diff --git a/adminPages/AddEmployee.php b/adminPages/AddEmployee.php new file mode 100644 index 0000000..9e646e7 --- /dev/null +++ b/adminPages/AddEmployee.php @@ -0,0 +1,27 @@ + + + + + + + + +
+

+ +

+
+ + + + + diff --git a/adminPages/Dashboard.php b/adminPages/Dashboard.php new file mode 100644 index 0000000..9e646e7 --- /dev/null +++ b/adminPages/Dashboard.php @@ -0,0 +1,27 @@ + + + + + + + + +
+

+ +

+
+ + + + + diff --git a/adminPages/EditCategories.php b/adminPages/EditCategories.php new file mode 100644 index 0000000..10b17d6 --- /dev/null +++ b/adminPages/EditCategories.php @@ -0,0 +1,78 @@ +prepare($query); + $stmt ->bind_param("ss", $_GET['NewCatName'], $_GET['NewCatDesc']); + $stmt ->execute(); +}elseif (isset($_GET['NewName'])){ //Update old category + $query = "UPDATE categories SET CategoryName = ?, Description = ? WHERE CategoryID = ?"; + $stmt = $con->prepare($query); + $stmt ->bind_param("ssd", $_GET['NewName'], $_GET['NewDesc'], $_GET['Category']); + $stmt ->execute(); +} + +?> + + + + + + + + +
+
+ +
+

Add Category

+
+ + + + + + + +
+
+
+ +
+
+

Edit Category

+
+ + + + + + + + + + +
+
+
+
+ + + + + diff --git a/adminPages/EditProducts.php b/adminPages/EditProducts.php new file mode 100644 index 0000000..d7c105e --- /dev/null +++ b/adminPages/EditProducts.php @@ -0,0 +1,156 @@ + + + + + + + + +
+ +
+ +
+
+
+ +
+

Simple Search

+
+ + + +
+
+
+
+ +
+

Advanced Search

+
+ + + + + + + + + + + + +
+
+
+
+
+ prepare($query); + + }elseif (isset($_GET["SimpleSearch"]) && !empty($_GET["SimpleSearch"])) { //Simple search + $query ="SELECT ProductID as _ProductID, ProductName as Product, CategoryName as Category, CompanyName as Company, + QuantityPerUnit as Quantity, CONCAT('$', FORMAT(p.UnitPrice,2)) as Price, UnitsInStock as Stock + FROM + ((products as p LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE + CategoryName LIKE ? OR + ProductName LIKE ? OR + CompanyName LIKE ?"; + + $SimpleSearch = "%" . $_GET['SimpleSearch'] . "%"; + $stmt = $con->prepare($query); + $stmt ->bind_param("sss", $SimpleSearch, $SimpleSearch, $SimpleSearch); + + }else{ //Advanced search + + $query ="SELECT ProductID as _ProductID, ProductName as Product, CategoryName as Category, CompanyName as Company, + QuantityPerUnit as Quantity, CONCAT('$', FORMAT(p.UnitPrice,2)) as Price, UnitsInStock as Stock + FROM + ((products as p LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE + ProductName LIKE ? AND + CompanyName LIKE ? AND + CategoryName LIKE ? AND + UnitPrice > ? AND + UnitPrice < ?"; + + $ProductName = "%" . $_GET['ProductName'] . "%"; + $CompanyName = "%" . $_GET['CompanyName'] . "%"; + $Category = "%" . $_GET['Category'] . "%"; + if (empty($_GET["UnitPriceLow"])){ + $UnitPriceLow = 0.00; + }else{ + $UnitPriceLow = number_format($_GET['UnitPriceLow'], 2); + } + if (empty($_GET["UnitPriceHigh"])){ + $UnitPriceHigh = 10000000.00; + }else{ + $UnitPriceHigh = number_format($_GET['UnitPriceHigh'], 2); + } + $stmt = $con->prepare($query); + $stmt ->bind_param("sssdd", $ProductName, $CompanyName, $Category, $UnitPriceLow, $UnitPriceHigh); + + } + + $stmt ->execute(); + $result = $stmt->get_result(); + + $trArgs = array("onclick=\"window.document.location='ViewProduct.php?productID=%ProductID%'\"", + array('%ProductID%' => '_ProductID') + ); + makeTable($result, $trArgs); + + + ?> +
+ + + + + diff --git a/employeePages/eNewProduct.php b/adminPages/NewProduct.php similarity index 92% rename from employeePages/eNewProduct.php rename to adminPages/NewProduct.php index 084f154..5cebd63 100644 --- a/employeePages/eNewProduct.php +++ b/adminPages/NewProduct.php @@ -11,7 +11,7 @@ if (isset($_GET['ProductName'])){ $stmt ->execute(); - header("Location:cEditProducts.php"); + header("Location:EditProducts.php"); // $con->query($query); } ?> @@ -22,10 +22,10 @@ if (isset($_GET['ProductName'])){
-
+

New Product

diff --git a/adminPages/OrdersToFill.php b/adminPages/OrdersToFill.php new file mode 100644 index 0000000..1906eb9 --- /dev/null +++ b/adminPages/OrdersToFill.php @@ -0,0 +1,30 @@ + + + + + + + + +
+

Active orders

+
+ query($sql)){} + + + $trArgs = array("onclick=\"window.document.location='ViewOrder.php?orderID=%OrderID%'\"", + array('%OrderID%' => 'OrderID') + ); + makeTable($result, $trArgs); + ?> +
+ + diff --git a/adminPages/Report_Customers.php b/adminPages/Report_Customers.php new file mode 100644 index 0000000..943d857 --- /dev/null +++ b/adminPages/Report_Customers.php @@ -0,0 +1,22 @@ + + + + + + + + +
+ +
+ + + + + diff --git a/adminPages/Report_Employees.php b/adminPages/Report_Employees.php new file mode 100644 index 0000000..943d857 --- /dev/null +++ b/adminPages/Report_Employees.php @@ -0,0 +1,22 @@ + + + + + + + + +
+ +
+ + + + + diff --git a/adminPages/Report_Inventory.php b/adminPages/Report_Inventory.php new file mode 100644 index 0000000..943d857 --- /dev/null +++ b/adminPages/Report_Inventory.php @@ -0,0 +1,22 @@ + + + + + + + + +
+ +
+ + + + + diff --git a/adminPages/Report_Sales.php b/adminPages/Report_Sales.php new file mode 100644 index 0000000..943d857 --- /dev/null +++ b/adminPages/Report_Sales.php @@ -0,0 +1,22 @@ + + + + + + + + +
+ +
+ + + + + diff --git a/adminPages/Reports.php b/adminPages/Reports.php new file mode 100644 index 0000000..d0c8014 --- /dev/null +++ b/adminPages/Reports.php @@ -0,0 +1,33 @@ + + + + + + + + +
+ + + +
+ +
+
+ +
+
+ +
+
+ + + + + diff --git a/adminPages/ReviewCustomerDemographics.php b/adminPages/ReviewCustomerDemographics.php new file mode 100644 index 0000000..f2569a2 --- /dev/null +++ b/adminPages/ReviewCustomerDemographics.php @@ -0,0 +1,154 @@ + + + + + + + + + +
+
+ +
+

Simple Search

+
+ + + +
+
+
+
+ +
+

Advanced Search

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+
+ prepare($query); + + }elseif (isset($_GET["SimpleSearch"]) && !empty($_GET["SimpleSearch"])) { //Simple search + $query ="SELECT CustomerID as ID, CompanyName as Company, ContactName as Name, ContactTitle as Title, Address, City, Region, PostalCode as `Postal Code`, Country, Phone, Fax + FROM + customers + WHERE + CustomerID LIKE ? OR + CompanyName LIKE ? OR + ContactName LIKE ? OR + ContactTitle LIKE ? OR + Address LIKE ? OR + City LIKE ? OR + Region LIKE ? OR + PostalCode LIKE ? OR + Country LIKE ? OR + Phone LIKE ? OR + Fax LIKE ?"; + // echo $query; + $SimpleSearch = "%" . $_GET['SimpleSearch'] . "%"; + $stmt = $con->prepare($query); + $stmt ->bind_param("sssssssssss", $SimpleSearch, $SimpleSearch, $SimpleSearch, $SimpleSearch, $SimpleSearch, $SimpleSearch, $SimpleSearch, $SimpleSearch, $SimpleSearch, $SimpleSearch, $SimpleSearch); + + }else{ //Advanced search + + $query ="SELECT CustomerID as ID, CompanyName as Company, ContactName as Name, ContactTitle as Title, Address, City, Region, PostalCode as `Postal Code`, Country, Phone, Fax + FROM + customers + WHERE + CustomerID LIKE ? AND + CompanyName LIKE ? AND + ContactName LIKE ? AND + ContactTitle LIKE ? AND + Address LIKE ? AND + City LIKE ? AND + Region LIKE ? AND + PostalCode LIKE ? AND + Country LIKE ? AND + Phone LIKE ? AND + Fax LIKE ?"; + + $CustomerID = "%" . $_GET['CustomerID'] . "%"; + $CompanyName = "%" . $_GET['CompanyName'] . "%"; + $ContactName = "%" . $_GET['ContactName'] . "%"; + $ContactTitle = "%" . $_GET['ContactTitle'] . "%"; + $Address = "%" . $_GET['Address'] . "%"; + $City = "%" . $_GET['City'] . "%"; + $Region = "%" . $_GET['Region'] . "%"; + $PostalCode = "%" . $_GET['PostalCode'] . "%"; + $Country = "%" . $_GET['Country'] . "%"; + $Phone = "%" . $_GET['Phone'] . "%"; + $Fax = "%" . $_GET['Fax'] . "%"; + + $stmt = $con->prepare($query); + $stmt ->bind_param("sssssssssss", $CustomerID, $CompanyName, $ContactName, $ContactTitle, + $Address, $City, $Region, + $PostalCode, $Country, $Phone, $Fax); + + } + + $stmt ->execute(); + $result = $stmt->get_result(); + + + makeTable($result); + + + ?> +
+ + + + + diff --git a/adminPages/ViewOrder.php b/adminPages/ViewOrder.php new file mode 100644 index 0000000..b235404 --- /dev/null +++ b/adminPages/ViewOrder.php @@ -0,0 +1,72 @@ + + + + + + + + +
+ ', ShipRegion, ' ', ShipPostalCode, ', ', ShipCountry) as `Ship Address`, + CONCAT('$', FORMAT(Total,2)) as Total, pt.Name as `Paid Via` + FROM + ((((orders o LEFT JOIN employees e ON o.EmployeeID = e.EmployeeID) + LEFT JOIN shipments sh ON o.OrderID = sh.OrderID) + LEFT JOIN shipaddresses s ON sh.ShipmentsID = s.ShipAddrID) + LEFT JOIN payment p ON o.orderID = p.orderID) + LEFT JOIN paymenttype pt ON pt.paymenttypeid = p.paymenttypeid + " . $where . " ORDER BY OrderDate DESC"; + + $result = $con->query($sql); + $trArgs = array("onclick=\"window.document.location='ViewOrder.php?orderID=%OrderID%'\"", + array('%OrderID%' => '_OrderID') + ); + makeTable($result, $trArgs); + + echo "
"; + + $sql = "SELECT + p.ProductID as _ProductID, + ProductName as Product, + CategoryName as Category, + CompanyName as Company, + QuantityPerUnit as Quantity, + CONCAT('$', FORMAT(p.UnitPrice,2)) as Price, + UnitsInStock as Stock, + Quantity as `Amount Ordered`, + CONCAT('$', FORMAT(Quantity*p.UnitPrice,2)) as `Sub-total` + FROM + (((`order details` od LEFT JOIN products p ON od.ProductID = p.ProductID) + LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE orderid = " . $orderID . " + order by od.ProductID ASC"; + + $result = $con->query($sql); + + $trArgs = array("onclick=\"window.document.location='ViewProduct.php?productID=%ProductID%'\"", + array('%ProductID%' => '_ProductID') + ); + makeTable($result, $trArgs); + ?> +
+ + + + + diff --git a/employeePages/eViewProduct.php b/adminPages/ViewProduct.php similarity index 96% rename from employeePages/eViewProduct.php rename to adminPages/ViewProduct.php index 9c42a86..260d633 100644 --- a/employeePages/eViewProduct.php +++ b/adminPages/ViewProduct.php @@ -41,7 +41,7 @@ $productID = $_GET['productID'];
@@ -88,7 +88,7 @@ $productID = $_GET['productID']; ?>
-
+

Edit Product

diff --git a/adminPages/login.php b/adminPages/login.php new file mode 100644 index 0000000..9203ad6 --- /dev/null +++ b/adminPages/login.php @@ -0,0 +1,107 @@ + $_POST['AdminID'] + ); + // echo implode("|",$query_params); + */ + + $uName = $_POST['AdminID']; + $query = "SELECT AdminID, password FROM admins WHERE AdminID = ?"; + $stmt = $con->prepare($query); + $stmt ->bind_param("s", $uName); + + $stmt ->execute(); + $result = $stmt->get_result(); + + //This will be the variable to determine whether or not the user's information is correct. + //we initialize it as false. + $validated_info = false; + + //fetching all the rows from the query + $row = $result->fetch_assoc(); + + if ($row) { + //if we encrypted the password, we would unencrypt it here, but in our case we just + //compare the two passwords + if ($_POST['Password'] === $row['password']) { + $login_ok = true; + } + + //$pEntered = 'test'; + //$hash = password_hash($pEntered, PASSWORD_BCRYPT); + //echo $hash; + //echo password_verify($pEntered, $hash); + + } + + // If the user logged in successfully, then we send them to the private members-only page + // Otherwise, we display a login failed message and show the login form again + if ($login_ok) { + $response["success"] = 1; + $response["message"] = "Login successful!"; + $_SESSION["AdminID"] = $row['AdminID']; + + + header("Location:Dashboard.php"); + exit(); + die(json_encode($response)); + } else { + $response["success"] = 0; + $response["message"] = "Invalid Credentials!"; + header("Location:login.php?message=invalid"); + exit(); + die(json_encode($response)); + } +} else { +?> + + + + + Northwind Administrator Login + + + + +
+ Northwind logo + +
+ + + +
+ + +
+ + + + + + diff --git a/adminPages/logout.php b/adminPages/logout.php new file mode 100644 index 0000000..9b8ea13 --- /dev/null +++ b/adminPages/logout.php @@ -0,0 +1,6 @@ + \ No newline at end of file diff --git a/commonFunctions.php b/commonFunctions.php index 5fdeed7..7b8895a 100644 --- a/commonFunctions.php +++ b/commonFunctions.php @@ -1,33 +1,61 @@ array("Home",""), - "eOrdersToFill.php" => array("Active Orders",""), - "eEditProducts.php" => array("Search/Edit Products",""), - "eEditCategories.php" => array("Edit Categories",""), - "eReviewCustomerDemographics.php" => array("Review Customer Information",""), - "logout.php" => array("Log Out","class='fRight'") + "cDashboard.php" => array("Home", ""), + "cEditProfile.php" => array("Edit Profile", ""), + "cSearchProduct.php" => array("Search Product", ""), + "cCreateOrder.php" => array("Create Order", ""), + "cPayment.php" => array("Payment", ""), + "cCart.php" => array("Cart", ""), + "cPastOrders.php" => array("Past Orders", ""), + "logout.php" => array("Log Out", "class='fRight'") ); - $menuItems[$curPage][1] = "class='active'"; + $menuItems[$activePage][1] = "class='active'"; echo ""; +} +function writeMenuEmp($activePage){ + //Menu items given in form (Page, (display name, class args)) + $menuItems = array( + "Dashboard.php" => array("Home", ""), + "OrdersToFill.php" => array("Active Orders", ""), + "EditProducts.php" => array("Search/Edit Products", ""), + "EditCategories.php" => array("Edit Categories", ""), + "ReviewCustomerDemographics.php" => array("View Customers", ""), + "logout.php" => array("Log Out", "class='fRight'") + ); + $menuItems[$activePage][1] = "class='active'"; - /* echo " - - "; - */ + echo ""; +} +function writeMenuAdm($activePage){ + //Menu items given in form (Page, (display name, class args)) + $menuItems = array( + "Dashboard.php" => array("Home", ""), + "OrdersToFill.php" => array("Active Orders", ""), + "EditProducts.php" => array("Search/Edit Products", ""), + "EditCategories.php" => array("Edit Categories", ""), + "ReviewCustomerDemographics.php" => array("View Customers", ""), + "AddEmployee.php" => array("Add Employee", ""), + "Reports.php" => array("Reports", ""), + "logout.php" => array("Log Out", "class='fRight'") + ); + $menuItems[$activePage][1] = "class='active'"; + + echo ""; } function orderCustomer($orderID) { //Get the customerID of the whomever placed this order @@ -37,6 +65,43 @@ function orderCustomer($orderID) { //Get the customerID of the whomever placed t $row = $result->fetch_assoc(); return $row['CustomerID']; } + +function displayOrders($customerID, $orderID = 0) { + global $con; + + if($orderID <> 0){ + $where = " WHERE o.OrderID=" . $orderID . " "; + }else{ + $where = " WHERE customerID='" . $customerID . "' "; + } + + $sql = "SELECT + o.OrderID as _OrderID, + CONCAT(e.FirstName, ' ', e.LastName) as Employee, + DATE_FORMAT(OrderDate, '%m-%d-%Y') as `Order Date`, DATE_FORMAT(s.RequiredDate, '%m-%d-%Y') as `Required Date`, DATE_FORMAT(ShippedDate, '%m-%d-%Y') as `Shipped Date`, + Freight, ShipName as `Ship To`, + CONCAT(ShipAddress, ', ', ShipCity, '
', ShipRegion, ' ', ShipPostalCode, ', ', ShipCountry) as `Ship Address`, + CONCAT('$', FORMAT(Total,2)) as Total, pt.Name as `Paid Via` + FROM + ((((orders o LEFT JOIN employees e ON o.EmployeeID = e.EmployeeID) + LEFT JOIN shipments sh ON o.OrderID = sh.OrderID) + LEFT JOIN shipaddresses s ON sh.ShipmentsID = s.ShipAddrID) + LEFT JOIN payment p ON o.orderID = p.orderID) + LEFT JOIN paymenttype pt ON pt.paymenttypeid = p.paymenttypeid + " . $where . " ORDER BY OrderDate DESC"; + + $result = $con->query($sql); + + $trArgs = array("onclick=\"window.document.location='cViewOrder.php?orderID=%OrderID%'\"", + array('%OrderID%' => '_OrderID') + ); + makeTable($result, $trArgs); +} + + + + +/* function displayOrder($orderID) { global $con; $sql = "SELECT o.orderID, customerID, OrderDate, s.RequiredDate, CONCAT(e.FirstName, ' ', e.LastName) as employeeName, s.*, p.*, pt.Name as ptName @@ -77,12 +142,7 @@ function displayOrders($customerID, $orderID = 0) { ORDER BY OrderDate DESC"; } $result = $con->query($sql); - - /* - $stmt = $con->prepare($query); - $stmt ->execute(); - $result = $stmt->get_result(); - */ + if ($result->num_rows > 0) { echo " @@ -105,12 +165,24 @@ function displayOrders($customerID, $orderID = 0) { echo "
"; } + } +*/ function displayOrderDetails($orderID) { global $con; - $sql = "SELECT * FROM + $sql = "SELECT + p.ProductID as _ProductID, + ProductName as Product, + CategoryName as Category, + CompanyName as Company, + QuantityPerUnit as Quantity, + CONCAT('$', FORMAT(p.UnitPrice,2)) as Price, + UnitsInStock as Stock, + Quantity as `Amount Ordered`, + CONCAT('$', FORMAT(Quantity*p.UnitPrice,2)) as `Sub-total` + FROM (((`order details` od LEFT JOIN products p ON od.ProductID = p.ProductID) LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) LEFT JOIN categories c ON p.CategoryID = c.CategoryID) @@ -120,42 +192,24 @@ function displayOrderDetails($orderID) { $result = $con->query($sql); - if ($result->num_rows > 0) { - - echo " - - - - - - - - - - "; - - while($row = $result->fetch_assoc()) { - echo " - - - - - - - - - "; - - } - - echo "
ProductCategoryCompanyQuantityPriceStockAmount OrderedSub-total
" . $row['ProductName'] . "" . $row['CategoryName'] . "" . $row['CompanyName'] . "" . $row['QuantityPerUnit'] . "" . "$" . number_format($row['UnitPrice'], 2) . "" . $row['UnitsInStock'] . "" . $row['Quantity'] . "" . "$" . number_format($row['Quantity'] * $row['UnitPrice'],2) . "
"; - } + $trArgs = array("onclick=\"window.document.location='cViewProduct.php?productID=%ProductID%'\"", + array('%ProductID%' => '_ProductID') + ); + makeTable($result, $trArgs); } function displayProduct($productID) { global $con; - $sql = "SELECT * FROM + $sql = "SELECT + ProductName as Product, + CategoryName as Category, + CompanyName as Company, + QuantityPerUnit as Quantity, + CONCAT('$', FORMAT(p.UnitPrice,2)) as Price, + UnitsInStock as Stock, + Picture as _Picture + FROM ((products p LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) LEFT JOIN categories c ON p.CategoryID = c.CategoryID) @@ -164,6 +218,12 @@ function displayProduct($productID) { order by ProductID ASC"; $result = $con->query($sql); + $trArgs = array("onclick=\"window.document.location='cViewProduct.php?productID=%ProductID%'\"", + array('%ProductID%' => '_ProductID') + ); + makeTable($result); + + /* $row = $result->fetch_assoc(); if ($row) { echo " @@ -190,6 +250,8 @@ function displayProduct($productID) { echo "
"; loadPicture($row['Picture']); } + * + */ } function loadPicture($blob, $widthPercent=100){ echo ''; @@ -208,7 +270,9 @@ function tableHead($result) { foreach ($result as $x) { echo ''; foreach ($x as $k => $y) { - echo ''; + if (substr(ucfirst($k),0,1) <> "_"){ //Underscore as first character indicates it shouldn't be displayed in table + echo ''; + } } echo ''; break; @@ -228,16 +292,24 @@ function tableBody($result, $trArgs) { $trArgsS = str_replace($sString, $x[$varID], $trArgsS); } } - echo $trArgsS . " "; + // echo $trArgsS . " "; echo ''; - foreach ($x as $y) { - echo ''; + foreach ($x as $k => $y) { + if (substr(ucfirst($k),0,1) <> "_"){ //Underscore as first character indicates it shouldn't be displayed in table + echo ''; + } } echo ''; } echo ''; } +function getResult($query) { + global $con; + $stmt = $con->prepare($query); + $stmt ->execute(); + return $stmt->get_result(); +} ?>
' . ucfirst($k) . '' . ucfirst($k) . '
' . $y . '' . $y . '