<?php
require_once "requires/functions.php";
require_once "requires/datasource.php";
if (!isLoggedIn()) {
include "headers/publicheader.php";
} else {
include "headers/adminheader.php";
}
// if was submitted from the contact seller, review, or email submit button
// get the seller information to display
if (isset($_POST["contactseller"]) || isset($_POST["reviewsubmit"]) || isset($_POST["mailsubmit"])) {
$sellerName = $_POST["name"];
$seller = $_POST["seller"];
$itemID = $_POST["item"];
$result = DataSource::getUser("username = '******'");
$row = $result->fetch_assoc();
$email = $row["emailAddress"];
$phone = $row["phoneNumber"];
// if was submitted from the review submit button, create the new
// review for the seller
if (isset($_POST["reviewsubmit"])) {
$newReview = escapeValue(trim($_POST["review"]));
$seller = $_POST["seller"];
if (!empty($newReview)) {
DataSource::createUserReview($seller, $newReview);
}
// else if was submitted from the email message button, create
// the message and send it to the seller
} else {
if (isset($_POST["mailsubmit"])) {
class="waves-effect waves-light btn indigo accent-1">
Log In</button>
</div>
</div>
</div>
</div>
<?php
// if was submitted from the log in button, hash the password as md5
// 128 bit format, then compare the username and password in the database
// if match, log the user in, else display the error
if (isset($_POST["loginsubmit"])) {
$username = escapeValue(trim($_POST["username"]));
$password = md5(trim($_POST["password"]));
$selection = "username = '******' ";
$selection .= "AND password = '******';";
$result = DataSource::getUser($selection);
$row = $result->fetch_assoc();
if ($row != NULL) {
// user found, log in successfully
$_SESSION["currentUser"] = $row["username"];
$_SESSION["currentName"] = $row["firstName"] + $row["lastName"];
redirectTo("myitems.php");
} else {
echo "<h3>Error: incorrect username/password</h3>";
}
}
closeConnection();
?>
</form>
</div>
</div>
include "headers/adminheader.php";
if (isset($_SESSION["currentUser"])) {
$username = $_SESSION["currentUser"];
// if the current session has a logged in user
// and the update info button was submitted, update
// their information
if (isset($_POST["updateinfosubmit"])) {
$firstName = escapeValue(trim($_POST["firstname"]));
$lastName = escapeValue(trim($_POST["lastname"]));
$phoneNumber = escapeValue(trim($_POST["phone"]));
$emailAddress = escapeValue(trim($_POST["email"]));
DataSource::updateUser($username, $firstName, $lastName, $emailAddress, $phoneNumber);
// else get current information about the username in the
// database to display
} else {
$result = DataSource::getUser("username = '******'");
$row = $result->fetch_assoc();
$firstName = $row["firstName"];
$lastName = $row["lastName"];
$emailAddress = $row["emailAddress"];
$phoneNumber = $row["phoneNumber"];
}
// get the reviews for the username from the database to
// display
$reviewResult = DataSource::getUserReviews($username);
$reviews = array();
if ($reviewResult) {
while ($review = $reviewResult->fetch_assoc()) {
$reviews[] = $review["reviewDescription"];
}
}
