Lab 23

.idea/workspace.xml

 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
   <component name="ChangeListManager">
-    <list default="true" id="ab488665-006d-40cf-bcbd-977a1cdf2819" name="Default Changelist" comment="Lab 20 and halfway through lab 21">
-      <change afterPath="$PROJECT_DIR$/injection.php" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/logout.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/.idea/sshConfigs.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/sshConfigs.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/.idea/webServers.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/webServers.xml" afterDir="false" />
+    <list default="true" id="ab488665-006d-40cf-bcbd-977a1cdf2819" name="Default Changelist" comment="Lab 22">
+      <change afterPath="$PROJECT_DIR$/addReview.php" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/contact.php" beforeDir="false" afterPath="$PROJECT_DIR$/contact.php" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/classic.php" beforeDir="false" afterPath="$PROJECT_DIR$/classic.php" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/hitchcock.php" beforeDir="false" afterPath="$PROJECT_DIR$/hitchcock.php" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/login.php" beforeDir="false" afterPath="$PROJECT_DIR$/login.php" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/orders.php" beforeDir="false" afterPath="$PROJECT_DIR$/orders.php" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/private/header.php" beforeDir="false" afterPath="$PROJECT_DIR$/private/header.php" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/processCartContents.php" beforeDir="false" afterPath="$PROJECT_DIR$/processCartContents.php" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/register.php" beforeDir="false" afterPath="$PROJECT_DIR$/register.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/shoppingPage.php" beforeDir="false" afterPath="$PROJECT_DIR$/shoppingPage.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/style.css" beforeDir="false" afterPath="$PROJECT_DIR$/style.css" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/scifi.php" beforeDir="false" afterPath="$PROJECT_DIR$/scifi.php" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/validateCheckout.php" beforeDir="false" afterPath="$PROJECT_DIR$/validateCheckout.php" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
@@ -200,6 +198,10 @@
       <workItem from="1633213837912" duration="6000" />
       <workItem from="1633289345700" duration="1090000" />
       <workItem from="1633394431587" duration="6267000" />
+      <workItem from="1633401953343" duration="37000" />
+      <workItem from="1633463277340" duration="3322000" />
+      <workItem from="1633561519341" duration="431000" />
+      <workItem from="1633987277916" duration="5531000" />
     </task>
     <task id="LOCAL-00001" summary="Add lab 10 files">
       <created>1629171452913</created>
@@ -334,7 +336,14 @@
       <option name="project" value="LOCAL" />
       <updated>1632869717061</updated>
     </task>
-    <option name="localTasksCounter" value="20" />
+    <task id="LOCAL-00020" summary="Lab 22">
+      <created>1633401977558</created>
+      <option name="number" value="00020" />
+      <option name="presentableId" value="LOCAL-00020" />
+      <option name="project" value="LOCAL" />
+      <updated>1633401977558</updated>
+    </task>
+    <option name="localTasksCounter" value="21" />
     <servers />
   </component>
   <component name="TimeTrackingManager">
@@ -419,7 +428,8 @@
     <MESSAGE value="Lab 18" />
     <MESSAGE value="Lab 19" />
     <MESSAGE value="Lab 20 and halfway through lab 21" />
-    <option name="LAST_COMMIT_MESSAGE" value="Lab 20 and halfway through lab 21" />
+    <MESSAGE value="Lab 22" />
+    <option name="LAST_COMMIT_MESSAGE" value="Lab 22" />
   </component>
   <component name="editorHistoryManager">
     <entry file="file://$PROJECT_DIR$/IDBTest.html">

addReview.php

+<?php
+session_start();
+
+$reviews = simplexml_load_file($_POST['xmlFileName']);
+
+$review = $reviews->addChild('review');
+$user = $review->addChild('user', $_SESSION['authenticatedUser']);
+$rating = $review->addChild('rating', $_POST['rating']);
+
+$reviews->saveXML($_POST['xmlFileName']);
+
+header('Location: ' . $_SESSION['lastPage']);
\ No newline at end of file

classic.php

@@ -6,7 +6,24 @@
 
 <?php
 $scriptList = array('jquery-3.6.0.min.js', 'cart.js', 'showHide.js', 'reviews.js');
-include("./private/header.php"); ?>
+include("./private/header.php");
+
+function addReviewForm($xmlFileName) {
+    if (isset($_SESSION['authenticatedUser'])) {
+        echo "<form action='addReview.php' method='POST'>";
+        echo " <input type='hidden' name='xmlFileName' value='$xmlFileName'>";
+        echo "<select name='rating'>
+  <option value = 1 > 1</option >
+  <option value = 2 > 2</option >
+  <option value = 3 > 3</option >
+  <option value = 4 > 4</option >
+    <option value = 5 > 5</option >
+</select>";
+        echo "<input type='submit'></input>";
+        echo "</form>"; }
+}
+
+?>
 </head>
 <body>
 <main>
@@ -22,6 +39,7 @@ include("./private/header.php"); ?>
             $<span class="price">13.99</span>
             <input type="button" value="Add to Cart" class="buy">
         </p>
+        <?php addReviewForm("reviews/Gone_With_the_Wind.xml");?>
     </section>
 
     <section class="film">
@@ -34,6 +52,7 @@ include("./private/header.php"); ?>
             $<span class="price">13.99</span>
             <input type="button" value="Add to Cart" class="buy">
         </p>
+        <?php addReviewForm("reviews/The_Jazz_Singer.xml");?>
     </section>
 
     <section class="film">
@@ -47,6 +66,7 @@ include("./private/header.php"); ?>
             $<span class="price">19.99</span>
             <input type="button" value="Add to Cart" class="buy">
         </p>
+        <?php addReviewForm("reviews/Metropolis.xml");?>
     </section>
 
 </main>

hitchcock.php

@@ -5,7 +5,24 @@
     <head>
         <?php
         $scriptList = array('jquery-3.6.0.min.js', 'cart.js', 'showHide.js', 'reviews.js');
-        include("./private/header.php"); ?>
+        include("./private/header.php");
+
+        function addReviewForm($xmlFileName) {
+            if (isset($_SESSION['authenticatedUser'])) {
+                echo "<form action='addReview.php' method='POST'>";
+                echo " <input type='hidden' name='xmlFileName' value='$xmlFileName'>";
+                echo "<select name='rating'>
+  <option value = 1 > 1</option >
+  <option value = 2 > 2</option >
+  <option value = 3 > 3</option >
+  <option value = 4 > 4</option >
+    <option value = 5 > 5</option >
+</select>";
+                echo "<input type='submit'></input>";
+                echo "</form>"; }
+        }
+
+        ?>
     </head>
 
     <body>
@@ -23,6 +40,7 @@
                 $<span class="price">14.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/The_Birds.xml");?>
             </section>
 
             <section class="film">
@@ -35,6 +53,7 @@
                 $<span class="price">12.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/Dial_M_for_Murder.xml");?>
             </section>
 
             <section class="film">
@@ -47,6 +66,7 @@
                 $<span class="price">11.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/The_Man_Who_Knew_Too_Much.xml");?>
             </section>
 
             <section class="film">
@@ -59,6 +79,7 @@
                 $<span class="price">14.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/North_by_Northwest.xml");?>
             </section>
 
             <section class="film">
@@ -71,6 +92,7 @@
                 $<span class="price">16.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/Vertigo.xml");?>
             </section>
 
         </main>

login.php

@@ -18,6 +18,11 @@ if (isset($_POST['login_user'])) {
     } else {
         echo "Success";
         $_SESSION['authenticatedUser'] = $username;
+
+        $row = $result->fetch_assoc();
+        $role = $row['role'];
+
+        $_SESSION['role'] = $role;
         header('Location:' . $_SESSION['lastPage']);
         exit;
 

orders.php

 <?php
 session_start();
-if ($_SESSION['authenticatedUser']) {
+if (isset($_SESSION['authenticatedUser'])) {
+    if ($_SESSION['role'] === 'admin' OR $_SESSION['role'] === 'user') {
+
+    } else {
+        header('Location: index.php');
+    }
 } else {
     header('Location: index.php');
 }
@@ -13,30 +18,68 @@ include('./private/header.php');
     <h2>Order Summary</h2>
 
     <?php
+
     $orders = simplexml_load_file('private/orders.xml');
-    $orderNum = 1;
-    foreach ($orders->order as $order) {
-        $name = $order->delivery->name;
-        $email = $order->delivery->email;
-        $address = $order->delivery->address;
-        $city = $order->delivery->city;
-        $postcode = $order->delivery->postcode;
-        echo "<h3>Order number: $orderNum</h3>";
-        $orderNum++;
-        echo "<p>Name: $name</p>";
-        echo "<p>Email: $email</p>";
-        echo "<p>Address: $address</p>";
-        echo "<p>City: $city</p>";
-        echo "<p>Postcode: $postcode</p>";
-
-        $items = $order->xpath('./items');
-        echo "<table><tr><th>Title (Year) </th><th> Price </th></tr>";
-        foreach ($items[0] as $item) {
-            $title = $item->title;
-            $price = $item->price;
-            echo "<tr><td>$title</td><td> $price</td></tr>";
+
+    if (isset($_SESSION['authenticatedUser'])) {
+    if ($_SESSION['role'] === 'admin') {
+
+
+        $orderNum = 1;
+        foreach ($orders->order as $order) {
+            $name = $order->delivery->name;
+            $email = $order->delivery->email;
+            $address = $order->delivery->address;
+            $city = $order->delivery->city;
+            $postcode = $order->delivery->postcode;
+            echo "<h3>Order number: $orderNum</h3>";
+            $orderNum++;
+            echo "<p>Name: $name</p>";
+            echo "<p>Email: $email</p>";
+            echo "<p>Address: $address</p>";
+            echo "<p>City: $city</p>";
+            echo "<p>Postcode: $postcode</p>";
+
+            $items = $order->xpath('./items');
+            echo "<table><tr><th>Title (Year) </th><th> Price </th></tr>";
+            foreach ($items[0] as $item) {
+                $title = $item->title;
+                $price = $item->price;
+                echo "<tr><td>$title</td><td> $price</td></tr>";
+            }
+            echo "</table>";
         }
-        echo "</table>";
+    } else {
+
+        $orderNum = 1;
+        foreach ($orders->order as $order) {
+
+            if ($_SESSION['authenticatedUser'] == $order->delivery->username) {
+
+                $name = $order->delivery->name;
+                $email = $order->delivery->email;
+                $address = $order->delivery->address;
+                $city = $order->delivery->city;
+                $postcode = $order->delivery->postcode;
+                echo "<h3>Order number: $orderNum</h3>";
+                $orderNum++;
+                echo "<p>Name: $name</p>";
+                echo "<p>Email: $email</p>";
+                echo "<p>Address: $address</p>";
+                echo "<p>City: $city</p>";
+                echo "<p>Postcode: $postcode</p>";
+
+                $items = $order->xpath('./items');
+                echo "<table><tr><th>Title (Year) </th><th> Price </th></tr>";
+                foreach ($items[0] as $item) {
+                    $title = $item->title;
+                    $price = $item->price;
+                    echo "<tr><td>$title</td><td> $price</td></tr>";
+                }
+                echo "</table>";
+            }
+        }
+    }
     }
     ?>
 </div>

private/header.php

@@ -34,7 +34,7 @@ if (session_id() === "") {
 
     <?php if (isset($_SESSION['authenticatedUser'])) { ?>
         <div id="logout">
-            <p>Welcome, <?php echo $_SESSION['authenticatedUser'] ?><span id="logoutUser"></span></p>
+            <p>Welcome, <?php echo $_SESSION['authenticatedUser']." ". $_SESSION['role'] ?><span id="logoutUser"></span></p>
             <form id="logoutForm" method="post" action="logout.php">
                 <input type="submit" name="logoutSubmit" id="logoutSubmit" value="Logout">
             </form>

processCartContents.php

@@ -6,6 +6,7 @@ $newOrder = $orders->addChild('order');
 
 $delivery = $newOrder->addChild('delivery');
 $name = $delivery->addChild('name', $_SESSION['deliveryName']);
+$username = $delivery->addChild('username', $_SESSION['authenticatedUser']);
 $email = $delivery->addChild('email', $_SESSION['deliveryEmail']);
 $address = $delivery->addChild('address', $_SESSION['deliveryAddress1']);
 $city = $delivery->addChild('city', $_SESSION['deliveryCity']);

register.php

@@ -42,8 +42,8 @@ if ($_SESSION['authenticatedUser']) {
             echo "Username is already taken";
             }
 
-            $query = "INSERT INTO Users (username, password, email) " .
-                "VALUES ('$username', SHA('$password'), '$email')";
+            $query = "INSERT INTO Users (username, password, email, role) " .
+                "VALUES ('$username', SHA('$password'), '$email', 'user')";
             $result = $conn->query($query);
             $result->free();
             $result->close();

scifi.php

@@ -5,7 +5,24 @@
 <head>
     <?php
     $scriptList = array('jquery-3.6.0.min.js', 'cart.js', 'showHide.js', 'reviews.js');
-    include("./private/header.php"); ?>
+    include("./private/header.php");
+
+    function addReviewForm($xmlFileName) {
+        if (isset($_SESSION['authenticatedUser'])) {
+            echo "<form action='addReview.php' method='POST'>";
+            echo " <input type='hidden' name='xmlFileName' value='$xmlFileName'>";
+            echo "<select name='rating'>
+  <option value = 1 > 1</option >
+  <option value = 2 > 2</option >
+  <option value = 3 > 3</option >
+  <option value = 4 > 4</option >
+    <option value = 5 > 5</option >
+</select>";
+            echo "<input type='submit'></input>";
+            echo "</form>"; }
+    }
+
+    ?>
 
 </head>
     <body>
@@ -23,6 +40,7 @@
                 $<span class="price">8.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/Attack_of_the_50ft_Woman.xml");?>
             </section>
 
             <section class="film">
@@ -35,6 +53,7 @@
                 $<span class="price">7.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/The_Day_of_the_Triffids.xml");?>
             </section>
 
             <section class="film">
@@ -47,6 +66,7 @@
                 $<span class="price">13.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/Forbidden_Planet.xml");?>
             </section>
 
             <section class="film">
@@ -59,6 +79,7 @@
                 $<span class="price">11.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/King_Kong.xml");?>
             </section>
 
             <section class="film">
@@ -71,6 +92,7 @@
                 $<span class="price">9.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/The_Mummy.xml");?>
             </section>
 
             <section class="film">
@@ -83,6 +105,7 @@
                 $<span class="price">14.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/Plan_9_from_Outer_Space.xml");?>
             </section>
 
 
@@ -96,6 +119,7 @@
                 $<span class="price">7.99</span>
                 <input type="button" value="Add to Cart" class="buy">
                 </p>
+                <?php addReviewForm("reviews/Tarantula.xml");?>
             </section>
 
         </main>

validateCheckout.php

 <?php session_start();
 
-session_start();
 if ($_SESSION['authenticatedUser']) {
 } else {
     header('Location: index.php');
@@ -37,6 +36,7 @@ $_SESSION['cardMonth'] = $_POST['cardMonth'];
 $_SESSION['cardYear'] = $_POST['cardYear'];
 $_SESSION['cardValidation'] = $_POST['cardValidation'];
 
+
 echo "<ul>";
 
 $deliveryNameValid = isEmpty($_SESSION['deliveryName']);