diff --git a/client/js/make-sale.js b/client/js/make-sale.js
index 10e7f9b5b772038b2c75852493a6d0497ce08038..7d1b36fcbbc6505eabe805f2a277838ff172b9db 100644
--- a/client/js/make-sale.js
+++ b/client/js/make-sale.js
@@ -49,7 +49,58 @@ var openFile = function(file) {
};
function submitSale() {
-
+ // instansiasi FormData dan menambahkan hasil dari form
var saleData = new FormData();
- // saleData.append('item_id', )
+ // saleData.append('item_id', <tidak>) // karena item id sesuai penomoran dari 1, jadi diproses sendiri di server
+ saleData.append('name', document.getElementById("product_name").value);
+ saleData.append('picture_path', document.getElementById("product_image").files.length == 0 ? "no_picture.jpeg" : document.getElementById("product_image").files[0].name);
+ saleData.append('description', document.getElementById("product_description").value);
+ saleData.append('price',document.getElementById("product_price").value);
+ saleData.append('quantity', document.getElementById("product_quantity").value);
+ // saleData.append('Seller_username', sessionStorage.getItem("username"));
+
+ for (const iterator of saleData.values()) {
+ console.log(iterator);
+ }
+ //xmlhttprequest
+ const xhr = new XMLHttpRequest();
+ xhr.open('POST', '../../server/controllers/sell_item.php', true);
+ xhr.onreadystatechange = function () {
+ if (xhr.readyState === 4 && xhr.status === 200) {
+ // Process the response data here
+ var responseData = JSON.parse(xhr.responseText);
+ if (responseData.success) {
+ alert(responseData.message);
+ var file = document.getElementById("product_image").files[0];
+ var imageData = new FormData();
+ imageData.append('image', file);
+ const xhr_uploadimage = new XMLHttpRequest();
+ xhr_uploadimage.open('POST', '../../server/controllers/upload_jpg.php', true);
+ xhr_uploadimage.onreadystatechange = function () {
+ if (xhr_uploadimage.readyState === 4 && xhr_uploadimage.status === 200) {
+ // Process the response data here
+ var responseData_uploadimage = JSON.parse(xhr_uploadimage.responseText);
+ if (responseData_uploadimage.success) {
+ alert(responseData_uploadimage.message);
+ location.href = "../pages/catalog.php";
+ } else {
+ alert("error: " + responseData_uploadimage.message)
+ }
+ // Update the DOM or perform other actions with the data
+ } else if (xhr_uploadimage.status === 404) {
+ var responseData_uploadimage = JSON.parse(xhr_uploadimage.responseText);
+ console.log(responseData_uploadimage.message);
+ }
+ };
+ xhr_uploadimage.send(imageData);
+ } else {
+ alert("error: " + responseData.message)
+ }
+ // Update the DOM or perform other actions with the data
+ } else if (xhr.status === 404) {
+ var responseData = JSON.parse(xhr.responseText);
+ alert(responseData.message);
+ }
+ };
+ xhr.send(saleData);
}
\ No newline at end of file
diff --git a/client/pages/make-sale.php b/client/pages/make-sale.php
index 911ec56aad609911701f23675642b3494de7dc3b..b011c45530a79e19e73c62194d9c67923370dbb1 100644
--- a/client/pages/make-sale.php
+++ b/client/pages/make-sale.php
@@ -24,21 +24,21 @@
<div class="input-group">
<div class="input-image-field">
<img src="#" id="image-preview" alt="">
- <input accept=".jpg, .jpeg" type="file" id="product_image" placeholder="Product Image" title="Product Image" onchange="openFile(event)">
+ <input accept=".jpg, .jpeg" type="file" id="product_image" placeholder="Product Image" title="Product Image" onchange="openFile(event)" required>
</div>
<div class="input-text-fields">
<div class="input-field">
- <input type="text" id="product_name" placeholder="Product Name">
+ <input type="text" id="product_name" placeholder="Product Name" required>
</div>
<div class="input-field" id="product_description-field">
- <textarea type="text" id="product_description" placeholder="Product Description"></textarea>
+ <textarea type="text" id="product_description" placeholder="Product Description" required></textarea>
</div>
<div class="input-field" id="product_price-field">
- <input type="text" id="product_price" placeholder="Price" oninput="checkNumericPrice()">
+ <input type="text" id="product_price" placeholder="Price" oninput="checkNumericPrice()" required>
</div>
<p id="price-criteria"> </p>
<div class="input-field" id="product_quantity-field">
- <input type="text" id="product_quantity" placeholder="Quantity" oninput="checkNumericQuantity()">
+ <input type="text" id="product_quantity" placeholder="Quantity" oninput="checkNumericQuantity()" required>
</div>
<p id="quantity-criteria"> </p>
</div>
diff --git a/server/controllers/loggedout_catch.php b/server/controllers/loggedout_catch.php
index ac314e54a3895ad4b098097d2c33b3a4c5b15875..972bd9108344c81f638c996e84ac6f576b9fd368 100644
--- a/server/controllers/loggedout_catch.php
+++ b/server/controllers/loggedout_catch.php
@@ -7,5 +7,7 @@ if (!isset($_SESSION['username']) or !isset($_SESSION['email'])) {
}
loggedout_catch();
</script>';
+} else if (isset($_COOKIE['username'])) {
+ // continue
}
?>
\ No newline at end of file
diff --git a/server/controllers/sell_item.php b/server/controllers/sell_item.php
new file mode 100644
index 0000000000000000000000000000000000000000..ebec85d36eee3be718f7190ff3efa45a6f86eaff
--- /dev/null
+++ b/server/controllers/sell_item.php
@@ -0,0 +1,46 @@
+<?php
+ session_start();
+ require_once "connect_database.php";
+ global $conn; $conn = connect_database();
+ function itemCount_query(){
+ global $conn;
+ $query = "SELECT COUNT(*) FROM `item`";
+ $stmt = $conn->prepare($query);
+ if (!$stmt) {
+ die("Error in query preparation: " . $conn->error);
+ }
+ $result = $stmt->execute();
+ if (!$result) {
+ die ("Error in query execution: " . $stmt->error);
+ }
+ $resultSet = $stmt->get_result();
+ return $resultSet->fetch_all(MYSQLI_ASSOC);
+ }
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ global $conn;
+ $insert_query = "INSERT INTO `item` (`item_id`, `name`, `picture_path`, `description`, `price`, `quantity`, `Seller_username`) VALUES ((?), (?), (?), (?), (?), (?), (?))
+ ";
+ $item_id = itemCount_query()[0]["COUNT(*)"] + 1;
+ $name = $_POST["name"];
+ $picture_path = $_POST["picture_path"];
+ $price = $_POST["price"];
+ $quantity = $_POST["quantity"];
+ $seller_username = $_SESSION["username"];
+
+ $stmt = $conn->prepare($insert_query);
+ if (!$stmt) {
+ die("Error in query preparation". $conn->error);
+ }
+
+ $stmt->bind_param("issssss", $item_id, $name, $picture_path, $description, $price, $quantity, $seller_username);
+ $result = $stmt->execute();
+ if (!$result) {
+ $response = array("success" => "false", "message" => $stmt.error);
+ die ("Error in query execution: " . $stmt->error);
+ } else {
+ $response = array("success" => "true", "message" => "item has been added");
+ }
+ echo json_encode($response);
+ mysqli_close($conn);
+ }
+?>
\ No newline at end of file
diff --git a/server/controllers/signin.php b/server/controllers/signin.php
index 7c3554812126288f45ac4a26e9e35c8f5a926fd3..4378b76d029d6555300dcec7fc9ef3633150bcf4 100644
--- a/server/controllers/signin.php
+++ b/server/controllers/signin.php
@@ -15,9 +15,11 @@
if ($rows_user[0]["username"] == $username and $rows_user[0]["password"] == $password) {
$_SESSION['username'] = $username;
$_SESSION['email'] = $rows_user[0]["email"];
+ setcookie("username", $username, time()+60*60);
$rows_admin = signin_query($username, $password, "admin");
if (!empty($rows_admin) and $rows_admin[0]["admin_username"] == $username){
$_SESSION['admin_status'] = true;
+ setcookie("admin_status", true);
$response = array("success" => true, "message" => "admin {$username} is found");
} else {
$_SESSION['admin_status'] = false;
diff --git a/server/controllers/signout.php b/server/controllers/signout.php
index 68f8fc29100dfccb63e39176e0515f00d3133dfd..c9d5088ec6974d97981517b384f26d537ddfd257 100644
--- a/server/controllers/signout.php
+++ b/server/controllers/signout.php
@@ -1,4 +1,20 @@
<?php
session_start();
+ if (!isset($_SESSION['username']) or !isset($_SESSION['email'])) {
+ echo '<script type = "text/javascript">
+ function loggedout_catch() {
+ alert("You are logged out, please login first");
+ location.href = "../../client/pages/login-page.php"
+ }
+ loggedout_catch();
+ </script>';
+ }
session_destroy();
+ echo '<script type = "text/javascript">
+ function logout_back() {
+ alert("Log out");
+ location.href = "../../client/pages/catalog.php";
+ }
+ logout_back();
+</script>'
?>
\ No newline at end of file
diff --git a/server/controllers/upload_jpg.php b/server/controllers/upload_jpg.php
new file mode 100644
index 0000000000000000000000000000000000000000..2f41773e796775717dcc086573e15f4db7441957
--- /dev/null
+++ b/server/controllers/upload_jpg.php
@@ -0,0 +1,49 @@
+<?php
+$target_dir = "../assets/uploaded/";
+$target_file = $target_dir . basename($_FILES["image"]["name"]);
+$uploadOk = 1;
+$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
+echo(pathinfo($target_file));
+
+if(isset($_FILES["image"]) and $_SERVER["REQUEST_METHOD"] == "POST") {
+ // Check if image file is a actual image or fake image
+ $check = getimagesize($_FILES["image"]["tmp_name"]);
+ if($check !== false) {
+ echo "File is an image - " . $check["mime"] . ".";
+ $uploadOk = 1;
+ } else {
+ echo "File is not an image.";
+ $uploadOk = 0;
+ }
+
+ // Check if file already exists
+ if (file_exists($target_file)) {
+ echo "Sorry, file already exists.";
+ $uploadOk = 0;
+ }
+
+ // Check file size
+ if ($_FILES["image"]["size"] > 500000) {
+ echo "Sorry, your file is too large.";
+ $uploadOk = 0;
+ }
+
+ // Allow certain file formats
+ if($imageFileType != "jpg" && $imageFileType != "jpeg") {
+ echo "Sorry, only JPG & JPEG files are allowed.";
+ $uploadOk = 0;
+ }
+
+ // Check if $uploadOk is set to 0 by an error
+ if ($uploadOk == 0) {
+ echo "Sorry, your file was not uploaded.";
+ // if everything is ok, try to upload file
+ } else {
+ if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
+ echo "The file ". htmlspecialchars( basename( $_FILES["image"]["name"])). " has been uploaded.";
+ } else {
+ echo "Sorry, there was an error uploading your file.";
+ }
+ }
+}
+?>
\ No newline at end of file
diff --git a/server/controllers/upload_product_image.php b/server/controllers/upload_product_image.php
deleted file mode 100644
index 29472ff04909538125059f43c9cb1894b7a89d59..0000000000000000000000000000000000000000
--- a/server/controllers/upload_product_image.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?php
-$target_dir = "../assets/product_image/";
-$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
-$uploadOk = 1;
-$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
-
-// Check if image file is a actual image or fake image
-if(isset($_POST["submit"])) {
- $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
- if($check !== false) {
- echo "File is an image - " . $check["mime"] . ".";
- $uploadOk = 1;
- } else {
- echo "File is not an image.";
- $uploadOk = 0;
- }
-}
-
-// Check if file already exists
-if (file_exists($target_file)) {
- echo "Sorry, file already exists.";
- $uploadOk = 0;
-}
-
-// Check file size
-if ($_FILES["fileToUpload"]["size"] > 500000) {
- echo "Sorry, your file is too large.";
- $uploadOk = 0;
-}
-
-// Allow certain file formats
-if($imageFileType != "jpg" && $imageFileType != "jpeg") {
- echo "Sorry, only JPG & JPEG files are allowed.";
- $uploadOk = 0;
-}
-
-// Check if $uploadOk is set to 0 by an error
-if ($uploadOk == 0) {
- echo "Sorry, your file was not uploaded.";
-// if everything is ok, try to upload file
-} else {
- if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
- echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded.";
- } else {
- echo "Sorry, there was an error uploading your file.";
- }
-}
-?>
\ No newline at end of file