diff --git a/adminPages/login.php b/adminPages/login.php
new file mode 100644
index 0000000..9203ad6
--- /dev/null
+++ b/adminPages/login.php
@@ -0,0 +1,107 @@
+ $_POST['AdminID']
+ );
+ // echo implode("|",$query_params);
+ */
+
+ $uName = $_POST['AdminID'];
+ $query = "SELECT AdminID, password FROM admins WHERE AdminID = ?";
+ $stmt = $con->prepare($query);
+ $stmt ->bind_param("s", $uName);
+
+ $stmt ->execute();
+ $result = $stmt->get_result();
+
+ //This will be the variable to determine whether or not the user's information is correct.
+ //we initialize it as false.
+ $validated_info = false;
+
+ //fetching all the rows from the query
+ $row = $result->fetch_assoc();
+
+ if ($row) {
+ //if we encrypted the password, we would unencrypt it here, but in our case we just
+ //compare the two passwords
+ if ($_POST['Password'] === $row['password']) {
+ $login_ok = true;
+ }
+
+ //$pEntered = 'test';
+ //$hash = password_hash($pEntered, PASSWORD_BCRYPT);
+ //echo $hash;
+ //echo password_verify($pEntered, $hash);
+
+ }
+
+ // If the user logged in successfully, then we send them to the private members-only page
+ // Otherwise, we display a login failed message and show the login form again
+ if ($login_ok) {
+ $response["success"] = 1;
+ $response["message"] = "Login successful!";
+ $_SESSION["AdminID"] = $row['AdminID'];
+
+
+ header("Location:Dashboard.php");
+ exit();
+ die(json_encode($response));
+ } else {
+ $response["success"] = 0;
+ $response["message"] = "Invalid Credentials!";
+ header("Location:login.php?message=invalid");
+ exit();
+ die(json_encode($response));
+ }
+} else {
+?>
+
+
+
+
+
Northwind Administrator Login
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/adminPages/logout.php b/adminPages/logout.php
new file mode 100644
index 0000000..9b8ea13
--- /dev/null
+++ b/adminPages/logout.php
@@ -0,0 +1,6 @@
+
\ No newline at end of file
diff --git a/commonFunctions.php b/commonFunctions.php
index 5fdeed7..7b8895a 100644
--- a/commonFunctions.php
+++ b/commonFunctions.php
@@ -1,33 +1,61 @@
array("Home",""),
- "eOrdersToFill.php" => array("Active Orders",""),
- "eEditProducts.php" => array("Search/Edit Products",""),
- "eEditCategories.php" => array("Edit Categories",""),
- "eReviewCustomerDemographics.php" => array("Review Customer Information",""),
- "logout.php" => array("Log Out","class='fRight'")
+ "cDashboard.php" => array("Home", ""),
+ "cEditProfile.php" => array("Edit Profile", ""),
+ "cSearchProduct.php" => array("Search Product", ""),
+ "cCreateOrder.php" => array("Create Order", ""),
+ "cPayment.php" => array("Payment", ""),
+ "cCart.php" => array("Cart", ""),
+ "cPastOrders.php" => array("Past Orders", ""),
+ "logout.php" => array("Log Out", "class='fRight'")
);
- $menuItems[$curPage][1] = "class='active'";
+ $menuItems[$activePage][1] = "class='active'";
echo "";
+}
+function writeMenuEmp($activePage){
+ //Menu items given in form (Page, (display name, class args))
+ $menuItems = array(
+ "Dashboard.php" => array("Home", ""),
+ "OrdersToFill.php" => array("Active Orders", ""),
+ "EditProducts.php" => array("Search/Edit Products", ""),
+ "EditCategories.php" => array("Edit Categories", ""),
+ "ReviewCustomerDemographics.php" => array("View Customers", ""),
+ "logout.php" => array("Log Out", "class='fRight'")
+ );
+ $menuItems[$activePage][1] = "class='active'";
- /* echo "
-
- ";
- */
+ echo "";
+}
+function writeMenuAdm($activePage){
+ //Menu items given in form (Page, (display name, class args))
+ $menuItems = array(
+ "Dashboard.php" => array("Home", ""),
+ "OrdersToFill.php" => array("Active Orders", ""),
+ "EditProducts.php" => array("Search/Edit Products", ""),
+ "EditCategories.php" => array("Edit Categories", ""),
+ "ReviewCustomerDemographics.php" => array("View Customers", ""),
+ "AddEmployee.php" => array("Add Employee", ""),
+ "Reports.php" => array("Reports", ""),
+ "logout.php" => array("Log Out", "class='fRight'")
+ );
+ $menuItems[$activePage][1] = "class='active'";
+
+ echo "";
}
function orderCustomer($orderID) { //Get the customerID of the whomever placed this order
@@ -37,6 +65,43 @@ function orderCustomer($orderID) { //Get the customerID of the whomever placed t
$row = $result->fetch_assoc();
return $row['CustomerID'];
}
+
+function displayOrders($customerID, $orderID = 0) {
+ global $con;
+
+ if($orderID <> 0){
+ $where = " WHERE o.OrderID=" . $orderID . " ";
+ }else{
+ $where = " WHERE customerID='" . $customerID . "' ";
+ }
+
+ $sql = "SELECT
+ o.OrderID as _OrderID,
+ CONCAT(e.FirstName, ' ', e.LastName) as Employee,
+ DATE_FORMAT(OrderDate, '%m-%d-%Y') as `Order Date`, DATE_FORMAT(s.RequiredDate, '%m-%d-%Y') as `Required Date`, DATE_FORMAT(ShippedDate, '%m-%d-%Y') as `Shipped Date`,
+ Freight, ShipName as `Ship To`,
+ CONCAT(ShipAddress, ', ', ShipCity, '
', ShipRegion, ' ', ShipPostalCode, ', ', ShipCountry) as `Ship Address`,
+ CONCAT('$', FORMAT(Total,2)) as Total, pt.Name as `Paid Via`
+ FROM
+ ((((orders o LEFT JOIN employees e ON o.EmployeeID = e.EmployeeID)
+ LEFT JOIN shipments sh ON o.OrderID = sh.OrderID)
+ LEFT JOIN shipaddresses s ON sh.ShipmentsID = s.ShipAddrID)
+ LEFT JOIN payment p ON o.orderID = p.orderID)
+ LEFT JOIN paymenttype pt ON pt.paymenttypeid = p.paymenttypeid
+ " . $where . " ORDER BY OrderDate DESC";
+
+ $result = $con->query($sql);
+
+ $trArgs = array("onclick=\"window.document.location='cViewOrder.php?orderID=%OrderID%'\"",
+ array('%OrderID%' => '_OrderID')
+ );
+ makeTable($result, $trArgs);
+}
+
+
+
+
+/*
function displayOrder($orderID) {
global $con;
$sql = "SELECT o.orderID, customerID, OrderDate, s.RequiredDate, CONCAT(e.FirstName, ' ', e.LastName) as employeeName, s.*, p.*, pt.Name as ptName
@@ -77,12 +142,7 @@ function displayOrders($customerID, $orderID = 0) {
ORDER BY OrderDate DESC";
}
$result = $con->query($sql);
-
- /*
- $stmt = $con->prepare($query);
- $stmt ->execute();
- $result = $stmt->get_result();
- */
+
if ($result->num_rows > 0) {
echo "
@@ -105,12 +165,24 @@ function displayOrders($customerID, $orderID = 0) {
echo "
";
}
+
}
+*/
function displayOrderDetails($orderID) {
global $con;
- $sql = "SELECT * FROM
+ $sql = "SELECT
+ p.ProductID as _ProductID,
+ ProductName as Product,
+ CategoryName as Category,
+ CompanyName as Company,
+ QuantityPerUnit as Quantity,
+ CONCAT('$', FORMAT(p.UnitPrice,2)) as Price,
+ UnitsInStock as Stock,
+ Quantity as `Amount Ordered`,
+ CONCAT('$', FORMAT(Quantity*p.UnitPrice,2)) as `Sub-total`
+ FROM
(((`order details` od LEFT JOIN products p ON od.ProductID = p.ProductID)
LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID)
LEFT JOIN categories c ON p.CategoryID = c.CategoryID)
@@ -120,42 +192,24 @@ function displayOrderDetails($orderID) {
$result = $con->query($sql);
- if ($result->num_rows > 0) {
-
- echo "
-
- Product |
- Category |
- Company |
- Quantity |
- Price |
- Stock |
- Amount Ordered |
- Sub-total |
-
";
-
- while($row = $result->fetch_assoc()) {
- echo "
- " . $row['ProductName'] . " |
- " . $row['CategoryName'] . " |
- " . $row['CompanyName'] . " |
- " . $row['QuantityPerUnit'] . " |
- " . "$" . number_format($row['UnitPrice'], 2) . " |
- " . $row['UnitsInStock'] . " |
- " . $row['Quantity'] . " |
- " . "$" . number_format($row['Quantity'] * $row['UnitPrice'],2) . " |
-
";
-
- }
-
- echo "
";
- }
+ $trArgs = array("onclick=\"window.document.location='cViewProduct.php?productID=%ProductID%'\"",
+ array('%ProductID%' => '_ProductID')
+ );
+ makeTable($result, $trArgs);
}
function displayProduct($productID) {
global $con;
- $sql = "SELECT * FROM
+ $sql = "SELECT
+ ProductName as Product,
+ CategoryName as Category,
+ CompanyName as Company,
+ QuantityPerUnit as Quantity,
+ CONCAT('$', FORMAT(p.UnitPrice,2)) as Price,
+ UnitsInStock as Stock,
+ Picture as _Picture
+ FROM
((products p
LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID)
LEFT JOIN categories c ON p.CategoryID = c.CategoryID)
@@ -164,6 +218,12 @@ function displayProduct($productID) {
order by ProductID ASC";
$result = $con->query($sql);
+ $trArgs = array("onclick=\"window.document.location='cViewProduct.php?productID=%ProductID%'\"",
+ array('%ProductID%' => '_ProductID')
+ );
+ makeTable($result);
+
+ /*
$row = $result->fetch_assoc();
if ($row) {
echo "
@@ -190,6 +250,8 @@ function displayProduct($productID) {
echo "
";
loadPicture($row['Picture']);
}
+ *
+ */
}
function loadPicture($blob, $widthPercent=100){
echo '';
@@ -208,7 +270,9 @@ function tableHead($result) {
foreach ($result as $x) {
echo '';
foreach ($x as $k => $y) {
- echo '' . ucfirst($k) . ' | ';
+ if (substr(ucfirst($k),0,1) <> "_"){ //Underscore as first character indicates it shouldn't be displayed in table
+ echo '' . ucfirst($k) . ' | ';
+ }
}
echo '
';
break;
@@ -228,16 +292,24 @@ function tableBody($result, $trArgs) {
$trArgsS = str_replace($sString, $x[$varID], $trArgsS);
}
}
- echo $trArgsS . " ";
+ // echo $trArgsS . " ";
echo '';
- foreach ($x as $y) {
- echo '' . $y . ' | ';
+ foreach ($x as $k => $y) {
+ if (substr(ucfirst($k),0,1) <> "_"){ //Underscore as first character indicates it shouldn't be displayed in table
+ echo '' . $y . ' | ';
+ }
}
echo '
';
}
echo '';
}
+function getResult($query) {
+ global $con;
+ $stmt = $con->prepare($query);
+ $stmt ->execute();
+ return $stmt->get_result();
+}
?>