Initial source code checkin.

Author: justinhartman

README.md

@@ -1,2 +1,3 @@
 # complete-php7-ecom-website
-A complete PHP 7 eCommerce website along with Admin interface.
+
+An advanced and complete PHP 7 eCommerce website along with MySQL database and Admin interface.

addtocart.php

@@ -0,0 +1,17 @@
+<?php
+session_start();
+if (isset($_GET) & !empty($_GET)) {
+    $id = $_GET['id'];
+    if (isset($_GET['quant']) & !empty($_GET['quant'])) {
+        $quant = $_GET['quant'];
+    } else {
+        $quant = 1;
+    }
+    $_SESSION['cart'][$id] = array("quantity" => $quant);
+    header('location: cart.php');
+} else {
+    header('location: cart.php');
+}
+echo "<pre>";
+print_r($_SESSION['cart']);
+echo "</pre>";

addtowishlist.php

@@ -0,0 +1,19 @@
+<?php
+ob_start();
+session_start();
+require_once 'config/connect.php';
+$uid = $_SESSION['customerid'];
+if (!isset($_SESSION['customer']) & empty($_SESSION['customer'])) {
+    header('location: login.php');
+}
+if (isset($_GET['id']) & !empty($_GET['id'])) {
+    $pid = $_GET['id'];
+    echo $sql = "INSERT INTO wishlist (pid, uid) VALUES ($pid, $uid)";
+    $res = mysqli_query($connection, $sql);
+    if ($res) {
+        header('location: wishlist.php');
+        //echo "redirect to wish list page";
+    }
+} else {
+    header('location: wishlist.php');
+}

admin/addcategory.php

@@ -0,0 +1,43 @@
+<?php
+session_start();
+require_once '../config/connect.php';
+if (!isset($_SESSION['email']) & empty($_SESSION['email'])) {
+    header('location: login.php');
+}
+
+if (isset($_POST) & !empty($_POST)) {
+    $name = mysqli_real_escape_string($connection, $_POST['categoryname']);
+    $sql = "INSERT INTO category (name) VALUES ('$name')";
+    $res = mysqli_query($connection, $sql);
+    if ($res) {
+        $smsg = "Category Added";
+    } else {
+        $fmsg = "Failed Add Category";
+    }
+}
+?>
+<?php include 'inc/header.php'; ?>
+<?php include 'inc/nav.php'; ?>
+
+<section id="content">
+    <div class="content-blog">
+        <div class="container">
+            <?php if (isset($fmsg)) { ?>
+                <div class="alert alert-danger" role="alert"><?php echo $fmsg; ?></div>
+            <?php } ?>
+            <?php if (isset($smsg)) { ?>
+                <div class="alert alert-success" role="alert"> <?php echo $smsg; ?> </div>
+            <?php } ?>
+            <form method="post">
+                <div class="form-group">
+                    <label for="Productname">Category Name</label>
+                    <input type="text" class="form-control" name="categoryname" id="Categoryname" placeholder="Category Name">
+                </div>
+                <button type="submit" class="btn btn-default">Submit</button>
+            </form>
+
+        </div>
+    </div>
+</section>
+
+<?php include 'inc/footer.php' ?>

admin/addproduct.php

@@ -0,0 +1,111 @@
+<?php
+session_start();
+require_once '../config/connect.php';
+if (!isset($_SESSION['email']) & empty($_SESSION['email'])) {
+    header('location: login.php');
+}
+
+if (isset($_POST) & !empty($_POST)) {
+    $prodname = mysqli_real_escape_string($connection, $_POST['productname']);
+    $description = mysqli_real_escape_string($connection, $_POST['productdescription']);
+    $category = mysqli_real_escape_string($connection, $_POST['productcategory']);
+    $price = mysqli_real_escape_string($connection, $_POST['productprice']);
+
+
+    if (isset($_FILES) & !empty($_FILES)) {
+        $name = $_FILES['productimage']['name'];
+        $size = $_FILES['productimage']['size'];
+        $type = $_FILES['productimage']['type'];
+        $tmp_name = $_FILES['productimage']['tmp_name'];
+
+        $max_size = 10000000;
+        $extension = substr($name, strpos($name, '.') + 1);
+
+        if (isset($name) && !empty($name)) {
+            if (($extension == "jpg" || $extension == "jpeg") && $type == "image/jpeg" && $size<=$max_size) {
+                $location = "uploads/";
+                if (move_uploaded_file($tmp_name, $location.$name)) {
+                    //$smsg = "Uploaded Successfully";
+                    $sql = "INSERT INTO products (name, description, catid, price, thumb) VALUES ('$prodname', '$description', '$category', '$price', '$location$name')";
+                    $res = mysqli_query($connection, $sql);
+                    if ($res) {
+                        //echo "Product Created";
+                        header('location: products.php');
+                    } else {
+                        $fmsg = "Failed to Create Product";
+                    }
+                } else {
+                    $fmsg = "Failed to Upload File";
+                }
+            } else {
+                $fmsg = "Only JPG files are allowed and should be less that 1MB";
+            }
+        } else {
+            $fmsg = "Please Select a File";
+        }
+    } else {
+        $sql = "INSERT INTO products (name, description, catid, price) VALUES ('$prodname', '$description', '$category', '$price')";
+        $res = mysqli_query($connection, $sql);
+        if ($res) {
+            header('location: products.php');
+        } else {
+            $fmsg =  "Failed to Create Product";
+        }
+    }
+}
+?>
+<?php include 'inc/header.php'; ?>
+<?php include 'inc/nav.php'; ?>
+
+<section id="content">
+    <div class="content-blog">
+        <div class="container">
+            <?php if (isset($fmsg)) {
+    ?><div class="alert alert-danger" role="alert"> <?php echo $fmsg; ?> </div><?php
+} ?>
+            <?php if (isset($smsg)) {
+        ?><div class="alert alert-success" role="alert"> <?php echo $smsg; ?> </div><?php
+    } ?>
+            <form method="post" enctype="multipart/form-data">
+                <div class="form-group">
+                    <label for="Productname">Product Name</label>
+                    <input type="text" class="form-control" name="productname" id="Productname" placeholder="Product Name">
+                </div>
+                <div class="form-group">
+                    <label for="productdescription">Product Description</label>
+                    <textarea class="form-control" name="productdescription" rows="3"></textarea>
+                </div>
+
+                <div class="form-group">
+                    <label for="productcategory">Product Category</label>
+                    <select class="form-control" id="productcategory" name="productcategory">
+                        <option value="">---SELECT CATEGORY---</option>
+                        <?php
+                        $sql = "SELECT * FROM category";
+                        $res = mysqli_query($connection, $sql);
+                        while ($r = mysqli_fetch_assoc($res)) {
+                            ?>
+                            <option value="<?php echo $r['id']; ?>"><?php echo $r['name']; ?></option>
+                        <?php
+                        } ?>
+                    </select>
+                </div>
+
+                <div class="form-group">
+                    <label for="productprice">Product Price</label>
+                    <input type="text" class="form-control" name="productprice" id="productprice" placeholder="Product Price">
+                </div>
+                <div class="form-group">
+                    <label for="productimage">Product Image</label>
+                    <input type="file" name="productimage" id="productimage">
+                    <p class="help-block">Only jpg/png are allowed.</p>
+                </div>
+
+                <button type="submit" class="btn btn-default">Submit</button>
+            </form>
+
+        </div>
+    </div>
+</section>
+
+<?php include 'inc/footer.php' ?>

admin/categories.php

@@ -0,0 +1,42 @@
+<?php
+session_start();
+require_once '../config/connect.php';
+if (!isset($_SESSION['email']) & empty($_SESSION['email'])) {
+    header('location: login.php');
+}
+?>
+<?php include 'inc/header.php'; ?>
+<?php include 'inc/nav.php'; ?>
+
+<section id="content">
+    <div class="content-blog">
+        <div class="container">
+            <table class="table table-striped">
+                <thead>
+                    <tr>
+                        <th>#</th>
+                        <th>Category Name</th>
+                        <th>Operations</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php
+                    $sql = "SELECT * FROM category";
+                    $res = mysqli_query($connection, $sql);
+                    while ($r = mysqli_fetch_assoc($res)) {
+                        ?>
+                        <tr>
+                            <th scope="row"><?php echo $r['id']; ?></th>
+                            <td><?php echo $r['name']; ?></td>
+                            <td><a href="editcategory.php?id=<?php echo $r['id']; ?>">Edit</a> | <a href="delcategory.php?id=<?php echo $r['id']; ?>">Delete</a></td>
+                        </tr>
+                    <?php
+                    } ?>
+                </tbody>
+            </table>
+
+        </div>
+    </div>
+</section>
+
+<?php include 'inc/footer.php' ?>

admin/customers.php

@@ -0,0 +1,45 @@
+<?php
+session_start();
+require_once '../config/connect.php';
+if (!isset($_SESSION['email']) & empty($_SESSION['email'])) {
+    header('location: login.php');
+}
+?>
+<?php include 'inc/header.php'; ?>
+<?php include 'inc/nav.php'; ?>
+
+<section id="content">
+    <div class="content-blog">
+        <div class="container">
+            <table class="table table-striped">
+                <thead>
+                    <tr>
+                        <th>#</th>
+                        <th>Customer Name</th>
+                        <th>Customer Mobile</th>
+                        <th>Customer Email</th>
+                        <th>Customer From</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php
+                    $sql = "SELECT * FROM users u JOIN usersmeta u1 WHERE u.id=u1.uid";
+                    $res = mysqli_query($connection, $sql);
+                    while ($r = mysqli_fetch_assoc($res)) {
+                        ?>
+                        <tr>
+                            <th scope="row"><?php echo $r['id']; ?></th>
+                            <td><?php echo $r['firstname'] . " " . $r['lastname']; ?></td>
+                            <td><?php echo $r['mobile']; ?></td>
+                            <td><?php echo $r['email']; ?></td>
+                            <td><?php echo $r['timestamp']; ?></td>
+
+                        <?php
+                    } ?>
+                </tbody>
+            </table>
+        </div>
+    </div>
+</section>
+
+<?php include 'inc/footer.php' ?>

admin/delcategory.php

@@ -0,0 +1,16 @@
+<?php
+    session_start();
+    require_once '../config/connect.php';
+    if (!isset($_SESSION['email']) & empty($_SESSION['email'])) {
+        header('location: login.php');
+    }
+
+    if (isset($_GET) & !empty($_GET)) {
+        $id = $_GET['id'];
+        $sql = "DELETE FROM category WHERE id='$id'";
+        if (mysqli_query($connection, $sql)) {
+            header('location:categories.php');
+        }
+    } else {
+        header('location: categories.php');
+    }

admin/delprodimg.php

@@ -0,0 +1,33 @@
+<?php
+    session_start();
+    require_once '../config/connect.php';
+    if (!isset($_SESSION['email']) & empty($_SESSION['email'])) {
+        header('location: login.php');
+    }
+
+    if (isset($_GET['id']) & !empty($_GET['id'])) {
+        $id = $_GET['id'];
+        $sql = "SELECT thumb FROM products WHERE id=$id";
+        $res = mysqli_query($connection, $sql);
+        $r = mysqli_fetch_assoc($res);
+        if (!empty($r['thumb'])) {
+            if (unlink($r['thumb'])) {
+                $delsql = "UPDATE products SET thumb='' WHERE id=$id";
+                if (mysqli_query($connection, $delsql)) {
+                    header("location:editproduct.php?id={$id}");
+                }
+            } else {
+                $delsql = "UPDATE products SET thumb='' WHERE id=$id";
+                if (mysqli_query($connection, $delsql)) {
+                    header("location:editproduct.php?id={$id}");
+                }
+            }
+        } else {
+            $delsql = "UPDATE products SET thumb='' WHERE id=$id";
+            if (mysqli_query($connection, $delsql)) {
+                header("location:editproduct.php?id={$id}");
+            }
+        }
+    } else {
+        header("location:editproduct.php?id={$id}");
+    }

admin/delproduct.php

@@ -0,0 +1,28 @@
+<?php
+    session_start();
+    require_once '../config/connect.php';
+    if (!isset($_SESSION['email']) & empty($_SESSION['email'])) {
+        header('location: login.php');
+    }
+
+    if (isset($_GET['id']) & !empty($_GET['id'])) {
+        $id = $_GET['id'];
+        $sql = "SELECT thumb FROM products WHERE id=$id";
+        $res = mysqli_query($connection, $sql);
+        $r = mysqli_fetch_assoc($res);
+        if (!empty($r['thumb'])) {
+            if (unlink($r['thumb'])) {
+                $delsql = "DELETE FROM products WHERE id=$id";
+                if (mysqli_query($connection, $delsql)) {
+                    header("location:products.php");
+                }
+            }
+        } else {
+            $delsql = "DELETE FROM products WHERE id=$id";
+            if (mysqli_query($connection, $delsql)) {
+                header("location:products.php");
+            }
+        }
+    } else {
+        header('location: products.php');
+    }