r0r-5chach/CSY2028-assignment-1
r0r-5chach
/
CSY2028-assignment-1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: r0r-5chach:7189a63e97fc6f8f043f47f5ec791cbbcce14972
Branches Tags
r0r-5chach:master
..
compare: r0r-5chach:5d26b0fadaa24e21d6729c9883ba47bb6770f45b
Branches Tags
r0r-5chach:master

No commits in common. "7189a63e97fc6f8f043f47f5ec791cbbcce14972" and "5d26b0fadaa24e21d6729c9883ba47bb6770f45b" have entirely different histories.
7189a63e97 ... 5d26b0fada

21 changed files with 244 additions and 460 deletions
Show Stats Expand all files Collapse all files

148
functions.php
View File

@ -1,22 +1,25 @@
<?php
function fetchCats() { //get all categories
$cats = executeQueryWithoutConstraint('category','*')->fetchAll();
function fetchCats() {
$pdo = startDB();
$stmt = $pdo->prepare('SELECT * FROM category');
$stmt->execute();
$cats = $stmt->fetchAll();
return $cats;
}
function adminCheck() { //check to see if user is logged in as admin
function adminCheck() {
if(isset($_SESSION['admin'])) {
if($_SESSION['admin'] != 'y') {
echo '<script>window.location.href = "../index.php";</script>'; //redirect
echo '<script>window.location.href = "../index.php";</script>';
}
}
else {
echo'<script>window.location.href = "../index.php";</script>'; //redirect
echo'<script>window.location.href = "../index.php";</script>';
}
}
function startDB() { //Create a db connection
// Code for connecting to the database from https://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/
function startDB() {
$server = 'mysql';
$username = 'student';
$password = 'student';
@ -25,23 +28,23 @@ function startDB() { //Create a db connection
return $pdo;
}
function checkListing() { //check if the get variables contains listing_id
function checkListing() {
if (!isset($_GET['listing_id'])) {
echo '<script>window.location.href = "index.php";</script>';
}
}
function checkId() { //check if the get variables contains user_id
if (!isset($_GET['user_id'])) {
echo '<script>window.location.href = "index.php";</script>';
}
function getListing() {
$pdo = startDB();
$stmt = $pdo->prepare('SELECT * FROM auction WHERE listing_id = :listing_id');
$values = [
'listing_id' => $_GET['listing_id']
];
$stmt->execute($values);
return $stmt->fetch();
}
function getListing() { //get listing that matches listing_id stored in the get variables
return getFirstAllMatches('auction', 'listing_id', $_GET['listing_id']);
}
function populateCatSelect() { //Populate a select input with all categories
function populateCatSelect() {
$cats = fetchCats();
$output = '';
foreach ($cats as &$cat) {
@ -49,115 +52,4 @@ function populateCatSelect() { //Populate a select input with all categories
}
return $output;
}
function executeQuery($tableName, $colName, $constraintCol, $constraint) { //execute a SELECT query that takes one constraint and one column name
$pdo = startDB();
$stmt = $pdo->prepare('SELECT '. $colName .' FROM '.$tableName.' WHERE '. $constraintCol .' = :constraint');
$values = [
'constraint' => $constraint
];
$stmt->execute($values);
return $stmt;
}
function executeQueryWithoutConstraint($tableName, $colName) { //execute a SELECT query with no constraint and one column name
$pdo = startDB();
$stmt = $pdo->prepare('SELECT'.$colName.'FROM '.$tableName);
$stmt->execute();
return $stmt;
}
function getFirstMatch($tableName, $colName, $constraintCol, $constraint){ //return the first match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetch();
}
function getEveryMatch($tableName, $colName, $constraintCol, $constraint){ //return every match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetchAll();
}
function executeAllQuery($tableName, $constraintCol, $constraint) { //execute a SELECT query with one constraint and all columns
return executeQuery($tableName, '*', $constraintCol, $constraint);
}
function getEveryAllMatches($tableName, $constraintCol, $constraint) { //return every match of an executeALlQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetchAll();
}
function getFirstAllMatches($tableName, $constraintCol, $constraint) { //return the first match of an executeAllQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetch();
}
function imageUpload($name) { //Code for uploading an image. Modified from https://www.w3schools.com/php/php_file_upload.asp
$imgDir = 'public/images/auctions/';
$file = $imgDir . $name;
$okFlag = true;
$fileType = strtolower($_FILES['auctionImg']['type']);
//check if file is actually an image
if(isset($_POST['submit'])) {
$sizeCheck = getimagesize($_FILES['auctionImg']['tmp_name']);
if (!$sizeCheck) {
$okFlag = false;
echo 'not an image';
}
}
//check if file exists
if(file_exists($file)) {
$okFlag = false;
echo 'already exists';
}
if($_FILES['auctionImg']['size'] > 10000000) {
$okFlag = false;
echo 'too big';
}
//check filetypes
$types = array('image/jpg','image/png','image/jpeg','image/gif');
if(!in_array($fileType, $types)) {
$okFlag = false;
echo 'wrong type';
}
if($okFlag) {
if (move_uploaded_file($_FILES['auctionImg']['tmp_name'], '../../'.$file)) {
return true;
}
else {
echo '<p>There was an error uploading your image</p>';
return false;
}
}
else {
echo '<p>There was an error uploading your image</p>';
return false;
}
}
function addUser($adminFlag) {
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO users (first_name, last_name, email, password, admin)
VALUES (:first_name, :last_name, :email, :password, :admin)');
if ($adminFlag) {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'admin' => 'y',
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT)
];
}
else {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'admin' => 'n',
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT)
];
}
$stmt->execute($values);
}
?>

5
layout.php
View File

@ -24,7 +24,7 @@ require_once 'functions.php';
<header>
<h1><a href="../index.php"><span class="i">i</span><span class="b">b</span><span class="u">u</span><span class="y">y</span></a></h1>
<form action="../search.php" method='GET'>
<form action="#">
<input type="text" name="search" placeholder="Search for anything" />
<input type="submit" name="submit" value="Search" />
</form>
@ -49,8 +49,7 @@ require_once 'functions.php';
echo $pageContent;
?>
<footer>
<a style="text-decoration: none;" href="../admin/adminCategories.php">admin categories</a><br>
<a style="text-decoration: none;" href="../admin/manageAdmins.php">admin users</a><br>
<a style="text-decoration: none;" href="../admin/adminCategories.php">admins</a><br>
&copy; ibuy <?php echo date('Y')?>
</footer>
</main>

27
public/account/addAuction.php
View File

@ -3,41 +3,44 @@ session_start();
$pageTitle = 'iBuy - Add Auction';
$stylesheet = '../assets/ibuy.css';
if (!isset($_SESSION['loggedin'])) { //redirects if user is not logged in
echo '<script>window.location.href = "../index.php";</script>'; //redirect
if (!isset($_SESSION['loggedin'])) {
echo '<script>window.location.href = "../index.php";</script>';
}
require_once '../../functions.php';
$pdo = startDB();
$pageContent = '<h1>Add auction</h1>
<form action="addAuction.php" method="POST" enctype="multipart/form-data">
<form action="addAuction.php" method="POST">
<label>Title</label> <input name="title" type="text" placeholder="Auction Title"/>
<label>Category</label> <select name="category" style="width:420px; margin-bottom: 10px;">'. populateCatSelect() .'</select>
<label>End Date</label> <input name="endDate" type="date"/>
<label>Description</label> <textarea name="description" style="width: 438px; height: 249px;" placeholder="description"></textarea>
<label>Image</label> <input type="file" name="auctionImg"/>
<input name="submit" type="submit" value="Submit" style="margin-top: 10px;"/>
</form>';
require '../../layout.php';
if (isset($_POST['submit'])) {
if(imageUpload($_POST['title'].$_POST['endDate'])) { //if the image upload is successful add auction
$user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']); //get the first match of an all column query
$stmt = $pdo->prepare('SELECT * FROM users WHERE user_id = :user_id');
$values = [
'user_id' => $_SESSION['loggedin']
];
$stmt->execute($values);
$user = $stmt->fetch();
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email, imgUrl)
VALUES (:title, :description, :endDate, :categoryID, :email, :imgUrl)');
$stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email)
VALUES (:title, :description, :endDate, :categoryID, :email)');
$values = [
'title' => $_POST['title'],
'description' => $_POST['description'],
'endDate' => $_POST['endDate'],
'categoryID' => intval($_POST['category']),
'email' => $user['email'],
'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate']
'email' => $user['email']
];
$stmt->execute($values);
echo '<p>Successful Post</p>';
}
}
?>

25
public/account/editAuction.php
View File

@ -4,44 +4,29 @@ $stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
checkListing();
$pdo = startDB();
$listing = getListing();
$pageContent = '<h1>Edit Auction</h1>
<form action="editAuction.php?listing_id='.$listing['listing_id'].'" method="POST" enctype="multipart/form-data">
<form action="editAuction.php?listing_id='.$listing['listing_id'].'" method="POST">
<label>Title</label> <input name="title" type="text" placeholder="'. $listing['title'] .'"/>
<label>Category</label> <select name="category" style="width:420px; margin-bottom: 10px;">'. populateCatSelect() .'</select>
<label>End Date</label> <input name="endDate" type="date"/>
<label>Description</label> <textarea name="description" style="width: 438px; height: 249px;" placeholder="'. $listing['description'] .'"></textarea>
<label>Image</label> <input type="file" name="auctionImg"/>
<label>Delete</label> <input type="checkbox" name="delete" value = "true"/>
<input name="submit" type="submit" value="Submit" style="margin-top: 10px;"/>
</form>';
require '../../layout.php';
if(isset($_POST['submit'])) {
$pdo = startDB();
if(isset($_POST['delete'])) { //delete the auction if selected
$stmt = $pdo->prepare('DELETE FROM auction WHERE listing_id = :listing_id');
$values = [
'listing_id' => $listing['listing_id']
];
$stmt->execute($values);
echo '<script>window.location.href = "../index.php";</script>';
}
if(imageUpload($_POST['title'].$_POST['endDate'])) { //if image upload is successful update the auction
$stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description, imgUrl = :imgUrl WHERE listing_id = :listing_id');
$stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description');
$values = [
'title' => $_POST['title'],
'categoryId' => intval($_POST['category']),
'endDate' => $_POST['endDate'],
'description' => $_POST['description'],
'listing_id' => $listing['listing_id'],
'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate']
'description' => $_POST['description']
];
$stmt->execute($values);
echo '<script>window.location.href = "../listing.php?listing_id='.$listing['listing_id'].'";</script>'; //redirect
}
echo '<script>window.location.href = "../listing.php?listing_id='.$listing['listing_id'].'";</script>';
}
?>

16
public/account/login.php
View File

@ -15,22 +15,22 @@ require_once '../../functions.php';
$pdo = startDB();
if (isset($_POST['submit'])) {
$user = getFirstAllMatches('users', 'email', $_POST['email']); //get the first match of an all column query
if($user) { //if the user exists
if (password_verify($_POST['password'], $user['password'])) { //if the entered and stored passwords match
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email');
$values = [
'email' => $_POST['email']
];
$stmt->execute($values);
$user = $stmt->fetch();
if (password_verify($_POST['password'], $user['password'])) {
$_SESSION['loggedin'] = $user['user_id'];
if ($user['admin'] === 'y') {
$_SESSION['admin'] = 'y';
}
echo'<script>window.location.href = "../index.php";</script>'; //redirect
echo'<script>window.location.href = "../index.php";</script>';
}
else {
echo '<p>Unsuccessful Login</p>';
}
}
else {
echo '<p>Unsuccessful Login</p>';
}
}
?>

3
public/account/logout.php
View File

@ -1,7 +1,6 @@
<?php
session_start();
//unset variables that manage login
unset($_SESSION['loggedin']);
unset($_SESSION['admin']);
echo'<script>window.location.href = "../index.php";</script>'; //redirect
echo'<script>window.location.href = "../index.php";</script>';
?>

17
public/account/register.php
View File

@ -1,6 +1,21 @@
<?php
require_once '../../functions.php';
function addUser() {
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO users (first_name, last_name, email, password, admin)
VALUES (:first_name, :last_name, :email, :password, :admin)');
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'admin' => 'n',
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT)
];
$stmt->execute($values);
}
$pageTitle = 'iBuy - Register';
$pageContent = '<p>Already have an account?<a href=\'login.php\'>Click here to Login</a></p>
<h1>Register</h1>
@ -15,7 +30,7 @@ $pageContent = '<p>Already have an account?<a href=\'login.php\'>Click here to L
require '../../layout.php';
if (isset($_POST['submit'])) {
addUser(false); //adds the user to the db without admin privileges
addUser();
echo '<p>Successful account creation</p>';
}
?>

28
public/account/userReviews.php
View File

@ -1,28 +0,0 @@
<?php
$pageTitle = 'iBuy - User Reviews';
require_once '../../functions.php';
checkId();
$user = getFirstAllMatches('users', 'user_id', $_GET['user_id']); //get the first match of an all column query
$pageContent = '<h1>'.$user['first_name'].$user['last_name'].'\'s Reviews</h1>
<ul>'. populateList() .'</ul>';
$stylesheet = '../assets/ibuy.css';
require '../../layout.php';
function populateList() {
$reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']); //get every match of an all column query
$output = '';
foreach ($reviews as &$review) {
$user = getFirstAllMatches('users', 'user_id', $review['user_id']);
if(!$user) {
$output .= '<li><strong>'. $review['review_date'] . '</strong> '. $review['review_contents']. '<em> reviewing Deleted</em></li>';
}
else {
$output .= '<li><strong>'. $review['review_date'] . '</strong> '. $review['review_contents']. '<em> reviewing '. $user['first_name'].$user['last_name'].'</em></li>';
}
}
return $output;
}
?>

21
public/admin/addAdmin.php
View File

@ -1,21 +0,0 @@
<?php
session_start();
$pageTitle ='iBuy - Add Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck(); //checks to see if user is logged in as an admin
$pageContent = '<h1> Add Admin</h1>
<form action="addAdmin.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
<label>Last Name</label> <input name="last_name" type="text" placeholder="Doe"/>
<label>Email</label> <input name="email" type="email" placeholder="john.doe@example.com"/>
<label>Password</label> <input name="password" type="password" placeholder="password"/>
<input name="submit" type="submit" value="Submit" />
</form>';
require '../../layout.php';
if (isset($_POST['submit'])) {
addUser(true); //adds user to the db with admin privileges
echo '<script>window.location.href = "manageAdmins.php";</script>'; //redirect
}
?>

4
public/admin/addCategory.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle ='iBuy - Add Category';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck(); //checks to see if user is logged in as admin
adminCheck();
$pageContent = '<h1> Add Category</h1>
<form action="addCategory.php" method="POST">
<label>Name</label> <input name="name" type="text" placeholder="name"/>
@ -19,6 +19,6 @@ if (isset($_POST['submit'])) {
'name' => $_POST['name']
];
$stmt->execute($values);
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
echo '<script>window.location.href = "adminCategories.php";</script>';
}
?>

4
public/admin/adminCategories.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck(); //checks to see if user is logged in as admin
adminCheck();
$pageContent = '<h1>Categories <a href="addCategory.php">Add</a></h1>
<ul>'. populateContent() .'</ul>';
@ -11,7 +11,7 @@ require '../../layout.php';
function populateContent() {
$output = '';
$cats = fetchCats(); //get all categories
$cats = fetchCats();
foreach ($cats as &$cat) {
$output .= '<li>'. $cat['name'] . ' <a href="editCategory.php?category_id='. urlencode($cat['category_id']) .'">edit</a> <a href="deleteCategory.php?category_id='. urlencode($cat['category_id']). '">delete</a></li>';
}

20
public/admin/deleteAdmin.php
View File

@ -1,20 +0,0 @@
<?php
session_start();
$pageTitle = 'iBuy - Delete Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck(); //checks to see if user is logged in as admin
if (isset($_GET['admin_id'])) {
$pdo = startDB();
$stmt = $pdo->prepare('DELETE FROM users WHERE user_id= :category_id');
$values = [
'category_id' => $_GET['admin_id']
];
$stmt->execute($values);
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
else {
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>

2
public/admin/deleteCategory.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Delete Category';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck(); //checks to see if user is logged in as admin
adminCheck();
if (isset($_GET['category_id'])) {
$pdo = startDB();

49
public/admin/editAdmin.php
View File

@ -1,49 +0,0 @@
<?php
session_start();
$pageTitle = '';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
$admin = getFirstAllMatches('users', 'user_id', $_GET['admin_id']); //gets the first match from an all column query
adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Edit Admin</h1>
<form action="editCategory.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
<label>Last Name</label> <input name="last_name" type="text" placeholder="Doe"/>
<label>Email</label> <input name="email" type="email" placeholder="john.doe@example.com"/>
<label>Password</label> <input name="password" type="password" placeholder="password"/>
<label>Admin</label> <input type="checkbox" name="admin" value = "y"/>
<input name="submit" type="submit" value="Submit" />
</form>';
require '../../layout.php';
if (isset($_GET['admin_id'])) {
$_SESSION['admin_id'] = $_GET['admin_id'];
}
else if (isset($_POST['submit'])) {
$pdo = startDB();
$stmt = $pdo->prepare('UPDATE users SET first_name= :first_name, last_name= :last_name, email= :email, password= :password, admin= :admin WHERE user_id= :category_id');
if(isset($_POST['admin'])) {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT),
'admin' => $_POST['admin']
];
}
else {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT),
'admin' => 'n'
];
}
$stmt->execute($values);
unset($_SESSION['admin_id']);
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>

7
public/admin/editCategory.php
View File

@ -3,11 +3,10 @@ session_start();
$pageTitle = '';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
$cat = getFirstAllMatches('category', 'category_id', $_GET['category_id']);
adminCheck(); //checks to see if user is logged in as admin
adminCheck();
$pageContent = '<h1> Edit Category</h1>
<form action="editCategory.php" method="POST">
<label>Name</label> <input name="name" type="text" placeholder="'.$cat.'"/>
<label>Name</label> <input name="name" type="text" placeholder="name"/>
<input name="submit" type="submit" value="Submit" />
</form>';
require '../../layout.php';
@ -24,6 +23,6 @@ else if (isset($_POST['submit'])) {
];
$stmt->execute($values);
unset($_SESSION['cat_id']);
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
echo '<script>window.location.href = "adminCategories.php";</script>';
}
?>

20
public/admin/manageAdmins.php
View File

@ -1,20 +0,0 @@
<?php
session_start();
$pageTitle = 'iBuy - Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
$pageContent = '<h1>Admins <a href="addAdmin.php">Add</a></h1>
<ul>'. populateContent() .'</ul>';
require '../../layout.php';
function populateContent() {
$output = '';
$admins = getEveryAllMatches('users', 'admin', 'y');
foreach ($admins as &$admin) {
$output .= '<li>'. $admin['first_name'].$admin['last_name'] . ' <a href="editAdmin.php?admin_id='. urlencode($admin['user_id']) .'">edit</a> <a href="deleteAdmin.php?admin_id='. urlencode($admin['user_id']). '">delete</a></li>';
}
return $output;
}
?>

98
public/assets/index.html Normal file
View File

@ -0,0 +1,98 @@
<h1>Latest Listings / Search Results / Category listing</h1>
<ul class="productList">
<li>
<img src="product.png" alt="product name">
<article>
<h2>Product name</h2>
<h3>Product category</h3>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sodales ornare purus, non laoreet dolor sagittis id. Vestibulum lobortis laoreet nibh, eu luctus purus volutpat sit amet. Proin nec iaculis nulla. Vivamus nec tempus quam, sed dapibus massa. Etiam metus nunc, cursus vitae ex nec, scelerisque dapibus eros. Donec ac diam a ipsum accumsan aliquet non quis orci. Etiam in sapien non erat dapibus rhoncus porta at lorem. Suspendisse est urna, egestas ut purus quis, facilisis porta tellus. Pellentesque luctus dolor ut quam luctus, nec porttitor risus dictum. Aliquam sed arcu vehicula, tempor velit consectetur, feugiat mauris. Sed non pellentesque quam. Integer in tempus enim.</p>
<p class="price">Current bid: £123.45</p>
<a href="#" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>
<li>
<img src="product.png" alt="product name">
<article>
<h2>Product name</h2>
<h3>Product category</h3>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sodales ornare purus, non laoreet dolor sagittis id. Vestibulum lobortis laoreet nibh, eu luctus purus volutpat sit amet. Proin nec iaculis nulla. Vivamus nec tempus quam, sed dapibus massa. Etiam metus nunc, cursus vitae ex nec, scelerisque dapibus eros. Donec ac diam a ipsum accumsan aliquet non quis orci. Etiam in sapien non erat dapibus rhoncus porta at lorem. Suspendisse est urna, egestas ut purus quis, facilisis porta tellus. Pellentesque luctus dolor ut quam luctus, nec porttitor risus dictum. Aliquam sed arcu vehicula, tempor velit consectetur, feugiat mauris. Sed non pellentesque quam. Integer in tempus enim.</p>
<p class="price">Current bid: £123.45</p>
<a href="#" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>
<li>
<img src="product.png" alt="product name">
<article>
<h2>Product name</h2>
<h3>Product category</h3>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sodales ornare purus, non laoreet dolor sagittis id. Vestibulum lobortis laoreet nibh, eu luctus purus volutpat sit amet. Proin nec iaculis nulla. Vivamus nec tempus quam, sed dapibus massa. Etiam metus nunc, cursus vitae ex nec, scelerisque dapibus eros. Donec ac diam a ipsum accumsan aliquet non quis orci. Etiam in sapien non erat dapibus rhoncus porta at lorem. Suspendisse est urna, egestas ut purus quis, facilisis porta tellus. Pellentesque luctus dolor ut quam luctus, nec porttitor risus dictum. Aliquam sed arcu vehicula, tempor velit consectetur, feugiat mauris. Sed non pellentesque quam. Integer in tempus enim.</p>
<p class="price">Current bid: £123.45</p>
<a href="#" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>
</ul>
<hr />
<h1>Product Page</h1>
<article class="product">
<img src="product.png" alt="product name">
<section class="details">
<h2>Product name</h2>
<h3>Product category</h3>
<p>Auction created by <a href="#">User.Name</a></p>
<p class="price">Current bid: £123.45</p>
<time>Time left: 8 hours 3 minutes</time>
<form action="#" class="bid">
<input type="text" name="bid" placeholder="Enter bid amount" />
<input type="submit" value="Place bid" />
</form>
</section>
<section class="description">
<p>
Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sodales ornare purus, non laoreet dolor sagittis id. Vestibulum lobortis laoreet nibh, eu luctus purus volutpat sit amet. Proin nec iaculis nulla. Vivamus nec tempus quam, sed dapibus massa. Etiam metus nunc, cursus vitae ex nec, scelerisque dapibus eros. Donec ac diam a ipsum accumsan aliquet non quis orci. Etiam in sapien non erat dapibus rhoncus porta at lorem. Suspendisse est urna, egestas ut purus quis, facilisis porta tellus. Pellentesque luctus dolor ut quam luctus, nec porttitor risus dictum. Aliquam sed arcu vehicula, tempor velit consectetur, feugiat mauris. Sed non pellentesque quam. Integer in tempus enim.</p>
</section>
<section class="reviews">
<h2>Reviews of User.Name </h2>
<ul>
<li><strong>Ali said </strong> great ibuyer! Product as advertised and delivery was quick <em>29/09/2019</em></li>
<li><strong>Dave said </strong> disappointing, product was slightly damaged and arrived slowly.<em>22/07/2019</em></li>
<li><strong>Susan said </strong> great value but the delivery was slow <em>22/07/2019</em></li>
</ul>
<form>
<label>Add your review</label> <textarea name="reviewtext"></textarea>
<input type="submit" name="submit" value="Add Review" />
</form>
</section>
</article>
<hr />
<h1>Sample Form</h1>
<form action="#">
<label>Text box</label> <input type="text" />
<label>Another Text box</label> <input type="text" />
<input type="checkbox" /> <label>Checkbox</label>
<input type="radio" /> <label>Radio</label>
<input type="submit" value="Submit" />
</form>
<footer>
&copy; ibuy 2019
</footer>

BIN
public/images/auctions/asdasdasd2022-11-30
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 592 KiB

22
public/index.php
View File

@ -21,10 +21,9 @@ function populateList($category) {
$pdo = startDB();
$output = '';
if ($category === 'Latest Listings') {
$stmt = $pdo->prepare('SELECT * FROM auction WHERE endDate > "'. date("Y-m-d H:i:s"). '" ORDER BY endDate ASC');
$stmt = $pdo->prepare('SELECT * FROM auction WHERE endDate > "'. date("Y-m-d H:i:s"). '" ORDER BY endDate DESC');
$stmt->execute();
$listings = $stmt->fetchAll();
$count = 10;
}
else {
$stmt = $pdo->prepare('SELECT * FROM auction WHERE categoryId = (SELECT category_id FROM category WHERE name = :listing_category)');
@ -36,27 +35,22 @@ function populateList($category) {
}
foreach ($listings as &$listing) {
$listCat = getFirstAllMatches('category', 'category_id', $listing['categoryId'])['name'];
$bid = getFirstMatch('bids','MAX(amount)', 'listing_id', $listing['listing_id']);
$stmt = $pdo->prepare('SELECT MAX(amount) FROM bids WHERE listing_id = :listing_id');
$values = [
'listing_id' => $listing['listing_id']
];
$stmt->execute($values);
$output .= '<li>
<img src="'.$listing['imgUrl'].'" alt="product name">
<img src="assets/product.png" alt="product name">
<article>
<h2>'. $listing['title'] .'</h2>
<h3>'. $listing['categoryId'] .'</h3>
<p>'. $listing['description'] .'</p>
<p class="price">Current bid:'. $bid['MAX(amount)'] .'</p>
<p class="price">Current bid:'. $stmt->fetch()['MAX(amount)'] .'</p>
<a href="listing.php?listing_id='. $listing['listing_id'] .'" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>';
if ($category === 'Latest Listings') {
$count -= 1;
if ($count <= 0) {
break;
}
}
}
return $output;
}

110
public/listing.php
View File

@ -2,46 +2,37 @@
session_start();
require_once '../functions.php';
$pageTitle = 'iBuy - Product Listing';
$listing = getListing();
$pdo = startDB();
if (isset($_POST['bidSubmit'])) {
$stmt = $pdo->prepare('INSERT INTO bids(amount, user_id, listing_id)
VALUES(:amount, :user_id, :listing_id)');
$values = [
'amount' => $_POST['bid'],
'user_id' => $_SESSION['loggedin'],
'listing_id' => $listing['listing_id']
];
$stmt->execute($values);
}
else if (isset($_POST['reviewSubmit'])) {
$user = getFirstAllMatches('users', 'email', $listing['email']);
$stmt = $pdo->prepare('INSERT INTO review (review_user, review_date, review_contents, user_id)
VALUES (:review_user, :review_date, :review_contents, :user_id)');
$values = [
'review_user' => $_SESSION['loggedin'],
'review_date' => date('Y-m-d H:i:s'),
'review_contents' => $_POST['reviewtext'],
'user_id' => $user['user_id']
];
$stmt->execute($values);
}
$pageContent = '<h1>Product Page</h1>
<article class="product">'. populateContent($listing) .'</article>';
<article class="product">'. populateContent() .'</article>';
require '../layout.php';
checkListing();
function populateContent() {
$pdo = startDB();
$listing = getListing();
function populateContent($listing) {
$category = getFirstAllMatches('category', 'category_id', $listing['categoryId']);
$bid = getFirstMatch('bids','MAX(amount)', 'listing_id', $listing['listing_id']);
$user = getFirstAllMatches('users', 'email', $listing['email']);
$stmt = $pdo->prepare('SELECT * FROM category WHERE category_id = :category_id');
$values = [
'category_id' => $listing['categoryId']
];
$stmt->execute($values);
$category = $stmt->fetch();
$stmt = $pdo->prepare('SELECT MAX(amount) FROM bids WHERE listing_id = :listing_id');
$values = [
'listing_id' => $listing['listing_id']
];
$stmt->execute($values);
$bid = $stmt->fetch();
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email');
$values = [
'email' => $listing['email']
];
$stmt->execute($values);
$user = $stmt->fetch();
$output = ' <img src="product.png" alt="product name">
<section class="details">
@ -50,59 +41,40 @@ function populateContent($listing) {
<p>Auction created by <a href="#">'. $user['first_name'].$user['last_name'] .'</a></p>
<p class="price">Current bid: '. $bid['MAX(amount)'] .'</p>
<time>Time left:'. round((strtotime($listing['endDate']) - strtotime(date('Y-m-d H:i:s')))/60/60,1 ) .' Hours</time>
<form action="listing.php?listing_id='.$listing['listing_id'].'" class="bid" method="POST">
<input type="number" step="0.1" name="bid" value="'. $bid['MAX(amount)'] .'" />
<input name="bidSubmit" type="submit" value="Place Bid" />
<form action="#" class="bid">
<input type="text" name="bid" placeholder="Enter bid amount" />
<input type="submit" value="Place bid" />
</form>
</section>
<section class="description">
<p>'. $listing['description'] .'</p>
</section>';
</section>
$output .= '<section class="reviews">
<h2>Bid History </h2>
<ul>'. getBids($listing['listing_id']) .'</ul>';
<section class="reviews">
<h2>Reviews of User.Name </h2>
<ul>
<li><strong>Ali said </strong> great ibuyer! Product as advertised and delivery was quick <em>29/09/2019</em></li>
<li><strong>Dave said </strong> disappointing, product was slightly damaged and arrived slowly.<em>22/07/2019</em></li>
<li><strong>Susan said </strong> great value but the delivery was slow <em>22/07/2019</em></li>
$output .= '<section class="reviews">
<h2>Reviews of '. $user['first_name'].$user['last_name'].' </h2>
<ul>'. getReviews($user['user_id']) .'</ul>
</ul>
<form action="listing.php?listing_id='.$listing['listing_id'].'" method="POST">
<form>
<label>Add your review</label> <textarea name="reviewtext"></textarea>
<input type="submit" name="reviewSubmit" value="Add Review" />
<input type="submit" name="submit" value="Add Review" />
</form>
</section>';
if (isset($_SESSION['loggedin'])) {
if($user['user_id'] === $_SESSION['loggedin']) {
$output .= '<a href ="account/editAuction.php?listing_id='. $listing['listing_id'] . '">edit</a>';
}
}
return $output;
}
function getReviews($user_id) {
$reviews = getEveryAllMatches('review', 'user_id', $user_id);
$output = '';
foreach ($reviews as &$review) {
$user = getFirstAllMatches('users', 'user_id', $review['review_user']);
$output .= '<li><a href="account/userReviews.php?user_id='.$review['review_user'].'">'.$user['first_name'].$user['last_name'].' said </a>'.$review['review_contents'].' <em>'. $review['review_date'] .'</em></li>';
}
return $output;
}
function getBids($listing_id){
$bids = getEveryAllMatches('bids', 'listing_id', $listing_id);
$output = '';
foreach ($bids as &$bid) {
$user = getFirstAllMatches('users', 'user_id', $bid['user_id']);
$output .= '<li><strong>'.$user['first_name'].$user['last_name'].' bid </strong>'.$bid['amount'].'</li>';
}
return $output;
}
?>
//TODO: add functionality for bid form
//TODO: add functionality for review form
//TODO: add bid history

34
public/search.php
View File

@ -1,34 +0,0 @@
<?php
session_start();
$pageTitle = 'iBuy - Search Results';
require_once '../functions.php';
$pageContent = '<h1> Search Results </h1>
<ul>'. populateResults() .'</ul>';
require '../layout.php';
function populateResults() {
$output = '';
$pdo = startDB();
$stmt = $pdo->prepare('SELECT * FROM auction WHERE title LIKE "%'.$_GET['search'].'%"');
$stmt->execute();
$listings = $stmt->fetchAll();
foreach ($listings as &$listing) {
$listCat = getFirstAllMatches('category', 'category_id', $listing['categoryId'])['name'];
$bid = getFirstMatch('bids','MAX(amount)', 'listing_id', $listing['listing_id']);
$output .= '<li>
<img src="'.$listing['imgUrl'].'" alt="product name">
<article>
<h2>'. $listing['title'] .'</h2>
<h3>'. $listing['categoryId'] .'</h3>
<p>'. $listing['description'] .'</p>
<p class="price">Current bid:'. $bid['MAX(amount)'] .'</p>
<a href="listing.php?listing_id='. $listing['listing_id'] .'" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>';
}
return $output;
}