<?php
/* Idut Shop 1.0 (beta)
* (c) 2008 Idut - www.idut.co.uk
* admin.php
*/
session_start();
include("config.php");
include("header.php");
doLogin();
if(!$IS_CONFIG['db_already_connected']){
$link = mysql_connect($IS_CONFIG['db_host'], $IS_CONFIG['db_user'], $IS_CONFIG['db_pass']) or die('Could not connect: ' . mysql_error());
mysql_select_db($IS_CONFIG['db_database']) or die('Could not select database');
}
if($_GET['c'] == "details"){
showDetails();
}elseif($_GET['c'] == "products"){
showProducts();
}elseif($_GET['c'] == "new"){
showNew();
}elseif($_POST['c'] == "donew"){
doNew();
}elseif($_GET['c'] == "install"){
showInstall();
}elseif($_GET['c'] == "doinstall"){
doInstall();
}elseif($_POST['c'] == "doupdate"){
doUpdate($_POST['id']);
}elseif($_GET['c'] == "delete"){
doDelete($_GET['id']);
}else{
showMain();
}
echo '<br/><br/><a href="?">Return to Admin home?</a>';
echo '<br/><br/><a href="http://www.idut.co.uk/"><img src="http://www.idut.co.uk/idutpowered.png" border=0 alt="Powered by Idut Shop"/></a>';
include("footer.php");
function showMain(){
?>
<ul>
<li><a href="?c=install">Install Shop Database</a></li>
<li><a href="?c=products">Manage Existing Products</a></li>
<li><a href="?c=new">Add New Product</a></li>
</ul>
<?php
}//showMain
function showProducts(){
global $IS_CONFIG;
echo "<b>Select a product to manage:</b><br/>";
$query = 'SELECT * FROM '.$IS_CONFIG['db_table'].' ORDER BY id';
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
echo "<table>";
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
echo "<tr>";
echo "<td><a href=\"?c=details&id=$line[id]\">$line[title]</a></td><td align=\"right\">$IS_CONFIG[currency_symbol]$line[price]</td>";
echo "<td width=\"110\" rowspan=2>";
if($line[thumb]) echo "<a href=\"?c=details&id=$line[id]\"><img src=\"$IS_CONFIG[thumb_dir]$line[thumb]\" style=\"border:1px solid black;\"/></a>";
echo "</td>";
echo "</tr><tr><td colspan=2 valign=top>$line[description]</td>";
echo "</tr><tr><td colspan=3 align=\"center\"><hr></td>";
echo "</tr>";
}
echo "</table>";
}//showProducts
function showDetails(){
global $IS_CONFIG;
$query = "SELECT * FROM $IS_CONFIG[db_table] WHERE id = '$_GET[id]'";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
echo "<table>";
$line = mysql_fetch_array($result, MYSQL_ASSOC);
echo "<tr>";
echo "<td><big><b>$line[title]</b></big></td><td align=\"right\">$IS_CONFIG[currency_symbol]$line[price]</td>";
echo "<td width=\"110\" rowspan=2>";
if($line[thumb]) echo "<img src=\"$IS_CONFIG[thumb_dir]$line[thumb]\" style=\"border:1px solid black;\"/>";
echo "</td>";
echo "</tr><tr><td colspan=2 valign=top>$line[description]</td>";
echo "</tr>";
echo "</table>";
echo "<a href=\"?c=products\">Return to products?</a>";
if($line['instock']){
$instock = 'checked="checked"';
}
?>
<script>
function confirmation(id) {
var answer = confirm("Continue to delete this product?")
if (answer){
window.location = "?c=delete&id="+id;
}
}
</script>
<form name="" id="" method="post" action="?">
<table border="0" cellspacing="0" cellpadding="5">
<tr>
<td align="right">Product Name: </td>
<td><input name="title" type="text" id="title" value="<?php echo $line['title'];?>"/></td>
</tr>
<tr>
<td align="right">Description:</td>
<td><textarea name="description" id="description" cols="50" rows="4"><?php echo $line['description'];?></textarea></td>
</tr>
<tr>
<td align="right">Price:</td>
<td><?php echo $IS_CONFIG['currency_symbol']; ?><input name="price" type="text" id="price" size="5" value="<?php echo $line['price'];?>"/></td>
</tr>
<tr>
<td align="right">Large Image: </td>
<td><input name="image" type="text" id="image" value="<?php echo $line['image'];?>"/></td>
</tr>
<tr>
<td align="right">Thumbnail image:</td>
<td><input name="thumb" type="text" id="thumb" value="<?php echo $line['thumb'];?>"/></td>
</tr>
<tr>
<td align="right">Current in stock: </td>
<td><input name="instock" type="checkbox" id="instock" value="true" <?php echo $instock;?> /></td>
</tr>
<tr>
<td align="right"><input name="c" type="hidden" id="c" value="doupdate" />
<input name="id" type="hidden" id="id" value="<?php echo $line['id'];?>" /></td>
<td><input type="submit" value="Update Product" /> <a href="#" onclick="confirmation('<?php echo $line['id'];?>');">Delete this product</a> </td>
</tr>
</table>
</form>
<?php
}//showDetails
function doUpdate($id){
global $IS_CONFIG;
if($_POST['instock']){
$instock = '1';
}else{
$instock = '0';
}
$query = "UPDATE $IS_CONFIG[db_table] SET title = '$_POST[title]',description = '$_POST[description]',price = '$_POST[price]',image = '$_POST[image]',thumb = '$_POST[thumb]',instock = '$instock' WHERE id = $id";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
echo 'This product has been updated!<br/><br/>';
echo "<a href=\"?c=products\">Return to products?</a>";
}//doUpdate
function showNew(){
?>
<form name="" id="" method="post" action="?" enctype="multipart/form-data">
<table border="1" cellspacing="0" cellpadding="5">
<tr>
<td align="right">Product Name: </td>
<td><input name="title" type="text" id="title"/></td>
</tr>
<tr>
<td align="right">Description:</td>
<td><textarea name="description" id="description" cols="50" rows="4"></textarea></td>
</tr>
<tr>
<td align="right">Price:</td>
<td><?php echo $IS_CONFIG['currency_symbol']; ?><input name="price" type="text" id="price" size="5" /></td>
</tr>
<tr>
<td align="right">Upload new photo: </td>
<td><input name="f" type="file" id="f" />
<br/><b>or use existing:</b><br/>
Large Image: <input name="image" type="text" id="image"/>
Thumbnail image: <input name="thumb" type="text" id="thumb"/></td>
</tr>
<tr>
<td align="right">Current in stock: </td>
<td><input name="instock" type="checkbox" id="instock" value="true" checked /></td>
</tr>
<tr>
<td align="right"><input name="c" type="hidden" id="c" value="donew" /></td>
<td><input type="submit" value="Add Product" /></td>
</tr>
</table>
</form>
<?php
}//showNew
function doNew(){
global $IS_CONFIG;
$f = $_FILES['f'];
$uploaddir = $IS_CONFIG['image_dir'];
$uploadfile = $IS_CONFIG['image_dir']. basename($f['name']);
if(file_exists($uploadfile)){
$keepgoing = true;
$count = 1;
$t = explode(".",$f['name']);
$t1 = null;
for($i = 0;$i<count($t)-1;$i++){
$t1 = $t1.$t[$i];
}
while($keepgoing){
if(!file_exists($uploaddir.$t1."_$count.".$t[(count($t)-1)])){
$keepgoing = false;
$f['name'] = $t1."_$count.".$t[(count($t)-1)];
$uploadfile = $uploaddir . basename($f['name']);
}
$count++;
}
}
if (move_uploaded_file($f['tmp_name'], $uploadfile)) {
//IMAGE
$width = 500;
$height = 375;
$file = $uploadfile;
$filetype = substr($file,-3);
if($filetype == "jpg"){
$img = imagecreatefromjpeg($file);
}elseif($filetype == "gif"){
$img = imagecreatefromgif($file);
}elseif($filetype == "png"){
$img = imagecreatefrompng($file);
}
$imgsize = getimagesize($file);
$newimg = imagecreatetruecolor($width,$height);
$ratioH = (double)($imgsize[1] / $height);
$newWidth = round($width * $ratioH);
if ($newWidth > $imgsize[0]){
$ratio = (double)($imgsize[0] / $width);
$newWidth = $imgsize[0];
$newHeight = round($height * $ratio);
$xOffset = 0;
$yOffset = round(($imgsize[1] - $newHeight) / 2);
}else{
$newHeight = $imgsize[1];
$xOffset = round(($imgsize[0] - $newWidth) / 2);
$yOffset = 0;
}
imagecopyresampled($newimg, $img, 0, 0, $xOffset, $yOffset, $width, $height, $newWidth, $newHeight);
if($filetype == "jpg"){
$img = imagejpeg($newimg, $file);
}elseif($filetype == "gif"){
$img = imagegif($newimg, $file);
}elseif($filetype == "png"){
$img = imagepng($newimg, $file);
}
imagedestroy($newimg);
//THUMB
$width = 110;
$height = 75;
$file = $IS_CONFIG['thumb_dir'].$f['name'];
$filetype = substr($file,-3);
if($filetype == "jpg"){
$img = imagecreatefromjpeg($uploadfile);
}elseif($filetype == "gif"){
$img = imagecreatefromgif($uploadfile);
}elseif($filetype == "png"){
$img = imagecreatefrompng($uploadfile);
}
$imgsize = getimagesize($uploadfile);
$newimg = imagecreatetruecolor($width,$height);
$ratioH = (double)($imgsize[1] / $height);
$newWidth = round($width * $ratioH);
if ($newWidth > $imgsize[0]){
$ratio = (double)($imgsize[0] / $width);
$newWidth = $imgsize[0];
$newHeight = round($height * $ratio);
$xOffset = 0;
$yOffset = round(($imgsize[1] - $newHeight) / 2);
}else{
$newHeight = $imgsize[1];
$xOffset = round(($imgsize[0] - $newWidth) / 2);
$yOffset = 0;
}
imagecopyresampled($newimg, $img, 0, 0, $xOffset, $yOffset, $width, $height, $newWidth, $newHeight);
if($filetype == "jpg"){
$img = imagejpeg($newimg, $file);
}elseif($filetype == "gif"){
$img = imagegif($newimg, $file);
}elseif($filetype == "png"){
$img = imagepng($newimg, $file);
}
imagedestroy($newimg);
chmod($IS_CONFIG['thumb_dir'].$f['name'], 0644);
chmod($IS_CONFIG['image_dir'].$f['name'], 0644);
$_POST['image'] = $f['name'];
$_POST['thumb'] = $f['name'];
}else{
echo "It was not possible to upload your file.<br/>";
if($f['error'] == 1){
echo "Your file was too large. Try making it smaller by compressing it or reducing the quality.";
}elseif($f['error'] == 2){
echo "Your file was too large. Try making it smaller by compressing it or reducing the quality.";
}elseif($f['error'] == 3){
echo "Your file was only partially uploaded. Please try again.";
}elseif($f['error'] == 4){
echo "You didn't select a file to upload. Please try again.";
}else{
echo "If you continue to experience this error, please contact support to resolve this and quote number $f[error]";
}
}
if($_POST['instock']){
$instock = '1';
}else{
$instock = '0';
}
$query = "INSERT INTO $IS_CONFIG[db_table](title,description,price,image,thumb,instock) VALUES('$_POST[title]','$_POST[description]','$_POST[price]','$_POST[image]','$_POST[thumb]','$instock')";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
echo 'This product has been added!<br/><br/>';
echo "<a href=\"?c=products\">Return to products?</a>";
}//doNew
function showInstall(){
?>
<a href="?c=doinstall">Click here to create the database table so you can add products.</a><br/><br/>
Please note that this should only be done once.
<?php
}//showInstall
function doInstall(){
global $IS_CONFIG;
$query = "CREATE TABLE IF NOT EXISTS `$IS_CONFIG[db_table]` (
`id` int(6) unsigned NOT NULL auto_increment,
`title` varchar(100) NOT NULL default '',
`description` text,
`price` decimal(3,2) NOT NULL default '0.00',
`image` varchar(255) default NULL,
`thumb` varchar(255) default NULL,
`instock` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
echo "The database table has been installed. You can now add products.";
echo "<a href=\"?\">Return to admin home?</a>";
}//doInstall
function doDelete($id){
global $IS_CONFIG;
$query = "DELETE FROM $IS_CONFIG[db_table] WHERE id = '$id'";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
echo "The product has been deleted.<br/><br/>";
echo "<a href=\"?c=products\">Return to products?</a>";
}//doDelete
function doLogin(){
global $IS_CONFIG;
if(isset($_SESSION['user']) AND isset($_SESSION['pass'])){
if($_SESSION['user'] != $IS_CONFIG['username'] OR $_SESSION['pass'] != md5($IS_CONFIG['password'])){
unset($_SESSION['user']);
unset($_SESSION['pass']);
doLogin();
exit;
}
}elseif(isset($_POST['username']) AND isset($_POST['password'])){
if($_POST['username'] == $IS_CONFIG['username'] AND $_POST['password'] == $IS_CONFIG['password']){
$_SESSION['user'] = $_POST['username'];
$_SESSION['pass'] = md5($_POST['password']);
}else{
echo "<b>Error:</b> your username and password were not recognised. Please try again";
exit;
}
}else{
$form_to = "http://$_SERVER[HTTP_HOST]$_SERVER[PHP_SELF]";
if(isset($_SERVER["QUERY_STRING"]))
$form_to = $form_to ."?". $_SERVER["QUERY_STRING"];
?>
<table class="canvas" align="center"><tr><td align="center">
<form method="post" action="<?php echo $form_to; ?>">
<table border=0 width=350 align="center" >
<TR>
<TD>User Name:</TD>
<TD><input type="text" name="username" size=20></TD></TR>
<TR>
<TD>Password:</TD>
<TD><input type="password" name="password" size=20></TD>
</TR>
</table>
<input type="submit" value="Login"><br/><br/>To log out, simply close this browser window.</form>
</table>
<?php
exit;
}
}//doLogin
?>