$shares = $_POST["shares"];
if (preg_match("/^\\d+\$/", $shares) == false) {
apologize("You must enter a whole number!");
} elseif ($shares <= 0) {
apologize("Enter a number greater than zero!");
}
$symbol = strtoupper($_POST["symbol"]);
$id = $_SESSION["id"];
$action = "BUY";
// get a quote for the requested share
$quote = lookup($symbol);
if (!$quote) {
apologize("Symbol not found!");
}
// users are unique so select the first row [0]
$user = cs50::query("SELECT * FROM users WHERE id = ?", $id)[0];
$value = $shares * $quote["price"];
$cash_available = $user["cash"];
if ($value > $cash_available) {
apologize("You don't have enough cash!");
}
// add purchase to user's portfolio
cs50::query("INSERT INTO portfolios (user_id, symbol, shares) VALUES (?, ?, ?)\n ON DUPLICATE KEY UPDATE shares = shares + ?", $id, $symbol, $shares, $shares);
// set user's cash to reflect purchase
cs50::query("UPDATE users SET cash = cash - ? WHERE id = ?", $value, $id);
// add purchase information into history
cs50::query("INSERT INTO history (date, action, user_id, symbol, shares, price) \n VALUES (NOW(), ?, ?, ?, ?, ?)", $action, $id, $symbol, $shares, $quote["price"]);
// redirect user back to their porfolio
redirect("/");
}
}
<?php
// configuration
require "../includes/config.php";
// ID of currently logged in user
$id = $_SESSION["id"];
// store account info to pass to render
// query returns an array or user arrays, users are unique so we only need index[0]
$user = cs50::query("SELECT * FROM users WHERE id = {$id}")[0];
// stores data to pass to render
$folio = [];
// query database for shares owned by current user
$rows = cs50::query("SELECT * FROM portfolios WHERE user_id = {$id}");
foreach ($rows as $row) {
$stock = lookup($row["symbol"]);
if ($stock !== false) {
$folio[] = ["symbol" => $stock["symbol"], "name" => $stock["name"], "shares" => $row["shares"], "price" => $stock["price"]];
}
}
// sort the portfolios alphabetically using the first index in the array(symbol)
uasort($folio, 'cmp_ascending');
render("portfolio.php", ["title" => "Portfolio", "folio" => $folio, "user" => $user]);
require "../includes/config.php";
// get the user's current password for validation
$id = $_SESSION["id"];
$hash = cs50::query("SELECT hash FROM users WHERE id = ?", $id)[0]["hash"];
if ($_SERVER["REQUEST_METHOD"] == "GET") {
render("password_change_form.php", ["title" => "Password Change"]);
} else {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// validate form input
if (empty($_POST["password"])) {
apologize("You must enter your current password!");
} else {
if (!password_verify($_POST["password"], $hash)) {
apologize("Your password is incorrect!");
} else {
if (empty($_POST["new_password"])) {
apologize("You must provide a new password!");
} else {
if (!($_POST["new_password"] == $_POST["confirmation"])) {
apologize("Your passwords do not match!");
} else {
// update the current user's password hash
cs50::query("UPDATE users SET hash = ? WHERE id = ?", password_hash($_POST["new_password"], PASSWORD_DEFAULT), $id);
success("Your password has been changed!");
}
}
}
}
}
}
<?php
require "../includes/config.php";
$id = $_SESSION["id"];
$rows = cs50::query("SELECT * FROM history WHERE user_id = ?", $id);
$history = [];
foreach ($rows as $row) {
/**
* make datetime more human friendly
* from http://stackoverflow.com/questions/136782/convert-from-mysql-datetime-to-another-format-with-php
*/
$date = strtotime($row["date"]);
$date_formatted = date("m/d/y g:i A", $date);
if ($row) {
$history[] = ["date" => $date_formatted, "action" => $row["action"], "symbol" => $row["symbol"], "shares" => $row["shares"], "price" => $row["price"], "total" => $row["shares"] * $row["price"]];
}
}
uasort($history, "cmp_descending");
render("history.php", ["title" => "History", "history" => $history]);