329 lines
12 KiB
PHP
329 lines
12 KiB
PHP
<?php
|
|
require('db.php');
|
|
// the function which varifies a users credentials
|
|
// against the database
|
|
function login ()
|
|
{
|
|
session_start();
|
|
if (isset($_REQUEST['username'])) {
|
|
//Checking if the user exists in the database or not
|
|
global $con;
|
|
$username = stripslashes($_REQUEST['username']);
|
|
//escapes special characters in a string
|
|
$username = mysqli_real_escape_string($con,$username);
|
|
global $current_user;
|
|
$current_user = $username;
|
|
$password = stripslashes($_REQUEST['password']);
|
|
$password = mysqli_real_escape_string($con,$password);
|
|
$query = "SELECT * FROM users WHERE userLogin='$username'
|
|
and userPass='$password'";
|
|
$result = mysqli_query($con,$query) or die(mysqli_error());
|
|
$rows = mysqli_num_rows($result);
|
|
if ($rows==1) {
|
|
$_SESSION['username'] = $username;
|
|
// Redirect user to home.php
|
|
header("Location: home.php");
|
|
} else {
|
|
echo "<h3>Username/password is incorrect.</h3>";
|
|
}
|
|
}
|
|
}
|
|
|
|
// A function to register a new user
|
|
function register ()
|
|
{
|
|
if (isset($_REQUEST['username'])) {
|
|
global $con;
|
|
// removes backslashes
|
|
$username = stripslashes($_REQUEST['username']);
|
|
//escapes special characters in a string
|
|
$username = mysqli_real_escape_string($con,$username);
|
|
$email = stripslashes($_REQUEST['email']);
|
|
$email = mysqli_real_escape_string($con,$email);
|
|
$password = stripslashes($_REQUEST['password']);
|
|
$password = mysqli_real_escape_string($con,$password);
|
|
$query = "INSERT into users (userLogin, userPass, userEmail)
|
|
VALUES ('$username', '$password', '$email')";
|
|
$result = mysqli_query($con,$query);
|
|
// checks if the username or email addresse is already taken
|
|
if ($result) {
|
|
echo "<div class='form'>
|
|
<h3>You are registered successfully.</h3>
|
|
<br/>Click here to <a href='index.php'>Login</a></div>";
|
|
} elseif (mysqli_errno($con) == 1062) {
|
|
echo "<h3>Username or Email already taken.</h3>";
|
|
}
|
|
}
|
|
}
|
|
|
|
//A function to read out the userId of the current user
|
|
function get_userid ()
|
|
{
|
|
global $con;
|
|
session_start();
|
|
$username = $_SESSION['username'];
|
|
$sql = "select userId from users where userLogin = '$username'";
|
|
$userId = mysqli_query($con, $sql) or die(mysqli_error($con));
|
|
$row = $userId->fetch_object();
|
|
return $row->userId;
|
|
}
|
|
|
|
// A function to post a demand
|
|
function post_demand ()
|
|
{
|
|
if (isset($_POST['submit'])) {
|
|
global $con;
|
|
$userId = get_userid();
|
|
$piecesMax = $_POST['piecesMax'];
|
|
$piecesMin = $_POST['piecesMin'];
|
|
$qualityId = $_POST['quality'];
|
|
$deliveryDate = $_POST['deliveryDate'];
|
|
$title = $_POST['title'];
|
|
$text = $_POST['text'];
|
|
// Inserts Data into Database
|
|
if ($piecesMax <= $piecesMin) {
|
|
echo "<strong class='warning'>
|
|
The Maximum must be bigger than the Minimum!
|
|
</strong>";
|
|
} else {
|
|
$sql = "INSERT INTO demands (piecesMax, piecesMin, demandText,
|
|
demandTitle, userId, deliveryDate,
|
|
qualityId)
|
|
VALUES ('$piecesMax', '$piecesMin', '$text', '$title',
|
|
'$userId', '$deliveryDate', '$qualityId')";
|
|
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
|
|
}
|
|
}
|
|
}
|
|
|
|
// A function to insert the own posts from the database into the website
|
|
function get_demand_titles ()
|
|
{
|
|
global $con;
|
|
$sql = "SELECT * FROM demands";
|
|
$result = mysqli_query($con, $sql);
|
|
while ($row = $result->fetch_assoc()) {
|
|
echo "<div class='post-box'><p>";
|
|
echo "<strong>" . $row['demandTitle'] . "</strong></a>" . "<br>";
|
|
echo $row['date'] . "<br>";
|
|
|
|
echo "<form class= 'delete-form' method= 'POST'
|
|
action='".delete_demand()."'>
|
|
<input type='hidden' name='demandId' value='".$row['demandId']."'>
|
|
<button type='submit' name= 'deletepost'> Delete</button>
|
|
</form>";
|
|
|
|
echo "<form method= 'POST' action='show_demand.php'>
|
|
<input type='hidden' name='demandId' value='".$row['demandId']."'>
|
|
<button>Show Details</button>
|
|
</form>";
|
|
|
|
echo "<form class= 'edit-form' method= 'POST' action='edit_demand.php'>
|
|
<input type='hidden' name='userId' value='".$row['userId']."'>
|
|
<input type='hidden' name='demandId' value='".$row['demandId']."'>
|
|
<input type='hidden' name='piecesMax' value='".$row['piecesMax']."'>
|
|
<input type='hidden' name='piecesMin' value='".$row['piecesMin']."'>
|
|
<input type='hidden' name='deliveryDate' value='".$row['deliveryDate']."'>
|
|
<input type='hidden' name='title' value='".$row['demandTitle']."'>
|
|
<input type='hidden' name='text' value='".$row['demandText']."'>
|
|
<button>Edit</button>
|
|
</form>
|
|
</div>";
|
|
}
|
|
}
|
|
|
|
|
|
// A function to edit a demand
|
|
function edit_demand ()
|
|
{
|
|
if (isset($_POST['edit'])) {
|
|
global $con;
|
|
$demandId = $_POST['demandId'];
|
|
$piecesMax = $_POST['piecesMax'];
|
|
$piecesMin = $_POST['piecesMin'];
|
|
$deliveryDate = $_POST['deliveryDate'];
|
|
$title = $_POST['title'];
|
|
$text = $_POST['text'];
|
|
|
|
// Inserts Updates Database
|
|
if ($piecesMax <= $piecesMin) {
|
|
echo "<strong class='warning'>
|
|
The Maximum must be bigger than the Minimum!
|
|
</strong>";
|
|
} else {
|
|
$sql = "UPDATE demands
|
|
SET piecesMax='$piecesMax',
|
|
piecesMin='$piecesMin',
|
|
demandTitle='$title',
|
|
demandText='$text',
|
|
deliveryDate='$deliveryDate'
|
|
WHERE demandId='$demandId'";
|
|
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
|
|
header("Location: board.php");
|
|
}
|
|
}
|
|
}
|
|
// A function to delete a post
|
|
function delete_demand()
|
|
{
|
|
if (isset($_POST['deletepost'])) {
|
|
global $con;
|
|
$demandId = $_POST['demandId'];
|
|
|
|
// Delete Post from Database
|
|
$sql = "DELETE FROM demands WHERE demandId='$demandId'";
|
|
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
|
|
header('Location: board.php');
|
|
}
|
|
}
|
|
|
|
function show_demand ()
|
|
{
|
|
global $con;
|
|
$demandId = $_POST['demandId'];
|
|
|
|
$demand_query = "SELECT * FROM demands where demandId='$demandId'";
|
|
$demand_query_result = mysqli_query($con, $demand_query) or
|
|
die(mysqli_error($con));
|
|
$demand_rows = $demand_query_result->fetch_object();
|
|
|
|
$qualityId = $demand_rows->qualityId;
|
|
$quality_query = "SELECT * FROM quality where qualityId='$qualityId'";
|
|
$quality_query_result = mysqli_query($con, $quality_query) or
|
|
die(mysqli_error($con));
|
|
$quality_rows = $quality_query_result->fetch_object();
|
|
|
|
echo "<h2>" . $demand_rows->demandTitle . "</h2>";
|
|
echo "<br>
|
|
<br>";
|
|
echo "<strong>Maximum required pieces: </strong>" . $demand_rows->piecesMax;
|
|
echo "<br>
|
|
<br>";
|
|
echo "<strong>Minimum required pieces: </strong>" . $demand_rows->piecesMin;
|
|
echo "<br>
|
|
<br>";
|
|
echo "<strong>Desired Date of Delivery: </strong>" . $demand_rows->deliveryDate;
|
|
echo "<br>
|
|
<br>";
|
|
echo "<strong>Desired Quality: </strong>" . $quality_rows->qualityName;
|
|
echo "<br>
|
|
<br>
|
|
<strong>Description:</strong><br>";
|
|
echo "$demand_rows->demandText<br><br>";
|
|
echo "<form method= 'POST' action='add_offer.php'>
|
|
<input type='hidden' name='demandId' value='$demand_rows->demandId'>
|
|
<button>Post Offer</button>
|
|
</form><br>";
|
|
|
|
}
|
|
|
|
function post_offer()
|
|
{
|
|
if (isset($_POST['submit'])) {
|
|
global $con;
|
|
$userId = get_userid();
|
|
$demandId = $_POST['demandId'];
|
|
$pieces = $_POST['pieces'];
|
|
$price = $_POST['price'];
|
|
$qualityId = $_POST['quality'];
|
|
$text = $_POST['text'];
|
|
// Inserts Data into Database
|
|
$sql = "INSERT INTO offers (pieces, text, price, userId, qualityId,
|
|
demandId)
|
|
VALUES ('$pieces', '$text', '$price', '$userId', '$qualityId',
|
|
'$demandId')";
|
|
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
|
|
}
|
|
}
|
|
|
|
function show_offer ()
|
|
{
|
|
global $con;
|
|
$demandId = $_POST['demandId'];
|
|
|
|
// get the offers matching the demand from the database
|
|
$offer_query = "SELECT * FROM offers where demandId='$demandId'";
|
|
$offer_query_result = mysqli_query($con, $offer_query) or
|
|
die(mysqli_error($con));
|
|
|
|
// if the query on the database returned data print the data
|
|
while ($offer_rows = $offer_query_result->fetch_object()) {
|
|
$qualityId = $offer_rows->qualityId;
|
|
$quality_query = "SELECT * FROM quality where qualityId='$qualityId'";
|
|
$quality_query_result = mysqli_query($con, $quality_query) or
|
|
die(mysqli_error($con));
|
|
$quality_rows = $quality_query_result->fetch_object();
|
|
|
|
echo "<strong>Offer Nr: </strong>" . $offer_rows->offerId;
|
|
echo "<br>
|
|
<br>";
|
|
echo "<strong>Amount available: </strong>" . $offer_rows->pieces;
|
|
echo "<br>
|
|
<br>";
|
|
echo "<strong>Price per piece: </strong>" . $offer_rows->price;
|
|
echo "<br>
|
|
<br>";
|
|
echo "<strong>Provided Quality: </strong>" . $quality_rows->qualityName;
|
|
echo "<br>
|
|
<br>
|
|
<strong>Description:</strong><br>";
|
|
echo $offer_rows->text . "<br><br>";
|
|
echo "<form method= 'POST' action='export_offer.php'>
|
|
<input type='hidden' name='offerId' value='$offer_rows->offerId'>
|
|
<button>Export this Offer</button>
|
|
</form><hr>";
|
|
}
|
|
}
|
|
|
|
function export_offer ()
|
|
{
|
|
global $con;
|
|
$offerId = $_POST['offerId'];
|
|
|
|
$offer_export_query = "SELECT o.offerId,
|
|
o.text,
|
|
o.price,
|
|
o.date,
|
|
o.pieces,
|
|
q.qualityName,
|
|
d.demandTitle
|
|
FROM offers o
|
|
INNER JOIN demands d
|
|
on o.demandId = d.demandId
|
|
INNER JOIN quality q
|
|
on o.qualityId = q.qualityId
|
|
WHERE o.offerId = '$offerId';";
|
|
$query_result = mysqli_query($con, $offer_export_query) or
|
|
die(mysqli_error($con));
|
|
|
|
$export_rows = $query_result->fetch_object();
|
|
|
|
/* create a dom document with encoding utf8 */
|
|
$domtree = new DOMDocument('1.0', 'UTF-8');
|
|
|
|
/* create the root element of the xml tree */
|
|
$xmlRoot = $domtree->createElement("offer");
|
|
/* append it to the document created */
|
|
$offer_export = $domtree->appendChild($xmlRoot);
|
|
|
|
/* you should enclose the following two lines in a cicle */
|
|
$offer_export->appendChild(
|
|
$domtree->createElement('demand_title',$export_rows->demandTitle));
|
|
$offer_export->appendChild(
|
|
$domtree->createElement('offer_id',$export_rows->offerId));
|
|
$offer_export->appendChild(
|
|
$domtree->createElement('offer_text',$export_rows->text));
|
|
$offer_export->appendChild(
|
|
$domtree->createElement('offer_price',$export_rows->price));
|
|
$offer_export->appendChild(
|
|
$domtree->createElement('offer_pieces',$export_rows->pieces));
|
|
$offer_export->appendChild(
|
|
$domtree->createElement('offer_quality',$export_rows->qualityName));
|
|
$offer_export->appendChild(
|
|
$domtree->createElement('offer_date',$export_rows->date));
|
|
|
|
/* get the xml printed */
|
|
echo $domtree->saveXML();
|
|
}
|
|
?>
|