function createNewProdPage()
{
$scripts = array("Script.js", "indexScript.js");
$stylesheets = array("indexPage.css", "bootstrap.css", "StyleSheet.css");
$title = 'Add New Product';
$productDetails;
require "../local/nbgardens_connection.php";
$db = connect();
include "includes/header.php";
?>
<nav>
<div class="container">
<ul class="pull-left" class="nav nav-tabs">
<li class="active"><a href="index.php">Home</a></li>
<li><a href="catalogue.php">Catalogue</a></li>
</ul>
<ul class="pull-right" class="nav nav-tabs">
<li><a href="basket.php">Basket</a></li>
<li><a href="logout.php">Log Out</a></li>
<?php
if ($_SESSION['username'] == 'administrator') {
echo '<li><a href="addProduct.php">Add New Product</a></li>';
}
?>
</ul>
</div>
</nav>
<br>
<br>
<div style="display:block; position:relative; width:100px; height:auto; margin:10px; float:left;">
<form method="post" action="addProduct.php">
Product Name: <input type="text" name="productName"><br>
Image Path: <input type="text" name="image"><br>
Price: <input type="text" name="price"><br>
Category: <input type="text" name="category"><br>
Product Info: <textarea name="info" rows="5" cols="40" maxlength="500"></textarea>
<input type="submit" value="Add Product" name="addProduct">
</form>
<?php
if (isset($_POST['addProduct'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// collect value of input field
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = addslashes($data);
return $data;
}
if (empty($_POST["productName"]) || empty($_POST["image"]) || empty($_POST["price"]) || empty($_POST["category"])) {
echo "<p>You haven't entered all the required information!</p>";
} else {
$productName = test_input($_POST["productName"]);
$image = test_input($_POST['image']);
$price = test_input($_POST['price']);
$category = test_input($_POST['category']);
$info = test_input($_POST['info']);
$columns = array('name', 'price', 'image', 'category', 'info');
$values = array($productName, $price, $image, $category, $info);
$query = createRecordQuery('products', $columns, $values);
echo '<p>' . $query . '</p>';
$db = connect();
$db->exec($query);
/*
if(count($userDetails) == 0){
echo "<p>There is no user with the username '$username'</p>";
}
else {
$truePWord = $userDetails[0]['password'];
if ($password == $truePWord){
$columns = array('username','product_id','text','date');
$nowDate = date('j/n/Y \a\t H:i:s');
$values = array($username, $prodID, $comment, $nowDate);
$query = createRecordQuery('comments',$columns,$values);
$db = connect();
$db->exec($query);
echo "<p>Comment Submitted!</p>";
} else {
echo "<p>Incorrect Password! Password is $truePWord, you entered $password</p>";
}*/
}
}
}
?>
</div>
<?php
include "includes/footer.php";
}
function createProdPage($prodID)
{
$varsSet = false;
$logged = "Log In";
$loggedLink = "index.php";
if (!empty($_SESSION['userID'])) {
//if user_id session var is set, change page variables
$varsSet = true;
$logged = "Log Out";
$loggedLink = "logout.php";
}
$scripts = array("Script.js", "indexScript.js");
$stylesheets = array("indexPage.css", "bootstrap.css", "StyleSheet.css");
$title;
$productDetails;
require "../local/nbgardens_connection.php";
$db = connect();
$productDetails = readRecordsWhereID("products", "product_id", $prodID);
$title = $productDetails[0]['name'];
$productPic = $productDetails[0]['image'];
$info = $productDetails[0]['info'];
include "includes/header.php";
?>
<nav>
<div class="container">
<ul class="pull-left" class="nav nav-tabs">
<li class="active"><a href="index.php">Home</a></li>
<li><a href="catalogue.php">Catalogue</a></li>
</ul>
<ul class="pull-right" class="nav nav-tabs">
<li><a href="basket.php">Basket</a></li>
<li><a href=<?php
echo '"' . $loggedLink . '">' . $logged;
?>
</a></li>
<?php
if ($varsSet) {
if ($_SESSION['username'] == 'administrator') {
echo '<li><a href="addProduct.php">Add New Product</a></li>';
}
}
?>
</ul>
</div>
</nav>
<br>
<br>
<div id="productPage">
<div id="productInfo">
<h1 syle="font-size:20;"><?php
echo $title . '</h1>';
echo '<p>' . $info . '<p>';
?>
<img src = "Images/<?php
echo $productPic;
?>
" alt="<?php
echo $title;
?>
" style="height: 250px; width: 250px">
<p>£<?php
echo $productDetails[0]["price"];
?>
</p>
<form method="post" action="product.php?prodID=<?php
echo $prodID;
?>
">
Quantity: <input type="text" name="quantity"><br><br>
<input type="submit" name="addToBasket" value="Add To Basket!">
</form>
</div>
<div id="commentform">
<h1>Comments</h1>
<form method="post" action="product.php?prodID=<?php
echo $prodID;
?>
">
Comment: <textarea name="comment" rows="5" cols="40" maxlength="500"></textarea>
<br><br>
<input type="submit" name="addComment" value="Submit Comment">
</form>
<?php
if (isset($_POST['addToBasket'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($varsSet) {
if (empty($_POST['quantity'])) {
$quantity = 0;
} else {
$quantity = $_POST['quantity'];
}
$productDetails = readRecordsWhereID('basket', 'product_id', $prodID);
$columns = array('user_id', 'product_id', 'quantity');
$values = array($_SESSION['userID'], $prodID, $quantity);
$query = createRecordQuery('basket', $columns, $values);
$query .= "ON DUPLICATE KEY UPDATE quantity = quantity+'" . $quantity . "'";
echo '<p>' . $query . '</p>';
$db = connect();
$db->exec($query);
} else {
echo "<p>You must be logged in to add a product!</p>";
}
}
}
if (isset($_POST['addComment'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// collect value of input field
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = addslashes($data);
return $data;
}
if (empty($_POST["comment"])) {
echo "<p>You haven't entered all the required information!</p>";
} else {
$comment = test_input($_POST['comment']);
if ($varsSet) {
$username = $_SESSION['username'];
$columns = array('username', 'product_id', 'text', 'date');
$nowDate = date('j/n/Y \\a\\t H:i:s');
$values = array($username, $prodID, $comment, $nowDate);
$query = createRecordQuery('comments', $columns, $values);
$db = connect();
$db->exec($query);
echo "<p>Comment Submitted!</p>";
} else {
echo "<p>You must be signed in to leave a comment</p>";
}
}
}
}
echo "</div>";
echo "<div id='commentsSection'>";
$comments = readRecordsWhereID('comments', 'product_id', $prodID);
$totalComms = count($comments);
for ($x = 0; $x < $totalComms; $x++) {
$commentID = $comments[$x]['comment_id'];
$username = $comments[$x]['username'];
$comment = $comments[$x]['text'];
$userDetails = readRecordsWhereID('users', 'username', $username);
$firstName = $userDetails[0]['first_name'];
$lastName = $userDetails[0]['last_name'];
$timePosted = $comments[$x]['date'];
echo "<div id='comment{$commentID}' style='outline: dotted'>";
echo "<p style='font-size: 24px'>{$firstName} {$lastName} on {$timePosted}</p>";
echo "<p>{$comment}</p>";
?>
<form method="post" action="product.php?prodID=<?php
echo $prodID;
?>
">
<input type="hidden" name="commentID" value="<?php
echo $commentID;
?>
">
<input type="submit" value="delete comment" name="deleteComment"></form>
</div><br>
<?php
}
if (isset($_POST['deleteComment'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$commentID = $_POST['commentID'];
$query = deleteRecordsWhereID('comments', 'comment_id', $commentID);
$db = connect();
$db->exec($query);
}
}
echo "</div> </div>";
include "includes/footer.php";
}
