From 743b6bf6caae0c83904b246e9d1175bf9de74c06 Mon Sep 17 00:00:00 2001 From: Joshua Perry <45966243+jpez-development@users.noreply.github.com> Date: Sun, 20 Nov 2022 21:12:58 +0000 Subject: [PATCH] final touches --- functions.php | 32 ++++++++++++++++++++++ layout.php | 5 ++-- public/account/login.php | 17 +++++++----- public/account/register.php | 17 +----------- public/account/userReviews.php | 27 +++++++++++++++++++ public/admin/addAdmin.php | 21 +++++++++++++++ public/admin/deleteAdmin.php | 20 ++++++++++++++ public/admin/editAdmin.php | 49 ++++++++++++++++++++++++++++++++++ public/admin/manageAdmins.php | 20 ++++++++++++++ public/listing.php | 4 +-- public/search.php | 34 +++++++++++++++++++++++ todo.txt | 1 - 12 files changed, 220 insertions(+), 27 deletions(-) create mode 100644 public/account/userReviews.php create mode 100644 public/admin/addAdmin.php create mode 100644 public/admin/deleteAdmin.php create mode 100644 public/admin/editAdmin.php create mode 100644 public/admin/manageAdmins.php create mode 100644 public/search.php delete mode 100644 todo.txt diff --git a/functions.php b/functions.php index e7a5cd7..7956451 100644 --- a/functions.php +++ b/functions.php @@ -34,6 +34,12 @@ function checkListing() { } } +function checkId() { + if (!isset($_GET['user_id'])) { + echo ''; + } +} + function getListing() { return getFirstAllMatches('auction', 'listing_id', $_GET['listing_id']); } @@ -131,4 +137,30 @@ function imageUpload($name) { //Code for uploading an image. Modified from https return false; } } + +function addUser($adminFlag) { + $pdo = startDB(); + + $stmt = $pdo->prepare('INSERT INTO users (first_name, last_name, email, password, admin) + VALUES (:first_name, :last_name, :email, :password, :admin)'); + if ($adminFlag) { + $values = [ + 'first_name' => $_POST['first_name'], + 'last_name' => $_POST['last_name'], + 'email' => $_POST['email'], + 'admin' => 'y', + 'password' => password_hash($_POST['password'], PASSWORD_DEFAULT) + ]; + } + else { + $values = [ + 'first_name' => $_POST['first_name'], + 'last_name' => $_POST['last_name'], + 'email' => $_POST['email'], + 'admin' => 'n', + 'password' => password_hash($_POST['password'], PASSWORD_DEFAULT) + ]; + } + $stmt->execute($values); +} ?> \ No newline at end of file diff --git a/layout.php b/layout.php index 9381337..c9b1b1a 100644 --- a/layout.php +++ b/layout.php @@ -24,7 +24,7 @@ require_once 'functions.php';

ibuy

-
+
@@ -49,7 +49,8 @@ require_once 'functions.php'; echo $pageContent; ?> diff --git a/public/account/login.php b/public/account/login.php index 5f384ee..3b437b7 100644 --- a/public/account/login.php +++ b/public/account/login.php @@ -16,13 +16,18 @@ $pdo = startDB(); if (isset($_POST['submit'])) { $user = getFirstAllMatches('users', 'email', $_POST['email']); - if (password_verify($_POST['password'], $user['password'])) { - $_SESSION['loggedin'] = $user['user_id']; - if ($user['admin'] === 'y') { - $_SESSION['admin'] = 'y'; + if($user) { + if (password_verify($_POST['password'], $user['password'])) { + $_SESSION['loggedin'] = $user['user_id']; + if ($user['admin'] === 'y') { + $_SESSION['admin'] = 'y'; + } + echo''; + + } + else { + echo '

Unsuccessful Login

'; } - echo''; - } else { echo '

Unsuccessful Login

'; diff --git a/public/account/register.php b/public/account/register.php index 27adf79..02b47d9 100644 --- a/public/account/register.php +++ b/public/account/register.php @@ -1,21 +1,6 @@ prepare('INSERT INTO users (first_name, last_name, email, password, admin) - VALUES (:first_name, :last_name, :email, :password, :admin)'); - $values = [ - 'first_name' => $_POST['first_name'], - 'last_name' => $_POST['last_name'], - 'email' => $_POST['email'], - 'admin' => 'n', - 'password' => password_hash($_POST['password'], PASSWORD_DEFAULT) - ]; - $stmt->execute($values); -} - $pageTitle = 'iBuy - Register'; $pageContent = '

Already have an account?Click here to Login

Register

@@ -30,7 +15,7 @@ $pageContent = '

Already have an account?Click here to L require '../../layout.php'; if (isset($_POST['submit'])) { - addUser(); + addUser(false); echo '

Successful account creation

'; } ?> \ No newline at end of file diff --git a/public/account/userReviews.php b/public/account/userReviews.php new file mode 100644 index 0000000..6c92e27 --- /dev/null +++ b/public/account/userReviews.php @@ -0,0 +1,27 @@ +'.$user['first_name'].$user['last_name'].'\'s Reviews +'; +$stylesheet = '../assets/ibuy.css'; +require '../../layout.php'; + +function populateList() { + $reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']); + $output = ''; + + foreach ($reviews as &$review) { + $user = getFirstAllMatches('users', 'user_id', $review['user_id']); + if(!$user) { + $output .= '
  • '. $review['review_date'] . ' '. $review['review_contents']. ' reviewing Deleted
    • '; + } + else { + $output .= '
  • '. $review['review_date'] . ' '. $review['review_contents']. ' reviewing '. $user['first_name'].$user['last_name'].'
    • '; + } + } + return $output; +} \ No newline at end of file diff --git a/public/admin/addAdmin.php b/public/admin/addAdmin.php new file mode 100644 index 0000000..a7a2775 --- /dev/null +++ b/public/admin/addAdmin.php @@ -0,0 +1,21 @@ + Add Admin +
    + + + + + +
    '; +require '../../layout.php'; + +if (isset($_POST['submit'])) { + addUser(true); + echo ''; +} +?> \ No newline at end of file diff --git a/public/admin/deleteAdmin.php b/public/admin/deleteAdmin.php new file mode 100644 index 0000000..1fc1418 --- /dev/null +++ b/public/admin/deleteAdmin.php @@ -0,0 +1,20 @@ +prepare('DELETE FROM users WHERE user_id= :category_id'); + $values = [ + 'category_id' => $_GET['admin_id'] + ]; + $stmt->execute($values); + echo ''; +} +else { + echo ''; +} +?> \ No newline at end of file diff --git a/public/admin/editAdmin.php b/public/admin/editAdmin.php new file mode 100644 index 0000000..8b9d05e --- /dev/null +++ b/public/admin/editAdmin.php @@ -0,0 +1,49 @@ + Edit Admin +
    + + + + + + +
    '; +require '../../layout.php'; + +if (isset($_GET['admin_id'])) { + $_SESSION['admin_id'] = $_GET['admin_id']; +} +else if (isset($_POST['submit'])) { + $pdo = startDB(); + $stmt = $pdo->prepare('UPDATE users SET first_name= :first_name, last_name= :last_name, email= :email, password= :password, admin= :admin WHERE user_id= :category_id'); + + if(isset($_POST['admin'])) { + $values = [ + 'first_name' => $_POST['first_name'], + 'last_name' => $_POST['last_name'], + 'email' => $_POST['email'], + 'password' => password_hash($_POST['password'], PASSWORD_DEFAULT), + 'admin' => $_POST['admin'] + ]; + } + else { + $values = [ + 'first_name' => $_POST['first_name'], + 'last_name' => $_POST['last_name'], + 'email' => $_POST['email'], + 'password' => password_hash($_POST['password'], PASSWORD_DEFAULT), + 'admin' => 'n' + ]; + } + + $stmt->execute($values); + unset($_SESSION['admin_id']); + echo ''; +} +?> \ No newline at end of file diff --git a/public/admin/manageAdmins.php b/public/admin/manageAdmins.php new file mode 100644 index 0000000..b587c92 --- /dev/null +++ b/public/admin/manageAdmins.php @@ -0,0 +1,20 @@ +Admins     Add +'; + +require '../../layout.php'; + +function populateContent() { + $output = ''; + $admins = getEveryAllMatches('users', 'admin', 'y'); + foreach ($admins as &$admin) { + $output .= '
  • '. $admin['first_name'].$admin['last_name'] . ' edit delete
    • '; + } + return $output; +} +?> \ No newline at end of file diff --git a/public/listing.php b/public/listing.php index e6c4dc8..c821c5a 100644 --- a/public/listing.php +++ b/public/listing.php @@ -23,7 +23,7 @@ else if (isset($_POST['reviewSubmit'])) { VALUES (:review_user, :review_date, :review_contents, :user_id)'); $values = [ 'review_user' => $_SESSION['loggedin'], - 'review_date' => date('Y-m-d'), + 'review_date' => date('Y-m-d H:i:s'), 'review_contents' => $_POST['reviewtext'], 'user_id' => $user['user_id'] ]; @@ -90,7 +90,7 @@ function getReviews($user_id) { $output = ''; foreach ($reviews as &$review) { $user = getFirstAllMatches('users', 'user_id', $review['review_user']); - $output .= '
  • '.$user['first_name'].$user['last_name'].' said '.$review['review_contents'].' '. $review['review_date'] .'
    • '; + $output .= '
  • '.$user['first_name'].$user['last_name'].' said '.$review['review_contents'].' '. $review['review_date'] .'
    • '; } return $output; diff --git a/public/search.php b/public/search.php new file mode 100644 index 0000000..010eee5 --- /dev/null +++ b/public/search.php @@ -0,0 +1,34 @@ + Search Results +'; + +require '../layout.php'; + +function populateResults() { + $output = ''; + $pdo = startDB(); + $stmt = $pdo->prepare('SELECT * FROM auction WHERE title LIKE "%'.$_GET['search'].'%"'); + $stmt->execute(); + $listings = $stmt->fetchAll(); + + foreach ($listings as &$listing) { + $listCat = getFirstAllMatches('category', 'category_id', $listing['categoryId'])['name']; + $bid = getFirstMatch('bids','MAX(amount)', 'listing_id', $listing['listing_id']); + + $output .= '
  • + product name +
    +

    '. $listing['title'] .'

    +

    '. $listing['categoryId'] .'

    +

    '. $listing['description'] .'

    +

    Current bid:'. $bid['MAX(amount)'] .'

    + More >> +
    +
    • '; + } + + return $output; +} \ No newline at end of file diff --git a/todo.txt b/todo.txt deleted file mode 100644 index 29fb0f8..0000000 --- a/todo.txt +++ /dev/null @@ -1 +0,0 @@ -//TODO: userReviews, addAdmin, manageAdmin, search \ No newline at end of file