feat: cookie login

feat: sell items

client/js/make-sale.js

@@ -49,7 +49,58 @@ var openFile = function(file) {
 };
 
 function submitSale() {
-    
+    // instansiasi FormData dan menambahkan hasil dari form
     var saleData = new FormData();
-    // saleData.append('item_id', )
+    // saleData.append('item_id', <tidak>) // karena item id sesuai penomoran dari 1, jadi diproses sendiri di server
+    saleData.append('name', document.getElementById("product_name").value);
+    saleData.append('picture_path', document.getElementById("product_image").files.length == 0 ? "no_picture.jpeg" : document.getElementById("product_image").files[0].name);
+    saleData.append('description', document.getElementById("product_description").value);
+    saleData.append('price',document.getElementById("product_price").value);
+    saleData.append('quantity', document.getElementById("product_quantity").value);
+    // saleData.append('Seller_username', sessionStorage.getItem("username"));
+
+    for (const iterator of saleData.values()) {
+        console.log(iterator);    
+    }
+    //xmlhttprequest
+    const xhr = new XMLHttpRequest();
+    xhr.open('POST', '../../server/controllers/sell_item.php', true);
+    xhr.onreadystatechange = function () {
+        if (xhr.readyState === 4 && xhr.status === 200) {
+            // Process the response data here
+            var responseData = JSON.parse(xhr.responseText);
+            if (responseData.success) {
+                alert(responseData.message);
+                var file = document.getElementById("product_image").files[0];
+                var imageData = new FormData();
+                imageData.append('image', file);
+                const xhr_uploadimage = new XMLHttpRequest();
+                xhr_uploadimage.open('POST', '../../server/controllers/upload_jpg.php', true);
+                xhr_uploadimage.onreadystatechange = function () {
+                    if (xhr_uploadimage.readyState === 4 && xhr_uploadimage.status === 200) {
+                        // Process the response data here
+                        var responseData_uploadimage = JSON.parse(xhr_uploadimage.responseText);
+                        if (responseData_uploadimage.success) {
+                            alert(responseData_uploadimage.message);
+                            location.href = "../pages/catalog.php";
+                        } else {
+                            alert("error: " + responseData_uploadimage.message)
+                        }
+                        // Update the DOM or perform other actions with the data
+                    } else if (xhr_uploadimage.status === 404) {
+                        var responseData_uploadimage = JSON.parse(xhr_uploadimage.responseText);
+                        console.log(responseData_uploadimage.message);
+                    }
+                };
+                xhr_uploadimage.send(imageData);
+            } else {
+                alert("error: " + responseData.message)
+            }
+            // Update the DOM or perform other actions with the data
+        } else if (xhr.status === 404) {
+            var responseData = JSON.parse(xhr.responseText);
+            alert(responseData.message);
+        }
+    };
+    xhr.send(saleData);
 }
\ No newline at end of file

client/pages/make-sale.php

@@ -24,21 +24,21 @@
                     <div class="input-group">
                         <div class="input-image-field">
                             <img src="#" id="image-preview" alt="">
-                            <input accept=".jpg, .jpeg"  type="file" id="product_image" placeholder="Product Image" title="Product Image" onchange="openFile(event)">
+                            <input accept=".jpg, .jpeg"  type="file" id="product_image" placeholder="Product Image" title="Product Image" onchange="openFile(event)" required>
                         </div>
                         <div class="input-text-fields">
                             <div class="input-field">
-                                <input type="text" id="product_name" placeholder="Product Name">
+                                <input type="text" id="product_name" placeholder="Product Name" required>
                             </div>
                             <div class="input-field" id="product_description-field">
-                                <textarea type="text" id="product_description" placeholder="Product Description"></textarea>
+                                <textarea type="text" id="product_description" placeholder="Product Description" required></textarea>
                             </div>
                             <div class="input-field" id="product_price-field">
-                                <input type="text" id="product_price" placeholder="Price" oninput="checkNumericPrice()">
+                                <input type="text" id="product_price" placeholder="Price" oninput="checkNumericPrice()" required>
                             </div>
                             <p id="price-criteria"> </p>
                             <div class="input-field" id="product_quantity-field">
-                                <input type="text" id="product_quantity" placeholder="Quantity" oninput="checkNumericQuantity()">
+                                <input type="text" id="product_quantity" placeholder="Quantity" oninput="checkNumericQuantity()" required>
                             </div>
                             <p id="quantity-criteria"> </p>
                         </div>

server/controllers/loggedout_catch.php

@@ -7,5 +7,7 @@ if (!isset($_SESSION['username']) or !isset($_SESSION['email'])) {
     }  
     loggedout_catch();
    </script>';
+} else if (isset($_COOKIE['username'])) {
+   // continue
 }
 ?>
\ No newline at end of file

server/controllers/sell_item.php

+<?php
+    session_start();
+    require_once "connect_database.php";
+    global $conn; $conn = connect_database();
+    function itemCount_query(){
+        global $conn;
+        $query = "SELECT COUNT(*) FROM `item`";
+        $stmt = $conn->prepare($query);
+        if (!$stmt) {
+            die("Error in query preparation: " . $conn->error);
+        }
+        $result = $stmt->execute();
+        if (!$result) {
+            die ("Error in query execution: " . $stmt->error);
+        }
+        $resultSet = $stmt->get_result();
+        return $resultSet->fetch_all(MYSQLI_ASSOC);
+    }
+    if ($_SERVER["REQUEST_METHOD"] == "POST") {
+        global $conn;
+        $insert_query = "INSERT INTO `item` (`item_id`, `name`, `picture_path`, `description`, `price`, `quantity`, `Seller_username`) VALUES ((?), (?), (?), (?), (?), (?), (?))
+        ";
+        $item_id = itemCount_query()[0]["COUNT(*)"] + 1;
+        $name = $_POST["name"];
+        $picture_path = $_POST["picture_path"];
+        $price = $_POST["price"];
+        $quantity = $_POST["quantity"];
+        $seller_username = $_SESSION["username"];
+
+        $stmt = $conn->prepare($insert_query);
+        if (!$stmt) {
+            die("Error in query preparation". $conn->error);
+        }
+
+        $stmt->bind_param("issssss", $item_id, $name, $picture_path, $description, $price, $quantity, $seller_username);
+        $result = $stmt->execute();
+        if (!$result) {
+            $response = array("success" => "false", "message" => $stmt.error);
+            die ("Error in query execution: " . $stmt->error);
+        } else {
+            $response = array("success" => "true", "message" => "item has been added");
+        }
+        echo json_encode($response);
+        mysqli_close($conn);
+    }
+?>
\ No newline at end of file

server/controllers/signin.php

@@ -15,9 +15,11 @@
             if ($rows_user[0]["username"] == $username and $rows_user[0]["password"] == $password) {
                 $_SESSION['username'] = $username;
                 $_SESSION['email'] = $rows_user[0]["email"];
+                setcookie("username", $username, time()+60*60);
                 $rows_admin = signin_query($username, $password, "admin");
                 if (!empty($rows_admin) and $rows_admin[0]["admin_username"] == $username){ 
                     $_SESSION['admin_status'] = true;
+                    setcookie("admin_status", true);
                     $response = array("success" => true, "message" => "admin {$username} is found");
                 } else {
                     $_SESSION['admin_status'] = false;

server/controllers/signout.php

 <?php
     session_start();
+    if (!isset($_SESSION['username']) or !isset($_SESSION['email'])) {
+        echo '<script type = "text/javascript">  
+        function loggedout_catch() {  
+           alert("You are logged out, please login first");
+           location.href = "../../client/pages/login-page.php"
+        }  
+        loggedout_catch();
+       </script>';
+    }
     session_destroy();
+    echo '<script type = "text/javascript">
+    function logout_back() {
+        alert("Log out");
+        location.href = "../../client/pages/catalog.php";
+    }
+    logout_back();
+</script>'
 ?>
\ No newline at end of file

server/controllers/upload_jpg.php

+<?php
+$target_dir = "../assets/uploaded/";
+$target_file = $target_dir . basename($_FILES["image"]["name"]);
+$uploadOk = 1;
+$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
+echo(pathinfo($target_file));
+
+if(isset($_FILES["image"]) and $_SERVER["REQUEST_METHOD"] == "POST") {
+  // Check if image file is a actual image or fake image
+  $check = getimagesize($_FILES["image"]["tmp_name"]);
+  if($check !== false) {
+    echo "File is an image - " . $check["mime"] . ".";
+    $uploadOk = 1;
+  } else {
+    echo "File is not an image.";
+    $uploadOk = 0;
+  }
+  
+  // Check if file already exists
+  if (file_exists($target_file)) {
+    echo "Sorry, file already exists.";
+    $uploadOk = 0;
+  }
+  
+  // Check file size
+  if ($_FILES["image"]["size"] > 500000) {
+    echo "Sorry, your file is too large.";
+    $uploadOk = 0;
+  }
+  
+  // Allow certain file formats
+  if($imageFileType != "jpg" && $imageFileType != "jpeg") {
+    echo "Sorry, only JPG & JPEG files are allowed.";
+    $uploadOk = 0;
+  }
+  
+  // Check if $uploadOk is set to 0 by an error
+  if ($uploadOk == 0) {
+    echo "Sorry, your file was not uploaded.";
+  // if everything is ok, try to upload file
+  } else {
+    if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
+      echo "The file ". htmlspecialchars( basename( $_FILES["image"]["name"])). " has been uploaded.";
+    } else {
+      echo "Sorry, there was an error uploading your file.";
+    }
+  }
+}
+?>
\ No newline at end of file

server/controllers/upload_product_image.php

-<?php
-$target_dir = "../assets/product_image/";
-$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
-$uploadOk = 1;
-$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
-
-// Check if image file is a actual image or fake image
-if(isset($_POST["submit"])) {
-  $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
-  if($check !== false) {
-    echo "File is an image - " . $check["mime"] . ".";
-    $uploadOk = 1;
-  } else {
-    echo "File is not an image.";
-    $uploadOk = 0;
-  }
-}
-
-// Check if file already exists
-if (file_exists($target_file)) {
-  echo "Sorry, file already exists.";
-  $uploadOk = 0;
-}
-
-// Check file size
-if ($_FILES["fileToUpload"]["size"] > 500000) {
-  echo "Sorry, your file is too large.";
-  $uploadOk = 0;
-}
-
-// Allow certain file formats
-if($imageFileType != "jpg" && $imageFileType != "jpeg") {
-  echo "Sorry, only JPG & JPEG files are allowed.";
-  $uploadOk = 0;
-}
-
-// Check if $uploadOk is set to 0 by an error
-if ($uploadOk == 0) {
-  echo "Sorry, your file was not uploaded.";
-// if everything is ok, try to upload file
-} else {
-  if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
-    echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded.";
-  } else {
-    echo "Sorry, there was an error uploading your file.";
-  }
-}
-?>
\ No newline at end of file