Subject: 504-Web Framework & Services

Class: TYBCA (Sem-5)

Student Roll no: 556

Student Name: Kalathiya Utsav D.

INDEX

No Content Page No
1 Connection File 1

2 Login File 2

3 Admin Module 3

4 User Module 15

Subject teacher: ______________

Signature: ________________

Date: ________________
 PROMOTORS

Connection file :-
<?php
$servername = "localhost";
$username = "Admin123";
$password = "Zxcv@123";
$database = "automobile";

$conn = mysqli_connect($servername, $username, $password, $database);

if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}

// echo "Connected successfully";

?>

556 1
 PROMOTORS

Login :-

<?php
session_start();
include '../connect.php';

if (isset($_POST['login'])) {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = $_POST['password'];
if ($username === '[email protected]' && $password === 'admin@123') {
$_SESSION['username'] = $username;
$_SESSION['email'] = $username;
header('Location: ../Admin/index.php');
exit();
} $sql = "select * from users where username = '$username'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
if (password_verify($password, $row['password'])) {
$_SESSION['username'] = $username;
$_SESSION['email'] = $row['email'];
header('Location: ../User/index.php');
exit();
} else {
$error = "Invalid password!";
}
} else {
$error = "Please Register Your Account";
}
}
?>

556 2
 PROMOTORS

ADMIN MODULE

Dashboard :-

<?php
session_start();
if (!isset($_SESSION['username'])) {
header("Location: ../Authentication/login.php");
exit;
}
?>
<?php
$page = isset($_GET['page']) ? $_GET['page'] : 'dashboard';
?>
<li class="nav-item">
<a class="nav-link <?php echo $page == 'dashboard' ? 'active' : ''; ?>"
href="?page=dashboard"><i class="fas fa-tachometer-alt"></i> <span class="nav-
text">Dashboard</span></a>
<li>
<li class="nav-item">
<a class="nav-link <?php echo $page == 'category' ? 'active' : ''; ?>"
href="?page=category"><i class="fas fa-list"></i> <span class="nav-
text">Category</span></a>
<li>
<li class="nav-item">
<a class="nav-link <?php echo $page == 'products' ? 'active' : ''; ?>"
href="?page=products"><i class="fas fa-box-open"></i> <span class="nav-
text">Products</span></a>
</li>
<li class="nav-item">

556 3
 PROMOTORS

<a class="nav-link <?php echo $page == 'users' ? 'active' : ''; ?>"

href="?page=users"><i class="fas fa-users"></i> <span class="nav-
text">Users</span></a>
</li>
<li class="nav-item">
<a class="nav-link <?php echo $page == 'customers' ? 'active' : ''; ?>"
href="?page=customers">i class="fas fa-user-friends"></i> <span class="nav-
text">Customers</span></a>
</li>
<li class="nav-item">
<a class="nav-link <?php echo $page == 'orders' ? 'active' : ''; ?>"
href="?page=orders"><i class="fas fa-shopping-cart"></i> <span class="nav-
text">Orders</span></a>
</li>
<li class="nav-item">
<a class="nav-link <?php echo $page == 'logout' ? 'active' : ''; ?>"
href="../Authentication/logout.php?panel=admin"><i class="fas fa-sign-out-alt"></i>
<span class="nav-text">Logout</span></a>
</li>
</ul>
</nav>
<main role="main" id="mainContent" class="col-md-9 ml-sm-auto col-lg-10 px-4">
<?php
// Include the page or default to 'dashboard'
$ file = $page.'.php';
if (file_exists($file)) {
include $file;
} else {
e cho "<h2>Page not found</h2>";
}
?>
</main>

<?php
include '../connect.php';

$users_count = $conn->query("select count(*) as count from users")->fetch_assoc()['count'];

$customers_count = $conn->query("select count(*) as count from orders")-
>fetch_assoc()['count']; // Assuming customers are in the orders table
$category_count = $conn->query("select count(*) as count from categories")-
>fetch_assoc()['count'];
$products_count = $conn->query("select count(*) as count from products")-
>fetch_assoc()['count'];
$orders_count = $conn->query("select count(*) as count from orders")-
>fetch_assoc()['count'];

?>

556 4
 PROMOTORS

Category :-

<?php
include '../connect.php';

if (isset($_REQUEST['submit'])) {
$category = $_POST['category'];

$sql = "insert into categories(name) values('$category')";

if (mysqli_query($conn, $sql)) {
header("Location: index.php?page=category");
exit;
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}

if (isset($_GET['id'])) {
$id = $_GET['id'];

// Prepare the SQL query to delete the record

$sql = "delete from categories where id = '$id'";

// Execute the query

if (mysqli_query($conn, $sql)) {
header("Location: index.php?page=category");
exit;

556 5
 PROMOTORS

} else {
echo "Error deleting record: " . mysqli_error($conn);
}
}

if ($_SERVER["REQUEST_METHOD"] == "POST") {
$id = $_POST['id'];
$categoryName = $_POST['categoryName'];

$sql = "update categories set name='$categoryName' where id='$id'";

if (mysqli_query($conn, $sql)) {
header("Location: index.php?page=category");
exit;
} else {
echo "Error updating record: " . mysqli_error($conn);
}
}
?>
<?php
$result = mysqli_query($conn,"SELECT * FROM categories");
if ($result && mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['name']."</td>";
echo "<td class='icon-cell'>
<a href='category.php?id=".$row['id']."'>
<svg class='icon' xmlns='http://www.w3.org/2000/svg' viewBox='0 0
105.7 122.88'><title>trash-bin</title>
</svg>
</a>
</td>";
echo "<td class='icon-cell'>
<a href='#' data-toggle='modal' data-target='#updateModal' data-id='".$row['id']."'
data-name='".$row['name']."'>
<svg class='icon' xmlns='http://www.w3.org/2000/svg' viewBox='0 0
490 512.34'>
</svg>
</a>
</td>";
echo "</tr>";
}
}
?>

556 6
 PROMOTORS

Products :-

556 7
 PROMOTORS

<?php
include '../connect.php';

// Add product functionality

if (isset($_POST['submit'])) {
$name = mysqli_real_escape_string($conn, $_POST['name']);
$description = mysqli_real_escape_string($conn, $_POST['description']);
$price = mysqli_real_escape_string($conn, $_POST['price']);
$category_id = mysqli_real_escape_string($conn, $_POST['category_id']);
$image = $_FILES['image']['name'];

// Handle file upload

if ($image) {
$target_dir = "../uploads/";
$target_file = $target_dir . basename($image);
if (move_uploaded_file($_FILES['image']['tmp_name'], $target_file)) {
// Success
} else {
echo "Error uploading file.";
exit;
}
} else {
$image = '';
}

$sql = "insert into products (name, description, price, category_id, image) values ('$name',
'$description', '$price', '$category_id', '$image')";

if (mysqli_query($conn, $sql)) {
header("Location: index.php?page=products");
exit;
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}

// Fetch categories
$categories = mysqli_query($conn,"select * from categories");

// Fetch products
$products = mysqli_query($conn,"select products.*, categories.name as category_name from
products join categories on products.category_id = categories.id");

// Update product functionality

if (isset($_POST['update'])) {
$id = mysqli_real_escape_string($conn, $_POST['id']);
$name = mysqli_real_escape_string($conn, $_POST['name']);

556 8
 PROMOTORS

$description = mysqli_real_escape_string($conn, $_POST['description']);

$price = mysqli_real_escape_string($conn, $_POST['price']);
$category_id = mysqli_real_escape_string($conn, $_POST['category_id']);
$image = mysqli_real_escape_string($conn, $_FILES['image']['name']);

if ($image) {
$target_dir = "../uploads/";
$target_file = $target_dir . basename($image);
if (move_uploaded_file($_FILES['image']['tmp_name'], $target_file)) {
// Success
} else {
echo "Error uploading file.";
exit;
}

// Update query with new image

$sql = "update products set name='$name', description='$description', price='$price',
category_id='$category_id', image='$image' where id='$id'";
} else {
// Update query without changing image
$sql = "update products set name='$name', description='$description', price='$price',
category_id='$category_id' where id='$id'";
}

if (mysqli_query($conn, $sql)) {
header("Location: index.php?page=products");
exit;
} else {
echo "Error: " . $sql->error;
}
}

// Delete product functionality

if (isset($_GET['id'])) {
$id = mysqli_real_escape_string($conn, $_GET['id']);

// Get image path

$imageQuery = mysqli_query($conn,"select image from products where id = $id");
$imageResult = mysqli_fetch_assoc($imageQuery);
$imagePath = '../uploads/' . $imageResult['image'];

// Delete image file if exists

if (file_exists($imagePath)) {
unlink($imagePath);
}
$sql = "delete from products where id = '$id'";

if (mysqli_query($conn, $sql)) {

556 9
 PROMOTORS

header("Location: index.php?page=products");
exit;
} else {
echo "Error deleting record: " . mysqli_error($conn);
}

}
?>

//Display Category
<?php while ($row = $categories->fetch_assoc()): ?>
<option value="<?php echo $row['id']; ?>"><?php echo $row['name']; ?></option>
<?php endwhile; ?>

// Display Products
<?php while ($row = $products->fetch_assoc()): ?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['name']; ?></td>
<td><?php echo $row['description']; ?></td>
<td>$<?php echo $row['price']; ?></td>
<td><?php echo $row['category_name']; ?></td>
<td><img src="../uploads/<?php echo $row['image']; ?>" alt="Product
Image" width="100"></td>
<td>
<a href="#" class="edit-btn" data-id="<?php echo $row['id']; ?>" data-
name="<?php echo $row['name']; ?>" data-description="<?php echo
$row['description']; ?>" data-price="<?php echo $row['price']; ?>" data-
category-id="<?php echo $row['category_id']; ?>" data-image="<?php
echo $row['image']; ?>">Edit</a> |
<a href="products.php?id=<?php echo $row['id']; ?>" onclick="return
confirm('Are you sure you want to delete this product?');">Delete</a>
</td>
</tr>
<?php endwhile; ?>

556 10
 PROMOTORS

Users :-

<?php
include '../connect.php';
$users = mysqli_query($conn, "select id, username, email, created_at from users");
mysqli_close($conn);
?>

556 11
 PROMOTORS

Customers :-

<?php
// Database connection
include '../connect.php';

// Fetch unique customers with their ordered products and order dates
$query = "select o.customer_name, o.customer_email, o.customer_address, p.name
AS product_name, o.created_at AS order_date from orders o join products p on
o.product_name = p.name";
$customers = mysqli_query($conn, $query);

mysqli_close($conn);
?>

556 12
 PROMOTORS

Orders :-

<?php
// Database connection
include '../connect.php';

// Fetch orders
$orders = mysqli_query($conn, "select id, product_name, product_price,
customer_name, customer_email, customer_address, created_at from orders");

mysqli_close($conn);
?>

556 13
 PROMOTORS

Logout File :-
<?php
session_start();
session_destroy();

$redirectPage = 'index.php'; // Default redirection for users

if (isset($_GET['panel'])) {
if ($_GET['panel'] === 'admin') {
$redirectPage = '../Admin/index.php'; // Redirect to admin index
} elseif ($_GET['panel'] === 'user') {
$redirectPage = '../User/index.php'; // Redirect to user index
}
}

header('Location: ' . $redirectPage);

exit();
?>

556 14
 PROMOTORS

USER MODULE

Sign Up :-

<?php
include '../connect.php';

if (isset($_POST['signup'])) {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);

$sql = "insert into users (username, email, password) values ('$username', '$email',
'$password')";

if (mysqli_query($conn, $sql)) {
header('Location: login.php');
exit();
} else {
$error = "Error: " . mysqli_error($conn);
}

mysqli_close($conn);
}
?>

556 15
 PROMOTORS

Shop :-

556 16
 PROMOTORS

<?php
session_start();
include '../connect.php';

if (!isset($_SESSION['username'])) {
// If not logged in, redirect to the login page
header("Location: ../Authentication/login.php");
exit;
}
// Handle product fetching
if ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['id'])) {
$productId = intval($_GET['id']);

$query = "select name, price from products where id = $productId";

$result = mysqli_query($conn, $query);

if ($result && mysqli_num_rows($result) > 0) {

$product = mysqli_fetch_assoc($result);
echo json_encode($product);
} else {
echo json_encode(['error' => 'Product not found']);
}
exit; // Stop further processing for GET requests fetching product details
}

// Handle order submission

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$productName = $_POST['productName'];
$productPrice = $_POST['productPrice'];
$customerName = $_POST['customerName'];
$customerEmail = $_POST['customerEmail'];
$customerAddress = $_POST['customerAddress'];

// Insert order into the database

$query = "insert into orders (product_name, product_price, customer_name,
customer_email, customer_address)
values ('$productName', '$productPrice', '$customerName', '$customerEmail',
'$customerAddress')";

// Execute the query

if (mysqli_query($conn, $query)) {
echo 'Order submitted successfully!';
} else {
echo 'Error: ' . $conn->error;
}
exit;
}

556 17
 PROMOTORS

// Fetch selected category from URL, default to the first category if none selected
$selectedCategory = isset($_GET['category']) ? $_GET['category'] : '';

// Fetch categories
$categoriesQuery = "select id, name from categories";
$categoriesResult = mysqli_query($conn,$categoriesQuery);

// Fetch products based on the selected category

$productsQuery = "select * from products";
if ($selectedCategory) {
$productsQuery .= " where category_id = " . intval($selectedCategory);
}else {
// Show only 9 products if no category is selected
$productsQuery .= " LIMIT 9";
}
$productsResult = mysqli_query($conn,$productsQuery);
?>

556 18