Add login, signup, and account pages ( issue #8 )

master
Skylar Ittner hace 6 años
padre 06f7f4d9d2
commit bb59035e46

@ -29,32 +29,79 @@ switch ($VARS['action']) {
} else {
$cart[$item] += $qty;
}
$_SESSION['cart'] = $cart;
header('Location: ./?page=cart&msg=itemadded');
die();
break;
case "updatecart":
$item = $VARS['item'];
$qty = $VARS['qty'];
$cart = [];
if (!empty($_SESSION['cart'])) {
$cart = $_SESSION['cart'];
}
$cart[$item] = $qty;
if ($qty <= 0) {
unset($cart[$item]);
}
$_SESSION['cart'] = $cart;
header('Location: ./?page=cart&msg=itemupdated');
break;
case "login":
$email = $VARS['email'];
$password = $VARS['password'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header('Location: ./?page=login&msg=invalidemail');
die("Invalid email address.");
}
if ($database->has('customers', ['email' => $email])) {
$hash = $database->get('customers', 'password', ['email' => $email]);
if (password_verify($password, $hash)) {
$_SESSION['shop_account'] = $database->get('customers', ['customerid (id)', 'name', 'password (hashed_password)', 'email'], ['email' => $email]);
header('Location: ./?page=account');
die();
} else {
header('Location: ./?page=login&msg=badlogin');
die("Bad login.");
}
} else {
header('Location: ./?page=login&msg=badlogin');
die("Bad login.");
}
break;
case "logout":
$_SESSION['shop_account'] = null;
header('Location: ./');
break;
case "signup":
$name = $VARS['name'];
$email = $VARS['email'];
$password = $VARS['password'];
$phone = $VARS['phone'];
if (empty($name) || empty($email) || empty($password)) {
header('Location: ./?page=signup&msg=missingdata');
die("Missing required data.");
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header('Location: ./?page=signup&msg=invalidemail');
die("Invalid email address.");
}
if ($database->has('customers', ['OR' => ['name' => $name, 'email' => $email]])) {
header('Location: ./?page=signup&msg=accountinuse');
die("Name or email already in use.");
}
if (empty($phone)) {
$phone = null;
}
$database->insert('customers', ['name' => $name, 'email' => $email, 'password' => password_hash($password, PASSWORD_BCRYPT), 'phone' => $phone]);
$_SESSION['shop_account'] = $database->get('customers', ['name', 'password (hashed_password)', 'email'], ['email' => $email]);
header('Location: ./?page=account');
die();
break;
}

@ -46,6 +46,15 @@ if (isset($_GET['page'])) {
case "cart":
$page = "cart";
break;
case "account":
$page = "account";
break;
case "login":
$page = "login";
break;
case "signup":
$page = "signup";
break;
case "home":
default:
$page = "home";

@ -0,0 +1,75 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
if (!defined('NICKELBOX')) {
die("Direct access denied.");
}
if ($loggedin !== true || is_null($account)) {
header('Location: ./?page=login');
die("Please log in.");
}
?>
<div class="container mt-4">
<h1 class="display-4">Account</h1>
<div class="row">
<div class="col-md-8">
<h3>Recent Orders</h3>
<div class="list-group">
<?php
$orders = $database->select('transactions', ['txid', 'txdate', 'type'], ['customerid' => $account['id'], 'ORDER' => ['txdate' => 'DESC'], 'LIMIT' => 50]);
foreach ($orders as $o) {
$lines = $database->select('lines', ['lineid', 'amount', 'qty', 'name'], ['txid' => $o['txid']]);
$itemcount = 0;
$total = 0.0;
foreach ($lines as $l) {
$itemcount += $l['qty'];
$total += $l['amount'] * $l['qty'];
}
?>
<div class="list-group-item">
Date: <?php echo date(DATETIME_FORMAT, strtotime($o['txdate'])); ?><br />
Type: <?php
switch ($o['type']) {
case 1:
echo "In-store";
break;
case 2:
echo "Return";
break;
case 3:
echo "Online";
break;
default:
echo "Other";
break;
}
?><br />
Total: $<?php echo number_format($total, 2); ?><br />
<div class="list-group list-group-flush">
<?php
foreach ($lines as $l) {
?>
<div class="list-group-item d-flex justify-content-between">
<div><?php echo $l['name']; ?></div>
<div><?php echo $l['qty'] * 1.0; ?>@<?php echo number_format($l['amount'], 2); ?></div>
<div>$<?php echo number_format($l['amount'] * $l['qty'], 2); ?></div>
</div>
<?php
}
?>
</div>
</div>
<?php
}
?>
</div>
</div>
</div>
</div>

@ -0,0 +1,51 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
if (!defined('NICKELBOX')) {
die("Direct access denied.");
}
?>
<div class="container mt-4">
<div class="row justify-content-center">
<form class="card" action="action.php" method="post">
<input type="hidden" name="action" value="login" />
<div class="card-header">
Log In
</div>
<div class="card-body">
<?php
$alert = "";
if (!empty($_GET['msg'])) {
switch ($_GET['msg']) {
case "badlogin":
$alert = "Bad email or password.";
break;
case "invalidemail":
$alert = "Invalid email address.";
break;
}
}
if ($alert != "") {
?>
<div class="text-danger mb-2">
<?php echo $alert; ?>
</div>
<?php
}
?>
<p class="small"><a href="./?page=signup">Don't have an account? Click here</a></p>
<input type="email" name="email" class="form-control mb-2" placeholder="Email address" required />
<input type="password" name="password" class="form-control" placeholder="Password" required />
</div>
<div class="card-footer d-flex">
<a href="./" class="btn btn-default">Back</a>
<button type="submit" class="btn btn-primary ml-auto">Log in</button>
</div>
</form>
</div>
</div>

@ -0,0 +1,53 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
if (!defined('NICKELBOX')) {
die("Direct access denied.");
}
?>
<div class="container mt-4">
<div class="row justify-content-center">
<form class="card" action="action.php" method="post">
<input type="hidden" name="action" value="signup" />
<div class="card-header">
Create Account
</div>
<div class="card-body">
<?php
$alert = "";
if (!empty($_GET['msg'])) {
switch ($_GET['msg']) {
case "badlogin":
$alert = "Bad email or password.";
break;
case "invalidemail":
$alert = "Invalid email address.";
break;
}
}
if ($alert != "") {
?>
<div class="text-danger mb-2">
<?php echo $alert; ?>
</div>
<?php
}
?>
<p class="small"><a href="./?page=login">Already have an account? Click here</a></p>
<input type="text" name="name" class="form-control mb-2" placeholder="Name" required />
<input type="email" name="email" class="form-control mb-2" placeholder="Email address" required />
<input type="password" name="password" class="form-control mb-2" placeholder="Password" required />
<input type="phone" name="phone" class="form-control" placeholder="Phone (optional)" />
</div>
<div class="card-footer d-flex">
<a href="./" class="btn btn-default">Back</a>
<button type="submit" class="btn btn-primary ml-auto">Create Account</button>
</div>
</form>
</div>
</div>

@ -117,6 +117,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
define("GET", true);
}
$loggedin = false;
$account = null;
if (!empty($_SESSION['shop_account'])) {
$account = $_SESSION['shop_account'];
if ($database->has('customers', ['AND' => ['name' => $account['name'], 'password' => $account['hashed_password']]])) {
$loggedin = true;
} else {
$account = null;
}
}
/**
* Checks if a string or whatever is empty.
* @param $str The thingy to check
@ -124,4 +136,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
*/
function is_empty($str) {
return (is_null($str) || !isset($str) || $str == '');
}
}

Cargando…
Cancelar
Guardar