r0r-5chach/CSY2028-assignment-1
r0r-5chach
/
CSY2028-assignment-1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

final touches

This commit is contained in:
Joshua Perry 2022-11-20 21:12:58 +00:00
parent 669791387b
commit 743b6bf6ca
12 changed files with 220 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
functions.php
View File

@ -34,6 +34,12 @@ function checkListing() {
}
}
function checkId() {
if (!isset($_GET['user_id'])) {
echo '<script>window.location.href = "index.php";</script>';
}
}
function getListing() {
return getFirstAllMatches('auction', 'listing_id', $_GET['listing_id']);
}
@ -131,4 +137,30 @@ function imageUpload($name) { //Code for uploading an image. Modified from https
return false;
}
}
function addUser($adminFlag) {
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO users (first_name, last_name, email, password, admin)
VALUES (:first_name, :last_name, :email, :password, :admin)');
if ($adminFlag) {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'admin' => 'y',
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT)
];
}
else {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'admin' => 'n',
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT)
];
}
$stmt->execute($values);
}
?>

5
layout.php
View File

@ -24,7 +24,7 @@ require_once 'functions.php';
<header>
<h1><a href="../index.php"><span class="i">i</span><span class="b">b</span><span class="u">u</span><span class="y">y</span></a></h1>
<form action="#">
<form action="../search.php" method='GET'>
<input type="text" name="search" placeholder="Search for anything" />
<input type="submit" name="submit" value="Search" />
</form>
@ -49,7 +49,8 @@ require_once 'functions.php';
echo $pageContent;
?>
<footer>
<a style="text-decoration: none;" href="../admin/adminCategories.php">admins</a><br>
<a style="text-decoration: none;" href="../admin/adminCategories.php">admin categories</a><br>
<a style="text-decoration: none;" href="../admin/manageAdmins.php">admin users</a><br>
&copy; ibuy <?php echo date('Y')?>
</footer>
</main>

17
public/account/login.php
View File

@ -16,13 +16,18 @@ $pdo = startDB();
if (isset($_POST['submit'])) {
$user = getFirstAllMatches('users', 'email', $_POST['email']);
if (password_verify($_POST['password'], $user['password'])) {
$_SESSION['loggedin'] = $user['user_id'];
if ($user['admin'] === 'y') {
$_SESSION['admin'] = 'y';
if($user) {
if (password_verify($_POST['password'], $user['password'])) {
$_SESSION['loggedin'] = $user['user_id'];
if ($user['admin'] === 'y') {
$_SESSION['admin'] = 'y';
}
echo'<script>window.location.href = "../index.php";</script>';
}
else {
echo '<p>Unsuccessful Login</p>';
}
echo'<script>window.location.href = "../index.php";</script>';
}
else {
echo '<p>Unsuccessful Login</p>';

17
public/account/register.php
View File

@ -1,21 +1,6 @@
<?php
require_once '../../functions.php';
function addUser() {
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO users (first_name, last_name, email, password, admin)
VALUES (:first_name, :last_name, :email, :password, :admin)');
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'admin' => 'n',
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT)
];
$stmt->execute($values);
}
$pageTitle = 'iBuy - Register';
$pageContent = '<p>Already have an account?<a href=\'login.php\'>Click here to Login</a></p>
<h1>Register</h1>
@ -30,7 +15,7 @@ $pageContent = '<p>Already have an account?<a href=\'login.php\'>Click here to L
require '../../layout.php';
if (isset($_POST['submit'])) {
addUser();
addUser(false);
echo '<p>Successful account creation</p>';
}
?>

27
public/account/userReviews.php Normal file
View File

@ -0,0 +1,27 @@
<?php
$pageTitle = 'iBuy - User Reviews';
require_once '../../functions.php';
checkId();
$user = getFirstAllMatches('users', 'user_id', $_GET['user_id']);
$pageContent = '<h1>'.$user['first_name'].$user['last_name'].'\'s Reviews</h1>
<ul>'. populateList() .'</ul>';
$stylesheet = '../assets/ibuy.css';
require '../../layout.php';
function populateList() {
$reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']);
$output = '';
foreach ($reviews as &$review) {
$user = getFirstAllMatches('users', 'user_id', $review['user_id']);
if(!$user) {
$output .= '<li><strong>'. $review['review_date'] . '</strong> '. $review['review_contents']. '<em> reviewing Deleted</em></li>';
}
else {
$output .= '<li><strong>'. $review['review_date'] . '</strong> '. $review['review_contents']. '<em> reviewing '. $user['first_name'].$user['last_name'].'</em></li>';
}
}
return $output;
}

21
public/admin/addAdmin.php Normal file
View File

@ -0,0 +1,21 @@
<?php
session_start();
$pageTitle ='iBuy - Add Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
$pageContent = '<h1> Add Admin</h1>
<form action="addAdmin.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
<label>Last Name</label> <input name="last_name" type="text" placeholder="Doe"/>
<label>Email</label> <input name="email" type="email" placeholder="john.doe@example.com"/>
<label>Password</label> <input name="password" type="password" placeholder="password"/>
<input name="submit" type="submit" value="Submit" />
</form>';
require '../../layout.php';
if (isset($_POST['submit'])) {
addUser(true);
echo '<script>window.location.href = "manageAdmins.php";</script>';
}
?>

20
public/admin/deleteAdmin.php Normal file
View File

@ -0,0 +1,20 @@
<?php
session_start();
$pageTitle = 'iBuy - Delete Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
if (isset($_GET['admin_id'])) {
$pdo = startDB();
$stmt = $pdo->prepare('DELETE FROM users WHERE user_id= :category_id');
$values = [
'category_id' => $_GET['admin_id']
];
$stmt->execute($values);
echo '<script>window.location.href = "adminCategories.php";</script>';
}
else {
echo '<script>window.location.href = "adminCategories.php";</script>';
}
?>

49
public/admin/editAdmin.php Normal file
View File

@ -0,0 +1,49 @@
<?php
session_start();
$pageTitle = '';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
$admin = getFirstAllMatches('users', 'user_id', $_GET['admin_id']);
adminCheck();
$pageContent = '<h1> Edit Admin</h1>
<form action="editCategory.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
<label>Last Name</label> <input name="last_name" type="text" placeholder="Doe"/>
<label>Email</label> <input name="email" type="email" placeholder="john.doe@example.com"/>
<label>Password</label> <input name="password" type="password" placeholder="password"/>
<label>Admin</label> <input type="checkbox" name="admin" value = "y"/>
<input name="submit" type="submit" value="Submit" />
</form>';
require '../../layout.php';
if (isset($_GET['admin_id'])) {
$_SESSION['admin_id'] = $_GET['admin_id'];
}
else if (isset($_POST['submit'])) {
$pdo = startDB();
$stmt = $pdo->prepare('UPDATE users SET first_name= :first_name, last_name= :last_name, email= :email, password= :password, admin= :admin WHERE user_id= :category_id');
if(isset($_POST['admin'])) {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT),
'admin' => $_POST['admin']
];
}
else {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT),
'admin' => 'n'
];
}
$stmt->execute($values);
unset($_SESSION['admin_id']);
echo '<script>window.location.href = "adminCategories.php";</script>';
}
?>

20
public/admin/manageAdmins.php Normal file
View File

@ -0,0 +1,20 @@
<?php
session_start();
$pageTitle = 'iBuy - Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
$pageContent = '<h1>Admins <a href="addAdmin.php">Add</a></h1>
<ul>'. populateContent() .'</ul>';
require '../../layout.php';
function populateContent() {
$output = '';
$admins = getEveryAllMatches('users', 'admin', 'y');
foreach ($admins as &$admin) {
$output .= '<li>'. $admin['first_name'].$admin['last_name'] . ' <a href="editAdmin.php?admin_id='. urlencode($admin['user_id']) .'">edit</a> <a href="deleteAdmin.php?admin_id='. urlencode($admin['user_id']). '">delete</a></li>';
}
return $output;
}
?>

4
public/listing.php
View File

@ -23,7 +23,7 @@ else if (isset($_POST['reviewSubmit'])) {
VALUES (:review_user, :review_date, :review_contents, :user_id)');
$values = [
'review_user' => $_SESSION['loggedin'],
'review_date' => date('Y-m-d'),
'review_date' => date('Y-m-d H:i:s'),
'review_contents' => $_POST['reviewtext'],
'user_id' => $user['user_id']
];
@ -90,7 +90,7 @@ function getReviews($user_id) {
$output = '';
foreach ($reviews as &$review) {
$user = getFirstAllMatches('users', 'user_id', $review['review_user']);
$output .= '<li><strong>'.$user['first_name'].$user['last_name'].' said </strong>'.$review['review_contents'].' <em>'. $review['review_date'] .'</em></li>';
$output .= '<li><a href="account/userReviews.php?user_id='.$review['review_user'].'">'.$user['first_name'].$user['last_name'].' said </a>'.$review['review_contents'].' <em>'. $review['review_date'] .'</em></li>';
}
return $output;

34
public/search.php Normal file
View File

@ -0,0 +1,34 @@
<?php
session_start();
$pageTitle = 'iBuy - Search Results';
require_once '../functions.php';
$pageContent = '<h1> Search Results </h1>
<ul>'. populateResults() .'</ul>';
require '../layout.php';
function populateResults() {
$output = '';
$pdo = startDB();
$stmt = $pdo->prepare('SELECT * FROM auction WHERE title LIKE "%'.$_GET['search'].'%"');
$stmt->execute();
$listings = $stmt->fetchAll();
foreach ($listings as &$listing) {
$listCat = getFirstAllMatches('category', 'category_id', $listing['categoryId'])['name'];
$bid = getFirstMatch('bids','MAX(amount)', 'listing_id', $listing['listing_id']);
$output .= '<li>
<img src="'.$listing['imgUrl'].'" alt="product name">
<article>
<h2>'. $listing['title'] .'</h2>
<h3>'. $listing['categoryId'] .'</h3>
<p>'. $listing['description'] .'</p>
<p class="price">Current bid:'. $bid['MAX(amount)'] .'</p>
<a href="listing.php?listing_id='. $listing['listing_id'] .'" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>';
}
return $output;
}

1
todo.txt
View File

@ -1 +0,0 @@
//TODO: userReviews, addAdmin, manageAdmin, search