fix(public) better structure

components/account/main.php

@@ -0,0 +1,73 @@
+<?php
+
+function getUserDetails($userId) {
+    global $conn;
+    try {
+        $query = $conn->prepare("SELECT email, firstName, lastName FROM users WHERE id = ?");
+        $query->execute([$userId]);
+        return $query->fetch(PDO::FETCH_ASSOC);
+    } catch(PDOException $e) {
+        return null;
+    }
+}
+
+function updateUserDetails($userId, $email, $firstName, $lastName, $password = null) {
+    global $conn;
+    try {
+        if ($password) {
+            $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ? WHERE id = ?");
+            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+            $query->execute([$email, $firstName, $lastName, $hashedPassword, $userId]);
+        } else {
+            $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ? WHERE id = ?");
+            $query->execute([$email, $firstName, $lastName, $userId]);
+        }
+        return true;
+    } catch(PDOException $e) {
+        return false;
+    }
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $success = updateUserDetails($_SESSION['user_id'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $_POST['password']);
+
+    if ($success) {
+        $_SESSION['message'] = '<div class="alert alert-success text-center" role="alert">Account updated successfully.</div>';
+    } else {
+        $_SESSION['message'] = '<div class="alert alert-danger text-center" role="alert">Failed to update account.</div>';
+    }
+
+    header("Location: " . $_SERVER['REQUEST_URI']);
+    exit();
+}
+
+$userDetails = getUserDetails($_SESSION['user_id']);
+?>
+
+<div class="container mt-5">
+    <?php
+        echo $_SESSION['message'] ?? '';
+        unset($_SESSION['message']);
+        ?>
+        <h2 class="mb-4">Edit Account</h2>
+        <form method="POST" action="">
+            <div class="mb-3">
+                <label for="email" class="form-label">Email</label>
+                <input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($userDetails['email']); ?>" placeholder="Enter your email" required>
+            </div>
+            <div class="mb-3">
+                <label for="firstName" class="form-label">First Name</label>
+                <input type="text" class="form-control" id="firstName" name="firstName" value="<?php echo htmlspecialchars($userDetails['firstName']); ?>" placeholder="Enter your first name" required>
+            </div>
+            <div class="mb-3">
+                <label for="lastName" class="form-label">Last Name</label>
+                <input type="text" class="form-control" id="lastName" name="lastName" value="<?php echo htmlspecialchars($userDetails['lastName']); ?>" placeholder="Enter your last name" required>
+            </div>
+            <div class="mb-3">
+                <label for="password" class="form-label">Password</label>
+                <input type="password" class="form-control" id="password" name="password" placeholder="Enter a new password">
+                <small class="form-text text-muted">Leave blank if you do not want to change the password</small>
+            </div>
+            <button type="submit" class="btn btn-primary">Save Changes</button>
+        </form>
+    </div>

components/admin/main.php

@@ -0,0 +1,73 @@
+<?php
+
+if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] !== 1) {
+    header("Location: /");
+    exit();
+}
+
+function getUsers() {
+    global $conn;
+    try {
+        $query = $conn->prepare("SELECT id, email, firstName, lastName FROM users");
+        $query->execute();
+        return $query->fetchAll(PDO::FETCH_ASSOC);
+    } catch (PDOException $e) {
+        return [];
+    }
+}
+
+$users = getUsers();
+
+function updateUserDetails($userId, $email, $firstName, $lastName, $password = null) {
+    global $conn;
+    try {
+        if ($password) {
+            $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ? WHERE id = ?");
+            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+            $query->execute([$email, $firstName, $lastName, $hashedPassword, $userId]);
+        } else {
+            $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ? WHERE id = ?");
+            $query->execute([$email, $firstName, $lastName, $userId]);
+        }
+        return true;
+    } catch(PDOException $e) {
+        return false;
+    }
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
+    $password = !empty($_POST['password']) ? $_POST['password'] : null;
+
+    $success = updateUserDetails($_POST['userId'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $password);
+
+    if ($success) {
+        $_SESSION['message'] = '<div class="alert alert-success text-center" role="alert">User updated successfully.</div>';
+    } else {
+        $_SESSION['message'] = '<div class="alert alert-danger text-center" role="alert">Failed to update user.</div>';
+    }
+
+    header("Location: " . $_SERVER['REQUEST_URI']);
+    exit();
+}
+
+?>
+
+    <div class="container mt-5">
+        <?php
+        echo $_SESSION['message'] ?? '';
+        unset($_SESSION['message']);
+        ?>
+        <h2 class="mb-4">Administration</h2>
+        <?php include 'users_list.php'; ?>
+    </div>
+
+    <?php include 'modal.php'; ?>
+    <script>
+    var editUserModal = document.getElementById('editUserModal');
+    editUserModal.addEventListener('show.bs.modal', function (event) {
+        editUserModal.querySelector('#editUserId').value = event.relatedTarget.getAttribute('data-id');
+        editUserModal.querySelector('#editEmail').value = event.relatedTarget.getAttribute('data-email');
+        editUserModal.querySelector('#editFirstName').value = event.relatedTarget.getAttribute('data-firstname');
+        editUserModal.querySelector('#editLastName').value = event.relatedTarget.getAttribute('data-lastname');
+    });
+    </script>

components/admin/modal.php

@@ -0,0 +1,33 @@
+<div class="modal fade" id="editUserModal" tabindex="-1" aria-labelledby="editUserModalLabel" aria-hidden="true">
+        <div class="modal-dialog">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <h5 class="modal-title">Edititing user</h5>
+                    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+                </div>
+                <div class="modal-body">
+                    <form id="editUserForm" method="POST" action="">
+                        <input type="hidden" name="userId" id="editUserId">
+                        <div class="mb-3">
+                            <label for="editEmail" class="form-label">Email</label>
+                            <input type="email" class="form-control" id="editEmail" name="email" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="editFirstName" class="form-label">First Name</label>
+                            <input type="text" class="form-control" id="editFirstName" name="firstName" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="editLastName" class="form-label">Last Name</label>
+                            <input type="text" class="form-control" id="editLastName" name="lastName" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="editPassword" class="form-label">Password</label>
+                            <input type="password" class="form-control" id="editPassword" name="password">
+                            <small class="form-text text-muted">Leave blank if you do not want to change the password</small>
+                        </div>
+                        <button type="submit" class="btn btn-primary">Save Changes</button>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>

components/admin/users_list.php

@@ -0,0 +1,30 @@
+<table class="table table-striped">
+            <thead>
+                <tr>
+                    <th scope="col">#</th>
+                    <th scope="col">Email</th>
+                    <th scope="col">First Name</th>
+                    <th scope="col">Last Name</th>
+                    <th scope="col"></th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($users as $user): ?>
+                <tr>
+                    <th scope="row"><?php echo htmlspecialchars($user['id']); ?></th>
+                    <td><?php echo htmlspecialchars($user['email']); ?></td>
+                    <td><?php echo htmlspecialchars($user['firstName']); ?></td>
+                    <td><?php echo htmlspecialchars($user['lastName']); ?></td>
+                    <td>
+                        <button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#editUserModal"
+                                data-id="<?php echo htmlspecialchars($user['id']); ?>"
+                                data-email="<?php echo htmlspecialchars($user['email']); ?>"
+                                data-firstname="<?php echo htmlspecialchars($user['firstName']); ?>"
+                                data-lastname="<?php echo htmlspecialchars($user['lastName']); ?>">
+                            Edit
+                        </button>
+                    </td>
+                </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>

components/homepage/line.php

@@ -10,7 +10,7 @@
     
         foreach ($favoriteStops as $stop) {
             $stop_name = getStopName($stop['stopId']);
-            include 'components/homepage/stop.php';
+            include 'stop.php';
             if (count($favoriteStops) > 1) {
                 echo '<hr class="mt-4">';
             }

components/homepage/main.php

@@ -38,7 +38,7 @@ $lineIds = $query->fetchAll(PDO::FETCH_COLUMN);
 
 <?php
 foreach ($lineIds as $lineId) {
-    include 'components/homepage/line.php';
+    include 'line.php';
 }
 
 if (empty($lineIds)) {
@@ -55,7 +55,7 @@ function removeFavorite(stopId, lineId) {
     formData.append('lineId', lineId);
     formData.append('action', 'remove');
 
-    fetch('/endpoints/updateFavorite.php', {
+    fetch('/updateFavorite.php', {
         method: 'POST',
         body: formData
     })

components/login/main.php

@@ -11,7 +11,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     $_SESSION['user_id'] = $user['id'];
     $_SESSION['first_name'] = $user['first_name'];
     $_SESSION['is_admin'] = $user['is_admin'];
-    header("Location: index.php");
+    header("Location: /");
   } else {
     $errorMessage = "Invalid email or password.";
   }

components/navigate/main.php

@@ -46,7 +46,7 @@ function isFavorite($userId, $stopId, $lineId) {
                                         <div class="modal-body">
                                             <?php $stations = getStops($i); ?>
                                             <div class="row">
-                                                <?php include 'components/navigate/stop_list.php'; ?>
+                                                <?php include 'stop_list.php'; ?>
                                             </div>
                                         </div>
                                     </div>
@@ -72,7 +72,7 @@ document.addEventListener('DOMContentLoaded', function() {
             var action = this.classList.contains('add-stop') ? 'add' : 'remove';
             var buttonElement = this;
 
-            fetch('/endpoints/updateFavorite.php', {
+            fetch('/updateFavorite.php', {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/x-www-form-urlencoded'

components/register/main.php

@@ -1,8 +1,6 @@
 <?php
 
-
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-
     if ($_POST['password'] !== $_POST['confirmPassword']) {
         $errorMessage = "Password doesnt match";
     } else {

components/structure/footer.php

@@ -0,0 +1,2 @@
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
+<script src="https://kit.fontawesome.com/440009238d.js" crossorigin="anonymous"></script>

components/structure/header.php

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Subway schedules</title>
+  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
+  <?php
+  if (!isset($_SESSION['user_id'])) {
+    echo '<link href="assets/css/login.css" rel="stylesheet">';
+  }
+  ?>
+</head>
+<body style="display:block;">

components/structure/main.php

@@ -0,0 +1,34 @@
+<?php 
+session_start();
+
+include __DIR__ . '/../../config.php';
+
+$page = basename($_SERVER['PHP_SELF']);
+if (!isset($_SESSION['user_id']) && $page !== 'login.php' && $page !== 'register.php') {
+    header("Location: login.php");
+    exit();
+} else if (isset($_SESSION['user_id']) && ($page === 'login.php' || $page === 'register.php')) {
+    header("Location: index.php");
+    exit();
+}
+
+include 'header.php'; 
+include 'navbar.php'; 
+include __DIR__ . '/../../services/db.php'; 
+    
+?>
+
+<main class="container mt-4">
+    <?php include $content; ?>
+</main>
+
+<?php include 'footer.php'; ?>
+
+<script>
+    window.addEventListener('load', function() {
+        document.body.style.display = 'block';
+    });
+</script>
+
+</body>
+</html>

components/structure/navbar.php

@@ -0,0 +1,37 @@
+<?php if (isset($_SESSION['user_id'])) : ?>
+  <header>
+    <nav class="navbar navbar-expand-lg navbar-light bg-light">
+      <div class="container-fluid">
+        <a class="navbar-brand" href="/">
+          <img src="assets/logo/dark.png" alt="" width="64">
+        </a>
+        <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
+          <span class="navbar-toggler-icon"></span>
+        </button>
+        <div class="collapse navbar-collapse" id="navbarNav">
+          <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+            <li class="nav-item">
+              <a class="nav-link <?php echo ($_SERVER['REQUEST_URI'] == '/') ? 'active' : ''; ?>" href="/">Home</a>
+            </li>
+            <li class="nav-item">
+              <a class="nav-link <?php echo ($_SERVER['REQUEST_URI'] == '/navigate.php') ? 'active' : ''; ?>" href="/navigate.php">Discover</a>
+            </li>
+            <li class="nav-item">
+            <a class="nav-link <?php echo ($_SERVER['REQUEST_URI'] == '/account.php') ? 'active' : ''; ?>" href="/account.php">Account</a>
+            </li>
+          </ul>
+          <ul class="navbar-nav ms-auto mb-2 mb-lg-0">
+          <li class="nav-item">
+              <a class="nav-link" href="/logout.php"><i class="fa fa-sign-out"></i></a>
+            </li>
+          </ul>
+          <div class="d-flex">
+              <?php if(isset($_SESSION['is_admin']) && $_SESSION['is_admin']): ?>
+                  <a class="btn btn-primary" href="/admin.php">Admin</a>
+              <?php endif; ?>
+          </div>
+        </div>
+      </div>
+    </nav>
+  </header>
+<?php endif; ?>