<? ob_start();?>
<?php
session_start();
if(!isset($_SESSION["manager"])){
header("location:admin_login.php");
exit();
}
//be sure to check this manager SESSION value is in fact in the database
$managerID = preg_replace('#[^0-9]#i','',$_SESSION["id"]); //filter everything but numbers and letters
$manager = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["manager"]); //filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["password"]); //filter everything but numbers and letters
//Run mySQL query to be sure that this person is an admin and their password session var equals the database information
//connect to mySQL database
include "../storescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT* FROM admin WHERE id='$managerID'AND username='$manager' AND password='$password' LIMIT 1"); //query the person
//.......MAKE SURE PERSON EXISTS IN THE DATABASE............
$existCount = mysql_num_rows($sql); //count the rows nums
if($existCount ==0){//evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
?>
<?php
//Script Error Reporting
error_reporting(E_ALL);
ini_set('diplay_errors','1');
?>
<?php
//delete item question to admin
if (isset($_GET['deleteid'])){
echo 'Do you want to delete product with ID of' .$_GET['deleteid']. '?<a href="inventory_list.php?yesdelete='.$_GET['deleteid'].'">Yes</a> | <a href="inventory_list.php">No</a>';
exit();
}
if (isset($_GET['yesdelete'])){
//remove item from system and delete its picture
//delete from database
$id_to_delete = $_GET['yesdelete'];
$sql = mysql_query("DELETE FROM products WHERE id='$id_to_delete' LIMIT 1") or die(mysql_error());
//unlink the image from server
//remove the pic ..........................
$pictodelete = ("../inventory_images/$id_to_delete.jpg");
if (file_exists($pictodelete)){
unlink($pictodelete);
}
header("location:inventory_list.php");
exit();
}
?>
<?php
//Parse the form data and add inventory item to the system
if(isset($_POST['product_name'])){
$product_name = mysql_real_escape_string($_POST['product_name']);
$price = mysql_real_escape_string($_POST['price']);
$details = mysql_real_escape_string($_POST['details']);
$category = mysql_real_escape_string($_POST['category']);
$subcategory = mysql_real_escape_string($_POST['subcategory']);
//See if that product name is an identical match to another product in the system
$sql = mysql_query("SELECT id FROM products WHERE product_name='$product_name' LIMIT 1");
$productMatch = mysql_num_rows($sql);//count the output amount
if($productMatch > 0){
echo 'Sorry you tried to place a duplicate "Product Name" into the system, <a href="inventory_list.php">click here</a>';
exit();
}
//Add this product into the database now
$sql = mysql_query("INSERT INTO products (product_name, price, details, category, subcategory, date_added)
VALUES('$product_name','$price','$details','$category','$subcategory', now())")or die(mysql_error());
$pid = mysql_insert_id();
//Place image in Folder
$newname = "$pid.jpg";
move_uploaded_file($_FILES['fileField']['tmp_name'], "../inventory_images/$newname");
header("location:inventory_list.php");
exit();
}
?>
<?php
//this block grabls the whole list for viewing
$product_list="";
$sql = mysql_query("SELECT* FROM products ORDER BY date_added DESC");
$productCount = mysql_num_rows($sql); //count the output amount
if ($productCount > 0){
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
$product_name = $row["product_name"];
$price = $row["price"];
$date_added = strftime("%b %d, %Y", strtotime($row["date_added"]));
$product_list .= "Product ID: $id - <strong>$product_name</strong> - $$price - $date_added <a href='inventory_edit.php?pid=$id'>edit</a> • <a href='inventory_list.php?deleteid=$id'>delete</a><br />";
}
} else{
$product_list = "you have no products listed in your store yet";
}
?>