Kaunas University of Technology

Final Project
Computer Networks and Technologies

Alvaro Rodríguez Sánchez

Student

Donatas Sandonavicius

Lecturer

Kaunas, 2019
 1. INTRODUCTION

The purpose of this project is to implement a system based on PHP and MySQL
databases.
The system is a electronic shop “ELECSHOP” with all features of a e-commerce
website and with a back-end admin and seller panel.
The website has a simple design using HTML and CSS.

2. How it works

2.1 Databases
We use SQL to store our databases. We create two databases one for the products of our
website and other for login.

2.2 Front-end

We create a header to use it in all pages of our website

<?php
session_start();
// Include functions and connect to the database using PDO MySQL
include 'functions.php';
$bag=bag_function();

?>

<html>

<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>
<style>
llin{

color: green;
padding: 10px 20px;
text-align: center;
text-decoration: none;
display: inline-block;
}
</style>

<h1>
<a href="index.php">
ELECSHOP
</a>
</h1>

<img class="foto" src="/imgs/elec.jpg" width="300" height="150">

<ul>
<li><a href="products.php">Products</a></li>
<li><a href="login.php">Login</a></li>
</ul>
<span class="bag"><a href="cart.php"><i class="fas fa-shopping-
cart"></i></a><?=$bag?></span>

<llin><a href="admin.php"><?php if (isset($_SESSION["loggedin"]) &&

$_SESSION["loggedin"] === true && $_SESSION["id"] ==1){echo "ADMIN"; }?
></a></llin>
<llin><a href="seller.php"><?php if (isset($_SESSION["loggedin"]) &&
$_SESSION["loggedin"] === true && $_SESSION["id"] ==2){echo "SELLER"; }?
></a></llin>

<llin><a href="logout.php"><?php if (isset($_SESSION["loggedin"]) &&

$_SESSION["loggedin"] === true){echo "LOGOUT"; }?></a></llin>

<body>

3
The home website index.php shows the menus of the website (“Products” and
“Login”) , a link to the shopping cart system and it lists the last two added products.

<?php
include("header.php");
?>
<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>
<body>
<?php
$pdo = pdo_connect_mysql();
$stmt = $pdo->prepare('SELECT * FROM products ORDER BY date_added DESC LIMIT
2');
$stmt->execute();
$recently_added_products = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>

<div class="featured">
<h2>Last Added Products</h2>
<p>Discover our last products</p>
</div>

<div class="recentlyadded content-wrapper">

<div class="products">
<?php foreach ($recently_added_products as $product): ?>
<a href="product.php?page=product&id=<?=$product['id']?>"
class="product">
<img src="imgs/<?=$product['img']?>" width="200" height="200"
alt="<?=$product['name']?>">
<b> <?=$product['name']?>&nbsp;

&euro;<?=$product['price']?>

</a>
<?php endforeach; ?>
</div>
</div>

</body>
Products shows us all the products in our website and we can filter them by name or
price range

<html>

<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>

<body>

<?php
include("header.php");
?>

<?php
//error_reporting(0);

$pdo = pdo_connect_mysql();

// The amounts of products to show on each page

$num_products_on_each_page = 4;
// The current page, in the URL this will appear as product.php?
page=products&p=1, product.php?page=products&p=2, etc...
$current_page = isset($_GET['p']) && is_numeric($_GET['p']) ? (int)$_GET['p']
: 1;
// Select products ordered by the date added
$stmt = $pdo->prepare('SELECT * FROM products ORDER BY date_added DESC
LIMIT ?,?');
// bindValue will allow us to use integer in the SQL statement, we need to
use for LIMIT
$stmt->bindValue(1, ($current_page - 1) * $num_products_on_each_page,
PDO::PARAM_INT);
$stmt->bindValue(2, $num_products_on_each_page, PDO::PARAM_INT);
$stmt->execute();
// Fetch the products from the database and return the result as an Array
$products = $stmt->fetchAll(PDO::FETCH_ASSOC);
$total_products = $pdo->query('SELECT * FROM products')->rowCount();
if(!empty($_POST['submit'])) {
$stmt = $pdo->prepare('SELECT * FROM products WHERE name = ? OR price
BETWEEN ? AND ?');
$stmt->execute([$_POST['search'],$_POST['prices'],$_POST['pricet']]);
$productsearched = $stmt->fetchAll(PDO::FETCH_ASSOC);

}
?>
<div class="searchbox">

<form action="" method="post">

5
 <label>Search name</label>
<input type="text" name="search" class="form-control" value="">
<label>Search price from</label>
<input type="text" name="prices" class="form-control" value="">
<label>to</label>
<input type="text" name="pricet" class="form-control" value="">

<input name="submit" type="submit" class="btn btn-primary"

value="submit">
</form>

</div>

<?php if(empty($_POST['submit'])) : ?>

<div class="products content-wrapper">

<h2>Products</h2>
<p><?=$total_products?> Products</p> </i>
<div class="products-wrapper">
<?php foreach ($products as $product): ?>
<a href="product.php?page=product&id=<?=$product['id']?>"
class="product">
<img class="products" src="imgs/<?=$product['img']?>" width="200"
height="200" alt="<?=$product['name']?>">

<span class="name"><?=$product['name']?></span>
<span class="price">
&euro;<?=$product['price']?>

</span>

</a>
<?php endforeach; ?>
</div>
<?php endif; ?>

<?php if(!empty($_POST['submit'])) : ?>

<div class="products content-wrapper">

<h2>Products </h2>
<p><?=$total_products?> Products</p> </i>
<div class="products-wrapper">
<?php foreach ($productsearched as $product): ?>
<a href="product.php?page=product&id=<?=$product['id']?>"
class="product">
<img class="products" src="imgs/<?=$product['img']?>"
width="200" height="200" alt="<?=$product['name']?>">

<span class="name"><?=$product['name']?></span>
<span class="price">
&euro;<?=$product['price']?>

</span>
</a>
<?php endforeach; ?>
 <?php endif; ?>

<div class="buttons">
<?php if ($current_page > 1): ?>
<a href="product.php?page=products&p=<?=$current_page-1?>">Prev</a>
<?php endif; ?>
<?php if ($total_products > ($current_page *
$num_products_on_each_page) - $num_products_on_each_page + count($products)):
?>
<a href="product.php?page=products&p=<?=$current_page+1?>">Next</a>
<?php endif; ?>
</div>
</div>

</body>

The next system that we have created is the product page, where we can add our product
to the basket and see its characteristics

<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>

<body>

<?php
include("header.php");
$pdo = pdo_connect_mysql();
// Check to make sure the id parameter is specified in the URL
if (isset($_GET['id'])) {
// Prepare statement and execute, prevents SQL injection
$stmt = $pdo->prepare('SELECT * FROM products WHERE id = ?');
$stmt->execute([$_GET['id']]);
// Fetch the product from the database and return the result as an Array
$product = $stmt->fetch(PDO::FETCH_ASSOC);
// Check if the product exists (array is not empty)
if (!$product) {
// Simple error to display if the id for the product doesn't exists
(array is empty)
die ('Product does not exist!');
}
} else {
// Simple error to display if the id wasn't specified
die ('Product does not exist error!');
}
?>

<div class="product content-wrapper">

<h1 class="name"><?=$product['name']?></h1>
<img class="producto" src="imgs/<?=$product['img']?>" width="300"

7
height="300" alt="<?=$product['name']?>">
<div>

<l>Price:</l> <span class="price">

&euro;<?=$product['price']?>

</span><br><br>
<?php if ($product['rrp']==1): ?>
<span class="rrp">UPLOADED BY ADMIN</span>
<?php endif; ?>
<?php if ($product['rrp']==2): ?>
<span class="rrp">UPLOADED BY SELLER</span>
<?php endif; ?>
<div class="formulario">
<form action="cart.php" method="post">
<input type="number" name="quantity" value="1" min="1" max="<?
=$product['quantity']?>" placeholder="Quantity" required>
<input type="hidden" name="product_id" value="<?=$product['id']?
>">
<input type="submit" value="Add To Cart">
</form>
</div>
<div class="description">
<?=$product['desc']?>
</div>
</div>
</div>

</body>

One we select add to cart in one product it is stored in the cart.

<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>
<style>
table, th, td {
border: 1px solid black;
}
th {
background-color: #4CAF50;
color: white;
}

</style>
<body>

<?php
include("header.php");

// Include functions and connect to the database using PDO MySQL

?>
<?php
$pdo = pdo_connect_mysql();

// If the user clicked the add to cart button on the product page we can
check for the form data
if (isset($_POST['product_id'], $_POST['quantity']) &&
is_numeric($_POST['product_id']) && is_numeric($_POST['quantity'])) {
// Set the post variables so we easily identify them, also make sure they
are integer
$product_id = (int)$_POST['product_id'];
$quantity = (int)$_POST['quantity'];
// Prepare the SQL statement, we basically are checking if the product
exists in our databaser
$stmt = $pdo->prepare('SELECT * FROM products WHERE id = ?');
$stmt->execute([$_POST['product_id']]);
// Fetch the product from the database and return the result as an Array
$product = $stmt->fetch(PDO::FETCH_ASSOC);
//Save the products into a text file

// Check if the product exists (array is not empty)

if ($product && $quantity > 0) {
// Product exists in database, now we can create/update the session
variable for the cart
if (isset($_SESSION['cart']) && is_array($_SESSION['cart'])) {
if (array_key_exists($product_id, $_SESSION['cart'])) {
// Product exists in cart so just update the quanity
$_SESSION['cart'][$product_id] += $quantity;
} else {
// Product is not in cart so add it
$_SESSION['cart'][$product_id] = $quantity;
}
} else {
// There are no products in cart, this will add the first product
to cart
$_SESSION['cart'] = array($product_id => $quantity);
}
}
}

// Remove product from cart, check for the URL param "remove", this is the
product id, make sure it's a number and check if it's in the cart
if (isset($_GET['remove']) && is_numeric($_GET['remove']) &&
isset($_SESSION['cart']) && isset($_SESSION['cart'][$_GET['remove']])) {
// Remove the product from the shopping cart
unset($_SESSION['cart'][$_GET['remove']]);
}

// Update product quantities in cart if the user clicks the "Update" button
on the shopping cart page
if (isset($_POST['update']) && isset($_SESSION['cart'])) {
// Loop through the post data so we can update the quantities for every
product in cart
foreach ($_POST as $k => $v) {
if (strpos($k, 'quantity') !== false && is_numeric($v)) {
$id = str_replace('quantity-', '', $k);
$quantity = (int)$v;
// Always do checks and validation

9
 if (is_numeric($id) && isset($_SESSION['cart'][$id]) && $quantity
> 0) {
// Update new quantity
$_SESSION['cart'][$id] = $quantity;
}
}
}
}
// Send the user to the place order page if they click the Place Order
button, also the cart should not be empty

if (isset($_POST['placeorder']) && isset($_SESSION['cart']) && !

empty($_SESSION['cart'])) {
foreach ($products as $product):

$newquant = $product['quantity'] - $quantity;

try {
$sql = "UPDATE `products`
SET `name`= :name,`desc`= :description,`price`= :price,`quantity`= :quantity
WHERE `id`= :id";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(":name", $product['name']);
$stmt->bindParam(":description", $product['desc']);
$stmt->bindParam(":price", $product['price']);
$stmt->bindParam(":quantity", $newquant);
$stmt->bindParam(":id", $product['id']);
$stmt->execute();

} catch (PDOException $e) {

echo 'ERROR: ' . $e->getMessage();

}
endforeach;
header('Location: placeorder.php');
exit;

}
// Check the session variable for products in cart
$products_in_cart = isset($_SESSION['cart']) ? $_SESSION['cart'] : array();
$products = array();
$subtotal = 0.00;
// If there are products in cart
if ($products_in_cart) {
// There are products in the cart so we need to select those products
from the database
// Products in cart array to question mark string array, we need the SQL
statement to include IN (?,?,?,...etc)
$array_to_question_marks = implode(',', array_fill(0,
count($products_in_cart), '?'));
$stmt = $pdo->prepare('SELECT * FROM products WHERE id IN (' .
$array_to_question_marks . ')');
// We only need the array keys, not the values, the keys are the id's of
the products
$stmt->execute(array_keys($products_in_cart));
// Fetch the products from the database and return the result as an Array
$products = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Calculate the subtotal
foreach ($products as $product) {
$subtotal += (float)$product['price'] * (int)
$products_in_cart[$product['id']];
}
}

?>
<div class="cart content-wrapper">
<h1>Shopping Cart</h1>
<form action="cart.php" method="post">
<table>
<thead>
<tr>
<td colspan="2">Product</td>
<td>Price</td>
<td>Quantity</td>
<td>Total</td>
</tr>
</thead>
<tbody>
<?php if (empty($products)): ?>
<tr>
<td colspan="5" style="text-align:center;">You have no
products added in your Shopping Cart</td>
</tr>
<?php else: ?>
<?php foreach ($products as $product): ?>
<tr>
<td class="img">
<a href="product.php?page=product&id=<?
=$product['id']?>">
<img src="imgs/<?=$product['img']?>" width="50"
height="50" alt="<?=$product['name']?>">
</a>
</td>
<td>
<a href="product.php?page=product&id=<?
=$product['id']?>"><?=$product['name']?></a>
<br>
<a href="cart.php?page=cart&remove=<?=$product['id']?
>" class="remove">Remove</a>
</td>
<td class="price">&euro;<?=$product['price']?></td>
<td class="quantity">
<input type="number" name="quantity-<?
=$product['id']?>" value="<?=$products_in_cart[$product['id']]?>" min="1"
max="<?=$product['quantity']?>" placeholder="Quantity" required>
</td>
<td class="price">&dollar;<?=$product['price'] *
$products_in_cart[$product['id']]?></td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
<div class="subtotal">
<span class="text">Subtotal</span>
<span class="price">&dollar;<?=$subtotal?></span>
</div>
<div class="buttons">
<input type="submit" value="Update" name="update">

11
 <input type="submit" value="Place Order" name="placeorder" >
</div>
</form>

</div>
</body>

2.3 Back-end

When we press the login we have two kinds of users in the system “admin” and “seller”
, each of them have different privileges

<html>

<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
body{ font: 14px sans-serif; }
.wrapper{ margin:10px auto;
display:block; width: 360px; padding: 20px; }
</style>
</head>
</html>

<?php
session_start();
// Include functions and connect to the database using PDO MySQL
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'root';
$DATABASE_NAME = 'elecshop';

$conn = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS,

$DATABASE_NAME);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}

// Initialize the session

// Check if the user is already logged in, if yes then redirect him to
welcome page
if (isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true) {
header("location: index.php");
exit;
}

// Define variables and initialize with empty values

$username = $password = "";
$username_err = $password_err = "";
if($_SERVER["REQUEST_METHOD"] == "POST"){

// Check if username is empty

if(empty(trim($_POST["username"]))){
$username_err = "Please enter username.";
} else{
$username = trim($_POST["username"]);
}

// Check if password is empty

if(empty(trim($_POST["password"]))){
$password_err = "Please enter your password.";
} else{
$password = trim($_POST["password"]);
}

// Validate credentials
if(empty($username_err) && empty($password_err)){
// Prepare a select statement
$username=$_POST['username'];
$password=$_POST['password'];

$sql = "SELECT id, username, password FROM login WHERE username

='$username' AND password='$password' LIMIT 1 ";
$result = mysqli_query($conn, $sql);
$entrada = mysqli_fetch_array($result, MYSQLI_ASSOC);
$usernamecheck=$entrada['id'];

if(mysqli_num_rows($result)==1 && $usernamecheck==1){

session_start();

// Store data in session variables

$_SESSION["loggedin"] = true;
$_SESSION["id"] = $entrada['id'];
$_SESSION["username"] = $username;

header("location: admin.php");

}
elseif(mysqli_num_rows($result)==1 && $usernamecheck!=1) {
session_start();

// Store data in session variables

$_SESSION["loggedin"] = true;
$_SESSION["id"] = $entrada['id'];
$_SESSION["username"] = $username;

header("location: seller.php");

13
 }
// Close statement
else{
echo "Incorrect password";
}
}

// Close connection
mysqli_close($conn);
}
?>

<html>
<body>
<div class="wrapper">
<h2>Login</h2>
<f>Please fill in your credentials to login.</f>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>"
method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-
error' : ''; ?>">
<label>Username</label>
<input type="text" name="username" class="form-control" value="<?
php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-
error' : ''; ?>">
<label>Password</label>
<input type="password" name="password" class="form-control"
value="<?php echo $password; ?>" >
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Login">
</div>
</form>
</div>
</body>

</html>

We also create a logout page

<?php
// Initialize the session
session_start();

// Unset all of the session variables

$_SESSION = array();

// Destroy the session.

session_destroy();
// Redirect to login page
header("location: index.php");
exit;
?>

The admin and seller panel show what do we have in our database products. In case of
admin, he can see products added by him and the sellers. On the other hand, sellers can
only see the products they have added.

admin.php

<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>
<style>
a{

background-color: #f44336;
color: white;
padding: 14px 25px;
text-align: center;
text-decoration: none;
display: inline-block;
}

table, th, td {
border: 1px solid black;
}
th {
background-color: #4CAF50;
color: white;
}

</style>

<body>
<?php

session_start();
// Include functions and connect to the database using PDO MySQL
include 'functions.php';

$pdo = pdo_connect_mysql();

$stmt = $pdo->prepare('SELECT * FROM products WHERE ?');

$stmt->execute([1]);
// Fetch the products from the database and return the result as an Array
$products = $stmt->fetchAll(PDO::FETCH_ASSOC);

15
?>

<form action="admin.php" method="post">

<table style="width:100%">
<tr>
<th>Product</th>
<th>Image</th>
<th>Quantity</th>
<th>Price</th>
<th>1=Admin/2=Seller</th>
</tr>
<?php foreach ($products as $product): ?>

<tr>
<td> <?=$product['name']?> </td>
<td> <img class="products" src="imgs/<?=$product['img']?>"
width="200" height="200" alt="<?=$product['name']?>"></td>
<td> <?=$product['quantity']?>
</td>
<td> &euro;<?=$product['price']?>
</td>
<td> <?=$product['rrp']?>
</td>
</tr>

<?php endforeach; ?>

</table>

</form>
<a href="add.php">Add Product</a>
<a href="update.php">Update Product</a>
<a href="remove.php">Remove Product</a>
<a href="index.php"><i class="fas fa-home"></i></a>

</body>

seller.php

<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>
<style>
a{
 background-color: #f44336;
color: white;
padding: 14px 25px;
text-align: center;
text-decoration: none;
display: inline-block;
}

table, th, td {
border: 1px solid black;
}
th {
background-color: #4CAF50;
color: white;
}

</style>

<body>
<?php
session_start();
// Include functions and connect to the database using PDO MySQL
include 'functions.php';

$pdo= pdo_connect_mysql();

$stmt = $pdo->prepare('SELECT * FROM products WHERE rrp=?');

$stmt->execute([2]);
// Fetch the products from the database and return the result as an Array
$products = $stmt->fetchAll(PDO::FETCH_ASSOC);

?>

<form action="seller.php" method="post">

<table style="width:100%">
<tr>
<th>Product</th>
<th>Image</th>
<th>Quantity</th>
<th>Price</th>
</tr>
<?php foreach ($products as $product): ?>

<tr>
<td> <?=$product['name']?> </td>
<td> <img class="products" src="imgs/<?

17
=$product['img']?>" width="200" height="200" alt="<?=$product['name']?
>"></td>
<td> <?=$product['quantity']?>
</td>
<td> &euro;<?=$product['price']?>
</td>

</tr>

<?php endforeach; ?>

</table>

</form>
<a href="add.php">Add Product</a>
<a href="remove.php">Remove Product</a>

<a href="index.php"><i class="fas fa-home"></i></a>

</body>

In the admin panel we have three functions: add product, delete product and update
product.

add.php

<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>

<body>

<?php
//IMAGE UPLOAD
if(isset($_POST['submit'])) {
$currentDir = getcwd();
$uploadDirectory = "/imgs/";

$errors = []; // Store all foreseen and unforseen errors here

$fileExtensions = ['jpeg', 'jpg', 'png']; // Get all the file extensions

$fileName = $_FILES['myfile']['name'];
$fileSize = $_FILES['myfile']['size'];
 $fileTmpName = $_FILES['myfile']['tmp_name'];
$fileType = $_FILES['myfile']['type'];
$fileExtension = strtolower(end(explode('.', $fileName)));

$uploadPath = $currentDir . $uploadDirectory . basename($fileName);

if (isset($_POST['submit'])) {

if (!in_array($fileExtension, $fileExtensions)) {
$errors[] = "This file extension is not allowed. Please upload a
JPEG or PNG file";
}

if ($fileSize > 2000000) {

$errors[] = "This file is more than 2MB. Sorry, it has to be less
than or equal to 2MB";
}

if (empty($errors)) {
$didUpload = move_uploaded_file($fileTmpName, $uploadPath);

if ($didUpload) {
echo "The file " . basename($fileName) . " has been
uploaded";
} else {
echo "An error occurred somewhere. Try again or contact the
admin";
}
} else {
foreach ($errors as $error) {
echo $error . "These are the errors" . "\n";
}
}
}
}

session_start();
// Include functions and connect to the database using PDO MySQL
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'root';
$DATABASE_NAME = 'elecshop';

$conn = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS,

$DATABASE_NAME);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if (isset($_POST['submit'])&& $_SESSION["id"] ==1) {
$sql = "INSERT INTO products (name, `desc`,price,rrp,quantity,`img`)
VALUES
('$_POST[name]','$_POST[description]','$_POST[price]','1','$_POST[quantity]',
'$fileName')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

19
}elseif(isset($_POST['submit'])&& $_SESSION["id"] !=1){

$sql = "INSERT INTO products (name, `desc`,price,rrp,quantity,`img`)

VALUES
('$_POST[name]','$_POST[description]','$_POST[price]','2','$_POST[quantity]',
'$fileName')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

}
mysqli_close($conn);
$name= "";
$price= "";
$description= "";
$quantity="";

?>

<div class="formulario">

<form action="" method="post" enctype="multipart/form-data">

<label>Name</label>
<input type="text" name="name" class="form-control" value=""><br>
<label>Price</label>

<input type="text" name="price" class="form-control" value=""><br>

<label>Description</label>

<input type="text" name="description" class="form-control" value=""><br>

<label>Quantity</label>

<input type="text" name="quantity" class="form-control" value=""><br>

Upload a File:
<input type="file" name="myfile" id="fileToUpload">
<label>Send</label>

<input name="submit" type="submit" class="btn btn-primary"

value="submit">

</div>
<?php
if (isset($_POST['submit']))
{
header('Location:add.php');
}
?>
<llin><a href="admin.php"><?php if (isset($_SESSION["loggedin"]) &&
$_SESSION["loggedin"] === true && $_SESSION["id"] ==1){echo "ADMIN PANEL"; }?
></a></llin>
<llin><a href="seller.php"><?php if (isset($_SESSION["loggedin"]) &&
$_SESSION["loggedin"] === true && $_SESSION["id"] ==2){echo "SELLER PANEL";
}?></a></llin>
</body>

remove.php

<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>

<body>

<?php
session_start();
// Include functions and connect to the database using PDO MySQL
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'root';
$DATABASE_NAME = 'elecshop';

$conn = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS,

$DATABASE_NAME);

// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if (isset($_POST['submit'])&& $_SESSION["id"] ==1) {
$name=$_POST['name'];
$sql = "DELETE FROM products WHERE name='$name'";

if (mysqli_query($conn, $sql)) {
echo "Deleted succesfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}elseif (isset($_POST['submit'])&& $_SESSION["id"] !=1) {
$name = $_POST['name'];
$sql = "DELETE FROM products WHERE name='$name' AND rrp='2'";

if (mysqli_query($conn, $sql)) {
echo "Deleted succesfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
mysqli_close($conn);

?>

<div class="formulario">

21
<form action="" method="post">
<h2>Introduce the name of the product you want to remove</h2>
<label>Name</label>
<input type="text" name="name" class="form-control" value=""><br>

<label>Send</label>

<input name="submit" type="submit" class="btn btn-primary"

value="submit">

</form>
</div>
<llin><a href="admin.php"><?php if (isset($_SESSION["loggedin"]) &&
$_SESSION["loggedin"] === true && $_SESSION["id"] ==1){echo "ADMIN PANEL"; }?
></a></llin>
<llin><a href="seller.php"><?php if (isset($_SESSION["loggedin"]) &&
$_SESSION["loggedin"] === true && $_SESSION["id"] ==2){echo "SELLER PANEL";
}?></a></llin>
</body>

update.php

<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="https://kit.fontawesome.com/c4198f3bd1.js"
crossorigin="anonymous"></script>
</head>

<body>

<?php
error_reporting(0);
session_start();
// Include functions and connect to the database using PDO MySQL
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'root';
$DATABASE_NAME = 'elecshop';

$conn = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS,

$DATABASE_NAME);

// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if(isset($_POST['submit'])) {
$name = $_POST['name'];
$selection = "SELECT * FROM products WHERE name='$name'";
$result = mysqli_query($conn, $selection);
 $product = mysqli_fetch_array($result, MYSQLI_ASSOC);

}
if (isset($_POST['submit2'])) {
$id=$_POST['id'];
$sql = "UPDATE `products`
SET
`name`='$_POST[name2]',`desc`='$_POST[description]',`price`='$_POST[price]',`
quantity`='$_POST[quantity]' WHERE `id`='$id'";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}

mysqli_close($conn);

?>

<div class="formulario">

<form action="" method="post">

<h2>Select the product you want to update:</h2>
<label>Product</label>
<input type="text" name="name" class="form-control" value=""><br>
<label>Send</label>

<input name="submit" type="submit" class="btn btn-primary"

value="submit"><br><br>

<?php if(!empty($_POST['name'])) : ?>

<label>Name</label>
<input type="text" name="name2" class="form-control" value="<?php echo
$product['name']; ?>"><br>
<label>Price</label>

<input type="text" name="price" class="form-control" value="<?php echo

$product['price']; ?>"><br>
<label>Description</label>

<input type="text" name="description" class="form-control" value="<?php

echo $product['desc']; ?>"><br>
<label>Quantity</label>

<input type="text" name="quantity" class="form-control" value="<?php echo

$product['quantity']; ?>"><br>

<input type="hidden" name="id" value="<?php echo $product['id']; ?>"

<label>Send</label>

23
 <input name="submit2" type="submit" class="btn btn-primary"
value="submit">

<?php endif; ?>

</form>
</div>
<li><a href="admin.php">Admin Panel</a></li>
</body>

To connect to the databases and see cart status we use functions.php

<?php
function pdo_connect_mysql() {
// Update the details below with your MySQL details
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'root';
$DATABASE_NAME = 'elecshop';
try {
return new PDO('mysql:host=' . $DATABASE_HOST . ';dbname=' .
$DATABASE_NAME . ';charset=utf8', $DATABASE_USER, $DATABASE_PASS);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
// If there is an error with the connection, stop the script and
display the error.

echo $pdo . "<br>" . $e->getMessage();

}
}
function bag_function(){
$num_items_in_cart = isset($_SESSION['cart']) ? count($_SESSION['cart']) : 0;
return $num_items_in_cart;
}
?>