add links to admin pages + more login

author: lonkaars <loek@pipeframe.xyz> 2023-05-13 14:35:04 +0200
committer: lonkaars <loek@pipeframe.xyz> 2023-05-13 14:35:04 +0200
commit: d99d91293fe9e9ad683bbd079848df4031f0a77a (patch)
tree: 26b234f733248a3f22503f1fef7644c3bc739f0c
parent: b8e90ea5ea7c41444d7fbce6848e4c3cf37c87e5 (diff)
13 files changed, 124 insertions, 34 deletions
diff --git a/db/data.sql b/db/data.sql
index d02fa61..7254a90 100644
--- a/db/data.sql
+++ b/db/data.sql
@@ -19,14 +19,15 @@ update webs.product set description = "<ul><li>lekker sappig</li><li>zonder BTW<
 update webs.product set description = "<ul><li>snel bruin</li><li>zonder BTW</li></ul>" where id = 2;
 update webs.product set description = "<ul><li>kurkdroog</li><li>zonder BTW</li></ul>" where id = 3;
 
-insert into webs.customer (`name`) values
-	("loek"),
-	("bert"),
-	("niels"),
-	("joshua"),
-	("willem");
+insert into webs.user (`name`, `hash`) values
+	("loek", "$2b$12$HuKuEfTuD081gi8/VWtAl.WwpfD6MM6fAekxng22wwquoIyiK1zGC"), -- gert123
+	("bert", "$2b$12$s8ag3gsHThqIZUzqzfcX8O.v4mXfMAeu2G4X51nQOesmVPuXl0hse"), -- win32
+	("niels", "$2b$12$4JDIzpWAQpz3Iv9IdiwNzOoeSx0IPnDiO6EMVOz6knW8JGhm60wPO"), -- bsod
+	("joshua", "$2b$12$CrBgZljVGYHZt.xF.HWziOgwD9qL7jMxfHh6.fXxO55rbwtoRXYM6"), -- darwin
+	("willem", "$2b$12$vCDpn5fnGBL7dv3Ty1cgZegDKOguoRIgHNrUFYOCWoensgI4HnJde"); -- biege
+update webs.user set `privileges` = 1073741824 where `name` = "loek";
 
-insert into webs.cart (`product`, `customer`) values
+insert into webs.cart (`product`, `user`) values
 	(4, 1),
 	(5, 1),
 	(6, 1),
diff --git a/db/init.sql b/db/init.sql
index 4be1768..b7b3310 100644
--- a/db/init.sql
+++ b/db/init.sql
@@ -25,25 +25,27 @@ create table if not exists webs.product (
     on update cascade
 );
 
-create table if not exists webs.customer (
+create table if not exists webs.user (
   `id` int not null auto_increment,
   `name` varchar(45) not null,
+	`hash` binary(64) not null,
+	`privileges` int not null default 1,
   primary key (`id`)
 );
 
 create table if not exists webs.cart (
   `id` int not null auto_increment,
   `product` int not null,
-  `customer` int not null,
+  `user` int not null,
 	`count` int not null default 1,
   primary key (`id`),
   constraint `cart_product_fk`
     foreign key (`product`)
     references webs.product (`id`)
     on update cascade,
-  constraint `cart_customer_fk`
-    foreign key (`customer`)
-    references webs.customer (`id`)
+  constraint `cart_user_fk`
+    foreign key (`user`)
+    references webs.user (`id`)
     on update cascade
 );
 
diff --git a/db/reset.sql b/db/reset.sql
index 5338395..7036613 100644
--- a/db/reset.sql
+++ b/db/reset.sql
@@ -1,6 +1,6 @@
 drop schema if exists webs;
 drop table if exists webs.product;
-drop table if exists webs.customer;
+drop table if exists webs.user;
 drop table if exists webs.cart;
 drop table if exists webs.promotion;
 drop table if exists webs.category;
diff --git a/lib/db.php b/lib/db.php
index 6d158b7..d20c710 100644
--- a/lib/db.php
+++ b/lib/db.php
@@ -1 +1,3 @@
-<?php $cursor = new mysqli("localhost", "loek", "", "webs"); ?>
+<?php
+$cursor = new mysqli("localhost", "loek", "", "webs");
+?>
diff --git a/lib/login.php b/lib/login.php
index 39dc612..45d4c83 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -1,24 +1,46 @@
 <?php
+require_once "../lib/db.php";
+
+const PRIVILEGE_ADMIN = 1 << 30;
+const PRIVILEGE_USER = 1 << 0;
+
 $username = $_COOKIE['username'];
 $password = $_COOKIE['password'];
+$user_id = null;
+$user_privileges = 0;
 
 function login($username, $password) {
+	global $cursor, $user_id, $user_privileges;
 	if (!$username) return false;
 	if (!$password) return false;
+
+	$statement = $cursor->prepare("select id, hash, privileges from user where user.name = ?");
+	$statement->bind_param("s", $username);
+	if (!$statement->execute()) return false;
+	$res = $statement->get_result();
+	if (!mysqli_num_rows($res)) return false;
+	$obj = $res->fetch_object();
+	$user_id = $obj->id;
+	$user_privileges = $obj->privileges;
+
+	// if (!password_verify($password, $obj->hash)) return false;
+
 	return true;
 }
 
-function check_login() {
-	global $username, $password;
-	if (!login($username, $password)) return false;
+function check_login($username, $password) {
+	if (!login($username, $password)) {
+		setcookie("username", "", -1, "/");
+		setcookie("password", "", -1, "/");
+		return false;
+	}
 
 	return true;
 }
 
-require_once "../lib/db.php";
 function get_cart_count() {
 	global $username, $cursor;
-	$statement = $cursor->prepare("select sum(cart.count) as count from cart join customer on customer.id = cart.customer join product on product.id = cart.product where customer.name = ?");
+	$statement = $cursor->prepare("select sum(cart.count) as count from cart join user on user.id = cart.user join product on product.id = cart.product where user.name = ?");
 	$statement->bind_param("s", $username);
 	if (!$statement->execute()) return 0;
 	$res = $statement->get_result();
@@ -27,7 +49,7 @@ function get_cart_count() {
 	return $obj->count;
 }
 
-$logged_in = check_login();
+$logged_in = check_login($username, $password);
 $cart_count = get_cart_count();
 
 function if_logged_in($is, $redirect, $back = false) {
diff --git a/public/admin-category.php b/public/admin-category.php
new file mode 100644
index 0000000..d65fc9e
--- /dev/null
+++ b/public/admin-category.php
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<?php require "../lib/login.php"; ?>
+<html>
+<head>
+	<?php include 'head.php' ?>
+	<title>super secret admin page</title>
+</head>
+<body>
+	<?php include 'navbar.php' ?>
+	<div class="main limwidth">
+		<h2>admin</h2>
+	</div>
+	<?php include 'footer.php' ?>
+</body>
+</html>
diff --git a/public/admin-product.php b/public/admin-product.php
new file mode 100644
index 0000000..d65fc9e
--- /dev/null
+++ b/public/admin-product.php
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<?php require "../lib/login.php"; ?>
+<html>
+<head>
+	<?php include 'head.php' ?>
+	<title>super secret admin page</title>
+</head>
+<body>
+	<?php include 'navbar.php' ?>
+	<div class="main limwidth">
+		<h2>admin</h2>
+	</div>
+	<?php include 'footer.php' ?>
+</body>
+</html>
diff --git a/public/cart.php b/public/cart.php
index f953880..34cccbb 100644
--- a/public/cart.php
+++ b/public/cart.php
@@ -48,7 +48,7 @@ EOF;
 		<div class="products">
 			<?php do {
 				global $username;
-				$statement = $cursor->prepare("select product.id, product.name, product.price, product.image, cart.count from cart join customer on customer.id = cart.customer join product on product.id = cart.product where customer.name = ?");
+				$statement = $cursor->prepare("select product.id, product.name, product.price, product.image, cart.count from cart join user on user.id = cart.user join product on product.id = cart.product where user.name = ?");
 				$statement->bind_param("s", $username);
 				if (!$statement->execute()) break;
 				$res = $statement->get_result();
diff --git a/public/global.css b/public/global.css
index e3fcea0..4add154 100644
--- a/public/global.css
+++ b/public/global.css
@@ -73,3 +73,9 @@ body, html {
 	font-weight: bold;
 	cursor: pointer;
 }
+
+.center {
+	text-align: center;
+}
+
+.d-ib { display: inline-block; }
diff --git a/public/login.php b/public/login.php
index a8a1021..19d9d17 100644
--- a/public/login.php
+++ b/public/login.php
@@ -4,12 +4,9 @@
 <?php
 do {
 	if ($_SERVER['REQUEST_METHOD'] !== 'POST') break;
-	if (!$_POST['username']) break;
-	if (!$_POST['password']) break;
-
-	//TODO: check if user exists in database
-
-	// if all guards passed, successful login occurred
+	$username = $_POST['username'];
+	$password = $_POST['password'];
+	if (!check_login($username, $password)) break;
 	cookie_redir($_POST['username'], $_POST['password']);
 } while (false);
 ?>
diff --git a/public/nav.css b/public/nav.css
index 11815c1..d5f2de3 100644
--- a/public/nav.css
+++ b/public/nav.css
@@ -3,9 +3,6 @@ nav {
 	border-bottom: 2px dashed currentColor;
 }
 
-nav span { vertical-align: middle; }
-nav a { margin-right: 16px; }
-
 nav .site-icon {
 	height: 48px;
 	display: inline-block;
@@ -22,3 +19,14 @@ nav .site-icon .icon svg {
 	width: 24px;
 	height: 24px;
 }
+
+nav .adminmode { opacity: .7; }
+
+nav .nav-item {
+	display: inline-flex;
+	height: 48px;
+	vertical-align: top;
+	align-items: center;
+	margin-right: 16px;
+}
+
diff --git a/public/navbar.php b/public/navbar.php
index a157c76..03f9ca3 100644
--- a/public/navbar.php
+++ b/public/navbar.php
@@ -1,18 +1,26 @@
 <?php require_once "../lib/login.php" ?>
 <nav>
 	<div class="limwidth">
-		<a href="/" class="site-icon nolinkstyle">
+		<a href="/" class="site-icon nolinkstyle nav-item">
 			<span class="icon"><?php include "img/cart-outline.svg" ?></span>
 			<span class="label">winkel</span>
 		</a>
-		<a href="/products.php" class="nolinkstyle"><span>producten</span></a>
-		<a href="/login.php" class="nolinkstyle"><span>login</span></a>
-		<a href="/cart.php" class="nolinkstyle">
+		<a href="/products.php" class="nolinkstyle nav-item"><span>producten</span></a>
+		<a href="/login.php" class="nolinkstyle nav-item"><span>login</span></a>
+		<a href="/cart.php" class="nolinkstyle nav-item">
 			<?php 
 				echo "<span>mand";
 				if ($logged_in) echo " (".$cart_count.")";
 				echo "</span>";
 			?>
 		</a>
+		<?php do {
+			if (($user_privileges & PRIVILEGE_ADMIN) == 0) break;
+			echo <<<"EOF"
+				<div class='nav-item'>
+					<span class='adminmode'>(ingelogd als administrator)</span>
+				</div>
+			EOF;
+		} while (false); ?>
 	</div>
 </nav>
diff --git a/public/products.php b/public/products.php
index 433475f..da337ad 100644
--- a/public/products.php
+++ b/public/products.php
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <?php require "../lib/db.php"; ?>
+<?php require "../lib/login.php"; ?>
 <?php 
 function product_template($product) {
 	$image_path = $product->image ? "/img/product/$product->id-thumb.jpg" : "/img/placeholder.png";
@@ -22,6 +23,19 @@ EOF;
 	<?php include 'navbar.php' ?>
 	<div class="main limwidth">
 		<h2>lijst met producten:</h2>
+		<?php do {
+			if (($user_privileges & PRIVILEGE_ADMIN) == 0) break;
+			echo <<<"EOF"
+				<div class="center">
+					<form action="/admin-product.php" method="get" class="d-ib">
+						<input type="submit" value="Nieuw product toevoegen" class="button filled">
+					</form>
+					<form action="/admin-category.php" method="get" class="d-ib">
+						<input type="submit" value="Nieuwe categorie toevoegen" class="button filled">
+					</form>
+				</div>
+			EOF;
+		} while (false); ?>
 		<div class="products">
 			<?php
 				$res = $cursor->query("select id, image, price, name from webs.product");
author	lonkaars <loek@pipeframe.xyz>	2023-05-13 14:35:04 +0200
committer	lonkaars <loek@pipeframe.xyz>	2023-05-13 14:35:04 +0200
commit	d99d91293fe9e9ad683bbd079848df4031f0a77a (patch)
tree	26b234f733248a3f22503f1fef7644c3bc739f0c
parent	b8e90ea5ea7c41444d7fbce6848e4c3cf37c87e5 (diff)