diff --git a/commonFunctions.php b/commonFunctions.php new file mode 100644 index 0000000..17859d3 --- /dev/null +++ b/commonFunctions.php @@ -0,0 +1,206 @@ +query($sql); + $row = $result->fetch_assoc(); + return $row['CustomerID']; +} +function displayOrder($orderID) { + global $con; + $sql = "SELECT o.orderID, customerID, OrderDate, s.RequiredDate, CONCAT(e.FirstName, ' ', e.LastName) as employeeName, s.*, p.*, pt.Name as ptName + FROM + ((((orders o LEFT JOIN employees e ON o.EmployeeID = e.EmployeeID) + LEFT JOIN shipments sh ON o.OrderID = sh.OrderID) + LEFT JOIN shipaddresses s ON sh.ShipmentsID = s.ShipAddrID) + LEFT JOIN payment p ON o.orderID = p.orderID) + LEFT JOIN paymenttype pt ON pt.paymenttypeid = p.paymenttypeid + WHERE o.orderID =" . $orderID; + // echo $sql; + $result = $con->query($sql); + $row = $result->fetch_assoc(); + if ($row) { + $address = $row['ShipAddress'] . ", " . $row['ShipCity'] . "
" . $row['ShipRegion'] . " " . $row['ShipPostalCode'] . ", " . $row['ShipCountry']; + + echo " + " . $row['employeeName'] . " + " . explode(" ", $row['OrderDate'])[0] . " + " . explode(" ", $row['RequiredDate'])[0] . " + " . explode(" ", $row['ShippedDate'])[0] . " + " . $row['Freight'] . " + " . $row['ShipName'] . " + " . $address . " + " . "$" . number_format($row['Total'], 2) . " + " . $row['ptName'] . " + "; + } +} + +function displayOrders($customerID, $orderID = 0) { + global $con; + + if($orderID <> 0){ + $sql = "SELECT OrderID FROM orders WHERE OrderID=" . $orderID; + }else{ + $sql = "SELECT OrderID FROM orders WHERE customerID='" . $customerID . "' + ORDER BY OrderDate DESC"; + } + $result = $con->query($sql); + + /* + $stmt = $con->prepare($query); + $stmt ->execute(); + $result = $stmt->get_result(); + */ + if ($result->num_rows > 0) { + + echo " + + + + + + + + + + + "; + + while($row = $result->fetch_assoc()) { + echo displayOrder($row['OrderID']); + + } + + echo "
Assigned toOrdered onRequired byShipped onFreightShip toShip addressTotal PaidPaid Via
"; + } +} + +function displayOrderDetails($orderID) { + global $con; + + $sql = "SELECT * FROM + (((`order details` od LEFT JOIN products p ON od.ProductID = p.ProductID) + LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE orderid = " . $orderID . " + order by od.ProductID ASC"; + + $result = $con->query($sql); + + if ($result->num_rows > 0) { + + echo " + + + + + + + + + + "; + + while($row = $result->fetch_assoc()) { + echo " + + + + + + + + + "; + + } + + echo "
ProductCategoryCompanyQuantityPriceStockAmount OrderedSub-total
" . $row['ProductName'] . "" . $row['CategoryName'] . "" . $row['CompanyName'] . "" . $row['QuantityPerUnit'] . "" . "$" . number_format($row['UnitPrice'], 2) . "" . $row['UnitsInStock'] . "" . $row['Quantity'] . "" . "$" . number_format($row['Quantity'] * $row['UnitPrice'],2) . "
"; + } +} + +function displayProduct($productID) { + global $con; + + $sql = "SELECT * FROM + ((products p + LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE ProductID = " . $productID . " + order by ProductID ASC"; + + $result = $con->query($sql); + $row = $result->fetch_assoc(); + if ($row) { + echo " + + + + + + + + "; + + echo " + + + + + + + "; + + echo "
ProductCategoryCompanyQuantityPriceStock
" . $row['ProductName'] . "" . $row['CategoryName'] . "" . $row['CompanyName'] . "" . $row['QuantityPerUnit'] . "" . "$" . number_format($row['UnitPrice'], 2) . "" . $row['UnitsInStock'] . "
"; + + echo "
"; + loadPicture($row['Picture']); + } +} +function loadPicture($blob, $widthPercent=100){ + echo ''; +} + +function makeTable($result, $trArgs="") { + $result->fetch_array( MYSQLI_ASSOC ); + echo ""; + tableHead( $result ); + tableBody( $result, $trArgs="" ); + echo '
'; +} + +function tableHead($result) { + echo ''; + foreach ($result as $x) { + echo ''; + foreach ($x as $k => $y) { + echo '' . ucfirst($k) . ''; + } + echo ''; + break; + } + echo ''; +} + +function tableBody($result, $trArgs="") { + echo ''; + foreach ($result as $x) { + echo ''; + foreach ($x as $y) { + echo '' . $y . ''; + } + echo ''; + } + echo ''; +} + +?> + + \ No newline at end of file diff --git a/customerPages/cCart.php b/customerPages/cCart.php new file mode 100644 index 0000000..527bea7 --- /dev/null +++ b/customerPages/cCart.php @@ -0,0 +1,190 @@ +query($sql)) {} + +$row = $result->fetch_assoc(); +if ($row) { + $CompanyName = $row['CompanyName']; +} + +//echo "Welcome " . $_SESSION["userName"] . "!"; +?> + + + + + + + + + +
+

Please complete payment options first!

+ +
+ + +
+ +

Shipping Summary

+
+ + + + + + + + +
Required By
Delivery Typeprepare($query); + $stmt ->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_assoc(); + echo $row['DeliveryTypeName'] . " - " . $row['Description']; + ?>
Shipment Typeprepare($query); + $stmt ->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_assoc(); + echo $row['ShipmentTypeName'] . " - " . $row['Description']; + ?>
Shipped Byprepare($query); + $stmt ->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_assoc(); + echo $row['CompanyName']; + ?>
+ +
+
+ + + + + + + +
Ship to
Address
City
Region
Postal Code
Country
+ +
+
+
+
+

Order Summary

+
+ + + Product + Category + Company + Quantity + Price + Stock + Amount + Sub-total + "; + foreach ($shoppingCart as $productID_Quantity){ + $productID = explode("_", $productID_Quantity)[0]; + $productQuantity = explode("_", $productID_Quantity)[1]; + $query ="SELECT * FROM + ((products as p LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE + ProductID = " . $productID; + $stmt = $con->prepare($query); + + $stmt ->execute(); + $result = $stmt->get_result(); + + while($row = mysqli_fetch_array($result)) + { + echo ""; + echo "" . $row['ProductName'] . ""; + echo "" . $row['CategoryName'] . ""; + echo "" . $row['CompanyName'] . ""; + echo "" . $row['QuantityPerUnit'] . ""; + echo "" . "$" . number_format($row['UnitPrice'], 2) . ""; + echo "" . $row['UnitsInStock'] . ""; + echo "" . $productQuantity . ""; + echo "" . "$" . number_format($productQuantity * $row['UnitPrice'],2) . ""; + } + + echo ""; + + // echo $productID; + } + echo ""; + // } + + $query ="SELECT * FROM paymenttype WHERE PaymentTypeID = " . $_SESSION['PaymentType']; + $stmt = $con->prepare($query); + $stmt ->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_assoc(); + + echo "

A total of $" . number_format($_SESSION['TotalDue'],2) . " will be deducted from your " . $row['Name'] . "

"; + // echo $fqOrder . "
" . $fqOrderDetailsInsert . "
" . $fqShipments . "
" . $fqShipAddresses; + ?> + + +
+ + +
+ + + + +
+
+
+ + + + + + \ No newline at end of file diff --git a/customerPages/cCart_save.php b/customerPages/cCart_save.php new file mode 100644 index 0000000..be0c448 --- /dev/null +++ b/customerPages/cCart_save.php @@ -0,0 +1,64 @@ +prepare($query); +//$stmt ->execute(); + */ + + + +$query = explode(";", trim($_SESSION['finInsert'])); +foreach ($query as $queryS){ + if(trim($queryS) <> ""){ + $con->query($queryS); + } + + // echo "
" . $queryS; + // $stmt = $con->prepare($queryS); + // $stmt ->execute(); +} + + +//header("Location:cCart.php"); +?> + + + + + Order Completed + + + + +
+

Thank you for your order!

+

Your confirmation code is:

+ +
+ + + + + +query($sql)) {} + +$row = $result->fetch_assoc(); +if ($row) { + $CompanyName = $row['CompanyName']; + $ContactName = $row['ContactName']; + $ContactTitle = $row['ContactTitle']; + $Address = $row['Address']; + $City = $row['City']; + $Region = $row['Region']; + $PostalCode = $row['PostalCode']; + $Country = $row['Country']; + $Phone = $row['Phone']; + $Fax = $row['Fax']; + +} +//echo "Welcome " . $_SESSION["userName"] . "!"; +?> + + + + + + + +
+ + + + + Product + Category + Company + Quantity + Price + Stock + Amount + "; + foreach ($shoppingCart as $productID_Quantity){ + $productID = explode("_", $productID_Quantity)[0]; + $quantity = explode("_", $productID_Quantity)[1]; + $query ="SELECT * FROM + ((products as p LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE + ProductID = " . $productID; + $stmt = $con->prepare($query); + + $stmt ->execute(); + $result = $stmt->get_result(); + + while($row = mysqli_fetch_array($result)) + { + echo ""; + echo "" . $row['ProductName'] . ""; + echo "" . $row['CategoryName'] . ""; + echo "" . $row['CompanyName'] . ""; + echo "" . $row['QuantityPerUnit'] . ""; + echo "" . "$" . number_format($row['UnitPrice'], 2) . ""; + echo "" . $row['UnitsInStock'] . ""; + echo "" + . "" + . ""; + } + echo ""; + + // echo $productID; + } + echo ""; + // } + + ?> +
+
+
+ + + + + + + + + + + +
+
+ + + + + + + + + + + + + + +
+ + + ' style='display: none'/> + + + +
+
+ + + + + diff --git a/customerPages/cCreateOrder_save.php b/customerPages/cCreateOrder_save.php new file mode 100644 index 0000000..300cb54 --- /dev/null +++ b/customerPages/cCreateOrder_save.php @@ -0,0 +1,18 @@ +query($sql)) {} + +$row = $result->fetch_assoc(); +if ($row) { + $CompanyName = $row['CompanyName']; + $ContactName = $row['ContactName']; + $ContactTitle = $row['ContactTitle']; + $Address = $row['Address']; + $City = $row['City']; + $Region = $row['Region']; + $PostalCode = $row['PostalCode']; + $Country = $row['Country']; + $Phone = $row['Phone']; + $Fax = $row['Fax']; + +} + +//echo "Welcome " . $_SESSION["userName"] . "!"; +?> + + + + + + + +
+

+ +

+
+ + + + + diff --git a/customerPages/cEditProfile.php b/customerPages/cEditProfile.php new file mode 100644 index 0000000..97a917b --- /dev/null +++ b/customerPages/cEditProfile.php @@ -0,0 +1,113 @@ +prepare($query); + $stmt ->bind_param("sssssssss", $_POST['CompanyName'], $_POST['ContactName'], $_POST['ContactTitle'], + $_POST['Address'], $_POST['City'], $_POST['Region'], $_POST['Country'], $_POST['Phone'], $_POST['Fax']); + + $stmt ->execute(); + + } + + //echo "Welcome " . $_SESSION["userName"] . "!"; + $sql = "SELECT * FROM customers WHERE CustomerID = '" . $_SESSION["CustomerID"] . "'"; + //echo $sql; + if (!$result = $con->query($sql)) {} + + $row = $result->fetch_assoc(); + if ($row) { + $CompanyName = $row['CompanyName']; + $ContactName = $row['ContactName']; + $ContactTitle = $row['ContactTitle']; + $Address = $row['Address']; + $City = $row['City']; + $Region = $row['Region']; + $PostalCode = $row['PostalCode']; + $Country = $row['Country']; + $Phone = $row['Phone']; + $Fax = $row['Fax']; + + } + + +?> + + + + + +
+

+ +

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + + + \ No newline at end of file diff --git a/customerPages/cPastOrders.php b/customerPages/cPastOrders.php new file mode 100644 index 0000000..da4d314 --- /dev/null +++ b/customerPages/cPastOrders.php @@ -0,0 +1,59 @@ +query($sql)) {} + +$row = $result->fetch_assoc(); +if ($row) { + $CompanyName = $row['CompanyName']; + $ContactName = $row['ContactName']; + $ContactTitle = $row['ContactTitle']; + $Address = $row['Address']; + $City = $row['City']; + $Region = $row['Region']; + $PostalCode = $row['PostalCode']; + $Country = $row['Country']; + $Phone = $row['Phone']; + $Fax = $row['Fax']; + +} + +//echo "Welcome " . $_SESSION["userName"] . "!"; +?> + + + + + + + +
+

+ "; + + displayOrders($_SESSION['CustomerID']); + + ?> +

+
+ + + + + diff --git a/customerPages/cPayment.php b/customerPages/cPayment.php new file mode 100644 index 0000000..60a7ce1 --- /dev/null +++ b/customerPages/cPayment.php @@ -0,0 +1,175 @@ +query($sql)) {} + +$row = $result->fetch_assoc(); +if ($row) { + $CompanyName = $row['CompanyName']; + $ContactName = $row['ContactName']; + $ContactTitle = $row['ContactTitle']; + $Address = $row['Address']; + $City = $row['City']; + $Region = $row['Region']; + $PostalCode = $row['PostalCode']; + $Country = $row['Country']; + $Phone = $row['Phone']; + $Fax = $row['Fax']; + +} + + +?> + + + + + + + + + +
+

Please create an order first!

+ +
+ + +
+
+ + + Product + Category + Company + Quantity + Price + Stock + Amount + Sub-total + "; + foreach ($shoppingCart as $productID_Quantity){ + $productID = explode("_", $productID_Quantity)[0]; + $productQuantity = explode("_", $productID_Quantity)[1]; + $query ="SELECT * FROM + ((products as p LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE + ProductID = " . $productID; + $stmt = $con->prepare($query); + + $stmt ->execute(); + $result = $stmt->get_result(); + + while($row = mysqli_fetch_array($result)) + { + echo ""; + echo "" . $row['ProductName'] . ""; + echo "" . $row['CategoryName'] . ""; + echo "" . $row['CompanyName'] . ""; + echo "" . $row['QuantityPerUnit'] . ""; + echo "" . "$" . number_format($row['UnitPrice'], 2) . ""; + echo "" . $row['UnitsInStock'] . ""; + echo "" . $productQuantity . ""; + echo "" . "$" . number_format($productQuantity * $row['UnitPrice'],2) . ""; + $totalDue = $totalDue + ($productQuantity * $row['UnitPrice']); + $_SESSION['fqOrderDetailsInsert'] = $_SESSION['fqOrderDetailsInsert'] . " INSERT INTO `order details` + (`OrderID`, `ProductID`, `UnitPrice`, `Quantity`, `Discount`) VALUES ( + (SELECT Max(OrderID) FROM orders), " . + $productID . "," . + $row['UnitPrice'] . "," . + $productQuantity . "," . + "0" . + ");"; + + } + $_SESSION['fqOrder'] = " INSERT INTO orders (CustomerID, OrderDate, ShipVia) VALUES (" . + "'" . $_SESSION["CustomerID"] . "', " . + "Now(), " . + $_SESSION['ShipmentMethod'] . ");"; + $_SESSION['fqShipments'] = " INSERT INTO shipments (OrderID) VALUES ((SELECT MAX(OrderID) FROM orders));"; + $_SESSION['fqShipAddresses'] = " INSERT INTO shipaddresses (ShipmentsID, RequiredDate, ShipVia, ShipName, ShipAddress, ShipCity, ShipRegion, ShipPostalCode, ShipCountry) VALUES (" . + "(SELECT Max(ShipmentsID) FROM shipments), " . + "STR_TO_DATE('" . $_SESSION['RequiredBy'] . "', '%Y-%m-%d'), " . + $_SESSION["ShipmentCompany"] . ", " . + "'" . $_SESSION["Name"] . "', " . + "'" . $_SESSION["Address"] . "', " . + "'" . $_SESSION["City"] . "', " . + "'" . $_SESSION["Region"] . "', " . + "'" . $_SESSION["PostalCode"] . "', " . + "'" . $_SESSION["Country"] . "');"; + + + + echo ""; + + // echo $productID; + } + echo ""; + // } + $_SESSION['TotalDue'] = $totalDue; + echo " "; + echo "

Total Due: $" . number_format($totalDue,2) . "

"; + // echo $fqOrder . "
" . $fqOrderDetailsInsert . "
" . $fqShipments . "
" . $fqShipAddresses; + ?> + +
+

Please select a method of payment

+
+ + + + + + +
+
+
+ + + + + + + \ No newline at end of file diff --git a/customerPages/cPayment_save.php b/customerPages/cPayment_save.php new file mode 100644 index 0000000..6f5df0b --- /dev/null +++ b/customerPages/cPayment_save.php @@ -0,0 +1,9 @@ + + + + + + + + +
+ +
+ +
+

Simple Search

+
+ + + +
+
+
+
+ +
+

Advanced Search

+
+ + + + + + + + + + + + + +
+
+
+
+ +
+ +
+

Results

+ + prepare($query); + + }elseif (isset($_GET["SimpleSearch"]) && !empty($_GET["SimpleSearch"])) { //Simple search + $query ="SELECT * FROM + ((products as p LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE + CategoryName LIKE ? OR + ProductName LIKE ? OR + CompanyName LIKE ?"; + + $SimpleSearch = "%" . $_GET['SimpleSearch'] . "%"; + $stmt = $con->prepare($query); + $stmt ->bind_param("sss", $SimpleSearch, $SimpleSearch, $SimpleSearch); + + }else{ //Advanced search + + $query ="SELECT * FROM + ((products as p LEFT JOIN suppliers as s ON p.SupplierID = s.SupplierID) + LEFT JOIN categories c ON p.CategoryID = c.CategoryID) + LEFT JOIN company co ON s.CompanyId = co.CompanyID + WHERE + ProductName LIKE ? AND + CompanyName LIKE ? AND + CategoryName LIKE ? AND + UnitPrice > ? AND + UnitPrice < ?"; + + $ProductName = "%" . $_GET['ProductName'] . "%"; + $CompanyName = "%" . $_GET['CompanyName'] . "%"; + $Category = "%" . $_GET['Category'] . "%"; + if (empty($_GET["UnitPriceLow"])){ + $UnitPriceLow = 0.00; + }else{ + $UnitPriceLow = number_format($_GET['UnitPriceLow'], 2); + } + if (empty($_GET["UnitPriceHigh"])){ + $UnitPriceHigh = 10000000.00; + }else{ + $UnitPriceHigh = number_format($_GET['UnitPriceHigh'], 2); + } + + // echo $ProductName . ", " . $CompanyName . ", " . $Category . ", " . $UnitPriceLow . ", " . $UnitPriceHigh; + // echo $query; + + $stmt = $con->prepare($query); + $stmt ->bind_param("sssdd", $ProductName, $CompanyName, $Category, $UnitPriceLow, $UnitPriceHigh); + + } + + $stmt ->execute(); + $result = $stmt->get_result(); + + //Build results table + echo " + + + + + + + + + + "; + + while($row = mysqli_fetch_array($result)) + { + // echo ""; + echo " + + + + + + "; + // echo ""; + // echo ""; + echo ""; + + if(strpos(" " . $_SESSION['shoppingCart'], " " . $row['ProductID'] . "_") !== false){ //Check if product is already in cart + $curVal = 'Remove'; + }else{ + $curVal = 'Add'; + } + echo ""; + /* echo ""; + */ + echo ""; + } + echo "
ProductCategoryCompanyQuantityPriceStockViewCart
" . $row['ProductName'] . "" . $row['CategoryName'] . "" . $row['CompanyName'] . "" . $row['QuantityPerUnit'] . "" . "$" . number_format($row['UnitPrice'], 2) . "" . $row['UnitsInStock'] . "Add" + . "" + . "" + . "" + . "" + . "
" + . "" + . "
" + . "
"; + + + ?> + + +
+
+ + + ' style='display: none'> + +
+ +
+ + +
+ + + + + + diff --git a/customerPages/cSearchProduct_save.php b/customerPages/cSearchProduct_save.php new file mode 100644 index 0000000..378abfe --- /dev/null +++ b/customerPages/cSearchProduct_save.php @@ -0,0 +1,7 @@ + + + + + + + + +
+ Cannot view another customer's order!"; + }else{ + displayOrders(0, $orderID); + echo "
"; + displayOrderDetails($orderID); + } + ?> +
+ + + + + diff --git a/customerPages/cViewProduct.php b/customerPages/cViewProduct.php new file mode 100644 index 0000000..199ff65 --- /dev/null +++ b/customerPages/cViewProduct.php @@ -0,0 +1,39 @@ + + + + + + + + +
+ + +
+ +
+ + + + + diff --git a/customerPages/login.php b/customerPages/login.php new file mode 100644 index 0000000..3373522 --- /dev/null +++ b/customerPages/login.php @@ -0,0 +1,146 @@ + $_POST['Username'] + ); + // echo implode("|",$query_params); + */ + + $uName = $_POST['Username']; + // $sql = "SELECT CustomerID, password, ContactName FROM customers WHERE CustomerID = '$uName'"; + + $query = "SELECT CustomerID, password, ContactName FROM customers WHERE CustomerID = ?"; + $stmt = $con->prepare($query); + $stmt ->bind_param("s", $uName); + + $stmt ->execute(); + $result = $stmt->get_result(); + + /* + if (!$result = $con->query($sql)) { + // Oh no! The query failed. + echo "Sorry, the website is experiencing problems."; + + // Again, do not do this on a public site, but we'll show you how + // to get the error information + echo "Error: Our query failed to execute and here is why: \n"; + echo "Query: " . $sql . "\n"; + echo "Errno: " . $mysqli->errno . "\n"; + echo "Error: " . $mysqli->error . "\n"; + exit; + } + /* + try { + $stmt = $con->prepare($query); + $result = $stmt->execute($query_params); + } + + catch (PDOException $ex) { + // For testing, you could use a die and message. + //die("Failed to run query: " . $ex->getMessage()); + + //or just use this use this one to product JSON data: + $response["success"] = 0; + $response["message"] = "Database Error1. Please Try Again!"; + die(json_encode($response)); + + } + */ + //This will be the variable to determine whether or not the user's information is correct. + //we initialize it as false. + $validated_info = false; + + //fetching all the rows from the query + $row = $result->fetch_assoc(); + + if ($row) { + //if we encrypted the password, we would unencrypt it here, but in our case we just + //compare the two passwords + if ($_POST['Password'] === $row['password']) { + $login_ok = true; + } + + //$pEntered = 'test'; + //$hash = password_hash($pEntered, PASSWORD_BCRYPT); + //echo $hash; + //echo password_verify($pEntered, $hash); + + } + + // If the user logged in successfully, then we send them to the private members-only page + // Otherwise, we display a login failed message and show the login form again + if ($login_ok) { + $response["success"] = 1; + $response["message"] = "Login successful!"; + $_SESSION["CustomerID"] = $row['CustomerID']; + // $_SESSION["ContactName"] = $row['ContactName']; + + + header("Location:cDashboard.php"); + exit(); + die(json_encode($response)); + } else { + $response["success"] = 0; + $response["message"] = "Invalid Credentials!"; + header("Location:login.php?message=invalid"); + exit(); + die(json_encode($response)); + } +} else { +?> + + + + + Northwind Login + + + + +
+ Northwind logo +
+
+ + + +
+ + +
+ Dont have an account? + Register +
+
+
+ + + + + + diff --git a/customerPages/logout.php b/customerPages/logout.php new file mode 100644 index 0000000..22737a7 --- /dev/null +++ b/customerPages/logout.php @@ -0,0 +1,6 @@ + \ No newline at end of file diff --git a/customerPages/register.php b/customerPages/register.php new file mode 100644 index 0000000..ba1b649 --- /dev/null +++ b/customerPages/register.php @@ -0,0 +1,164 @@ + $_POST['password2']){ + $response["success"] = 0; + $response["message"] = "Password entries must match"; + header("Location:register.php?message=matchrequired"); + exit(); + die(json_encode($response)); + } + + //if the page hasn't died, we will check with our database to see if there is + //already a user with the username specificed in the form. ":user" is just + //a blank variable that we will change before we execute the query. We + //do it this way to increase security, and defend against sql injections + try { + $query = "SELECT CustomerID FROM customers WHERE CustomerID = ?"; + $stmt = $con->prepare($query); + $stmt ->bind_param("s", $_POST['CustomerID']); + + $stmt ->execute(); + $result = $stmt->get_result(); + } + catch (PDOException $ex) { + // For testing, you could use a die and message. + //die("Failed to run query: " . $ex->getMessage()); + + //or just use this use this one to product JSON data: + $response["success"] = 0; + $response["message"] = "Database Error1. Please Try Again!"; + header("Location:register.php?message=invalid"); + exit(); + die(json_encode($response)); + } + + //fetch is an array of returned data. If any data is returned, + //we know that the username is already in use, so we murder our + //page + $row = $result->fetch_assoc(); + if ($row) { + // For testing, you could use a die and message. + //die("This username is already in use"); + + //You could comment out the above die and use this one: + $response["success"] = 0; + $response["message"] = "I'm sorry, this username is already in use"; + header("Location:register.php?message=unavail"); + exit(); + die(json_encode($response)); + } + + //$query = "INSERT INTO person ( FirstName, LastName, Address, City, State, Country, PostalCode, Phone, Fax, Email ) VALUES ( :FirstName, :LastName, :Address, :City, :State, :Country, :PostalCode, :Phone, :Fax, :Email ) "; + $query = "INSERT INTO customers ( CustomerID, password, CompanyName, ContactName, ContactTitle, Address, City, Region, Country, Phone, Fax ) VALUES (?,?,?,?,?,?,?,?,?,?,?)"; + + try { + + $stmt = $con->prepare($query); + $stmt ->bind_param("sssssssssss", $_POST['CustomerID'], $_POST['password1'], $_POST['CompanyName'], $_POST['ContactName'], $_POST['ContactTitle'], + $_POST['Address'], $_POST['City'], $_POST['Region'], $_POST['Country'], $_POST['Phone'], $_POST['Fax']); + + $stmt ->execute(); + //$conn->close(); + //$stmt = $db->prepare($query); + //$result = $stmt->execute($query_params); + } + catch (PDOException $ex) { + // For testing, you could use a die and message. + //die("Failed to run query: " . $ex->getMessage()); + + //or just use this use this one: + $response["success"] = 0; + $response["message"] = "Database Error2.5 Please Try Again!"; + header("Location:register.php?message=invalid"); + exit(); + die(json_encode($response)); + } + + header("Location:login.php?message=success"); + exit(); + +} else { +?> + + + + + + +
+ + Return + +

Customer Registration

+ +
+
+

Required

+ + + + + + +
+
+

Optional

+ + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + + diff --git a/dbCon.php b/dbCon.php new file mode 100644 index 0000000..449d844 --- /dev/null +++ b/dbCon.php @@ -0,0 +1,41 @@ +connect_error) { + die("Connection failed: " . $conn->connect_error); + } + //echo "Connected"; + if(session_status() <> PHP_SESSION_ACTIVE){ + session_start(); + } + //If not logged in, redirect to login page + $loggedIn = false; + if(isset($_SESSION["CustomerID"])){ + if ($_SESSION["CustomerID"] != -1){ + $loggedIn = true; + } + } + if(isset($_SESSION["EmployeeID"])){ + if ($_SESSION["EmployeeID"] != -1){ + $loggedIn = true; + } + } + if(isset($_SESSION["AdminID"])){ + if ($_SESSION["AdminID"] != -1){ + $loggedIn = true; + } + } + + if (!$loggedIn && !isset($loggingIn)){ + header("Location:login.php?message=invalid"); + } + + +?> \ No newline at end of file diff --git a/employeePages/eDashboard.php b/employeePages/eDashboard.php new file mode 100644 index 0000000..04866da --- /dev/null +++ b/employeePages/eDashboard.php @@ -0,0 +1,52 @@ +query($sql)) {} + +$row = $result->fetch_assoc(); +if ($row) { + $FirstName = $row['FirstName']; + $Photo = $row['Photo']; + +} + +//echo "Welcome " . $_SESSION["userName"] . "!"; +?> + + + + + + + +
+

+ query($sql)) {} + table($result); + */ + ?> +

+
+ + + + + diff --git a/employeePages/eOrdersToFill.php b/employeePages/eOrdersToFill.php new file mode 100644 index 0000000..26784c9 --- /dev/null +++ b/employeePages/eOrdersToFill.php @@ -0,0 +1,47 @@ +query($sql)) {} + +$row = $result->fetch_assoc(); +if ($row) { + $FirstName = $row['FirstName']; + +} + +//echo "Welcome " . $_SESSION["userName"] . "!"; +?> + + + + + + + +
+

Active orders

+
+ query($sql)){} + makeTable($result); + ?> +
+ + + + + diff --git a/employeePages/login.php b/employeePages/login.php new file mode 100644 index 0000000..96ddc60 --- /dev/null +++ b/employeePages/login.php @@ -0,0 +1,141 @@ + $_POST['Username'] + ); + // echo implode("|",$query_params); + */ + + $uName = $_POST['Username']; + + $query = "SELECT EmployeeID, password, LastName FROM employees WHERE LastName = ?"; + $stmt = $con->prepare($query); + $stmt ->bind_param("s", $uName); + + $stmt ->execute(); + $result = $stmt->get_result(); + + /* + if (!$result = $con->query($sql)) { + // Oh no! The query failed. + echo "Sorry, the website is experiencing problems."; + + // Again, do not do this on a public site, but we'll show you how + // to get the error information + echo "Error: Our query failed to execute and here is why: \n"; + echo "Query: " . $sql . "\n"; + echo "Errno: " . $mysqli->errno . "\n"; + echo "Error: " . $mysqli->error . "\n"; + exit; + } + /* + try { + $stmt = $con->prepare($query); + $result = $stmt->execute($query_params); + } + + catch (PDOException $ex) { + // For testing, you could use a die and message. + //die("Failed to run query: " . $ex->getMessage()); + + //or just use this use this one to product JSON data: + $response["success"] = 0; + $response["message"] = "Database Error1. Please Try Again!"; + die(json_encode($response)); + + } + */ + //This will be the variable to determine whether or not the user's information is correct. + //we initialize it as false. + $validated_info = false; + + //fetching all the rows from the query + $row = $result->fetch_assoc(); + + if ($row) { + //if we encrypted the password, we would unencrypt it here, but in our case we just + //compare the two passwords + if ($_POST['Password'] === $row['password']) { + $login_ok = true; + } + + //$pEntered = 'test'; + //$hash = password_hash($pEntered, PASSWORD_BCRYPT); + //echo $hash; + //echo password_verify($pEntered, $hash); + + } + + // If the user logged in successfully, then we send them to the private members-only page + // Otherwise, we display a login failed message and show the login form again + if ($login_ok) { + $response["success"] = 1; + $response["message"] = "Login successful!"; + $_SESSION["EmployeeID"] = $row['EmployeeID']; + // $_SESSION["ContactName"] = $row['ContactName']; + + + header("Location:eDashboard.php"); + exit(); + die(json_encode($response)); + } else { + $response["success"] = 0; + $response["message"] = "Invalid Credentials!"; + header("Location:login.php?message=invalid"); + exit(); + die(json_encode($response)); + } +} else { +?> + + + + + Northwind Employee Login + + + + +
+ Northwind logo +
+
+ + + +
+ + +
+ Dont have an account? Please contact an administrator to create one. +
+
+
+ + + + + + diff --git a/employeePages/logout.php b/employeePages/logout.php new file mode 100644 index 0000000..6fe1b5a --- /dev/null +++ b/employeePages/logout.php @@ -0,0 +1,6 @@ + \ No newline at end of file diff --git a/index.php b/index.php new file mode 100644 index 0000000..05040d6 --- /dev/null +++ b/index.php @@ -0,0 +1,29 @@ + + + + + Northwind Index + + + + + + + + + + \ No newline at end of file diff --git a/nbproject/customs.json b/nbproject/customs.json new file mode 100644 index 0000000..daad968 --- /dev/null +++ b/nbproject/customs.json @@ -0,0 +1 @@ +{"elements":{"h1_fright":{}},"attributes":{}} \ No newline at end of file diff --git a/nbproject/project.properties b/nbproject/project.properties new file mode 100644 index 0000000..9282ba4 --- /dev/null +++ b/nbproject/project.properties @@ -0,0 +1,7 @@ +include.path=${php.global.include.path} +php.version=PHP_70 +source.encoding=UTF-8 +src.dir=. +tags.asp=false +tags.short=false +web.root=. diff --git a/nbproject/project.xml b/nbproject/project.xml new file mode 100644 index 0000000..1123a88 --- /dev/null +++ b/nbproject/project.xml @@ -0,0 +1,9 @@ + + + org.netbeans.modules.php.project + + + DatabasesPh2 + + + diff --git a/style.css b/style.css new file mode 100644 index 0000000..ded5ca3 --- /dev/null +++ b/style.css @@ -0,0 +1,271 @@ +.form-group input[type=text], select { + width: 100%; + padding: 12px 20px; + margin: 8px 0; + display: inline-block; + border: 1px solid #ccc; + border-radius: 4px; + box-sizing: border-box; +} +.form-group input[type=password], select { + width: 100%; + padding: 12px 20px; + margin: 8px 0; + display: inline-block; + border: 1px solid #ccc; + border-radius: 4px; + box-sizing: border-box; +} +.form-group input[type=date], select { + width: 100%; + padding: 12px 20px; + margin: 8px 0; + display: inline-block; + border: 1px solid #ccc; + border-radius: 4px; + box-sizing: border-box; +} +.form-group input[type=submit] { + width: 100%; + background-color: #4CAF50; + color: white; + padding: 14px 20px; + margin: 8px 0; + border: none; + border-radius: 4px; + cursor: pointer; +} +.form-group input[type=submit]:hover { + background-color: #45a049; +} + + +div { + border-radius: 5px; + background-color: #f2f2f2; + padding: 20px; +} +body { + margin: 0; + padding: 0; + font-family: Arial,Helvetica,sans-serif; + background-image: url(../images/bg.png); + font-size: 0.8em; + background-repeat: repeat-x; + line-height: 1; + background-color: #eeeeee; + color: #151515; +} +body.pages { + background-image: url(../images/bg_pages.png); + background-repeat: repeat-x; + background-position: left top; +} +h1.labs { + color: #0cb0ca; + font-size: 30px; + font-family: georgia,"times new roman",times,serif; + font-weight: normal; + line-height: 18px; + margin-top: 0px; +} +h2 { + line-height: 18px; + font-family: georgia,"times new roman",times,serif; + color: #0cb0ca; + font-size: 24px; + font-weight: normal; +} +h3 { + font-size: 1.2em; + margin-bottom: 0; + font-weight: bold; + margin-top: 0; +} +p { + margin-bottom: 12px; + margin-top: 10px; +} +p.dummy { + line-height: 0; +} +a:link, a:visited { + color: #0ba2ba; + text-decoration: none; +} +a:hover, a:active { + text-decoration: underline; +} +#header { + overflow: hidden; + height: 30px; + width: 960px; + margin-left: auto; + margin-right: auto; + float: top; +} +#menu { + border-style: solid; + border-color: #eeeeee #cccccc #cccccc #eeeeee; + border-width: 2px; + margin: 0 0; + padding: 0 10px; + background: #eeeeee none repeat scroll 0% 50%; + font-family: Arial,sans-serif; + float: top; + font-weight: bold; + list-style-type: none; + text-transform: uppercase; + font-size: 13px; + width: 100%; + height: 40px; + border-radius: 10px; +} +#menu li { + margin: 0; + float: left; +} +#menu li.fRight { + float: right; +} +#menu li a { + padding: 0 10px; + text-decoration: none; + display: block; + line-height: 40px; + color: #666666; +} +#menu li a:hover, #menu li.active a { + border-bottom: 2px solid #dddddd; + background-color: #f5f5f5; + color: #999999; +} +#menu.blue { + border-style: solid; + border-color: #356aa0 #204061 #204061 #356aa0; + border-width: 2px; + background: #0a6894 none repeat scroll 0% 50%; +} +#menu.blue a { + color: #ffffff; +} +#menu.blue li a:hover, #menu.blue li.active a { + border-bottom: 2px solid #356aa0; + background: #0778ad none repeat scroll 0% 50%; + color: #85dff6; +} +#menu.green { + border-style: solid; + border-color: #356aa0 #204061 #204061 #356aa0; + border-width: 2px; + background: #179409 none repeat scroll 0% 50%; +} +#menu.green a { + color: #ffffff; +} +#menu.green li a:hover, #menu.green li.active a { + border-bottom: 2px solid #35a035; + background: #30ad07 none repeat scroll 0% 50%; + color: #8ef685; +} +#contentwrapper { + padding: 25px 0 60px; + width: 980px; + margin-left: auto; + line-height: 24px; + margin-right: auto; + background-color: #eeeeee; + height: 580px; +} +#contentwrapperShort { + padding: 25px 0 60px; + width: 980px; + margin-left: auto; + line-height: 24px; + margin-right: auto; + background-color: #eeeeee; + height: 320px; +} +#contentwrapperLeft { + width: 40%; + line-height: 24px; + background-color: #eeeeee; + float: left; + overflow:hidden; + border: #0a6894; + border-style: solid; + border-width: thin; +} +#contentwrapperRight { + width: 50%; + line-height: 24px; + background-color: #eeeeee; + overflow:hidden; + float: right; + border: #0a6894; + border-style: solid; + border-width: thin; + +} +#loginwrapper { + padding: 25px 0 60px; + width: 400px; + margin-left: auto; + line-height: 24px; + margin-right: auto; + background-color: #eeeeee; +} +#niceTable { + font-family: "Trebuchet MS", Arial, Helvetica, sans-serif; + border-collapse: collapse; + width: 100%; +} + +#niceTable td, #niceTable th { + border: 1px solid #ddd; + padding: 8px; +} + +#niceTable tr:nth-child(even){background-color: #f2f2f2;} + +#niceTable tr:hover { + background-color: #ddd; +} + +#niceTable th { + padding-top: 12px; + padding-bottom: 12px; + text-align: left; + background-color: #356aa0; + color: white; +} +#niceTable input[value="View"]{ + width: 100px; + background-color: #4CAF50; + color: white; + padding: 14px 20px; + margin: 8px 0; + border: none; + border-radius: 4px; + cursor: pointer; +} +#niceTable input[value="Add"]{ + width: 100px; + background-color: #4CAF50; + color: white; + padding: 14px 20px; + margin: 8px 0; + border: none; + border-radius: 4px; + cursor: pointer; +} +#niceTable input[value="Remove"]{ + width: 100px; + background-color: #F14B27; + color: white; + padding: 14px 20px; + margin: 8px 0; + border: none; + border-radius: 4px; + cursor: pointer; +}