public function view()
{
if ($this->isValidating()) return $this->validate(RT_JSON);
if ($this->isPosting() && $_POST['form']=='signinForm') return $this->processPost();
$ret = session_start();
if (getLoggedInUsername() != '') {
echo('Welcome! '.getLoggedInUsername());
echo('<p/><a href="/sign-out">Sign out</a>');
}
else {
// show Signin Form
$v = $this->smarty;
$v->setTemplateDir(BASEEXT.'/authentication/view');
$this->display($v, 'signin_form.html');
}
}
public function view()
{
if ($this->isPosting()) {
return $this->processPost();
}
session_start();
if (getLoggedInUsername() != '') {
if (isset($this->params[0])) {
$viewToEdit = $this->params[0];
$viewPath = BASEVIEW . '/' . currentViewDir() . '/' . $viewToEdit;
if (file_exists($viewPath)) {
$viewContent = file_get_contents($viewPath);
if (isDemoMode()) {
$viewContent .= "<p/><b>Demo Mode: This page is set to readonly in demo mode.</b>";
}
}
$html = file_get_contents_with_vars(BASEEXT . '/editor/page_editor.html', array('{$viewFile}' => $viewToEdit, '{$viewContent}' => $viewContent));
echo $html;
}
} else {
echo '';
}
}
function genUserBar()
{
if (loggedIn()) {
?>
<!--including script here bad? where should we then?-->
<script src="js/user.js"></script>
<div id = "loginDiv">
<div id = "innerLoginDiv">
Welcome <?php
echo getLoggedInUsername();
?>
!
<button id = 'buttonMyBooks' onClick="document.location.href='mybooks.php'">My Books</button>
<button id = 'buttonLogout' onclick = "logout()"> Logout </button>
</div>
</div>
<?php
} else {
?>
<!--including script here bad? where should we then?-->
<script src="js/user.js"></script>
<!--TODO: build css file for this-->
<div id = "loginDiv">
<div id = "innerLoginDiv">
Username:
<input id = 'usernameInput' type='text' maxlength='30' value=''/>
Password:
<input id = 'passwordInput' type='password' maxlength='30' value=''/>
<button id = 'buttonLogin' onclick='login()'> Login </button>
<form id = "signUpForm" action="signup.php">
<input type="submit" value="Sign Up">
</form>
</div>
</div>
<?php
}
}
function insertNewBook()
{
require 'connector.php';
//TODO: no serverside validation.
$generalWithISBN = mysqli_query($con, 'SELECT isbn FROM bookgeneral WHERE isbn="' . $_POST['isbn'] . '"');
if ($generalWithISBN->num_rows < 1) {
error_log('GENERAL INSERT RUNNING. VALUES:', 0);
error_log('====================================', 0);
error_log('isbn: ' . $_POST['isbn'], 0);
error_log('title: ' . $_POST['title'], 0);
error_log('description: ' . $_POST['description'], 0);
error_log('category: ' . $_POST['category'], 0);
$generalSQL = 'INSERT INTO bookgeneral VALUES("' . $_POST['isbn'] . '","' . $_POST['title'] . '","' . $_POST['description'] . '","' . $_POST['category'] . '");';
error_log('GENERAL SQL: ' . $generalSQL, 0);
//isbn imageName description
if (!mysqli_query($con, $generalSQL)) {
error_log('Error: Insert into bookgeneral failed.', 0);
return false;
}
}
$username = getLoggedInUsername();
error_log('SPECIFIC INSERT RUNNING. VALUES:', 0);
error_log('------------------------------------', 0);
error_log('isbn: ' . $_POST['isbn'], 0);
error_log('price: ' . $_POST['title'], 0);
error_log('condition: ' . $_POST['description'], 0);
error_log('username: '******'datafile']['error'] === UPLOAD_ERR_OK) {
$specificSQL = 'INSERT INTO bookspecific (isbn, price, bookCondition, status, ownerUsername, imageName) ' . 'VALUES("' . $_POST['isbn'] . '",' . $_POST['price'] . ',"' . $_POST['condition'] . '","available","' . $username . '","' . 'tempValue' . '");';
error_log('SPECIFIC SQL: ' . $specificSQL, 0);
//save specific image details
if (!mysqli_query($con, $specificSQL)) {
error_log('Error: Insert into bookspecific failed.', 0);
return false;
} else {
//get id for specific
$id = $con->insert_id;
if (!$id) {
error_log('Error: Previous insert id is undefined!', 0);
return false;
}
//copy image to directory
$info = pathinfo($_FILES['datafile']['name']);
$ext = $info['extension'];
// get the extension of the file
$newname = strval($id) . "." . $ext;
//update temp value
$updateSQL = 'UPDATE bookspecific SET imageName= "' . $newname . '" WHERE id = ' . strval($id) . ';';
if (!mysqli_query($con, $updateSQL)) {
error_log('Error: Update imagename of bookspecific failed.', 0);
return false;
}
$target = 'images/' . $newname;
move_uploaded_file($_FILES['datafile']['tmp_name'], $target);
}
} else {
error_log('Error: Image Upload Failed', 0);
return false;
}
return true;
}
function genBody()
{
if (!loggedIn()) {
?>
You are not logged in. Login before looking at your books. How did you even get here?
<?php
return;
}
?>
<div class = 'outerDiv'>
<table id = 'bookTable' class = 'bookTable'>
<tr>
<th class = "tableElementFirst">Title</th>
<th class = "tableElement">Description</th>
<th class = "tableElement">Category</th>
<th class = "tableElement">ISBN</th>
<th class = "tableElement">Asking Price</th>
<th class = "tableElement">Condition</th>
<th class = "tableElement">Status</th>
<th class = "tableElement">Operations</th>
<th class = "tableElementLast">Picture</th>
</tr>
<?php
require 'connector.php';
$ownerUsername = getLoggedInUsername();
error_log('Username:'******'SELECT * FROM bookspecific WHERE ownerUsername="******"';
$books = mysqli_query($con, $specificSQL);
if (!$books) {
error_log('SPECIFIC QUERY FAILED WITH SQL: ' . $specificSQL, 0);
}
$pos = 0;
while ($book = mysqli_fetch_object($books)) {
$generalSQL = 'SELECT * FROM bookgeneral WHERE isbn="' . $book->isbn . '"';
$booksg = mysqli_query($con, $generalSQL);
if (!$booksg) {
error_log('GENERAL QUERY FAILED WITH SQL: ' . $generalSQL, 0);
}
// not optimal
while ($bookg = mysqli_fetch_object($booksg)) {
//draw book
echo '<tr>';
echo '<td class = "tableElementFirst">' . $bookg->title . '</td>';
echo '<td class = "tableElement">' . $bookg->description . '</td>';
echo '<td class = "tableElement">' . $bookg->category . '</td>';
echo '<td class = "tableElement">' . $bookg->isbn . '</td>';
echo '<td class = "tableElement">' . $book->price . '</td>';
echo '<td class = "tableElement">' . $book->bookCondition . '</td>';
if ($book->status == 'reserved') {
$orderSQL = 'SELECT * FROM orders WHERE bookId="' . $book->id . '"';
$orders = mysqli_query($con, $orderSQL);
if (!$orders) {
error_log('ERROR: ' . $orderSQL . '" failed to exetute', 0);
}
$order = mysqli_fetch_object($orders);
error_log('clientUsername:'******'SELECT username, name, lastName, email, phone FROM client WHERE username ="******";';
$clients = mysqli_query($con, $clientSQL);
if (!$clients) {
error_log('ERROR: "' . $clientSQL . '" failed to exetute', 0);
}
while ($client = mysqli_fetch_object($clients)) {
error_log("Client Client username: '******' Order Client Username '" . $order->clientUsername . "'", 0);
if (trim($client->username) === trim($order->clientUsername)) {
$name = $client->name;
$lname = $client->lastName;
$email = $client->email;
$phone = $client->phone;
echo '<td class = "tableElement">' . $book->status . '</br>By ' . $name . ' ' . $lname . '</br>' . 'Email: ' . $email . '</br>Telephone: ' . $phone . '</td>';
echo '<td class = "tableElement"><button onclick = "deleteBook(' . $book->id . ',' . $pos . ')">Delete</button><br><button onclick = "unreserveBook(' . $book->id . ',' . $pos . ')">Unreserve</button></td>';
}
}
} else {
echo '<td class = "tableElement">' . $book->status . '</td>';
echo '<td class = "tableElement"><button onclick = "deleteBook(' . $book->id . ',' . $pos . ')">Delete</button></td>';
}
echo '<td class = "tableElementLast"> <img class = "imgTable" src = images/' . $book->imageName . '></img></td>';
echo '</tr>';
}
$pos = $pos + 1;
}
?>
</table>
</div>
<?php
}
