Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if (!isset($_SESSION["manager"])) {
- header("location: admin_login.php");
- exit();
- }
- // Be sure to check that this manager SESSION value is in fact in the database
- $managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
- $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
- $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
- // Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
- // Connect to the MySQL database
- include "../storescripts/connect_to_mysql.php";
- $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person
- // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
- $existCount = mysql_num_rows($sql); // count the row nums
- if ($existCount == 0) { // evaluate the count
- echo "Your login session data is not on record in the database.";
- exit();
- }
- ?>
- <?php
- // Script Error Reporting
- error_reporting(E_ALL);
- ini_set('display_errors', '1');
- ?>
- <?php
- // Delete Item Question to Admin, and Delete Product if they choose
- if (isset($_GET['deleteid'])) {
- echo 'Do you really want to delete product with ID of ' . $_GET['deleteid'] . '? <a href="inventory_list.php?yesdelete=' . $_GET['deleteid'] . '">Yes</a> | <a href="inventory_list.php">No</a>';
- exit();
- }
- if (isset($_GET['yesdelete'])) {
- // remove item from system and delete its picture
- // delete from database
- $id_to_delete = $_GET['yesdelete'];
- $sql = mysql_query("DELETE FROM products WHERE id='$id_to_delete' LIMIT 1") or die (mysql_error());
- // unlink the image from server
- // Remove The Pic -------------------------------------------
- $pictodelete = ("../inventory_images/$id_to_delete.jpg");
- if (file_exists($pictodelete)) {
- unlink($pictodelete);
- }
- header("location: inventory_list.php");
- exit();
- }
- ?>
- <?php
- // Parse the form data and add inventory item to the system
- if (isset($_POST['product_name'])) {
- $product_name = mysql_real_escape_string($_POST['product_name']);
- $price = mysql_real_escape_string($_POST['price']);
- $category = mysql_real_escape_string($_POST['category']);
- $subcategory = mysql_real_escape_string($_POST['subcategory']);
- $details = mysql_real_escape_string($_POST['details']);
- // See if that product name is an identical match to another product in the system
- $sql = mysql_query("SELECT id FROM products WHERE product_name='$product_name' LIMIT 1");
- $productMatch = mysql_num_rows($sql); // count the output amount
- if ($productMatch > 0) {
- echo 'Sorry you tried to place a duplicate "Product Name" into the system, <a href="inventory_list.php">click here</a>';
- exit();
- }
- // Add this product into the database now
- $sql = mysql_query("INSERT INTO products (product_name, price, details, category, subcategory, date_added)
- VALUES('$product_name','$price','$details','$category','$subcategory',now())") or die (mysql_error());
- $pid = mysql_insert_id();
- // Place image in the folder
- $newname = "$pid.jpg";
- move_uploaded_file( $_FILES['fileField']['tmp_name'], "../inventory_images/$newname");
- header("location: inventory_list.php");
- exit();
- }
- ?>
- <?php
- // This block grabs the whole list for viewing
- // This block grabs the whole list for viewing
- $product_list = "";
- $sql = mysql_query("SELECT * FROM products ORDER BY date_added DESC");
- $productCount = mysql_num_rows($sql); // count the output amount
- if ($productCount > 0) {
- while($row = mysql_fetch_array($sql)){
- $id = $row["id"];
- $product_name = $row["product_name"];
- $price = $row["price"];
- $date_added = strftime("%b %d, %Y", strtotime($row["date_added"]));
- $product_list .= "Product ID: $id - <strong>$product_name</strong> - $$price - <em>Added $date_added</em> <a href='inventory_edit.php?pid=$id'>edit</a> • <a href='inventory_list.php?deleteid=$id'>delete</a><br />";
- }
- } else {
- $product_list = "You have no products listed in your store yet";
- }
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Inventory list</title>
- <link href="../style/style.css" rel="stylesheet" type="text/css" />
- </head>
- <body>
- <div align="center" id="mainWrapper">
- <?php include_once("../template_header.php");?>
- <div id="pageContent"><br />
- <div align="right" style="margin-right:32px;"><a href="inventory_list.php#inventoryForm">+ Add New Item</a></div>
- <div align="left" style="margin-left:24px;">
- <h2>Inventory list</h2>
- <?php echo $product_list; ?>
- </div>
- <a name="inventoryForm" id="inventoryForm"></a>
- <h3>Add New Inventory Item Form
- </h3>
- <form action="inventory_list.php" enctype="multipart/form-data" name="myForm" id="myForm" method="post">
- <table width="90%" border="0" cellspacing="0" cellpadding="6">
- <tr>
- <td width="20%" align="right">Product Name</td>
- <td width="80%"><label>
- <input name="product_name" type="text" id="product_name" size="64" />
- </label></td>
- </tr>
- <tr>
- <td align="right">Product Price</td>
- <td><label>
- $
- <input name="price" type="text" id="price" size="12" />
- </label></td>
- </tr>
- <tr>
- <td align="right">Category</td>
- <td><label>
- <select name="category" id="category">
- <option value="RAM" selected="selected">RAM</option>
- </select>
- </label></td>
- </tr>
- <tr>
- <td align="right">Subcategory</td>
- <td><select name="subcategory" id="subcategory">
- <option value="" selected="selected"></option>
- <option value="DDR1">DDR1</option>
- <option value="DDR2">DDR2</option>
- <option value="DDR3">DDR3</option>
- </select></td>
- </tr>
- <tr>
- <td align="right">Product Details</td>
- <td><label>
- <textarea name="details" id="details" cols="64" rows="5"></textarea>
- </label></td>
- </tr>
- <tr>
- <td align="right">Product Image</td>
- <td><label>
- <input type="file" name="fileField" id="fileField" />
- </label></td>
- </tr>
- <tr>
- <td> </td>
- <td><label>
- <input type="submit" name="button" id="button" value="Add This Item Now" />
- </label></td>
- </tr>
- </table>
- </form>
- <br />
- <br />
- <br />
- </div>
- <?php include_once("../template_footer.php");?>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement