first commit

admin/index.php

@@ -0,0 +1,24 @@
+<?php
+include '../config.php';
+$query = new Query;
+$query->checkAdminRole(); ?>
+
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Admin</title>
+    <link rel="stylesheet" href="../css/style.css">
+</head>
+
+<body>
+    <div class="admin-panel">
+        <h2>Welcome Admin!</h2>
+        <p>This is your Dashboard.</p>
+        <a href="../logout/">Logout</a>
+    </div>
+</body>
+
+</html>

config.php

@@ -0,0 +1,204 @@
+<?php
+
+session_start();
+class Query
+{
+    private $conn;
+
+    public function __construct()
+    {
+        $servername = "localhost";
+        $username = "root";
+        $password = "";
+        $dbname = "Roles";
+        $this->conn = new mysqli($servername, $username, $password, $dbname);
+
+        if ($this->conn->connect_error) {
+            die("Connection error: " . $this->conn->connect_error);
+        }
+    }
+
+    public function __destruct()
+    {
+        if ($this->conn) {
+            $this->conn->close();
+        }
+    }
+
+    // validate(): here converts @#$%^ characters to html
+    function validate($value)
+    {
+        $value = trim($value);
+        $value = stripslashes($value);
+        $value = htmlspecialchars($value);
+        $value = mysqli_real_escape_string($this->conn, $value);
+        return $value;
+    }
+
+    // executeQuery(): to execute the query
+    public function executeQuery($sql)
+    {
+        $result = $this->conn->query($sql);
+        if ($result === false) {
+            die("Xatolik: " . $this->conn->error);
+        }
+        return $result;
+    }
+
+    // select(): To add information to the database.
+    public function select($table, $columns = "*", $condition = "")
+    {
+        $sql = "SELECT $columns FROM $table $condition";
+        return $this->executeQuery($sql)->fetch_all(MYSQLI_ASSOC);
+    }
+
+    // insert(): To add information to the database.
+    public function insert($table, $data)
+    {
+        $keys = implode(', ', array_keys($data));
+        $values = "'" . implode("', '", array_values($data)) . "'";
+        $sql = "INSERT INTO $table ($keys) VALUES ($values)";
+        return $this->executeQuery($sql);
+    }
+
+    // update(): To update data in the database.
+    public function update($table, $data, $condition = "")
+    {
+        $set = '';
+        foreach ($data as $key => $value) {
+            $set .= "$key = '$value', ";
+        }
+        $set = rtrim($set, ', ');
+        $sql = "UPDATE $table SET $set $condition";
+        return $this->executeQuery($sql);
+    }
+
+    // delete(): To delete information.
+    public function delete($table, $condition = "")
+    {
+        $sql = "DELETE FROM $table $condition";
+        return $this->executeQuery($sql);
+    }
+
+    // hashPassword(): Password hashing
+    function hashPassword($password)
+    {
+        $key = "AccountPassword";
+        return hash_hmac('sha256', $password, $key);
+    }
+
+    // authenticate(): To verify the user's login information.
+    public function authenticate($username, $password, $table)
+    {
+        $username = $this->validate($username);
+        $condition = "WHERE username = '" . $username . "' AND password = '" . $this->hashPassword($password) . "'";
+        return $this->select($table, "*", $condition);
+    }
+
+    // registerUser(): To register a new user.
+    public function registerUser($name, $number, $email, $username, $password, $profile_image, $role)
+    {
+        $name = $this->validate($name);
+        $number = $this->validate($number);
+        $email = $this->validate($email);
+        $username = $this->validate($username);
+
+        $password_hash = $this->hashPassword($password);
+
+        $data = array(
+            'name' => $name,
+            'number' => $number,
+            'email' => $email,
+            'username' => $username,
+            'password' => $password_hash,
+            'profile_image' => $profile_image,
+            'role' => $role
+        );
+
+        $user_id = $this->insert('accounts', $data);
+
+        if ($user_id) {
+            return $user_id;
+        }
+        return false;
+    }
+
+    // saveImage(): To upload a picture
+    function saveImage($files, $path)
+    {
+        if (is_array($files['tmp_name'])) {
+            $uploaded_files = array();
+            foreach ($files['tmp_name'] as $index => $tmp_name) {
+                $file_name = $files['name'][$index];
+                $file_info = pathinfo($file_name);
+                $file_extension = $file_info['extension'];
+                $new_file_name = md5($tmp_name . date("Y-m-d_H-i-s") . $_SESSION['username']) . "." . $file_extension;
+                if (move_uploaded_file($tmp_name, $path . $new_file_name)) {
+                    $uploaded_files[] = $new_file_name;
+                }
+            }
+            return $uploaded_files;
+        } else {
+
+            $file_name = $files['name'];
+            $file_tmp = $files['tmp_name'];
+
+            $file_info = pathinfo($file_name);
+            $file_format = $file_info['extension'];
+
+            $new_file_name = md5($file_tmp . date("Y-m-d_H-i-s") . $_SESSION['username']) . "." . $file_format;
+
+            if (move_uploaded_file($file_tmp, $path . $new_file_name)) {
+                return $new_file_name;
+            }
+            return false;
+        }
+    }
+
+    // checkAuthentication(): Checking roles and directing them
+    function checkAuthentication()
+    {
+        if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
+            if ($_SESSION['role'] === 'admin') {
+                header("Location: /admin/");
+                exit;
+            } elseif ($_SESSION['role'] === 'seller') {
+                header("Location: /seller/");
+                exit;
+            } elseif ($_SESSION['role'] === 'user') {
+                header("Location: /");
+                exit;
+            }
+        } else {
+            header("Location: /login/");
+            exit;
+        }
+    }
+
+    // checkAdminRole(): For Admin access only
+    function checkAdminRole()
+    {
+        if ($_SESSION['role'] !== 'admin') {
+            $this->checkAuthentication();
+            exit;
+        }
+    }
+
+    // checkSellerRole(): For Seller access only
+    function checkSellerRole()
+    {
+        if ($_SESSION['role'] !== 'seller') {
+            $this->checkAuthentication();
+            exit;
+        }
+    }
+
+    // checkUserRole(): For user access only
+    function checkUserRole()
+    {
+        if ($_SESSION['role'] !== 'user') {
+            $this->checkAuthentication();
+            exit;
+        }
+    }
+}

css/login.css

@@ -0,0 +1,131 @@
+body {
+    font-family: Arial, sans-serif;
+    background-color: #f4f4f4;
+    margin: 0;
+    padding: 0;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    height: 100vh;
+}
+
+form {
+    background-color: #fff;
+    border-radius: 10px;
+    box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+    padding: 20px;
+    width: 300px;
+    position: absolute;
+    top: 50%;
+    left: 50%;
+    transform: translate(-50%, -50%);
+}
+
+form h2 {
+    font-size: 28px;
+    color: #333;
+    text-align: center;
+}
+
+form input {
+    width: 100%;
+    padding: 10px;
+    margin-bottom: 10px;
+    font-size: 14px;
+    box-sizing: border-box;
+    border: 1px solid #ccc;
+    border-radius: 4px;
+}
+
+form input[type="submit"] {
+    background-color: #4caf50;
+    color: #fff;
+    cursor: pointer;
+    font-size: 18px;
+    padding: 11px;
+    font-weight: 600;
+}
+
+form p {
+    text-align: center;
+    margin-top: 10px;
+}
+
+form p a {
+    color: #4caf50;
+    text-decoration: none;
+}
+
+form p a:hover {
+    text-decoration: underline;
+}
+
+.error {
+    background: #ffebeb;
+    color: #ff5252;
+    border: 1px solid rgba(255, 82, 82, 0.3);
+    padding: 8px;
+    border-radius: 5px;
+    font-size: 20px;
+    position: absolute;
+    right: 20px;
+    bottom: 0;
+}
+
+@keyframes fadeInOut {
+    0% {
+        opacity: 0;
+        transform: translateY(-20px);
+    }
+
+    100% {
+        opacity: 1;
+        transform: translateY(0);
+    }
+}
+
+.error {
+    animation: fadeInOut 0.5s ease forwards;
+}
+
+form select {
+    margin-bottom: 15px;
+    padding: 10px;
+    width: 300px;
+    border: 1px solid #ccc;
+    border-radius: 5px;
+    appearance: none;
+    background-image: url('data:image/svg+xml;utf8,<svg fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M7.293 9.293a1 1 0 011.414 0l3 3a1 1 0 01-1.414 1.414L10 11.414l-2.293 2.293a1 1 0 01-1.414-1.414l3-3z"></path></svg>');
+    background-repeat: no-repeat;
+    background-position: right 10px top 50%;
+    background-size: 14px 14px;
+    padding-right: 30px;
+}
+
+form select:focus {
+    outline: none;
+    border-color: #4caf50;
+}
+
+.file-input-container {
+    margin: 20px 0px;
+}
+
+.custom-file-upload {
+    border: 2px solid #4caf50;
+    border-radius: 5px;
+    background-color: #4caf50;
+    color: #fff;
+    padding: 10px 96px;
+    cursor: pointer;
+    transition: all 0.3s ease;
+}
+
+.custom-file-upload:hover {
+    background-color: #388e3c;
+    border-color: #388e3c;
+}
+
+#file-input {
+    display: none;
+}

css/style.css

@@ -0,0 +1,27 @@
+body {
+    font-family: Arial, sans-serif;
+    background-color: #f4f4f4;
+    margin: 0;
+    padding: 0;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    height: 100vh;
+}
+
+.admin-panel h2 {
+    color: #333;
+}
+
+.admin-panel p {
+    margin-bottom: 20px;
+}
+
+.admin-panel a {
+    display: block;
+    padding: 10px;
+    background-color: #4caf50;
+    color: #fff;
+    text-decoration: none;
+    border-radius: 4px;
+}