Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include('config.php');
- $db_connection = mysql_connect($db_host, $db_user, $db_pass) or die ('Error connecting to mysql');
- mysql_select_db($db_name,$db_connection) or die ("Could not find db");
- ?>
- <html>
- <head>
- <title>e-shop</title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
- </head>
- <body>
- <?php
- if (isset($_POST['login'])){
- $username = mysql_real_escape_string($_POST['username'],$db_connection);
- $password = mysql_real_escape_string($_POST['password'],$db_connection);
- $passwordmd5 = md5($password);
- if($username == NULL) { $message = 'Please enter username.';}
- if($message == NULL && $password == NULL){ $message = 'Please enter password.';}
- if($message == NULL)
- {
- $userQuery = mysql_fetch_row(mysql_query("SELECT * FROM users WHERE username='$username' AND password ='$passwordmd5'"));
- if($userQuery){
- $_SESSION['isloged'] = 'yes';
- $_SESSION['username'] = $username;
- if($userQuery[6]== 'admin')
- $_SESSION['isadmin'] = true;
- else
- $_SESSION['isadmin'] = false;
- } else {
- $message = 'Invalid username or password!';
- }
- }
- }
- if($message != NULL){?>
- <table width="100%" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFCCCC">
- <tr>
- <td><div align="center"><strong><font color="#FF0000"><?=$message;?></font></strong></div></td>
- </tr>
- </table>
- <?php } ?>
- <div>
- <h1 align="center">e-shop</h1>
- </div>
- <table title="site" border="1" width="800" height="500" align="center">
- <tr>
- <td width="200" valign="top">
- <table title="menu" border="1" align="center" width="180" >
- <tr><th>Categories</th></tr>
- <?php
- $show_query="SELECT * FROM categories";
- $query_result=mysql_query($show_query,$db_connection);
- while($row=mysql_fetch_object($query_result)){
- echo "<tr>";
- echo "<td><a href=\"index.php?cat=$row->cid\">$row->name</a></td>";
- echo "</tr>";
- }
- ?>
- </table>
- <p> </p>
- <table title="menu" border="1" align="center" width="180">
- <tr>
- <th>Menu</th>
- </tr>
- <tr>
- <td><a href="index.php">Home</a></td>
- </tr>
- <?php if ($_SESSION['isadmin']){echo "<tr><td><a href=\"manage.php\">Manage</a></td></tr>";} ?>
- </table>
- </td>
- <td width="600" valign="top">
- <table title="products" border="1" width="590" align="center" >
- <?php
- if (!$_GET["searching"]){
- if (!$_GET["cat"]){
- $show_query = "SELECT * FROM products ORDER BY Rand() LIMIT 5";
- $query_result=mysql_query($show_query,$db_connection);
- echo "<tr><th width=\"510\">Random Products</th><th width=\"80\">Price</th></tr>";
- while($row=mysql_fetch_object($query_result)){
- if ($row->quantity > 0){
- echo "<tr>";
- echo "<td><a href=\"index.php?cat=$row->cid&prod=$row->pid\">$row->title</a></td>";
- echo "<td>$row->price</td>";
- echo "</tr>";
- }
- }
- }else if ($_GET["cat"] && !$_GET["prod"]){
- $show_query="SELECT * FROM products where cid=".$_GET["cat"]."";
- $query_result=mysql_query($show_query,$db_connection);
- echo "<tr><th width=\"510\">Products</th><th width=\"80\">Price</th></tr>";
- while($row=mysql_fetch_object($query_result)){
- if ($row->quantity > 0){
- echo "<tr>";
- echo "<td><a href=\"index.php?cat=$row->cid&prod=$row->pid\">$row->title</a></td>";
- echo "<td>$row->price</td>";
- echo "</tr>";
- }
- }
- }else if ($_GET["cat"] && $_GET["prod"]){
- $show_query="SELECT * FROM products where pid=".$_GET["prod"]."";
- $query_result=mysql_query($show_query,$db_connection);
- $row=mysql_fetch_object($query_result);
- echo "<tr><th>".$row->title."</th></tr>";
- echo "<tr><td>".htmlspecialchars_decode($row->descr)."</td><tr>";
- echo "<tr><td>Price: $row->price</td></tr>";
- echo "<tr><td><a href=\"basket.php?action=add&prod=$row->pid\">Buy</a></td></tr>";
- }
- }else{
- $find = $_GET["find"];
- $find = strtoupper($find);
- $find = strip_tags($find);
- $find = trim ($find);
- $search_query="SELECT * FROM products WHERE title LIKE'%$find%'";
- $query_result=mysql_query($search_query,$db_connection);
- echo "<tr><th width=\"510\">Search Results</th><th width=\"80\">Price</th></tr>";
- while($row=mysql_fetch_object($query_result)){
- if ($row->quantity > 0){
- echo "<tr>";
- echo "<td><a href=\"index.php?cat=$row->cid&prod=$row->pid\">$row->title</a></td>";
- echo "<td>$row->price</td>";
- echo "</tr>";
- }
- }
- }
- ?>
- </table>
- </td>
- <td width="200" valign="top">
- <table title="search" border="1" align="center" width="180">
- <tr><th>Search</th></tr>
- <tr><td>
- <form name="search" method="get" action="<?=$PHP_SELF?>">
- <input type="text" name="find" size="10" />
- <input type="hidden" name="searching" value="yes" />
- <input type="submit" name="search" value="Search" />
- </form>
- </td></tr>
- </table>
- <p> </p>
- <table title="basket" border="1" align="center" width="180">
- <tr><th>Basket</th></tr>
- <tr><td>
- <?php echo count($_SESSION['basket'])." products"; ?>
- <br><a href="basket.php">View Basket</a>
- </td></tr>
- </table>
- <p> </p>
- <table title="user_menu" border="1" align="center" width="180">
- <tr><th>User</th></tr>
- <tr><td>
- <?php If($_SESSION['isloged']=='yes'){ ?>
- <center>Welcome <?=$_SESSION['username'];?></center>
- <?php echo "</td></tr> <tr><td><a href=\"logout.php\">Logout</a></td></tr>";}else{ ?>
- <form method="post" action="">
- <input type="text" name="username" value="User Name" size="15" />
- <input type="password" name="password" value="Password" size="15" />
- <input type="submit" name="login" value="Login" />
- </form>
- <p><a href="register.php">Register</a></p>
- echo "<img src=\"image.jpg\">"
- <?php } ?>
- ; </td></tr>
- </table>
- </td>
- </tr>
- </table>
- </body>
- </html>
- <?php mysql_close($db_connection); ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement