informationSecurity18/additem.php at master · tmustafa123/informationSecurity18 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<?php include 'includes/header.php';
include 'includes/dbcontroller.php';
include 'includes/rb.php';

if (!isset($_SESSION["role"]) && $_SESSION["role"] !="Admin")
{
header('Location:index.php');
exit();
}
$db_handle1 = new DBController();
//$CATEGORYS = $db_handle1->runQuery("SELECT category_name,category_id FROM `categories` ");
$target_dir = "images/";


if(!R::testConnection())
{
  R::setup('mysql:host=localhost;dbname=ecommerce', 'root', '');
}

$pages = R::findAll('categories');

foreach ($pages as $entry)
{

}
 function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}

if (isset($_POST['submit']))
{
//$db_handle = new DBController();

    $category=test_input($_POST['category']);
    $name=test_input($_POST['name']);
    $qty=test_input($_POST['qty']);
    $color=test_input($_POST['color']);
    $price=test_input($_POST['price']);
    $desc=test_input($_POST['desc']);

   if (($category!="") && (!empty($name)) && (!empty($qty)) && (!empty($color)) && (!empty($price))  && (!empty($desc)) )
   {

$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

$tempFileName = $_FILES["fileToUpload"]["tmp_name"];

$result = move_uploaded_file($tempFileName,$target_file);

// Check if image file is a actual image or fake image

    $check = getimagesize($target_file);
    if($check !== false)
    {
// $db_handle->runAdd("INSERT INTO items (`category_id`, `name`, `qauntity`, `color`, `price`, `pic_path`,`description`) VALUES ('$category','$name','$qty','$color','$price','$target_file','$desc')");

if(!R::testConnection())
{
 R::setup('mysql:host=localhost;dbname=ecommerce', 'root', '');
}


$items = R::dispense( 'items' );
$items->category_id = $category;
$items->name = $name;
$items->qauntity = $qty;
$items->color = $color;
$items->price = $price;
$items->pic_path = $target_file;
$items->description = $desc;
$id=R::store($items);
    header('Location:index.php');
   exit();

    }
   }
 }
?>

<article id="address">
	<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"  enctype="multipart/form-data">
    	<h1>Add New Item</h1>

        <p>
       <label>Select Category:</label>
            <select id="category" name="category" required="true">
            <option value="">SELECT CATEGORY</option>

        <?php  foreach($pages as $entry)
         {  ?>
              <option value="<?php echo $entry['id']; ?>"><?php echo $entry['category_name']; ?></option>
       <?php } ?>
           </select>
        </p>

        <p>
            <label >Item Name:</label>
            <input id="name" name="name" type="text" required="true"><span class="alert">*</span>
        </p>
        <p>
            <label >Quantity</label>
             <input id="name" name="qty" type="number" required="true"><span class="alert">*</span>
        </p>
        <p>
            <label >Color</label>
             <select id="color" name="color" required="true">
             <option value="">SELECT COLOR</option>
                <option value="red">Red</option>
                <option value="blue">Blue</option>
                <option value="black">Black</option>
                <option value="indigo">Indigo</option>
                <option value="mix">Mix</option>

                </select>
        </p>
         <p>
            <label >Price:</label>
            <input id="name" name="price" type="text" required="true"><span class="alert">*</span>
        </p>
         <p>
            <label >Description:</label>
            <textarea class="form-control" data-required="true" placeholder="Item Details" rows="5" cols="40" name="desc"  ></textarea>
        </p>
        <p>
            <label >Select Image:</label>

             <input type="file" name="fileToUpload" id="fileToUpload" required="true">


        </p>

        <p>
          <label>&nbsp;</label><button type="submit" class="continue" name="submit">Add Item</button>
        </p>
    </form>


</article>
<footer>
	<div class="wrapper">
    	<span class="logo">Buy2 </span>
        <a href="#">Terms &amp; Conditions</a> <a href="#">Shipping &amp; Returns</a> <a href="#">Size Guide</a><a href="#">Help</a> <br />
        Address to said Buy2 , including postcode &nbsp;-&nbsp; 1.888.CO.name <a href="mailto:Buy2 ">service@Buy2 comp.com</a>
    </div>
</footer>
</body>
</html>