************ MyPage.php **************
<?php include "head.php"; ?>
<body>
<h2>Welcome to the in-class demo web page</h2>
<?php
echo "<h3>It's ".date("l, F jS").".<br />";
echo "The time is ".date("g:ia").".</h3>";
?>
<p><a href="DisplayTable.php">Display Table of Customers</a></p>
<p><a href="AddCustomer.php">Add Customer</a></p>
<p><a href="UpdateCustomer.php">Update Customer</a></p>
<p><a href="login.php">Login</a></p>
<p><a href="logout.php">logout</a></p>
<p>
<?php
if (isset($_SESSION['email']) )
{
echo "Welcome ".$_SESSION["fname"];
}
else
{
echo "You are not logged in";
}
?>
</p>
</body>
</html>
************ head.php *****************
<!doctype html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta charset="utf-8">
<title>Demo in Class using PhP</title>
<link href="ForClass.css" rel="stylesheet" type="text/css" />
</head>
**************** db.php *******************
<?php
include("../../database.inc");
$db_Connection = mysqli_connect("$db_location", "$db_username", "$db_password", "$db_database") or die("Error Connecting to the MySQL Server");
?>
********* database.inc --> saved 2 directory levels up (one up from public_html) **************
<?php
$db_location = "localhost";
$db_username = "dtucker";
$db_password = "password";
$db_database = "TuckerShoes";
?>
**************** Display Table.php *****************
<?php include "head.php"; ?>
<body>
<?php include "db.php"; ?>
<h2> Customers</h2>
<?php
$customers = mysqli_query($db_Connection, "SELECT * FROM Customers2") or die(mysql_error());
$numRecords = mysqli_num_rows($customers);
echo "<table>";
echo "<tr>
<th>E-Mail</th>
<th>First Name</th>
<th>Last Name</th>
</tr>";
for ($i = 0; $i < $numRecords; $i++)
{
$row = mysqli_fetch_array($customers);
echo "<tr>";
echo "<td width='15%'>".$row["email"]."</td>";
echo "<td width='30%'>".$row["fname"]."</td>";
echo "<td width='10%'>".$row["lname"]."</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($db_Connection);
?>
</body>
</html>
******************* AddCustomer.php *** ************************
<h2> Customers</h2>
<form id="register" name="register" method="post" action="<?php echo $PHP_SELF;?>" onsubmit="return validateRegistrationForm()">
<fieldset id="Contact">
<legend>Enter Personal Information</legend>
First Name: <input type="text" id="firstName" name="firstName"><br>
Last Name: <input type="text" id="lastName" name="lastName"><br>
E-mail: <input type="text" id="email" name="email"><br>
Password: <input type="text" id="password" name="password"><br>
Administrator: <input type="checkbox" name="adminstrator" value="1">
<br><br>
<input type="submit" class="button_style" value="Register"><br>
</fieldset>
</form>
<?php
$sql = "INSERT INTO Customers2 (fname, lname, email, admin, password) VALUES ('".
$_POST['firstName'].
"', '".
$_POST['lastName'].
"', '".
$_POST['email'].
"', '".
$_POST['adminstrator'].
"', '".
$_POST['password'].
"')";
if ($_POST['email'] != "" )
{
echo $sql;
mysqli_query($db_Connection, $sql) or die(mysql_error());
echo "<script>";
echo "alert('Client Updated');";
echo "window.location.href = 'DisplayTable.php';";
echo "</script>";
}
********************* PHP to update a customer *************************
<?php include "head.php"; ?>
<body>
<?php include "db.php"; ?>
<h2> Customers</h2>
<?php
echo "<form id='getdata' name='getdata' method='post' action='UpdateCustomer.php' onsubmit=''>";
$sql = "SELECT * FROM Customers2";
echo $sql;
$result = mysqli_query($db_Connection, $sql) or die(mysqli_error());
// take out line that used to be here
echo "<br><br>";
echo "Select a Customer to Update: <select name='CustomerID' id='CustomerID'>";
echo "<option value='----------'>----------</option>";
while ($row = mysqli_fetch_array($result))
{
echo "<option value='".$row['email']."'>".$row['fname']." ".$row['lname']."</option>";
}
echo "</select><br><br>";
echo "<input type='submit' value='Get Client Data'><br><br>";
?>
</form>
<form id="register" name="register" method="post" action='UpdateCustomer.php' >
<fieldset id="Contact">
<legend>Update Information Here</legend>
<?php
$sql = "SELECT * FROM Customers2 WHERE email = '".$_POST[CustomerID]."'";
$result = mysqli_query($db_Connection, $sql) or die(mysqli_error());
$row = mysqli_fetch_array($result);
echo "<br>".$sql."<br><br>";
echo '
First Name: <input type="text" id="firstName" name="firstName" value="'.$row['fname'].'"><br>
Last Name: <input type="text" id="lastName" name="lastName" value="'.$row['lname'].'"><br>
E-mail: <input type="text" id="email" name="email" value="'.$row['email'].'"><br>
Password: <input type="text" id="password" name="password" value="'.$row['password'].'"><br>
Administrator: <input type="checkbox" name="adminstrator" value="1" value="'.$row['admin'].'"><br>
<br><br>
<input type="submit" class="button_style" value="Register"><br>
</fieldset>
</form>
';
$sql = "UPDATE Customers2 SET
fname = '".$_POST['firstName']."',
lname = '".$_POST['lastName']."',
admin = '".$_POST['adminstrator']."',
password = '".$_POST['password']."'
WHERE email = '".$_POST['email']."';"
;
echo $sql;
if ($_POST['email'] != "" )
{
echo $_POST['email'];
mysqli_query($db_Connection, $sql) or die(mysql_error());
echo "<script>";
echo "alert('Client Updated');";
echo "window.location.href = 'DisplayTable.php';";
echo "</script>";
}
?>
</body>
</html>
******************* Login *********************
<?php
include "db.php";
include "head.php";
// This page is used as a sample on how to login
// I do the checks if you are logged in and the actual query
// at the top so this runs first, If not logged in it just
// skips where the user can enter login data
if (isset($_SESSION["fname"]))
{
$error= "You are already logged in";
}
elseif (isset($_POST['email']))
{
// try to login
$sql = "SELECT * FROM Customers2 WHERE email = '".$_POST['email']."'";
$rowsWithMatchingLogin = mysqli_query($db_Connection, $sql) or die(mysql_error());
$numRecords = mysqli_num_rows($rowsWithMatchingLogin);
//echo "There are ".$numRecords." of these email addresses<br><br>";
// check to make sure that on initial page load the query doesn't run
if ($numRecords == 1)
{
$row = mysqli_fetch_array($rowsWithMatchingLogin);
if ($_POST['password'] == $row['password'])
{ // set session variables and display
$_SESSION["fname"] = $row['fname'];
$_SESSION["lname"] = $row['lname'];
$_SESSION["email"] = $row['email'];
$_SESSION["password"] = $row['password'];
$_SESSION["admin"] = $row['admin'];
}
else
{
$error= "Password is incorrect";
}// end the if that checks for 1 success
}
else
{
$error= "Email not found";
}
} //end of overall if
mysqli_close($db_Connection);
?>
<body>
<h2> Login</h2>
<form name="login" method="post" action="login.php">
<fieldset id="Contact">
Enter Your Information <br>
Email: <input type="text" id="email" name="email"><br>
Password: <input type="password" id="password" name="password"><br><br>
<input type="submit" class="button_style" value="Login"><br>
</fieldset>
</form>
<br><br>
<?php
if (isset($error))
{
echo $error;
}
elseif (isset($_SESSION["fname"]))
{
echo "<table id='tableformat'>";
echo "<tr>
<th>Last Name</th>
<th>First Name</th>
<th>Email Address</th>
</tr>";
echo "<tr>";
echo "<td align='center'>";
echo $_SESSION["lname"];
echo "</td>";
echo "<td align='center'>";
echo $_SESSION["fname"];
echo "</td>";
echo "<td align='center'>";
echo $_SESSION["email"];
echo "</td></tr>";
echo "</table>";
}
?>
</body>
</html>
******************* Logout *************************
<?php
include "head.php";
session_unset();
session_destroy();
?>
<body>
<h2> Thank you for visiting this sample website</h2>
<p><a href="MyPage.php">Back to Class Demo Page</a></p>
</body>
</html>
********** Menu.php for Tucker Shoes ***************
<div id="LoginHeading">
<?php
if ($_SESSION["fname"] != "")
{
echo "<span style='color:#999'> WELCOME ".$_SESSION["fname"]." | </span>";
echo "<a href='logout.php' class='KeepGrey'>SIGN OUT | </a>";
}
else
{
echo "<a href='login.php' class='KeepGrey'>SIGN IN | </a>";
}
?>
<a href="purchase.php" class="KeepGrey">MY ORDERS</a>
</div><!-- close LoginHeading -->
<header><img src="images/TuckersShoes.png" width="258" height="70" alt="Tucker's Shoes"></header>
<nav>
<ul>
<li><a href="index.php">Home</a></li>
<li class="dropdown">
<a href="#" class="dropbtn">Customer Service</a>
<div class="dropdown-content">
<a href="feedback.php">Feedback</a>
<a href="addCustomer.php">Create an Account</a>
<a href="about.php">About</a>
</div>
</li>
<li class="dropdown">
<a href="#" class="dropbtn">Products</a>
<div class="dropdown-content">
<a href="shoes.php">Dress</a>
<a href="casual.php">Casual</a>
<a href="sneakers.php">Sneakers</a>
<a href="boots.php">Boots</a>
</div>
</li>
<li class="dropdown">
<a href="#" class="dropbtn">Specials</a>
<div class="dropdown-content">
<a href="sale.php">Sale</a>
<a href="clearance.php">Clearence</a>
<a href="shoeoftheday.php">Shoe of the day</a>
</div>
</li>
<?php
if ($_SESSION["admin"] == "1")
{
echo
"<li class='dropdown'>
<a href='#' class='dropbtn'>Administrator</a>
<div class='dropdown-content'>
<a href='editShoe.php'>Edit Shoe Info</span></a>
<a href='addShoe.php'>Add New Shoe</span></a>
<a href='feedback.txt' target='_blank'><span>See Feedback</span></a>
<a href='logout.php'>Logout</a>
</li>
";
}?>
</ul>
</nav>
*************** casual.php ****************
** this is the casual.php file from the TuckerShoes web site **
** http://csci323.cs.edinboro.edu/~dtucker/CSCI_323_Fall2017/Practice/casual.php **
** this shows how to display products with images **
<?php include "head.php"; ?>
<body>
<div id="wrapper">
<?php include "db.php"; ?>
<?php include "menu.php"; ?>
<div id="newmain">
<h2> Casual</h2>
<?php
$pens = mysqli_query($db_Connection, "SELECT * FROM Products WHERE type = 'cas'") or die(mysql_error());
$numRecords = mysqli_num_rows($pens);
//echo $numRecords." number of Pens<br><br>";
$Count = 0;
$currShoe = "";
echo "<table id='tableformat'>";
echo "<tr>
<th>Name</th>
<th>Description</th>
<th>Price</th>
<th>Quantity</th>
<th>Image</th>
<th>Buy</th>
</tr>";
for ($i = 0; $i < $numRecords; $i++)
{
$row = mysqli_fetch_array($pens);
echo "<tr>";
echo "<td width='15%'>".$row["name"]."</td>";
echo "<td width='30%'>".$row["description"]."</td>";
echo "<td width='10%'>";
printf("$%.2f",$row["price"]);
echo "</td>";
echo "<td width='10%'>".$row["quantity"]."</td>";
echo "<td width='25%'><img width='150px' src='images/".$row["image"]."'></td>";
echo "<td width='10%'><a href=\"purchase.php?prod=".$row[shoe_id]."&cost=".$row[price]."\"><img src='images/buy_button.png'></a></td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($db_Connection);
?>
</div><!-- close new main -->
<?php include "footer.php"; ?>
</div><!-- close the wrapper div -->
</body>
</html>
************ Add a Shoe w/ file upload **************
<?php include "head.php"; ?>
<body>
<?php include "db.php"; ?>
<div id="wrapper">
<?php include "menu.php"; ?>
<div id="newmain">
<h2> Add a New Shoe</h2>
<form id="register" name="register" method="post" action="addShoe.php" enctype="multipart/form-data">
<fieldset id="Shoe">
<legend>Enter Shoe Information</legend>
Name:
<input type="text" id="name" name="name"><br><br>
Description:
<input type="text" id="description" name="description"><br><br>
Price:
<input type="text" id="price" name="price"><br><br>
Quantity:
<input type="text" id="quantity" name="quantity"><br><br>
Type:
<select name="type" id="type" required>
<option value="dre">Dress</option>
<option value="cas">Casual</option>
<option value="sne">Sneakers</option>
<option value="boo">Boots</option>
</select>
<br><br>Special:
<select id="special" name="special">
<option></option>
<option value="sal">Sale</option>
<option value="cle">Clearance</option>
<option value="sod">Shoe of the Day</option>
</select>
<br><br>
<!-- upload image fields here -->
<legend>Upload Photo of Shoe</legend><br/>
<input type="file" name="fileToUpload" id="fileToUpload">
<br><br>
<input type="submit" class="button_style" value="Register" name="submit"><br>
</fieldset>
</form>
<?php
$target_dir = "images/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$name = basename($_FILES["fileToUpload"]["name"]);
echo $name." name<br>";
echo "<br>".$target_file."<br>";
echo "<br>".$_FILES["fileToUpload"]["name"]."<br>";
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
// insert data to the database
$sql = "INSERT INTO Products (name, description, price, quantity, image, type, special) VALUES ('".
$_POST['name'].
"', '".
$_POST['description'].
"', ".
$_POST['price'].
", ".
$_POST['quantity'].
", '".
$name.
"', '".
$_POST['type'].
"', '".
$_POST['special'].
"')";
echo $sql;
// actual insertion takes place here
if ($_POST['name'] != "" )
{
mysqli_query($db_Connection, $sql) or die(mysql_error());
}
$products = mysqli_query($db_Connection, "SELECT * FROM Products ORDER BY name ASC") or die(mysql_error());
$numRecords = mysqli_num_rows($products);
echo "<table id='tableformat'>";
echo "<tr>
<th>Shoe Name</th>
<th>Description</th>
<th>Price</th>
<th>Quantity</th>
<th>Image</th>
<th>Type</th>
<th>Special</th>
</tr>";
for ($i = 0; $i < $numRecords; $i++)
{
echo "<tr>";
$row = mysqli_fetch_array($products);
echo "<td align='center'>". $row["name"]."</td>";
echo "<td align='center'>". $row["description"]."</td>";
echo "<td align='center'>". $row["price"]. "</td>";
echo "<td align='center'>". $row["quantity"]. "</td>";
echo "<td align='center'>". $row["image"]. "</td>";
echo "<td align='center'>". $row["type"]. "</td>";
echo "<td align='center'>". $row["special"]. "</td></tr>";
}
echo "</table>";
mysqli_close($db_Connection);
?>
</div><!-- close new main -->
<float: clear>
<?php include "footer.php"; ?>
</div><!-- close the wrapper div -->
</body>
</html>
************************* Purchase.php ****************************
<?php include "head.php"; ?>
<body>
<div id="wrapper">
<?php include "db.php"; ?>
<?php include "menu.php"; ?>
<h2> Shopping Cart</h2>
<?php
if (isset($_SESSION["email"]) and isset($_GET['cost']))
{
$shoe = $_GET["prod"];
$cost = $_GET["cost"];
$email = $_SESSION["email"];
$date = date("Y/m/d");
$total_cost = 0;
echo $current_url[0];
$current_url = explode('?', $current_url);
echo $current_url[0];
// insert the data into the Orders table.
$sql = "INSERT INTO Orders (
shoe_id,
email,
date,
cost
) VALUES (
'$shoe',
'$email',
'$date',
'$cost'
)";
if (isset($cost))
{
echo $sql;
mysqli_query($db_Connection, $sql);
}
// This prints the orders table
$order = mysqli_query($db_Connection, "SELECT * FROM Orders") or die(mysql_error());
$numRecords = mysqli_num_rows($order);
echo "<table id='tableformat'>";
echo "<tr>
<th>Shoe ID</th>
<th>Email</th>
<th>Date</th>
<th>Cost</th>
</tr>";
for ($i = 0; $i < $numRecords; $i++)
{
$row = mysqli_fetch_array($order);
echo "<tr>";
echo "<td>".$row["shoe_id"]."</td>";
echo "<td>".$row["email"]."</td>";
echo "<td>".$row["date"]."</td>";
echo "<td>";
printf("$%.2f",$row["cost"]);
echo"</td>";
echo "</tr>";
$total_cost=$total_cost+$row["cost"];
}
echo "<tr> <td></td> <td></td> <td>Total: </td> <td>";
printf("$%.2f",$total_cost);
echo "</td> </tr>";
echo "</table>";
}
elseif (isset($_SESSION["email"]))
// this runs if they are just checking their cart
{
$order = mysqli_query($db_Connection, "SELECT * FROM Orders where email = '".$_SESSION['email']."'") or die(mysql_error());
$numRecords = mysqli_num_rows($order);
echo "<table id='tableformat'>";
echo "<tr>
<th>Shoe ID</th>
<th>Email</th>
<th>Date</th>
<th>Cost</th>
</tr>";
for ($i = 0; $i < $numRecords; $i++)
{
$row = mysqli_fetch_array($order);
echo "<tr>";
echo "<td>".$row["shoe_id"]."</td>";
echo "<td>".$row["email"]."</td>";
echo "<td>".$row["date"]."</td>";
echo "<td>";
printf("$%.2f",$row["cost"]);
echo"</td>";
echo "</tr>";
$total_cost=$total_cost+$row["cost"];
}
echo "<tr> <td></td> <td></td> <td>Total: </td> <td>";
printf("$%.2f",$total_cost);
echo "</td> </tr>";
echo "</table>";
} // closing th else if
else
{
echo "You must first login to make a purchase<br><br>";
echo "<a href='login.php'>LOGIN</a>";
}
mysqli_close($db_Connection);
?>
<?php include "footer.php"; ?>
</div><!-- close the wrapper div -->
</body>
</html>
************************ Feedback *******************************
<?php include "head.php"; ?>
<body>
<h2>Sample Feedback</h2>
<form name="feedback" id="feedback" action="feedback_thanks.php" onsubmit="return true" method="post">
First Name <input id="first_name" name="first_name"><br>
Last Name <input id="last_name" name="last_name"><br>
Email <input id="Email" name="Email"><br><br>
Comments about stuff<br>
<textarea id="Comments" name="Comments" cols="50" rows="10"></textarea>
<br>
<input name="Submit" type="submit" value="Submit">
<input name="Reset" type="reset" value="Reset">
</form>
</body>
</html>
************************* Feedback Thanks page *******************************
<?php include "head.php"; ?>
<body>
<h2>Thank you
<?php
echo $_POST["first_name"]." ".$_POST["last_name"]." ";
?>
for submitting.
</h2>
<?php
// create the message
$message =
"\r\nFrom: ".$_POST["first_name"]." ".$_POST["last_name"]."\r\n".
"E-mail address: ".$_POST['Email']."\r\n".
"Subject: Feedback from our site\r\n".
"\r\nText Message: \r\n".$_POST['Comments']."\r\n";
// write to the feedback file
$fileVar = fopen("feedback.txt", "a") or die("Error opening or creating the file");
fwrite($fileVar, "\n---------------------------------------\r\n");
fwrite($fileVar, "Date recieved ".date("l, F jS"));
fwrite($fileVar, $message);
//Send a message to the user and us
$headerToClient = "From: Dave Tucker\r\n";
mail($_POST['Email'],"Re: message from the Sand Box", "You summttted the following: ".$message, $headerToClient);
?>
<a href="feedback.txt">Feedback file</a>
</body>
</html>