Merge branch 'main' of https://github.com/bdngeorge/itws-term-project

README.md

@@ -4,49 +4,24 @@
 
 1. start xampp
 1. clone dir under `htdocs/textbook_buddy`
-1. go to `http://localhost/textbook_buddy`
 1. Go to phpmyadmin  `localhost`
 1. create db called `textbook_buddy`
 1. import sql from `resources/textbookBuddy.sql`. THEN import `resources/items.sql`
     1. I periodically update these from time to time
     1. if you want to add data, put it under `resources/items.sql`
 1. Go to `includes/dbconnect.php` and change line 6 to your password
-1. Run
-
-## Functionalities So Far
-1. you can create account
-1. you can login
-1. you can log out
-1. you can upload a book (only if you're logged in)
-    1. If you're not logged in, sell book form page will be redirected to login page
-1. you can filter books (not by search bar yet)
-1. you can click on book for more info
+1. Open website in browser with link `http://localhost/textbook_buddy`
 
 
 ## ToDo
-1. Upload Books form
-    1. make it look nice
-    1. Add fake data, 
-        1. Login `account/account.php`
-        2. Upload  `catalog/uploadBooks.php`
-            all book img will be located under resources/bookIMG in format `subject-10randomDigits.ext`. Using the form will do that for you
-        4. Then in phpmyadmin, go to 
-            ``` 
-            textbook_buddy 
-            -> books 
-            -> export, 
-            and copy and paste things under INSERT INTO `books` into `items.sql`
-            ````
-1. Catalog
-    1. make filters look nice
-        1. make it so checkboxes aren't deleted when submit is clicked
-    1. show books
-        1. make UI look nice
-    1. book info
-        1. clicking on image will show more info about that book
-            1. make UI look nice
-1. Seller Profile
-1. Home page
-1. click on book from catalog for more info
-1. purchase book
-1. ... 
+1. Add more fake data, 
+    1. Login `account/account.php`
+    2. Upload  `catalog/uploadBooks.php`
+        all book img will be located under resources/bookIMG in format `subject-10randomDigits.ext`. Using the form will do that for you
+    4. Then in phpmyadmin, go to 
+        ``` 
+        textbook_buddy 
+        -> books 
+        -> export, 
+        and copy and paste things under INSERT INTO `books` into `items.sql`
+

account/account.php

@@ -1,30 +1,55 @@
 <?php
+  include("../includes/dbconnect.inc.php");
   // redirect to login page if not logged in
   session_start();
   if(!isset($_SESSION['userEmail'])){
     header("Location: login.php");
     exit();
   }
-
 ?>
 
 <!DOCTYPE html>
 <html>
   <head>
-    <meta charset="utf-8">
+    <meta charset="utf-8"> 
     <title>TextbookBuddy - Account </title>
+    <link rel="stylesheet" href="../styles/general.css">
+    <link rel="stylesheet" href="../styles/catalog.css">
+    <link rel="stylesheet" href="../styles/account.css">
   </head>
-  <h1> Welcome <?php echo $_SESSION['userEmail']; ?></h1>
-
-
-    <!-- show all books user sold -->
-    <a href="sellerCatalog.php"> My books </a> <br>
-    <!-- option to delete books -->
+  <body>
+    <?php include("../includes/header2.inc.php"); ?>
+    <div class = "center-text ">
+      <h1> Account Information </h1>
+    </div>
+    <?php
+      if($dbOK) {
+        $userEmail = mysqli_real_escape_string($db, $_SESSION['userEmail']);
+        $query = "SELECT * FROM users WHERE email = '$userEmail'";
+        $result = $db->query($query);
+        $record = $result->fetch_assoc();
 
-    <!-- show all books users requested -->
+        $fname = $record['fname'];
+        $lname = $record['lname'];
+
+        echo '<div id = "outer">' ;
+        echo '<div id = "middle">';
+        echo '<strong>Name: </strong>'.$fname." ";
+        echo $lname;
+        echo '<br>';
+        echo '<strong>Email: </strong>'.$userEmail;
+        echo '</div>';
+      }
+    ?>
+      <div id = "sellerlog">
+        <!-- show all books user sold -->
+        <a href="sellerCatalog.php"> My books </a> <br>
+        <!-- logout -->
+        <a href="logout.php">Logout</a>
+      </div>
+    </div>
+  </body>
+</html>
 
-    <!-- logout -->
-    <a href="logout.php">Logout</a>
 
-</html>
 

account/login.php

@@ -1,24 +1,22 @@
 <?php
   session_start();
-  include ('../includes/dbconnect.php');
+  include ('../includes/dbconnect.inc.php');
   if ($dbOK) {
-    // if($_SERVER['REQUEST_METHOD'] == 'POST')
     if (isset($_POST['submit']))
     {
-      $email = $_POST['email'];
-      $password = $_POST['password'];
-
-      // error checking 
+      $email =  htmlspecialchars(trim($_POST['email']));
+      $password = htmlspecialchars(trim($_POST['password']));
 
+      $email = mysqli_real_escape_string($db, $email);
+      $password = mysqli_real_escape_string($db, $password);
+
       $query = "select * from users where email = '$email'";
       $result = $db->query($query);
       $numRecords = $result->num_rows;
 
-      // echo mysqli_num_rows($result);
       if($numRecords > 0)
       {      
         $user_data = $result->fetch_assoc();
-
         // if password is correct, log user in
         if($user_data['password'] === $password) 
         {
@@ -47,13 +45,14 @@
       integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" 
       crossorigin="anonymous">
     </script>
-    <script type="text/javascript" src="../scripts/form-validation.js"></script>
+
   </head>
   <body>
-    <?php include("../includes/header.php"); ?>
+    <?php include("../includes/header2.inc.php"); ?>
 
     <section class="center-items center-self body">
       <h2 class="bold">Login</h2>
+      <script type="text/javascript" src="../scripts/form-validation.js"></script>
       <form id="login" name="login" class="form" action="#" method="post" 
         onsubmit="return validateLogin(this);"
       >

account/sellerCatalog.php

@@ -8,7 +8,6 @@
     <meta charset="utf-8"> 
     <meta name="viewport" content="width=device-width, initial-scale=1.0"> 
     <title>TextbookBuddy</title>
-    <!-- <link rel="stylesheet" href="../styles/login.css"> -->
     <link rel="stylesheet" href="../styles/general.css">
     <link rel="stylesheet" href="../styles/catalog.css">
     <script 
@@ -18,53 +17,52 @@
     </script>
   </head>
   <body>
-    <header>
-      <a href="../"> <h1 class="logo left">  Textbook Buddy </h1> </a>
-      <ul class="hmenu right">
-        <a href="../catalog/catalog.php"><li>Catalog</li></a>
-        <a href="../catalog/uploadBooks.php"><li>Sell</li></a> 
-        <a href="account.php"><li>Account</li></a>
-      </ul>
-    </header>
+    <?php include("../includes/header2.inc.php"); ?>
 
-    <div >
-      <?php
-        include("../includes/dbconnect.php");
-        if ($dbOK){
-          $userEmail = $_SESSION['userEmail'];
-          // show all books sold by user
-          $query = "SELECT * from books where sellerEmail = '$userEmail'";
+    <!-- Show books-->
+    <div id="body">
+      <div id="books">
+        <h1 style="margin-left:20px;">Books</h1>
+        <div id="bookList">
+          <?php
+            include("../includes/dbconnect.inc.php");
+            if ($dbOK){
+              $userEmail = mysqli_real_escape_string($db, $_SESSION['userEmail']);
+              // show all books sold by user
+              $query = "SELECT * from books where sellerEmail = '$userEmail'";
 
-          $result = $db->query($query);
-          $numRecords = $result->num_rows;
+              $result = $db->query($query);
+              $numRecords = $result->num_rows;
 
-          // if numRecords = 0, show message 
-          for ($i=0; $i < $numRecords; $i++) {
-            $record = $result->fetch_assoc();
-            $title = $record['title'];
-            $id = $record['id'];
-            $file = $record['imgID'];
+              // if numRecords = 0, show message 
+              for ($i=0; $i < $numRecords; $i++) {
+                $record = $result->fetch_assoc();
+                $title = $record['title'];
+                $id = $record['id'];
+                $file = $record['imgID'];
 
-            echo "<div>";
+                echo "<div class='book'>";
 
-            echo "<strong>$title</strong>";
+                echo "<a href='../catalog/bookInfo.php?id=$id'><img style='width:250px;height:300px;' src='../resources/bookImg/$file'></a>";
 
-            echo "<a href='bookInfo.php?id=$id'><img style='width:250px;' src='../resources/bookImg/$file'></a>";
+                echo "<h5>$title</h5>";
 
-            echo $record['desc'];
+                echo "<p>".ucfirst($record['condition'])." - ";
 
-            echo "<br>";
+                echo "$".$record['price']."</p>";
 
-            echo $record['condition'];
-
-            echo "<br><br><br>";
-            echo "</div>";
+                echo "</div>";
 
-          }
-        }
+              }
+            }
 
-      ?>
+          ?>
+        </div>
+
       </div>
+    </div>
+
+
     <footer>
     </footer>
   </body>

account/signup.php

@@ -1,18 +1,19 @@
 <?php
   session_start();
-  include ('../includes/dbconnect.php');
+  include ('../includes/dbconnect.inc.php');
 
-  //  if ($_SERVER['REQUEST_METHOD'] === 'POST') 
   if (isset($_POST['Submit']))
   {
     $fname = htmlspecialchars(trim($_POST['fname']));
     $lname = htmlspecialchars(trim($_POST['lname']));
     $email = htmlspecialchars(trim($_POST['email']));
-    // can you do this for a password?
-    $pass  = htmlspecialchars($_POST['password']);
+    $pass = htmlspecialchars($_POST['password'])
+
+    $fname = mysqli_real_escape_string($db, $fname);
+    $lname = mysqli_real_escape_string($db, $lname);
+    $email = mysqli_real_escape_string($db, $email);
+    $pass  = mysqli_real_escape_string($db, $pass);
 
-
-    // $query = "insert into users(fname, lname, email, password) values('$fname', '$lname', '$email', '$pass')";
     $insQuery = "insert into users(fname, lname, email, password) values(?,?,?,?)";
     $statement = $db->prepare($insQuery);
     $statement->bind_param("ssss", $fname, $lname, $email, $pass);
@@ -39,16 +40,7 @@
     <script type="text/javascript" src="../scripts/form-validation.js"></script>
   </head>
   <body>
-    <header>
-      <a href=".."> <h1 class="logo left">  Textbook Buddy </h1> </a>
-      <ul class="hmenu right">
-        <a href="../catalog/catalog.php"><li>Catalog</li></a>
-        <a href="../catalog/uploadBooks.php"><li>Sell</li></a>
-        <a href="account.php"><li>Account</li></a>
-      </ul>
-    </header>
-
-
+    <?php include("../includes/header2.inc.php"); ?>
     <section class="center-items center-self body">
       <h2 class="bold">Sign Up</h2>
       <form name="signup" class="form" action="#" method="post"
@@ -57,15 +49,11 @@
         <input type="text" id="lname" name="lname" placeholder="Last Name:" class="left"><br>
         <input type="email" id="email" name="email" placeholder="RPI Email:" class="left"><br>
         <input type="password" id="password" name="password" placeholder="Password:" class="left"><br>
-
-        <!-- can you make this button bigger? --> 
         <input type="submit" name="Submit" value="Submit">
       </form>
       <button type="button" onclick="window.location.href='login.php'" class="button">Back to Login</button>
     </section>
-
     <footer>
-
     </footer>
   </body>
 </html>