Food Buddy

Food Buddy Source Code and Final Paper
parents
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if (isset($_GET['id']))
{
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
} else
{
#protection
$id = $_GET['id'];
$qty = $_GET['qty'];
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
$total_price_query = "SELECT price FROM item WHERE item_id = " .$id;
$total_price_result = mysqli_query($mysqli,$total_price_query);
$tpArray = mysqli_fetch_array($total_price_result, MYSQLI_ASSOC);
$tp = $tpArray['price'];
$tp = $tp*$qty;
#username has to be unique!
$sql = "INSERT INTO tracker (session_id,item_id,item_qty,total_price) VALUES ('".$sessID. "', " .$id.", " .$qty.", " .$tp.")";
$result = mysqli_query($mysqli,$sql);
//$count = mysqli_num_rows($result);
if ($result === TRUE)
{
echo "A record has been inserted.";
header("Location:menu.php");
exit;
}
else {
printf("Could not insert record: %s\n", mysqli_error($mysqli));
}
}
mysqli_close($mysqli);
}
else{
echo"wew";
}
?>
\ No newline at end of file
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
echo "<html><head><title>Changing FooBu Password</title>";
echo "</head><link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>";
echo "<body>";
$old_pass = $_POST["old_password"];
$new_pass = $_POST["password1"];
#protection
$old_pass = stripslashes($old_pass);
$old_pass = mysqli_real_escape_string($mysqli,$old_pass);
$new_pass = stripslashes($new_pass);
$new_pass = mysqli_real_escape_string($mysqli,$new_pass);
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$old_password = $newArray['password'];
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $newArray['position']. "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $newArray['mall_name'] . " Restaurant: " . $newArray['rest_name']. "<br>";
else echo "Mall: " . $newArray['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $newArray['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
if($old_password != $old_pass)
{
echo "<h1>You entered an invalid old password!</h1>";
echo "<div class = 'center'><br><a href = 'edit_password.php' ><button>Back</button></a></div>";
}
else
{
$sql = "UPDATE account SET password = '" .$new_pass. "' WHERE account_id = " . $id ;
$res = mysqli_query($mysqli, $sql);
if ($res === TRUE)
{
echo "<h1>Your Password has been edited!</h1>";
}
else
{
printf("Could not edit password: %s\n", mysqli_error($mysqli));
}
}
}
}
?>
\ No newline at end of file
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
echo "<html><head><title>Create Account</title>";
echo "</head><link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>";
echo "<body>";
$fname = $_POST["firstname"];
$mname = $_POST["middlename"];
$lname = $_POST["lastname"];
$username = $_POST["username"];
$password = $_POST["password1"];
#protection
$fname = stripslashes($fname);
$fname = mysqli_real_escape_string($mysqli,$fname);
$mname = stripslashes($mname);
$mname = mysqli_real_escape_string($mysqli,$mname);
$lname = stripslashes($lname);
$lname = mysqli_real_escape_string($mysqli,$lname);
$username = stripslashes($username);
$username = mysqli_real_escape_string($mysqli,$username);
$password = stripslashes($password);
$password = mysqli_real_escape_string($mysqli,$password);
#username has to be unique!
$sql = "SELECT * FROM account WHERE username = '" .$username. "'";
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($count == 0)
{
$sql = "INSERT INTO account (first_name,middle_name,last_name,username,password,position,load_balance) VALUES ('" .$fname. "','" . $mname. "','" .$lname. "','" .$username. "','" .$password. "','Client',0)";
$res = mysqli_query($mysqli, $sql);
if ($res === TRUE)
{
echo "<h1>A record has been inserted.</h1>";
echo "<div class = 'center'>";
echo "<br><a href = 'create_account.php' ><button>Back to Create Account</button></a></br>";
echo "<br><a href = 'login.php' ><button>Cancel</button></a></br>";
echo "</div>";
}
else {
printf("Could not insert record: %s\n", mysqli_error($mysqli));
echo "<br><a href = 'create_account.php' ><button>Back to Create Account</button></a></br>";
echo "<br><a href = 'login.php' ><button>Cancel</button></a></br>";
}
}
else
{
echo "<h1>Username Taken!</h1>";
echo "<div class = 'center'>";
echo "<br><a href = 'create_account.php' ><button>Back to Create Account</button></a></br>";
echo "<br><a href = 'login.php' ><button>Cancel</button></a></br>";
echo "</div>";
}
echo "</body>";
echo "</html>";
mysqli_close($mysqli);
}
?>
\ No newline at end of file
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}else
{
$fname = $_POST["firstname"];
$mname = $_POST["middlename"];
$lname = $_POST["lastname"];
#protection
$fname = stripslashes($fname);
$fname = mysqli_real_escape_string($mysqli,$fname);
$mname = stripslashes($mname);
$mname = mysqli_real_escape_string($mysqli,$mname);
$lname = stripslashes($lname);
$lname = mysqli_real_escape_string($mysqli,$lname);
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account WHERE account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$password = $newArray['password'];
$sql = "UPDATE account SET first_name = '" .$fname. "', middle_name = '" .$mname. "', last_name = '" .$lname. "' WHERE account_id = " . $id ;
$res = mysqli_query($mysqli, $sql);
if ($res === TRUE)
{
echo "Your information has been edited!.";
echo "<br><a href = 'view_account.php' ><button>Back</button></a></br>";
}
else {
printf("Could not edit account: %s\n", mysqli_error($mysqli));
echo "<br><a href = 'homepage.php' ><button>Back</button></a></br>";
}
}
}
?>
\ No newline at end of file
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
echo "<html><head><title>Create Account</title>";
echo "</head><link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>";
echo "<body>";
$username = $_POST["username"];
$password = $_POST["password"];
#protection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($mysqli,$username);
$password = mysqli_real_escape_string($mysqli,$password);
$sql = "SELECT * FROM account WHERE username = '" .$username. "' and password = '" .$password. "'";
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($count == 1)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$id = $newArray['account_id'];
$fname = $newArray['first_name'];
session_start();
$_SESSION['account_id'] = $id;
$_SESSION['first_name'] = $fname;
header("location:homepage.php"); #research
}
else
{
echo "<h1>Wrong Username or Password!</h1>";
echo "<div class = 'center'>";
echo "<br><a href = 'login.php' ><button>Back</button></a>";
echo "</div>";
}
echo "</body>";
}
?>
\ No newline at end of file
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Choose a Mall</title>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
</head>
<body>
<form method = 'post' action = 'menu.php'>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
$select_mall_query = "SELECT * FROM mall";
echo "<div class = 'center'>";
echo "<select class='mall_list' name='mall'>
<option value='0'>Choose a mall</option>";
foreach(mysqli_query($mysqli,$select_mall_query) as $option) {
$id = $option['mall_id'];
$name = $option['mall_name'];
echo "<option value='$id'>$name</option>";
}
echo "<input class = 'submit' type = 'submit' name = 'chooseMall' value = 'Im here at this Mall!'>";
echo "</div>";
}
session_regenerate_id();
}
?>
</form>
</body>
</html>
<?
session_start();
if (isset($_GET['id']))
{
$mysqli = new mysqli("localhost","root","","dbadmin");
$promote_account_id = $_SESSION["promote_account_id"];
echo "promote_account_id";
//close connection to MySQL
mysqli_close($mysqli);
//redirect to showcart page
}
else
{
}
?>
<!DOCTYPE html>
<html>
<head><title>Create Account</title>
<script>
function validateForm() {
var a = document.forms["myForm"]["firstname"].value;
var b = document.forms["myForm"]["middlename"].value;
var c = document.forms["myForm"]["lastname"].value;
var x = document.forms["myForm"]["username"].value;
var y = document.forms["myForm"]["password1"].value;
var z = document.forms["myForm"]["password2"].value;
if (a == "" || b == "" || c == "" || x == "" || y == "" || z == "") {
alert("Some fields need to be field!");
return false;
} else if (y != z)
{
alert("Passwords are not matching!");
return false;
}
}
</script>
</head>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
<body>
<h1>FooBu Create Account</h1>
<p>
<form action = "checkcreate.php" onsubmit = "return validateForm()" method = "POST" name = "myForm">
<fieldset class = "long">
<legend>Personal Information</legend>
Full Name:<br>
<input type = "text" id = "firstname" name = "firstname" placeholder = "First Name">
<input type = "text" id = "middlename" name = "middlename" placeholder = "Middle Name">
<input type = "text" id = "lastname" name = "lastname" placeholder = "Last Name">
</fieldset>
<fieldset class = "creation">
<legend>Account Details</legend>
Username:<br>
<input type = "text" id = "username" name = "username" placeholder = "Username"><br><br>
Password:<br>
<input type = "password" id = "password1" name = "password1" placeholder = "Password">
<input type = "password" id = "password2" name = "password2" placeholder = "Re-enter Password">
</fieldset>
</p>
<div class = "center">
<input class = "submit" type = "submit" value = "Submit">
</div>
</form>
<!--Buttons-->
<!--WIP-->
<div class = "center">
<br><a href = "login.php"><button class = "create">Cancel</button></a>
</div>
</body>
</html>
\ No newline at end of file
body {
font-family: "Calibri Light", Candara, sans-serif;
}
ul{
margin: 10px auto 10px auto;
padding: 3px;
border-top: 2px solid #000000;
border-bottom: 1px solid #000000;
}
li {
display: inline;
margin: 2px;
}
input.text {
color: #5A5854;
background-color: #FAFAFA;
border: 1px solid #BDBDBD;
border-radius: 5px;
padding: 3px;
}
input.sub_submit {
color: #7D7D7D;
background-color: #FFFFFF;
border: 1px solid #7D7D7D;
border-radius: 5px;
padding: 5px;
float: left;
margin: 3% 0% 0% 1.6%;
}
input.submit, button {
text-transform: uppercase;
color: #5a5854;
background-color: #FFFFFF;
border: none;
border-radius: 10px;
padding: 5px;
width: 19.45%;
}
input.submit:hover, input.sub_submit:hover, button:hover {
color: #FAFAFA !important;
background-color: #343434 !important;
}
button.even, button.odd {
width: 60% !important;
}
table.list {
float: left;
width: 60%;
min-width: 50%;
max-width: 80%;
margin: 0.8%;
}
th, td {
padding: 0.5% 0.5% 0.5% 1%;
}
th {
text-transform: uppercase;
letter-spacing: 0.1em;
font-size: 90%;
border-bottom: 2px solid #111111;
border-top: 1px solid #999999;
text-align: left;
}
tr.even, button.even {
background-color: #EFEFEF;
}
tr:hover {
color: #ECECEC;
background-color: #7B7B7B;
}
p.notif{
float: right;
width: 34%;
margin-right: 2.5%;
margin-top: 0.5%;
padding: 0.4% 0.5% 0.7% 0.5%;
}
fieldset{
float: right;
width: 32%;
margin-right: 2.5%;
padding: 0.4% 0.5% 0.7% 0.5%;
border-radius: 10px;
}
th.money, td.money {
text-align: right;
}
select {
margin: 0.8% 0.8% 0.8% 0.1%;
padding: 1%;
background-color: #FAFAFA;
color: #5A5854;
border-radius: 10px;
width: 42%;
overflow: scroll;
}
label.in {
margin: 0.8% 0.5% 0.8% 0.1%;
padding: 0.3% 0% 0.3% 2%;
float: left;
width: 45%;
}
select, input.text, div.rad {
margin: 0.8% 0.5% 0.8% 0.1% !important;
padding: 1% !important;
}
\ No newline at end of file
<!DOCTYPE html>
<html>
<head>
<title>FooBu Clients</title>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="process_account.php"></li>
<?php
session_start();
#process_account
#display_accounts-2
#print_r($_POST);
#print_r($_SESSION);
#setting up the connection
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
WHERE position <> 'Dev'
ORDER BY account_id ASC";
$result = mysqli_query($mysqli,$sql);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Position: " . $newArray['position']. "<br>";
echo "Mall: " . $newArray['mall_name'] . ", Restaurant: " . $newArray['rest_name']. "<br>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul><li><input class='submit' type='submit' name='accounts_add' value='Add Load'></li></ul></div>";
#should not display Admin and Dev accounts to avoid exploitation
$table_query = "SELECT * FROM account WHERE position = 'Client'";
$message = null;
#check message in $_SESSION
if(isset($_SESSION['message']))
{
$message = $_SESSION['message'];
$notif = "Please select an account.";
if($message == 'promoted') $notif = "Account promoted.";
else if($message == 'loaded') $notif = 'Load added to account.';
else if($message == 'cancelled') $notif = 'Transaction cancelled.';
echo "<p class='notif'> $notif </p>";
}
if(isset($_SESSION['accounts_add']))
{
$_SESSION['accounts_add'] = NULL; #n00b method, but it works for my purposes
$loadee_id = $_SESSION['loadee'];
$select_query = "SELECT first_name FROM account WHERE account_id = '$loadee_id'";
$stmt = $mysqli->query($select_query);
$row = mysqli_fetch_array($stmt,MYSQLI_ASSOC);
echo
"<fieldset class = 'notice'>
<legend> Add Load to " . $row['first_name'] . " </legend>";
echo "<label class='in'>Load Amount: </label>";
echo
"<input class='text' type='text' name='load_amount' value='00.00'><br>
<input class='sub_submit' type='submit' name='add_load' value='Add Load to Account'>
<input class='sub_submit' type='submit' name='cancel' value='Cancel'>
</fieldset>";
#end of display
}
#display mall table contents
echo "<table class='list'>";
echo
"<tr>
<th>Account ID</th>
<th>Name</th>
<th>Username</th>
<th class='money'>Balance</th>
<th>Position</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($mysqli->query($table_query) as $myrow)
{
$id = $myrow['account_id'];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='radio' name='account' value='$id'>", $id;
echo "<td>";
echo $myrow['first_name'], " ", $myrow['middle_name'], " ", $myrow['last_name'];
echo "<td>";
echo $myrow['username'];
echo "<td class = 'number'>";
echo $myrow['load_balance'];
echo "<td>";
echo $myrow['position'];
echo "</tr>";
}
echo "</table>";
#end of display
$_SESSION['message'] = NULL;
}
}?>
</form>
</body>
</html>
\ No newline at end of file
This diff is collapsed.
<?php session_start(); ?>
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function goBack() {
window.location="homepage.php";
}
</script>
<link href="css\database_layout2.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="process_item.php">
<ul>
<!--<li><input class="submit" type="submit" name="delete_all" value="Delete All"></li>-->
<li><input class="submit" type="button" name="back" value="Homepage" onclick="goBack()"></li>
<li><input class="submit" type="submit" name="add" value="Add"></li>
<li><input class="submit" type="submit" name="delete" value="Delete"></li>
<li><input class="submit" type="submit" name="edit" value="Edit"></li>
</ul>
<?php
print_r($_SESSION);
#setting up the connection
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch( PDOException $e ) {
echo "Connection failed: " . $e->getMessage();
}
$mysqli = new mysqli("localhost","root","joel2013","dbadmin");
$account_id = $_SESSION['account_id'];
$sql = "SELECT * FROM account WHERE account_id = " .$account_id;
$result = mysqli_query($mysqli,$sql);
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['mall_id'];
$table_query = "SELECT * FROM item";
$select_query = "SELECT * FROM restaurant";
#$db->query($table_query);
/*if(isset($_POST['delete_all'])) {
$complete_delete_query = "TRUNCATE item";
$db->query($complete_delete_query);
echo "<p class='notif'> List emptied. If you have done this by mistake, then oops. </p>";
}*/
if(isset($_SESSION["message"])) {
if($_SESSION["message"] == "add") { #check if the ADD button was pressed
#display form for ADD MENU ITEM
echo
"<fieldset>
<legend> Add menu item </legend>";
echo "<label class='in'>Insert menu item name: </label>";
echo
"<input class='text' type='text' name='item_name'><br>";
echo "<label class='in'>Insert item price: </label>
<input class='text' type='text' name='price'><br>
<label class='in'>Item type: </label>
<div class='rad'>
<input type='radio' name='item_type' value='Snacks' id='sn'> <label for='sn'>Snacks</label>
<input type='radio' name='item_type' value='Drinks' id='dr'> <label for='dr'>Drinks</label><br>
</div>
<label class='in'>Availability: </label>
<div class='rad'>
<input type='radio' name='avail' value='yes' id='y'> <label for='y'>Available</label>
<input type='radio' name='avail' value='no' id='n'> <label for='n'>Not Available</label>
</div>
<input class='sub_submit' type='submit' name='add_item' value='Add Menu Item'>
<input class='sub_submit' type='submit' name='cancel' value='Cancel'>
</fieldset>";
}
else if($_SESSION["message"] == "delete") { #check if the DELETE button was pressed
echo "<p class='notif'> Item(s) deleted. </p>";
}
else if($_SESSION["message"] == "edit") {
#print_r($_POST); #for checking purposes
$edit_entry_id = $_SESSION['edit_id'];
$select_query = "SELECT * FROM item WHERE item_id = '$edit_entry_id'";
$stmt = $db->query($select_query);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$edit_item_name = $row['item_name'];
$edit_item_price = $row['price'];
if($edit_item_name == NULL) {
echo
"<p class='notif'> Please select one (1) menu item entry to edit, then click [Edit]. <br> <br>
Note that if multiple entries are selected, only the <b>first one</b> selected on the list will be considered for editing.
</p>";
}
else {
#display form for EDIT MENU ITEM
echo
"<fieldset>
<legend> Edit menu item </legend>";
echo "<label class='in'>Insert new menu item name: </label>";
echo
"<input class='text' type='text' name='new_item_name' value='$edit_item_name'><br>";
echo "<label class='in'>Insert new item price: </label>
<input class='text' type='text' name='new_price' value='$edit_item_price'><br>
<label class='in'>New item type: </label>
<div class='rad'>
<input type='radio' name='new_item_type' value='Snacks' id='sn'> <label for='sn'>Snacks</label>
<input type='radio' name='new_item_type' value='Drinks' id='dr'> <label for='dr'>Drinks</label><br>
</div>
<label class='in'>Availability: </label>
<div class='rad'>
<input type='radio' name='change_avail' value='yes' id='y'> <label for='y'>Available</label>
<input type='radio' name='change_avail' value='no' id='n'> <label for='n'>Not Available</label>
</div>
<input class='sub_submit' type='submit' name='edit_item' value='Save Changes'>
<input class='sub_submit' type='submit' name='cancel' value='Cancel'>
<input type='hidden' name='id' value='$edit_entry_id'><!--#to send item_id-->
</fieldset>";
}
}
else if($_SESSION["message"] == "add_item") {
echo "<p class='notif'> Item added. </p>";
}
else if($_SESSION["message"] == "edit_item") {
echo "<p class='notif'> Item updated. </p>";
}
}
#display item table contents
echo "<table class='list'>";
echo
"<tr>
<th>Item ID</th>
<th>Item Name</th>
<th class='money'>Price</th>
<th>Type</th>
<th>Is Available</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($db->query($table_query) as $myrow) {
$checkbox_id = $myrow["item_id"];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#for readability
$availability = 'Yes';
if($myrow["is_available"] == 0) $availability = 'No';
else $availability = 'Yes';
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["item_id"];
echo "<td>";
echo $myrow["item_name"];
echo "<td class='money'>";
echo $myrow["price"];
echo "<td>";
echo $myrow["type"];
echo "<td>";
echo $availability;
echo "</tr>";
}
echo "</table>";
#end of display
$_SESSION["message"] = NULL;
$_SESSION["edit_id"] = NULL;
?>
</form>
</body>
</html>
\ No newline at end of file
This diff is collapsed.
<!DOCTYPE html>
<html>
<head>
<head>
<title>All FooBu Malls</title>
<script type="text/javascript">
function validate(val) {
if(val == "Add Mall") {
var x = document.forms["main_form"]["mall_name"].value;
if(x == null || x == "") {
alert("Please put a valid mall name.");
return false;
}
}
else if(val == "Save Changes") {
var y = document.forms["main_form"]["new_mall_name"].value;
if(y == null || y == "") {
alert("Please put a new valid mall name.");
return false;
}
}
}
function viewPage() {
window.location = "display_malls.php";
}
function goBack() {
window.location = "homepage.php";
}
</script>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="display_malls.php" onsubmit="return validate()">
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Position: " . $newArray['position']. "<br>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul>
<!--<li><input class='submit' type='submit' name='delete_all' value='Delete All'></li>-->
<li><input class='submit' type='button' name='view' value='View List' onclick='viewPage()'></li>
<li><input class='submit' type='submit' name='add' value='Add' onsubmit='redirect()'></li>
<li><input class='submit' type='submit' name='delete' value='Delete'></li>
<li><input class='submit' type='submit' name='edit' value='Edit'></li>
</ul></div>";
#Doesn't work fak, but I might need it, so I'll keep it
/*session_start();
if(isset($_SESSION['add']) != NULL || isset($_SESSION['delete']) != NULL || isset($_SESSION['edit']) != NULL || isset($_SESSION['delete_all']) != NULL) {
if(($_SESSION['add'] == $_POST['add']) || ($_SESSION['delete'] == $_POST['delete']) || ($_SESSION['edit'] == $_POST['edit']) || ($_SESSION['delete_all'] == $_POST['delete_all'])) {
header("Location: display_malls.php");
}
}
else {
if(isset($_POST['add'])) {
$_SESSION['add'] = $_POST['add'];
}
else if(isset($_POST['delete'])) {
$_SESSION['delete'] = $_POST['delete'];
}
else if(isset($_POST['edit'])) {
$_SESSION['edit'] = $_POST['edit'];
}
else if(isset($_POST['delete_all'])) {
$_SESSION['delete_all'] = $_POST['delete_all'];
}
}*/
$table_query = "SELECT * FROM mall";
#$db->query($table_query);
/*if(isset($_POST['delete_all'])) {
$complete_delete_query = "TRUNCATE mall";
$db->query($complete_delete_query);
echo "<p class='notif'> List emptied. If you have done this by mistake, then oops. </p>";
}*/
if(isset($_POST['add']))
{ #check if the ADD button was pressed
#display form for ADD MALL
echo
"<fieldset class = 'notice'>
<legend> Add New Mall </legend>
<!--<form name='add_form' method='post' action='display_malls.php'>-->";
echo "<label class='in'>New Mall Name: </label>";
echo
"<input class='text' type='text' name='mall_name'>
<input class='sub_submit' type='submit' name='add_mall' value='Add Mall' onclick='return validate(this.value)'>
<!--</form>-->
</fieldset>";
#end of display
}
else if(isset($_POST['delete']))
{ #check if the DELETE button was pressed
#print_r($_POST); #for checking purposes
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the mall list
$delete_entry = $myrow["mall_id"]; #assign current entry's mall_id to variable
if(isset($_POST[$delete_entry]) != NULL)
{ #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$delete_query = "DELETE FROM mall WHERE mall_id = '$delete_entry'";
$delete_result = mysqli_query($mysqli,$delete_query);
if($delete_result === TRUE)
{
echo "<p class='notif'> Mall(s) deleted. </p>";
}
else
{
echo "<p class='notif'> Can't delete: Accounts/Restaurants are tied to this Mall!<br> Try to reassign the Accounts or Delete Restaurants from this Mall first then Delete!</p>";
}
}
}
}
else if(isset($_POST['edit']))
{
#print_r($_POST); #for checking purposes
$edit_mall_name = NULL;
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the mall list
$edit_entry_id = $myrow["mall_id"]; #assign current entry's mall_id to variable
if(isset($_POST[$edit_entry_id]) != NULL)
{ #check if the entry's checkbox was selected (meaning the entry should be deleted)
$edit_mall_name = $myrow["mall_name"]; #assign entry's mall name to variable
break; #get out of loop
}
}
if($edit_mall_name == NULL)
{
echo
"<p class='notif'> Please select one (1) mall entry to edit, then click [Edit]. <br> <br>
Note that if multiple entries are selected, only the <b>first one</b> selected on the list will be considered for editing.
</p>";
}
else
{
#display form for EDIT MALL
echo
"<fieldset class = 'notice'>
<legend> Edit Mall Data </legend>
<!--<form name='edit_form' method='post' action='display_malls.php'>-->";
echo "<label class='in'>Mall Name: </label>";
echo
"<input class='text' type='text' name='new_mall_name' value='$edit_mall_name'><br>
<input class='sub_submit' type='submit' name='edit_mall' value='Save Changes' onclick='return validate(this.value)'>
<input type='hidden' name='id' value='$edit_entry_id'><!--#to send mall_id-->
<!--</form>-->
</fieldset>";
}
}
else if(isset($_POST['add_mall']))
{
$mall_name = $_POST['mall_name']; #get the mall name from the textbox named "mall_name"
#print_r($_POST); #for checking purposes
#execute insertion
$insert_query = "INSERT INTO mall(mall_name) VALUES ('$mall_name')";
$mysqli->query($insert_query);
echo "<p class='notif'> Mall added. </p>";
#header("Location: display_malls.php"); #to avoid refresh issues
}
else if(isset($_POST['edit_mall']))
{
$new_mall_name = $_POST['new_mall_name']; #get the mall name from the textbox named "new_mall_name"
$mall_id = $_POST['id']; #get the mall id from the hidden input component of the form named "id"
#print_r($_POST); #for checking purposes
#execute update
$update_query = "UPDATE mall SET mall_name = '$new_mall_name' WHERE mall_id = '$mall_id'";
$mysqli->query($update_query);
echo "<p class='notif'> Mall updated. </p>";
#header("Location: display_malls.php"); #to avoid refresh issues
}
#display mall table contents
echo "<table class='list'>";
echo
"<tr>
<th>Mall ID</th>
<th>Mall Name</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($mysqli->query($table_query) as $myrow)
{
$checkbox_id = $myrow["mall_id"];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["mall_id"];
echo "<td>";
echo $myrow["mall_name"];
echo "</tr>";
}
echo "</table>";
}
}
#end of display
?>
</form>
</body>
</html>
\ No newline at end of file
<?php session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
#setting up the connection
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
$id = $_SESSION['account_id'];
$mysqli = new mysqli("localhost","root","","dbadmin");
$sql = "SELECT * FROM account
INNER JOIN mall ON account.mall_id = mall.mall_id
WHERE account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$mall_id = $account['mall_id'];
$position = $account['position'];
$sql2 = "SELECT * FROM mall
WHERE mall_id = ".$mall_id;
$result2 = mysqli_query($mysqli,$sql2);
$account2 = mysqli_fetch_array($result2, MYSQLI_ASSOC);
echo "<html>
<head>
<title>".$account2['mall_name']." Orders</title>
<script type='text/javascript'>
function goBack() {
window.location = 'homepage.php';
}
</script>
<link href='styles.css' type='text/css' rel='stylesheet'>
</head>
<body>
<form name='main_form' method='post' action='display_order.php'>
</head>
<body>";
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Position: " . $account['position']. "<br>";
echo "Mall: " . $account['mall_name'];
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul>
<li><input class='submit' type='submit' name='view' value='View Order'></li>
<li><input class='submit' type='submit' name='dibs' value='Dibs'></li>
<li><input class='submit' type='submit' name='delivered' value='Delivered'></li>
</ul></div>";
$table_query = "SELECT * FROM orders a
INNER JOIN mall b ON a.mall_id = b.mall_id
INNER JOIN account c ON a.account_id = c.account_id
WHERE a.mall_id = " .$mall_id. " AND a.status != 'Delivered'";
$zz = "SELECT * from orderitems a
INNER JOIN orders b ON a.order_id = b.order_id
INNER JOIN account c ON b.account_id = c.account_id";
$table2_query = "SELECT * FROM orderitems";
if(isset($_POST['dibs'])) { #check if the dibs button was pressed
#change status to preparing
foreach ($db->query($table_query) as $myrow) { #for all entries in the item list
$dibs_entry = $myrow["order_id"]; #assign current entry's item_id to variable
$client_id = $myrow['account_id'];
if(isset($_POST[$dibs_entry]) != NULL) { #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute change
#changing the status and placing boy
$update_query = "UPDATE orders SET status = 'Assembling', boy_id = '$id' WHERE order_id = '$dibs_entry'";
$db->query($update_query);
#creating a message that it is being done
$boy_id = $_SESSION['account_id'];
$boy_acc_query = "SELECT * FROM account WHERE account_id = " . $boy_id;
$sender_acc_result = mysqli_query($mysqli,$boy_acc_query);
$senderAccArray = mysqli_fetch_array($sender_acc_result, MYSQLI_ASSOC);
$sender_acc= $senderAccArray['first_name'] . " ''".$senderAccArray['username']."'' " . $senderAccArray['last_name'];
$msg = "Your Order has been received by " . $sender_acc. "! Please wait for 20 mins!";
$message_query = "INSERT INTO message (recipient_id,sender_id,msg_date,msg) VALUES ( ".$client_id.", " .$boy_id .", now(), '".$msg."')";
$result = mysqli_query($mysqli,$message_query);
}
}
}
else if(isset($_POST['view'])){ #check if the VIEW ORDER button was pressed
echo
"<fieldset class = 'notice'>
<legend> Order Items </legend>";
echo "<table>";
echo
"<tr>
<th>Restaurant</th>
<th>Food Item</th>
<th>Quantity</th>
</tr>";
foreach ($db->query($zz) as $myrow) { #for all entries in the order item list
$display_entry = $myrow["order_id"]; #assign current entry's item_id to variable
if(isset($_POST[$display_entry]) != NULL) { #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
$checkbox_id = $myrow["order_id"];
$cust_id = $myrow['account_id'];
#for layout purposes start
#end
#echo $checkbox_id; #for checking purposes
echo "<td>";
$rest_name_query = "SELECT rest_name FROM restaurant
INNER JOIN item ON restaurant.rest_id = item.rest_id
WHERE item_id = " . $myrow['item_id'];
$rest_name_result = mysqli_query($mysqli,$rest_name_query);
$rest_Array = mysqli_fetch_array($rest_name_result, MYSQLI_ASSOC);
$rest_name= $rest_Array['rest_name'];
echo $rest_name;
echo "</td><td>";
$item_name_query = "SELECT item_name FROM item WHERE item_id = " . $myrow['item_id'];
$item_name_result = mysqli_query($mysqli,$item_name_query);
$item_Array = mysqli_fetch_array($item_name_result, MYSQLI_ASSOC);
$item_name= $item_Array['item_name'];
echo $item_name;
echo "</td><td class = 'number'>";
echo $myrow["item_qty"];
echo "</td>";
echo "</tr>";
}
}
echo "</table>";
echo "</fieldset>";
}
#CHECK CASCADE DELETE
else if(isset($_POST['delivered'])) { #check if the DELETE button was pressed
#print_r($_POST); #for checking purposes
foreach ($db->query($table_query) as $myrow) { #for all entries in the item list
$delivered_entry = $myrow["order_id"]; #assign current entry's item_id to variable
if(isset($_POST[$delivered_entry]) != NULL) { #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$select_order_query = "SELECT status FROM orders WHERE order_id = $delivered_entry";
foreach(mysqli_query($mysqli,$select_order_query) as $myRow)
{
if($myrow['status']== 'Assembling')
{
$delivered_query = "UPDATE orders SET status = 'Delivered' WHERE order_id = '$delivered_entry'";
$db->query($delivered_query);
}
else
{
echo "Cannot deliver an order if no one is assigned to it yet!";
}
}
}
}
}
#display mall table contents
echo "<table class='list'>";
echo
"<tr>
<th>Order ID</th>
<th>Time Received</th>
<th>Username</th>
<th>Mall</th>
<th>Cinema</th>
<th>Seat Number</th>
<th>Status</th>
<th>Boy in-Charge</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($db->query($table_query) as $myrow) {
$checkbox_id = $myrow["order_id"];
$boy_id = $myrow['boy_id'];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["order_id"];
echo "</td><td class = 'number'>";
echo $myrow["order_time"];
echo "</td><td>";
echo $myrow["username"];
echo "</td><td>";
echo $myrow["mall_name"];
echo "</td><td class = 'number'>";
echo $myrow["cinema_num"];
echo "</td><td class = 'number'>";
echo $myrow["seat_num"];
echo "</td><td>";
echo $myrow["status"];
echo "</td>";
echo "</td><td>";
if($boy_id != null)
{
$boy_acc_query = "SELECT * FROM account WHERE account_id = " . $boy_id;
$sender_acc_result = mysqli_query($mysqli,$boy_acc_query);
$senderAccArray = mysqli_fetch_array($sender_acc_result, MYSQLI_ASSOC);
$sender_acc= $senderAccArray['first_name'] . " ''".$senderAccArray['username']."'' " . $senderAccArray['last_name'];
echo $sender_acc;
}
echo "</td>";
echo "</tr>";
}
echo "</table>";
#end of display
?>
</body>
</html>
\ No newline at end of file
<!DOCTYPE html>
<html>
<head>
<link href="css\database_layout2.css" type="text/css" rel="stylesheet">
</head>
<body>
<?php
#setting up the connection
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
#Doesn't work fak, but I might need it, so I'll keep it
/*session_start();
if(isset($_SESSION['add']) != NULL || isset($_SESSION['delete']) != NULL || isset($_SESSION['edit']) != NULL || isset($_SESSION['delete_all']) != NULL) {
if(($_SESSION['add'] == $_POST['add']) || ($_SESSION['delete'] == $_POST['delete']) || ($_SESSION['edit'] == $_POST['edit']) || ($_SESSION['delete_all'] == $_POST['delete_all'])) {
header("Location: display_malls.php");
}
}
else {
if(isset($_POST['add'])) {
$_SESSION['add'] = $_POST['add'];
}
else if(isset($_POST['delete'])) {
$_SESSION['delete'] = $_POST['delete'];
}
else if(isset($_POST['edit'])) {
$_SESSION['edit'] = $_POST['edit'];
}
else if(isset($_POST['delete_all'])) {
$_SESSION['delete_all'] = $_POST['delete_all'];
}
}*/
$table_query = "SELECT * FROM orderitems a
INNER JOIN item b ON a.item_id = b.item_id
INNER JOIN restaurant c ON b.rest_id = c.rest_id
ORDER BY a.order_id ASC";
#display mall table contents
echo "<table class='list'>";
echo
"<tr>
<th>From Order ID</th>
<th>Restaurant</th>
<th>Item Name</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($db->query($table_query) as $myrow) {
$checkbox_id = $myrow["orderitem_id"];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["order_id"];
echo "</td><td>";
echo $myrow["rest_name"];
echo "</td><td>";
echo $myrow["item_name"];
echo "</td>";
echo "</tr>";
}
echo "</table>";
#end of display
?>
</body>
</html>
\ No newline at end of file
<?php session_start();?>
<!DOCTYPE html>
<html>
<head>
<title>Your Claimed Orders</title>
<script type="text/javascript">
function goBack() {
window.location = "homepage.php";
}
</script>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="display_orders_to_be_prepared.php">
</head>
<body>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Position: " . $account['position']. "<br>";
echo "Mall: " . $account['mall_name'];
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul>
<li><input class='submit' type='submit' name='sortA' value='Sort by Account'></li>
<li><input class='submit' type='submit' name='sortR' value='Sort by Restaurant'></li>
</ul></div>";
$table_query = "SELECT * from orderitems a
INNER JOIN orders b ON a.order_id = b.order_id
INNER JOIN account c ON b.account_id = c.account_id
WHERE b.boy_id = " .$id. " AND b.status = 'Assembling'";
if(isset($_POST['sortA']))
{ #Sort by Account
$id = $_SESSION['account_id'];
$table_query = "SELECT * from orderitems a
INNER JOIN orders b ON a.order_id = b.order_id
INNER JOIN account c ON b.account_id = c.account_id
WHERE b.boy_id = ".$id."
AND b.status = 'Assembling'
ORDER BY c.account_id";
}
else if(isset($_POST['sortR'])){ #Sort by Restaurant
$id = $_SESSION['account_id'];
$table_query = "SELECT * from orderitems a
INNER JOIN orders b ON a.order_id = b.order_id
INNER JOIN item c ON a.item_id = c.item_id
INNER JOIN restaurant d ON c.rest_id = d.rest_id
WHERE b.boy_id = ".$id."
AND b.status = 'Assembling'
ORDER BY d.rest_id";
}
else if(isset($_POST['deliver']))
{ #check if the DIBS button was pressed
#send notification to client (wala pa to)
}
#CHECK CASCADE DELETE
else if(isset($_POST['delete']))
{ #check if the DELETE button was pressed
#print_r($_POST); #for checking purposes
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the item list
$delete_entry = $myrow["order_id"]; #assign current entry's item_id to variable
if(isset($_POST[$delete_entry]) != NULL)
{ #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$deleteitem_query = "DELETE FROM orderitems WHERE order_id = '$delete_entry'";
$mysqli->query($deleteitem_query);
$delete_query = "DELETE FROM orders WHERE order_id = '$delete_entry'";
$mysqli->query($delete_query);
}
}
}
#display mall table contents
echo "<table class='special'>";
echo
"<tr>
<th>Account</th>
<th>Restaurant</th>
<th>Food Item</th>
<th>Quantity</th>
<th>Cinema</th>
<th>Seat Number</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($mysqli->query($table_query) as $myrow)
{
$checkbox_id = $myrow["order_id"];
$cust_id = $myrow['account_id'];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
#echo $checkbox_id; #for checking purposes
echo "<tr class='$class'> <td>";
$boy_acc_query = "SELECT * FROM account WHERE account_id = " . $cust_id;
$sender_acc_result = mysqli_query($mysqli,$boy_acc_query);
$senderAccArray = mysqli_fetch_array($sender_acc_result, MYSQLI_ASSOC);
$sender_acc= $senderAccArray['first_name'] . " ''".$senderAccArray['username']."'' " . $senderAccArray['last_name'];
echo $sender_acc;
echo "</td><td>";
$rest_name_query = "SELECT rest_name FROM restaurant
INNER JOIN item ON restaurant.rest_id = item.rest_id
WHERE item_id = " . $myrow['item_id'];
$rest_name_result = mysqli_query($mysqli,$rest_name_query);
$rest_Array = mysqli_fetch_array($rest_name_result, MYSQLI_ASSOC);
$rest_name= $rest_Array['rest_name'];
echo $rest_name;
echo "</td><td>";
$item_name_query = "SELECT item_name FROM item WHERE item_id = " . $myrow['item_id'];
$item_name_result = mysqli_query($mysqli,$item_name_query);
$item_Array = mysqli_fetch_array($item_name_result, MYSQLI_ASSOC);
$item_name= $item_Array['item_name'];
echo $item_name;
echo "</td><td class = 'number'>";
echo $myrow["item_qty"];
echo "</td><td class = 'number'>";
echo $myrow["cinema_num"];
echo "</td><td class = 'number'>";
echo $myrow["seat_num"];
echo "</td>";
echo "</tr>";
}
echo "</table>";
}
}
#end of display
?>
</body>
</form>
</html>
\ No newline at end of file
<!DOCTYPE html>
<html>
<head>
<title>All FooBu Restaurants</title>
<script type="text/javascript">
function viewPage() {
window.location = "display_rest.php";
}
function goBack() {
window.location = "homepage.php";
}
</script>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form name="main_form" method="post" action="display_rest.php">
<?php
session_start();
#setting up the connection
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Position: " . $newArray['position']. "<br>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
echo "<div class = 'center'><ul>
<!--<li><input class='submit' type='submit' name='delete_all' value='Delete All'></li>-->
<li><input class='submit' type='button' name='view' value='View List' onclick='viewPage()'></li>
<li><input class='submit' type='submit' name='add' value='Add'></li>
<li><input class='submit' type='submit' name='delete' value='Delete'></li>
<li><input class='submit' type='submit' name='edit' value='Edit'></li>
</ul></div>";
$select_query = "SELECT * FROM mall";
$table_query = "SELECT * FROM restaurant INNER JOIN mall ON restaurant.mall_id = mall.mall_id";
$result3 = mysqli_query($mysqli,$select_query);
#$db->query($table_query);
#print_r($_POST); #for checking purposes
/*if(isset($_POST['delete_all'])) {
$complete_delete_query = "TRUNCATE restaurant";
$db->query($complete_delete_query);
echo "<p class='notif'> List emptied. If you have done this by mistake, then oops. </p>";
}*/
if(isset($_POST['add']))
{ #check if the ADD button was pressed
#display form for ADD RESTAURANT
echo
"<fieldset class = 'notice'>
<legend> Add New Restaurant </legend>";
echo "<label class='in'>New Restaurant Name: </label>";
echo
"<input class='text' type='text' name='rest_name'><br>";
echo
"<label class='in'>Select Mall: </label>
<select class='mall_list' name='malls'>
<option value='0' selected>Choose a Mall</option>";
foreach(mysqli_query($mysqli,$select_query) as $option)
{
$r_id = $option['mall_id'];
$mall_name = $option['mall_name'];
echo "<option value='$r_id'>$mall_name</option>";
}
echo
"</select><br>
<input class='sub_submit' type='submit' name='add_rest' value='Add Restaurant'>
</fieldset>";
#end of display
}
else if(isset($_POST['delete']))
{ #check if the DELETE button was pressed
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the restaurant list
$delete_entry = $myrow["rest_id"]; #assign current entry's rest_id to variable
if(isset($_POST[$delete_entry]) != NULL)
{ #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$delete_query = "DELETE FROM restaurant WHERE rest_id = '$delete_entry'";
$delete_result = mysqli_query($mysqli,$delete_query);
if($delete_result === TRUE)
{
echo "<p class='notif'> Restaurant(s) deleted. </p>";
}
else
{
echo "<p class='notif'> Can't delete: Accounts are tied to this Restaurant! Try to reassign the Accounts from this Restaurant first then Delete!</p>";
}
}
}
}
else if(isset($_POST['edit']))
{
$edit_rest_name = NULL;
foreach ($mysqli->query($table_query) as $myrow)
{ #for all entries in the restaurant list
$edit_entry_id = $myrow["rest_id"]; #assign current entry's rest_id to variable
if(isset($_POST[$edit_entry_id]) != NULL)
{ #check if the entry's checkbox was selected (meaning the entry should be deleted)
$edit_rest_name = $myrow["rest_name"]; #assign entry's restaurant name to variable
break; #get out of loop
}
}
if($edit_rest_name == NULL)
{
echo
"<p class='notif'> Please select one (1) restaurant entry to edit, then click [Edit]. <br> <br>
Note that if multiple entries are selected, only the <b>first one</b> selected on the list will be considered for editing.
</p>";
}
else
{
#display form for EDIT RESTAURANT
echo
"<fieldset class = 'notice'>
<legend> Edit Restaurant Data </legend>";
echo "<label class='in'>Restaurant Name: </label>";
echo
"<input class='text' type='text' name='new_rest_name' value='$edit_rest_name'><br>";
echo
"<label class='in'>Select Mall: </label>
<select class='mall_list' name='malls'>
<option value='0'>Choose a Mall</option>";
foreach($mysqli->query($select_query) as $option)
{
$id = $option['mall_id'];
$name = $option['mall_name'];
echo "<option value='$id'>[$id] $name</option>";
}
echo
"</select><br>
<input class='sub_submit' type='submit' name='edit_rest' value='Save Changes'>
<input type='hidden' name='id' value='$edit_entry_id'><!--#to send rest_id-->
</fieldset>";
}
}
else if(isset($_POST['add_rest']))
{
$rest_name = $_POST['rest_name']; #get the restaurant name from the textbox named "rest_name"
$rest_mall_id = $_POST['malls']; #get the mall name from the dropdown list called "malls"
#execute insertion
#temporarily hard-coded to insert mall_id
$insert_query = "INSERT INTO restaurant(mall_id, rest_name) VALUES ('$rest_mall_id', '$rest_name')";
$mysqli->query($insert_query);
echo "<p class='notif'> Restaurant added. </p>";
}
else if(isset($_POST['edit_rest']))
{
$new_rest_name = $_POST['new_rest_name']; #get the restaurant name from the textbox named "new_rest_name"
$new_rest_mall_id = $_POST['malls'];
$rest_id = $_POST['id']; #get the restaurant id from the hidden input component of the form named "id"
#execute update
$update_query = "UPDATE restaurant SET rest_name = '$new_rest_name', mall_id = '$new_rest_mall_id' WHERE rest_id = '$rest_id'";
$mysqli->query($update_query);
echo "<p class='notif'> Restaurant updated. </p>";
}
#display restaurant table contents
echo "<table class='list'>";
echo
"<tr>
<th>Restaurant ID</th>
<th>Mall ID</th>
<th>Restaurant Name</th>
</tr>";
#for layout purposes start
$num = 0;
$class = "even";
#end
foreach ($mysqli->query($table_query) as $myrow)
{
$checkbox_id = $myrow["rest_id"];
#for layout purposes start
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
#end
echo "<tr class='$class'> <td>";
echo "<input type='checkbox' name='$checkbox_id'>", " ", $myrow["rest_id"];
echo "<td>";
echo $myrow["mall_name"];
echo "<td>";
echo $myrow["rest_name"];
echo "</tr>";
}
echo "</table>";
}
}
#end of display
?>
</form>
</body>
</html>
\ No newline at end of file
<?php
$mysqli = mysqli_connect("localhost","root","joel2013","testDB");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$clean_id = $_POST["item"];
$clean_text = mysqli_real_escape_string($mysqli, $_POST["textfield"]);
$sql = "UPDATE testTable SET testField = '".$clean_text."' WHERE id = ".$clean_id."";
$res = mysqli_query($mysqli,$sql) or die (mysqli_error($mysqli));
if($res === TRUE)
{
echo "Record has been edited.";
}
else{
printf("Could not edit record: %s\n",mysqli_error($mysqli ));
}
mysqli_close($mysqli);
}
?>
<!DOCTYPE html>
<html>
<head><title>TEST</title></head>
<body>
<a href = "edit_form.html"><button>Back to Edit!</button></a>
</body>
</html>
\ No newline at end of file
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head><title>Edit FooBu Account</title>
<script>
function validateForm() {
var a = document.forms["myForm"]["firstname"].value;
var b= document.forms["myForm"]["middlename"].value;
var c = document.forms["myForm"]["lastname"].value;
if (a== "" || b == "" || c == "") {
alert("Pls put input!");
return false;
}
}
</script>
</head>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
<body>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $account['position']. "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $account['mall_name'] . ", Restaurant: " . $account['rest_name']. "<br>";
else echo "Mall: " . $account['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
}
}
?>
<h1>Edit Account</h1>
<p>
<form action = "checkedit.php" onsubmit = "return validateForm()" method = "POST" name = "myForm">
<fieldset class = "creation">
<legend>Personal Information</legend>
Full Name:<br>
<input type = "text" id = "firstname" name = "firstname" placeholder = "First Name">
<input type = "text" id = "middlename" name = "middlename" placeholder = "Middle Name">
<input type = "text" id = "lastname" name = "lastname" placeholder = "Last Name">
</fieldset>
</p>
<div class = "center">
<input class = "submit" type = "submit" value = "Submit">
</div>
</form>
<!--Buttons-->
<!--WIP-->
<div class = "center">
<br><a href = "homepage.php"><button>Cancel</button></a>
</div>
</body>
</html>
\ No newline at end of file
<!DOCTYPE html>
<html>
<head><title>TEST</title></head>
<body>
<form method = "post" action = "edit.php">
<p><label for = "item">Which item to edit:</label></br>
<input type = "text" id = "item" name = "item"></p>
<p><label for = "textfield">Edit into What:</label></br>
<input type = "text" id = "textfield" name = "textfield"></p>
<button type = "submit" name = "submit" value = "edit">Edit Record</button>
</form>
</body>
</html>
\ No newline at end of file
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head><title>Edit FooBu Password</title>
<script>
function validateForm() {
var a = document.forms["myForm"]["old_password"].value;
var b= document.forms["myForm"]["password1"].value;
var c = document.forms["myForm"]["password2"].value;
if (a== "" || b == "" || c == "") {
alert("Please fill in all fields.");
return false;
}else if(b != c)
{
alert("New Passwords are not equal!");
return false;
}
}
</script>
</head>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
<body>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $account['position']. "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $account['mall_name'] . ", Restaurant: " . $account['rest_name']. "<br>";
else echo "Mall: " . $account['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
}
}
?>
<h1>Edit Password</h1>
<p>
<form action = "checkPassedit.php" onsubmit = "return validateForm()" method = "POST" name = "myForm">
<fieldset class = "creation">
<legend>Password</legend>
Old Password:<br>
<input type = "password" id = "old_password" name = "old_password" placeholder = "Old Password"><br><br>
New Password:<br>
<input type = "password" id = "password1" name = "password1" placeholder = "New Password">
<input type = "password" id = "password2" name = "password2" placeholder = "Re-enter New Password">
</fieldset>
</p>
<div class = 'center'>
<input class = "submit" type = "submit" value = "Submit">
</div>
</form>
<!--Buttons-->
<!--WIP-->
</body>
</html>
\ No newline at end of file
<!DOCTYPE html>
<html>
<body>
<form method = "post" action = "test.php">
<input type = "submit" value = "Back">
</form>
<?php
// Get a connection for the database
require_once('mysqli_connect.php');
// Create a query for the database
$query = "SELECT AccountID, FirstName, LastName FROM Account";
// Get a response from the database by sending the connection
// and the query
$response = @mysqli_query($dbc, $query);
// If the query executed properly proceed
if($response){
echo '<table align="left"
cellspacing="5" cellpadding="8">
<tr><td align="left"><b>Account ID</b></td>
<td align="left"><b>First Name</b></td>
<td align="left"><b>Last Name</b></td>></tr>';
// mysqli_fetch_array will return a row of data from the query
// until no further data is available
while($row = mysqli_fetch_array($response)){
echo '<tr><td align="left">' .
$row['AccountID'] . '</td><td align="left">' .
$row['FirstName'] . '</td><td align="left">' .
$row['LastName'] . '</td><td align="left">';
echo '</tr>';
}
echo '</table>';
} else {
echo "Couldn't issue database query<br />";
echo mysqli_error($dbc);
}
// Close connection to the database
mysqli_close($dbc);
?>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>FooBu Homepage</title>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
</head>
<body>
<form action = "checkcreate.php" onsubmit = "return validateForm()" method = "POST" name = "myForm">
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $account['position'] . "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $account['mall_name'] . " Restaurant: " . $account['rest_name']. "<br>";
else echo "Mall: " . $account['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div>";
}
}
?>
<br><br><br><br><br><br>
<div class = "promo">
<h1>Tis' the Season to be Jolly</h1>
<p>December 1, 2015 - FooBu</p>
<img src="star_wars_christmas_3.jpg" title="Christmas Promo"/>
<p>Christmas is just around the corner! What better way to celebrate than to watch the upcoming Star Wars film! You can win a movie-date to Star Wars VII: The Force Awakens presented by FoodBuddy and Ayala Malls Cinema. For every P500 worth of purchase in Trinoma restaurants, you automatically have a chance to win two tickets for a December 20 screening!
</p>
<p>May the Force be with you and Merry Christmas!</p>
</div>
<div>
<br><br><br>
<p class = "rights">FoodBuddy&copy is a project for movie-lovers, food enthusiasts and philanthropists by Joel Torrijos, Viktor Dela Cruz, April Guevara and Adrian Cordero.</p>
</div>
</body>
</html>
\ No newline at end of file
This diff is collapsed.
login.jpg

11.3 KB

<!DOCTYPE html>
<html>
<head>
<title>FooBu Log In</title>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
</head>
<body><br><br>
<img class = 'login' src='login.jpg' title='Welcome!' align = 'middle'/>
<h1>Your One-Stop Movie Snack Shop</h1>
<form action = "checklogin.php" style = "text-align:center" method = "post">
<p>Username:<br>
<input type = "text" name = "username" placeholder = "Username"></p><p>
Password:<br>
<input type = "password" name = "password" placeholder = "Password"></p>
<br><input class = "submit" type = "submit" value = "Login">
</form>
<div class = "center">
<br><p>OR</p><br>
<a href = "create_account.php" ><button style = "text-align:center">Create Account</button></a>
</div>
</body>
</html>
\ No newline at end of file
logo.jpg

24.5 KB

<?php
session_start();
session_destroy();
header("location:login.php");
?>
\ No newline at end of file
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<html>
<head>
<title>Available Menus</title>
<link href='styles.css' type='text/css' rel='stylesheet'>
<script>
function askForQuantity(button) {
var lol = button;
var qty = prompt('How many orders do you want?');
if(qty > 0)
{
document.location = 'add_to_cart.php?id='+lol+'&qty='+qty;
}
}
</script>
</head>
<body>
<form name='main_form' method='post' action='menu.php'>";
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Load: " . $newArray['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
$temp = $_COOKIE['PHPSESSID'];
//echo "$temp";
if(isset($_POST['chooseMall']))
{
echo "<div class = 'center'>";
$mall_id = $_POST['mall'];
$_SESSION['mall_id'] = $mall_id;
$rest_query = "SELECT * FROM restaurant WHERE mall_id = " . $mall_id;;
echo
"<select class='rest_list' name='rest'>
<option value='0' selected>Choose a Restaurant</option>";
foreach(mysqli_query($mysqli,$rest_query) as $option) {
$r_id = $option['rest_id'];
$rest_name = $option['rest_name'];
echo "<option value='$r_id'>$rest_name</option>";
}
echo "</select>";
echo "<input class='submit' type='submit' name='chooseRest' value='Choose a Restaurant'>";
echo "<div class = 'center'>";
}
else if(isset($_SESSION['mall_id']))
{
echo "<div class = 'center'>";
$mall_id = $_SESSION['mall_id'];
$_SESSION['mall_id'] = $mall_id;
$rest_query = "SELECT * FROM restaurant WHERE mall_id = " . $mall_id;;
echo
"<select class='rest_list' name='rest'>
<option value='0' selected>Choose a Restaurant</option>";
foreach(mysqli_query($mysqli,$rest_query) as $option) {
$r_id = $option['rest_id'];
$rest_name = $option['rest_name'];
echo "<option value='$r_id'>$rest_name</option>";
}
echo "</select>";
echo "<input class='submit' type='submit' name='chooseRest' value='Choose a Restaurant'>";
echo "</div>";
}
}
?>
</form>
<?php
$currentRest = 0;
if(isset($_POST['chooseRest']))
{
$currentRest = $_POST['rest'];
$_SESSION['rest_id'] = $currentRest;
}
else if(isset($_POST['rest']))
{
$currentRest = $_POST['rest'];
}
else if(isset($_SESSION['rest_id']))
{
$currentRest = $_SESSION['rest_id'];
}
$select_food_query = "SELECT * FROM item
INNER JOIN restaurant
ON item.rest_id = restaurant.rest_id WHERE restaurant.rest_id = " .$currentRest ." AND is_available = 1";
$result = mysqli_query($mysqli,$select_food_query);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
echo "<h1>". $newArray['rest_name']. " Menu </h1>";
//echo "<h1>$current_mall Menu</h1>";
echo "<table>
<tr>
<th scope = 'col'>Restaurant Name</th>
<th scope = 'col'>Food Name</th>
<th scope = 'col'>Price</th>
</tr>";
$num = 0;
$class = "even";
foreach(mysqli_query($mysqli,$select_food_query) as $myRow)
{
$price = sprintf('%.02f',$myRow['price']);
$button_id = $myRow['item_id'];
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
echo "<tr class='$class'>
<td>" .$myRow['rest_name']. "</td>
<td>" .$myRow['item_name']. "</td>
<td class = 'number'>" .$price. "</td>
<td class = 'ignore'><button class='tb' id = $button_id onclick ='askForQuantity(this.id)'>Add to Cart</button></a></td>
</tr>";
}
echo "</table></div>";
}
}
?>
<?php echo "<div class = 'center'><br><a href = 'view_cart.php'><button>View Cart</button></a>";
echo "<br><br><a href = 'choose_mall.php'><button>Back</button></a></div>";?>
</body>
</html>
\ No newline at end of file
<!DOCTYPE html>
<html>
<head>
<title>Order Form</title>
<script>
function validateForm() {
var a = document.forms["orderForm"]["cinema_num"].value;
var b = document.forms["orderForm"]["seat_num"].value;
if (a == "" || b == "") {
alert("Some fields need to be field!");
return false;
}
}
</script>
<link href="styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<form action = 'place_order.php' onsubmit = "return validateForm()" method = 'post' name = 'orderForm'>
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account WHERE account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div><br>";
}
}
?>
<fieldset class = "creation">
<legend>Your Location</legend>
<label for 'cinema_num'>Cinema</label> <input type = 'text' name = 'cinema_num' placeholder = 'Cinema'> <br><br>
<label for 'seat_num'>Seat Number</label> <input type = 'text' name = 'seat_num' placeholder = 'Seat Number'>
</fieldset>
<br><br>
<div class = 'center'>
<input class = "submit" type = 'submit' value = 'Confirm Order'>
</div>
</form>
<?php
echo "<div class = 'center'><br><a href = 'view_cart.php'><button>Back to View Cart</button></a></div>";
?>
</div>
</body>
</html>
<?php
session_start();
echo "<html>
<head>
<title>Order Sending Result</title>
<link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>
</head><body>";
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
} else
{
#protection
$id = $_SESSION['account_id'];
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where a.account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $account['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $account['first_name']. " to Food Buddy!<br>";
echo "Load: " . $account['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
$mall_id = $_SESSION['mall_id'];
$total_price = $_SESSION['total_price'];
$id = stripslashes($id);
$id = mysqli_real_escape_string($mysqli,$id);
$mall_id = stripslashes($mall_id);
$mall_id = mysqli_real_escape_string($mysqli,$mall_id);
$total_price = stripslashes($total_price);
$total_price = mysqli_real_escape_string($mysqli,$total_price);
$cinema_num = stripslashes($_POST['cinema_num']);
$cinema_num = mysqli_real_escape_string($mysqli,$cinema_num);
$seat_num = stripslashes($_POST['seat_num']);
$seat_num = mysqli_real_escape_string($mysqli,$seat_num);
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
#Inserts the New order into Order
$place_order_sql = "INSERT INTO orders (cinema_num,order_time,mall_id,seat_num,status,account_id,total_price)
VALUES ('".$cinema_num. "', now(), " .$mall_id. ", '" .$seat_num."', 'Waiting', " .$id. ", " .$total_price.")";
$result = mysqli_query($mysqli,$place_order_sql);
$order_from_tracker_sql = "SELECT * FROM tracker WHERE session_id = '".$sessID."'";
$resultTracker = mysqli_query($mysqli,$order_from_tracker_sql);
$get_bal_query = "SELECT load_balance FROM account WHERE account_id = ".$id;
$resultBal = mysqli_query($mysqli,$get_bal_query);
$newArray = mysqli_fetch_array($resultBal, MYSQLI_ASSOC);
$bal = $newArray['load_balance'];
$bal -= $total_price;
#Gets the last row of the table
$place_order_sql = "SELECT order_id FROM orders
ORDER BY order_id DESC
LIMIT 1;";
$last = mysqli_query($mysqli,$place_order_sql);
$curr = mysqli_fetch_array($last, MYSQLI_ASSOC);
$current_order_id = $curr['order_id'];
//$count = mysqli_num_rows($result);
if ($result == TRUE)
{
foreach(mysqli_query($mysqli,$order_from_tracker_sql) as $myRow)
{
$item_id = $myRow['item_id'];
$item_qty = $myRow['item_qty'];
$place_order_in_orderlist_sql = "INSERT INTO orderitems (order_id,item_id,item_qty,total_price) VALUES (".$current_order_id. "," .$item_id.", " .$item_qty.", " .$myRow['total_price'].")";
$resultz = mysqli_query($mysqli,$place_order_in_orderlist_sql);
$load_query = "UPDATE account SET load_balance = '$bal' WHERE account_id = '$id'";
$resulta = mysqli_query($mysqli,$load_query);
#if order was successfully inserted, the tracker counterpart will be deleted!
if($resultz == TRUE)
{
$delete_item_in_tracker_sql = "DELETE FROM tracker WHERE
session_id = '". $sessID. "'";
$delete_item_res = mysqli_query($mysqli, $delete_item_in_tracker_sql) or die(mysqli_error($mysqli));
}
}
echo "<h1>Order has been placed!</h1>";
}
else {
printf("Could not insert record: %s\n", mysqli_error($mysqli));
}
}
echo "</body>";
mysqli_close($mysqli);
"INSERT INTO orders (cinema_num,order_time,mall_id,seat_num,status,account_id,total_price)
VALUES ('5F', now(), 3, 'F5', 'Waiting', 3, 69)";
?>
<html>
<body>
<?php
#this method prevents the refresh problem which I cannot solve huhu
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
$sql_query = "SELECT * FROM account WHERE position = 'Client'";
$message = NULL;
#3 possible data from display_accounts-2: accounts_add, promote and add_load
if(isset($_POST['home'])) {
header("location:homepage.php");
}
else {
if(isset($_POST['cancel'])) {
$message = "cancelled";
header("location:display_accounts-2.php");
}
else if(isset($_POST['accounts_add'])) {
if(isset($_POST['account'])) {
$_SESSION['accounts_add'] = 1;
$_SESSION['loadee'] = $_POST['account'];
}
else $message = "null";
}
else if(isset($_POST['promote'])) {
if(isset($_POST['account'])) {
$promote_entry = $_POST['account'];
$promote_query = "UPDATE account SET position = 'Admin' WHERE account_id = '$promote_entry'";
$db->query($promote_query);
$message = "promoted";
}
else $message = "null";
}
else if(isset($_POST['add_load'])) {
$admin_id = $_SESSION['account_id'];
$id = $_SESSION['loadee'];
$load = $_POST['load_amount'];
$msg = $load. " has been loaded to your account! Enjoy Shopping!";
$get_query = "SELECT load_balance FROM account WHERE account_id = '$id'";
$stmt = $db->query($get_query);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$curr_load = $row['load_balance'];
$load += $curr_load;
$load_query = "UPDATE account SET load_balance = '$load' WHERE account_id = '$id'";
$db->query($load_query);
$message = "loaded";
$message_query = "INSERT INTO message (recipient_id,sender_id,msg_date,msg) VALUES ( ".$id.", " .$admin_id.", now(), '".$msg."')";
$result = mysqli_query($mysqli,$message_query);
if($result === true)
{
}
else
{
echo gg;
}
$_SESSION['loadee'] = NULL;
}
$_SESSION['message'] = $message;
#$_POST = array(); #n00b way of clearing post data just to be sure
header("location:display_accounts-2.php"); #go back to original page
}
?>
</body>
</html>
<?php
session_start();
#possible messages to be sent: add, delete, edit, add_item, edit_item
#set up connection
try {
$db = new PDO('mysql:host=localhost;dbname=dbadmin', 'root', '');
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch( PDOException $e ) {
echo "Connection failed: " . $e->getMessage();
}
$table_query = "SELECT * FROM item";
if(isset($_POST["cancel"])) {
header("location:display_items-2.php");
}
else if(isset($_POST["add"])) {
$_SESSION["message"] = "add";
}
else if(isset($_POST["edit"])) {
foreach ($db->query($table_query) as $myrow) { #for all entries in the item list
$edit_entry_id = $myrow["item_id"]; #assign current entry's item_id to variable
if(isset($_POST[$edit_entry_id]) != NULL) { #check if the entry's checkbox was selected (meaning the entry should be deleted)
$_SESSION["edit_id"] = $edit_entry_id;
break; #get out of loop
}
}
$_SESSION["message"] = "edit";
}
else if(isset($_POST["delete"])) {
foreach ($db->query($table_query) as $myrow) { #for all entries in the item list
$delete_entry = $myrow["item_id"]; #assign current entry's item_id to variable
if(isset($_POST[$delete_entry]) != NULL) { #check if the entry's checkbox was selected/not null(meaning the entry should be deleted)
#execute deletion
$delete_query = "DELETE FROM item WHERE item_id = '$delete_entry'";
$db->query($delete_query);
}
}
$_SESSION["message"] = "delete";
}
else if(isset($_POST["add_item"])) {
$loadee_id = $_SESSION["account_id"];
$select_query = "SELECT * FROM account WHERE account_id = '$loadee_id'";
$stmt = $db->query($select_query);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$rest_id = $row['rest_id'];
$item_name = $_POST['item_name']; #get the menu item name from the textbox named "item_name"
$item_price = $_POST['price'];
$item_type = $_POST['item_type'];
if($_POST['avail'] == 'yes') $is_available = 1;
else $is_available = 0;
#print_r($_POST); #for checking purposes
#execute insertion
#temporarily hard-coded to insert other attributes
$insert_query = "INSERT INTO item(rest_id, item_name, price, type, is_available) VALUES ('$rest_id', '$item_name', '$item_price', '$item_type', '$is_available')";
$db->query($insert_query);
$_SESSION["message"] = "add_item";
}
else if(isset($_POST["edit_item"])) {
$new_item_name = $_POST['new_item_name']; #get the menu item name from the textbox named "new_item_name"
$item_id = $_POST['id']; #get the item id from the hidden input component of the form named "id"
$new_item_price = $_POST['new_price'];
$new_item_type = $_POST['new_item_type'];
if($_POST['change_avail'] == 'yes') $change_is_available = 1;
else $change_is_available = 0;
#print_r($_POST); #for checking purposes
#execute update
$update_query = "UPDATE item SET item_name = '$new_item_name', price = '$new_item_price', type = '$new_item_type', is_available = '$change_is_available' WHERE item_id = '$item_id'";
$db->query($update_query);
$_SESSION["message"] = "edit_item";
}
$_POST = array();
header("location:display_items-2.php");
?>
\ No newline at end of file
Instructions for setting up!
1) Install WAMP, phpmyadmin.
2) Put all of our files in the /wamp/www
3) Open mysql in your command line.
3.a) Input (copy paste) everything from the "improve.sql" into the command line.
3.a.1) "improve.sql" also provides you an Account that is a Developer
4) Input "localhost/login.php" into your browser.
4.a) Login your developer account
4.a.1) Username: developer
4.a.2) Password: password
5) Have fun!
\ No newline at end of file
<?php
session_start();
if (isset($_GET['id']))
{
$mysqli = new mysqli("localhost","root","","dbadmin");
$safe_id = mysqli_real_escape_string($mysqli, $_GET['id']);
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
$delete_item_sql = "DELETE FROM tracker WHERE
tracker_id = ".$safe_id." AND session_id =
'". $sessID. "'";
$delete_item_res = mysqli_query($mysqli, $delete_item_sql) or die(mysqli_error($mysqli));
//close connection to MySQL
mysqli_close($mysqli);
//redirect to showcart page
header("Location: view_cart.php");
exit;
}
else
{
}
?>
/*Query of the creation of the database dbadmin*/
CREATE DATABASE dbadmin;
/*Query of accessing the database dbadmin*/
USE dbadmin;
/*Query of the creation of the tables in dbadmin*/
CREATE TABLE mall (
mall_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
mall_name VARCHAR(32)
);
CREATE TABLE restaurant (
rest_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
mall_id INT NOT NULL,
rest_name VARCHAR(255),
FOREIGN KEY (mall_id) REFERENCES mall(mall_id)
);
CREATE TABLE item (
item_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
rest_id INT NOT NULL,
item_name VARCHAR(255),
price DECIMAL,
type VARCHAR(15),
is_available BOOLEAN DEFAULT 1,
FOREIGN KEY (rest_id) REFERENCES restaurant(rest_id),
CHECK(type IN ('Snacks', 'Drinks'))
);
CREATE TABLE account (
account_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
first_name VARCHAR(15),
middle_name VARCHAR(15),
last_name VARCHAR(15),
username VARCHAR(15) UNIQUE,
password VARCHAR(15),
position VARCHAR(10),
load_balance DECIMAL,
mall_id INT,
rest_id INT,
CHECK(position IN ('Dev', 'Admin', 'Boy', 'Client')),
FOREIGN KEY (mall_id) REFERENCES mall(mall_id),
FOREIGN KEY (rest_id) REFERENCES restaurant(rest_id)
);
CREATE TABLE orders (
order_id INT NOT NULL AUTO_INCREMENT UNIQUE PRIMARY KEY,
order_time TIME(6),
mall_id INT,
cinema_num VARCHAR(2),
seat_num VARCHAR(3),
status VARCHAR(10),
account_id INT,
boy_id INT,
total_price DECIMAL,
CHECK(status IN ('Pending', 'Assembling', 'Delivered')),
FOREIGN KEY (mall_id) REFERENCES mall(mall_id),
FOREIGN KEY (account_id) REFERENCES account(account_id),
FOREIGN KEY (boy_id) REFERENCES account(account_id)
);
CREATE TABLE orderitems (
orderitem_id INT NOT NULL AUTO_INCREMENT,
order_id INT NOT NULL,
item_id INT NOT NULL,
item_qty INT NOT NULL, /*new*/
total_price INT NOT NULL, /*new*/
PRIMARY KEY (orderitem_id ,order_id, item_id),
FOREIGN KEY (order_id) REFERENCES orders(order_id),
FOREIGN KEY (item_id) REFERENCES item(item_id)
);
CREATE TABLE tracker(
tracker_id INT NOT NULL AUTO_INCREMENT,
session_id VARCHAR(32),
item_id INT NOT NULL,
item_qty INT NOT NULL, /*new*/
total_price INT NOT NULL, /*new*/
PRIMARY KEY (tracker_id),
FOREIGN KEY (item_id) REFERENCES item(item_id)
);
CREATE TABLE message(
message_id INT NOT NULL AUTO_INCREMENT,
recipient_id INT NOT NULL,
/*recipient account id of the message*/
sender_id INT NOT NULL,
/*sender account id of the message*/
msg_date DATETIME,
msg TEXT(250),
PRIMARY KEY(message_id,recipient_id,sender_id),
FOREIGN KEY (recipient_id) REFERENCES account(account_id),
FOREIGN KEY (sender_id) REFERENCES account(account_id)
);
/*Query of the creation of the developer account*/
INSERT INTO account (username,password,position) VALUES ("developer","password","Dev");
\ No newline at end of file
h1, legend, table
{
text-align: center;
font-family: tahoma;
color: white;
}
p, fieldset, label
{
font-family: tahoma;
color: white;
}
body, td.ignore
{
font-family: tahoma;
background-color: rgba(3, 10, 71, 1);
}
ul.buttons
{
margin: 10px auto 10px auto;
padding: 3px;
}
li
{
display: inline;
margin: 2px;
}
input.text
{
color: #5A5854;
background-color: #FAFAFA;
border: 1px solid #BDBDBD;
border-radius: 5px;
padding: 3px;
}
input.sub_submit
{
color: #7D7D7D;
background-color: #FFFFFF;
border: 1px solid #7D7D7D;
border-radius: 5px;
padding: 5px;
float: left;
margin: 3% 0% 0% 1.6%;
}
input.submit, button
{
text-transform: uppercase;
color: #5a5854;
background-color: #FFFFFF;
border: none;
border-radius: 10px;
width: 15%;
}
input.submit:hover, input.sub_submit:hover, button:hover
{
color: #FAFAFA !important;
background-color: #343434 !important;
}
button.even, button.odd
{
width: 60% !important;
}
table.list
{
width: 60%;
min-width: 50%;
max-width: 80%;
margin: 0px auto;
float: left;
}
th, td
{
padding: 0.5% 0.5% 0.5% 0.5%;
}
th
{
text-transform: uppercase;
letter-spacing: 0.1em;
font-size: 90%;
text-align: center;
width: 150px;
height: 50px;
}
tr.even, th.even, td.even
{
color: #111111;
background-color: #EFEFEF;
}
tr.odd, th.odd, td.odd
{
color: #111111;
background-color: rgba(41, 171, 203, 1);
}
tr:hover
{
color: #ECECEC;
background-color: #7B7B7B;
}
p.notif
{
width: 34%;
margin-right: 2.5%;
margin-top: 0.5%;
float: right;
padding: 0.4% 0.5% 0.7% 0.5%;
}
fieldset
{
width: 35%;
padding: 0.5% 0.5% 0.5% 0.5%;
border-radius: 10px;
}
td.number
{
text-align: right;
}
select
{
background-color: #FAFAFA;
color: #5A5854;
border-radius: 10px;
overflow: scroll;
}
label.in
{
margin: 0.8% 0.5% 0.8% 0.1%;
padding: 0.3% 0% 0.3% 2%;
float: left;
width: 45%;
}
select, input.text, div.rad
{
margin: 0.8% 0.5% 0.8% 0.1% !important;
padding: 1% !important;
}
table, fieldset.creation, fieldset.long
{
margin: 0px auto;
}
button.tb
{
width: 100%;
height: 100%;
}
fieldset.long
{
width: 40%;
}
li.home
{
padding: 20px;
color: white;
font-weight: bold;
}
a:link
{
color: white;
text-decoration: none;
}
div.navi
{
margin: 70px -10px auto -10px;
padding: 0 0.5% 0.5% 0.5%;
position: fixed;
background-color: rgba(102, 102, 255, 1);
width: 99.3%;
height: 40px;
text-align: center;
}
div.bar
{
padding: 0 0.5% 0.5% 0.5%;
margin: -10px -10px auto -10px;
position: fixed;
background-color: rgba(102, 102 , 255, 1);
width: 99.3%;
height: 78px;
}
div.empty
{
background-color: rgba(3, 10, 71, 1);
height: 118px;
}
p.logout
{
text-align: right;
float:right;
}
table
{
text-align: left;
}
div.center
{
text-align: center;
}
select.mall_list
{
margin: 0px auto;
}
h2
{
text-align: center;
font-family: tahoma;
color: white;
font-size: 50px;
}
fieldset.notice
{
float: right;
}
table.special
{
margin: 0px auto;
}
table.special
{
margin: 0px auto;
}
table.account
{
width: 20%;
}
div.promo
{
text-align: center;
margin: 0px auto;
width: 500px;
}
p.rights
{
text-align: center;
color: black;
bottom: 5px;
}
h2
{
font-family: "Brush Script MT";
}
img.logo
{
width: 70px;
height: 70px;
margin-top: 10px;
margin-left: 48%;
margin-right: 50%;
display: block;
}
img.login
{
margin-left: 40%;
margin-right: 50%;
}
p.details
{
float: left;
text-align: left;
}
p.rights
{
color: grey;
font-size: 13px;
}
\ No newline at end of file
<?php
session_start();
$mysqli = new mysqli("localhost","root","","dbadmin");
echo "<html><head><title>Your FooBu Account</title>";
echo "</head><link href = 'styles.css' type = 'text/css' rel = 'stylesheet'/>";
echo "<body>";
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
if($position != 'Client')
{
echo "Position: " . $newArray['position']. "<br>";
if($position != 'Dev')
{
if($position != 'Boy') echo "Mall: " . $newArray['mall_name'] . ", Restaurant: " . $newArray['rest_name']. "<br>";
else echo "Mall: " . $newArray['mall_name'];
}
}
if($position == 'Client') echo "Load: " . $newArray['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
if($position == 'Dev')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_malls.php'>Malls</a></li>
<li class = 'home'><a href = 'display_rest.php'>Restaurants</a></li>
<li class = 'home'><a href = 'display_accounts.php'>Promote/Demote Account</a></li>";
}else if($position == 'Admin')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_items.php'>Food Items</a></li>
<li class = 'home'><a href = 'display_accounts-2.php'>Load Accounts</a></li>";
}else if($position == 'Boy')
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'display_order.php'>All Orders</a></li>
<li class = 'home'><a href = 'display_orders_to_be_prepared.php'>Orders to Prepare</a></li>";
}
else
{
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>";
}
echo "<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div><br>";
$id = $newArray['account_id'];
$fname = $newArray['first_name'];
$mname = $newArray['middle_name'];
$lname = $newArray['last_name'];
$username = $newArray['username'];
$load_balance = $newArray['load_balance'];
#
echo "<table class = 'account'>
<tr class = 'odd'>
<th scope = 'row'>Account ID:<td class = 'number'>" .$id. "</td></tr>";
echo "<tr class = 'even'>
<th scope = 'row'>First Name:<td>" .$fname. "</td></tr>";
echo "<tr class = 'odd'>
<th scope = 'row'>Middle Name:<td>" .$mname. "</td></tr>";
echo "<tr class = 'even'>
<th scope = 'row'>Last Name:<td>" .$lname. "</td></tr>";
echo "<tr class = 'odd'>
<th scope = 'row'>Position:<td>" .$position. "</td></tr>";
echo "<tr class = 'even'>
<th scope = 'row'>Mall Name:<td>" . $newArray['mall_name']. "</td></tr>";
echo "<tr class = 'odd'>
<th scope = 'row'>Restaurant Name:<td>" . $newArray['rest_name']. "</td></tr>";
echo "<tr class = 'even'>
<th scope = 'row'>Load Balance (in Pesos):<td class = 'number'>" .$load_balance. "</td></tr>
</table>";
echo "<div class = 'center'>";
echo "<br><a href = 'edit_account.php' ><button>Edit</button></a></br>";
echo "</div>";
}
else
{
echo "<br>Wrong Username or Password!";
}
}
?>
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Curent FooBu Cart</title>
<link href = "styles.css" type = "text/css" rel = "stylesheet"/>
<script type="text/javascript">
function checkLoad() {
var currentLoad = parseInt(<?php
$id = $_SESSION['account_id'];
$mysqli = new mysqli("localhost","root","","dbadmin");
$sql = "SELECT * FROM account
where account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$load = $account['load_balance'];
echo json_encode($load); ?>);
var totalPrice = parseInt(<?php
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
$mysqli = new mysqli("localhost","root","","dbadmin");
$sum_query = "SELECT SUM(total_price) AS totalSum FROM item
INNER JOIN tracker
ON item.item_id = tracker.item_id WHERE session_id = '" .$sessID."'";
$sum_result = mysqli_query($mysqli,$sum_query);
$sumArray = mysqli_fetch_array($sum_result, MYSQLI_ASSOC);
$sum = $sumArray['totalSum'];
echo json_encode($sum); ?>);
if(currentLoad >= totalPrice)
{
window.location = "order_form.php";
}
else
{
alert("Insufficient Load.\nLoad more into balance or Remove items from cart!"); // fail
delete window.alert; // true
}
}
</script>
</head>
<body>
<?php
$mysqli = new mysqli("localhost","root","","dbadmin");
if(mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
else
{
$id = $_SESSION['account_id'];
#protection
$sql = "SELECT * FROM account a
LEFT JOIN mall b ON a.mall_id = b.mall_id
LEFT JOIN restaurant c ON a.rest_id = c.rest_id
where account_id = " .$id;
$result = mysqli_query($mysqli,$sql);
$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($result, MYSQLI_ASSOC);
$position = $newArray['position'];
echo "<div class = 'bar'>";
#Account details
echo "<p class = 'logout'><a href = 'logout.php'>Log Out</a></p>";
echo "<p class = 'details'>Welcome " . $newArray['first_name']. " to Food Buddy!<br>";
echo "Load: " . $newArray['load_balance'] ."<br/>";
echo "</p><a href = 'homepage.php'><img class = 'logo' src='logo.jpg' title='Home Page' align = 'middle'/></a></div>";
echo "<div class = 'navi'>";
#Menu Items
echo "<ul class = 'buttons'>
<li class = 'home'><a href = 'view_account.php'>View Account Information</a></li>
<li class = 'home'><a href = 'edit_password.php'>Edit Password</a></li>
<li class = 'home'><a href = 'choose_mall.php'>Order Food</a></li>
<li class = 'home'><a href = 'view_message.php'>Messages</a></li>";
echo "</div><div class = 'empty'></div>";
$sessID = stripslashes($_COOKIE['PHPSESSID']);
$sessID = mysqli_real_escape_string($mysqli,$sessID);
$id = $_SESSION['account_id'];
#protection
$select_item_query = "SELECT * FROM item a
INNER JOIN tracker b ON a.item_id = b.item_id
INNER JOIN restaurant c ON a.rest_id = c.rest_id
WHERE session_id = '" .$sessID."'";
$resultz = mysqli_query($mysqli,$select_item_query);
#protection
$sql = "SELECT * FROM account
where account_id = ". $id;
$result = mysqli_query($mysqli,$sql);
$account = mysqli_fetch_array($result, MYSQLI_ASSOC);
$load = $account['load_balance'];
//$count = mysqli_num_rows($result);
if($result)
{
$newArray = mysqli_fetch_array($resultz, MYSQLI_ASSOC);
$id = $newArray['session_id'];
$item_name = $newArray['item_name'];
echo "<h1>Your Cart</h1>";
echo "<table>
<tr>
<th scope = 'col'>Restaurant Name</th>
<th scope = 'col'>Food Name</th>
<th scope = 'col'>Price</th>
<th scope = 'col'>Quantity</th>
<th scope = 'col'>Total Price</th>
</tr>";
$num = 0;
$class = "even";
foreach(mysqli_query($mysqli,$select_item_query) as $myRow)
{
if($num%2 == 0) $class = "even";
else $class = "odd";
$num++;
$button_id = $myRow['tracker_id'];
//$total_price_query = "SELECT price*item_qty AS totalPrice
//FROM item INNER JOIN tracker
//ON item.item_id = tracker.item_id WHERE session_id = '" .$sessID."' AND tracker_id = " .$button_id;
//$total_price_result = mysqli_query($mysqli,$total_price_query);
//$tpArray = mysqli_fetch_array($total_price_result, MYSQLI_ASSOC);
//$tp = $tpArray['totalPrice'];
//$price = sprintf('%.02f',$myRow['price']);
//$button_id = $myRow['item_id'];
echo "<tr class='$class'>
<td>" .$myRow['rest_name']. "</td>
<td>" .$myRow['item_name']. "</td>
<td class = 'number'>" .$myRow['price']. "</td>
<td class = 'number'>" .$myRow['item_qty']. "</td>
<td class = 'number'>" .$myRow['total_price']. "</td>
<td class = 'ignore'><a href = 'remove_from_cart.php?id=$button_id'><button class='tb'>Remove from Cart</button></td>
</tr>";
}
if($num%2 == 0) $class = "even";
else $class = "odd";
#total price
$sum_query = "SELECT SUM(total_price) AS totalSum FROM item
INNER JOIN tracker
ON item.item_id = tracker.item_id WHERE session_id = '" .$sessID."'";
$sum_result = mysqli_query($mysqli,$sum_query);
$sumArray = mysqli_fetch_array($sum_result, MYSQLI_ASSOC);
$sum = $sumArray['totalSum'];
$_SESSION['total_price'] = $sum;
echo "<tr><td><t/d><td></td><td></td><th scope = 'row'>Total Bill<td class = 'number'>$sum</td></tr>";
echo "</table>";
//echo "<br><a href = 'order_form.php'><button>Submit</button></a><br>";
echo "<div class = 'center'>";
echo "<br><button onclick = 'checkLoad()'>Submit</button><br>";
echo "<br><a href = 'menu.php'><button>Back</button></a>";
echo "</div>";
}
}
mysqli_close($mysqli);
}
?>
</body>
</html>
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment