pguzman/whatsfordinner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
djsplice07
2024-11-22 19:30:26 -08:00
committed by GitHub
parent 1ad13e20f7
commit 97e66701ff
11 changed files with 708 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin.php
+56
View File
@@ -0,0 +1,56 @@
<?php
require 'db.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $pdo->prepare("SELECT * FROM admin_users WHERE username = :username");
$stmt->execute(['username' => $username]);
$user = $stmt->fetch();
if ($user) {
// Check if the password matches using bcrypt
if (password_verify($password, $user['password_hash'])) {
$_SESSION['admin_logged_in'] = true;
header('Location: admin_portal.php');
exit;
}
// Check if the password matches using SHA-256 (legacy support)
elseif (hash('sha256', $password) === $user['password_hash']) {
// Rehash the password with bcrypt for future logins
$new_hash = password_hash($password, PASSWORD_BCRYPT);
$update_stmt = $pdo->prepare("UPDATE admin_users SET password_hash = :new_hash WHERE id = :id");
$update_stmt->execute(['new_hash' => $new_hash, 'id' => $user['id']]);
$_SESSION['admin_logged_in'] = true;
header('Location: admin_portal.php');
exit;
}
}
// If neither bcrypt nor SHA-256 matched
$error = "Invalid username or password.";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin Login</title>
</head>
<body>
<h1>Admin Login</h1>
<?php if (isset($error)): ?>
<p style="color: red;"><?= htmlspecialchars($error) ?></p>
<?php endif; ?>
<form method="POST">
<label>Username: <input type="text" name="username" required></label><br>
<label>Password: <input type="password" name="password" required></label><br>
<button type="submit">Login</button>
</form>
</body>
</html>
admin_login.php
+65
View File
@@ -0,0 +1,65 @@
<?php
require 'db.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $pdo->prepare("SELECT * FROM admin_users WHERE username = :username");
$stmt->execute(['username' => $username]);
$user = $stmt->fetch();
if ($user) {
// Check if the password matches using bcrypt
if (password_verify($password, $user['password_hash'])) {
$_SESSION['admin_logged_in'] = true;
header('Location: admin_portal.php');
exit;
}
// Check if the password matches using SHA-256 (legacy support)
elseif (hash('sha256', $password) === $user['password_hash']) {
// Rehash the password with bcrypt for future logins
$new_hash = password_hash($password, PASSWORD_BCRYPT);
$update_stmt = $pdo->prepare("UPDATE admin_users SET password_hash = :new_hash WHERE id = :id");
$update_stmt->execute(['new_hash' => $new_hash, 'id' => $user['id']]);
$_SESSION['admin_logged_in'] = true;
header('Location: admin_portal.php');
exit;
}
}
// If neither bcrypt nor SHA-256 matched
$error = "Invalid username or password.";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="/css/main.css">
<title>Restaurant Picker - Admin Login</title>
</head>
<body>
<div class="login">
<?php include "header.php"; ?>
<h2>Admin Login</h2>
<?php if (!empty($error)): ?>
<p style="color: red;"><?= htmlspecialchars($error) ?></p>
<?php endif; ?>
<form method="POST">
<!--<label for="text">Username:</label>
<input type="text" name="username" id="username" required> -->
<input type="text" name="username" id="username" placeholder="Username" required /><br>
<br>
<!--<label for="password">Password:</label>
<input type="password" name="password" id="password" required> -->
<input type="password" name="password" id="password" placeholder="Password" required /><br>
<br>
<button class="btn btn-primary btn-block btn-large" type="submit">Login</button>
</form>
</body>
</html>
admin_portal.php
+85
View File
@@ -0,0 +1,85 @@
<?php
require 'db.php';
session_start();
if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) {
header('Location: admin_login.php');
exit;
}
// Handle Form Submission (Adding a New Restaurant)
if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($_GET['edit_id'])) {
$name = $_POST['name'];
$google_map_link = $_POST['google_map_link'];
// $google_map_link = urlencode($_POST['google_map_link']); - tried to remove invalid characters, but affected the :// in URL
$menu_link = $_POST['menu_link'];
$cost_category = $_POST['cost_category'];
$food_type = $_POST['food_type'];
$food_type_subcategory = $_POST['food_type_subcategory'];
$stmt = $pdo->prepare("
INSERT INTO restaurants (name, google_map_link, menu_link, cost_category, food_type, food_type_subcategory)
VALUES (:name, :google_map_link, :menu_link, :cost_category, :food_type, :food_type_subcategory)
");
$stmt->execute([
'name' => $name,
'google_map_link' => $google_map_link,
'menu_link' => $menu_link,
'cost_category' => $cost_category,
'food_type' => $food_type,
'food_type_subcategory' => $food_type_subcategory,
]);
$success = "Restaurant added successfully!";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="/css/main.css">
<title>Admin Portal</title>
</head>
<body>
<div class="login">
<?php include "header.php"; ?>
<?php if (!empty($success)): ?>
<p style="color: green;"><?= htmlspecialchars($success) ?></p>
<?php endif; ?>
<h2>Add New Restaurant</h2>
<form method="POST">
<label for="cost_category">Cost Category:</label>
<select class="minimal" name="cost_category" id="cost_category" required>
<option value="cheap">Cheap</option>
<option value="moderate">Moderate</option>
<option value="expensive">Expensive</option>
</select><br>
<br>
<!--<label for="name">Restaurant Name:</label>
<input type="text" name="name" id="name" required><br> -->
<input type="text" name="name" placeholder="Restaurant Name" id="name" required /><br>
<!--<label for="google_map_link">Google Map Link:</label>
<input type="url" name="google_map_link" id="google_map_link" required><br> -->
<input type="url" name="google_map_link" placeholder="Google Map Link" id="google_map_link" required /><br>
<!--<label for="menu_link">Menu Link (optional):</label>
<input type="url" name="menu_link" id="menu_link"><br> -->
<input type="url" name="menu_link" placeholder="Menu Link (optional)" id="menu_link"/><br>
<!--<label for="food_type">Food Type:</label>
<input type="text" name="food_type" id="food_type" required><br> -->
<input type="text" name="food_type" placeholder="Food Type" id="food_type" required /><br>
<!--<label for="food_type_subcategory">Food Type Subcategory (optional):</label>
<input type="text" name="food_type_subcategory" id="food_type_subcategory"><br> -->
<input type="text" name="food_type_subcategory" placeholder="Keywords (comma seperated)" id="food_type_subcategory" required /><br>
<button class="btn btn-primary btn-block btn-large" type="submit">Add Restaurant</button>
</form>
</div>
</body>
</html>
dynamic_login_link.php
+21
View File
@@ -0,0 +1,21 @@
<?php
// Start the session if not already started
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
// Check if the user is logged in and display the appropriate link
if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true) {
echo '
<table width="600" border="0">
<tbody>
<tr>
<td width="103"><a href="index.php">Home</a></td>
<td width="163"><a href="admin_portal.php">Add Restaurants</a></td>
<td width="208"><a href="manage.php">Manage Restaurants</a></td>
</tbody>
</table>';
} else {
echo '<a href="admin_login.php">Login</a>';
}
?>
edit_restaurant.php
+88
View File
@@ -0,0 +1,88 @@
<?php
require 'db.php';
session_start();
if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) {
header('Location: admin_login.php');
exit;
}
$id = $_GET['id'];
$stmt = $pdo->prepare("SELECT * FROM restaurants WHERE id = :id");
$stmt->execute(['id' => $id]);
$restaurant = $stmt->fetch();
if (!$restaurant) {
echo "Restaurant not found.";
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = $_POST['name'];
$google_map_link = $_POST['google_map_link'];
$menu_link = $_POST['menu_link'];
$cost_category = $_POST['cost_category'];
$food_type = $_POST['food_type'];
$food_type_subcategory = $_POST['food_type_subcategory'];
$stmt = $pdo->prepare("
UPDATE restaurants
SET name = :name, google_map_link = :google_map_link, menu_link = :menu_link,
cost_category = :cost_category, food_type = :food_type, food_type_subcategory = :food_type_subcategory
WHERE id = :id
");
$stmt->execute([
'name' => $name,
'google_map_link' => $google_map_link,
'menu_link' => $menu_link,
'cost_category' => $cost_category,
'food_type' => $food_type,
'food_type_subcategory' => $food_type_subcategory,
'id' => $id,
]);
header('Location: manage.php');
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="/css/main.css">
<title>Restaurant Picker - Edit Restaurant</title>
</head>
<body>
<div class="login">
<?php include "header.php"; ?>
<h2>Edit Restaurant</h2>
<form method="POST">
<label for="cost_category">Price:&nbsp;</label>
<select class="minimal" name="cost_category" id="cost_category" required>
<option value="cheap" <?= $restaurant['cost_category'] === 'cheap' ? 'selected' : '' ?>>Cheap</option>
<option value="moderate" <?= $restaurant['cost_category'] === 'moderate' ? 'selected' : '' ?>>Moderate</option>
<option value="expensive" <?= $restaurant['cost_category'] === 'expensive' ? 'selected' : '' ?>>Expensive</option>
</select><br>
<br />
<label for="name">Restaurant Name:</label>
<input type="text" name="name" id="name" value="<?= htmlspecialchars($restaurant['name']) ?>" required><br>
<label for="google_map_link">Google Map Link:</label>
<input type="url" name="google_map_link" id="google_map_link" value="<?= htmlspecialchars($restaurant['google_map_link']) ?>" required><br>
<label for="menu_link">Menu Link (optional):</label>
<input type="url" name="menu_link" id="menu_link" value="<?= htmlspecialchars($restaurant['menu_link']) ?>"><br>
<label for="food_type">Food Type:</label>
<input type="text" name="food_type" id="food_type" value="<?= htmlspecialchars($restaurant['food_type']) ?>" required><br>
<label for="food_type_subcategory">Food Type Subcategory (optional):</label>
<input type="text" name="food_type_subcategory" id="food_type_subcategory" value="<?= htmlspecialchars($restaurant['food_type_subcategory']) ?>"><br>
<button class="btn btn-primary btn-block btn-large" type="submit">Update Restaurant</button>
</form>
</div>
</body>
</html>
header.php
+26
View File
@@ -0,0 +1,26 @@
<p align="center"><img src="images/restaurant_logo.png" width="150" align="middle"></src></p>
<h1>Restaurant Picker</h1>
<?php
// Start the session if not already started
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
// Check if the user is logged in and display the appropriate link
if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true) {
echo '
<table border="0">
<tbody>
<tr>
<td width="103"><a href="index.php">Home</a></td>
<td width="180"><a href="admin_portal.php">Add Restaurants</a></td>
<td width="208"><a href="manage.php">Manage Restaurants</a></td>
<td width="208"><a href="usradm.php">Manage Users</a></td>
<td width="208"><a href="logout.php">Log Out</a></td>
</tbody>
</table>';
} else {
echo '<p align="right"><a href="admin_login.php">Admin</a></p>';
}
?>
<br />
index.php
+144
View File
@@ -0,0 +1,144 @@
<?php
require 'db.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$cost_category = $_POST['cost_category'] ?? '';
$food_type = $_POST['food_type'] ?? '';
$food_type_subcategory = $_POST['food_type_subcategory'] ?? '';
// Start building the query
$query = "SELECT * FROM restaurants WHERE 1=1"; // Always true condition to avoid extra WHERE clauses
$params = [];
// Only apply the cost category filter if it's not 'any'
if ($cost_category && $cost_category !== 'any') {
$query .= " AND cost_category = :cost_category";
$params['cost_category'] = $cost_category;
}
// Only apply the food type filter if it's not 'any'
if ($food_type && $food_type !== 'any') {
$query .= " AND food_type = :food_type";
$params['food_type'] = $food_type;
}
// Apply the food type subcategory filter if provided
if (!empty($food_type_subcategory)) {
// Split the subcategory into keywords by commas and trim any spaces
$keywords = array_map('trim', explode(',', $food_type_subcategory));
// Create an array of LIKE conditions for each keyword
$subquery = [];
foreach ($keywords as $index => $keyword) {
// Use LIKE to match the subcategory
$subquery[] = "food_type_subcategory LIKE :food_type_subcategory_{$index}";
$params["food_type_subcategory_{$index}"] = "%{$keyword}%";
}
// Join the subqueries with OR to match any of the keywords
$query .= " AND (" . implode(' OR ', $subquery) . ")";
}
// Random selection with a limit of 1 result
$query .= " ORDER BY RAND() LIMIT 1";
// Prepare and execute the query
$stmt = $pdo->prepare($query);
$stmt->execute($params);
$restaurant = $stmt->fetch();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="/css/main.css">
<title>Restaurant Picker</title>
<script>
document.addEventListener("DOMContentLoaded", () => {
const subcategoryInput = document.getElementById("food_type_subcategory");
subcategoryInput.addEventListener("input", () => {
const query = subcategoryInput.value;
if (query.length < 2) return;
fetch(`subcategory_suggestions.php?q=${encodeURIComponent(query)}`)
.then(response => response.json())
.then(data => {
const datalist = document.getElementById("subcategorySuggestions");
datalist.innerHTML = "";
data.forEach(keyword => {
const option = document.createElement("option");
option.value = keyword;
datalist.appendChild(option);
});
});
});
});
</script>
</head>
<body>
<div class="login">
<?php include "header.php"; ?>
<form method="post">
<label for="cost_category">Price:&nbsp;</label>
<select class="minimal" name="cost_category" id="cost_category" required>
<option value="any">Any</option>
<option value="cheap">Cheap</option>
<option value="moderate">Moderate</option>
<option value="expensive">Expensive</option>
</select><br>
<br />
<label for="food_type">Cuisine:&nbsp;</label>
<select class="minimal" name="food_type" id="food_type" required>
<option value="any">Any</option>
<?php
$types = $pdo->query("SELECT DISTINCT food_type FROM restaurants")->fetchAll();
foreach ($types as $type) {
echo "<option value=\"" . htmlspecialchars($type['food_type']) . "\">" . htmlspecialchars($type['food_type']) . "</option>";
}
?>
</select><br>
<br />
<input type="text" name="food_type_subcategory" placeholder="Keyword(s)" id="food_type_subcategory" list="subcategorySuggestions" />
<datalist id="subcategorySuggestions"></datalist><br>
<button type="submit" class="btn btn-primary btn-block btn-large">Find Restaurant</button>
</form>
<?php if (!empty($restaurant)): ?>
<h3>Selected Restaurant:</h3>
<p><h2><b><?= htmlspecialchars($restaurant['name']) ?>&nbsp;<img src="images/arrow_sm.png"></img></b></h2></p>
<p><a href="<?= htmlspecialchars($restaurant['menu_link']) ?>" target="_blank">View Menu</a></p>
<?php
// Extract the base URL and the query parameters
$baseUrl = "https://www.google.com/maps/embed";
$queryString = parse_url($restaurant['google_map_link'], PHP_URL_QUERY);
// Encode the query string only
$encodedQuery = urlencode($queryString);
// Rebuild the final URL
$finalMapUrl = $baseUrl . "?pb=" . $encodedQuery;
?>
<p align="center">
<iframe
src="<?= htmlspecialchars($restaurant['google_map_link']) ?>"
width="600"
height="450"
style="border:0;"
allowfullscreen=""
loading="lazy">
</iframe>
<br />
<br />
</p>
<?php else: ?>
<p>No results found based on your criteria.</p>
<?php endif; ?>
<br />
</div>
</body>
</html>
logout.php
+6
View File
@@ -0,0 +1,6 @@
<?php
session_start();
session_destroy();
header('Location: index.php');
exit;
?>
manage.php
+69
View File
@@ -0,0 +1,69 @@
<?php
require 'db.php';
session_start();
if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) {
header('Location: admin_login.php');
exit;
}
// Handle Delete Request
if (isset($_GET['delete_id'])) {
$delete_id = $_GET['delete_id'];
$stmt = $pdo->prepare("DELETE FROM restaurants WHERE id = :id");
$stmt->execute(['id' => $delete_id]);
header('Location: admin_portal.php');
exit;
}
// Fetch Restaurants for Display
$restaurants = $pdo->query("SELECT * FROM restaurants")->fetchAll();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="/css/main.css">
<title>Admin Portal</title>
</head>
<body>
<div class="login">
<?php include "header.php"; ?>
<h2>Manage Restaurants</h2>
<?php if (!empty($success)): ?>
<p style="color: green;"><?= htmlspecialchars($success) ?></p>
<?php endif; ?>
<table border="1">
<tr>
<th>Name</th>
<th>Menu Link</th>
<th>Cost Category</th>
<th>Food Type</th>
<th>Subcategory</th>
<th>Actions</th>
</tr>
<?php foreach ($restaurants as $restaurant): ?>
<tr>
<td><?= htmlspecialchars($restaurant['name']) ?></td>
<td>
<?php if ($restaurant['menu_link']): ?>
<a href="<?= htmlspecialchars($restaurant['menu_link']) ?>" target="_blank">View Menu</a>
<?php else: ?>
N/A
<?php endif; ?>
</td>
<td><?= htmlspecialchars($restaurant['cost_category']) ?></td>
<td><?= htmlspecialchars($restaurant['food_type']) ?></td>
<td><?= htmlspecialchars($restaurant['food_type_subcategory']) ?></td>
<td>
<a href="edit_restaurant.php?id=<?= $restaurant['id'] ?>">Edit</a>
|
<a href="?delete_id=<?= $restaurant['id'] ?>" onclick="return confirm('Are you sure you want to delete this restaurant?');">Delete</a>
</td>
</tr>
<?php endforeach; ?>
</table>
</div>
</body>
</html>
subcategory_suggestions.php
+26
View File
@@ -0,0 +1,26 @@
<?php
require 'db.php';
$query = $_GET['q'] ?? '';
$suggestions = [];
if (!empty($query)) {
$stmt = $pdo->prepare("
SELECT DISTINCT food_type_subcategory
FROM restaurants
WHERE food_type_subcategory LIKE :query
");
$stmt->execute(['query' => "%$query%"]);
while ($row = $stmt->fetch()) {
$keywords = array_map('trim', explode(',', $row['food_type_subcategory']));
foreach ($keywords as $keyword) {
if (stripos($keyword, $query) !== false && !in_array($keyword, $suggestions)) {
$suggestions[] = $keyword;
}
}
}
}
header('Content-Type: application/json');
echo json_encode($suggestions);
usradm.php
+122
View File
@@ -0,0 +1,122 @@
<?php
require 'db.php';
session_start();
if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) {
header('Location: admin_login.php');
exit;
}
// Handle adding a new user
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_user') {
$username = $_POST['username'];
$password = $_POST['password_hash'];
// Hash the password for secure storage
$password_hash = password_hash($password, PASSWORD_BCRYPT);
try {
$stmt = $pdo->prepare("INSERT INTO admin_users (username, password_hash) VALUES (:username, :password_hash)");
$stmt->execute(['username' => $username, 'password_hash' => $password_hash]);
$message = "User added successfully!";
} catch (PDOException $e) {
$message = "Error: " . $e->getMessage();
}
}
// Handle deleting a user
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'delete_user') {
$user_id = $_POST['user_id'];
try {
$stmt = $pdo->prepare("DELETE FROM admin_users WHERE id = :id");
$stmt->execute(['id' => $user_id]);
$message = "User deleted successfully!";
} catch (PDOException $e) {
$message = "Error: " . $e->getMessage();
}
}
// Handle updating a user's password
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update_password') {
$user_id = $_POST['user_id'];
$new_password = $_POST['new_password'];
// Hash the new password
$password_hash = password_hash($new_password, PASSWORD_BCRYPT);
try {
$stmt = $pdo->prepare("UPDATE admin_users SET password_hash = :password_hash WHERE id = :id");
$stmt->execute(['password_hash' => $password_hash, 'id' => $user_id]);
$message = "Password updated successfully!";
} catch (PDOException $e) {
$message = "Error: " . $e->getMessage();
}
}
// Fetch all users
$users = $pdo->query("SELECT id, username FROM admin_users")->fetchAll(PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="/css/main.css">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin - User Management</title>
</head>
<body>
<div class="login">
<?php include "header.php"; ?>
<h2>Admin - User Management</h2>
<?php if (isset($message)): ?>
<p style="color:green;"><?= htmlspecialchars($message) ?></p>
<?php endif; ?>
<h3>Add a New User</h3>
<form method="POST">
<input type="hidden" name="action" value="add_user">
<!-- <label>Username: <input type="text" name="username" required></label><br> -->
<input type="text" name="username" placeholder="Username" required /><br>
<!-- <label>Password: <input type="password" name="password" required></label><br> -->
<input type="password" name="password" placeholder="Password" required /><br>
<button class="btn btn-primary btn-block btn-large" type="submit">Add User</button>
</form>
<h3>Existing Users</h3>
<table width="800" border="1">
<tr>
<th width="17">ID</th>
<th width="82">Username</th>
<th width="66">Actions</th>
<th width="66">Password</th>
</tr>
<?php foreach ($users as $user): ?>
<tr>
<td><?= htmlspecialchars($user['id']) ?></td>
<td><?= htmlspecialchars($user['username']) ?></td>
<td>
<!-- Delete User -->
<form method="POST" style="display:inline;">
<input type="hidden" name="action" value="delete_user">
<input type="hidden" name="user_id" value="<?= $user['id'] ?>">
<button class="btn btn-primary btn-block btn-large" type="submit" style="color:red;" onclick="return confirm('Are you sure you want to delete this restaurant?');">Delete</button>
</form>
</td>
<td width="362">
<!-- Update Password -->
<form method="POST" style="display:inline;">
<input type="hidden" name="action" value="update_password">
<input type="hidden" name="user_id" value="<?= $user['id'] ?>">
<!-- <label>New Password: <input type="password" name="new_password" required></label> -->
<input type="password" name="new_password" placeholder="New Password" required /><br>
<button class="btn btn-primary btn-block btn-large" type="submit">Update Password</button>
</form>
</td>
</tr>
<?php endforeach; ?>
</table>
</div>
</body>
</html>