From 1d3febeec157fd75cb9b7997fa34267cc6142929 Mon Sep 17 00:00:00 2001 From: max Date: Wed, 16 Apr 2025 09:31:36 +0200 Subject: [PATCH] update to use single html with dynamic div --- add_restaurant.php | 46 ----- central.css | 2 +- db_connection.php | 60 ------ htmls/add_restaurant.html | 8 + htmls/chart.html | 81 ++++++++ htmls/login.html | 8 + htmls/overview.html | 21 +++ htmls/register_request.html | 47 +++++ index.html | 268 +++++++++++++++++++++++++++ index.php | 13 -- login.php | 52 ------ logout.php | 6 - php/add_restaurant.php | 29 +++ add_review.php => php/add_review.php | 2 +- php/db_connection.php | 91 +++++++++ php/get_restaurant_overview.php | 22 +++ php/get_restaurant_tiers.php | 37 ++++ php/login.php | 37 ++++ php/logout.php | 7 + php/process_registration.php | 101 ++++++++++ php/register_request.php | 35 ++++ 21 files changed, 794 insertions(+), 179 deletions(-) delete mode 100644 add_restaurant.php delete mode 100644 db_connection.php create mode 100644 htmls/add_restaurant.html create mode 100644 htmls/chart.html create mode 100644 htmls/login.html create mode 100644 htmls/overview.html create mode 100644 htmls/register_request.html create mode 100644 index.html delete mode 100644 index.php delete mode 100644 login.php delete mode 100644 logout.php create mode 100644 php/add_restaurant.php rename add_review.php => php/add_review.php (97%) create mode 100644 php/db_connection.php create mode 100644 php/get_restaurant_overview.php create mode 100644 php/get_restaurant_tiers.php create mode 100644 php/login.php create mode 100644 php/logout.php create mode 100644 php/process_registration.php create mode 100644 php/register_request.php diff --git a/add_restaurant.php b/add_restaurant.php deleted file mode 100644 index 60217f1..0000000 --- a/add_restaurant.php +++ /dev/null @@ -1,46 +0,0 @@ -query($sql) === TRUE) { - $restaurant_success = "Restaurant added successfully!"; - } else { - $restaurant_error = "Error: " . $sql . "
" . $conn->error; - } -} - -$conn->close(); -?> - - - - - Add Restaurant - - -

Add New Restaurant

- -

- - -

- -
"> - Name:

- Maps Link:

- -
-

Back to Dashboard

- - \ No newline at end of file diff --git a/central.css b/central.css index 7b8c026..192d1cb 100644 --- a/central.css +++ b/central.css @@ -128,7 +128,7 @@ th { /* Specific elements for your pages */ /* You can add more specific styles here as needed */ -/* Example for the welcome message on index.php */ +/* Example for the welcome message on index.html */ .welcome-message { margin-bottom: 20px; font-size: 1.2em; diff --git a/db_connection.php b/db_connection.php deleted file mode 100644 index 51c55e1..0000000 --- a/db_connection.php +++ /dev/null @@ -1,60 +0,0 @@ -setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - - // Check if the User table exists - $result = $db->query("SELECT name FROM sqlite_master WHERE type='table' AND name='User'"); - $userTableExists = $result->fetchColumn(); - - if (!$userTableExists) { - // Initialize the database structure - $db->exec(" - CREATE TABLE User ( - id INTEGER PRIMARY KEY AUTOINCREMENT, - vorname TEXT NOT NULL, - nachname TEXT NOT NULL, - username TEXT UNIQUE NOT NULL, - password TEXT NOT NULL - ) - "); - - $db->exec(" - CREATE TABLE Restaurant ( - id INTEGER PRIMARY KEY AUTOINCREMENT, - name TEXT NOT NULL, - maps_link TEXT - ) - "); - - $db->exec(" - CREATE TABLE Bewertung ( - id INTEGER PRIMARY KEY AUTOINCREMENT, - fk_user_id INTEGER NOT NULL, - fk_restaurant_id INTEGER NOT NULL, - bewertung INTEGER NOT NULL CHECK (bewertung BETWEEN 0 AND 10), - bewertung_str TEXT, - FOREIGN KEY (fk_user_id) REFERENCES User(id), - FOREIGN KEY (fk_restaurant_id) REFERENCES Restaurant(id) - ) - "); - - echo "

Database initialized successfully!

"; - } else { - // Optionally, you can add a message indicating the database already exists - // echo "

Database already exists.

"; - } - -} catch (PDOException $e) { - die("Database connection failed: " . $e->getMessage()); -} - -function sanitize_input($data) { - $data = trim($data); - $data = stripslashes($data); - $data = htmlspecialchars($data); - return $data; -} -?> \ No newline at end of file diff --git a/htmls/add_restaurant.html b/htmls/add_restaurant.html new file mode 100644 index 0000000..65110fb --- /dev/null +++ b/htmls/add_restaurant.html @@ -0,0 +1,8 @@ +

Add New Restaurant

+
+
+
+ Name:

+ Maps Link:

+ +
\ No newline at end of file diff --git a/htmls/chart.html b/htmls/chart.html new file mode 100644 index 0000000..0b359ab --- /dev/null +++ b/htmls/chart.html @@ -0,0 +1,81 @@ +

Restaurant Tier List

+
+
+ + + + \ No newline at end of file diff --git a/htmls/login.html b/htmls/login.html new file mode 100644 index 0000000..6f52fbc --- /dev/null +++ b/htmls/login.html @@ -0,0 +1,8 @@ +

Login

+
+
+ Username:

+ Password:

+ +
+ \ No newline at end of file diff --git a/htmls/overview.html b/htmls/overview.html new file mode 100644 index 0000000..4ef476c --- /dev/null +++ b/htmls/overview.html @@ -0,0 +1,21 @@ +

Restaurant Overview

+
+
+ \ No newline at end of file diff --git a/htmls/register_request.html b/htmls/register_request.html new file mode 100644 index 0000000..7a9b248 --- /dev/null +++ b/htmls/register_request.html @@ -0,0 +1,47 @@ +

Request Account

+
+
+
+ Vorname:

+ Nachname:

+ Username:

+ +
+ \ No newline at end of file diff --git a/index.html b/index.html new file mode 100644 index 0000000..b1f6481 --- /dev/null +++ b/index.html @@ -0,0 +1,268 @@ + + + + + + Restaurant Review Site + + + + + + +
+
+ + + + \ No newline at end of file diff --git a/index.php b/index.php deleted file mode 100644 index cf1bc2a..0000000 --- a/index.php +++ /dev/null @@ -1,13 +0,0 @@ -Add Restaurant

"; -echo "

Add Review

"; -echo "

Logout

"; -?> \ No newline at end of file diff --git a/login.php b/login.php deleted file mode 100644 index d976c63..0000000 --- a/login.php +++ /dev/null @@ -1,52 +0,0 @@ -query($sql); - - if ($result->num_rows == 1) { - $row = $result->fetch_assoc(); - if (password_verify($password, $row['password'])) { - $_SESSION['username'] = $row['username']; - $_SESSION['user_id'] = $row['id']; - header("Location: index.php"); // Redirect after successful login - exit(); - } else { - $login_error = "Invalid username or password."; - } - } else { - $login_error = "Invalid username or password."; - } -} - -$conn->close(); -?> - - - - - Login - - -

Login

- -

- -
"> - Username:

- Password:

- -
-

Don't have an account? Register here

- - \ No newline at end of file diff --git a/logout.php b/logout.php deleted file mode 100644 index f359438..0000000 --- a/logout.php +++ /dev/null @@ -1,6 +0,0 @@ - \ No newline at end of file diff --git a/php/add_restaurant.php b/php/add_restaurant.php new file mode 100644 index 0000000..b7f797d --- /dev/null +++ b/php/add_restaurant.php @@ -0,0 +1,29 @@ + false, 'error' => 'Not logged in.']); + exit(); +} + +if ($_SERVER["REQUEST_METHOD"] == "POST") { + $name = sanitize_input($_POST['name']); + $maps_link = sanitize_input($_POST['maps_link']); + + $stmt = $db->prepare("INSERT INTO Restaurant (name, maps_link) VALUES (:name, :maps_link)"); + $stmt->bindParam(':name', $name); + $stmt->bindParam(':maps_link', $maps_link); + + if ($stmt->execute()) { + echo json_encode(['success' => true, 'message' => 'Restaurant added successfully!']); + exit(); + } else { + echo json_encode(['success' => false, 'error' => 'Error: ' . print_r($stmt->errorInfo(), true)]); + exit(); + } +} else { + echo json_encode(['success' => false, 'error' => 'Invalid request method.']); + exit(); +} +?> \ No newline at end of file diff --git a/add_review.php b/php/add_review.php similarity index 97% rename from add_review.php rename to php/add_review.php index 600ca5a..3d5b05d 100644 --- a/add_review.php +++ b/php/add_review.php @@ -65,6 +65,6 @@ $conn->close(); Review Text:

-

Back to Dashboard

+

Back to Dashboard

\ No newline at end of file diff --git a/php/db_connection.php b/php/db_connection.php new file mode 100644 index 0000000..404eeca --- /dev/null +++ b/php/db_connection.php @@ -0,0 +1,91 @@ +setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + + // Check if the User table exists + $result = $db->query("SELECT name FROM sqlite_master WHERE type='table' AND name='User'"); + $userTableExists = $result->fetchColumn(); + + if (!$userTableExists) { + // Initialize the database structure + $db->exec(" + CREATE TABLE User ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + vorname TEXT NOT NULL, + nachname TEXT NOT NULL, + username TEXT UNIQUE NOT NULL, + password TEXT NOT NULL, + active BOOLEAN DEFAULT 0 + ) + "); + + $db->exec(" + CREATE TABLE Restaurant ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL, + maps_link TEXT + ) + "); + + $db->exec(" + CREATE TABLE Bewertung ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + fk_user_id INTEGER NOT NULL, + fk_restaurant_id INTEGER NOT NULL, + bewertung INTEGER NOT NULL CHECK (bewertung BETWEEN 0 AND 10), + bewertung_str TEXT, + FOREIGN KEY (fk_user_id) REFERENCES User(id), + FOREIGN KEY (fk_restaurant_id) REFERENCES Restaurant(id) + ) + "); + + echo "

Database structure created.

"; + + // Check if any users exist + $checkUserStmt = $db->query("SELECT COUNT(*) FROM User"); + $userCount = $checkUserStmt->fetchColumn(); + + if ($userCount == 0) { + // Create an initial admin account + $adminVorname = 'Admin'; + $adminNachname = 'User'; + $adminUsername = 'admin'; + $adminPassword = 'admin123'; // IMPORTANT: Change this default password! + $hashedPassword = password_hash($adminPassword, PASSWORD_DEFAULT); + $adminActive = 2; // Let's use 2 to denote an admin user + + $insertAdminStmt = $db->prepare(" + INSERT INTO User (vorname, nachname, username, password, active) + VALUES (:vorname, :nachname, :username, :password, :active) + "); + $insertAdminStmt->bindParam(':vorname', $adminVorname); + $insertAdminStmt->bindParam(':nachname', $adminNachname); + $insertAdminStmt->bindParam(':username', $adminUsername); + $insertAdminStmt->bindParam(':password', $hashedPassword); + $insertAdminStmt->bindParam(':active', $adminActive, PDO::PARAM_INT); + + if ($insertAdminStmt->execute()) { + echo "

Initial admin account created: Username='admin', Password='admin123' (Please change immediately!).

"; + } else { + echo "

Error creating initial admin account: " . print_r($insertAdminStmt->errorInfo(), true) . "

"; + } + } + + } else { + // echo "

Database already exists.

"; + } + +} catch (PDOException $e) { + die("Database connection failed: " . $e->getMessage()); +} + +function sanitize_input($data) { + $data = trim($data); + $data = stripslashes($data); + $data = htmlspecialchars($data); + return $data; +} +?> \ No newline at end of file diff --git a/php/get_restaurant_overview.php b/php/get_restaurant_overview.php new file mode 100644 index 0000000..a05547a --- /dev/null +++ b/php/get_restaurant_overview.php @@ -0,0 +1,22 @@ +prepare("SELECT id, name, maps_link FROM Restaurant"); +$stmt->execute(); +$restaurants = $stmt->fetchAll(PDO::FETCH_ASSOC); + +if ($restaurants) { + $output = ""; + echo $output; +} else { + echo "

No restaurants available.

"; +} +?> \ No newline at end of file diff --git a/php/get_restaurant_tiers.php b/php/get_restaurant_tiers.php new file mode 100644 index 0000000..162a60d --- /dev/null +++ b/php/get_restaurant_tiers.php @@ -0,0 +1,37 @@ +prepare(" + SELECT + r.id, + r.name, + ROUND(MEDIAN(b.bewertung)) AS median_score + FROM Restaurant r + LEFT JOIN Bewertung b ON r.id = b.fk_restaurant_id + GROUP BY r.id, r.name + ORDER BY median_score DESC NULLS LAST +"); +$stmt->execute(); +$restaurants = $stmt->fetchAll(PDO::FETCH_ASSOC); + +$tiers = []; +foreach ($restaurants as $restaurant) { + $score = $restaurant['median_score']; + if ($score >= 9) { + $tiers['S'][] = $restaurant; + } elseif ($score >= 7) { + $tiers['A'][] = $restaurant; + } elseif ($score >= 5) { + $tiers['B'][] = $restaurant; + } elseif ($score >= 3) { + $tiers['C'][] = $restaurant; + } elseif ($score >= 1) { + $tiers['D'][] = $restaurant; + } else { + $tiers['Unrated'][] = $restaurant; // For restaurants with no reviews + } +} + +echo json_encode($tiers); +?> \ No newline at end of file diff --git a/php/login.php b/php/login.php new file mode 100644 index 0000000..bca53d9 --- /dev/null +++ b/php/login.php @@ -0,0 +1,37 @@ +prepare("SELECT id, username, password, active FROM User WHERE username = :username"); + $stmt->bindParam(':username', $username); + $stmt->execute(); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + + if ($row) { + if ($row['active'] == 1 && password_verify($password, $row['password'])) { + $_SESSION['username'] = $row['username']; + $_SESSION['user_id'] = $row['id']; + // Set cookie + setcookie('loggedIn', 'true', time() + 600, '/'); // Expires in 10 minutes + echo json_encode(['success' => true, 'message' => 'Login successful!']); + exit(); + } else if ($row['active'] == 0) { + echo json_encode(['success' => false, 'error' => 'Account is not active. Please wait for admin approval.']); + exit(); + } else { + echo json_encode(['success' => false, 'error' => 'Invalid username or password.']); + exit(); + } + } else { + echo json_encode(['success' => false, 'error' => 'Invalid username or password.']); + exit(); + } +} else { + echo json_encode(['success' => false, 'error' => 'Invalid request method.']); + exit(); +} +?> \ No newline at end of file diff --git a/php/logout.php b/php/logout.php new file mode 100644 index 0000000..0b971dc --- /dev/null +++ b/php/logout.php @@ -0,0 +1,7 @@ + true, 'message' => 'Logged out successfully.']); +exit(); +?> \ No newline at end of file diff --git a/php/process_registration.php b/php/process_registration.php new file mode 100644 index 0000000..21168d1 --- /dev/null +++ b/php/process_registration.php @@ -0,0 +1,101 @@ + false, 'error' => 'Not logged in.']); + exit(); +} + +// Check if the user is an admin (you'd likely have an 'admin' column in your User table) +$check_admin_stmt = $db->prepare("SELECT id FROM User WHERE username = :username AND active = 2"); // 2 for admin +$check_admin_stmt->bindParam(':username', $_SESSION['username']); +$check_admin_stmt->execute(); +$is_admin = $check_admin_stmt->fetchColumn(); + +if (!$is_admin) { + echo json_encode(['success' => false, 'error' => 'Unauthorized access.']); + exit(); +} + +if ($_SERVER["REQUEST_METHOD"] == "POST") { + if ($_POST['action'] == 'process') { + $user_id = sanitize_input($_POST['user_id']); + $accept = sanitize_input($_POST['accept']); + + $update_stmt = $db->prepare("UPDATE User SET active = :active WHERE id = :user_id"); + $update_stmt->bindParam(':active', $accept, PDO::PARAM_BOOL); + $update_stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT); + + if ($update_stmt->execute()) { + echo json_encode(['success' => true, 'message' => 'User status updated.']); + exit(); + } else { + echo json_encode(['success' => false, 'error' => 'Error updating user status: ' . print_r($update_stmt->errorInfo(), true)]); + exit(); + } + } else if ($_POST['action'] == 'change_password') { + $old_password = sanitize_input($_POST['old_password']); + $new_password = sanitize_input($_POST['new_password']); + $confirm_new_password = sanitize_input($_POST['confirm_new_password']); + + if ($new_password != $confirm_new_password) { + echo json_encode(['success' => false, 'error' => 'New passwords do not match.']); + exit(); + } + $user_id = $_SESSION['user_id']; + $get_user_stmt = $db->prepare("SELECT password FROM User WHERE id = :user_id"); + $get_user_stmt->bindParam(':user_id', $user_id); + $get_user_stmt->execute(); + $row = $get_user_stmt->fetch(PDO::FETCH_ASSOC); + + if($row){ + if (password_verify($old_password, $row['password'])) { + $hashed_new_password = password_hash($new_password, PASSWORD_DEFAULT); + $update_password_stmt = $db->prepare("UPDATE User SET password = :new_password WHERE id = :user_id"); + $update_password_stmt->bindParam(':new_password', $hashed_new_password); + $update_password_stmt->bindParam(':user_id', $user_id); + + if ($update_password_stmt->execute()) { + echo json_encode(['success' => true, 'message' => 'Password changed successfully.']); + exit(); + } else { + echo json_encode(['success' => false, 'error' => 'Error changing password: ' . print_r($update_password_stmt->errorInfo(), true)]); + exit(); + } + } else { + echo json_encode(['success' => false, 'error' => 'Incorrect old password.']); + exit(); + } + } + else{ + echo json_encode(['success' => false, 'error' => 'User not found.']); + exit(); + } + } +} else if ($_SERVER["REQUEST_METHOD"] == "GET" && $_GET['action'] == 'get_requests') { + $get_requests_stmt = $db->prepare("SELECT id, vorname, nachname, username FROM User WHERE active = 0"); + $get_requests_stmt->execute(); + $requests = $get_requests_stmt->fetchAll(PDO::FETCH_ASSOC); + + if ($requests) { + $output = ""; + echo $output; + exit(); + } else { + echo "

No pending registration requests.

"; + exit(); + } +}else { + echo json_encode(['success' => false, 'error' => 'Invalid request method.']); + exit(); +} +?> \ No newline at end of file diff --git a/php/register_request.php b/php/register_request.php new file mode 100644 index 0000000..108c5f6 --- /dev/null +++ b/php/register_request.php @@ -0,0 +1,35 @@ +prepare("SELECT username FROM User WHERE username = :username"); + $check_stmt->bindParam(':username', $username); + $check_stmt->execute(); + + if ($check_stmt->fetchColumn()) { + echo json_encode(['success' => false, 'error' => 'Username already exists.']); + exit(); + } else { + $insert_stmt = $db->prepare("INSERT INTO User (vorname, nachname, username) VALUES (:vorname, :nachname, :username)"); + $insert_stmt->bindParam(':vorname', $vorname); + $insert_stmt->bindParam(':nachname', $nachname); + $insert_stmt->bindParam(':username', $username); + + if ($insert_stmt->execute()) { + echo json_encode(['success' => true, 'message' => 'Registration request sent. Please wait for admin approval.']); + exit(); + } else { + echo json_encode(['success' => false, 'error' => 'Error: ' . print_r($insert_stmt->errorInfo(), true)]); + exit(); + } + } +} else { + echo json_encode(['success' => false, 'error' => 'Invalid request method.']); + exit(); +} +?> \ No newline at end of file