-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstore.php
143 lines (129 loc) · 4.15 KB
/
store.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php
/*
* File: store.php
* File Created: Monday, 30th September 2019
* Author: Syed Faraz Abrar
* -----
* Last Modified: Monday, 14th October 2019
* Modified By: Syed Faraz Abrar
* -----
* Purpose: The store page. It provides a list
* of items for the user to view. The
* user can also search by item name and
* by seller name.
*/
require_once("db.php");
require_once("includes/check_session.php");
include("includes/handle_store.php");
?>
<!DOCTYPE html>
<html>
<head>
<?php
include_once("includes/includes.php");
?>
</head>
<body>
<?php
include_once('includes/header.php');
?>
<div class="container">
<!-- Search for items by name -->
<h1>Search for items by name:</h1>
<form method="GET" action="">
<div class="input-group mt-2 w-25">
<input type="text" class="form-control" placeholder="Item name" name="itemName" >
<div class="input-group-append">
<button class="btn btn-outline-secondary" type="submit" id="searchButton">Search</button>
</div>
</div>
</form>
<!-- Search for items by seller -->
<h1>Search for items by seller:</h1>
<form method="GET" action="">
<div class="input-group mt-2 w-25">
<input type="text" class="form-control" placeholder="Seller name" name="sellerName" >
<div class="input-group-append">
<button class="btn btn-outline-secondary" type="submit" id="searchButton">Search</button>
</div>
</div>
</form>
<hr>
<?php
// For when a user tries to purchase an item without having enough money,
// or for when they try to purchase one of their own items.
echo "<b>$error</b>";
if (isset($_GET["itemName"]))
echo '<h2> Searching for item ' . $_GET["itemName"] . ':</h2>';
else if (isset($_GET["sellerName"]))
echo '<h2> Searching for seller ' . $_GET["sellerName"] . ':</h2>';
else
echo '<h2>Items:</h2>';
?>
<!-- Table of items -->
<table class="table">
<thead>
<th>Seller</th>
<th>Item name</th>
<th>Description</th>
<th>Price</th>
<th>Purchase</th>
<?php
if ($_SESSION["id"] == 1)
echo "<th>Admin</th>";
?>
</thead>
<tbody>
<?php
// Check if a GET request was made to search for an item or a seller,
// and query the database accordingly
if(isset($_GET["itemName"]))
{
$name = $_GET["itemName"];
$sql = "SELECT user_id, name, description, price, id FROM Items WHERE name LIKE '%$name%'";
}
else if (isset($_GET["sellerName"]))
{
$name = $_GET["sellerName"];
$sql = "SELECT user_id, name, description, price, id FROM Items WHERE user_id =
(SELECT id FROM Users WHERE username LIKE '%$name%')";
}
else
$sql = "SELECT user_id, name, description, price, id FROM Items";
$result = mysqli_query($db, $sql);
echo mysqli_error($db);
// Print out each item from the query above
while($row = mysqli_fetch_array($result))
{
// Get the owner of each item using the user_id
$sql = "SELECT username FROM Users WHERE id=$row[0]";
$owner = mysqli_fetch_array(mysqli_query($db, $sql))[0];
echo "<tr>";
echo "<td>$owner</td>";
echo "<td>$row[1]</td>";
echo "<td>$row[2]</td>";
echo "<td>$row[3]</td>";
echo "<td>";
echo'<form action="" method="post">';
echo '<input type="hidden" name="id" value="'.$row[4].'"/>';
echo '<input type="hidden" name="user_id" value="'.$row[0].'"/>';
echo '<input type="hidden" name="price" value="'.$row[3].'"/>';
echo '<button name="buy" type="submit" value="buy" class="btn btn-success"><i class="fas">Buy Item</button></i>';
echo'</form>';
echo "</td>";
if ($_SESSION["id"] == 1)
{
echo "<td>";
echo'<form action="" method="post">';
echo '<input type="hidden" name="id" value="'.$row[4].'"/>';
echo '<button name="delete" type="submit" value="delete" class="btn btn-danger"><i class="fas">Remove Item</button></i>';
echo'</form>';
echo "</td>";
}
}
?>
</tbody>
</table>
</div>
</body>
</html>