$lifetime = 60 * 3; // Set the lifetime to 3 minutes for instructor ease to grade assignments. session_set_cookie_params($lifetime); session_start(); require_once('*********/*********.php'); require_once('*********/*********.php'); require_once('*********/*********.php'); require_once('*********/*********.php'); require_once('*********/*********.php'); $action = filter_input(INPUT_POST, 'action'); if ($action == null) { $action = filter_input(INPUT_GET, 'action'); if ($action == null) { $action = 'getListView'; } } if (!isset($_SESSION['userName'])) { if ($action == 'requestAccount' || $action == 'loginRequest' || $action == 'createAccount' || $action == 'logout') {} else $action = 'login_required'; } do { switch($action) { case 'login_required': // default for users who have not logged into the web page include('View/*********.php'); exit(); break; case 'logout': // User clicks the logout button unset($_COOKIE['usercookie']); unset($_COOKIE); $_SESSION = array(); // Seems to cause an error with session_destroy() because the session is no longer initalized //session_destroy(); header('Location: .'); exit(); break; case 'loginRequest': // if the users submit login information, validate the user login information include('View/*********.php'); if (!empty($errorMsg_userID) || !empty($errorMsg_userPassword)) { //$vendors = get_vendor_list(); include('View/*********.php'); exit(); break; } else { $results = userCredentials($userID); if (isset($results['userid'])) { if (password_verify($userPassword, $results['password'])) { // Cookie Information setcookie('usercookie[userName]', $results['name'], time() + 60 * 60); setcookie('usercookie[account_type]', $results['account_type'], time() + 60 * 60); // Session Information $_SESSION['account_type'] = $results['account_type']; $_SESSION['userName'] = $results['name']; session_write_close(); // Write and Close the Session so that it stays if the browser refreshes. $action='getListView'; // No redirect, placed switch inside do/while loop, for this instance only! break; } else { $errorMsg_userPassword = 'User Password is incorrect.'; include('View/*********.php'); exit(); break; } } else { $errorMsg_userID = 'User ID is not valid'; include('View/*********.php'); exit(); break; } } break; // just in case, but honestly it should 'exit' or 'redirect' above. case 'requestAccount': // If the user goes to create an account include('View/*********.php'); exit(); break; case 'createAccount': include('View/*********.php'); if (!empty($errorMsg_userID) || !empty($errorMsg_userName) || !empty($errorMsg_userPassword) || !empty($errorMsg_PasswordConfirmation) || !empty($errorMsg_AccountType)) { include('View/*********.php'); exit(); break; } else { add_user($userID, $userName, $userPassword, $userAcctType); header('.?action=login_required'); } break; case 'getListView': // This is the default page once a user has logged in, and is also requested after doing anything with the database. $products = get_product_list(); $countProducts = countProducts(); $vendors = get_vendor_list(); $countVendors = countVendors(); include('View/*********.php'); exit(); break; case 'newProduct': // This is the form sent if the user requests to add a new item. $vendors = get_vendor_list(); include('View/*********.php'); exit(); break; case 'insertProduct': // If the user submits a new item, it is validated and dealt with here. include('View/*********.php'); if (!empty($errorMsg_ProdID) || !empty($errorMsg_ProdVendID) || !empty($errorMsg_ProdName) || !empty($errorMsg_ProdDesc) || !empty($errorMsg_ProdPrice)) { $vendors = get_vendor_list(); include('View/*********.php'); exit(); break; } else { insert_product($ProdID, $ProdVendID, $ProdName, $ProdPrice, $ProdDesc); // redirect takes place in the function } break; // just in case, but honestly it should 'exit' or 'redirect' above. case 'show_Update_Form': // This is the form sent if the user requests to update an item. $vendors = get_vendor_list(); $product_ID = filter_input(INPUT_POST, 'prod_id', FILTER_SANITIZE_STRIPPED); $updated = get_product($product_ID); include('View/*********.php'); break; case 'updateProduct': // If the user updates an item, it is validated and dealt with here. include('View/*********.php'); if (!empty($errorMsg_ProdID) || !empty($errorMsg_ProdVendID) || !empty($errorMsg_ProdName) || !empty($errorMsg_ProdDesc) || !empty($errorMsg_ProdPrice)) { $vendors = get_vendor_list(); include('View/*********.php'); exit(); } else { update_product($ProdID, $ProdVendID, $ProdName, $ProdPrice, $ProdDesc); // redirect takes place in the function } break; case 'show_Delete_Confirm': // if the user requests to delete an item, they are sent to confirm their choice. $product_ID = filter_input(INPUT_POST, 'prod_id', FILTER_SANITIZE_STRIPPED); $updated = get_product($product_ID); include('View/*********.php'); exit(); break; case 'deleteProduct': // if the user has confirmed their choice to delete an item, they are sent here. $product_ID = filter_input(INPUT_POST, 'txtProdID', FILTER_SANITIZE_STRIPPED); delete_product($product_ID); break; // redirect takes place in the function case 'filterProducts': $vendors = get_vendor_list(); if (isset($_POST['btnFilter'])) { include('View/*********.php'); $products = product_filter($sqlQuery); } else { $products = get_product_list(); } include('View/*********.php'); exit(); break; case 'newVendor': // If the user wishes to add a new Vendor, they are sent here. include('vendorView/*********.php'); exit(); break; case 'update_Vendor_Form': // If the user wishes to update Vendor information, they are sent here. $txtVendID = filter_input(INPUT_POST, 'vend_id', FILTER_SANITIZE_STRIPPED); $updated = get_vendor($txtVendID); include('vendorView/*********.php'); break; case 'delete_Vendor_Form': // If the user wishes to delete a Vendor, they are sent here to confirm the decision $txtVendID = filter_input(INPUT_POST, 'vend_id', FILTER_SANITIZE_STRIPPED); $updated = get_vendor($txtVendID); include('vendorView/*********.php'); break; case 'insertVendor': // If the user wishes to add a new Vendor, after inputing the information they are sent here to validate and process include('vendorView/*********.php'); if (!empty($errorMsg_VendName) || !empty($errorMsg_VendAddr) || !empty($errorMsg_VendCity) || !empty($errorMsg_VendState) || !empty($errorMsg_VendZIP) || !empty($errorMsg_VendCountry)){ include('vendorView/*********.php'); exit(); } else { insert_vendor($VendName, $VendAddress, $VendCity, $VendState, $VendZIP, $VendCountry); // redirect takes place in the function } break; case 'updateVendor':// If the user wishes to update Vendor information, after inputing the information they are sent here to validate and process include('vendorView/*********.php'); if (!empty($errorMsg_VendName) || !empty($errorMsg_VendAddr) || !empty($errorMsg_VendCity) || !empty($errorMsg_VendState) || !empty($errorMsg_VendZIP) || !empty($errorMsg_VendCountry)){ include('vendorView/*********.php'); exit(); } else { update_vendor($VendID, $VendName, $VendAddress, $VendCity, $VendState, $VendZIP, $VendCountry); // redirect takes place in the function } break; case 'deleteVendor': // This is the php that deletes the vender from the table. $vendor_range = array("options" => array("min_range" => 1, "max_range" => 2147483647)); $VendID = filter_input(INPUT_POST, 'txtVendID', FILTER_VALIDATE_INT, $vendor_range); delete_vendor($VendID); break; } } while ($action != 'today');