API tools faq
paste
Advertisement
Guest User

list

a guest
Jul 13th, 2011
135
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.87 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. if (!isset($_SESSION["manager"])) {
  4. header("location: admin_login.php");
  5. exit();
  6. }
  7. // Be sure to check that this manager SESSION value is in fact in the database
  8. $managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
  9. $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
  10. $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
  11. // Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
  12. // Connect to the MySQL database
  13. include "../storescripts/connect_to_mysql.php";
  14. $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person
  15. // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
  16. $existCount = mysql_num_rows($sql); // count the row nums
  17. if ($existCount == 0) { // evaluate the count
  18. echo "Your login session data is not on record in the database.";
  19. exit();
  20. }
  21. ?>
  22. <?php
  23. // Script Error Reporting
  24. error_reporting(E_ALL);
  25. ini_set('display_errors', '1');
  26. ?>
  27. <?php
  28. // Delete Item Question to Admin, and Delete Product if they choose
  29. if (isset($_GET['deleteid'])) {
  30. echo 'Do you really want to delete product with ID of ' . $_GET['deleteid'] . '? <a href="inventory_list.php?yesdelete=' . $_GET['deleteid'] . '">Yes</a> | <a href="inventory_list.php">No</a>';
  31. exit();
  32. }
  33. if (isset($_GET['yesdelete'])) {
  34. // remove item from system and delete its picture
  35. // delete from database
  36. $id_to_delete = $_GET['yesdelete'];
  37. $sql = mysql_query("DELETE FROM products WHERE id='$id_to_delete' LIMIT 1") or die (mysql_error());
  38. // unlink the image from server
  39. // Remove The Pic -------------------------------------------
  40. $pictodelete = ("../inventory_images/$id_to_delete.jpg");
  41. if (file_exists($pictodelete)) {
  42. unlink($pictodelete);
  43. }
  44. header("location: inventory_list.php");
  45. exit();
  46. }
  47. ?>
  48. <?php
  49. // Parse the form data and add inventory item to the system
  50. if (isset($_POST['product_name'])) {
  51.  
  52. $product_name = mysql_real_escape_string($_POST['product_name']);
  53. $price = mysql_real_escape_string($_POST['price']);
  54. $category = mysql_real_escape_string($_POST['category']);
  55. $subcategory = mysql_real_escape_string($_POST['subcategory']);
  56. $details = mysql_real_escape_string($_POST['details']);
  57. // See if that product name is an identical match to another product in the system
  58. $sql = mysql_query("SELECT id FROM products WHERE product_name='$product_name' LIMIT 1");
  59. $productMatch = mysql_num_rows($sql); // count the output amount
  60. if ($productMatch > 0) {
  61. echo 'Sorry you tried to place a duplicate "Product Name" into the system, <a href="inventory_list.php">click here</a>';
  62. exit();
  63. }
  64. // Add this product into the database now
  65. $sql = mysql_query("INSERT INTO products (product_name, price, details, category, subcategory, date_added)
  66. VALUES('$product_name','$price','$details','$category','$subcategory',now())") or die (mysql_error());
  67. $pid = mysql_insert_id();
  68. // Place image in the folder
  69. $newname = "$pid.jpg";
  70. move_uploaded_file( $_FILES['fileField']['tmp_name'], "../inventory_images/$newname");
  71. header("location: inventory_list.php");
  72. exit();
  73. }
  74. ?>
  75. <?php
  76. // This block grabs the whole list for viewing
  77. // This block grabs the whole list for viewing
  78. $product_list = "";
  79. $sql = mysql_query("SELECT * FROM products ORDER BY date_added DESC");
  80. $productCount = mysql_num_rows($sql); // count the output amount
  81. if ($productCount > 0) {
  82. while($row = mysql_fetch_array($sql)){
  83. $id = $row["id"];
  84. $product_name = $row["product_name"];
  85. $price = $row["price"];
  86. $date_added = strftime("%b %d, %Y", strtotime($row["date_added"]));
  87. $product_list .= "Product ID: $id - <strong>$product_name</strong> - $$price - <em>Added $date_added</em> &nbsp; &nbsp; &nbsp; <a href='inventory_edit.php?pid=$id'>edit</a> &bull; <a href='inventory_list.php?deleteid=$id'>delete</a><br />";
  88. }
  89. } else {
  90. $product_list = "You have no products listed in your store yet";
  91. }
  92. ?>
  93. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  94. <html xmlns="http://www.w3.org/1999/xhtml">
  95. <head>
  96. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  97. <title>Inventory list</title>
  98. <link href="../style/style.css" rel="stylesheet" type="text/css" />
  99. </head>
  100.  
  101. <body>
  102. <div align="center" id="mainWrapper">
  103. <?php include_once("../template_header.php");?>
  104. <div id="pageContent"><br />
  105. <div align="right" style="margin-right:32px;"><a href="inventory_list.php#inventoryForm">+ Add New Item</a></div>
  106. <div align="left" style="margin-left:24px;">
  107. <h2>Inventory list</h2>
  108. <?php echo $product_list; ?>
  109. </div>
  110. <a name="inventoryForm" id="inventoryForm"></a>
  111. <h3>Add New Inventory Item Form
  112. </h3>
  113. <form action="inventory_list.php" enctype="multipart/form-data" name="myForm" id="myForm" method="post">
  114. <table width="90%" border="0" cellspacing="0" cellpadding="6">
  115. <tr>
  116. <td width="20%" align="right">Product Name</td>
  117. <td width="80%"><label>
  118. <input name="product_name" type="text" id="product_name" size="64" />
  119. </label></td>
  120. </tr>
  121. <tr>
  122. <td align="right">Product Price</td>
  123. <td><label>
  124. $
  125. <input name="price" type="text" id="price" size="12" />
  126. </label></td>
  127. </tr>
  128. <tr>
  129. <td align="right">Category</td>
  130. <td><label>
  131. <select name="category" id="category">
  132. <option value="RAM" selected="selected">RAM</option>
  133. </select>
  134. </label></td>
  135. </tr>
  136. <tr>
  137. <td align="right">Subcategory</td>
  138. <td><select name="subcategory" id="subcategory">
  139. <option value="" selected="selected"></option>
  140. <option value="DDR1">DDR1</option>
  141. <option value="DDR2">DDR2</option>
  142. <option value="DDR3">DDR3</option>
  143. </select></td>
  144. </tr>
  145. <tr>
  146. <td align="right">Product Details</td>
  147. <td><label>
  148. <textarea name="details" id="details" cols="64" rows="5"></textarea>
  149. </label></td>
  150. </tr>
  151. <tr>
  152. <td align="right">Product Image</td>
  153. <td><label>
  154. <input type="file" name="fileField" id="fileField" />
  155. </label></td>
  156. </tr>
  157. <tr>
  158. <td>&nbsp;</td>
  159. <td><label>
  160. <input type="submit" name="button" id="button" value="Add This Item Now" />
  161. </label></td>
  162. </tr>
  163. </table>
  164. </form>
  165. <br />
  166. <br />
  167. <br />
  168. </div>
  169. <?php include_once("../template_footer.php");?>
  170. </div>
  171. </body>
  172. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!