Web Exam help

From ICO wiki
Jump to navigationJump to search

IMAGE GALLERY

INDEX.php

<?php
require_once "config.php";
include "header.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
    $conn->connect_error);
$conn->query("set names utf8"); 

?>

<h1 style="color:Purple ;font-family:Indie Flower; float:Center"><em><center>Sheela's Image#Gallery</center></em></h1>
<p>
<?php 

if ($_SERVER['REQUEST_METHOD'] == "POST") {
  $statement = $conn->prepare(
      "select * from Sheela_gallery_user where email = ? and " .
      "password_hash = SHA1(CONCAT(password_salt, ?))");
  if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
  $statement->bind_param("ss", $_POST["email"], $_POST["password"]);
  $statement->execute();
  $results = $statement->get_result();
  $row = $results->fetch_assoc();
  if (!$row)
	  echo "Login failed!";
  $_SESSION["user"] = $row;
}

// Here we check if the user is logged in
if ($user = @$_SESSION["user"]) { // Extra lazy hack, use $user instead of $_SESSION["user"] from now on
  ?>
  <h1>Hello <?=$user["display_name"];?></h1>
  <p>
  Add albums <a href="addalbum.php">here</a>.
  Upload images <a href="upload.php">here</a>.
  </p>
  My albums:
  <?php
  // Here we list user's albums
  $statement = $conn->prepare("select * from Sheela_gallery_album where owner_id = ?");
  $statement->bind_param("i", $user["id"]);
  $statement->execute();
  ?><ul><?php
      foreach ($statement->get_result() as $row) {
        ?><li><a href="album.php?id=<?=$row['id']?>"><?=$row['name'];?></a>
		<a href="deletealbum.php?id=<?=$row['id']?>">[Delete]</a>
</li><?php
      }
  ?></ul>
  
 My recent uploads: 
  
  <?php

  // To show images of the user
$statement = $conn->prepare(
    "select Sheela_gallery_image.id, Sheela_gallery_image.hash, Sheela_gallery_image.created " .
	"from Sheela_gallery_image " .
	"join Sheela_gallery_album " .
	"on Sheela_gallery_album.id = Sheela_gallery_image.album_id " .
	"where Sheela_gallery_album.owner_id = ? " .
	"order by Sheela_gallery_image.created desc " .
	"limit 2");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);

  
$statement->bind_param("i", $user["id"]);
$statement->execute();
  ?><ul class="thumbnails"><?php
      foreach ($statement->get_result() as $row) {
        ?><li>
            <img src="thumbnails/<?=$row['hash']?>" title="<?=$row['name'];?>"/>
            uploaded <?=$row['created'] ?> <?=$row["id"]?>
            <?php
            $statement = $conn->prepare(
                "SELECT Sheela_gallery_user.display_name " .
                "FROM Sheela_gallery_likes " .
                "JOIN Sheela_gallery_user ON Sheela_gallery_likes.user_id = Sheela_gallery_user.id " .
                "WHERE Sheela_gallery_likes.image_id = ?");
            $statement->bind_param("i", $row["id"]);
            $statement->execute();
            $first = true; // First user shall not have comma prefixed
            foreach ($statement->get_result() as $like) {
              if (!$first) {
                 echo ", ";
              }
              echo $like["display_name"];
              $first = false; // All other users have their nicknames comma prefixed
            }
            ?>
            like this

          </li><?php

      }
  ?></ul><?php

} else {
?>
  <form method="post">
    <input type="mail" name="email"/>
    <input type="password" name="password"/>
    <input type="submit" value="Log in!"/>
  </form>
<?php
}
?>

<a href ="registration.php">Sign up</a> 
<p>
<a href="upload.php">Upload Page </a>



<?php include "footer.php" ?>

LAURI-INDEX.PHP

<?php
include "header.php";
require_once "config.php";

$SQL_IMAGES = "
     select
        lauri_gallery_image.id,
        lauri_gallery_image.hash,
        lauri_gallery_image.created
     from
        lauri_gallery_image
     join
        lauri_gallery_album
     on
        lauri_gallery_album.id = lauri_gallery_image.album_id
     where
        lauri_gallery_album.owner_id = ?
     order by
        lauri_gallery_image.created desc
     limit 2";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

// Here we check if user is attempting to log in
if ($_SERVER['REQUEST_METHOD'] == "POST") {
  $statement = $conn->prepare(
      "select * from lauri_gallery_user where email = ? and " .
      "password_hash = SHA1(CONCAT(password_salt, ?))");
  $statement->bind_param("ss", $_POST["email"], $_POST["password"]);
  $statement->execute();
  $results = $statement->get_result();
  $row = $results->fetch_assoc();
  if (!$row)
	  echo "Login failed!";
  $_SESSION["user"] = $row; // Set user as logged in
}

// Here we check if the user is logged in
if ($user = @$_SESSION["user"]) { // Extra lazy hack, use $user instead of $_SESSION["user"] from now on
  ?>
  <h1>Hello <?=$user["display_name"];?></h1>
  <p>
  Add albums <a href="addalbum.php">here</a>.
  Upload images <a href="upload.php">here</a>.
  </p>
  My albums:
  <?php
  // Here we list user's albums
  $statement = $conn->prepare("select * from lauri_gallery_album where owner_id = ?");
  $statement->bind_param("i", $user["id"]);
  $statement->execute();
  ?><ul><?php
      foreach ($statement->get_result() as $row) {
        ?><li><a href="album.php?id=<?=$row['id']?>"><?=$row['name'];?></a>
		<a href="deletealbum.php?id=<?=$row['id']?>">[Delete]</a>
		</li><?php
      }
  ?></ul>
  
  My uploads: 
  
  <?php

  // To show images of the user
  $statement = $conn->prepare($SQL_IMAGES);
  if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
  $statement->bind_param("i", $user["id"]);
  $statement->execute();
  ?><ul class="thumbnails"><?php
      foreach ($statement->get_result() as $row) {
        ?><li>
            <img src="thumbnails/<?=$row['hash']?>" title="<?=$row['name'];?>"/>
            uploaded <?=$row['created'] ?>
            <div id="likes_<?=$row["id"]?>">
            <?php
            require_once "common.php";
            show_likes($row["id"]); // show_likes function is defined in common.php
            ?>
            like this
            </div>

          </li><?php
      }
  ?></ul><?php

} else {
?>
  <form method="post">
    <input type="mail" name="email"/>
    <input type="password" name="password"/>
    <input type="submit" value="Log in!"/>
  </form>
<?php
}
?>

ADDALBUM.PHP

<?php
include "header.php";
require_once "config.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);

if ($_SERVER['REQUEST_METHOD'] == "POST") {
  $statement = $conn->prepare(
      "insert into Sheela_gallery_album(name, owner_id) values(?,?)");
  $statement->bind_param("si", $_POST["album_name"], $_SESSION["user"]["id"]);
  $statement->execute();
}

?>

<form method="post">
   <p>Here you can create a new album, it's basically a group of images that are to be uploaded</p>
   <label>Enter album name</label>
   <input type="text" name="album_name"/>
   <input type="submit"/>
</form>

LAURI-ADDALBUM.PHP

<?php
include "header.php";
require_once "config.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);

if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $statement = $conn->prepare(
        "insert into lauri_gallery_album(name, owner_id) values(?,?)");
    if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error); // check all the errors!
    $statement->bind_param("si", $_POST["album_name"], $_SESSION["user"]["id"]);
    if (!$statement->execute()) die("Execute failed (" . $conn->errno . ") " . $conn->error);	// check all the errors!
    header("Location: album.php?id=" . mysqli_insert_id($conn)); // This will redirect to newly created album page
}
?>

<form method="post">
   <p>Here you can create a new album, it's basically a group of images that are to be uploaded</p>
   <label>Enter album name</label>
   <input type="text" name="album_name"/>
   <input type="submit"/>
</form>

ALBUM.PHP

<?php
include "header.php";
require_once "config.php";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);
?>

Back to landing page <a href="index.php">here</a>.
Upload images <a href="upload.php">here</a>

Images of album:

ss<?php

// To show images of the album
$statement = $conn->prepare(
"select Sheela_gallery_image.hash, Sheela_gallery_image.created " .
"from Sheela_gallery_image " .
"where Sheela_gallery_image.album_id = ? " .
"order by Sheela_gallery_image.created desc");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("i", $_GET["id"]);
$statement->execute();
?><ul><?php
  foreach ($statement->get_result() as $row) {
	?><li><img src="thumbnails/<?=$row['hash']?>"
  title="<?=$row['name'];?>"/> uploaded <?=$row['created']?></li><?php
  }
?></ul>

LAURI-ALBUM.PHP

<?php
include "header.php";
require_once "config.php";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);
?>

Back to landing page <a href="index.php">here</a>.
Upload images <a href="upload.php">here</a>

Images of album:
 
<?php

// To show images of the album
$statement = $conn->prepare(
"select lauri_gallery_image.hash, lauri_gallery_image.created " .
"from lauri_gallery_image " .
"where lauri_gallery_image.album_id = ? " .
"order by lauri_gallery_image.created desc");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("i", $_GET["id"]);
$statement->execute();
?><ul><?php
  foreach ($statement->get_result() as $row) {
	?><li><img src="thumbnails/<?=$row['hash']?>"
  title="<?=$row['name'];?>"/> uploaded <?=$row['created']?></li><?php
  }
?></ul>

COMMOM.PHP

<?php

function show_likes($image_id) {
  $conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
  if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

  $statement = $conn->prepare("
     select id
     from Sheela_gallery_like
     where image_id = ? and user_id = ?");
  $statement->bind_param("ii", $image_id, $_SESSION["user"]["id"]);
  $statement->execute();

  $result = $statement->get_result(); // Consume the results of the executed query
  
  // Here we will check if user already likes this image
  if ( $result->fetch_array() ) {
    // we got a row -> user already likes this image
    echo '<button onClick="unlike(' . $image_id . ');">Unlike!</button>';
  } else {
    // or if no rows -> user hasn't liked it yet
    echo '<button onClick="like(' . $image_id . ');">Like!</button>';
  }

  $statement = $conn->prepare(
    "SELECT Sheela_gallery_user.display_name " .
    "FROM Sheela_gallery_like " .
    "JOIN Sheela_gallery_user ON Sheela_gallery_like.user_id = Sheela_gallery_user.id " .
    "WHERE Sheela_gallery_like.image_id = ?");
  if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);

  $statement->bind_param("i", $image_id);
  $statement->execute();


  $first = true; // First user shall not have comma prefixed
  foreach ($statement->get_result() as $like) {
    if (!$first) {
     echo ", ";
    }
    echo $like["display_name"];
    $first = false; // All other users have their nicknames comma prefixed
  }
};

?>

LAURI-COMMON.PHP

<?php

function show_likes($image_id) {
  $conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
  if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

  $statement = $conn->prepare("
     select id
     from lauri_gallery_like
     where image_id = ? and user_id = ?");
  $statement->bind_param("ii", $image_id, $_SESSION["user"]["id"]);
  $statement->execute();

  $result = $statement->get_result(); // Consume the results of the executed query
  
  // Here we will check if user already likes this image
  if ( $result->fetch_array() ) {
    // we got a row -> user already likes this image
    echo '<button onClick="unlike(' . $image_id . ');">Unlike!</button>';
  } else {
    // or if no rows -> user hasn't liked it yet
    echo '<button onClick="like(' . $image_id . ');">Like!</button>';
  }

  $statement = $conn->prepare(
    "SELECT lauri_gallery_user.display_name " .
    "FROM lauri_gallery_like " .
    "JOIN lauri_gallery_user ON lauri_gallery_like.user_id = lauri_gallery_user.id " .
    "WHERE lauri_gallery_like.image_id = ?");
  if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);

  $statement->bind_param("i", $image_id);
  $statement->execute();


  $first = true; // First user shall not have comma prefixed
  foreach ($statement->get_result() as $like) {
    if (!$first) {
     echo ", ";
    }
    echo $like["display_name"];
    $first = false; // All other users have their nicknames comma prefixed
  }
};

?>

CONFIG.PHP

<?php
// This is site specific configuration! Do not commit this to Git!
define("DB_SERVER", "localhost");
define("DB_USER",   "test");
define("DB_PASS",   "t3st3r123");
define("DB_NAME",   "test");
define("DB_PREFIX", "Sheela_");
?>

DELETEALBUM.PHP

<?php
include "header.php";
require_once "config.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);


$statement = $conn->prepare(
	"delete from Sheela_gallery_album where id = ?");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error); // check all the errors!
$statement->bind_param("i", $_GET["id"]);
if (!$statement->execute()) die("Execute failed (" . $conn->errno . ") " . $conn->error);	// check all the errors!
header("Location: index.php");

FOOTER.PHP

</div>
    <footer>
      <ul>
        <li>Phone: +372 1234 4567</li>
        <li><a href="http://facebook.com">Visit us on Facebook!</a></li>
      </ul>
    </footer>
  </body>
</html>

HEADER.PHP

<?php
session_set_cookie_params(0, '/~ssumathi', 'enos.itcollege.ee', 0, 1);
session_start();

?>


<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <meta name="description" content="Introduction to this Image_Gallery">
    <title>This goes into the titlebar</title>
    <link type="text/css" rel="stylesheet" href="css/style.css"/>
    <script type="text/javascript"src="js/main.js"></script>
  </head>
  <body>
  <div id ="content">

LIKE.PHP

<?php

// like.php?image_id=123 will attempt to add like to an image for currenty logged in user
session_start();
require_once "config.php";
require_once "common.php";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

$statement = $conn->prepare("
    insert into Sheela_gallery_like (image_id, user_id)
    values (?, ?)");
$statement->bind_param("ii", $_GET["image_id"], $_SESSION["user"]["id"]);
$statement->execute();

show_likes($_GET["image_id"]); // This will simply return a fragment of HTML
?>

LOGOUT.PHP

<?php
session_start();
session_destroy();
unset($_SESSION["user"]);
header('Location: index.php'); // This will redirect back to index

REGISTRATION.PHP

<?php
require_once "config.php";
include "header.php";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
    $statement = $conn->prepare(
        "INSERT INTO `Sheela_gallery_user` (`email`, `password_salt`, `password_hash`, `display_name`) " .
        "VALUES (?, ?, ?, ?)");
    if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
    $salt = substr(str_shuffle(
        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 20);
    $statement->bind_param("ssss",
        $_POST["email"],
        $salt,
        sha1($salt . $_POST["password"]),
        $_POST["display_name"]);
    if ($statement->execute()) {
        header("Location: index.php");
    } else {
        if ($statement->errno == 1062) {
            echo "This e-mail is already registered";
       } else {
            die("Execute failed: (" . $statement->errno . ") " . $statement->error);
       }
    }
}
?>
<form method="post"><!-- This form is submitted to the same reg.php file with POST method -->
  <ul>
    <li>e-mail: <input type="mail" name="email" value="<?=@$_POST['email'];?>" required/></li>
    <li>password: <input type="password" name="password" pattern="[a-zA-Z0-9]{8,16}" title="Password has to be at least 8 characters" required/></li>
    <li>nickname: <input type="text" name="display_name" placeholder="cute honeybunny" pattern="[a-z]{3,10}" required/></li>
  </ul>
  <input type="submit"/>
</form>

UPLOAD.PHP

<?php
include "header.php";
require_once "config.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);

if (array_key_exists("uploaded_image", $_FILES)) {
    if ($_FILES["uploaded_image"]["error"] == 1) die("Too big image!"); // File size check
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $mimetype = finfo_file($finfo, $_FILES["uploaded_image"]["tmp_name"]);
    if (strpos($mimetype, "image/") != 0) // This is basically mimetype.startswith("image/")
        die("Go away! Only images allowed!");
    $checksum = sha1(file_get_contents(
        $_FILES["uploaded_image"]["tmp_name"])) . "." .
        pathinfo($_FILES["uploaded_image"]["name"], PATHINFO_EXTENSION);

    // Keep the original image in uploads/ folder
    if (!file_exists("uploads/" . $checksum)) {
        copy(
          $_FILES["uploaded_image"]["tmp_name"],
          "uploads/" . $checksum);
    }
	
	// Generate thumbnail, this assumes you have created thumbnails/ folder and set permissions to 777
	if (!file_exists("thumbnails/" . $checksum)) {
		$im = new Imagick("uploads/" . $checksum);
		$im->thumbnailImage(128, 0); // Width of 128px and automatically determine height based on aspect ratio
		$im->writeImage("thumbnails/" . $checksum);
	}
	
	// Generate smaller version of the image
	if (!file_exists("small/" . $checksum)) {
		$im = new Imagick("uploads/" . $checksum);
		$im->thumbnailImage(960, 0); // Width of 960px and automatically determined height
		$im->writeImage("small/" . $checksum);
	}
	
    // TODO: Check that specified album is owned by the currently logged in user (SQL select query!)
    // something like this, if you find a matching row the upload permission is granted:
    // select * from Sheela_gallery_album where owner_id = $_SESSION["user]["id"] and id = $_POST['album_id']

    // These four lines are the new stuff!
    $statement = $conn->prepare("insert into `Sheela_gallery_image` (`album_id`, `name`, `hash`) values (?,?,?)");
    $statement->bind_param("iss", $_POST["album_id"], $_FILES["uploaded_image"]["name"], $checksum);
    $statement->execute();

    ?>
    <p>Mimetype was: <?= $mimetype; ?></p>
    <p>Original was: <a href="uploads/<?=$checksum;?>"><?=$checksum;?></a>
	<p>960px was: <a href="small/<?=$checksum;?>"><?=$checksum;?></a>

	<p>Thumbnail was: <a href="thumbnails/<?=$checksum;?>"><?=$checksum;?></a>

    <p>Filename was: <?=$_FILES["uploaded_image"]["name"];?></p>
    <p>File stored at: <?=$_FILES["uploaded_image"]["tmp_name"];?></p>
<?php
}
?>

<form method="post" enctype="multipart/form-data">
	<select name="album_id">
    <?php
    $statement = $conn->prepare("select id, name from Sheela_gallery_album where owner_id = ?");
	$statement->bind_param("i", $_SESSION["user"]["id"]);
	$statement->execute();
	foreach ($statement->get_result() as $row) {
		?>
			<option value="<?=$row['id']?>"><?=$row['name']?></option>
		<?php
		}
	?>
    </select>
  Select file for upload: <input id="file" type="file" name="uploaded_image" accept="image/*">
  <input type="submit"/>
</form>

UNLIKE.PHP

<?php

// unlike.php?image_id=123 will attempt to remove a like
session_start();
require_once "config.php";
require_once "common.php";

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) die("Connection to database failed:" . $conn->connect_error);

$statement = $conn->prepare("
    delete from lauri_gallery_like
    where image_id = ? and user_id = ?
    limit 1");
$statement->bind_param("ii", $_GET["image_id"], $_SESSION["user"]["id"]);
$statement->execute();
show_likes( $_GET["image_id"]);

?>

LAURI-MAIN.JS

function like(image_id) {
  var request = new XMLHttpRequest();
  request.open('GET', 'like.php?image_id=' + image_id, true);
 
  // This is an example of callback
  request.onload = function() {
    // This function runs once response has been received
    if (request.status >= 200 && request.status < 400) {
      document.querySelector("#likes_" + image_id).innerHTML =
        request.responseText;
    }
  };
 
  // This will only start the request
  request.send();
}


function unlike(image_id) {
  var request = new XMLHttpRequest();
  request.open('GET', 'unlike.php?image_id=' + image_id, true);

  // This is an example of callback
  request.onload = function() {
    // This function runs once response has been received
    if (request.status >= 200 && request.status < 400) {
      document.querySelector("#likes_" + image_id).innerHTML =
        request.responseText;
    }
  };

  // This will only start the request
  request.send();
}

CSS-STYLE.CSS

ul.thumbnails {
	list-style: none;
}

ul#thumbnails li {
	float: left;
	display: block;
	width: 160px;

WEB-SHOP

INDEX.PHP

<?php
require_once "config.php";
include "header.php"; // This includes <html><head></head><body>
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
    $conn->connect_error);
$conn->query("set names utf8"); // Support umlaut characters

if (!array_key_exists("timestamp", $_SESSION)) {
  $_SESSION["timestamp"] = date('l jS \of F Y h:i:s A');
}

?>

<h1>Honest Lauri's webshop</h1>

<p>
    <button id="update_cart">Update shopping cart now!</button>

<!-- We could actually move login and registration buttons to
     separate nav.php file and include it here -->

<?php

if (array_key_exists("user", $_SESSION) and $_SESSION["user"]) {
    // In case we put user id in the $_SESSION["user"] we need
    // to perform another SQL query to get the full name of the user:
    $results = $conn->query(
        "SELECT * FROM lauri_users WHERE id = " . $_SESSION["user"]);
    if (!$results) die("Query failed: (" . $conn->errno . ") " . $conn->error);
    $row = $results->fetch_assoc();
    echo "Hello " . $row["salutation"] . " ";
    echo $row["first_name"] . " ";
    echo $row["last_name"];

    // Oh how I'd like to do just:
    // print "Hello %(salutation)s %(first_name)s %(last_name)s" % $row

    ?> <a href="orders.php">My Orders</a> <a href="logout.php">Log out</a>
    <?php
} else {
   // Otherwise offer login fields and button
   ?>
   <form action="login.php" method="post">
     <input id="user" type="text" class="textboxes" name="user"/>
     <input type="password" class="textboxes topsecret" name="password"/>
     <input type="submit" value="Log in!"/>
   </form><?php
} ?>

<button id="remove_button" data-product_id="1">Remove item</button>

<div id="shopping_cart">
This is initially empty
</div>

<a href="registration.php">Sign up!</a>. <a href="cart.php">Go to shopping cart</a>.</p>

<p class="topsecret">NSA is monitoring you since <?=$_SESSION["timestamp"];?></p>
<p>If you want any of these just call me ;)</p>
<ul>
<?php
$results = $conn->query(
"SELECT id,name,price FROM lauri_products;");

while ($row = $results->fetch_assoc()) {
 ?>
 <li>
   <a href="description.php?id=<?=$row['id']?>">
      <?=$row['name']?></a>
      <?=$row['price']?>EUR
 </li>
 <?php
}
$conn->close();
?>
</ul>
<?php include "footer.php" ?>

CART.PHP

<?php
require_once "config.php";
session_start();
//include "header.php"; // This includes <html><head></head><body>
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
$conn or die("Database connection failed:" . $conn->error);
$conn->query("set names utf8"); // Support umlaut characters

if ($_SERVER['REQUEST_METHOD'] == "POST") {
    // We are updating the cart contents
    $product_id = intval($_POST["id"]);
    if (array_key_exists($product_id, $_SESSION["cart"])) {
        $_SESSION["cart"][$product_id] += intval($_POST["count"]);
    } else {
        $_SESSION["cart"][$product_id] = intval($_POST["count"]);
    }

    if ($_SESSION["cart"][$product_id] <= 0) {
        unset($_SESSION["cart"][$product_id]);
    }
}

?>
<!--
<h2>Products in shopping cart</h2>

<a href="index.php">Back to product listing</a>
<a href="placeorder.php">Place order</a>

<p>
-->

<ul>
<?php
$results = $conn->query(
"SELECT id,name,price FROM lauri_products;");

$results or die("Database query failed:" . $conn->error);

while ($row = $results->fetch_assoc()) {
  $product_id = $row['id'];
  if (array_key_exists($product_id, $_SESSION["cart"])) {
    $count = $_SESSION["cart"][$product_id];
    ?>
      <li>
        <?=$count;?> items of
        <a href="description.php?id=<?=$product_id;?>">
          <?=$row['name'];?></a>
          <?=$row['price'];?>EUR totals in <?= $row['price'] * $count; ?> EUR
        <form method="post">
          <input type="hidden" name="id" value="<?=$product_id;?>"/>
          <input type="hidden" name="count" value="-1"/>
          <input type="submit" value="Remove"/>
        </form>
      </li>
    <?php
  }
}
$conn->close();
?>
</ul>

<?php // include "footer.php" ?>

CONFIG.PHP

<?php
 // This is site specific configuration!
define("DB_SERVER", "localhost");
define("DB_USER",   "test");
define("DB_PASS",   "t3st3r123");
define("DB_NAME",   "test");
define("DB_PREFIX", "lauri_");

?>

DESCRIPTION.PHP

<?php
require_once "config.php";
include "header.php" ?>
<a href="index.php">Back to product listing</a>
<?php

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
    $conn->connect_error);
$conn->query("set names utf8"); // Support umlaut characters
$statement = $conn->prepare(
"SELECT `name`, `description`, `price` FROM" .
" `lauri_products` WHERE `id` = ?");
$statement->bind_param("i", $_GET["id"]);
$statement->execute();
$results = $statement->get_result();
$row = $results->fetch_assoc();
?>

<span style="float:right;"><?=$row["price"];?>EUR</span>
<h1><?=$row["name"];?></h1>

<p>
<?=$row["description"];?>
</p>

<form method="post" action="cart.php">
  <input type="hidden" name="id" value="<?=$_GET["id"];?>"/>
  <input type="hidden" name="count" value="1"/>
  <input type="submit" value="Add to cart"/>
</form>

<?php include "footer.php" ?>

FOOTER.PHP

 </div>
    <footer>
      <ul>
        <li>Phone: +372 5123 4567</li>
        <li><a href="http://facebook.com">Visit us on Facebook!</a></li>
      </ul>
    </footer>
  </body>
</html>

HEADER.PHP

<?php

// This will make it possible to use persistent $_SESSION at all
session_start();

if (!array_key_exists("cart", $_SESSION)) {
    $_SESSION["cart"] = array();
    // Here we store product it -> count mapping
}

?>
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <meta name="description" content="Introduction to this guy's website">
    <title>Lauri's webshop</title>
    <link type="text/css" rel="stylesheet" href="css/style.css"/>
    <link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'>
    <script type="text/javascript" src="js/main.js"></script>
  </head>
  <body>
    <div id="content">

LOGIN.PHP

<?php

session_start();

// This is login.php, here we check if user provided proper credentials
var_dump($_POST); // This is just to check that the data gets to server
include "config.php";

// This is copy-paste from description.php!
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
    $conn->connect_error);
$conn->query("set names utf8"); // Support umlaut characters
$statement = $conn->prepare(
"SELECT id, first_name FROM lauri_users 
WHERE email = ? AND password = PASSWORD(?)");
// This is the easiest way to store hashed passwords
// DO NOT USE THIS IN PRODUCTION!
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("ss", $_POST["user"], $_POST["password"]); // <--
$statement->execute();
$results = $statement->get_result();
$row = $results->fetch_assoc();

if($row) {
    $_SESSION["first_name"] = $row["first_name"]; // For lazy people
    $_SESSION["user"] = $row["id"]; // This just stores user row number!
    header('Location: index.php'); // This will redirect back to index
} else {
    echo "Login failed (invalid username or password)";
}

?>

LOGOUT.PHP

<?php

session_start();
unset($_SESSION["user"]);
header('Location: index.php'); // This will redirect back to index
?>

ORDERDETAILS.PHP

<?php
require_once "config.php";
include "header.php" ?>
<a href="index.php">Back to product listing</a>
<?php

$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
    $conn->connect_error);
$conn->query("set names utf8"); // Support umlaut characters
$statement = $conn->prepare(
"SELECT
  `lauri_order_products`.`id` AS `order_product_id`,
  `lauri_order_products`.`product_id` AS `product_id`,
  `lauri_products`.`name` AS `product_name`,
  `lauri_order_products`.`unit_price` AS `order_product_unit_price`,
  `lauri_order_products`.`count` AS `order_product_count`,
  `lauri_order_products`.`unit_price` * `lauri_order_products`.`count` AS `subtotal`
FROM
  `lauri_order_products`
JOIN
  `lauri_products`
ON
  `lauri_order_products`.`product_id` = `lauri_products`.`id`
WHERE
  `lauri_order_products`.`order_id` = ?
");
// This is orderdetail.php
// The SQL code above is copy-paste from wiki, PHP code above is copy-paste from description.php
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("i", $_GET["id"]); // TODO: Check that order belongs to $_SESSION["user"] !!!
$statement->execute();
$results = $statement->get_result();
?>
<h1>Order details</h1>
<ul>
<?php
  while ($row = $results->fetch_assoc()) { ?>
    <li>
      <?= $row["product_name"]; ?>
      <?= $row["order_product_count"]; ?>x
      <?= $row["order_product_unit_price"]; ?>EUR
    </li><?php
  }
?>

ORDERS.PHP

<?php
require_once "config.php";
include "header.php" ?>
<a href="index.php">Back to product listing</a>
<?php
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" . $conn->connect_error);
$conn->query("set names utf8");
// This is orders.php, again beginning copy-pasted from description.php
$statement = $conn->prepare("SELECT * FROM `lauri_orders` WHERE `user_id` = ?");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);

// TODO: If $_SESSION["user"] is nonsense, redirect to index.php!
$statement->bind_param("i", $_SESSION["user"]);
if (!$statement->execute()) die("Failed to execute statement");
$results = $statement->get_result();
?>
<h1>Orders</h1>
<ul>
<?php
  while ($row = $results->fetch_assoc()) { ?>
    <li>
      <a href="orderdetail.php?id=<?= $row["id"]; ?>">
        Order #<?= $row["id"]; ?>
        <?= $row["created"]; ?>
        <?= $row["shipping_address"]; ?>
      </a>
    </li><?php
  }
?>

PLACRORDER.PHP

<?php
// This is placeorder.php, this shall basically move cart contents to database as a new order
// Copypaste from regsubmit.php follows:
require_once "config.php";
include "header.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
    $conn->connect_error);
$conn->query("set names utf8"); // Support umlaut characters

// TODO: If the shopping cart is empty it should not be possible to place an order!
$_SESSION["cart"] or die("User has no items in the shopping cart!");

// This inserts row to orders table
$statement = $conn->prepare("INSERT INTO `lauri_orders` (`user_id`) VALUES (?)");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
$statement->bind_param("i", $_SESSION["user"]); // User ID is the logged in user's ID
if (!$statement->execute()) {
    die("Execute failed: (" . $statement->errno . ") " . $statement->error);
}
$order_id = $conn->insert_id; // This contains the ID for the inserted order

// This inserts rows to order_products table
$statement = $conn->prepare(
    "INSERT INTO `lauri_order_products` (`order_id`, `product_id`, `count`) VALUES (?,?,?)");
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);
foreach ($_SESSION["cart"] as $product_id => $count) {
    $statement->bind_param("iii", $order_id, $product_id, $count);
	if (!$statement->execute()) {
		die("Execute failed: (" . $statement->errno . ") " . $statement->error);
	}
}

// Here of course we should reset shopping cart:
$_SESSION["cart"] = array();
header('Location: orders.php'); // This should redirect to orders page (which we haven't created yet)

?>

REGISTRATION.PHP

<?php
require_once "config.php";
include "header.php";
?>

<h1>Register user account</h1>

<form method="post" action="regsubmit.php">
  <div>
    <label for="email">E-mail</label>
    <input type="email" name="email" required/>
  </div>
  <div>
    <label for="password">Password</label>
    <input type="password" name="password" required/>
  </div>
  <div>
    <select name="country">
      <option value="ee">Estonia</option>
      <option value="lt">Latvia</option>
      <option value="lv">Lithuania</option>
    </select>
  </div>
  <div>
    <label for="phone">Telephone number</label>
    <input type="tel"/>
  </div>
  <div>
    <label for="vatin">VAT indication number</label>
    <input type="text" pattern="([A-Z0-9]{4,14})?$"/>
  </div>
  <div>
    <label for="dob">Date of birth</label>
    <input type="date" name="dob" placeholder="dd/mm/yyyy" required/>
  </div>
  <div>
    <label for="first_name">First name</label>
    <input type="text" name="first_name" required/>
  </div>
  <div>
    <label for="last_name">Last name</label>
    <input type="text" name="last_name" required/>
  </div>
  <div>
    <input type="submit"/>
  </div>
</form>

<?php include "footer.php" ?>

REGSUBMIT.PHP

<?php
require_once "config.php";
include "header.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
    $conn->connect_error);
$conn->query("set names utf8");

$statement = $conn->prepare(
"INSERT INTO `lauri_users` (
    `email`,
    `password`,
    `first_name`,
    `last_name`,
    `phone`,
    `dob`,
    `salutation`,
    `vatin`,
    `company`,
    `country`,
    `address`)
VALUES (?, PASSWORD(?), ?, ?, ?, ?, ?, ?, ?, ?, ?)");

# whenever you get "call to a member function ... on a non-object" this means something
# is failing **before** that line so you have to manually check for errors like this:
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);

$statement->bind_param("sssssssssss",
    $_POST["email"],
    $_POST["password"],
    $_POST["first_name"],
    $_POST["last_name"],
    $_POST["phone"],
    $_POST["dob"],
    $_POST["salutation"],
    $_POST["vatin"],
    $_POST["company"],
    $_POST["country"],
    $_POST["address"]);

if ($statement->execute()) {
    echo "Registration was successful! <a href=\"index.php\">Back to main page</a>";
} else {
    if ($statement->errno == 1062) {
       // This will result in 200 OK
       echo "This e-mail is already registered";
    } else {
       // This will result in 500 Internal server error
       die("Execute failed: (" .
           $statement->errno . ") " . $statement->error);
    }
}
?>

UPLOAD.PHP

<html>
  <body>
    <form method="post" enctype="multipart/form-data">
      <input type="text" name="product_title"/>
      <input type="text" name="product_description"/>
      <input type="file" name="product_image" required/>
      <input type="file" name="product_thumbnail"/>
      <input type="submit"/>
    </form>
    <!-- You also need:
    mkdir uploads
    chmod 777
    -->
    <?php
    if (array_key_exists("product_image", $_FILES)) {
      $finfo = finfo_open(FILEINFO_MIME_TYPE);
      $mimetype = finfo_file($finfo, $_FILES["product_image"]["tmp_name"]);
      if ($mimetype != "application/pdf") die("Go away!");

      $checksum = sha1(file_get_contents(
        $_FILES["product_image"]["tmp_name"])) . "." .
        pathinfo($_FILES["product_image"]["name"], PATHINFO_EXTENSION);
      if (!file_exists("uploads/" . $checksum)) {
        copy(
          $_FILES["product_image"]["tmp_name"],
          "uploads/" . $checksum);
      }
    }
    ?>
    <p>Mimetype was: <?= $mimetype; ?></p>
    <p>Checksum was: <a href="uploads/<?=$checksum;?>"><?=$checksum;?></a>
    <p>Filename was: <?=$_FILES["product_image"]["name"];?></p>
    <p>File stored at: <?=$_FILES["product_image"]["tmp_name"];?></p>
  </body>
</html>

STYLE.CSS

input[type='password'] {
    color: red;
}

/* Apply font family to paragraphs */

p, ul, li, h1, h2, h, a {
    /* Roboto font works only if the font CSS is included from Google */
    font-family: "Roboto", Verdana, Arial, sans-serif;
}

html, body {
    margin: 0;
    padding: 0;

}

body {
    padding: 0 1em;
    background-color: #aabbff;
}

#content, footer { /* This expects id="content" ;) */
    margin: 0 auto;
    padding: 0 1em;
    max-width: 40em;
    border: 1px solid #888;
    background-color: white;
}

footer {
    color: #fff;
    background-color: #222;
}

img { /* This will look ugly tho! */
    width: 800px;
    height: 100px;
}

MAIN.JS

// In HTML we only have <button id="update_cart">Update cart</button>

// Wait page to be loaded and then associate click event
document.addEventListener("DOMContentLoaded", function() {
  document.querySelector("#update_cart").addEventListener(
   "click", updateCart
  );
  document.querySelector("#remove_button").addEventListener(
   "click", removeItem
  )
});

function removeItem() {
  console.info("Going to remove product with id from cart:", this.dataset.product_id);

  var formData = new FormData();
  formData.append("id", this.dataset.product_id);
  formData.append("count", -1);

  var request = new XMLHttpRequest();
  request.open('POST', 'cart.php', true);
  request.send(formData);
}

// This only defines updateCart function, but it does not run it!
function updateCart() {
  var request = new XMLHttpRequest();
  request.open('GET', 'cart.php', true);

  // This is an example of callback
  request.onload = function() {
    // This function runs once response has been received
    if (request.status >= 200 && request.status < 400) {
      document.querySelector("#shopping_cart").innerHTML =
        request.responseText;
    }
  };

  // This will only start the request
  request.send();
}