r0r-5chach/CSY2028-assignment-1
r0r-5chach
/
CSY2028-assignment-1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: r0r-5chach:5d26b0fadaa24e21d6729c9883ba47bb6770f45b
Branches Tags
r0r-5chach:master
...
compare: r0r-5chach:7189a63e97fc6f8f043f47f5ec791cbbcce14972
Branches Tags
r0r-5chach:master

10 Commits
5d26b0fada ... 7189a63e97

Author SHA1 Message Date
Joshua Perry 7189a63e97 added?> 2022-11-20 21:48:52 +00:00
Joshua Perry 71a8656ecd comments 2022-11-20 21:33:42 +00:00
Joshua Perry 743b6bf6ca final touches 2022-11-20 21:12:58 +00:00
Joshua Perry 669791387b added delete button to editAuction 2022-11-20 20:14:56 +00:00
Joshua Perry 2a819d575e added image upload 2022-11-20 19:58:30 +00:00
Joshua Perry 3cb8956637 removed todo 2022-11-20 18:52:10 +00:00
Joshua Perry 5a32abce0e updated query functions 2022-11-20 18:51:17 +00:00
Joshua Perry a90bda3896 edits 2022-11-20 17:51:10 +00:00
Joshua Perry fb76234eb8 corrected reviews 2022-11-20 15:48:33 +00:00
Joshua Perry f2a79e6506 added reviews and bids 2022-11-20 15:38:33 +00:00
21 changed files with 460 additions and 244 deletions
Show Stats Expand all files Collapse all files

148
functions.php
View File

@ -1,25 +1,22 @@
<?php
function fetchCats() {
$pdo = startDB();
$stmt = $pdo->prepare('SELECT * FROM category');
$stmt->execute();
$cats = $stmt->fetchAll();
function fetchCats() { //get all categories
$cats = executeQueryWithoutConstraint('category','*')->fetchAll();
return $cats;
}
function adminCheck() {
function adminCheck() { //check to see if user is logged in as admin
if(isset($_SESSION['admin'])) {
if($_SESSION['admin'] != 'y') {
echo '<script>window.location.href = "../index.php";</script>';
echo '<script>window.location.href = "../index.php";</script>'; //redirect
}
}
else {
echo'<script>window.location.href = "../index.php";</script>';
echo'<script>window.location.href = "../index.php";</script>'; //redirect
}
}
function startDB() {
function startDB() { //Create a db connection
// Code for connecting to the database from https://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/
$server = 'mysql';
$username = 'student';
$password = 'student';
@ -28,23 +25,23 @@ function startDB() {
return $pdo;
}
function checkListing() {
function checkListing() { //check if the get variables contains listing_id
if (!isset($_GET['listing_id'])) {
echo '<script>window.location.href = "index.php";</script>';
}
}
function getListing() {
$pdo = startDB();
$stmt = $pdo->prepare('SELECT * FROM auction WHERE listing_id = :listing_id');
$values = [
'listing_id' => $_GET['listing_id']
];
$stmt->execute($values);
return $stmt->fetch();
function checkId() { //check if the get variables contains user_id
if (!isset($_GET['user_id'])) {
echo '<script>window.location.href = "index.php";</script>';
}
}
function populateCatSelect() {
function getListing() { //get listing that matches listing_id stored in the get variables
return getFirstAllMatches('auction', 'listing_id', $_GET['listing_id']);
}
function populateCatSelect() { //Populate a select input with all categories
$cats = fetchCats();
$output = '';
foreach ($cats as &$cat) {
@ -52,4 +49,115 @@ function populateCatSelect() {
}
return $output;
}
function executeQuery($tableName, $colName, $constraintCol, $constraint) { //execute a SELECT query that takes one constraint and one column name
$pdo = startDB();
$stmt = $pdo->prepare('SELECT '. $colName .' FROM '.$tableName.' WHERE '. $constraintCol .' = :constraint');
$values = [
'constraint' => $constraint
];
$stmt->execute($values);
return $stmt;
}
function executeQueryWithoutConstraint($tableName, $colName) { //execute a SELECT query with no constraint and one column name
$pdo = startDB();
$stmt = $pdo->prepare('SELECT'.$colName.'FROM '.$tableName);
$stmt->execute();
return $stmt;
}
function getFirstMatch($tableName, $colName, $constraintCol, $constraint){ //return the first match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetch();
}
function getEveryMatch($tableName, $colName, $constraintCol, $constraint){ //return every match of an executeQuery
return executeQuery($tableName, $colName, $constraintCol, $constraint)->fetchAll();
}
function executeAllQuery($tableName, $constraintCol, $constraint) { //execute a SELECT query with one constraint and all columns
return executeQuery($tableName, '*', $constraintCol, $constraint);
}
function getEveryAllMatches($tableName, $constraintCol, $constraint) { //return every match of an executeALlQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetchAll();
}
function getFirstAllMatches($tableName, $constraintCol, $constraint) { //return the first match of an executeAllQuery
return executeAllQuery($tableName, $constraintCol, $constraint)->fetch();
}
function imageUpload($name) { //Code for uploading an image. Modified from https://www.w3schools.com/php/php_file_upload.asp
$imgDir = 'public/images/auctions/';
$file = $imgDir . $name;
$okFlag = true;
$fileType = strtolower($_FILES['auctionImg']['type']);
//check if file is actually an image
if(isset($_POST['submit'])) {
$sizeCheck = getimagesize($_FILES['auctionImg']['tmp_name']);
if (!$sizeCheck) {
$okFlag = false;
echo 'not an image';
}
}
//check if file exists
if(file_exists($file)) {
$okFlag = false;
echo 'already exists';
}
if($_FILES['auctionImg']['size'] > 10000000) {
$okFlag = false;
echo 'too big';
}
//check filetypes
$types = array('image/jpg','image/png','image/jpeg','image/gif');
if(!in_array($fileType, $types)) {
$okFlag = false;
echo 'wrong type';
}
if($okFlag) {
if (move_uploaded_file($_FILES['auctionImg']['tmp_name'], '../../'.$file)) {
return true;
}
else {
echo '<p>There was an error uploading your image</p>';
return false;
}
}
else {
echo '<p>There was an error uploading your image</p>';
return false;
}
}
function addUser($adminFlag) {
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO users (first_name, last_name, email, password, admin)
VALUES (:first_name, :last_name, :email, :password, :admin)');
if ($adminFlag) {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'admin' => 'y',
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT)
];
}
else {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'admin' => 'n',
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT)
];
}
$stmt->execute($values);
}
?>

5
layout.php
View File

@ -24,7 +24,7 @@ require_once 'functions.php';
<header>
<h1><a href="../index.php"><span class="i">i</span><span class="b">b</span><span class="u">u</span><span class="y">y</span></a></h1>
<form action="#">
<form action="../search.php" method='GET'>
<input type="text" name="search" placeholder="Search for anything" />
<input type="submit" name="submit" value="Search" />
</form>
@ -49,7 +49,8 @@ require_once 'functions.php';
echo $pageContent;
?>
<footer>
<a style="text-decoration: none;" href="../admin/adminCategories.php">admins</a><br>
<a style="text-decoration: none;" href="../admin/adminCategories.php">admin categories</a><br>
<a style="text-decoration: none;" href="../admin/manageAdmins.php">admin users</a><br>
&copy; ibuy <?php echo date('Y')?>
</footer>
</main>

45
public/account/addAuction.php
View File

@ -3,44 +3,41 @@ session_start();
$pageTitle = 'iBuy - Add Auction';
$stylesheet = '../assets/ibuy.css';
if (!isset($_SESSION['loggedin'])) {
echo '<script>window.location.href = "../index.php";</script>';
if (!isset($_SESSION['loggedin'])) { //redirects if user is not logged in
echo '<script>window.location.href = "../index.php";</script>'; //redirect
}
require_once '../../functions.php';
$pdo = startDB();
$pageContent = '<h1>Add auction</h1>
<form action="addAuction.php" method="POST">
<form action="addAuction.php" method="POST" enctype="multipart/form-data">
<label>Title</label> <input name="title" type="text" placeholder="Auction Title"/>
<label>Category</label> <select name="category" style="width:420px; margin-bottom: 10px;">'. populateCatSelect() .'</select>
<label>End Date</label> <input name="endDate" type="date"/>
<label>Description</label> <textarea name="description" style="width: 438px; height: 249px;" placeholder="description"></textarea>
<label>Image</label> <input type="file" name="auctionImg"/>
<input name="submit" type="submit" value="Submit" style="margin-top: 10px;"/>
</form>';
require '../../layout.php';
if (isset($_POST['submit'])) {
$stmt = $pdo->prepare('SELECT * FROM users WHERE user_id = :user_id');
$values = [
'user_id' => $_SESSION['loggedin']
];
$stmt->execute($values);
$user = $stmt->fetch();
if(imageUpload($_POST['title'].$_POST['endDate'])) { //if the image upload is successful add auction
$user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']); //get the first match of an all column query
$stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email)
VALUES (:title, :description, :endDate, :categoryID, :email)');
$values = [
'title' => $_POST['title'],
'description' => $_POST['description'],
'endDate' => $_POST['endDate'],
'categoryID' => intval($_POST['category']),
'email' => $user['email']
];
$stmt->execute($values);
echo '<p>Successful Post</p>';
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email, imgUrl)
VALUES (:title, :description, :endDate, :categoryID, :email, :imgUrl)');
$values = [
'title' => $_POST['title'],
'description' => $_POST['description'],
'endDate' => $_POST['endDate'],
'categoryID' => intval($_POST['category']),
'email' => $user['email'],
'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate']
];
$stmt->execute($values);
echo '<p>Successful Post</p>';
}
}
?>

37
public/account/editAuction.php
View File

@ -4,29 +4,44 @@ $stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
checkListing();
$pdo = startDB();
$listing = getListing();
$pageContent = '<h1>Edit Auction</h1>
<form action="editAuction.php?listing_id='.$listing['listing_id'].'" method="POST">
<form action="editAuction.php?listing_id='.$listing['listing_id'].'" method="POST" enctype="multipart/form-data">
<label>Title</label> <input name="title" type="text" placeholder="'. $listing['title'] .'"/>
<label>Category</label> <select name="category" style="width:420px; margin-bottom: 10px;">'. populateCatSelect() .'</select>
<label>End Date</label> <input name="endDate" type="date"/>
<label>Description</label> <textarea name="description" style="width: 438px; height: 249px;" placeholder="'. $listing['description'] .'"></textarea>
<label>Image</label> <input type="file" name="auctionImg"/>
<label>Delete</label> <input type="checkbox" name="delete" value = "true"/>
<input name="submit" type="submit" value="Submit" style="margin-top: 10px;"/>
</form>';
require '../../layout.php';
if(isset($_POST['submit'])) {
$stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description');
$values = [
'title' => $_POST['title'],
'categoryId' => intval($_POST['category']),
'endDate' => $_POST['endDate'],
'description' => $_POST['description']
];
$stmt->execute($values);
echo '<script>window.location.href = "../listing.php?listing_id='.$listing['listing_id'].'";</script>';
$pdo = startDB();
if(isset($_POST['delete'])) { //delete the auction if selected
$stmt = $pdo->prepare('DELETE FROM auction WHERE listing_id = :listing_id');
$values = [
'listing_id' => $listing['listing_id']
];
$stmt->execute($values);
echo '<script>window.location.href = "../index.php";</script>';
}
if(imageUpload($_POST['title'].$_POST['endDate'])) { //if image upload is successful update the auction
$stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description, imgUrl = :imgUrl WHERE listing_id = :listing_id');
$values = [
'title' => $_POST['title'],
'categoryId' => intval($_POST['category']),
'endDate' => $_POST['endDate'],
'description' => $_POST['description'],
'listing_id' => $listing['listing_id'],
'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate']
];
$stmt->execute($values);
echo '<script>window.location.href = "../listing.php?listing_id='.$listing['listing_id'].'";</script>'; //redirect
}
}
?>

24
public/account/login.php
View File

@ -15,19 +15,19 @@ require_once '../../functions.php';
$pdo = startDB();
if (isset($_POST['submit'])) {
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email');
$values = [
'email' => $_POST['email']
];
$stmt->execute($values);
$user = $stmt->fetch();
if (password_verify($_POST['password'], $user['password'])) {
$_SESSION['loggedin'] = $user['user_id'];
if ($user['admin'] === 'y') {
$_SESSION['admin'] = 'y';
$user = getFirstAllMatches('users', 'email', $_POST['email']); //get the first match of an all column query
if($user) { //if the user exists
if (password_verify($_POST['password'], $user['password'])) { //if the entered and stored passwords match
$_SESSION['loggedin'] = $user['user_id'];
if ($user['admin'] === 'y') {
$_SESSION['admin'] = 'y';
}
echo'<script>window.location.href = "../index.php";</script>'; //redirect
}
else {
echo '<p>Unsuccessful Login</p>';
}
echo'<script>window.location.href = "../index.php";</script>';
}
else {
echo '<p>Unsuccessful Login</p>';

3
public/account/logout.php
View File

@ -1,6 +1,7 @@
<?php
session_start();
//unset variables that manage login
unset($_SESSION['loggedin']);
unset($_SESSION['admin']);
echo'<script>window.location.href = "../index.php";</script>';
echo'<script>window.location.href = "../index.php";</script>'; //redirect
?>

17
public/account/register.php
View File

@ -1,21 +1,6 @@
<?php
require_once '../../functions.php';
function addUser() {
$pdo = startDB();
$stmt = $pdo->prepare('INSERT INTO users (first_name, last_name, email, password, admin)
VALUES (:first_name, :last_name, :email, :password, :admin)');
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'admin' => 'n',
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT)
];
$stmt->execute($values);
}
$pageTitle = 'iBuy - Register';
$pageContent = '<p>Already have an account?<a href=\'login.php\'>Click here to Login</a></p>
<h1>Register</h1>
@ -30,7 +15,7 @@ $pageContent = '<p>Already have an account?<a href=\'login.php\'>Click here to L
require '../../layout.php';
if (isset($_POST['submit'])) {
addUser();
addUser(false); //adds the user to the db without admin privileges
echo '<p>Successful account creation</p>';
}
?>

28
public/account/userReviews.php Normal file
View File

@ -0,0 +1,28 @@
<?php
$pageTitle = 'iBuy - User Reviews';
require_once '../../functions.php';
checkId();
$user = getFirstAllMatches('users', 'user_id', $_GET['user_id']); //get the first match of an all column query
$pageContent = '<h1>'.$user['first_name'].$user['last_name'].'\'s Reviews</h1>
<ul>'. populateList() .'</ul>';
$stylesheet = '../assets/ibuy.css';
require '../../layout.php';
function populateList() {
$reviews = getEveryAllMatches('review', 'review_user', $_GET['user_id']); //get every match of an all column query
$output = '';
foreach ($reviews as &$review) {
$user = getFirstAllMatches('users', 'user_id', $review['user_id']);
if(!$user) {
$output .= '<li><strong>'. $review['review_date'] . '</strong> '. $review['review_contents']. '<em> reviewing Deleted</em></li>';
}
else {
$output .= '<li><strong>'. $review['review_date'] . '</strong> '. $review['review_contents']. '<em> reviewing '. $user['first_name'].$user['last_name'].'</em></li>';
}
}
return $output;
}
?>

21
public/admin/addAdmin.php Normal file
View File

@ -0,0 +1,21 @@
<?php
session_start();
$pageTitle ='iBuy - Add Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck(); //checks to see if user is logged in as an admin
$pageContent = '<h1> Add Admin</h1>
<form action="addAdmin.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
<label>Last Name</label> <input name="last_name" type="text" placeholder="Doe"/>
<label>Email</label> <input name="email" type="email" placeholder="john.doe@example.com"/>
<label>Password</label> <input name="password" type="password" placeholder="password"/>
<input name="submit" type="submit" value="Submit" />
</form>';
require '../../layout.php';
if (isset($_POST['submit'])) {
addUser(true); //adds user to the db with admin privileges
echo '<script>window.location.href = "manageAdmins.php";</script>'; //redirect
}
?>

4
public/admin/addCategory.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle ='iBuy - Add Category';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Add Category</h1>
<form action="addCategory.php" method="POST">
<label>Name</label> <input name="name" type="text" placeholder="name"/>
@ -19,6 +19,6 @@ if (isset($_POST['submit'])) {
'name' => $_POST['name']
];
$stmt->execute($values);
echo '<script>window.location.href = "adminCategories.php";</script>';
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>

4
public/admin/adminCategories.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1>Categories <a href="addCategory.php">Add</a></h1>
<ul>'. populateContent() .'</ul>';
@ -11,7 +11,7 @@ require '../../layout.php';
function populateContent() {
$output = '';
$cats = fetchCats();
$cats = fetchCats(); //get all categories
foreach ($cats as &$cat) {
$output .= '<li>'. $cat['name'] . ' <a href="editCategory.php?category_id='. urlencode($cat['category_id']) .'">edit</a> <a href="deleteCategory.php?category_id='. urlencode($cat['category_id']). '">delete</a></li>';
}

20
public/admin/deleteAdmin.php Normal file
View File

@ -0,0 +1,20 @@
<?php
session_start();
$pageTitle = 'iBuy - Delete Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck(); //checks to see if user is logged in as admin
if (isset($_GET['admin_id'])) {
$pdo = startDB();
$stmt = $pdo->prepare('DELETE FROM users WHERE user_id= :category_id');
$values = [
'category_id' => $_GET['admin_id']
];
$stmt->execute($values);
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
else {
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>

2
public/admin/deleteCategory.php
View File

@ -3,7 +3,7 @@ session_start();
$pageTitle = 'iBuy - Delete Category';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
adminCheck(); //checks to see if user is logged in as admin
if (isset($_GET['category_id'])) {
$pdo = startDB();

49
public/admin/editAdmin.php Normal file
View File

@ -0,0 +1,49 @@
<?php
session_start();
$pageTitle = '';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
$admin = getFirstAllMatches('users', 'user_id', $_GET['admin_id']); //gets the first match from an all column query
adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Edit Admin</h1>
<form action="editCategory.php" method="POST">
<label>First Name</label> <input name="first_name" type="text" placeholder="John"/>
<label>Last Name</label> <input name="last_name" type="text" placeholder="Doe"/>
<label>Email</label> <input name="email" type="email" placeholder="john.doe@example.com"/>
<label>Password</label> <input name="password" type="password" placeholder="password"/>
<label>Admin</label> <input type="checkbox" name="admin" value = "y"/>
<input name="submit" type="submit" value="Submit" />
</form>';
require '../../layout.php';
if (isset($_GET['admin_id'])) {
$_SESSION['admin_id'] = $_GET['admin_id'];
}
else if (isset($_POST['submit'])) {
$pdo = startDB();
$stmt = $pdo->prepare('UPDATE users SET first_name= :first_name, last_name= :last_name, email= :email, password= :password, admin= :admin WHERE user_id= :category_id');
if(isset($_POST['admin'])) {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT),
'admin' => $_POST['admin']
];
}
else {
$values = [
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'password' => password_hash($_POST['password'], PASSWORD_DEFAULT),
'admin' => 'n'
];
}
$stmt->execute($values);
unset($_SESSION['admin_id']);
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>

7
public/admin/editCategory.php
View File

@ -3,10 +3,11 @@ session_start();
$pageTitle = '';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
$cat = getFirstAllMatches('category', 'category_id', $_GET['category_id']);
adminCheck(); //checks to see if user is logged in as admin
$pageContent = '<h1> Edit Category</h1>
<form action="editCategory.php" method="POST">
<label>Name</label> <input name="name" type="text" placeholder="name"/>
<label>Name</label> <input name="name" type="text" placeholder="'.$cat.'"/>
<input name="submit" type="submit" value="Submit" />
</form>';
require '../../layout.php';
@ -23,6 +24,6 @@ else if (isset($_POST['submit'])) {
];
$stmt->execute($values);
unset($_SESSION['cat_id']);
echo '<script>window.location.href = "adminCategories.php";</script>';
echo '<script>window.location.href = "adminCategories.php";</script>'; //redirect
}
?>

20
public/admin/manageAdmins.php Normal file
View File

@ -0,0 +1,20 @@
<?php
session_start();
$pageTitle = 'iBuy - Admin';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
adminCheck();
$pageContent = '<h1>Admins <a href="addAdmin.php">Add</a></h1>
<ul>'. populateContent() .'</ul>';
require '../../layout.php';
function populateContent() {
$output = '';
$admins = getEveryAllMatches('users', 'admin', 'y');
foreach ($admins as &$admin) {
$output .= '<li>'. $admin['first_name'].$admin['last_name'] . ' <a href="editAdmin.php?admin_id='. urlencode($admin['user_id']) .'">edit</a> <a href="deleteAdmin.php?admin_id='. urlencode($admin['user_id']). '">delete</a></li>';
}
return $output;
}
?>

98
public/assets/index.html
View File

@ -1,98 +0,0 @@
<h1>Latest Listings / Search Results / Category listing</h1>
<ul class="productList">
<li>
<img src="product.png" alt="product name">
<article>
<h2>Product name</h2>
<h3>Product category</h3>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sodales ornare purus, non laoreet dolor sagittis id. Vestibulum lobortis laoreet nibh, eu luctus purus volutpat sit amet. Proin nec iaculis nulla. Vivamus nec tempus quam, sed dapibus massa. Etiam metus nunc, cursus vitae ex nec, scelerisque dapibus eros. Donec ac diam a ipsum accumsan aliquet non quis orci. Etiam in sapien non erat dapibus rhoncus porta at lorem. Suspendisse est urna, egestas ut purus quis, facilisis porta tellus. Pellentesque luctus dolor ut quam luctus, nec porttitor risus dictum. Aliquam sed arcu vehicula, tempor velit consectetur, feugiat mauris. Sed non pellentesque quam. Integer in tempus enim.</p>
<p class="price">Current bid: £123.45</p>
<a href="#" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>
<li>
<img src="product.png" alt="product name">
<article>
<h2>Product name</h2>
<h3>Product category</h3>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sodales ornare purus, non laoreet dolor sagittis id. Vestibulum lobortis laoreet nibh, eu luctus purus volutpat sit amet. Proin nec iaculis nulla. Vivamus nec tempus quam, sed dapibus massa. Etiam metus nunc, cursus vitae ex nec, scelerisque dapibus eros. Donec ac diam a ipsum accumsan aliquet non quis orci. Etiam in sapien non erat dapibus rhoncus porta at lorem. Suspendisse est urna, egestas ut purus quis, facilisis porta tellus. Pellentesque luctus dolor ut quam luctus, nec porttitor risus dictum. Aliquam sed arcu vehicula, tempor velit consectetur, feugiat mauris. Sed non pellentesque quam. Integer in tempus enim.</p>
<p class="price">Current bid: £123.45</p>
<a href="#" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>
<li>
<img src="product.png" alt="product name">
<article>
<h2>Product name</h2>
<h3>Product category</h3>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sodales ornare purus, non laoreet dolor sagittis id. Vestibulum lobortis laoreet nibh, eu luctus purus volutpat sit amet. Proin nec iaculis nulla. Vivamus nec tempus quam, sed dapibus massa. Etiam metus nunc, cursus vitae ex nec, scelerisque dapibus eros. Donec ac diam a ipsum accumsan aliquet non quis orci. Etiam in sapien non erat dapibus rhoncus porta at lorem. Suspendisse est urna, egestas ut purus quis, facilisis porta tellus. Pellentesque luctus dolor ut quam luctus, nec porttitor risus dictum. Aliquam sed arcu vehicula, tempor velit consectetur, feugiat mauris. Sed non pellentesque quam. Integer in tempus enim.</p>
<p class="price">Current bid: £123.45</p>
<a href="#" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>
</ul>
<hr />
<h1>Product Page</h1>
<article class="product">
<img src="product.png" alt="product name">
<section class="details">
<h2>Product name</h2>
<h3>Product category</h3>
<p>Auction created by <a href="#">User.Name</a></p>
<p class="price">Current bid: £123.45</p>
<time>Time left: 8 hours 3 minutes</time>
<form action="#" class="bid">
<input type="text" name="bid" placeholder="Enter bid amount" />
<input type="submit" value="Place bid" />
</form>
</section>
<section class="description">
<p>
Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sodales ornare purus, non laoreet dolor sagittis id. Vestibulum lobortis laoreet nibh, eu luctus purus volutpat sit amet. Proin nec iaculis nulla. Vivamus nec tempus quam, sed dapibus massa. Etiam metus nunc, cursus vitae ex nec, scelerisque dapibus eros. Donec ac diam a ipsum accumsan aliquet non quis orci. Etiam in sapien non erat dapibus rhoncus porta at lorem. Suspendisse est urna, egestas ut purus quis, facilisis porta tellus. Pellentesque luctus dolor ut quam luctus, nec porttitor risus dictum. Aliquam sed arcu vehicula, tempor velit consectetur, feugiat mauris. Sed non pellentesque quam. Integer in tempus enim.</p>
</section>
<section class="reviews">
<h2>Reviews of User.Name </h2>
<ul>
<li><strong>Ali said </strong> great ibuyer! Product as advertised and delivery was quick <em>29/09/2019</em></li>
<li><strong>Dave said </strong> disappointing, product was slightly damaged and arrived slowly.<em>22/07/2019</em></li>
<li><strong>Susan said </strong> great value but the delivery was slow <em>22/07/2019</em></li>
</ul>
<form>
<label>Add your review</label> <textarea name="reviewtext"></textarea>
<input type="submit" name="submit" value="Add Review" />
</form>
</section>
</article>
<hr />
<h1>Sample Form</h1>
<form action="#">
<label>Text box</label> <input type="text" />
<label>Another Text box</label> <input type="text" />
<input type="checkbox" /> <label>Checkbox</label>
<input type="radio" /> <label>Radio</label>
<input type="submit" value="Submit" />
</form>
<footer>
&copy; ibuy 2019
</footer>

BIN
public/images/auctions/asdasdasd2022-11-30 Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 592 KiB

22
public/index.php
View File

@ -21,9 +21,10 @@ function populateList($category) {
$pdo = startDB();
$output = '';
if ($category === 'Latest Listings') {
$stmt = $pdo->prepare('SELECT * FROM auction WHERE endDate > "'. date("Y-m-d H:i:s"). '" ORDER BY endDate DESC');
$stmt = $pdo->prepare('SELECT * FROM auction WHERE endDate > "'. date("Y-m-d H:i:s"). '" ORDER BY endDate ASC');
$stmt->execute();
$listings = $stmt->fetchAll();
$count = 10;
}
else {
$stmt = $pdo->prepare('SELECT * FROM auction WHERE categoryId = (SELECT category_id FROM category WHERE name = :listing_category)');
@ -35,22 +36,27 @@ function populateList($category) {
}
foreach ($listings as &$listing) {
$stmt = $pdo->prepare('SELECT MAX(amount) FROM bids WHERE listing_id = :listing_id');
$values = [
'listing_id' => $listing['listing_id']
];
$stmt->execute($values);
$listCat = getFirstAllMatches('category', 'category_id', $listing['categoryId'])['name'];
$bid = getFirstMatch('bids','MAX(amount)', 'listing_id', $listing['listing_id']);
$output .= '<li>
<img src="assets/product.png" alt="product name">
<img src="'.$listing['imgUrl'].'" alt="product name">
<article>
<h2>'. $listing['title'] .'</h2>
<h3>'. $listing['categoryId'] .'</h3>
<p>'. $listing['description'] .'</p>
<p class="price">Current bid:'. $stmt->fetch()['MAX(amount)'] .'</p>
<p class="price">Current bid:'. $bid['MAX(amount)'] .'</p>
<a href="listing.php?listing_id='. $listing['listing_id'] .'" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>';
if ($category === 'Latest Listings') {
$count -= 1;
if ($count <= 0) {
break;
}
}
}
return $output;
}

116
public/listing.php
View File

@ -2,37 +2,46 @@
session_start();
require_once '../functions.php';
$pageTitle = 'iBuy - Product Listing';
$listing = getListing();
$pdo = startDB();
if (isset($_POST['bidSubmit'])) {
$stmt = $pdo->prepare('INSERT INTO bids(amount, user_id, listing_id)
VALUES(:amount, :user_id, :listing_id)');
$values = [
'amount' => $_POST['bid'],
'user_id' => $_SESSION['loggedin'],
'listing_id' => $listing['listing_id']
];
$stmt->execute($values);
}
else if (isset($_POST['reviewSubmit'])) {
$user = getFirstAllMatches('users', 'email', $listing['email']);
$stmt = $pdo->prepare('INSERT INTO review (review_user, review_date, review_contents, user_id)
VALUES (:review_user, :review_date, :review_contents, :user_id)');
$values = [
'review_user' => $_SESSION['loggedin'],
'review_date' => date('Y-m-d H:i:s'),
'review_contents' => $_POST['reviewtext'],
'user_id' => $user['user_id']
];
$stmt->execute($values);
}
$pageContent = '<h1>Product Page</h1>
<article class="product">'. populateContent() .'</article>';
<article class="product">'. populateContent($listing) .'</article>';
require '../layout.php';
checkListing();
function populateContent() {
$pdo = startDB();
$listing = getListing();
$stmt = $pdo->prepare('SELECT * FROM category WHERE category_id = :category_id');
$values = [
'category_id' => $listing['categoryId']
];
$stmt->execute($values);
$category = $stmt->fetch();
$stmt = $pdo->prepare('SELECT MAX(amount) FROM bids WHERE listing_id = :listing_id');
$values = [
'listing_id' => $listing['listing_id']
];
$stmt->execute($values);
$bid = $stmt->fetch();
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email');
$values = [
'email' => $listing['email']
];
$stmt->execute($values);
$user = $stmt->fetch();
function populateContent($listing) {
$category = getFirstAllMatches('category', 'category_id', $listing['categoryId']);
$bid = getFirstMatch('bids','MAX(amount)', 'listing_id', $listing['listing_id']);
$user = getFirstAllMatches('users', 'email', $listing['email']);
$output = ' <img src="product.png" alt="product name">
<section class="details">
@ -41,40 +50,59 @@ function populateContent() {
<p>Auction created by <a href="#">'. $user['first_name'].$user['last_name'] .'</a></p>
<p class="price">Current bid: '. $bid['MAX(amount)'] .'</p>
<time>Time left:'. round((strtotime($listing['endDate']) - strtotime(date('Y-m-d H:i:s')))/60/60,1 ) .' Hours</time>
<form action="#" class="bid">
<input type="text" name="bid" placeholder="Enter bid amount" />
<input type="submit" value="Place bid" />
<form action="listing.php?listing_id='.$listing['listing_id'].'" class="bid" method="POST">
<input type="number" step="0.1" name="bid" value="'. $bid['MAX(amount)'] .'" />
<input name="bidSubmit" type="submit" value="Place Bid" />
</form>
</section>
<section class="description">
<p>'. $listing['description'] .'</p>
</section>
</section>';
<section class="reviews">
<h2>Reviews of User.Name </h2>
<ul>
<li><strong>Ali said </strong> great ibuyer! Product as advertised and delivery was quick <em>29/09/2019</em></li>
<li><strong>Dave said </strong> disappointing, product was slightly damaged and arrived slowly.<em>22/07/2019</em></li>
<li><strong>Susan said </strong> great value but the delivery was slow <em>22/07/2019</em></li>
$output .= '<section class="reviews">
<h2>Bid History </h2>
<ul>'. getBids($listing['listing_id']) .'</ul>';
</ul>
$output .= '<section class="reviews">
<h2>Reviews of '. $user['first_name'].$user['last_name'].' </h2>
<ul>'. getReviews($user['user_id']) .'</ul>
<form>
<form action="listing.php?listing_id='.$listing['listing_id'].'" method="POST">
<label>Add your review</label> <textarea name="reviewtext"></textarea>
<input type="submit" name="submit" value="Add Review" />
<input type="submit" name="reviewSubmit" value="Add Review" />
</form>
</section>';
if($user['user_id'] === $_SESSION['loggedin']) {
$output .= '<a href ="account/editAuction.php?listing_id='. $listing['listing_id'] . '">edit</a>';
if (isset($_SESSION['loggedin'])) {
if($user['user_id'] === $_SESSION['loggedin']) {
$output .= '<a href ="account/editAuction.php?listing_id='. $listing['listing_id'] . '">edit</a>';
}
}
return $output;
}
?>
//TODO: add functionality for bid form
//TODO: add functionality for review form
//TODO: add bid history
function getReviews($user_id) {
$reviews = getEveryAllMatches('review', 'user_id', $user_id);
$output = '';
foreach ($reviews as &$review) {
$user = getFirstAllMatches('users', 'user_id', $review['review_user']);
$output .= '<li><a href="account/userReviews.php?user_id='.$review['review_user'].'">'.$user['first_name'].$user['last_name'].' said </a>'.$review['review_contents'].' <em>'. $review['review_date'] .'</em></li>';
}
return $output;
}
function getBids($listing_id){
$bids = getEveryAllMatches('bids', 'listing_id', $listing_id);
$output = '';
foreach ($bids as &$bid) {
$user = getFirstAllMatches('users', 'user_id', $bid['user_id']);
$output .= '<li><strong>'.$user['first_name'].$user['last_name'].' bid </strong>'.$bid['amount'].'</li>';
}
return $output;
}
?>

34
public/search.php Normal file
View File

@ -0,0 +1,34 @@
<?php
session_start();
$pageTitle = 'iBuy - Search Results';
require_once '../functions.php';
$pageContent = '<h1> Search Results </h1>
<ul>'. populateResults() .'</ul>';
require '../layout.php';
function populateResults() {
$output = '';
$pdo = startDB();
$stmt = $pdo->prepare('SELECT * FROM auction WHERE title LIKE "%'.$_GET['search'].'%"');
$stmt->execute();
$listings = $stmt->fetchAll();
foreach ($listings as &$listing) {
$listCat = getFirstAllMatches('category', 'category_id', $listing['categoryId'])['name'];
$bid = getFirstMatch('bids','MAX(amount)', 'listing_id', $listing['listing_id']);
$output .= '<li>
<img src="'.$listing['imgUrl'].'" alt="product name">
<article>
<h2>'. $listing['title'] .'</h2>
<h3>'. $listing['categoryId'] .'</h3>
<p>'. $listing['description'] .'</p>
<p class="price">Current bid:'. $bid['MAX(amount)'] .'</p>
<a href="listing.php?listing_id='. $listing['listing_id'] .'" class="more auctionLink">More &gt;&gt;</a>
</article>
</li>';
}
return $output;
}