diff options
-rw-r--r-- | lib/login.php | 22 | ||||
-rw-r--r-- | public/admin-category.php | 6 | ||||
-rw-r--r-- | public/admin-product.php | 50 | ||||
-rw-r--r-- | public/admin.css | 24 | ||||
-rw-r--r-- | public/navbar.php | 22 | ||||
-rw-r--r-- | public/product.php | 8 |
6 files changed, 113 insertions, 19 deletions
diff --git a/lib/login.php b/lib/login.php index 45d4c83..0683031 100644 --- a/lib/login.php +++ b/lib/login.php @@ -52,14 +52,26 @@ function get_cart_count() { $logged_in = check_login($username, $password); $cart_count = get_cart_count(); +// hansel and gretel crumbs +function leave_crumb() { + $prev = $_SERVER['HTTP_REFERER']; + $ONE_HOUR = time() + (60 * 60); + setcookie("prev", $prev, $ONE_HOUR, "/"); +} + function if_logged_in($is, $redirect, $back = false) { global $logged_in; if ($logged_in != $is) return; - if ($back) { - $prev = $_SERVER['HTTP_REFERER']; - $ONE_HOUR = time() + (60 * 60); - setcookie("prev", $prev, $ONE_HOUR, "/"); - } + if ($back) leave_crumb(); + http_response_code(302); + header("Location: ".$redirect); + die(); +} + +function if_privileged($level, $redirect, $back = false) { + global $user_privileges; + if (($user_privileges & $level) > 0) return; + if ($back) leave_crumb(); http_response_code(302); header("Location: ".$redirect); die(); diff --git a/public/admin-category.php b/public/admin-category.php index d65fc9e..a899b00 100644 --- a/public/admin-category.php +++ b/public/admin-category.php @@ -1,14 +1,16 @@ <!DOCTYPE html> <?php require "../lib/login.php"; ?> +<?php if_privileged(PRIVILEGE_ADMIN, "/") ?> <html> <head> <?php include 'head.php' ?> - <title>super secret admin page</title> + <title>categorie toevoegen</title> </head> <body> <?php include 'navbar.php' ?> <div class="main limwidth"> - <h2>admin</h2> + <h2>categorie toevoegen</h2> + </div> <?php include 'footer.php' ?> </body> diff --git a/public/admin-product.php b/public/admin-product.php index d65fc9e..a760ebe 100644 --- a/public/admin-product.php +++ b/public/admin-product.php @@ -1,14 +1,60 @@ <!DOCTYPE html> <?php require "../lib/login.php"; ?> +<?php if_privileged(PRIVILEGE_ADMIN, "/") ?> +<?php +$res = $cursor->query("select max(id)+1 as id from webs.product"); +$obj = $res->fetch_object(); +$new_id = $obj->id; +?> +<?php +do { + if ($_SERVER['REQUEST_METHOD'] !== 'POST') break; + $name = $_POST['name']; + $description = $_POST['description']; + $image = $_POST['img']; + $price = $_POST['price']; + $category = $_POST['category']; + $image = true; + if (!$name) break; + if (!$description) break; + if (!$price) break; + if (!$category) break; + + $statement = $cursor->prepare("insert into webs.product (`name`, `description`, `price`, `category`, `image`) values (?, ?, ?, ?, ?)"); + $statement->bind_param("ssdii", $name, $description, $price, $category, $image); + $statement->execute(); +} while (false); +?> <html> <head> <?php include 'head.php' ?> - <title>super secret admin page</title> + <title>product toevoegen</title> + <link rel="stylesheet" href="admin.css"> </head> <body> <?php include 'navbar.php' ?> <div class="main limwidth"> - <h2>admin</h2> + <h2>product toevoegen</h2> + <form action="/admin-product.php" method="post"> + <label for="id">ID (automatisch)</label> + <input id="id" type="text" disabled value="<?php echo $new_id; ?>"> + <label for="name">Naam</label> + <input id="name" name="name" type="text" placeholder="Naam"> + <label for="price">Prijs</label> + <input id="price" name="price" type="number" value="0" min="0" max="999.99" step="0.01"> + <label for="category">Categorie</label> + <select id="category" name="category" placeholder="Categorie"> + <?php + $res = $cursor->query("select id, name from webs.category"); + while ($c = $res->fetch_object()) echo "<option value='$c->id'>$c->name</option>"; + ?> + </select> + <label for="description">Beschrijving (ondersteunt HTML)</label> + <textarea id="description" name="description" placeholder="Beschrijving" rows="3"></textarea> + <label for="img">Productafbeelding</label> + <input id="img" name="img" type="file" accept="image/png, image/gif, image/jpeg"> + <input id="submit" type="submit" value="Toevoegen"> + </form> </div> <?php include 'footer.php' ?> </body> diff --git a/public/admin.css b/public/admin.css new file mode 100644 index 0000000..0892cf1 --- /dev/null +++ b/public/admin.css @@ -0,0 +1,24 @@ +form { + display: grid; + gap: 8px; +} + +@media (min-width: 600px) { + form { + grid-template-columns: auto 1fr; + } + + form label { + grid-column: 1; + } + + form input, + form textarea { + grid-column: 2; + } +} + +form textarea { + font-family: sans-serif; + resize: vertical; +} diff --git a/public/navbar.php b/public/navbar.php index 03f9ca3..4b4001d 100644 --- a/public/navbar.php +++ b/public/navbar.php @@ -6,14 +6,20 @@ <span class="label">winkel</span> </a> <a href="/products.php" class="nolinkstyle nav-item"><span>producten</span></a> - <a href="/login.php" class="nolinkstyle nav-item"><span>login</span></a> - <a href="/cart.php" class="nolinkstyle nav-item"> - <?php - echo "<span>mand"; - if ($logged_in) echo " (".$cart_count.")"; - echo "</span>"; - ?> - </a> + <?php do { + if ($logged_in) break; + echo <<<"EOF" + <a href="/login.php" class="nolinkstyle nav-item"><span>login</span></a> + EOF; + } while (false); ?> + <?php do { + if (!$logged_in) break; + echo <<<"EOF" + <a href="/cart.php" class="nolinkstyle nav-item"> + <span>mand ($cart_count)</span> + </a> + EOF; + } while (false); ?> <?php do { if (($user_privileges & PRIVILEGE_ADMIN) == 0) break; echo <<<"EOF" diff --git a/public/product.php b/public/product.php index 172a30c..70c511d 100644 --- a/public/product.php +++ b/public/product.php @@ -26,13 +26,17 @@ $product = $res->fetch_object(); <div class="column left"> <?php $img = "/img/product/".$product->id."-full.jpg"; - echo "<a href='$img'><img src='$img' alt=''></a>"; + echo <<<"EOF" + <a href="$img" target="_blank"> + <img src="$img" alt="$product->name"> + </a> + EOF; ?> </div> <div class="column right"> <h2><?php echo $product->name ?></h2> <span class="price"><?php echo $product->price ?></span> - <span class="info"><?php echo $product->description ?></span> + <p class="info"><?php echo $product->description ?></p> <form action="/cart.php" method="post"> <input type="number" value="<?php echo $product->id ?>" hidden name="product_id"> <input type="submit" value="Toevoegen aan winkelwagen" class="button filled"> |