diff --git a/admin/index.php b/admin/index.php new file mode 100644 index 0000000..5e611b2 --- /dev/null +++ b/admin/index.php @@ -0,0 +1,24 @@ +checkAdminRole(); ?> + + + + + + + + Admin + + + + +
+

Welcome Admin!

+

This is your Dashboard.

+ Logout +
+ + + \ No newline at end of file diff --git a/config.php b/config.php new file mode 100644 index 0000000..7634654 --- /dev/null +++ b/config.php @@ -0,0 +1,204 @@ +conn = new mysqli($servername, $username, $password, $dbname); + + if ($this->conn->connect_error) { + die("Connection error: " . $this->conn->connect_error); + } + } + + public function __destruct() + { + if ($this->conn) { + $this->conn->close(); + } + } + + // validate(): here converts @#$%^ characters to html + function validate($value) + { + $value = trim($value); + $value = stripslashes($value); + $value = htmlspecialchars($value); + $value = mysqli_real_escape_string($this->conn, $value); + return $value; + } + + // executeQuery(): to execute the query + public function executeQuery($sql) + { + $result = $this->conn->query($sql); + if ($result === false) { + die("Xatolik: " . $this->conn->error); + } + return $result; + } + + // select(): To add information to the database. + public function select($table, $columns = "*", $condition = "") + { + $sql = "SELECT $columns FROM $table $condition"; + return $this->executeQuery($sql)->fetch_all(MYSQLI_ASSOC); + } + + // insert(): To add information to the database. + public function insert($table, $data) + { + $keys = implode(', ', array_keys($data)); + $values = "'" . implode("', '", array_values($data)) . "'"; + $sql = "INSERT INTO $table ($keys) VALUES ($values)"; + return $this->executeQuery($sql); + } + + // update(): To update data in the database. + public function update($table, $data, $condition = "") + { + $set = ''; + foreach ($data as $key => $value) { + $set .= "$key = '$value', "; + } + $set = rtrim($set, ', '); + $sql = "UPDATE $table SET $set $condition"; + return $this->executeQuery($sql); + } + + // delete(): To delete information. + public function delete($table, $condition = "") + { + $sql = "DELETE FROM $table $condition"; + return $this->executeQuery($sql); + } + + // hashPassword(): Password hashing + function hashPassword($password) + { + $key = "AccountPassword"; + return hash_hmac('sha256', $password, $key); + } + + // authenticate(): To verify the user's login information. + public function authenticate($username, $password, $table) + { + $username = $this->validate($username); + $condition = "WHERE username = '" . $username . "' AND password = '" . $this->hashPassword($password) . "'"; + return $this->select($table, "*", $condition); + } + + // registerUser(): To register a new user. + public function registerUser($name, $number, $email, $username, $password, $profile_image, $role) + { + $name = $this->validate($name); + $number = $this->validate($number); + $email = $this->validate($email); + $username = $this->validate($username); + + $password_hash = $this->hashPassword($password); + + $data = array( + 'name' => $name, + 'number' => $number, + 'email' => $email, + 'username' => $username, + 'password' => $password_hash, + 'profile_image' => $profile_image, + 'role' => $role + ); + + $user_id = $this->insert('accounts', $data); + + if ($user_id) { + return $user_id; + } + return false; + } + + // saveImage(): To upload a picture + function saveImage($files, $path) + { + if (is_array($files['tmp_name'])) { + $uploaded_files = array(); + foreach ($files['tmp_name'] as $index => $tmp_name) { + $file_name = $files['name'][$index]; + $file_info = pathinfo($file_name); + $file_extension = $file_info['extension']; + $new_file_name = md5($tmp_name . date("Y-m-d_H-i-s") . $_SESSION['username']) . "." . $file_extension; + if (move_uploaded_file($tmp_name, $path . $new_file_name)) { + $uploaded_files[] = $new_file_name; + } + } + return $uploaded_files; + } else { + + $file_name = $files['name']; + $file_tmp = $files['tmp_name']; + + $file_info = pathinfo($file_name); + $file_format = $file_info['extension']; + + $new_file_name = md5($file_tmp . date("Y-m-d_H-i-s") . $_SESSION['username']) . "." . $file_format; + + if (move_uploaded_file($file_tmp, $path . $new_file_name)) { + return $new_file_name; + } + return false; + } + } + + // checkAuthentication(): Checking roles and directing them + function checkAuthentication() + { + if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) { + if ($_SESSION['role'] === 'admin') { + header("Location: /admin/"); + exit; + } elseif ($_SESSION['role'] === 'seller') { + header("Location: /seller/"); + exit; + } elseif ($_SESSION['role'] === 'user') { + header("Location: /"); + exit; + } + } else { + header("Location: /login/"); + exit; + } + } + + // checkAdminRole(): For Admin access only + function checkAdminRole() + { + if ($_SESSION['role'] !== 'admin') { + $this->checkAuthentication(); + exit; + } + } + + // checkSellerRole(): For Seller access only + function checkSellerRole() + { + if ($_SESSION['role'] !== 'seller') { + $this->checkAuthentication(); + exit; + } + } + + // checkUserRole(): For user access only + function checkUserRole() + { + if ($_SESSION['role'] !== 'user') { + $this->checkAuthentication(); + exit; + } + } +} diff --git a/css/login.css b/css/login.css new file mode 100644 index 0000000..621d50d --- /dev/null +++ b/css/login.css @@ -0,0 +1,131 @@ +body { + font-family: Arial, sans-serif; + background-color: #f4f4f4; + margin: 0; + padding: 0; + display: flex; + justify-content: center; + align-items: center; + height: 100vh; +} + +form { + background-color: #fff; + border-radius: 10px; + box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); + padding: 20px; + width: 300px; + position: absolute; + top: 50%; + left: 50%; + transform: translate(-50%, -50%); +} + +form h2 { + font-size: 28px; + color: #333; + text-align: center; +} + +form input { + width: 100%; + padding: 10px; + margin-bottom: 10px; + font-size: 14px; + box-sizing: border-box; + border: 1px solid #ccc; + border-radius: 4px; +} + +form input[type="submit"] { + background-color: #4caf50; + color: #fff; + cursor: pointer; + font-size: 18px; + padding: 11px; + font-weight: 600; +} + +form p { + text-align: center; + margin-top: 10px; +} + +form p a { + color: #4caf50; + text-decoration: none; +} + +form p a:hover { + text-decoration: underline; +} + +.error { + background: #ffebeb; + color: #ff5252; + border: 1px solid rgba(255, 82, 82, 0.3); + padding: 8px; + border-radius: 5px; + font-size: 20px; + position: absolute; + right: 20px; + bottom: 0; +} + +@keyframes fadeInOut { + 0% { + opacity: 0; + transform: translateY(-20px); + } + + 100% { + opacity: 1; + transform: translateY(0); + } +} + +.error { + animation: fadeInOut 0.5s ease forwards; +} + +form select { + margin-bottom: 15px; + padding: 10px; + width: 300px; + border: 1px solid #ccc; + border-radius: 5px; + appearance: none; + background-image: url('data:image/svg+xml;utf8,'); + background-repeat: no-repeat; + background-position: right 10px top 50%; + background-size: 14px 14px; + padding-right: 30px; +} + +form select:focus { + outline: none; + border-color: #4caf50; +} + +.file-input-container { + margin: 20px 0px; +} + +.custom-file-upload { + border: 2px solid #4caf50; + border-radius: 5px; + background-color: #4caf50; + color: #fff; + padding: 10px 96px; + cursor: pointer; + transition: all 0.3s ease; +} + +.custom-file-upload:hover { + background-color: #388e3c; + border-color: #388e3c; +} + +#file-input { + display: none; +} \ No newline at end of file diff --git a/css/style.css b/css/style.css new file mode 100644 index 0000000..f228aed --- /dev/null +++ b/css/style.css @@ -0,0 +1,27 @@ +body { + font-family: Arial, sans-serif; + background-color: #f4f4f4; + margin: 0; + padding: 0; + display: flex; + justify-content: center; + align-items: center; + height: 100vh; +} + +.admin-panel h2 { + color: #333; +} + +.admin-panel p { + margin-bottom: 20px; +} + +.admin-panel a { + display: block; + padding: 10px; + background-color: #4caf50; + color: #fff; + text-decoration: none; + border-radius: 4px; +} \ No newline at end of file diff --git a/images/2ac2cebae628fcce881f7bb5425bc1bb.jpg b/images/2ac2cebae628fcce881f7bb5425bc1bb.jpg new file mode 100644 index 0000000..55f22a1 Binary files /dev/null and b/images/2ac2cebae628fcce881f7bb5425bc1bb.jpg differ diff --git a/images/no_image.png b/images/no_image.png new file mode 100644 index 0000000..463b761 Binary files /dev/null and b/images/no_image.png differ diff --git a/index.php b/index.php new file mode 100644 index 0000000..7871fc0 --- /dev/null +++ b/index.php @@ -0,0 +1,23 @@ +checkUserRole(); ?> + + + + + + + + User + + + + +
+

Welcome User!

+

This is your Dashboard.

+ Logout +
+ + + \ No newline at end of file diff --git a/login/index.php b/login/index.php new file mode 100644 index 0000000..63e063e --- /dev/null +++ b/login/index.php @@ -0,0 +1,63 @@ +authenticate($_POST['username'], $_POST['password'], 'accounts'); + + if ($user) { + $_SESSION['loggedin'] = true; + $_SESSION['id'] = $user[0]['id']; + $_SESSION['name'] = $user[0]['name']; + $_SESSION['number'] = $user[0]['number']; + $_SESSION['email'] = $user[0]['email']; + $_SESSION['username'] = $user[0]['username']; + $_SESSION['profile_image'] = $user[0]['profile_image']; + $_SESSION['role'] = $user[0]['role']; + + $query->checkAuthentication(); + exit; + } else { + $error = "The login or password is incorrect"; + } +} +?> + + + + + + + + Login + + + + + +

+ +
+

Login

+ + + +

Don't have an account? Sign up

+
+ + + + \ No newline at end of file diff --git a/logout/index.php b/logout/index.php new file mode 100644 index 0000000..31020c2 --- /dev/null +++ b/logout/index.php @@ -0,0 +1,5 @@ +checkAuthentication(); + exit; +} + +if (isset($_POST['submit'])) { + $name = $_POST['name']; + $number = $_POST['number']; + $role = 'user'; + $email = $_POST['email']; + $username = $_POST['username']; + $password = $_POST['password']; + $profile_image = $query->saveImage($_FILES['image'], "../images/"); + + $result = $query->registerUser($name, $number, $email, $username, $password, $profile_image, $role); + + if ($result) { + $_SESSION['loggedin'] = true; + $_SESSION['id'] = $result; + $_SESSION['name'] = $name; + $_SESSION['number'] = $number; + $_SESSION['email'] = $email; + $_SESSION['username'] = $username; + $_SESSION['profile_image'] = $profile_image; + $_SESSION['role'] = $role; + + $query->checkAuthentication(); + exit; + } else { + $error = "Xatolik: Ma'lumotlarni saqlashda xatolik yuz berdi"; + } +} + +?> + + + + + + + + Sign Up + + + + + +

+ +
+

Sign Up

+ + + + + + +
+ + +
+ + +

Already have an account? Log in

+
+ + + + \ No newline at end of file diff --git a/sql.sql b/sql.sql new file mode 100644 index 0000000..f1b8c69 --- /dev/null +++ b/sql.sql @@ -0,0 +1,18 @@ +CREATE DATABASE IF NOT EXISTS Roles; +USE Roles; + +CREATE TABLE IF NOT EXISTS accounts ( + id INT AUTO_INCREMENT PRIMARY KEY, + name VARCHAR(30) NOT NULL, + number VARCHAR(20) NOT NULL UNIQUE, + email VARCHAR(255) NOT NULL UNIQUE, + username VARCHAR(255) NOT NULL UNIQUE, + password VARCHAR(255) NOT NULL, + role VARCHAR(20) NOT NULL DEFAULT 'user', + profile_image VARCHAR(255) DEFAULT 'no_image.png', + registration_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP +); + +INSERT INTO accounts (name, number, email, username, password, role) VALUES +('Iqbolshoh', '997799333', 'Iqbolshoh@gmail.com', 'Iqbolshoh', 'ed84bce861e67710a76393623d36b5ca6b9bcaaf658f57232be80c85af0ee52e', 'admin'), +('user', '993399777', 'user@gmail.com', 'user', 'ed84bce861e67710a76393623d36b5ca6b9bcaaf658f57232be80c85af0ee52e', 'user');