Permissions update, code refactoring

Author: rbattistini

api-about-us.php

@@ -179,7 +179,7 @@ public function addPicture($parameters) {
         $stmt->execute();
     }
 
-    public function updatePicture($parameters) {
+    public function updatePicture($parameters, $title) {
         $description = $parameters["description"];
         $author = $parameters["author"];
         $image = $parameters["image"];
@@ -190,7 +190,7 @@ public function updatePicture($parameters) {
         $email = $parameters["email"];
 
         $stmt = $this->db->prepare("UPDATE picture SET Description = ?, Author = ?, Image = ?, Base_price = ?, Discount = ?, Orientation = ?, Category_name = ?, Email = ? WHERE Title = ?");
-        $stmt->bind_param("sssiisss", $description, $author, $image, $base_price, $discount, $orientation, $category_name, $email);
+        $stmt->bind_param("sssiissss", $description, $author, $image, $base_price, $discount, $orientation, $category_name, $email, $title);
         $stmt->execute();
     }
 

api-add-credit-card.php

@@ -11,13 +11,9 @@
 }
 
 if (isUserLoggedIn(UserType::Customer)) {
-    $templateParams["title"] = "Customer Area";
-    $templateParams["name"] = "customer-area.php";
     header("Location: customer-area.php");
 } else if (isUserLoggedIn(UserType::Seller)) {
-    $templateParams["title"] = "Seller Area";
-    $templateParams["name"] = "template/seller-profile-template.php";
-    require "template/base.php";
+    header("Location: seller-profile.php");
 } else {
     $templateParams["title"] = "Login";
     $templateParams["name"] = "template/login-template.php";

api-cart.php

@@ -4,6 +4,8 @@
 if(isUserLoggedIn(UserType::Seller)) {
     $templateParams["title"] = "Seller Area - Add print";
     $templateParams["name"] = "seller-add-print-template.php";
+    $templateParams["sidebar"] = "seller-sidebar.php";
+
     $email = htmlspecialchars($_SESSION["email"]);
 
     if(isset($_POST["author"])) {

api-customer-orders-summary.php

@@ -1,8 +1,52 @@
 <?php
 require_once 'bootstrap.php';
 
-$templateParams["title"] = "Seller Area - View orders";
-$templateParams["name"] = "seller-orders-template.php";
+if(isUserLoggedIn(UserType::Seller)) {
+
+    $templateParams["title"] = "Seller Area - View orders";
+    $templateParams["name"] = "seller-orders-template.php";
+    $templateParams["sidebar"] = "seller-sidebar.php";
+    $email = htmlspecialchars($_SESSION["email"]);
+    $templateParams["orders"] = $dbh->getMyOrders($email);
+
+    if(isset($_GET["order_id"])) {
+        $templateParams["order_selected"] = true;
+        $order_id = htmlspecialchars($_GET["order_id"]);
+        $order = $dbh->getOrderProducts($order_id)[0];
+
+        if(isset($_POST["order_id"])) {
+
+            $ship_city = htmlspecialchars($_POST["ship_city"]);
+            $ship_postal_code = htmlspecialchars($_POST["ship_postal_code"]);
+            $ship_address = htmlspecialchars($_POST["ship_address"]);
+            $order_date = htmlspecialchars($_POST["order_date"]);
+            $shipped_date = htmlspecialchars($_POST["shipped_date"]);
+            $card_number = htmlspecialchars($_POST["card_number"]);
+            $shipper_name = htmlspecialchars($_POST["shipper_name"]);
+            $status = htmlspecialchars($_POST["status"]);
+
+            $parameters = array(
+                "ship_city" => $ship_city,
+                "ship_postal_code" => $ship_postal_code,
+                "ship_address" => $ship_address,
+                "order_date" => $order_date,
+                "shipped_date" => $shipped_date,
+                "email" => $email,
+                "card_number" => $card_number,
+                "shipper_name" => $shipper_name,
+                "status" => $status
+            );
+
+            $dbh->updatePicture($parameters);
+        }
+
+    } else {
+        $templateParams["order_selected"] =  false;
+    }
+
+} else {
+    header('Location: login.php');
+}
 
 require 'template/base.php';
 ?>

api-order.php

@@ -4,6 +4,7 @@
 if(isUserLoggedIn(UserType::Seller)) {
     $templateParams["title"] = "Seller Area - Your prints";
     $templateParams["name"] = "seller-prints-template.php";
+    $templateParams["sidebar"] = "seller-sidebar.php";
     $email = htmlspecialchars($_SESSION["email"]);
     $templateParams["prints"] = $dbh->getPicturesFromSeller($email);
 
@@ -12,21 +13,28 @@
         $print_id = htmlspecialchars($_GET["print_id"]);
         $print = $dbh->getPictureFromTitle($print_id)[0];
         $templateParams["categories"] = $dbh->query("SELECT * From category");
-        $templateParams["techniques"] = $dbh->query("SELECT * From print_technique");
+        $techniques = $dbh->query("SELECT * From print_technique");
+        $templateParams["techniques"] = $techniques;
         $print_techniques = $dbh->getTechniquesFromPictureTitle($print_id);
 
         if(isset($_POST["author"])) {
-
+            $title = $print_id;
             $description = htmlspecialchars($_POST["description"]);
             $author = htmlspecialchars($_POST["author"]);
-            list($image, $msg) = uploadImage(UPLOAD_DIR, $_FILES["picture"]);
-            $image_name = basename($image["name"]);
-            var_dump($image_name);
             $base_price = htmlspecialchars($_POST["base_price"]);
             $discount = htmlspecialchars($_POST["discount"]);
-            $orientation = getOrientation($image); // REVIEW
             $category = htmlspecialchars($_POST["category"]);
 
+            if(!empty($_FILES["picture"]["name"])) {
+                list($image, $msg) = uploadImage(UPLOAD_DIR, $_FILES["picture"]);
+                $image_name = basename($_FILES["picture"]["name"]);
+                $fullPath = UPLOAD_DIR.$image_name;
+                $orientation = getOrientation($fullPath);
+            } else {
+                $image_name = $print["Image"];
+                $orientation = htmlspecialchars($print["Orientation"]);
+            }
+
             $parameters = array(
                 "description" => $description,
                 "author" => $author,
@@ -38,9 +46,21 @@
                 "email" => $email
             );
 
-            $dbh->updatePicture($parameters);
+            $dbh->updatePicture($parameters, $title);
+        }
+
+        foreach ($techniques as &$technique) {
+            $technique_description =str_replace(" ", "_", $technique["Description"]);
+            if (isset($_POST[$technique_description]) && !in_array($technique, $print_techniques)) {
+                $dbh->insertSupportedTechniqueForPrint($technique["Technique_id"], $print_id);
+            } else if(!isset($_POST[$technique_description]) && in_array($technique, $print_techniques)) {
+                $dbh->deleteSupportedTechniqueFromPrint($technique["Technique_id"], $print_id);
+            }
         }
+        unset($technique);
 
+        $print = $dbh->getPictureFromTitle($print_id)[0]; // image shown update
+        $print_techniques = $dbh->getTechniquesFromPictureTitle($print_id); // techniques shown update
     } else {
         $templateParams["print_selected"] =  false;
     }

api-print-customization.php

@@ -2,7 +2,8 @@
 require_once 'bootstrap.php';
 
 $templateParams["title"] = "Seller Area - Profile";
-$templateParams["name"] = "seller-profile-template.php";
+$templateParams["name"] = "template/seller-profile-template.php";
+$templateParams["sidebar"] = "template/seller-sidebar.php";
 
 require 'template/base.php';
 ?>

api-print.php

@@ -5,14 +5,11 @@
     <div class="container">
       <div class="row">
         <div class="col-md-3">
-          <aside class="bg-white sidebar container shadow-sm my-4 p-4 list-group list-group-flush">
-            <h3 class="py-4 pl-3">Seller's Area</h3>
-            <a href="seller-overview.php" class="list-group-item list-group-item-action bg-white">Overview</a>
-            <a href="seller-profile.php" class="list-group-item list-group-item-action bg-white">Profile</a>
-            <a href="seller-prints.php" class="list-group-item list-group-item-action bg-white">Your prints</a>
-            <a href="#" class="list-group-item list-group-item-action bg-white">Add new print</a>
-            <a href="seller-orders.php" class="list-group-item list-group-item-action bg-white">View orders</a>
-          </aside>
+        <?php 
+          if(isset($templateParams["sidebar"])){
+            require($templateParams["sidebar"]);
+          }
+        ?>
         </div>
 
         <div class="col-md-9">