first commit

.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

.gitignore

@@ -0,0 +1,6 @@
+.idea
+
+.phpintel
+/stripe
+.vscode
+functions/config.php

.htaccess

@@ -0,0 +1,9 @@
+# if user tries to access the pages directly
+Options -Indexes
+
+# snipped copied from minima code - mvc with design with less website
+RewriteEngine On
+
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^(.*)$ index.php?url=$1 [L,QSA]

README.md

@@ -0,0 +1,52 @@
+# Umbrella Bookstore
+##### Umbrella Bookstore is an Online-Ecommerce platform that deals with useful soft books that are advantageous between programmers and developers as well as for non-techies or starters
+
+[![Build Status](https://travis-ci.org/joemccann/dillinger.svg?branch=master)](http://bookstore-project.freecluster.eur)
+
+
+
+![umbrella bookstore](https://user-images.githubusercontent.com/42686972/135336498-277e6eba-83c3-4d24-8fec-848f4dedc350.jpg)
+
+
+
+### Features
+- User can add or remove books in the cart
+- User can explore the books and books by certain publishers
+- Only admin can handle the books, book details, prices, publishers and order of displaying the books
+- website can handle hundreds and thousands of hits per day without crashing
+- website is secure from SQL injection through fields and all other malicious attack through URL
+- Many books and catalogue can be seen in page by scrolling down
+- User can contact with ecommerce store owners and ask for a new book
+- Four books are appeared on the front, while many other books are waiting to be accessed via one click
+- after the order completion, entire of the details reset and user is redirected to the home page
+
+### Technologies used
+
+- PHP / mySQL
+- Bootstrap 4 
+- HTML / CSS / JS
+- jQuery
+
+### Design patterns followed
+- DRY pattern
+- KISS pattern
+
+
+
+## Local installation
+```txt
+clone the repo https://github.com/danish981/bookstore.git
+run PHP and mySQL servers
+create database "bookstore"
+import the databsae given in the folder database into your local project
+```
+### Visit the Umbrella Bookstore
+<http://bookstore-project.freecluster.eu>
+
+### Credentials
+```txt
+admin username : admin
+admin password : admin12345
+```
+
+

admin.php

@@ -0,0 +1,34 @@
+<?php
+
+$title = "Admin Section";
+require_once "./template/header.php";
+
+// todo : instead of creating a huge error array,
+// todo : try creating a tiny session array and give the error before every field, if occur
+
+?>
+
+<!-- autocomplete of ON by default -->
+<form class="form-horizontal text-center" method="post" action="admin_verify.php">
+
+    <div class="form-group">
+        <label for="name" class="control-label col-md-4">Admin Username</label>
+        <div class="col-md-4">
+            <input id="name" type="text" name="name" class="form-control" required>
+        </div>
+    </div>
+
+    <div class="form-group">
+        <label for="pass" class="control-label col-md-4">Admin Password</label>
+        <div class="col-md-4">
+            <input id="pass" type="password" name="pass" class="form-control" required>
+        </div>
+    </div>
+
+    <input type="submit" name="submit" class="btn btn-primary">
+
+</form>
+
+
+<?php require_once "./template/footer.php"; ?>
+

admin_add.php

@@ -0,0 +1,138 @@
+<?php
+
+session_start();
+require_once "./functions/admin.php";
+require("functions/functions.php");
+
+$title = "Add new book";
+require "./template/header.php";
+
+require "./functions/database_functions.php";
+$conn = db_connect();
+
+if (isset($_POST['add'])) {
+    $isbn = validateField($_POST['isbn']);
+    $isbn = mysqli_real_escape_string($conn, $isbn);
+
+    $title = validateField($_POST['title']);
+    $title = mysqli_real_escape_string($conn, $title);
+
+    $author = validateField($_POST['author']);
+    $author = mysqli_real_escape_string($conn, $author);
+
+    $descr = validateField($_POST['descr']);
+    $descr = mysqli_real_escape_string($conn, $descr);
+
+    $price = floatval(validateField($_POST['price']));
+    $price = mysqli_real_escape_string($conn, $price);
+
+    // it is drop down, no need of its validation
+    $publisher = $_POST['publisher'];
+
+    // add image and move image to the bootstra/img/???.png, repeating code
+    if (isset($_FILES['image']) && $_FILES['image']['name'] != "") {
+        $image = $_FILES['image']['name'];
+        $directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
+        $uploadDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . "assets/img/";
+        $uploadDirectory .= $image;
+        move_uploaded_file($_FILES['image']['tmp_name'], $uploadDirectory);
+    }
+
+    // find publisher and return pubid
+    // if publisher is not in db, create new
+    $findPub = "SELECT * FROM publisher WHERE publisher_name = '$publisher'";
+    $findResult = mysqli_query($conn, $findPub);
+    if (!$findResult) {
+        // insert into publisher table and return id
+        $insertPub = "INSERT INTO publisher(publisher_name) VALUES ('$publisher')";
+        $insertResult = mysqli_query($conn, $insertPub);
+        if (!$insertResult) {
+            $_SESSION["errorArray"]["cantAddPub"] = "Cannot Add New Publisher";
+            header("Location : nothingFound.php");
+            exit;
+        }
+        $publisherid = mysqli_insert_id($conn);
+    } else {
+        $row = mysqli_fetch_assoc($findResult);
+        $publisherid = $row['publisherid'];
+    }
+
+    $query = "INSERT INTO books VALUES ('$isbn', '$title', '$author', '$image', '$descr', '$price', '$publisherid')";
+    $result = mysqli_query($conn, $query);
+
+    if (!$result) {
+        $_SESSION["errorArray"]["cantAddBookData"] = "Cannot Add New Book Data";
+        header("Location : nothingFound.php");
+        exit;
+    } else {
+        header("Location: admin_book.php");
+    }
+}
+?>
+    <form method="post" action="admin_add.php" class="text-center" enctype="multipart/form-data">
+        <table class="table">
+            <tr>
+                <!-- example ISBN number, use this for tool tip -->
+                <!-- 	978-3-16-148410-0    -->
+                <th><label for="isbn">ISBN</label></th>
+                <td class="form-group"><input id="isbn" class="form-control" type="text" name="isbn"
+                                              placeholder="978-3-16-148410-0 (format) e.g" required></td>
+            </tr>
+            <tr>
+                <th><label for="title">Title</label></th>
+                <td class="form-group"><input id="title" class="form-control" type="text" name="title"
+                                              placeholder="Mine Kamphh e.g" required></td>
+            </tr>
+            <tr>
+                <th><label for="author">Author</label></th>
+                <td class="form-group"><input id="author" class="form-control" type="text" name="author"
+                                              placeholder="Rowan Atkinsen e.g" required></td>
+            </tr>
+            <tr>
+                <th><label for="image">Book Cover</label></th>
+                <td class="form-group"><input id="image" name="image" class="form-control" type="file"
+                                              placeholder="Book Thumbnail" required></td>
+            </tr>
+            <tr>
+                <th><label for="description">Description</label></th>
+                <td class="form-group"><textarea id="description" name="descr" class="form-control" cols="40"
+                                                 rows="5" placeholder="The book description goes here" required></textarea></td>
+            </tr>
+            <tr>
+                <th><label for="price">Price in Dollers</label></th>
+                <td class="form-group"><input id="price" class="form-control" type="number" name="price"
+                                              placeholder="25.00" required></td>
+            </tr>
+            <tr>
+                <th><label for="publisher">Select Publisher</label></th>
+                <td class="form-group">
+                    <select name="publisher" class="form-control" id="publisher" required>
+                        <?php
+                        $publisherQuery = "select publisher_name from publisher";
+                        $publisherResult = mysqli_query($conn, $publisherQuery);
+                        if (mysqli_num_rows($publisherResult)) {
+                            while ($row = mysqli_fetch_assoc($publisherResult)) {
+                                foreach ($row as $publisherName) {
+                                    echo "<option value='$publisherName'>$publisherName</option>";
+                                }
+                            }
+                        }
+                        ?>
+                    </select>
+                </td>
+            </tr>
+
+        </table>
+        <input type="submit" name="add" value="Add new book" class="btn btn-primary">
+        <input type="reset" value="cancel" class="btn btn-default">
+    </form>
+    <br/>
+
+<?php
+if (isset($conn)) {
+    mysqli_close($conn);
+}
+
+require_once "./template/footer.php";
+
+?>

admin_addPublisher.php

@@ -0,0 +1,52 @@
+<?php
+
+$title = "Add Publisher";
+require_once("template/header.php");
+require_once("functions/database_functions.php");
+
+$conn = db_connect();
+
+$isAdded = false;
+$publisherName = "";
+$matchFound = false;
+
+if (isset($_POST["submit"])) {
+    $publisherName = mysqli_real_escape_string($conn, $_POST["publisher_name"]);
+    $findQuery = "SELECT publisher_name FROM publisher";
+    $queryResult = mysqli_query($conn, $findQuery);
+    while ($row = mysqli_fetch_assoc($queryResult)) {
+        if (strtolower($publisherName) === strtolower($row["publisher_name"])) {
+            $matchFound = true;
+            break;
+        }
+    }
+    if ($matchFound == false) {
+        $publisherName = ucwords($publisherName);
+        $insertPublisher = "INSERT INTO publisher(publisher_name) values('$publisherName')";
+        $isAdded = mysqli_query($conn, $insertPublisher);
+    }
+}
+
+if ($isAdded) {
+    echo "<h2 class='text-center text-capitalize big-font-3'>Publisher \"{$publisherName}\" Added Successfully</h2><br><br><hr>";
+}
+if ($matchFound) {
+    echo "<h2 class='text-warning text-center text-capitalize big-font-3'>Publisher \"{$publisherName}\" Already Exists</h2><br><br><hr>";
+}
+?>
+
+    <form action="admin_addPublisher.php" class="form-horizontal" autocomplete="off" method="post">
+
+        <div class="form-group">
+            <label for="publisher_name" class="control-label col-md-4">Publisher Name</label>
+            <div class="col-md-4">
+                <input type="text" id="publisher_name" class="form-control" name="publisher_name"
+                       placeholder="Rowan Atkinsen e.g" required>
+            </div>
+            <input type="submit" name="submit" value="Add Publisher" class="btn btn-primary">
+        </div>
+
+    </form>
+
+
+<?php include("template/footer.php") ?>

admin_book.php

@@ -0,0 +1,61 @@
+<?php
+
+session_start();
+require_once "./functions/admin.php";
+
+$title = "List book";
+require_once "./template/header.php";
+
+require_once "./functions/database_functions.php";
+$conn = db_connect();
+$result = getAll($conn);
+
+?>
+
+    <p class="lead text-center margin-top-bottom-5">
+        <a href="admin_addPublisher.php" class="btn btn-primary">Add Publisher</a>
+        <a href="admin_add.php" class="btn btn-primary">Add new book</a>
+        <a href="admin_signout.php" class="btn btn-primary">Sign out!</a>
+    </p>
+
+    <table class="table beautify-table-rows" style="margin-top: 20px">
+        <tr class="table-heading-bg">
+            <th class="text-info big-font-1">ISBN</th>
+            <th class="text-info big-font-1">Title</th>
+            <th class="text-info big-font-1">Author</th>
+            <th class="text-info big-font-1">Image</th>
+            <th class="text-info big-font-1">Description</th>
+            <th class="text-info big-font-1">Price</th>
+            <th class="text-info big-font-1">Publisher</th>
+            <th class="text-info big-font-1 text-center" colspan="2">Actions</th>
+<!--            <th>&nbsp;</th>-->
+<!--            <th>&nbsp;</th>-->
+        </tr>
+        <?php while ($row = mysqli_fetch_assoc($result)) { ?>
+            <tr>
+                <td><?php echo $row['book_isbn']; ?></td>
+                <td><?php echo $row['book_title']; ?></td>
+                <td><?php echo $row['book_author']; ?></td>
+
+                <!-- book image thumnail -->
+                <td><img class="img-responsive img-thumbnail book-hover"
+                         src="./assets/img/<?php echo $row['book_image']; ?>"></td>
+                <td><?php echo $row['book_descr']; ?></td>
+                <td>$<?php echo $row['book_price']; ?></td>
+                <td><?php echo getPubName($conn, $row['publisherid']); ?></td>
+
+                <td><a class="btn btn-primary btn-sm" href="admin_edit.php?bookisbn=<?php echo $row['book_isbn']; ?>">Edit</a>
+                </td>
+                <td><a class="btn btn-primary btn-sm" href="admin_delete.php?bookisbn=<?php echo $row['book_isbn']; ?>">Delete</a>
+                </td>
+
+            </tr>
+        <?php } ?>
+    </table>
+
+<?php
+if (isset($conn)) {
+    mysqli_close($conn);
+}
+require_once "./template/footer.php";
+?>

admin_delete.php

@@ -0,0 +1,19 @@
+<?php
+session_start();
+$book_isbn = $_GET['bookisbn'];
+
+require_once "./functions/database_functions.php";
+$conn = db_connect();
+
+$query = "DELETE FROM books WHERE book_isbn = '$book_isbn'";
+$result = mysqli_query($conn, $query);
+
+if (!$result) {
+    $_SESSION["errorArray"]["deleteDataFailed"] = "Data Cannot be Deleted. Try Again";
+    header("Location : nothingFound.php");
+    exit;
+}
+header("Location: admin_book.php");
+
+
+