From bb59035e46cf0898cf18c72d4239dfe9c45995ca Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Sat, 23 Jun 2018 20:38:27 -0600 Subject: [PATCH] Add login, signup, and account pages ( issue #8 ) --- public/action.php | 65 +++++++++++++++++++++++++++++----- public/index.php | 9 +++++ public/parts/account.php | 75 ++++++++++++++++++++++++++++++++++++++++ public/parts/login.php | 51 +++++++++++++++++++++++++++ public/parts/signup.php | 53 ++++++++++++++++++++++++++++ public/required.php | 14 +++++++- 6 files changed, 257 insertions(+), 10 deletions(-) create mode 100644 public/parts/account.php create mode 100644 public/parts/login.php create mode 100644 public/parts/signup.php diff --git a/public/action.php b/public/action.php index b27f059..4bb46d3 100644 --- a/public/action.php +++ b/public/action.php @@ -29,32 +29,79 @@ switch ($VARS['action']) { } else { $cart[$item] += $qty; } - $_SESSION['cart'] = $cart; - header('Location: ./?page=cart&msg=itemadded'); die(); - break; case "updatecart": $item = $VARS['item']; $qty = $VARS['qty']; - $cart = []; - if (!empty($_SESSION['cart'])) { $cart = $_SESSION['cart']; } - $cart[$item] = $qty; - if ($qty <= 0) { unset($cart[$item]); } - $_SESSION['cart'] = $cart; - header('Location: ./?page=cart&msg=itemupdated'); + break; + case "login": + $email = $VARS['email']; + $password = $VARS['password']; + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + header('Location: ./?page=login&msg=invalidemail'); + die("Invalid email address."); + } + if ($database->has('customers', ['email' => $email])) { + $hash = $database->get('customers', 'password', ['email' => $email]); + if (password_verify($password, $hash)) { + $_SESSION['shop_account'] = $database->get('customers', ['customerid (id)', 'name', 'password (hashed_password)', 'email'], ['email' => $email]); + header('Location: ./?page=account'); + die(); + } else { + header('Location: ./?page=login&msg=badlogin'); + die("Bad login."); + } + } else { + header('Location: ./?page=login&msg=badlogin'); + die("Bad login."); + } + break; + case "logout": + $_SESSION['shop_account'] = null; + header('Location: ./'); + break; + case "signup": + $name = $VARS['name']; + $email = $VARS['email']; + $password = $VARS['password']; + $phone = $VARS['phone']; + + if (empty($name) || empty($email) || empty($password)) { + header('Location: ./?page=signup&msg=missingdata'); + die("Missing required data."); + } + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + header('Location: ./?page=signup&msg=invalidemail'); + die("Invalid email address."); + } + + if ($database->has('customers', ['OR' => ['name' => $name, 'email' => $email]])) { + header('Location: ./?page=signup&msg=accountinuse'); + die("Name or email already in use."); + } + + if (empty($phone)) { + $phone = null; + } + + $database->insert('customers', ['name' => $name, 'email' => $email, 'password' => password_hash($password, PASSWORD_BCRYPT), 'phone' => $phone]); + + $_SESSION['shop_account'] = $database->get('customers', ['name', 'password (hashed_password)', 'email'], ['email' => $email]); + header('Location: ./?page=account'); + die(); break; } \ No newline at end of file diff --git a/public/index.php b/public/index.php index 14779ab..460579d 100644 --- a/public/index.php +++ b/public/index.php @@ -46,6 +46,15 @@ if (isset($_GET['page'])) { case "cart": $page = "cart"; break; + case "account": + $page = "account"; + break; + case "login": + $page = "login"; + break; + case "signup": + $page = "signup"; + break; case "home": default: $page = "home"; diff --git a/public/parts/account.php b/public/parts/account.php new file mode 100644 index 0000000..303d403 --- /dev/null +++ b/public/parts/account.php @@ -0,0 +1,75 @@ + + +
+

Account

+ +
+
+

Recent Orders

+
+ select('transactions', ['txid', 'txdate', 'type'], ['customerid' => $account['id'], 'ORDER' => ['txdate' => 'DESC'], 'LIMIT' => 50]); + foreach ($orders as $o) { + $lines = $database->select('lines', ['lineid', 'amount', 'qty', 'name'], ['txid' => $o['txid']]); + $itemcount = 0; + $total = 0.0; + foreach ($lines as $l) { + $itemcount += $l['qty']; + $total += $l['amount'] * $l['qty']; + } + ?> +
+ Date:
+ Type:
+ Total: $
+
+ +
+
+
@
+
$
+
+ +
+
+ +
+
+
+
\ No newline at end of file diff --git a/public/parts/login.php b/public/parts/login.php new file mode 100644 index 0000000..f6c5a5e --- /dev/null +++ b/public/parts/login.php @@ -0,0 +1,51 @@ + + +
+
+
+ +
+ Log In +
+
+ +
+ +
+ +

Don't have an account? Click here

+ + +
+
+ Back + +
+
+
+
\ No newline at end of file diff --git a/public/parts/signup.php b/public/parts/signup.php new file mode 100644 index 0000000..e824379 --- /dev/null +++ b/public/parts/signup.php @@ -0,0 +1,53 @@ + + +
+
+
+ +
+ Create Account +
+
+ +
+ +
+ +

Already have an account? Click here

+ + + + +
+
+ Back + +
+
+
+
\ No newline at end of file diff --git a/public/required.php b/public/required.php index cce08c4..28db119 100644 --- a/public/required.php +++ b/public/required.php @@ -117,6 +117,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { define("GET", true); } + +$loggedin = false; +$account = null; +if (!empty($_SESSION['shop_account'])) { + $account = $_SESSION['shop_account']; + if ($database->has('customers', ['AND' => ['name' => $account['name'], 'password' => $account['hashed_password']]])) { + $loggedin = true; + } else { + $account = null; + } +} + /** * Checks if a string or whatever is empty. * @param $str The thingy to check @@ -124,4 +136,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { */ function is_empty($str) { return (is_null($str) || !isset($str) || $str == ''); -} \ No newline at end of file +}