Show sourcecode

The following files exists in this folder. Click to view.

webbserverprogrammering/projekt/snake_oil_seller/php/

about_us.php
add_to_cart.php
admin.php
buy_cart.php
config.php
contact.php
create_products.php
create_tables.php
createtable.php
dbconnection.php
delete_post.php
delete_tables.php
deletepost.php
deletetable.php
entry.php
header.php
insert_posts.php
insertposts.php
leaderboard.php
log_in.php
log_out.php
main.php
my_account.php
question_maker.php
quiz_form.php
quiz_list.php
quiz_maker.php
result.php
select_posts.php
selectposts.php
shop.php
shop_item.php
shopping_cart.php
sign_in.php
title_card.php
update_posts.php
updateposts.php
user_verified.php
verify_page.php

`my_account.php`

183 lines UTF-8 Windows (CRLF)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183


<?php

  // Initierar sessionen

  session_start();



  /** @var PDO $dbconn*/

  include ("dbconnection.php");

?>

<!DOCTYPE html>

<html lang="sv">

  <head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <title>My account</title>

    <link href="../css/snake_oil.css" rel="stylesheet">

    <link href="../css/main.css" rel="stylesheet">

  </head>

  <body>

    <!-- Titel -->

    <?php include "title_card.php";?>



    <!-- Rubriker -->

    <?php include "header.php";?>

    

    <!-- Användarens konto -->

    <?php

      // Hämtar all info från användaren

      if (isset($id)) {

        $sql = $dbconn->prepare("SELECT * FROM users WHERE id = ?");

        $sql->execute([$id]);

        $info = $sql->fetch(PDO::FETCH_ASSOC);



        $username = $info["username"];

        $email = $info["email"];

        $creation_date = $info["reg_date"];



        // Hämtar alla beställningar

        $order_stmt = $dbconn->prepare("SELECT * FROM orders WHERE user_id = ?");

        $order_stmt->execute([$id]);

        $orders = $order_stmt->fetchAll(PDO::FETCH_ASSOC);



      } else {

        echo "You are not logged in.";

      }

      

    ?>

    <div id="container_my_account">

      <div id="account_info">

        Account information

        <div style="background-color:rgb(64, 81, 59); width: 90%; border-radius:5vw; margin-bottom: 2vh; margin-top: 2vh;">

          <p>Username: <?= $username?></p>

          <p>Password : ******</p>

          <p>Email : <?= $email?></p>

          <p>Account creation date : <?= $creation_date?></p>

          <div>Purchase history

          <?php

          // Visar köp historiken

            if (empty($orders)) {

              echo "<p>No purchases yet.</p>";

            } else {



              foreach ($orders as $order) {



                $order_id = $order["id"];



                $items_stmt = $dbconn->prepare("

                  SELECT oi.amount, p.name, p.price

                  FROM order_items oi

                  JOIN product_items p ON oi.product_id = p.id

                  WHERE oi.order_id = ?

                ");



                $items_stmt->execute([$order_id]);

                $items = $items_stmt->fetchAll(PDO::FETCH_ASSOC);



                foreach ($items as $item) {

                  $name = $item["name"];

                  $amount = $item["amount"];

                  $price = $item["price"];

                  $total = $amount * $price;



                  echo "<p>$name : $amount st : $total kr</p>";

                }

              }

            }

          ?>

          </div>

        </div>

        <!-- Redigera konto information (borde vara ajax för snabbare uppdateringar) -->

        Edit account

        <?php

          // AI genererat också :C

          $message = "";



          // Ändra användarnamn

          if (isset($_POST["new_username"])) {

            $new_username = $_POST["new_username"];



            $stmt = $dbconn->prepare("UPDATE users SET username = ? WHERE id = ?");

            $stmt->execute([$new_username, $id]);



            $_SESSION["username"] = $new_username;

            $message = "Username updated";

          }



          // Ändra lösenord

          if (isset($_POST["current_password"], $_POST["new_password"])) {



            $stmt = $dbconn->prepare("SELECT password FROM users WHERE id = ?");

            $stmt->execute([$id]);

            $user = $stmt->fetch(PDO::FETCH_ASSOC);



            if ($user && password_verify($_POST["current_password"], $user["password"])) {



              $new_hash = password_hash($_POST["new_password"], PASSWORD_DEFAULT);



              $update = $dbconn->prepare("UPDATE users SET password = ? WHERE id = ?");

              $update->execute([$new_hash, $id]);



              $message = "Password updated";



            } else {

              $message = "Wrong current password";

            }

          }



          // Tar bort kontot

          if (isset($_POST["delete_username"])) {



            if ($_POST["delete_username"] === $_SESSION["username"]) {



              // ta bort order_items kopplade via orders

              $stmt = $dbconn->prepare("

                DELETE oi FROM order_items oi

                JOIN orders o ON oi.order_id = o.id

                WHERE o.user_id = ?

              ");

              $stmt->execute([$id]);



              // ta bort orders

              $remove_orders = $dbconn->prepare("DELETE FROM orders WHERE user_id = ?");

              $remove_orders->execute([$id]);



              // ta bort user

              $remove_user = $dbconn->prepare("DELETE FROM users WHERE id = ?");

              $remove_user->execute([$id]);



              // stäng session korrekt

              session_unset();

              session_destroy();



              header("Location: log_out.php");

              exit;

            } else {

              $message = "Username does not match";

            }

          }

        ?>



        <div style="background-color:rgb(64, 81, 59); width: 90%; border-radius:5vw;">

          <?php echo "$message";?>

          <form method="post">

            <p>Change username :</p>

            <input type="text" name="new_username" placeholder="New username">

            <button type="submit">Change name</button>

          </form>



          <form method="post">

            <p>Change password :</p>

            <input type="password" name="current_password" placeholder="Current password">

            <input type="password" name="new_password" placeholder="New password">

            <button type="submit">Change password</button>

          </form>



          <form method="post">

            <p>VARNING! Delete account :</p>

            <input type="text" name="delete_username" placeholder="Write your username">

            <button type="submit">Delete account</button>

          </form>

        </div>

      </div>

    </div>

  </body>

</html>