<?php
require "../local/nbgardens_connection.php";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// collect value of input field
$removeQuantity = $_POST['removeQuantity'];
$prodID = $_POST['productID'];
$columns = ['quantity'];
$productDetails = readRecordsWhereID('basket', 'product_id', $prodID);
$basketQuantity = $productDetails[0]['quantity'];
if ($removeQuantity <= $basketQuantity) {
$basketQuantity -= $removeQuantity;
$query = updateRecords('basket', 'quantity', $basketQuantity, 'product_id', $prodID);
$db = connect();
$db->exec($query);
}
}
function createProdPage($prodID)
{
$varsSet = false;
$logged = "Log In";
$loggedLink = "index.php";
if (!empty($_SESSION['userID'])) {
//if user_id session var is set, change page variables
$varsSet = true;
$logged = "Log Out";
$loggedLink = "logout.php";
}
$scripts = array("Script.js", "indexScript.js");
$stylesheets = array("indexPage.css", "bootstrap.css", "StyleSheet.css");
$title;
$productDetails;
require "../local/nbgardens_connection.php";
$db = connect();
$productDetails = readRecordsWhereID("products", "product_id", $prodID);
$title = $productDetails[0]['name'];
$productPic = $productDetails[0]['image'];
$info = $productDetails[0]['info'];
include "includes/header.php";
?>
<nav>
<div class="container">
<ul class="pull-left" class="nav nav-tabs">
<li class="active"><a href="index.php">Home</a></li>
<li><a href="catalogue.php">Catalogue</a></li>
</ul>
<ul class="pull-right" class="nav nav-tabs">
<li><a href="basket.php">Basket</a></li>
<li><a href=<?php
echo '"' . $loggedLink . '">' . $logged;
?>
</a></li>
<?php
if ($varsSet) {
if ($_SESSION['username'] == 'administrator') {
echo '<li><a href="addProduct.php">Add New Product</a></li>';
}
}
?>
</ul>
</div>
</nav>
<br>
<br>
<div id="productPage">
<div id="productInfo">
<h1 syle="font-size:20;"><?php
echo $title . '</h1>';
echo '<p>' . $info . '<p>';
?>
<img src = "Images/<?php
echo $productPic;
?>
" alt="<?php
echo $title;
?>
" style="height: 250px; width: 250px">
<p>£<?php
echo $productDetails[0]["price"];
?>
</p>
<form method="post" action="product.php?prodID=<?php
echo $prodID;
?>
">
Quantity: <input type="text" name="quantity"><br><br>
<input type="submit" name="addToBasket" value="Add To Basket!">
</form>
</div>
<div id="commentform">
<h1>Comments</h1>
<form method="post" action="product.php?prodID=<?php
echo $prodID;
?>
">
Comment: <textarea name="comment" rows="5" cols="40" maxlength="500"></textarea>
<br><br>
<input type="submit" name="addComment" value="Submit Comment">
</form>
<?php
if (isset($_POST['addToBasket'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($varsSet) {
if (empty($_POST['quantity'])) {
$quantity = 0;
} else {
$quantity = $_POST['quantity'];
}
$productDetails = readRecordsWhereID('basket', 'product_id', $prodID);
$columns = array('user_id', 'product_id', 'quantity');
$values = array($_SESSION['userID'], $prodID, $quantity);
$query = createRecordQuery('basket', $columns, $values);
$query .= "ON DUPLICATE KEY UPDATE quantity = quantity+'" . $quantity . "'";
echo '<p>' . $query . '</p>';
$db = connect();
$db->exec($query);
} else {
echo "<p>You must be logged in to add a product!</p>";
}
}
}
if (isset($_POST['addComment'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// collect value of input field
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = addslashes($data);
return $data;
}
if (empty($_POST["comment"])) {
echo "<p>You haven't entered all the required information!</p>";
} else {
$comment = test_input($_POST['comment']);
if ($varsSet) {
$username = $_SESSION['username'];
$columns = array('username', 'product_id', 'text', 'date');
$nowDate = date('j/n/Y \\a\\t H:i:s');
$values = array($username, $prodID, $comment, $nowDate);
$query = createRecordQuery('comments', $columns, $values);
$db = connect();
$db->exec($query);
echo "<p>Comment Submitted!</p>";
} else {
echo "<p>You must be signed in to leave a comment</p>";
}
}
}
}
echo "</div>";
echo "<div id='commentsSection'>";
$comments = readRecordsWhereID('comments', 'product_id', $prodID);
$totalComms = count($comments);
for ($x = 0; $x < $totalComms; $x++) {
$commentID = $comments[$x]['comment_id'];
$username = $comments[$x]['username'];
$comment = $comments[$x]['text'];
$userDetails = readRecordsWhereID('users', 'username', $username);
$firstName = $userDetails[0]['first_name'];
$lastName = $userDetails[0]['last_name'];
$timePosted = $comments[$x]['date'];
echo "<div id='comment{$commentID}' style='outline: dotted'>";
echo "<p style='font-size: 24px'>{$firstName} {$lastName} on {$timePosted}</p>";
echo "<p>{$comment}</p>";
?>
<form method="post" action="product.php?prodID=<?php
echo $prodID;
?>
">
<input type="hidden" name="commentID" value="<?php
echo $commentID;
?>
">
<input type="submit" value="delete comment" name="deleteComment"></form>
</div><br>
<?php
}
if (isset($_POST['deleteComment'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$commentID = $_POST['commentID'];
$query = deleteRecordsWhereID('comments', 'comment_id', $commentID);
$db = connect();
$db->exec($query);
}
}
echo "</div> </div>";
include "includes/footer.php";
}
function createBasketPage($userID)
{
$varsSet = false;
$logged = "Log In";
$loggedLink = "index.php";
if (!empty($_SESSION['userID'])) {
$varsSet = true;
$logged = "Log Out";
$loggedLink = "logout.php";
}
$userID = $_SESSION['userID'];
$firstName = " ";
$lastName = " ";
if ($varsSet) {
$firstName = $_SESSION['firstName'];
$lastName = $_SESSION['lastName'];
}
$scripts = array("Script.js");
$stylesheets = array("indexPage.css", "StyleSheet.css", "bootstrap.css", "basket.css");
$title = "Basket";
require "../local/nbgardens_connection.php";
$basketDetails = readRecordsWhereID("basket", "user_id", $userID);
include "includes/header.php";
?>
<nav>
<div class="container">
<ul class="pull-left" class="nav nav-tabs">
<li><a href="index.php">Home</a></li>
<li><a href="catalogue.php">Catalogue</a></li>
</ul>
<ul class="pull-right" class="nav nav-tabs">
<li class="active"><a href="#">Basket</a></li>
<li><a href=<?php
echo '"' . $loggedLink . '">' . $logged;
?>
</a></li>
<?php
if ($varsSet) {
if ($_SESSION['username'] == 'administrator') {
echo '<li><a href="addProduct.php">Add New Product</a></li>';
}
}
?>
</ul>
</div>
</nav>
<br>
<br>
<h3 id="title">Basket (<?php
echo $firstName . " " . $lastName;
?>
) </h3>
<div id="basket">
<?php
$total = 0;
for ($i = 0; $i < count($basketDetails); $i++) {
$prodID = $basketDetails[$i]['product_id'];
$basketQuantity = $basketDetails[$i]['quantity'];
$productDetails = readRecordsWhereID("products", "product_ID", $prodID);
$productPic = $productDetails[0]['image'];
$productName = $productDetails[0]['name'];
$productPrice = $productDetails[0]['price'];
$subTotal = $productPrice * $basketQuantity;
$total += $subTotal;
if ($basketQuantity > 0) {
?>
<div>
<a href="product.php?prodID=<?php
echo $prodID;
?>
">
<img src="Images/<?php
echo $productPic;
?>
" alt="<?php
echo $productName;
?>
" style="height: 100px; width: 100px"></a>
<p><?php
echo $productName;
?>
: <?php
echo $basketQuantity;
?>
</p>
<p>Cost per Item: £<?php
echo $productPrice;
?>
</p>
<p>SubTotal: £<?php
echo $subTotal;
?>
</p>
<form method="post" action="basket.php">
Remove:<br> <input type="text" name="removeQuantity">
<input type="hidden" name="productID" value="<?php
echo $prodID;
?>
">
<input type="submit" value="Remove" name="removeAmount">
<input type="submit" value="Remove All" name="removeAll">
</form>
</div>
<?php
}
}
?>
<br>
<h4 style="margin-left: 20px;">Total cost of basket: £<?php
echo $total . '</p>';
?>
</div> <?php
if (isset($_POST['removeAmount'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// collect value of input field
$removeQuantity = $_POST['removeQuantity'];
$prodID = $_POST['productID'];
$columns = ['quantity'];
$productDetails = readRecordsWhereID('basket', 'product_id', $prodID);
$basketQuantity = $productDetails[0]['quantity'];
if ($removeQuantity <= $basketQuantity) {
$basketQuantity -= $removeQuantity;
$query = updateRecords('basket', 'quantity', $basketQuantity, 'product_id', $prodID);
$db = connect();
$db->exec($query);
}
}
} elseif (isset($_POST['removeAll'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$prodID = $_POST['productID'];
$productDetails = readRecordsWhereID('basket', 'product_id', $prodID);
$query = updateRecords('basket', 'quantity', 0, 'product_id', $prodID);
$db = connect();
$db->exec($query);
}
}
include "includes/footer.php";
}
<?php
//check if 'login' submit button was pressed
if (isset($_POST['login'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// collect value of input field
$username = $_POST['username'];
//READ database for rest of user info
$userDetails = readRecordsWhereID('users', 'username', $username);
$password = $userDetails[0]['password'];
//password in DB
$checkPassword = $_POST['password'];
//password entered by user
if ($password == $checkPassword) {
//if match, set session vars
$_SESSION['userID'] = $userDetails[0]['user_ID'];
$_SESSION['firstName'] = $userDetails[0]['first_name'];
$_SESSION['lastName'] = $userDetails[0]['last_name'];
$_SESSION['username'] = $username;
} else {
//else return message
echo '<p>Incorrect password!</p>';
}
$checkPassword == NULL;
}
}
