Skip to content

CS123A_GroupC_FoodBuddy
CS123A_GroupC_FoodBuddy
Commit 05f9623d authored by Jose Emmanuel Torrijos's avatar Jose Emmanuel Torrijos
Browse files
Options

Food Buddy 

Food Buddy Source Code and Final Paper
parents
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 3721 additions and 0 deletions
add_to_cart.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if (isset($_GET['id']))
{
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
} else
{
#protection
$id = $_GET['id'];
$qty = $_GET['qty'];
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
$total_price_query = "SELECT price FROM item WHERE item_id = " .$id;
$total_price_result = mysqli_query($mysqli,$total_price_query);
$tpArray = mysqli_fetch_array($total_price_result, MYSQLI_ASSOC);
$tp = $tpArray['price'];
$tp = $tp*$qty;
#username has to be unique!
$sql = "INSERT INTO tracker (session_id,item_id,item_qty,total_price) VALUES ('".$sessID. "', " .$id.", " .$qty.", " .$tp.")";
$result = mysqli_query($mysqli,$sql);
//$count = mysqli_num_rows($result);
if ($result === TRUE)
{
echo "A record has been inserted.";
header("Location:menu.php");
exit;
}
else {
printf("Could not insert record: %s\n", mysqli_error($mysqli));
}
}
mysqli_close($mysqli);
}
else{
echo"wew";
}
?>
\ No newline at end of file
checkPassEdit.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
echo "<html><head><title>Changing FooBu Password</title>";
echo "</head><link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>";
echo "<body>";
$old_pass = $_POST["old_password"];
$new_pass = $_POST["password1"];
#protection
$old_pass = stripslashes($old_pass);
$old_pass = mysqli_real_escape_string($mysqli,$old_pass);
$new_pass = stripslashes($new_pass);
$new_pass = mysqli_real_escape_string($mysqli,$new_pass);
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$old_password = $newArray['password'];
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $newArray['position']. "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $newArray['mall_name'] . " Restaurant: " . $newArray['rest_name']. "<br>";
else echo "Mall: " . $newArray['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $newArray['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
if($old_password != $old_pass)
{
echo "<h1>You entered an invalid old password!</h1>";
echo "<div class = 'center'><br><a href = 'edit_password.php' ><button>Back</button></a></div>";
}
else
{
$sql = "UPDATE account SET password = '" .$new_pass. "' WHERE account_id = " . $id ;
$res = mysqli_query($mysqli, $sql);
if ($res === TRUE)
{
echo "<h1>Your Password has been edited!</h1>";
}
else
{
printf("Could not edit password: %s\n", mysqli_error($mysqli));
}
}
}
}
?>
\ No newline at end of file
checkcreate.php 0 → 100644
View file @ 05f9623d
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
echo "<html><head><title>Create Account</title>";
echo "</head><link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>";
echo "<body>";
$fname = $_POST["firstname"];
$mname = $_POST["middlename"];
$lname = $_POST["lastname"];
$username = $_POST["username"];
$password = $_POST["password1"];
#protection
$fname = stripslashes($fname);
$fname = mysqli_real_escape_string($mysqli,$fname);
$mname = stripslashes($mname);
$mname = mysqli_real_escape_string($mysqli,$mname);
$lname = stripslashes($lname);
$lname = mysqli_real_escape_string($mysqli,$lname);
$username = stripslashes($username);
$username = mysqli_real_escape_string($mysqli,$username);
$password = stripslashes($password);
$password = mysqli_real_escape_string($mysqli,$password);
#username has to be unique!
$sql = "SELECT * FROM account WHERE username = '" .$username. "'";
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($count == 0)
{
$sql = "INSERT INTO account (first_name,middle_name,last_name,username,password,position,load_balance) VALUES ('" .$fname. "','" . $mname. "','" .$lname. "','" .$username. "','" .$password. "','Client',0)";
$res = mysqli_query($mysqli, $sql);
if ($res === TRUE)
{
echo "<h1>A record has been inserted.</h1>";
echo "<div class = 'center'>";
echo "<br><a href = 'create_account.php' ><button>Back to Create Account</button></a></br>";
echo "<br><a href = 'login.php' ><button>Cancel</button></a></br>";
echo "</div>";
}
else {
printf("Could not insert record: %s\n", mysqli_error($mysqli));
echo "<br><a href = 'create_account.php' ><button>Back to Create Account</button></a></br>";
echo "<br><a href = 'login.php' ><button>Cancel</button></a></br>";
}
}
else
{
echo "<h1>Username Taken!</h1>";
echo "<div class = 'center'>";
echo "<br><a href = 'create_account.php' ><button>Back to Create Account</button></a></br>";
echo "<br><a href = 'login.php' ><button>Cancel</button></a></br>";
echo "</div>";
}
echo "</body>";
echo "</html>";
mysqli_close($mysqli);
}
?>
\ No newline at end of file
checkedit.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}else
{
$fname = $_POST["firstname"];
$mname = $_POST["middlename"];
$lname = $_POST["lastname"];
#protection
$fname = stripslashes($fname);
$fname = mysqli_real_escape_string($mysqli,$fname);
$mname = stripslashes($mname);
$mname = mysqli_real_escape_string($mysqli,$mname);
$lname = stripslashes($lname);
$lname = mysqli_real_escape_string($mysqli,$lname);
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account WHERE account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$password = $newArray['password'];
$sql = "UPDATE account SET first_name = '" .$fname. "', middle_name = '" .$mname. "', last_name = '" .$lname. "' WHERE account_id = " . $id ;
$res = mysqli_query($mysqli, $sql);
if ($res === TRUE)
{
echo "Your information has been edited!.";
echo "<br><a href = 'view_account.php' ><button>Back</button></a></br>";
}
else {
printf("Could not edit account: %s\n", mysqli_error($mysqli));
echo "<br><a href = 'homepage.php' ><button>Back</button></a></br>";
}
}
}
?>
\ No newline at end of file
checklogin.php 0 → 100644
View file @ 05f9623d
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
echo "<html><head><title>Create Account</title>";
echo "</head><link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>";
echo "<body>";
$username = $_POST["username"];
$password = $_POST["password"];
#protection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($mysqli,$username);
$password = mysqli_real_escape_string($mysqli,$password);
$sql = "SELECT * FROM account WHERE username = '" .$username. "' and password = '" .$password. "'";
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($count == 1)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$id = $newArray['account_id'];
$fname = $newArray['first_name'];
session_start();
$_SESSION['account_id'] = $id;
$_SESSION['first_name'] = $fname;
header("location:homepage.php"); #research
}
else
{
echo "<h1>Wrong Username or Password!</h1>";
echo "<div class = 'center'>";
echo "<br><a href = 'login.php' ><button>Back</button></a>";
echo "</div>";
}
echo "</body>";
}
?>
\ No newline at end of file
choose_mall.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Choose a Mall</title>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
</head>
<body>
<form method = 'post' action = 'menu.php'>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
$select_mall_query = "SELECT * FROM mall";
echo "<div class = 'center'>";
echo "<select class='mall_list' name='mall'>
<option value='0'>Choose a mall</option>";
foreach(mysqli_query($mysqli,$select_mall_query) as $option) {
$id = $option['mall_id'];
$name = $option['mall_name'];
echo "<option value='$id'>$name</option>";
}
echo "<input class = 'submit' type = 'submit' name = 'chooseMall' value = 'Im here at this Mall!'>";
echo "</div>";
}
session_regenerate_id();
}
?>
</form>
</body>
</html>
confirm_admin.php 0 → 100644
View file @ 05f9623d
<?
session_start();
if (isset($_GET['id']))
{
$mysqli = new mysqli("localhost","root","","dbadmin");
$promote_account_id = $_SESSION["promote_account_id"];
echo "promote_account_id";
//close connection to MySQL
mysqli_close($mysqli);
//redirect to showcart page
}
else
{
}
?>
create_account.php 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<head><title>Create Account</title>
<script>
function validateForm() {
var a = document.forms["myForm"]["firstname"].value;
var b = document.forms["myForm"]["middlename"].value;
var c = document.forms["myForm"]["lastname"].value;
var x = document.forms["myForm"]["username"].value;
var y = document.forms["myForm"]["password1"].value;
var z = document.forms["myForm"]["password2"].value;
if (a == "" || b == "" || c == "" || x == "" || y == "" || z == "") {
alert("Some fields need to be field!");
return false;
} else if (y != z)
{
alert("Passwords are not matching!");
return false;
}
}
</script>
</head>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
<body>
<h1>FooBu Create Account</h1>
<p>
<form action = "checkcreate.php" onsubmit = "return validateForm()" method = "POST" name = "myForm">
<fieldset class = "long">
<legend>Personal Information</legend>
Full Name:<br>
<input type = "text" id = "firstname" name = "firstname" placeholder = "First Name">
<input type = "text" id = "middlename" name = "middlename" placeholder = "Middle Name">
<input type = "text" id = "lastname" name = "lastname" placeholder = "Last Name">
</fieldset>
<fieldset class = "creation">
<legend>Account Details</legend>
Username:<br>
<input type = "text" id = "username" name = "username" placeholder = "Username"><br><br>
Password:<br>
<input type = "password" id = "password1" name = "password1" placeholder = "Password">
<input type = "password" id = "password2" name = "password2" placeholder = "Re-enter Password">
</fieldset>
</p>
<div class = "center">
<input class = "submit" type = "submit" value = "Submit">
</div>
</form>
<!--Buttons-->
<!--WIP-->
<div class = "center">
<br><a href = "login.php"><button class = "create">Cancel</button></a>
</div>
</body>
</html>
\ No newline at end of file
css/database_layout2.css 0 → 100644
View file @ 05f9623d
body {
font-family: "Calibri Light", Candara, sans-serif;
}
ul{
margin: 10px auto 10px auto;
padding: 3px;
border-top: 2px solid #000000;
border-bottom: 1px solid #000000;
}
li {
display: inline;
margin: 2px;
}
input.text {
color: #5A5854;
background-color: #FAFAFA;
border: 1px solid #BDBDBD;
border-radius: 5px;
padding: 3px;
}
input.sub_submit {
color: #7D7D7D;
background-color: #FFFFFF;
border: 1px solid #7D7D7D;
border-radius: 5px;
padding: 5px;
float: left;
margin: 3% 0% 0% 1.6%;
}
input.submit, button {
text-transform: uppercase;
color: #5a5854;
background-color: #FFFFFF;
border: none;
border-radius: 10px;
padding: 5px;
width: 19.45%;
}
input.submit:hover, input.sub_submit:hover, button:hover {
color: #FAFAFA !important;
background-color: #343434 !important;
}
button.even, button.odd {
width: 60% !important;
}
table.list {
float: left;
width: 60%;
min-width: 50%;
max-width: 80%;
margin: 0.8%;
}
th, td {
padding: 0.5% 0.5% 0.5% 1%;
}
th {
text-transform: uppercase;
letter-spacing: 0.1em;
font-size: 90%;
border-bottom: 2px solid #111111;
border-top: 1px solid #999999;
text-align: left;
}
tr.even, button.even {
background-color: #EFEFEF;
}
tr:hover {
color: #ECECEC;
background-color: #7B7B7B;
}
p.notif{
float: right;
width: 34%;
margin-right: 2.5%;
margin-top: 0.5%;
padding: 0.4% 0.5% 0.7% 0.5%;
}
fieldset{
float: right;
width: 32%;
margin-right: 2.5%;
padding: 0.4% 0.5% 0.7% 0.5%;
border-radius: 10px;
}
th.money, td.money {
text-align: right;
}
select {
margin: 0.8% 0.8% 0.8% 0.1%;
padding: 1%;
background-color: #FAFAFA;
color: #5A5854;
border-radius: 10px;
width: 42%;
overflow: scroll;
}
label.in {
margin: 0.8% 0.5% 0.8% 0.1%;
padding: 0.3% 0% 0.3% 2%;
float: left;
width: 45%;
}
select, input.text, div.rad {
margin: 0.8% 0.5% 0.8% 0.1% !important;
padding: 1% !important;
}
\ No newline at end of file
display_accounts-2.php 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<head>
<title>FooBu Clients</title>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="process_account.php"></li>
<?php
session_start();
#process_account
#display_accounts-2
#print_r($_POST);
#print_r($_SESSION);
#setting up the connection
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
WHERE position <> 'Dev'
ORDER BY account_id ASC";
$result = mysqli_query($mysqli,$sql);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Position: " . $newArray['position']. "<br>";
echo "Mall: " . $newArray['mall_name'] . ", Restaurant: " . $newArray['rest_name']. "<br>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul><li><input class='submit' type='submit' name='accounts_add' value='Add Load'></li></ul></div>";
#should not display Admin and Dev accounts to avoid exploitation
$table_query = "SELECT * FROM account WHERE position = 'Client'";
$message = null;
#check message in $_SESSION
if(isset($_SESSION['message']))
{
$message = $_SESSION['message'];
$notif = "Please select an account.";
if($message == 'promoted') $notif = "Account promoted.";
else if($message == 'loaded') $notif = 'Load added to account.';
else if($message == 'cancelled') $notif = 'Transaction cancelled.';
echo "<p class='notif'> $notif </p>";
}
if(isset($_SESSION['accounts_add']))
{
$_SESSION['accounts_add'] = NULL; #n00b method, but it works for my purposes
$loadee_id = $_SESSION['loadee'];
$select_query = "SELECT first_name FROM account WHERE account_id = '$loadee_id'";
$stmt = $mysqli->query($select_query);
$row = mysqli_fetch_array($stmt,MYSQLI_ASSOC);
echo
"<fieldset class = 'notice'>
<legend> Add Load to " . $row['first_name'] . " </legend>";
echo "<label class='in'>Load Amount: </label>";
echo
"<input class='text' type='text' name='load_amount' value='00.00'><br>
<input class='sub_submit' type='submit' name='add_load' value='Add Load to Account'>
<input class='sub_submit' type='submit' name='cancel' value='Cancel'>
</fieldset>";
#end of display
}
#display mall table contents
echo "<table class='list'>";
echo
"<tr>
<th>Account ID</th>
<th>Name</th>
<th>Username</th>
<th class='money'>Balance</th>
<th>Position</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($mysqli->query($table_query) as $myrow)
{
$id = $myrow['account_id'];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='radio' name='account' value='$id'>", $id;
echo "<td>";
echo $myrow['first_name'], " ", $myrow['middle_name'], " ", $myrow['last_name'];
echo "<td>";
echo $myrow['username'];
echo "<td class = 'number'>";
echo $myrow['load_balance'];
echo "<td>";
echo $myrow['position'];
echo "</tr>";
}
echo "</table>";
#end of display
$_SESSION['message'] = NULL;
}
}?>
</form>
</body>
</html>
\ No newline at end of file
display_accounts.php 0 → 100644
View file @ 05f9623d
This diff is collapsed.
display_items-2.php 0 → 100644
View file @ 05f9623d
<?php session_start(); ?>
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function goBack() {
window.location="homepage.php";
}
</script>
<link href="css\database_layout2.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="process_item.php">
<ul>
<!--<li><input class="submit" type="submit" name="delete_all" value="Delete All"></li>-->
<li><input class="submit" type="button" name="back" value="Homepage" onclick="goBack()"></li>
<li><input class="submit" type="submit" name="add" value="Add"></li>
<li><input class="submit" type="submit" name="delete" value="Delete"></li>
<li><input class="submit" type="submit" name="edit" value="Edit"></li>
</ul>
<?php
print_r($_SESSION);
#setting up the connection
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch( PDOException $e ) {
echo "Connection failed: " . $e->getMessage();
}
$mysqli = new mysqli("localhost","root","joel2013","dbadmin");
$account_id = $_SESSION['account_id'];
$sql = "SELECT * FROM account WHERE account_id = " .$account_id;
$result = mysqli_query($mysqli,$sql);
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['mall_id'];
$table_query = "SELECT * FROM item";
$select_query = "SELECT * FROM restaurant";
#$db->query($table_query);
/*if(isset($_POST['delete_all'])) {
$complete_delete_query = "TRUNCATE item";
$db->query($complete_delete_query);
echo "<p class='notif'> List emptied. If you have done this by mistake, then oops. </p>";
}*/
if(isset($_SESSION["message"])) {
if($_SESSION["message"] == "add") { #check if the ADD button was pressed
#display form for ADD MENU ITEM
echo
"<fieldset>
<legend> Add menu item </legend>";
echo "<label class='in'>Insert menu item name: </label>";
echo
"<input class='text' type='text' name='item_name'><br>";
echo "<label class='in'>Insert item price: </label>
<input class='text' type='text' name='price'><br>
<label class='in'>Item type: </label>
<div class='rad'>
<input type='radio' name='item_type' value='Snacks' id='sn'> <label for='sn'>Snacks</label>
<input type='radio' name='item_type' value='Drinks' id='dr'> <label for='dr'>Drinks</label><br>
</div>
<label class='in'>Availability: </label>
<div class='rad'>
<input type='radio' name='avail' value='yes' id='y'> <label for='y'>Available</label>
<input type='radio' name='avail' value='no' id='n'> <label for='n'>Not Available</label>
</div>
<input class='sub_submit' type='submit' name='add_item' value='Add Menu Item'>
<input class='sub_submit' type='submit' name='cancel' value='Cancel'>
</fieldset>";
}
else if($_SESSION["message"] == "delete") { #check if the DELETE button was pressed
echo "<p class='notif'> Item(s) deleted. </p>";
}
else if($_SESSION["message"] == "edit") {
#print_r($_POST); #for checking purposes
$edit_entry_id = $_SESSION['edit_id'];
$select_query = "SELECT * FROM item WHERE item_id = '$edit_entry_id'";
$stmt = $db->query($select_query);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$edit_item_name = $row['item_name'];
$edit_item_price = $row['price'];
if($edit_item_name == NULL) {
echo
"<p class='notif'> Please select one (1) menu item entry to edit, then click [Edit]. <br> <br>
Note that if multiple entries are selected, only the <b>first one</b> selected on the list will be considered for editing.
</p>";
}
else {
#display form for EDIT MENU ITEM
echo
"<fieldset>
<legend> Edit menu item </legend>";
echo "<label class='in'>Insert new menu item name: </label>";
echo
"<input class='text' type='text' name='new_item_name' value='$edit_item_name'><br>";
echo "<label class='in'>Insert new item price: </label>
<input class='text' type='text' name='new_price' value='$edit_item_price'><br>
<label class='in'>New item type: </label>
<div class='rad'>
<input type='radio' name='new_item_type' value='Snacks' id='sn'> <label for='sn'>Snacks</label>
<input type='radio' name='new_item_type' value='Drinks' id='dr'> <label for='dr'>Drinks</label><br>
</div>
<label class='in'>Availability: </label>
<div class='rad'>
<input type='radio' name='change_avail' value='yes' id='y'> <label for='y'>Available</label>
<input type='radio' name='change_avail' value='no' id='n'> <label for='n'>Not Available</label>
</div>
<input class='sub_submit' type='submit' name='edit_item' value='Save Changes'>
<input class='sub_submit' type='submit' name='cancel' value='Cancel'>
<input type='hidden' name='id' value='$edit_entry_id'><!--#to send item_id-->
</fieldset>";
}
}
else if($_SESSION["message"] == "add_item") {
echo "<p class='notif'> Item added. </p>";
}
else if($_SESSION["message"] == "edit_item") {
echo "<p class='notif'> Item updated. </p>";
}
}
#display item table contents
echo "<table class='list'>";
echo
"<tr>
<th>Item ID</th>
<th>Item Name</th>
<th class='money'>Price</th>
<th>Type</th>
<th>Is Available</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($db->query($table_query) as $myrow) {
$checkbox_id = $myrow["item_id"];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#for readability
$availability = 'Yes';
if($myrow["is_available"] == 0) $availability = 'No';
else $availability = 'Yes';
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["item_id"];
echo "<td>";
echo $myrow["item_name"];
echo "<td class='money'>";
echo $myrow["price"];
echo "<td>";
echo $myrow["type"];
echo "<td>";
echo $availability;
echo "</tr>";
}
echo "</table>";
#end of display
$_SESSION["message"] = NULL;
$_SESSION["edit_id"] = NULL;
?>
</form>
</body>
</html>
\ No newline at end of file
display_items.php 0 → 100644
View file @ 05f9623d
This diff is collapsed.
display_malls.php 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<head>
<head>
<title>All FooBu Malls</title>
<script type="text/javascript">
function validate(val) {
if(val == "Add Mall") {
var x = document.forms["main_form"]["mall_name"].value;
if(x == null || x == "") {
alert("Please put a valid mall name.");
return false;
}
}
else if(val == "Save Changes") {
var y = document.forms["main_form"]["new_mall_name"].value;
if(y == null || y == "") {
alert("Please put a new valid mall name.");
return false;
}
}
}
function viewPage() {
window.location = "display_malls.php";
}
function goBack() {
window.location = "homepage.php";
}
</script>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="display_malls.php" onsubmit="return validate()">
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Position: " . $newArray['position']. "<br>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul>
<!--<li><input class='submit' type='submit' name='delete_all' value='Delete All'></li>-->
<li><input class='submit' type='button' name='view' value='View List' onclick='viewPage()'></li>
<li><input class='submit' type='submit' name='add' value='Add' onsubmit='redirect()'></li>
<li><input class='submit' type='submit' name='delete' value='Delete'></li>
<li><input class='submit' type='submit' name='edit' value='Edit'></li>
</ul></div>";
#Doesn't work fak, but I might need it, so I'll keep it
/*session_start();
if(isset($_SESSION['add']) != NULL || isset($_SESSION['delete']) != NULL || isset($_SESSION['edit']) != NULL || isset($_SESSION['delete_all']) != NULL) {
if(($_SESSION['add'] == $_POST['add']) || ($_SESSION['delete'] == $_POST['delete']) || ($_SESSION['edit'] == $_POST['edit']) || ($_SESSION['delete_all'] == $_POST['delete_all'])) {
header("Location: display_malls.php");
}
}
else {
if(isset($_POST['add'])) {
$_SESSION['add'] = $_POST['add'];
}
else if(isset($_POST['delete'])) {
$_SESSION['delete'] = $_POST['delete'];
}
else if(isset($_POST['edit'])) {
$_SESSION['edit'] = $_POST['edit'];
}
else if(isset($_POST['delete_all'])) {
$_SESSION['delete_all'] = $_POST['delete_all'];
}
}*/
$table_query = "SELECT * FROM mall";
#$db->query($table_query);
/*if(isset($_POST['delete_all'])) {
$complete_delete_query = "TRUNCATE mall";
$db->query($complete_delete_query);
echo "<p class='notif'> List emptied. If you have done this by mistake, then oops. </p>";
}*/
if(isset($_POST['add']))
{ #check if the ADD button was pressed
#display form for ADD MALL
echo
"<fieldset class = 'notice'>
<legend> Add New Mall </legend>
<!--<form name='add_form' method='post' action='display_malls.php'>-->";
echo "<label class='in'>New Mall Name: </label>";
echo
"<input class='text' type='text' name='mall_name'>
<input class='sub_submit' type='submit' name='add_mall' value='Add Mall' onclick='return validate(this.value)'>
<!--</form>-->
</fieldset>";
#end of display
}
else if(isset($_POST['delete']))
{ #check if the DELETE button was pressed
#print_r($_POST); #for checking purposes
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the mall list
$delete_entry = $myrow["mall_id"]; #assign current entry's mall_id to variable
if(isset($_POST[$delete_entry]) != NULL)
{ #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$delete_query = "DELETE FROM mall WHERE mall_id = '$delete_entry'";
$delete_result = mysqli_query($mysqli,$delete_query);
if($delete_result === TRUE)
{
echo "<p class='notif'> Mall(s) deleted. </p>";
}
else
{
echo "<p class='notif'> Can't delete: Accounts/Restaurants are tied to this Mall!<br> Try to reassign the Accounts or Delete Restaurants from this Mall first then Delete!</p>";
}
}
}
}
else if(isset($_POST['edit']))
{
#print_r($_POST); #for checking purposes
$edit_mall_name = NULL;
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the mall list
$edit_entry_id = $myrow["mall_id"]; #assign current entry's mall_id to variable
if(isset($_POST[$edit_entry_id]) != NULL)
{ #check if the entry's checkbox was selected (meaning the entry should be deleted)
$edit_mall_name = $myrow["mall_name"]; #assign entry's mall name to variable
break; #get out of loop
}
}
if($edit_mall_name == NULL)
{
echo
"<p class='notif'> Please select one (1) mall entry to edit, then click [Edit]. <br> <br>
Note that if multiple entries are selected, only the <b>first one</b> selected on the list will be considered for editing.
</p>";
}
else
{
#display form for EDIT MALL
echo
"<fieldset class = 'notice'>
<legend> Edit Mall Data </legend>
<!--<form name='edit_form' method='post' action='display_malls.php'>-->";
echo "<label class='in'>Mall Name: </label>";
echo
"<input class='text' type='text' name='new_mall_name' value='$edit_mall_name'><br>
<input class='sub_submit' type='submit' name='edit_mall' value='Save Changes' onclick='return validate(this.value)'>
<input type='hidden' name='id' value='$edit_entry_id'><!--#to send mall_id-->
<!--</form>-->
</fieldset>";
}
}
else if(isset($_POST['add_mall']))
{
$mall_name = $_POST['mall_name']; #get the mall name from the textbox named "mall_name"
#print_r($_POST); #for checking purposes
#execute insertion
$insert_query = "INSERT INTO mall(mall_name) VALUES ('$mall_name')";
$mysqli->query($insert_query);
echo "<p class='notif'> Mall added. </p>";
#header("Location: display_malls.php"); #to avoid refresh issues
}
else if(isset($_POST['edit_mall']))
{
$new_mall_name = $_POST['new_mall_name']; #get the mall name from the textbox named "new_mall_name"
$mall_id = $_POST['id']; #get the mall id from the hidden input component of the form named "id"
#print_r($_POST); #for checking purposes
#execute update
$update_query = "UPDATE mall SET mall_name = '$new_mall_name' WHERE mall_id = '$mall_id'";
$mysqli->query($update_query);
echo "<p class='notif'> Mall updated. </p>";
#header("Location: display_malls.php"); #to avoid refresh issues
}
#display mall table contents
echo "<table class='list'>";
echo
"<tr>
<th>Mall ID</th>
<th>Mall Name</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($mysqli->query($table_query) as $myrow)
{
$checkbox_id = $myrow["mall_id"];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["mall_id"];
echo "<td>";
echo $myrow["mall_name"];
echo "</tr>";
}
echo "</table>";
}
}
#end of display
?>
</form>
</body>
</html>
\ No newline at end of file
display_order.php 0 → 100644
View file @ 05f9623d
<?php session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
#setting up the connection
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
$id = $_SESSION['account_id'];
$mysqli = new mysqli("localhost","root","","dbadmin");
$sql = "SELECT * FROM account
INNER JOIN mall ON account.mall_id = mall.mall_id
WHERE account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$mall_id = $account['mall_id'];
$position = $account['position'];
$sql2 = "SELECT * FROM mall
WHERE mall_id = ".$mall_id;
$result2 = mysqli_query($mysqli,$sql2);
$account2 = mysqli_fetch_array($result2, MYSQLI_ASSOC);
echo "<html>
<head>
<title>".$account2['mall_name']." Orders</title>
<script type='text/javascript'>
function goBack() {
window.location = 'homepage.php';
}
</script>
<link href='styles.css' type='text/css' rel='stylesheet'>
</head>
<body>
<form name='main_form' method='post' action='display_order.php'>
</head>
<body>";
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Position: " . $account['position']. "<br>";
echo "Mall: " . $account['mall_name'];
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul>
<li><input class='submit' type='submit' name='view' value='View Order'></li>
<li><input class='submit' type='submit' name='dibs' value='Dibs'></li>
<li><input class='submit' type='submit' name='delivered' value='Delivered'></li>
</ul></div>";
$table_query = "SELECT * FROM orders a
INNER JOIN mall b ON a.mall_id = b.mall_id
INNER JOIN account c ON a.account_id = c.account_id
WHERE a.mall_id = " .$mall_id. " AND a.status != 'Delivered'";
$zz = "SELECT * from orderitems a
INNER JOIN orders b ON a.order_id = b.order_id
INNER JOIN account c ON b.account_id = c.account_id";
$table2_query = "SELECT * FROM orderitems";
if(isset($_POST['dibs'])) { #check if the dibs button was pressed
#change status to preparing
foreach ($db->query($table_query) as $myrow) { #for all entries in the item list
$dibs_entry = $myrow["order_id"]; #assign current entry's item_id to variable
$client_id = $myrow['account_id'];
if(isset($_POST[$dibs_entry]) != NULL) { #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute change
#changing the status and placing boy
$update_query = "UPDATE orders SET status = 'Assembling', boy_id = '$id' WHERE order_id = '$dibs_entry'";
$db->query($update_query);
#creating a message that it is being done
$boy_id = $_SESSION['account_id'];
$boy_acc_query = "SELECT * FROM account WHERE account_id = " . $boy_id;
$sender_acc_result = mysqli_query($mysqli,$boy_acc_query);
$senderAccArray = mysqli_fetch_array($sender_acc_result, MYSQLI_ASSOC);
$sender_acc= $senderAccArray['first_name'] . " ''".$senderAccArray['username']."'' " . $senderAccArray['last_name'];
$msg = "Your Order has been received by " . $sender_acc. "! Please wait for 20 mins!";
$message_query = "INSERT INTO message (recipient_id,sender_id,msg_date,msg) VALUES ( ".$client_id.", " .$boy_id .", now(), '".$msg."')";
$result = mysqli_query($mysqli,$message_query);
}
}
}
else if(isset($_POST['view'])){ #check if the VIEW ORDER button was pressed
echo
"<fieldset class = 'notice'>
<legend> Order Items </legend>";
echo "<table>";
echo
"<tr>
<th>Restaurant</th>
<th>Food Item</th>
<th>Quantity</th>
</tr>";
foreach ($db->query($zz) as $myrow) { #for all entries in the order item list
$display_entry = $myrow["order_id"]; #assign current entry's item_id to variable
if(isset($_POST[$display_entry]) != NULL) { #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
$checkbox_id = $myrow["order_id"];
$cust_id = $myrow['account_id'];
#for layout purposes start
#end
#echo $checkbox_id; #for checking purposes
echo "<td>";
$rest_name_query = "SELECT rest_name FROM restaurant
INNER JOIN item ON restaurant.rest_id = item.rest_id
WHERE item_id = " . $myrow['item_id'];
$rest_name_result = mysqli_query($mysqli,$rest_name_query);
$rest_Array = mysqli_fetch_array($rest_name_result, MYSQLI_ASSOC);
$rest_name= $rest_Array['rest_name'];
echo $rest_name;
echo "</td><td>";
$item_name_query = "SELECT item_name FROM item WHERE item_id = " . $myrow['item_id'];
$item_name_result = mysqli_query($mysqli,$item_name_query);
$item_Array = mysqli_fetch_array($item_name_result, MYSQLI_ASSOC);
$item_name= $item_Array['item_name'];
echo $item_name;
echo "</td><td class = 'number'>";
echo $myrow["item_qty"];
echo "</td>";
echo "</tr>";
}
}
echo "</table>";
echo "</fieldset>";
}
#CHECK CASCADE DELETE
else if(isset($_POST['delivered'])) { #check if the DELETE button was pressed
#print_r($_POST); #for checking purposes
foreach ($db->query($table_query) as $myrow) { #for all entries in the item list
$delivered_entry = $myrow["order_id"]; #assign current entry's item_id to variable
if(isset($_POST[$delivered_entry]) != NULL) { #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$select_order_query = "SELECT status FROM orders WHERE order_id = $delivered_entry";
foreach(mysqli_query($mysqli,$select_order_query) as $myRow)
{
if($myrow['status']== 'Assembling')
{
$delivered_query = "UPDATE orders SET status = 'Delivered' WHERE order_id = '$delivered_entry'";
$db->query($delivered_query);
}
else
{
echo "Cannot deliver an order if no one is assigned to it yet!";
}
}
}
}
}
#display mall table contents
echo "<table class='list'>";
echo
"<tr>
<th>Order ID</th>
<th>Time Received</th>
<th>Username</th>
<th>Mall</th>
<th>Cinema</th>
<th>Seat Number</th>
<th>Status</th>
<th>Boy in-Charge</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($db->query($table_query) as $myrow) {
$checkbox_id = $myrow["order_id"];
$boy_id = $myrow['boy_id'];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["order_id"];
echo "</td><td class = 'number'>";
echo $myrow["order_time"];
echo "</td><td>";
echo $myrow["username"];
echo "</td><td>";
echo $myrow["mall_name"];
echo "</td><td class = 'number'>";
echo $myrow["cinema_num"];
echo "</td><td class = 'number'>";
echo $myrow["seat_num"];
echo "</td><td>";
echo $myrow["status"];
echo "</td>";
echo "</td><td>";
if($boy_id != null)
{
$boy_acc_query = "SELECT * FROM account WHERE account_id = " . $boy_id;
$sender_acc_result = mysqli_query($mysqli,$boy_acc_query);
$senderAccArray = mysqli_fetch_array($sender_acc_result, MYSQLI_ASSOC);
$sender_acc= $senderAccArray['first_name'] . " ''".$senderAccArray['username']."'' " . $senderAccArray['last_name'];
echo $sender_acc;
}
echo "</td>";
echo "</tr>";
}
echo "</table>";
#end of display
?>
</body>
</html>
\ No newline at end of file
display_orderitems.php 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<head>
<link href="css\database_layout2.css" type="text/css" rel="stylesheet">
</head>
<body>
<?php
#setting up the connection
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
#Doesn't work fak, but I might need it, so I'll keep it
/*session_start();
if(isset($_SESSION['add']) != NULL || isset($_SESSION['delete']) != NULL || isset($_SESSION['edit']) != NULL || isset($_SESSION['delete_all']) != NULL) {
if(($_SESSION['add'] == $_POST['add']) || ($_SESSION['delete'] == $_POST['delete']) || ($_SESSION['edit'] == $_POST['edit']) || ($_SESSION['delete_all'] == $_POST['delete_all'])) {
header("Location: display_malls.php");
}
}
else {
if(isset($_POST['add'])) {
$_SESSION['add'] = $_POST['add'];
}
else if(isset($_POST['delete'])) {
$_SESSION['delete'] = $_POST['delete'];
}
else if(isset($_POST['edit'])) {
$_SESSION['edit'] = $_POST['edit'];
}
else if(isset($_POST['delete_all'])) {
$_SESSION['delete_all'] = $_POST['delete_all'];
}
}*/
$table_query = "SELECT * FROM orderitems a
INNER JOIN item b ON a.item_id = b.item_id
INNER JOIN restaurant c ON b.rest_id = c.rest_id
ORDER BY a.order_id ASC";
#display mall table contents
echo "<table class='list'>";
echo
"<tr>
<th>From Order ID</th>
<th>Restaurant</th>
<th>Item Name</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($db->query($table_query) as $myrow) {
$checkbox_id = $myrow["orderitem_id"];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["order_id"];
echo "</td><td>";
echo $myrow["rest_name"];
echo "</td><td>";
echo $myrow["item_name"];
echo "</td>";
echo "</tr>";
}
echo "</table>";
#end of display
?>
</body>
</html>
\ No newline at end of file
display_orders_to_be_prepared.php 0 → 100644
View file @ 05f9623d
<?php session_start();?>
<!DOCTYPE html>
<html>
<head>
<title>Your Claimed Orders</title>
<script type="text/javascript">
function goBack() {
window.location = "homepage.php";
}
</script>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="display_orders_to_be_prepared.php">
</head>
<body>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Position: " . $account['position']. "<br>";
echo "Mall: " . $account['mall_name'];
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul>
<li><input class='submit' type='submit' name='sortA' value='Sort by Account'></li>
<li><input class='submit' type='submit' name='sortR' value='Sort by Restaurant'></li>
</ul></div>";
$table_query = "SELECT * from orderitems a
INNER JOIN orders b ON a.order_id = b.order_id
INNER JOIN account c ON b.account_id = c.account_id
WHERE b.boy_id = " .$id. " AND b.status = 'Assembling'";
if(isset($_POST['sortA']))
{ #Sort by Account
$id = $_SESSION['account_id'];
$table_query = "SELECT * from orderitems a
INNER JOIN orders b ON a.order_id = b.order_id
INNER JOIN account c ON b.account_id = c.account_id
WHERE b.boy_id = ".$id."
AND b.status = 'Assembling'
ORDER BY c.account_id";
}
else if(isset($_POST['sortR'])){ #Sort by Restaurant
$id = $_SESSION['account_id'];
$table_query = "SELECT * from orderitems a
INNER JOIN orders b ON a.order_id = b.order_id
INNER JOIN item c ON a.item_id = c.item_id
INNER JOIN restaurant d ON c.rest_id = d.rest_id
WHERE b.boy_id = ".$id."
AND b.status = 'Assembling'
ORDER BY d.rest_id";
}
else if(isset($_POST['deliver']))
{ #check if the DIBS button was pressed
#send notification to client (wala pa to)
}
#CHECK CASCADE DELETE
else if(isset($_POST['delete']))
{ #check if the DELETE button was pressed
#print_r($_POST); #for checking purposes
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the item list
$delete_entry = $myrow["order_id"]; #assign current entry's item_id to variable
if(isset($_POST[$delete_entry]) != NULL)
{ #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$deleteitem_query = "DELETE FROM orderitems WHERE order_id = '$delete_entry'";
$mysqli->query($deleteitem_query);
$delete_query = "DELETE FROM orders WHERE order_id = '$delete_entry'";
$mysqli->query($delete_query);
}
}
}
#display mall table contents
echo "<table class='special'>";
echo
"<tr>
<th>Account</th>
<th>Restaurant</th>
<th>Food Item</th>
<th>Quantity</th>
<th>Cinema</th>
<th>Seat Number</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($mysqli->query($table_query) as $myrow)
{
$checkbox_id = $myrow["order_id"];
$cust_id = $myrow['account_id'];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
$boy_acc_query = "SELECT * FROM account WHERE account_id = " . $cust_id;
$sender_acc_result = mysqli_query($mysqli,$boy_acc_query);
$senderAccArray = mysqli_fetch_array($sender_acc_result, MYSQLI_ASSOC);
$sender_acc= $senderAccArray['first_name'] . " ''".$senderAccArray['username']."'' " . $senderAccArray['last_name'];
echo $sender_acc;
echo "</td><td>";
$rest_name_query = "SELECT rest_name FROM restaurant
INNER JOIN item ON restaurant.rest_id = item.rest_id
WHERE item_id = " . $myrow['item_id'];
$rest_name_result = mysqli_query($mysqli,$rest_name_query);
$rest_Array = mysqli_fetch_array($rest_name_result, MYSQLI_ASSOC);
$rest_name= $rest_Array['rest_name'];
echo $rest_name;
echo "</td><td>";
$item_name_query = "SELECT item_name FROM item WHERE item_id = " . $myrow['item_id'];
$item_name_result = mysqli_query($mysqli,$item_name_query);
$item_Array = mysqli_fetch_array($item_name_result, MYSQLI_ASSOC);
$item_name= $item_Array['item_name'];
echo $item_name;
echo "</td><td class = 'number'>";
echo $myrow["item_qty"];
echo "</td><td class = 'number'>";
echo $myrow["cinema_num"];
echo "</td><td class = 'number'>";
echo $myrow["seat_num"];
echo "</td>";
echo "</tr>";
}
echo "</table>";
}
}
#end of display
?>
</body>
</form>
</html>
\ No newline at end of file
display_rest.php 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<head>
<title>All FooBu Restaurants</title>
<script type="text/javascript">
function viewPage() {
window.location = "display_rest.php";
}
function goBack() {
window.location = "homepage.php";
}
</script>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="display_rest.php">
<?php
session_start();
#setting up the connection
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Position: " . $newArray['position']. "<br>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul>
<!--<li><input class='submit' type='submit' name='delete_all' value='Delete All'></li>-->
<li><input class='submit' type='button' name='view' value='View List' onclick='viewPage()'></li>
<li><input class='submit' type='submit' name='add' value='Add'></li>
<li><input class='submit' type='submit' name='delete' value='Delete'></li>
<li><input class='submit' type='submit' name='edit' value='Edit'></li>
</ul></div>";
$select_query = "SELECT * FROM mall";
$table_query = "SELECT * FROM restaurant INNER JOIN mall ON restaurant.mall_id = mall.mall_id";
$result3 = mysqli_query($mysqli,$select_query);
#$db->query($table_query);
#print_r($_POST); #for checking purposes
/*if(isset($_POST['delete_all'])) {
$complete_delete_query = "TRUNCATE restaurant";
$db->query($complete_delete_query);
echo "<p class='notif'> List emptied. If you have done this by mistake, then oops. </p>";
}*/
if(isset($_POST['add']))
{ #check if the ADD button was pressed
#display form for ADD RESTAURANT
echo
"<fieldset class = 'notice'>
<legend> Add New Restaurant </legend>";
echo "<label class='in'>New Restaurant Name: </label>";
echo
"<input class='text' type='text' name='rest_name'><br>";
echo
"<label class='in'>Select Mall: </label>
<select class='mall_list' name='malls'>
<option value='0' selected>Choose a Mall</option>";
foreach(mysqli_query($mysqli,$select_query) as $option)
{
$r_id = $option['mall_id'];
$mall_name = $option['mall_name'];
echo "<option value='$r_id'>$mall_name</option>";
}
echo
"</select><br>
<input class='sub_submit' type='submit' name='add_rest' value='Add Restaurant'>
</fieldset>";
#end of display
}
else if(isset($_POST['delete']))
{ #check if the DELETE button was pressed
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the restaurant list
$delete_entry = $myrow["rest_id"]; #assign current entry's rest_id to variable
if(isset($_POST[$delete_entry]) != NULL)
{ #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$delete_query = "DELETE FROM restaurant WHERE rest_id = '$delete_entry'";
$delete_result = mysqli_query($mysqli,$delete_query);
if($delete_result === TRUE)
{
echo "<p class='notif'> Restaurant(s) deleted. </p>";
}
else
{
echo "<p class='notif'> Can't delete: Accounts are tied to this Restaurant! Try to reassign the Accounts from this Restaurant first then Delete!</p>";
}
}
}
}
else if(isset($_POST['edit']))
{
$edit_rest_name = NULL;
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the restaurant list
$edit_entry_id = $myrow["rest_id"]; #assign current entry's rest_id to variable
if(isset($_POST[$edit_entry_id]) != NULL)
{ #check if the entry's checkbox was selected (meaning the entry should be deleted)
$edit_rest_name = $myrow["rest_name"]; #assign entry's restaurant name to variable
break; #get out of loop
}
}
if($edit_rest_name == NULL)
{
echo
"<p class='notif'> Please select one (1) restaurant entry to edit, then click [Edit]. <br> <br>
Note that if multiple entries are selected, only the <b>first one</b> selected on the list will be considered for editing.
</p>";
}
else
{
#display form for EDIT RESTAURANT
echo
"<fieldset class = 'notice'>
<legend> Edit Restaurant Data </legend>";
echo "<label class='in'>Restaurant Name: </label>";
echo
"<input class='text' type='text' name='new_rest_name' value='$edit_rest_name'><br>";
echo
"<label class='in'>Select Mall: </label>
<select class='mall_list' name='malls'>
<option value='0'>Choose a Mall</option>";
foreach($mysqli->query($select_query) as $option)
{
$id = $option['mall_id'];
$name = $option['mall_name'];
echo "<option value='$id'>[$id] $name</option>";
}
echo
"</select><br>
<input class='sub_submit' type='submit' name='edit_rest' value='Save Changes'>
<input type='hidden' name='id' value='$edit_entry_id'><!--#to send rest_id-->
</fieldset>";
}
}
else if(isset($_POST['add_rest']))
{
$rest_name = $_POST['rest_name']; #get the restaurant name from the textbox named "rest_name"
$rest_mall_id = $_POST['malls']; #get the mall name from the dropdown list called "malls"
#execute insertion
#temporarily hard-coded to insert mall_id
$insert_query = "INSERT INTO restaurant(mall_id, rest_name) VALUES ('$rest_mall_id', '$rest_name')";
$mysqli->query($insert_query);
echo "<p class='notif'> Restaurant added. </p>";
}
else if(isset($_POST['edit_rest']))
{
$new_rest_name = $_POST['new_rest_name']; #get the restaurant name from the textbox named "new_rest_name"
$new_rest_mall_id = $_POST['malls'];
$rest_id = $_POST['id']; #get the restaurant id from the hidden input component of the form named "id"
#execute update
$update_query = "UPDATE restaurant SET rest_name = '$new_rest_name', mall_id = '$new_rest_mall_id' WHERE rest_id = '$rest_id'";
$mysqli->query($update_query);
echo "<p class='notif'> Restaurant updated. </p>";
}
#display restaurant table contents
echo "<table class='list'>";
echo
"<tr>
<th>Restaurant ID</th>
<th>Mall ID</th>
<th>Restaurant Name</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($mysqli->query($table_query) as $myrow)
{
$checkbox_id = $myrow["rest_id"];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["rest_id"];
echo "<td>";
echo $myrow["mall_name"];
echo "<td>";
echo $myrow["rest_name"];
echo "</tr>";
}
echo "</table>";
}
}
#end of display
?>
</form>
</body>
</html>
\ No newline at end of file
edit.php 0 → 100644
View file @ 05f9623d
<?php
$mysqli = mysqli_connect("localhost","root","joel2013","testDB");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$clean_id = $_POST["item"];
$clean_text = mysqli_real_escape_string($mysqli, $_POST["textfield"]);
$sql = "UPDATE testTable SET testField = '".$clean_text."' WHERE id = ".$clean_id."";
$res = mysqli_query($mysqli,$sql) or die (mysqli_error($mysqli));
if($res === TRUE)
{
echo "Record has been edited.";
}
else{
printf("Could not edit record: %s\n",mysqli_error($mysqli ));
}
mysqli_close($mysqli);
}
?>
<!DOCTYPE html>
<html>
<head><title>TEST</title></head>
<body>
<a href = "edit_form.html"><button>Back to Edit!</button></a>
</body>
</html>
\ No newline at end of file
edit_account.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head><title>Edit FooBu Account</title>
<script>
function validateForm() {
var a = document.forms["myForm"]["firstname"].value;
var b= document.forms["myForm"]["middlename"].value;
var c = document.forms["myForm"]["lastname"].value;
if (a== "" || b == "" || c == "") {
alert("Pls put input!");
return false;
}
}
</script>
</head>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
<body>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $account['position']. "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $account['mall_name'] . ", Restaurant: " . $account['rest_name']. "<br>";
else echo "Mall: " . $account['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
}
}
?>
<h1>Edit Account</h1>
<p>
<form action = "checkedit.php" onsubmit = "return validateForm()" method = "POST" name = "myForm">
<fieldset class = "creation">
<legend>Personal Information</legend>
Full Name:<br>
<input type = "text" id = "firstname" name = "firstname" placeholder = "First Name">
<input type = "text" id = "middlename" name = "middlename" placeholder = "Middle Name">
<input type = "text" id = "lastname" name = "lastname" placeholder = "Last Name">
</fieldset>
</p>
<div class = "center">
<input class = "submit" type = "submit" value = "Submit">
</div>
</form>
<!--Buttons-->
<!--WIP-->
<div class = "center">
<br><a href = "homepage.php"><button>Cancel</button></a>
</div>
</body>
</html>
\ No newline at end of file
edit_form.html 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<head><title>TEST</title></head>
<body>
<form method = "post" action = "edit.php">
<p><label for = "item">Which item to edit:</label></br>
<input type = "text" id = "item" name = "item"></p>
<p><label for = "textfield">Edit into What:</label></br>
<input type = "text" id = "textfield" name = "textfield"></p>
<button type = "submit" name = "submit" value = "edit">Edit Record</button>
</form>
</body>
</html>
\ No newline at end of file
edit_password.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head><title>Edit FooBu Password</title>
<script>
function validateForm() {
var a = document.forms["myForm"]["old_password"].value;
var b= document.forms["myForm"]["password1"].value;
var c = document.forms["myForm"]["password2"].value;
if (a== "" || b == "" || c == "") {
alert("Please fill in all fields.");
return false;
}else if(b != c)
{
alert("New Passwords are not equal!");
return false;
}
}
</script>
</head>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
<body>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $account['position']. "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $account['mall_name'] . ", Restaurant: " . $account['rest_name']. "<br>";
else echo "Mall: " . $account['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
}
}
?>
<h1>Edit Password</h1>
<p>
<form action = "checkPassedit.php" onsubmit = "return validateForm()" method = "POST" name = "myForm">
<fieldset class = "creation">
<legend>Password</legend>
Old Password:<br>
<input type = "password" id = "old_password" name = "old_password" placeholder = "Old Password"><br><br>
New Password:<br>
<input type = "password" id = "password1" name = "password1" placeholder = "New Password">
<input type = "password" id = "password2" name = "password2" placeholder = "Re-enter New Password">
</fieldset>
</p>
<div class = 'center'>
<input class = "submit" type = "submit" value = "Submit">
</div>
</form>
<!--Buttons-->
<!--WIP-->
</body>
</html>
\ No newline at end of file
getAccountInfo.php 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<body>
<form method = "post" action = "test.php">
<input type = "submit" value = "Back">
</form>
<?php
// Get a connection for the database
require_once('mysqli_connect.php');
// Create a query for the database
$query = "SELECT AccountID, FirstName, LastName FROM Account";
// Get a response from the database by sending the connection
// and the query
$response = @mysqli_query($dbc, $query);
// If the query executed properly proceed
if($response){
echo '<table align="left"
cellspacing="5" cellpadding="8">
<tr><td align="left"><b>Account ID</b></td>
<td align="left"><b>First Name</b></td>
<td align="left"><b>Last Name</b></td>></tr>';
// mysqli_fetch_array will return a row of data from the query
// until no further data is available
while($row = mysqli_fetch_array($response)){
echo '<tr><td align="left">' .
$row['AccountID'] . '</td><td align="left">' .
$row['FirstName'] . '</td><td align="left">' .
$row['LastName'] . '</td><td align="left">';
echo '</tr>';
}
echo '</table>';
} else {
echo "Couldn't issue database query<br />";
echo mysqli_error($dbc);
}
// Close connection to the database
mysqli_close($dbc);
?>
</body>
</html>
homepage.php 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<head>
<title>FooBu Homepage</title>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
</head>
<body>
<form action = "checkcreate.php" onsubmit = "return validateForm()" method = "POST" name = "myForm">
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $account['position'] . "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $account['mall_name'] . " Restaurant: " . $account['rest_name']. "<br>";
else echo "Mall: " . $account['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div>";
}
}
?>
<br><br><br><br><br><br>
<div class = "promo">
<h1>Tis' the Season to be Jolly</h1>
<p>December 1, 2015 - FooBu</p>
<img src="star_wars_christmas_3.jpg" title="Christmas Promo"/>
<p>Christmas is just around the corner! What better way to celebrate than to watch the upcoming Star Wars film! You can win a movie-date to Star Wars VII: The Force Awakens presented by FoodBuddy and Ayala Malls Cinema. For every P500 worth of purchase in Trinoma restaurants, you automatically have a chance to win two tickets for a December 20 screening!
</p>
<p>May the Force be with you and Merry Christmas!</p>
</div>
<div>
<br><br><br>
<p class = "rights">FoodBuddy&copy is a project for movie-lovers, food enthusiasts and philanthropists by Joel Torrijos, Viktor Dela Cruz, April Guevara and Adrian Cordero.</p>
</div>
</body>
</html>
\ No newline at end of file
index.php 0 → 100644
View file @ 05f9623d
This diff is collapsed.
login.jpg 0 → 100644
View file @ 05f9623d
login.jpg

11.3 KB

login.php 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<head>
<title>FooBu Log In</title>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
</head>
<body><br><br>
<img class = 'login' src='login.jpg' title='Welcome!' align = 'middle'/>
<h1>Your One-Stop Movie Snack Shop</h1>
<form action = "checklogin.php" style = "text-align:center" method = "post">
<p>Username:<br>
<input type = "text" name = "username" placeholder = "Username"></p><p>
Password:<br>
<input type = "password" name = "password" placeholder = "Password"></p>
<br><input class = "submit" type = "submit" value = "Login">
</form>
<div class = "center">
<br><p>OR</p><br>
<a href = "create_account.php" ><button style = "text-align:center">Create Account</button></a>
</div>
</body>
</html>
\ No newline at end of file
logo.jpg 0 → 100644
View file @ 05f9623d
logo.jpg

24.5 KB

logout.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
session_destroy();
header("location:login.php");
?>
\ No newline at end of file
menu.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<html>
<head>
<title>Available Menus</title>
<link href='styles.css' type='text/css' rel='stylesheet'>
<script>
function askForQuantity(button) {
var lol = button;
var qty = prompt('How many orders do you want?');
if(qty > 0)
{
document.location = 'add_to_cart.php?id='+lol+'&qty='+qty;
}
}
</script>
</head>
<body>
<form name='main_form' method='post' action='menu.php'>";
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Load: " . $newArray['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
$temp = $_COOKIE['PHPSESSID'];
//echo "$temp";
if(isset($_POST['chooseMall']))
{
echo "<div class = 'center'>";
$mall_id = $_POST['mall'];
$_SESSION['mall_id'] = $mall_id;
$rest_query = "SELECT * FROM restaurant WHERE mall_id = " . $mall_id;;
echo
"<select class='rest_list' name='rest'>
<option value='0' selected>Choose a Restaurant</option>";
foreach(mysqli_query($mysqli,$rest_query) as $option) {
$r_id = $option['rest_id'];
$rest_name = $option['rest_name'];
echo "<option value='$r_id'>$rest_name</option>";
}
echo "</select>";
echo "<input class='submit' type='submit' name='chooseRest' value='Choose a Restaurant'>";
echo "<div class = 'center'>";
}
else if(isset($_SESSION['mall_id']))
{
echo "<div class = 'center'>";
$mall_id = $_SESSION['mall_id'];
$_SESSION['mall_id'] = $mall_id;
$rest_query = "SELECT * FROM restaurant WHERE mall_id = " . $mall_id;;
echo
"<select class='rest_list' name='rest'>
<option value='0' selected>Choose a Restaurant</option>";
foreach(mysqli_query($mysqli,$rest_query) as $option) {
$r_id = $option['rest_id'];
$rest_name = $option['rest_name'];
echo "<option value='$r_id'>$rest_name</option>";
}
echo "</select>";
echo "<input class='submit' type='submit' name='chooseRest' value='Choose a Restaurant'>";
echo "</div>";
}
}
?>
</form>
<?php
$currentRest = 0;
if(isset($_POST['chooseRest']))
{
$currentRest = $_POST['rest'];
$_SESSION['rest_id'] = $currentRest;
}
else if(isset($_POST['rest']))
{
$currentRest = $_POST['rest'];
}
else if(isset($_SESSION['rest_id']))
{
$currentRest = $_SESSION['rest_id'];
}
$select_food_query = "SELECT * FROM item
INNER JOIN restaurant
ON item.rest_id = restaurant.rest_id WHERE restaurant.rest_id = " .$currentRest ." AND is_available = 1";
$result = mysqli_query($mysqli,$select_food_query);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
echo "<h1>". $newArray['rest_name']. " Menu </h1>";
//echo "<h1>$current_mall Menu</h1>";
echo "<table>
<tr>
<th scope = 'col'>Restaurant Name</th>
<th scope = 'col'>Food Name</th>
<th scope = 'col'>Price</th>
</tr>";
$num = 0;
$class = "even";
foreach(mysqli_query($mysqli,$select_food_query) as $myRow)
{
$price = sprintf('%.02f',$myRow['price']);
$button_id = $myRow['item_id'];
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
echo "<tr class='$class'>
<td>" .$myRow['rest_name']. "</td>
<td>" .$myRow['item_name']. "</td>
<td class = 'number'>" .$price. "</td>
<td class = 'ignore'><button class='tb' id = $button_id onclick ='askForQuantity(this.id)'>Add to Cart</button></a></td>
</tr>";
}
echo "</table></div>";
}
}
?>
<?php echo "<div class = 'center'><br><a href = 'view_cart.php'><button>View Cart</button></a>";
echo "<br><br><a href = 'choose_mall.php'><button>Back</button></a></div>";?>
</body>
</html>
\ No newline at end of file
order_form.php 0 → 100644
View file @ 05f9623d
<!DOCTYPE html>
<html>
<head>
<title>Order Form</title>
<script>
function validateForm() {
var a = document.forms["orderForm"]["cinema_num"].value;
var b = document.forms["orderForm"]["seat_num"].value;
if (a == "" || b == "") {
alert("Some fields need to be field!");
return false;
}
}
</script>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form action = 'place_order.php' onsubmit = "return validateForm()" method = 'post' name = 'orderForm'>
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account WHERE account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div><br>";
}
}
?>
<fieldset class = "creation">
<legend>Your Location</legend>
<label for 'cinema_num'>Cinema</label> <input type = 'text' name = 'cinema_num' placeholder = 'Cinema'> <br><br>
<label for 'seat_num'>Seat Number</label> <input type = 'text' name = 'seat_num' placeholder = 'Seat Number'>
</fieldset>
<br><br>
<div class = 'center'>
<input class = "submit" type = 'submit' value = 'Confirm Order'>
</div>
</form>
<?php
echo "<div class = 'center'><br><a href = 'view_cart.php'><button>Back to View Cart</button></a></div>";
?>
</div>
</body>
</html>
place_order.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
echo "<html>
<head>
<title>Order Sending Result</title>
<link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>
</head><body>";
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
} else
{
#protection
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
$mall_id = $_SESSION['mall_id'];
$total_price = $_SESSION['total_price'];
$id = stripslashes($id);
$id = mysqli_real_escape_string($mysqli,$id);
$mall_id = stripslashes($mall_id);
$mall_id = mysqli_real_escape_string($mysqli,$mall_id);
$total_price = stripslashes($total_price);
$total_price = mysqli_real_escape_string($mysqli,$total_price);
$cinema_num = stripslashes($_POST['cinema_num']);
$cinema_num = mysqli_real_escape_string($mysqli,$cinema_num);
$seat_num = stripslashes($_POST['seat_num']);
$seat_num = mysqli_real_escape_string($mysqli,$seat_num);
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
#Inserts the New order into Order
$place_order_sql = "INSERT INTO orders (cinema_num,order_time,mall_id,seat_num,status,account_id,total_price)
VALUES ('".$cinema_num. "', now(), " .$mall_id. ", '" .$seat_num."', 'Waiting', " .$id. ", " .$total_price.")";
$result = mysqli_query($mysqli,$place_order_sql);
$order_from_tracker_sql = "SELECT * FROM tracker WHERE session_id = '".$sessID."'";
$resultTracker = mysqli_query($mysqli,$order_from_tracker_sql);
$get_bal_query = "SELECT load_balance FROM account WHERE account_id = ".$id;
$resultBal = mysqli_query($mysqli,$get_bal_query);
$newArray = mysqli_fetch_array($resultBal, MYSQLI_ASSOC);
$bal = $newArray['load_balance'];
$bal -= $total_price;
#Gets the last row of the table
$place_order_sql = "SELECT order_id FROM orders
ORDER BY order_id DESC
LIMIT 1;";
$last = mysqli_query($mysqli,$place_order_sql);
$curr = mysqli_fetch_array($last, MYSQLI_ASSOC);
$current_order_id = $curr['order_id'];
//$count = mysqli_num_rows($result);
if ($result == TRUE)
{
foreach(mysqli_query($mysqli,$order_from_tracker_sql) as $myRow)
{
$item_id = $myRow['item_id'];
$item_qty = $myRow['item_qty'];
$place_order_in_orderlist_sql = "INSERT INTO orderitems (order_id,item_id,item_qty,total_price) VALUES (".$current_order_id. "," .$item_id.", " .$item_qty.", " .$myRow['total_price'].")";
$resultz = mysqli_query($mysqli,$place_order_in_orderlist_sql);
$load_query = "UPDATE account SET load_balance = '$bal' WHERE account_id = '$id'";
$resulta = mysqli_query($mysqli,$load_query);
#if order was successfully inserted, the tracker counterpart will be deleted!
if($resultz == TRUE)
{
$delete_item_in_tracker_sql = "DELETE FROM tracker WHERE
session_id = '". $sessID. "'";
$delete_item_res = mysqli_query($mysqli, $delete_item_in_tracker_sql) or die(mysqli_error($mysqli));
}
}
echo "<h1>Order has been placed!</h1>";
}
else {
printf("Could not insert record: %s\n", mysqli_error($mysqli));
}
}
echo "</body>";
mysqli_close($mysqli);
"INSERT INTO orders (cinema_num,order_time,mall_id,seat_num,status,account_id,total_price)
VALUES ('5F', now(), 3, 'F5', 'Waiting', 3, 69)";
?>
process_account.php 0 → 100644
View file @ 05f9623d
<html>
<body>
<?php
#this method prevents the refresh problem which I cannot solve huhu
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
$sql_query = "SELECT * FROM account WHERE position = 'Client'";
$message = NULL;
#3 possible data from display_accounts-2: accounts_add, promote and add_load
if(isset($_POST['home'])) {
header("location:homepage.php");
}
else {
if(isset($_POST['cancel'])) {
$message = "cancelled";
header("location:display_accounts-2.php");
}
else if(isset($_POST['accounts_add'])) {
if(isset($_POST['account'])) {
$_SESSION['accounts_add'] = 1;
$_SESSION['loadee'] = $_POST['account'];
}
else $message = "null";
}
else if(isset($_POST['promote'])) {
if(isset($_POST['account'])) {
$promote_entry = $_POST['account'];
$promote_query = "UPDATE account SET position = 'Admin' WHERE account_id = '$promote_entry'";
$db->query($promote_query);
$message = "promoted";
}
else $message = "null";
}
else if(isset($_POST['add_load'])) {
$admin_id = $_SESSION['account_id'];
$id = $_SESSION['loadee'];
$load = $_POST['load_amount'];
$msg = $load. " has been loaded to your account! Enjoy Shopping!";
$get_query = "SELECT load_balance FROM account WHERE account_id = '$id'";
$stmt = $db->query($get_query);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$curr_load = $row['load_balance'];
$load += $curr_load;
$load_query = "UPDATE account SET load_balance = '$load' WHERE account_id = '$id'";
$db->query($load_query);
$message = "loaded";
$message_query = "INSERT INTO message (recipient_id,sender_id,msg_date,msg) VALUES ( ".$id.", " .$admin_id.", now(), '".$msg."')";
$result = mysqli_query($mysqli,$message_query);
if($result === true)
{
}
else
{
echo gg;
}
$_SESSION['loadee'] = NULL;
}
$_SESSION['message'] = $message;
#$_POST = array(); #n00b way of clearing post data just to be sure
header("location:display_accounts-2.php"); #go back to original page
}
?>
</body>
</html>
process_item.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
#possible messages to be sent: add, delete, edit, add_item, edit_item
#set up connection
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch( PDOException $e ) {
echo "Connection failed: " . $e->getMessage();
}
$table_query = "SELECT * FROM item";
if(isset($_POST["cancel"])) {
header("location:display_items-2.php");
}
else if(isset($_POST["add"])) {
$_SESSION["message"] = "add";
}
else if(isset($_POST["edit"])) {
foreach ($db->query($table_query) as $myrow) { #for all entries in the item list
$edit_entry_id = $myrow["item_id"]; #assign current entry's item_id to variable
if(isset($_POST[$edit_entry_id]) != NULL) { #check if the entry's checkbox was selected (meaning the entry should be deleted)
$_SESSION["edit_id"] = $edit_entry_id;
break; #get out of loop
}
}
$_SESSION["message"] = "edit";
}
else if(isset($_POST["delete"])) {
foreach ($db->query($table_query) as $myrow) { #for all entries in the item list
$delete_entry = $myrow["item_id"]; #assign current entry's item_id to variable
if(isset($_POST[$delete_entry]) != NULL) { #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$delete_query = "DELETE FROM item WHERE item_id = '$delete_entry'";
$db->query($delete_query);
}
}
$_SESSION["message"] = "delete";
}
else if(isset($_POST["add_item"])) {
$loadee_id = $_SESSION["account_id"];
$select_query = "SELECT * FROM account WHERE account_id = '$loadee_id'";
$stmt = $db->query($select_query);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$rest_id = $row['rest_id'];
$item_name = $_POST['item_name']; #get the menu item name from the textbox named "item_name"
$item_price = $_POST['price'];
$item_type = $_POST['item_type'];
if($_POST['avail'] == 'yes') $is_available = 1;
else $is_available = 0;
#print_r($_POST); #for checking purposes
#execute insertion
#temporarily hard-coded to insert other attributes
$insert_query = "INSERT INTO item(rest_id, item_name, price, type, is_available) VALUES ('$rest_id', '$item_name', '$item_price', '$item_type', '$is_available')";
$db->query($insert_query);
$_SESSION["message"] = "add_item";
}
else if(isset($_POST["edit_item"])) {
$new_item_name = $_POST['new_item_name']; #get the menu item name from the textbox named "new_item_name"
$item_id = $_POST['id']; #get the item id from the hidden input component of the form named "id"
$new_item_price = $_POST['new_price'];
$new_item_type = $_POST['new_item_type'];
if($_POST['change_avail'] == 'yes') $change_is_available = 1;
else $change_is_available = 0;
#print_r($_POST); #for checking purposes
#execute update
$update_query = "UPDATE item SET item_name = '$new_item_name', price = '$new_item_price', type = '$new_item_type', is_available = '$change_is_available' WHERE item_id = '$item_id'";
$db->query($update_query);
$_SESSION["message"] = "edit_item";
}
$_POST = array();
header("location:display_items-2.php");
?>
\ No newline at end of file
readme.txt 0 → 100644
View file @ 05f9623d
Instructions for setting up!
1) Install WAMP, phpmyadmin.
2) Put all of our files in the /wamp/www
3) Open mysql in your command line.
3.a) Input (copy paste) everything from the "improve.sql" into the command line.
3.a.1) "improve.sql" also provides you an Account that is a Developer
4) Input "localhost/login.php" into your browser.
4.a) Login your developer account
4.a.1) Username: developer
4.a.2) Password: password
5) Have fun!
\ No newline at end of file
remove_from_cart.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
if (isset($_GET['id']))
{
$mysqli = new mysqli("localhost","root","","dbadmin");
$safe_id = mysqli_real_escape_string($mysqli, $_GET['id']);
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
$delete_item_sql = "DELETE FROM tracker WHERE
tracker_id = ".$safe_id." AND session_id =
'". $sessID. "'";
$delete_item_res = mysqli_query($mysqli, $delete_item_sql) or die(mysqli_error($mysqli));
//close connection to MySQL
mysqli_close($mysqli);
//redirect to showcart page
header("Location: view_cart.php");
exit;
}
else
{
}
?>
setup_queries.sql 0 → 100644
View file @ 05f9623d
/*Query of the creation of the database dbadmin*/
CREATE DATABASE dbadmin;
/*Query of accessing the database dbadmin*/
USE dbadmin;
/*Query of the creation of the tables in dbadmin*/
CREATE TABLE mall (
mall_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
mall_name VARCHAR(32)
);
CREATE TABLE restaurant (
rest_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
mall_id INT NOT NULL,
rest_name VARCHAR(255),
FOREIGN KEY (mall_id) REFERENCES mall(mall_id)
);
CREATE TABLE item (
item_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
rest_id INT NOT NULL,
item_name VARCHAR(255),
price DECIMAL,
type VARCHAR(15),
is_available BOOLEAN DEFAULT 1,
FOREIGN KEY (rest_id) REFERENCES restaurant(rest_id),
CHECK(type IN ('Snacks', 'Drinks'))
);
CREATE TABLE account (
account_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
first_name VARCHAR(15),
middle_name VARCHAR(15),
last_name VARCHAR(15),
username VARCHAR(15) UNIQUE,
password VARCHAR(15),
position VARCHAR(10),
load_balance DECIMAL,
mall_id INT,
rest_id INT,
CHECK(position IN ('Dev', 'Admin', 'Boy', 'Client')),
FOREIGN KEY (mall_id) REFERENCES mall(mall_id),
FOREIGN KEY (rest_id) REFERENCES restaurant(rest_id)
);
CREATE TABLE orders (
order_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
order_time TIME(6),
mall_id INT,
cinema_num VARCHAR(2),
seat_num VARCHAR(3),
status VARCHAR(10),
account_id INT,
boy_id INT,
total_price DECIMAL,
CHECK(status IN ('Pending', 'Assembling', 'Delivered')),
FOREIGN KEY (mall_id) REFERENCES mall(mall_id),
FOREIGN KEY (account_id) REFERENCES account(account_id),
FOREIGN KEY (boy_id) REFERENCES account(account_id)
);
CREATE TABLE orderitems (
orderitem_id INT NOT NULL AUTO_INCREMENT,
order_id INT NOT NULL,
item_id INT NOT NULL,
item_qty INT NOT NULL, /*new*/
total_price INT NOT NULL, /*new*/
PRIMARY KEY (orderitem_id ,order_id, item_id),
FOREIGN KEY (order_id) REFERENCES orders(order_id),
FOREIGN KEY (item_id) REFERENCES item(item_id)
);
CREATE TABLE tracker(
tracker_id INT NOT NULL AUTO_INCREMENT,
session_id VARCHAR(32),
item_id INT NOT NULL,
item_qty INT NOT NULL, /*new*/
total_price INT NOT NULL, /*new*/
PRIMARY KEY (tracker_id),
FOREIGN KEY (item_id) REFERENCES item(item_id)
);
CREATE TABLE message(
message_id INT NOT NULL AUTO_INCREMENT,
recipient_id INT NOT NULL,
/*recipient account id of the message*/
sender_id INT NOT NULL,
/*sender account id of the message*/
msg_date DATETIME,
msg TEXT(250),
PRIMARY KEY(message_id,recipient_id,sender_id),
FOREIGN KEY (recipient_id) REFERENCES account(account_id),
FOREIGN KEY (sender_id) REFERENCES account(account_id)
);
/*Query of the creation of the developer account*/
INSERT INTO account (username,password,position) VALUES ("developer","password","Dev");
\ No newline at end of file
styles.css 0 → 100644
View file @ 05f9623d
h1, legend, table
{
text-align: center;
font-family: tahoma;
color: white;
}
p, fieldset, label
{
font-family: tahoma;
color: white;
}
body, td.ignore
{
font-family: tahoma;
background-color: rgba(3, 10, 71, 1);
}
ul.buttons
{
margin: 10px auto 10px auto;
padding: 3px;
}
li
{
display: inline;
margin: 2px;
}
input.text
{
color: #5A5854;
background-color: #FAFAFA;
border: 1px solid #BDBDBD;
border-radius: 5px;
padding: 3px;
}
input.sub_submit
{
color: #7D7D7D;
background-color: #FFFFFF;
border: 1px solid #7D7D7D;
border-radius: 5px;
padding: 5px;
float: left;
margin: 3% 0% 0% 1.6%;
}
input.submit, button
{
text-transform: uppercase;
color: #5a5854;
background-color: #FFFFFF;
border: none;
border-radius: 10px;
width: 15%;
}
input.submit:hover, input.sub_submit:hover, button:hover
{
color: #FAFAFA !important;
background-color: #343434 !important;
}
button.even, button.odd
{
width: 60% !important;
}
table.list
{
width: 60%;
min-width: 50%;
max-width: 80%;
margin: 0px auto;
float: left;
}
th, td
{
padding: 0.5% 0.5% 0.5% 0.5%;
}
th
{
text-transform: uppercase;
letter-spacing: 0.1em;
font-size: 90%;
text-align: center;
width: 150px;
height: 50px;
}
tr.even, th.even, td.even
{
color: #111111;
background-color: #EFEFEF;
}
tr.odd, th.odd, td.odd
{
color: #111111;
background-color: rgba(41, 171, 203, 1);
}
tr:hover
{
color: #ECECEC;
background-color: #7B7B7B;
}
p.notif
{
width: 34%;
margin-right: 2.5%;
margin-top: 0.5%;
float: right;
padding: 0.4% 0.5% 0.7% 0.5%;
}
fieldset
{
width: 35%;
padding: 0.5% 0.5% 0.5% 0.5%;
border-radius: 10px;
}
td.number
{
text-align: right;
}
select
{
background-color: #FAFAFA;
color: #5A5854;
border-radius: 10px;
overflow: scroll;
}
label.in
{
margin: 0.8% 0.5% 0.8% 0.1%;
padding: 0.3% 0% 0.3% 2%;
float: left;
width: 45%;
}
select, input.text, div.rad
{
margin: 0.8% 0.5% 0.8% 0.1% !important;
padding: 1% !important;
}
table, fieldset.creation, fieldset.long
{
margin: 0px auto;
}
button.tb
{
width: 100%;
height: 100%;
}
fieldset.long
{
width: 40%;
}
li.home
{
padding: 20px;
color: white;
font-weight: bold;
}
a:link
{
color: white;
text-decoration: none;
}
div.navi
{
margin: 70px -10px auto -10px;
padding: 0 0.5% 0.5% 0.5%;
position: fixed;
background-color: rgba(102, 102, 255, 1);
width: 99.3%;
height: 40px;
text-align: center;
}
div.bar
{
padding: 0 0.5% 0.5% 0.5%;
margin: -10px -10px auto -10px;
position: fixed;
background-color: rgba(102, 102 , 255, 1);
width: 99.3%;
height: 78px;
}
div.empty
{
background-color: rgba(3, 10, 71, 1);
height: 118px;
}
p.logout
{
text-align: right;
float:right;
}
table
{
text-align: left;
}
div.center
{
text-align: center;
}
select.mall_list
{
margin: 0px auto;
}
h2
{
text-align: center;
font-family: tahoma;
color: white;
font-size: 50px;
}
fieldset.notice
{
float: right;
}
table.special
{
margin: 0px auto;
}
table.special
{
margin: 0px auto;
}
table.account
{
width: 20%;
}
div.promo
{
text-align: center;
margin: 0px auto;
width: 500px;
}
p.rights
{
text-align: center;
color: black;
bottom: 5px;
}
h2
{
font-family: "Brush Script MT";
}
img.logo
{
width: 70px;
height: 70px;
margin-top: 10px;
margin-left: 48%;
margin-right: 50%;
display: block;
}
img.login
{
margin-left: 40%;
margin-right: 50%;
}
p.details
{
float: left;
text-align: left;
}
p.rights
{
color: grey;
font-size: 13px;
}
\ No newline at end of file
view_account.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
echo "<html><head><title>Your FooBu Account</title>";
echo "</head><link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>";
echo "<body>";
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $newArray['position']. "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $newArray['mall_name'] . ", Restaurant: " . $newArray['rest_name']. "<br>";
else echo "Mall: " . $newArray['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $newArray['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div><br>";
$id = $newArray['account_id'];
$fname = $newArray['first_name'];
$mname = $newArray['middle_name'];
$lname = $newArray['last_name'];
$username = $newArray['username'];
$load_balance = $newArray['load_balance'];
#
echo "<table class = 'account'>
<tr class = 'odd'>
<th scope = 'row'>Account ID:<td class = 'number'>" .$id. "</td></tr>";
echo "<tr class = 'even'>
<th scope = 'row'>First Name:<td>" .$fname. "</td></tr>";
echo "<tr class = 'odd'>
<th scope = 'row'>Middle Name:<td>" .$mname. "</td></tr>";
echo "<tr class = 'even'>
<th scope = 'row'>Last Name:<td>" .$lname. "</td></tr>";
echo "<tr class = 'odd'>
<th scope = 'row'>Position:<td>" .$position. "</td></tr>";
echo "<tr class = 'even'>
<th scope = 'row'>Mall Name:<td>" . $newArray['mall_name']. "</td></tr>";
echo "<tr class = 'odd'>
<th scope = 'row'>Restaurant Name:<td>" . $newArray['rest_name']. "</td></tr>";
echo "<tr class = 'even'>
<th scope = 'row'>Load Balance (in Pesos):<td class = 'number'>" .$load_balance. "</td></tr>
</table>";
echo "<div class = 'center'>";
echo "<br><a href = 'edit_account.php' ><button>Edit</button></a></br>";
echo "</div>";
}
else
{
echo "<br>Wrong Username or Password!";
}
}
?>
view_cart.php 0 → 100644
View file @ 05f9623d
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Curent FooBu Cart</title>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
<script type="text/javascript">
function checkLoad() {
var currentLoad = parseInt(<?php
$id = $_SESSION['account_id'];
$mysqli = new mysqli("localhost","root","","dbadmin");
$sql = "SELECT * FROM account
where account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$load = $account['load_balance'];
echo json_encode($load); ?>);
var totalPrice = parseInt(<?php
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
$mysqli = new mysqli("localhost","root","","dbadmin");
$sum_query = "SELECT SUM(total_price) AS totalSum FROM item
INNER JOIN tracker
ON item.item_id = tracker.item_id WHERE session_id = '" .$sessID."'";
$sum_result = mysqli_query($mysqli,$sum_query);
$sumArray = mysqli_fetch_array($sum_result, MYSQLI_ASSOC);
$sum = $sumArray['totalSum'];
echo json_encode($sum); ?>);
if(currentLoad >= totalPrice)
{
window.location = "order_form.php";
}
else
{
alert("Insufficient Load.\nLoad more into balance or Remove items from cart!"); // fail
delete window.alert; // true
}
}
</script>
</head>
<body>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Load: " . $newArray['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
$id = $_SESSION['account_id'];
#protection
$select_item_query = "SELECT * FROM item a
INNER JOIN tracker b ON a.item_id = b.item_id
INNER JOIN restaurant c ON a.rest_id = c.rest_id
WHERE session_id = '" .$sessID."'";
$resultz = mysqli_query($mysqli,$select_item_query);
#protection
$sql = "SELECT * FROM account
where account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$load = $account['load_balance'];
//$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($resultz, MYSQLI_ASSOC);
$id = $newArray['session_id'];
$item_name = $newArray['item_name'];
echo "<h1>Your Cart</h1>";
echo "<table>
<tr>
<th scope = 'col'>Restaurant Name</th>
<th scope = 'col'>Food Name</th>
<th scope = 'col'>Price</th>
<th scope = 'col'>Quantity</th>
<th scope = 'col'>Total Price</th>
</tr>";
$num = 0;
$class = "even";
foreach(mysqli_query($mysqli,$select_item_query) as $myRow)
{
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
$button_id = $myRow['tracker_id'];
//$total_price_query = "SELECT price*item_qty AS totalPrice
//FROM item INNER JOIN tracker
//ON item.item_id = tracker.item_id WHERE session_id = '" .$sessID."' AND tracker_id = " .$button_id;
//$total_price_result = mysqli_query($mysqli,$total_price_query);
//$tpArray = mysqli_fetch_array($total_price_result, MYSQLI_ASSOC);
//$tp = $tpArray['totalPrice'];
//$price = sprintf('%.02f',$myRow['price']);
//$button_id = $myRow['item_id'];
echo "<tr class='$class'>
<td>" .$myRow['rest_name']. "</td>
<td>" .$myRow['item_name']. "</td>
<td class = 'number'>" .$myRow['price']. "</td>
<td class = 'number'>" .$myRow['item_qty']. "</td>
<td class = 'number'>" .$myRow['total_price']. "</td>
<td class = 'ignore'><a href = 'remove_from_cart.php?id=$button_id'><button class='tb'>Remove from Cart</button></td>
</tr>";
}
if($num%2 == 0) $class = "even";
else $class = "odd";
#total price
$sum_query = "SELECT SUM(total_price) AS totalSum FROM item
INNER JOIN tracker
ON item.item_id = tracker.item_id WHERE session_id = '" .$sessID."'";
$sum_result = mysqli_query($mysqli,$sum_query);
$sumArray = mysqli_fetch_array($sum_result, MYSQLI_ASSOC);
$sum = $sumArray['totalSum'];
$_SESSION['total_price'] = $sum;
echo "<tr><td><t/d><td></td><td></td><th scope = 'row'>Total Bill<td class = 'number'>$sum</td></tr>";
echo "</table>";
//echo "<br><a href = 'order_form.php'><button>Submit</button></a><br>";
echo "<div class = 'center'>";
echo "<br><button onclick = 'checkLoad()'>Submit</button><br>";
echo "<br><a href = 'menu.php'><button>Back</button></a>";
echo "</div>";
}
}
mysqli_close($mysqli);
}
?>
</body>
</html>
view_message.php 0 → 100644
View file @ 05f9623d
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment