Untitled

<?php
session_start();
if(!isset($_SESSION["Username"]))
{
	echo "";
}
if(isset($_SESSION["Username"]))
{
$Username=$_SESSION["Username"];
$conn=mysqli_connect('localhost','root','','alpha');
$user_id=mysqli_query($conn,"SELECT * FROM customers WHERE Username='$Username'");
		while (	$row=mysqli_fetch_assoc($user_id))
				{
					$user=$row['customer_id'];
				}
/*
$conn=mysqli_connect('localhost','root','','alpha');
$sql=mysqli_query($conn,"SELECT COUNT(user_id) as total FROM customers
	WHERE Username='$Username' AND pass='$Password'");
$row=mysqli_fetch_assoc($query);
if($row['total'] <= 0)
{

}
*/
}
?>
<?php
	$conn=mysqli_connect('localhost','root','','alpha');
if(isset($_GET['id'])){
	$id=preg_replace('#[^0-9]#i','',$_GET['id']);
	$sql=mysqli_query($conn,"SELECT * FROM products WHERE product_id='$id' LIMIT 1");
	$product_count=mysqli_num_rows($sql);
	if($product_count>0)
	{
		while (	$row=mysqli_fetch_assoc($sql))
			{	$id=$row['product_id'];
				$name=$row['name'];
				$price=$row['price'];
				$category=$row['category'];
				$sub_cat=$row['sub_category'];
				$brand=$row['brand'];
				$details=$row['details'];
			}
}
else{
	echo "ITEM Doesn't Exist";
	exit();
}
	}

else
{
	echo "wrong id";
	exit();
}
?>
<!DOCTYPE html>
<html>
<head>
	<title>ALPHA ELEX</title>
</head>
<body>
		<div>
		<?php
			include 'Menu.php';
			?>
			</div>
		<div id="PageContent">
			<p><table>
			<tr>
			<td width="40%" align="center"><?php echo '<img src="uploads/'.$name.'.jpeg" width="90%">';
			echo'<br><a href="uploads/'.$name.'.jpeg"><b><h4>View Full Size</h4></b></a>';?></td>
			<td>
<?php echo '<b>'.$name. "<br>INR" .$price."<br>".$category."<br>".$sub_cat."<br>".$brand."<br>".
$details."<br></b>";
?>
<form method="POST" action="product.php?id=<?php echo $id;?>">
<input type="hidden" value="<?php echo $id;?>" name="pid"/>
<input type="number" name="quantity" placeholder="quantity(1)" required=""/><br><br><br>
<button type="submit" value="" name="addtocart" class="btn btn-primary">ADD TO CART</button>
</form>
</td>
</tr>
</table>
</p>

		</div>
		<div id="PageFooter"></div>

</body>
</html>

<?php
if(isset($_POST['addtocart']))
{
	if( isset($_SESSION["Username"])){
$conn=mysqli_connect('localhost','root','','alpha');
$customer_id=$user;
$product_id=$id;
$quantity=$_POST['quantity'];
$total_price=$price * $quantity;
$payment_method="NOT DEFINED";
$date = date('Y-m-d',strtotime('+1 Week') );
$duplicates=mysqli_query($conn,"SELECT * FROM orders WHERE customer_id='$customer_id' AND
	product_id='$product_id'
	AND date_of_delivery='$date'");
/*$duplicate_count=mysqli_num_rows($duplicates);
if ($duplicate_count>0) {
	$quantity_update=mysqli_query($conn,"UPDATE orders SET quantity='$quantity',
		total_price='$total_price'
		WHERE customer_id='$customer_id' AND
	product_id='$product_id'
	AND date_of_delivery='$date'
	 ");
	if($quantity_update===true)
	echo "<div align='center'><b>
ALREADY IS IN YOUR CART/ORDERS WE CHANGED THE QUANTITY TO ".$quantity."</b></div>";
}*/

	$query=mysqli_query($conn,"INSERT INTO orders
		(customer_id,product_id,quantity,total_price,payment_method,
			date_of_delivery)
VALUES ('$customer_id',
	'$product_id',
	'$quantity',
	'$total_price',
	'$payment_method',
		'$date')");
	if ($query === false)
	{
		echo "ERROR";
	}
	else
	 {
		echo "<div align='center'><b>PRODUCT ADDED TO CART<br><a href='index.php'>CONTINUE SHOPPING</a><br>
		<a href='cart.php'>CHECKOUT</a></b></div>";

	}

}
else{
	header("location: Login.php");
}
}

?>