";
+ }
+}
+
+function displayOrderDetails($orderID) {
+ global $con;
+
+ $sql = "SELECT * FROM
+ (((`order details` od LEFT JOIN products p ON od.ProductID = p.ProductID)
+ LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID)
+ LEFT JOIN categories c ON p.CategoryID = c.CategoryID)
+ LEFT JOIN company co ON s.CompanyId = co.CompanyID
+ WHERE orderid = " . $orderID . "
+ order by od.ProductID ASC";
+
+ $result = $con->query($sql);
+
+ if ($result->num_rows > 0) {
+
+ echo "
";
+ }
+}
+
+function displayProduct($productID) {
+ global $con;
+
+ $sql = "SELECT * FROM
+ ((products p
+ LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID)
+ LEFT JOIN categories c ON p.CategoryID = c.CategoryID)
+ LEFT JOIN company co ON s.CompanyId = co.CompanyID
+ WHERE ProductID = " . $productID . "
+ order by ProductID ASC";
+
+ $result = $con->query($sql);
+ $row = $result->fetch_assoc();
+ if ($row) {
+ echo "
+
+
+
+
+
diff --git a/customerPages/login.php b/customerPages/login.php
new file mode 100644
index 0000000..3373522
--- /dev/null
+++ b/customerPages/login.php
@@ -0,0 +1,146 @@
+ $_POST['Username']
+ );
+ // echo implode("|",$query_params);
+ */
+
+ $uName = $_POST['Username'];
+ // $sql = "SELECT CustomerID, password, ContactName FROM customers WHERE CustomerID = '$uName'";
+
+ $query = "SELECT CustomerID, password, ContactName FROM customers WHERE CustomerID = ?";
+ $stmt = $con->prepare($query);
+ $stmt ->bind_param("s", $uName);
+
+ $stmt ->execute();
+ $result = $stmt->get_result();
+
+ /*
+ if (!$result = $con->query($sql)) {
+ // Oh no! The query failed.
+ echo "Sorry, the website is experiencing problems.";
+
+ // Again, do not do this on a public site, but we'll show you how
+ // to get the error information
+ echo "Error: Our query failed to execute and here is why: \n";
+ echo "Query: " . $sql . "\n";
+ echo "Errno: " . $mysqli->errno . "\n";
+ echo "Error: " . $mysqli->error . "\n";
+ exit;
+ }
+ /*
+ try {
+ $stmt = $con->prepare($query);
+ $result = $stmt->execute($query_params);
+ }
+
+ catch (PDOException $ex) {
+ // For testing, you could use a die and message.
+ //die("Failed to run query: " . $ex->getMessage());
+
+ //or just use this use this one to product JSON data:
+ $response["success"] = 0;
+ $response["message"] = "Database Error1. Please Try Again!";
+ die(json_encode($response));
+
+ }
+ */
+ //This will be the variable to determine whether or not the user's information is correct.
+ //we initialize it as false.
+ $validated_info = false;
+
+ //fetching all the rows from the query
+ $row = $result->fetch_assoc();
+
+ if ($row) {
+ //if we encrypted the password, we would unencrypt it here, but in our case we just
+ //compare the two passwords
+ if ($_POST['Password'] === $row['password']) {
+ $login_ok = true;
+ }
+
+ //$pEntered = 'test';
+ //$hash = password_hash($pEntered, PASSWORD_BCRYPT);
+ //echo $hash;
+ //echo password_verify($pEntered, $hash);
+
+ }
+
+ // If the user logged in successfully, then we send them to the private members-only page
+ // Otherwise, we display a login failed message and show the login form again
+ if ($login_ok) {
+ $response["success"] = 1;
+ $response["message"] = "Login successful!";
+ $_SESSION["CustomerID"] = $row['CustomerID'];
+ // $_SESSION["ContactName"] = $row['ContactName'];
+
+
+ header("Location:cDashboard.php");
+ exit();
+ die(json_encode($response));
+ } else {
+ $response["success"] = 0;
+ $response["message"] = "Invalid Credentials!";
+ header("Location:login.php?message=invalid");
+ exit();
+ die(json_encode($response));
+ }
+} else {
+?>
+
+
+
+
+ Northwind Login
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/customerPages/logout.php b/customerPages/logout.php
new file mode 100644
index 0000000..22737a7
--- /dev/null
+++ b/customerPages/logout.php
@@ -0,0 +1,6 @@
+
\ No newline at end of file
diff --git a/customerPages/register.php b/customerPages/register.php
new file mode 100644
index 0000000..ba1b649
--- /dev/null
+++ b/customerPages/register.php
@@ -0,0 +1,164 @@
+ $_POST['password2']){
+ $response["success"] = 0;
+ $response["message"] = "Password entries must match";
+ header("Location:register.php?message=matchrequired");
+ exit();
+ die(json_encode($response));
+ }
+
+ //if the page hasn't died, we will check with our database to see if there is
+ //already a user with the username specificed in the form. ":user" is just
+ //a blank variable that we will change before we execute the query. We
+ //do it this way to increase security, and defend against sql injections
+ try {
+ $query = "SELECT CustomerID FROM customers WHERE CustomerID = ?";
+ $stmt = $con->prepare($query);
+ $stmt ->bind_param("s", $_POST['CustomerID']);
+
+ $stmt ->execute();
+ $result = $stmt->get_result();
+ }
+ catch (PDOException $ex) {
+ // For testing, you could use a die and message.
+ //die("Failed to run query: " . $ex->getMessage());
+
+ //or just use this use this one to product JSON data:
+ $response["success"] = 0;
+ $response["message"] = "Database Error1. Please Try Again!";
+ header("Location:register.php?message=invalid");
+ exit();
+ die(json_encode($response));
+ }
+
+ //fetch is an array of returned data. If any data is returned,
+ //we know that the username is already in use, so we murder our
+ //page
+ $row = $result->fetch_assoc();
+ if ($row) {
+ // For testing, you could use a die and message.
+ //die("This username is already in use");
+
+ //You could comment out the above die and use this one:
+ $response["success"] = 0;
+ $response["message"] = "I'm sorry, this username is already in use";
+ header("Location:register.php?message=unavail");
+ exit();
+ die(json_encode($response));
+ }
+
+ //$query = "INSERT INTO person ( FirstName, LastName, Address, City, State, Country, PostalCode, Phone, Fax, Email ) VALUES ( :FirstName, :LastName, :Address, :City, :State, :Country, :PostalCode, :Phone, :Fax, :Email ) ";
+ $query = "INSERT INTO customers ( CustomerID, password, CompanyName, ContactName, ContactTitle, Address, City, Region, Country, Phone, Fax ) VALUES (?,?,?,?,?,?,?,?,?,?,?)";
+
+ try {
+
+ $stmt = $con->prepare($query);
+ $stmt ->bind_param("sssssssssss", $_POST['CustomerID'], $_POST['password1'], $_POST['CompanyName'], $_POST['ContactName'], $_POST['ContactTitle'],
+ $_POST['Address'], $_POST['City'], $_POST['Region'], $_POST['Country'], $_POST['Phone'], $_POST['Fax']);
+
+ $stmt ->execute();
+ //$conn->close();
+ //$stmt = $db->prepare($query);
+ //$result = $stmt->execute($query_params);
+ }
+ catch (PDOException $ex) {
+ // For testing, you could use a die and message.
+ //die("Failed to run query: " . $ex->getMessage());
+
+ //or just use this use this one:
+ $response["success"] = 0;
+ $response["message"] = "Database Error2.5 Please Try Again!";
+ header("Location:register.php?message=invalid");
+ exit();
+ die(json_encode($response));
+ }
+
+ header("Location:login.php?message=success");
+ exit();
+
+} else {
+?>
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/employeePages/login.php b/employeePages/login.php
new file mode 100644
index 0000000..96ddc60
--- /dev/null
+++ b/employeePages/login.php
@@ -0,0 +1,141 @@
+ $_POST['Username']
+ );
+ // echo implode("|",$query_params);
+ */
+
+ $uName = $_POST['Username'];
+
+ $query = "SELECT EmployeeID, password, LastName FROM employees WHERE LastName = ?";
+ $stmt = $con->prepare($query);
+ $stmt ->bind_param("s", $uName);
+
+ $stmt ->execute();
+ $result = $stmt->get_result();
+
+ /*
+ if (!$result = $con->query($sql)) {
+ // Oh no! The query failed.
+ echo "Sorry, the website is experiencing problems.";
+
+ // Again, do not do this on a public site, but we'll show you how
+ // to get the error information
+ echo "Error: Our query failed to execute and here is why: \n";
+ echo "Query: " . $sql . "\n";
+ echo "Errno: " . $mysqli->errno . "\n";
+ echo "Error: " . $mysqli->error . "\n";
+ exit;
+ }
+ /*
+ try {
+ $stmt = $con->prepare($query);
+ $result = $stmt->execute($query_params);
+ }
+
+ catch (PDOException $ex) {
+ // For testing, you could use a die and message.
+ //die("Failed to run query: " . $ex->getMessage());
+
+ //or just use this use this one to product JSON data:
+ $response["success"] = 0;
+ $response["message"] = "Database Error1. Please Try Again!";
+ die(json_encode($response));
+
+ }
+ */
+ //This will be the variable to determine whether or not the user's information is correct.
+ //we initialize it as false.
+ $validated_info = false;
+
+ //fetching all the rows from the query
+ $row = $result->fetch_assoc();
+
+ if ($row) {
+ //if we encrypted the password, we would unencrypt it here, but in our case we just
+ //compare the two passwords
+ if ($_POST['Password'] === $row['password']) {
+ $login_ok = true;
+ }
+
+ //$pEntered = 'test';
+ //$hash = password_hash($pEntered, PASSWORD_BCRYPT);
+ //echo $hash;
+ //echo password_verify($pEntered, $hash);
+
+ }
+
+ // If the user logged in successfully, then we send them to the private members-only page
+ // Otherwise, we display a login failed message and show the login form again
+ if ($login_ok) {
+ $response["success"] = 1;
+ $response["message"] = "Login successful!";
+ $_SESSION["EmployeeID"] = $row['EmployeeID'];
+ // $_SESSION["ContactName"] = $row['ContactName'];
+
+
+ header("Location:eDashboard.php");
+ exit();
+ die(json_encode($response));
+ } else {
+ $response["success"] = 0;
+ $response["message"] = "Invalid Credentials!";
+ header("Location:login.php?message=invalid");
+ exit();
+ die(json_encode($response));
+ }
+} else {
+?>
+
+
+
+
+ Northwind Employee Login
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/employeePages/logout.php b/employeePages/logout.php
new file mode 100644
index 0000000..6fe1b5a
--- /dev/null
+++ b/employeePages/logout.php
@@ -0,0 +1,6 @@
+
\ No newline at end of file
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..05040d6
--- /dev/null
+++ b/index.php
@@ -0,0 +1,29 @@
+
+
+
+
+ Northwind Index
+
+
+
+