<?php require "../local/nbgardens_connection.php"; if ($_SERVER["REQUEST_METHOD"] == "POST") { // collect value of input field $removeQuantity = $_POST['removeQuantity']; $prodID = $_POST['productID']; $columns = ['quantity']; $productDetails = readRecordsWhereID('basket', 'product_id', $prodID); $basketQuantity = $productDetails[0]['quantity']; if ($removeQuantity <= $basketQuantity) { $basketQuantity -= $removeQuantity; $query = updateRecords('basket', 'quantity', $basketQuantity, 'product_id', $prodID); $db = connect(); $db->exec($query); } }
function createProdPage($prodID) { $varsSet = false; $logged = "Log In"; $loggedLink = "index.php"; if (!empty($_SESSION['userID'])) { //if user_id session var is set, change page variables $varsSet = true; $logged = "Log Out"; $loggedLink = "logout.php"; } $scripts = array("Script.js", "indexScript.js"); $stylesheets = array("indexPage.css", "bootstrap.css", "StyleSheet.css"); $title; $productDetails; require "../local/nbgardens_connection.php"; $db = connect(); $productDetails = readRecordsWhereID("products", "product_id", $prodID); $title = $productDetails[0]['name']; $productPic = $productDetails[0]['image']; $info = $productDetails[0]['info']; include "includes/header.php"; ?> <nav> <div class="container"> <ul class="pull-left" class="nav nav-tabs"> <li class="active"><a href="index.php">Home</a></li> <li><a href="catalogue.php">Catalogue</a></li> </ul> <ul class="pull-right" class="nav nav-tabs"> <li><a href="basket.php">Basket</a></li> <li><a href=<?php echo '"' . $loggedLink . '">' . $logged; ?> </a></li> <?php if ($varsSet) { if ($_SESSION['username'] == 'administrator') { echo '<li><a href="addProduct.php">Add New Product</a></li>'; } } ?> </ul> </div> </nav> <br> <br> <div id="productPage"> <div id="productInfo"> <h1 syle="font-size:20;"><?php echo $title . '</h1>'; echo '<p>' . $info . '<p>'; ?> <img src = "Images/<?php echo $productPic; ?> " alt="<?php echo $title; ?> " style="height: 250px; width: 250px"> <p>£<?php echo $productDetails[0]["price"]; ?> </p> <form method="post" action="product.php?prodID=<?php echo $prodID; ?> "> Quantity: <input type="text" name="quantity"><br><br> <input type="submit" name="addToBasket" value="Add To Basket!"> </form> </div> <div id="commentform"> <h1>Comments</h1> <form method="post" action="product.php?prodID=<?php echo $prodID; ?> "> Comment: <textarea name="comment" rows="5" cols="40" maxlength="500"></textarea> <br><br> <input type="submit" name="addComment" value="Submit Comment"> </form> <?php if (isset($_POST['addToBasket'])) { if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($varsSet) { if (empty($_POST['quantity'])) { $quantity = 0; } else { $quantity = $_POST['quantity']; } $productDetails = readRecordsWhereID('basket', 'product_id', $prodID); $columns = array('user_id', 'product_id', 'quantity'); $values = array($_SESSION['userID'], $prodID, $quantity); $query = createRecordQuery('basket', $columns, $values); $query .= "ON DUPLICATE KEY UPDATE quantity = quantity+'" . $quantity . "'"; echo '<p>' . $query . '</p>'; $db = connect(); $db->exec($query); } else { echo "<p>You must be logged in to add a product!</p>"; } } } if (isset($_POST['addComment'])) { if ($_SERVER["REQUEST_METHOD"] == "POST") { // collect value of input field function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); $data = addslashes($data); return $data; } if (empty($_POST["comment"])) { echo "<p>You haven't entered all the required information!</p>"; } else { $comment = test_input($_POST['comment']); if ($varsSet) { $username = $_SESSION['username']; $columns = array('username', 'product_id', 'text', 'date'); $nowDate = date('j/n/Y \\a\\t H:i:s'); $values = array($username, $prodID, $comment, $nowDate); $query = createRecordQuery('comments', $columns, $values); $db = connect(); $db->exec($query); echo "<p>Comment Submitted!</p>"; } else { echo "<p>You must be signed in to leave a comment</p>"; } } } } echo "</div>"; echo "<div id='commentsSection'>"; $comments = readRecordsWhereID('comments', 'product_id', $prodID); $totalComms = count($comments); for ($x = 0; $x < $totalComms; $x++) { $commentID = $comments[$x]['comment_id']; $username = $comments[$x]['username']; $comment = $comments[$x]['text']; $userDetails = readRecordsWhereID('users', 'username', $username); $firstName = $userDetails[0]['first_name']; $lastName = $userDetails[0]['last_name']; $timePosted = $comments[$x]['date']; echo "<div id='comment{$commentID}' style='outline: dotted'>"; echo "<p style='font-size: 24px'>{$firstName} {$lastName} on {$timePosted}</p>"; echo "<p>{$comment}</p>"; ?> <form method="post" action="product.php?prodID=<?php echo $prodID; ?> "> <input type="hidden" name="commentID" value="<?php echo $commentID; ?> "> <input type="submit" value="delete comment" name="deleteComment"></form> </div><br> <?php } if (isset($_POST['deleteComment'])) { if ($_SERVER["REQUEST_METHOD"] == "POST") { $commentID = $_POST['commentID']; $query = deleteRecordsWhereID('comments', 'comment_id', $commentID); $db = connect(); $db->exec($query); } } echo "</div> </div>"; include "includes/footer.php"; }
function createBasketPage($userID) { $varsSet = false; $logged = "Log In"; $loggedLink = "index.php"; if (!empty($_SESSION['userID'])) { $varsSet = true; $logged = "Log Out"; $loggedLink = "logout.php"; } $userID = $_SESSION['userID']; $firstName = " "; $lastName = " "; if ($varsSet) { $firstName = $_SESSION['firstName']; $lastName = $_SESSION['lastName']; } $scripts = array("Script.js"); $stylesheets = array("indexPage.css", "StyleSheet.css", "bootstrap.css", "basket.css"); $title = "Basket"; require "../local/nbgardens_connection.php"; $basketDetails = readRecordsWhereID("basket", "user_id", $userID); include "includes/header.php"; ?> <nav> <div class="container"> <ul class="pull-left" class="nav nav-tabs"> <li><a href="index.php">Home</a></li> <li><a href="catalogue.php">Catalogue</a></li> </ul> <ul class="pull-right" class="nav nav-tabs"> <li class="active"><a href="#">Basket</a></li> <li><a href=<?php echo '"' . $loggedLink . '">' . $logged; ?> </a></li> <?php if ($varsSet) { if ($_SESSION['username'] == 'administrator') { echo '<li><a href="addProduct.php">Add New Product</a></li>'; } } ?> </ul> </div> </nav> <br> <br> <h3 id="title">Basket (<?php echo $firstName . " " . $lastName; ?> ) </h3> <div id="basket"> <?php $total = 0; for ($i = 0; $i < count($basketDetails); $i++) { $prodID = $basketDetails[$i]['product_id']; $basketQuantity = $basketDetails[$i]['quantity']; $productDetails = readRecordsWhereID("products", "product_ID", $prodID); $productPic = $productDetails[0]['image']; $productName = $productDetails[0]['name']; $productPrice = $productDetails[0]['price']; $subTotal = $productPrice * $basketQuantity; $total += $subTotal; if ($basketQuantity > 0) { ?> <div> <a href="product.php?prodID=<?php echo $prodID; ?> "> <img src="Images/<?php echo $productPic; ?> " alt="<?php echo $productName; ?> " style="height: 100px; width: 100px"></a> <p><?php echo $productName; ?> : <?php echo $basketQuantity; ?> </p> <p>Cost per Item: £<?php echo $productPrice; ?> </p> <p>SubTotal: £<?php echo $subTotal; ?> </p> <form method="post" action="basket.php"> Remove:<br> <input type="text" name="removeQuantity"> <input type="hidden" name="productID" value="<?php echo $prodID; ?> "> <input type="submit" value="Remove" name="removeAmount"> <input type="submit" value="Remove All" name="removeAll"> </form> </div> <?php } } ?> <br> <h4 style="margin-left: 20px;">Total cost of basket: £<?php echo $total . '</p>'; ?> </div> <?php if (isset($_POST['removeAmount'])) { if ($_SERVER["REQUEST_METHOD"] == "POST") { // collect value of input field $removeQuantity = $_POST['removeQuantity']; $prodID = $_POST['productID']; $columns = ['quantity']; $productDetails = readRecordsWhereID('basket', 'product_id', $prodID); $basketQuantity = $productDetails[0]['quantity']; if ($removeQuantity <= $basketQuantity) { $basketQuantity -= $removeQuantity; $query = updateRecords('basket', 'quantity', $basketQuantity, 'product_id', $prodID); $db = connect(); $db->exec($query); } } } elseif (isset($_POST['removeAll'])) { if ($_SERVER["REQUEST_METHOD"] == "POST") { $prodID = $_POST['productID']; $productDetails = readRecordsWhereID('basket', 'product_id', $prodID); $query = updateRecords('basket', 'quantity', 0, 'product_id', $prodID); $db = connect(); $db->exec($query); } } include "includes/footer.php"; }
<?php //check if 'login' submit button was pressed if (isset($_POST['login'])) { if ($_SERVER["REQUEST_METHOD"] == "POST") { // collect value of input field $username = $_POST['username']; //READ database for rest of user info $userDetails = readRecordsWhereID('users', 'username', $username); $password = $userDetails[0]['password']; //password in DB $checkPassword = $_POST['password']; //password entered by user if ($password == $checkPassword) { //if match, set session vars $_SESSION['userID'] = $userDetails[0]['user_ID']; $_SESSION['firstName'] = $userDetails[0]['first_name']; $_SESSION['lastName'] = $userDetails[0]['last_name']; $_SESSION['username'] = $username; } else { //else return message echo '<p>Incorrect password!</p>'; } $checkPassword == NULL; } }