auction WHERE listing_id = :listing_id');
$values = [
'listing_id' => $listing['listing_id']
@ -28,7 +28,7 @@ if(isset($_POST['submit'])) {
$stmt->execute($values);
echo '<script>window.location.href = "../index.php";</script>';
}
if(imageUpload($_POST['title'].$_POST['endDate'])) {
if(imageUpload($_POST['title'].$_POST['endDate'])) { //if image upload is successful update the auction
$stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description, imgUrl = :imgUrl WHERE listing_id = :listing_id');
$values = [
@ -40,7 +40,7 @@ if(isset($_POST['submit'])) {
'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate']
];
$stmt->execute($values);
echo '<script>window.location.href = "../listing.php?listing_id='.$listing['listing_id'].'";</script>';
echo '<script>window.location.href = "../listing.php?listing_id='.$listing['listing_id'].'";</script>'; //redirect
}
}

8
public/account/login.php
View File

@ -15,14 +15,14 @@ require_once '../../functions.php';
$pdo = startDB();
if (isset($_POST['submit'])) {
$user = getFirstAllMatches('users', 'email', $_POST['email']);
if($user) {
if (password_verify($_POST['password'], $user['password'])) {
$user = getFirstAllMatches('users', 'email', $_POST['email']); //get the first match of an all column query
if($user) { //if the user exists
if (password_verify($_POST['password'], $user['password'])) { //if the entered and stored passwords match
$_SESSION['loggedin'] = $user['user_id'];
if ($user['admin'] === 'y') {
$_SESSION['admin'] = 'y';
}
echo'<script>window.location.href = "../index.php";</script>';
echo'<script>window.location.href = "../index.php";</script>'; //redirect
}
else {

3
public/account/logout.php
View File

@ -1,6 +1,7 @@
<?php
session_start();
//unset variables that manage login
unset($_SESSION['loggedin']);
unset($_SESSION['admin']);
echo'<script>window.location.href = "../index.php";</script>';
echo'<script>window.location.href = "../index.php";</script>'; //redirect
?>

2
public/account/register.php
View File

@ -15,7 +15,7 @@ $pageContent = '<p>Already have an account?<a href=\'login.php\'>Click here to L
require '../../layout.php';
if (isset($_POST['submit'])) {
addUser(false);
addUser(false); //adds the user to the db without admin privileges
echo '<p>Successful account creation</p>';
}
?>

4
public/account/userReviews.php
View File

@ -3,7 +3,7 @@ $pageTitle = 'iBuy - User Reviews';
require_once '../../functions.php';
checkId();
$user = getFirstAllMatches('users', 'user_id', $_GET['user_id']);
$user = getFirstAllMatches('users', 'user_id', $_GET['user_id']); //get the first match of an all column query
$pageContent = '<h1>'.$user['first_name'].$user['last_name'].'\'s Reviews</h1>
<ul>'. populateList() .'</ul>';
@ -11,7 +11,7 @@ $stylesheet = '../assets/ibuy.css';
require '../../layout.php';
function populateList() {
$reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']);
$reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']); //get every match of an all column query
$output = '';
foreach ($reviews as &$review) {

6
public/admin/addAdmin.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle ='iBuy - Add Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
adminCheck(); //checks to see if user is logged in as an admin
$pageContent = '<h1> Add Admin</h1>
<form action="addAdmin.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
@ -15,7 +15,7 @@ $pageContent = '<h1> Add Admin</h1>
require '../../layout.php';
if (isset($_POST['submit'])) {
addUser(true);
echo '<script>window.location.href = "manageAdmins.php";</script>';
addUser(true); //adds user to the db with admin privileges
echo '<script>window.location.href = "manageAdmins.php";</script>'; //redirect
}
?>

4
public/admin/addCategory.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle ='iBuy - Add Category';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Add Category</h1>
<form action="addCategory.php" method="POST">
<label>Name</label> <input name="name" type="text" placeholder="name"/>
@ -19,6 +19,6 @@ if (isset($_POST['submit'])) {
'name' => $_POST['name']
];
$stmt->execute($values);
echo '<script>window.location.href = "adminCategories.php";</script>';
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>

4
public/admin/adminCategories.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1>Categories <a href="addCategory.php">Add</a></h1>
<ul>'. populateContent() .'</ul>';
@ -11,7 +11,7 @@ require '../../layout.php';
function populateContent() {
$output = '';
$cats = fetchCats();
$cats = fetchCats(); //get all categories
foreach ($cats as &$cat) {
$output .= '<li>'. $cat['name'] . ' <a href="editCategory.php?category_id='. urlencode($cat['category_id']) .'">edit</a> <a href="deleteCategory.php?category_id='. urlencode($cat['category_id']). '">delete</a></li>';
}

6
public/admin/deleteAdmin.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Delete Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
adminCheck(); //checks to see if user is logged in as admin
if (isset($_GET['admin_id'])) {
$pdo = startDB();
@ -12,9 +12,9 @@ if (isset($_GET['admin_id'])) {
'category_id' => $_GET['admin_id']
];
$stmt->execute($values);
echo '<script>window.location.href = "adminCategories.php";</script>';
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
else {
echo '<script>window.location.href = "adminCategories.php";</script>';
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>

2
public/admin/deleteCategory.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Delete Category';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
adminCheck(); //checks to see if user is logged in as admin
if (isset($_GET['category_id'])) {
$pdo = startDB();

6
public/admin/editAdmin.php
View File

@ -3,8 +3,8 @@ session_start();
$pageTitle = '';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
$admin = getFirstAllMatches('users', 'user_id', $_GET['admin_id']);
adminCheck();
$admin = getFirstAllMatches('users', 'user_id', $_GET['admin_id']); //gets the first match from an all column query
adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Edit Admin</h1>
<form action="editCategory.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
@ -44,6 +44,6 @@ else if (isset($_POST['submit'])) {
$stmt->execute($values);
unset($_SESSION['admin_id']);
echo '<script>window.location.href = "adminCategories.php";</script>';
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>

4
public/admin/editCategory.php
View File

@ -4,7 +4,7 @@ $pageTitle = '';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
$cat = getFirstAllMatches('category', 'category_id', $_GET['category_id']);
adminCheck();
adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Edit Category</h1>
<form action="editCategory.php" method="POST">
<label>Name</label> <input name="name" type="text" placeholder="'.$cat.'"/>
@ -24,6 +24,6 @@ else if (isset($_POST['submit'])) {
];
$stmt->execute($values);
unset($_SESSION['cat_id']);
echo '<script>window.location.href = "adminCategories.php";</script>';
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>