├── .gitignore
├── .htaccess
├── api
    ├── gen
    │   ├── products.php
    │   └── sellers.php
    └── seller
    │   ├── add.php
    │   ├── login.php
    │   └── register.php
├── includes
    ├── Bcrypt.php
    └── Database.php
└── models
    ├── Product.php
    └── Seller.php


/.gitignore:
--------------------------------------------------------------------------------
1 | assets/


--------------------------------------------------------------------------------
/.htaccess:
--------------------------------------------------------------------------------
1 | RewriteEngine on
2 | RewriteCond %{REQUEST_FILENAME} !-d
3 | RewriteCond %{REQUEST_FILENAME}\.php -f
4 | RewriteRule ^(.*)$ $1.php


--------------------------------------------------------------------------------
/api/gen/products.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | header('Access-Control-Allow-Origin: *');
 4 | header('Content-type: application/json');
 5 | header('Access-Control-Allow-Method: GET');
 6 | header('Access-Control-Allow-Headers: Origin, Content-type, Accept'); // Handle pre-flight request
 7 | 
 8 | include_once '../../models/Product.php';
 9 | 
10 | if ($_SERVER['REQUEST_METHOD'] === 'GET') {
11 |     if ($product->validate_params($_GET['seller_id'])) {
12 |         $product->seller_id = $_GET['seller_id'];
13 |     } else {
14 |         echo json_encode(array('success' => 0, 'message' => 'Seller ID is required!'));
15 |         die();
16 |     }
17 | 
18 |     echo json_encode(array('success' => 1, 'products' => $product->get_products_per_seller()));
19 | } else {
20 |     die(header('HTTP/1.1 405 Request Method Not Allowed'));
21 | }
22 | 


--------------------------------------------------------------------------------
/api/gen/sellers.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | header('Access-Control-Allow-Origin: *');
 4 | header('Content-type: application/json');
 5 | header('Access-Control-Allow-Method: GET');
 6 | header('Access-Control-Allow-Headers: Origin, Content-type, Accept'); // Handle pre-flight request
 7 | 
 8 | include_once '../../models/Seller.php';
 9 | 
10 | if ($_SERVER['REQUEST_METHOD'] === 'GET') {
11 |     echo json_encode(array('success' => 1, 'sellers' => $seller->all_sellers()));
12 | } else {
13 |     die(header('HTTP/1.1 405 Request Method Not Allowed'));
14 | }
15 | 


--------------------------------------------------------------------------------
/api/seller/add.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | header('Access-Control-Allow-Origin: *');
 4 | header('Content-type: application/json');
 5 | header('Access-Control-Allow-Method: POST');
 6 | header('Access-Control-Allow-Headers: Origin, Content-type, Accept'); // Handle pre-flight request
 7 | 
 8 | include_once '../../models/Product.php';
 9 | 
10 | if ($_SERVER['REQUEST_METHOD'] === 'POST') {
11 |     if ($product->validate_params($_POST['seller_id'])) {
12 |         $product->seller_id = $_POST['seller_id'];
13 |     } else {
14 |         echo json_encode(array('success' => 0, 'message' => 'Seller ID is required!'));
15 |         die();
16 |     }
17 | 
18 |     if ($product->validate_params($_POST['name'])) {
19 |         $product->name = $_POST['name'];
20 |     } else {
21 |         echo json_encode(array('success' => 0, 'message' => 'Name is required!'));
22 |         die();
23 |     }
24 | 
25 |     // saving picture of product
26 |     $product_images_folder = '../../assets/product_images/';
27 | 
28 |     if (!is_dir($product_images_folder)) {
29 |         mkdir($product_images_folder);
30 |     }
31 | 
32 |     if (isset($_FILES['image'])) {
33 |         $file_name = $_FILES['image']['name'];
34 |         $file_tmp = $_FILES['image']['tmp_name'];
35 |         $extension = end(explode('.', $file_name));
36 | 
37 |         $new_file_name = $product->seller_id . "_product_" . $product->name . "." . $extension;
38 | 
39 |         move_uploaded_file($file_tmp, $product_images_folder . "/" . $new_file_name);
40 | 
41 |         $product->image = 'product_images/' . $new_file_name;
42 |     } else {
43 |         echo json_encode(array('success' => 0, 'message' => 'Photo is required is required!'));
44 |         die();
45 |     }
46 | 
47 |     if ($product->validate_params($_POST['price_per_kg'])) {
48 |         $product->price_per_kg = $_POST['price_per_kg'];
49 |     } else {
50 |         echo json_encode(array('success' => 0, 'message' => 'price per kg is required!'));
51 |         die();
52 |     }
53 | 
54 |     if ($product->validate_params($_POST['description'])) {
55 |         $product->description = $_POST['description'];
56 |     } else {
57 |         echo json_encode(array('success' => 0, 'message' => 'Description is required!'));
58 |         die();
59 |     }
60 | 
61 |     if ($product->add_product()) {
62 |         echo json_encode(array('success' => 1, 'message' => 'Product successfully added!'));
63 |     } else {
64 |         http_response_code(500);
65 |         echo json_encode(array('success' => 0, 'message' => 'Internal Server Error!'));
66 |     }
67 | } else {
68 |     die(header('HTTP/1.1 405 Request Method Not Allowed'));
69 | }
70 | 


--------------------------------------------------------------------------------
/api/seller/login.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | header('Access-Control-Allow-Origin: *');
 4 | header('Content-type: application/json');
 5 | header('Access-Control-Allow-Method: POST');
 6 | header('Access-Control-Allow-Headers: Origin, Content-type, Accept'); // Handle pre-flight request
 7 | 
 8 | include_once '../../models/Seller.php';
 9 | 
10 | if ($_SERVER['REQUEST_METHOD'] === 'POST') {
11 |     if ($seller->validate_params($_POST['email'])) {
12 |         $seller->email = $_POST['email'];
13 |     } else {
14 |         echo json_encode(array('success' => 0, 'message' => 'Email is required!'));
15 |         die();
16 |     }
17 | 
18 |     if ($seller->validate_params($_POST['password'])) {
19 |         $seller->password = $_POST['password'];
20 |     } else {
21 |         echo json_encode(array('success' => 0, 'message' => 'Password is required!'));
22 |         die();
23 |     }
24 | 
25 |     $s = $seller->login();
26 |     if (gettype($s) === 'array') {
27 |         http_response_code(200);
28 |         echo json_encode(array('success' => 1, 'message' => 'Login Successful!', 'seller' => $s));
29 |     } else {
30 |         http_response_code(402);
31 |         echo json_encode(array('success' => 0, 'message' => $s));
32 |     }
33 | } else {
34 |     die(header('HTTP/1.1 405 Request Method Not Allowed'));
35 | }
36 | 


--------------------------------------------------------------------------------
/api/seller/register.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | header('Access-Control-Allow-Origin: *');
 4 | header('Content-type: application/json');
 5 | header('Access-Control-Allow-Method: POST');
 6 | header('Access-Control-Allow-Headers: Origin, Content-type, Accept'); // Handle pre-flight request
 7 | 
 8 | include_once '../../models/Seller.php';
 9 | 
10 | if ($_SERVER['REQUEST_METHOD'] === 'POST') {
11 |     if ($seller->validate_params($_POST['name'])) {
12 |         $seller->name = $_POST['name'];
13 |     } else {
14 |         echo json_encode(array('success' => 0, 'message' => 'Name is required!'));
15 |         die();
16 |     }
17 | 
18 |     if ($seller->validate_params($_POST['email'])) {
19 |         $seller->email = $_POST['email'];
20 |     } else {
21 |         echo json_encode(array('success' => 0, 'message' => 'Email is required!'));
22 |         die();
23 |     }
24 | 
25 |     if ($seller->validate_params($_POST['password'])) {
26 |         $seller->password = $_POST['password'];
27 |     } else {
28 |         echo json_encode(array('success' => 0, 'message' => 'Password is required!'));
29 |         die();
30 |     }
31 | 
32 |     // saving picture of seller
33 |     $seller_images_folder = '../../assets/seller_images/';
34 | 
35 |     if (!is_dir($seller_images_folder)) {
36 |         mkdir($seller_images_folder);
37 |     }
38 | 
39 |     if (isset($_FILES['image'])) {
40 |         $file_name = $_FILES['image']['name'];
41 |         $file_tmp = $_FILES['image']['tmp_name'];
42 |         $extension = end(explode('.', $file_name));
43 | 
44 |         $new_file_name = $seller->email . "_profile" . "." . $extension;
45 | 
46 |         move_uploaded_file($file_tmp, $seller_images_folder . "/" . $new_file_name);
47 | 
48 |         $seller->image = 'seller_images/' . $new_file_name;
49 |     }
50 | 
51 |     if ($seller->validate_params($_POST['address'])) {
52 |         $seller->address = $_POST['address'];
53 |     } else {
54 |         echo json_encode(array('success' => 0, 'message' => 'Address is required!'));
55 |         die();
56 |     }
57 | 
58 |     if ($seller->validate_params($_POST['description'])) {
59 |         $seller->description = $_POST['description'];
60 |     } else {
61 |         echo json_encode(array('success' => 0, 'message' => 'Description is required!'));
62 |         die();
63 |     }
64 | 
65 |     if ($seller->check_unique_email()) {
66 |         if ($id = $seller->register_seller()) {
67 |             echo json_encode(array('success' => 1, 'message' => 'Seller regstered!'));
68 |         } else {
69 |             http_response_code(500);
70 |             echo json_encode(array('success' => 0, 'message' => 'Internal Server Error'));
71 |         }
72 |     } else {
73 |         http_response_code(401);
74 |         echo json_encode(array('success' => 0, 'message' => 'Email already exists!'));
75 |     }
76 | } else {
77 |     die(header('HTTP/1.1 405 Request Method Not Allowed'));
78 | }
79 | 


--------------------------------------------------------------------------------
/includes/Bcrypt.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | /**
  4 |  * Bcrypt class
  5 |  * 
  6 |  * @author Christian Metz
  7 |  * @since 23.06.2012
  8 |  * @copyright Christian Metz - MetzWeb Networks 2012
  9 |  * @version 1.0
 10 |  * @license BSD http://www.opensource.org/licenses/bsd-license.php
 11 |  */
 12 | 
 13 | class Bcrypt {
 14 | 
 15 |   /**
 16 |    * Work cost factor
 17 |    * range between [04; 31]
 18 |    * 
 19 |    * @var string
 20 |    */
 21 |   private static $_workFactor = 12;
 22 | 
 23 |   /**
 24 |    * Default identifier
 25 |    * 
 26 |    * @var string
 27 |    */
 28 |   private static $_identifier = '2y';
 29 | 
 30 |   /**
 31 |    * All valid hash identifiers
 32 |    * 
 33 |    * @var array
 34 |    */
 35 |   private static $_validIdentifiers = array ('2a', '2x', '2y');
 36 | 
 37 |   /**
 38 |    * Hash password
 39 |    * 
 40 |    * @param string $password
 41 |    * @param integer [optional] $workFactor
 42 |    * @return string
 43 |    */
 44 |   public static function hashPassword($password, $workFactor = 0) {
 45 |     if (version_compare(PHP_VERSION, '5.3') < 0) {
 46 |       throw new Exception('Bcrypt requires PHP 5.3 or above');
 47 |     }
 48 |     
 49 |     $salt = self::_genSalt($workFactor);
 50 |     return crypt($password, $salt);
 51 |   }
 52 | 
 53 |   /**
 54 |    * Check bcrypt password
 55 |    * 
 56 |    * @param string $password
 57 |    * @param string $storedHash
 58 |    * @return boolean
 59 |    */
 60 |   public static function checkPassword($password, $storedHash) {
 61 |     if (version_compare(PHP_VERSION, '5.3') < 0) {
 62 |       throw new Exception('Bcrypt requires PHP 5.3 or above');
 63 |     }
 64 |     
 65 |     self::_validateIdentifier($storedHash);
 66 |     $checkHash = crypt($password, $storedHash);
 67 |     
 68 |     return ($checkHash === $storedHash);
 69 |   }
 70 | 
 71 |   /**
 72 |    * Generates the salt string
 73 |    * 
 74 |    * @param integer $workFactor
 75 |    * @return string
 76 |    */
 77 |   private static function _genSalt($workFactor) {
 78 |     if ($workFactor < 4 || $workFactor > 31) {
 79 |       $workFactor = self::$_workFactor;
 80 |     }
 81 |     
 82 |     $input = self::_getRandomBytes();
 83 |     $salt = '$' . self::$_identifier . '$';
 84 |     
 85 |     $salt .= str_pad($workFactor, 2, '0', STR_PAD_LEFT);
 86 |     $salt .= '$';
 87 |     
 88 |     $salt .= substr(strtr(base64_encode($input), '+', '.'), 0, 22);
 89 |     
 90 |     return $salt;
 91 |   }
 92 | 
 93 |   /**
 94 |    * OpenSSL's random generator
 95 |    * 
 96 |    * @return string
 97 |    */
 98 |   private static function _getRandomBytes() {
 99 |     if (!function_exists('openssl_random_pseudo_bytes')) {
100 |       throw new Exception('Unsupported hash format.');
101 |     }
102 |     return openssl_random_pseudo_bytes(16);
103 |   }
104 | 
105 |   /**
106 |    * Validate identifier
107 |    * 
108 |    * @param string $hash
109 |    * @return void
110 |    */
111 |   private static function _validateIdentifier($hash) {
112 |     if (!in_array(substr($hash, 1, 2), self::$_validIdentifiers)) {
113 |       throw new Exception('Unsupported hash format.');
114 |     }
115 |   }
116 | 
117 | }


--------------------------------------------------------------------------------
/includes/Database.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | define('HOST', 'localhost');
 4 | define('USER_NAME', 'root');
 5 | define('PASSWORD', 'root');
 6 | define('DB_NAME', 'better_buys');
 7 | 
 8 | // class DB start
 9 | class Database
10 | {
11 |     private $connection;
12 | 
13 |     // Constructor
14 |     public function __construct()
15 |     {
16 |         $this->open_db_connection();
17 |     }
18 | 
19 |     // Creating connection with db
20 |     public function open_db_connection()
21 |     {
22 |         $this->connection = mysqli_connect(HOST, USER_NAME, PASSWORD, DB_NAME);
23 | 
24 |         if (mysqli_connect_error()) {
25 |             die('Connection Error: '.mysqli_connect_error());
26 |         }
27 |     }
28 | 
29 |     // Running SQL query on db
30 |     public function query($sql)
31 |     {
32 |         $result = $this->connection->query($sql);
33 | 
34 |         if (!$result) {
35 |             die('Query fails : '.$sql);
36 |         }
37 | 
38 |         return $result;
39 |     }
40 | 
41 |     // Getting list of all rows
42 |     public function fetch_array($result)
43 |     {
44 |         if ($result->num_rows > 0) {
45 |             while ($row = $result->fetch_assoc()) {
46 |                 $resultarray[] = $row;
47 |             }
48 |             return $resultarray;
49 |         }
50 |     }
51 | 
52 |     // Getting only 1 row
53 |     public function fetch_row($result)
54 |     {
55 |         if ($result->num_rows > 0) {
56 |             $row = $result->fetch_assoc();
57 |             return $row;
58 |         }
59 |     }
60 | 
61 |     // Checking if string is in proper format
62 |     public function escape_value($value)
63 |     {
64 |         $value = $this->connection->real_escape_string($value);
65 |         return $value;
66 |     }
67 | 
68 |     // Closing connection
69 |     public function close_connection()
70 |     {
71 |         $this->connection->close();
72 |     }
73 | } // Class ends
74 | 
75 | $database = new Database();
76 | 


--------------------------------------------------------------------------------
/models/Product.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | $ds = DIRECTORY_SEPARATOR;
 4 | $base_dir = realpath(dirname(__FILE__). $ds . '..') . $ds;
 5 | 
 6 | require_once("{$base_dir}includes{$ds}Database.php"); // Including database
 7 | 
 8 | // class start
 9 | class Product
10 | {
11 |     private $table = 'products';
12 | 
13 |     public $id;
14 |     public $seller_id;
15 |     public $name;
16 |     public $image;
17 |     public $price_per_kg;
18 |     public $description;
19 |     public $interaction_count;
20 | 
21 |     // contructor
22 |     public function __construct()
23 |     {
24 |     }
25 |  
26 |     // validating if params exists or not
27 |     public function validate_params($value)
28 |     {
29 |         return (!empty($value));
30 |     }
31 | 
32 |     // storing product details
33 |     public function add_product()
34 |     {
35 |         global $database;
36 | 
37 |         $this->seller_id = trim(htmlspecialchars(strip_tags($this->seller_id)));
38 |         $this->name = trim(htmlspecialchars(strip_tags($this->name)));
39 |         $this->image = trim(htmlspecialchars(strip_tags($this->image)));
40 |         $this->price_per_kg = trim(htmlspecialchars(strip_tags($this->price_per_kg)));
41 |         $this->description = trim(htmlspecialchars(strip_tags($this->description)));
42 |         
43 |         $sql = "INSERT INTO $this->table (seller_id, name, image, price_per_kg, description) VALUES (
44 |             '" .$database->escape_value($this->seller_id). "',
45 |             '" .$database->escape_value($this->name). "',
46 |             '" .$database->escape_value($this->image). "',
47 |             '" .$database->escape_value($this->price_per_kg). "',
48 |             '" .$database->escape_value($this->description). "'
49 |             )";
50 |             
51 |         $result = $database->query($sql);
52 |         
53 |         if ($result) {
54 |             return true;
55 |         } else {
56 |             return false;
57 |         }
58 |     }
59 |     
60 |     // method to return the list of products per seller
61 |     public function get_products_per_seller()
62 |     {
63 |         global $database;
64 |         
65 |         $this->seller_id = trim(htmlspecialchars(strip_tags($this->seller_id)));
66 | 
67 |         $sql = "SELECT * FROM $this->table WHERE seller_id = '" .$database->escape_value($this->seller_id). "'";
68 | 
69 |         $result = $database->query($sql);
70 | 
71 |         return $database->fetch_array($result);
72 |     }
73 | } // class ends
74 | 
75 | // object
76 | $product = new Product();
77 | 


--------------------------------------------------------------------------------
/models/Seller.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | $ds = DIRECTORY_SEPARATOR;
  4 | $base_dir = realpath(dirname(__FILE__). $ds . '..') . $ds;
  5 | 
  6 | require_once("{$base_dir}includes{$ds}Database.php"); // Including database
  7 | require_once("{$base_dir}includes{$ds}Bcrypt.php"); // Including Bcrypt
  8 | 
  9 | // Class Seller Start
 10 | class Seller
 11 | {
 12 |     private $table = 'sellers';
 13 | 
 14 |     public $id;
 15 |     public $name;
 16 |     public $email;
 17 |     public $password;
 18 |     public $image;
 19 |     public $address;
 20 |     public $description;
 21 | 
 22 |     // contructor
 23 |     public function __construct()
 24 |     {
 25 |     }
 26 | 
 27 |     // validating if params exists or not
 28 |     public function validate_params($value)
 29 |     {
 30 |         return (!empty($value));
 31 |     }
 32 | 
 33 |     // to check if email is unique or not
 34 |     public function check_unique_email()
 35 |     {
 36 |         global $database;
 37 | 
 38 |         $this->email = trim(htmlspecialchars(strip_tags($this->email)));
 39 | 
 40 |         $sql = "SELECT id FROM $this->table WHERE email = '" .$database->escape_value($this->email). "'";
 41 | 
 42 |         $result = $database->query($sql);
 43 |         $user_id = $database->fetch_row($result);
 44 | 
 45 |         return empty($user_id);
 46 |     }
 47 | 
 48 |     // saving new data in our database
 49 |     public function register_seller()
 50 |     {
 51 |         global $database;
 52 | 
 53 |         $this->name = trim(htmlspecialchars(strip_tags($this->name)));
 54 |         $this->email = trim(htmlspecialchars(strip_tags($this->email)));
 55 |         $this->password = trim(htmlspecialchars(strip_tags($this->password)));
 56 |         $this->image = trim(htmlspecialchars(strip_tags($this->image)));
 57 |         $this->address = trim(htmlspecialchars(strip_tags($this->address)));
 58 |         $this->description = trim(htmlspecialchars(strip_tags($this->description)));
 59 | 
 60 |         $sql = "INSERT INTO $this->table (name, email, password, image, address, description) VALUES (
 61 |             '" .$database->escape_value($this->name). "',
 62 |             '" .$database->escape_value($this->email). "',
 63 |             '" .$database->escape_value(Bcrypt::hashPassword($this->password)). "',
 64 |             '" .$database->escape_value($this->image). "',
 65 |             '" .$database->escape_value($this->address). "',
 66 |             '" .$database->escape_value($this->description). "'
 67 |         )";
 68 | 
 69 |         $seller_saved = $database->query($sql);
 70 | 
 71 |         if ($seller_saved) {
 72 |             return true;
 73 |         } else {
 74 |             return false;
 75 |         }
 76 |     }
 77 | 
 78 |     // login function
 79 |     public function login()
 80 |     {
 81 |         global $database;
 82 | 
 83 |         $this->email = trim(htmlspecialchars(strip_tags($this->email)));
 84 |         $this->password = trim(htmlspecialchars(strip_tags($this->password)));
 85 | 
 86 |         $sql = "SELECT * FROM $this->table WHERE email = '" .$database->escape_value($this->email). "'";
 87 | 
 88 |         $result = $database->query($sql);
 89 |         $seller = $database->fetch_row($result);
 90 | 
 91 |         if (empty($seller)) {
 92 |             return "Seller doesn't exist.";
 93 |         } else {
 94 |             if (Bcrypt::checkPassword($this->password, $seller['password'])) {
 95 |                 unset($seller['password']);
 96 |                 return $seller;
 97 |             } else {
 98 |                 return "Password doesn't match.";
 99 |             }
100 |         }
101 |     }
102 | 
103 |     // method to return the list of seller
104 |     public function all_sellers() {
105 |         global $database;
106 | 
107 |         $sql = "SELECT id, name, image, address FROM $this->table";
108 | 
109 |         $result = $database->query($sql);
110 | 
111 |         return $database->fetch_array($result);
112 |     }
113 | } // Class Ends
114 | 
115 | // Seller object
116 | $seller = new Seller();
117 | 


--------------------------------------------------------------------------------