fix(public) better structure

README.MD

@@ -23,7 +23,7 @@
 
 <img src="https://i.imgur.com/ZjLkOIR.png" width="500px">
 
-
+Note: This app is not intended for production use, but for personal or educational purposes.
 
 ### Built With
 

components/account/main.php

@@ -0,0 +1,73 @@
+<?php
+
+function getUserDetails($userId) {
+    global $conn;
+    try {
+        $query = $conn->prepare("SELECT email, firstName, lastName FROM users WHERE id = ?");
+        $query->execute([$userId]);
+        return $query->fetch(PDO::FETCH_ASSOC);
+    } catch(PDOException $e) {
+        return null;
+    }
+}
+
+function updateUserDetails($userId, $email, $firstName, $lastName, $password = null) {
+    global $conn;
+    try {
+        if ($password) {
+            $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ? WHERE id = ?");
+            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+            $query->execute([$email, $firstName, $lastName, $hashedPassword, $userId]);
+        } else {
+            $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ? WHERE id = ?");
+            $query->execute([$email, $firstName, $lastName, $userId]);
+        }
+        return true;
+    } catch(PDOException $e) {
+        return false;
+    }
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $success = updateUserDetails($_SESSION['user_id'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $_POST['password']);
+
+    if ($success) {
+        $_SESSION['message'] = '<div class="alert alert-success text-center" role="alert">Account updated successfully.</div>';
+    } else {
+        $_SESSION['message'] = '<div class="alert alert-danger text-center" role="alert">Failed to update account.</div>';
+    }
+
+    header("Location: " . $_SERVER['REQUEST_URI']);
+    exit();
+}
+
+$userDetails = getUserDetails($_SESSION['user_id']);
+?>
+
+<div class="container mt-5">
+    <?php
+        echo $_SESSION['message'] ?? '';
+        unset($_SESSION['message']);
+        ?>
+        <h2 class="mb-4">Edit Account</h2>
+        <form method="POST" action="">
+            <div class="mb-3">
+                <label for="email" class="form-label">Email</label>
+                <input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($userDetails['email']); ?>" placeholder="Enter your email" required>
+            </div>
+            <div class="mb-3">
+                <label for="firstName" class="form-label">First Name</label>
+                <input type="text" class="form-control" id="firstName" name="firstName" value="<?php echo htmlspecialchars($userDetails['firstName']); ?>" placeholder="Enter your first name" required>
+            </div>
+            <div class="mb-3">
+                <label for="lastName" class="form-label">Last Name</label>
+                <input type="text" class="form-control" id="lastName" name="lastName" value="<?php echo htmlspecialchars($userDetails['lastName']); ?>" placeholder="Enter your last name" required>
+            </div>
+            <div class="mb-3">
+                <label for="password" class="form-label">Password</label>
+                <input type="password" class="form-control" id="password" name="password" placeholder="Enter a new password">
+                <small class="form-text text-muted">Leave blank if you do not want to change the password</small>
+            </div>
+            <button type="submit" class="btn btn-primary">Save Changes</button>
+        </form>
+    </div>

components/admin/main.php

@@ -0,0 +1,73 @@
+<?php
+
+if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] !== 1) {
+    header("Location: /");
+    exit();
+}
+
+function getUsers() {
+    global $conn;
+    try {
+        $query = $conn->prepare("SELECT id, email, firstName, lastName FROM users");
+        $query->execute();
+        return $query->fetchAll(PDO::FETCH_ASSOC);
+    } catch (PDOException $e) {
+        return [];
+    }
+}
+
+$users = getUsers();
+
+function updateUserDetails($userId, $email, $firstName, $lastName, $password = null) {
+    global $conn;
+    try {
+        if ($password) {
+            $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ? WHERE id = ?");
+            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+            $query->execute([$email, $firstName, $lastName, $hashedPassword, $userId]);
+        } else {
+            $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ? WHERE id = ?");
+            $query->execute([$email, $firstName, $lastName, $userId]);
+        }
+        return true;
+    } catch(PDOException $e) {
+        return false;
+    }
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
+    $password = !empty($_POST['password']) ? $_POST['password'] : null;
+
+    $success = updateUserDetails($_POST['userId'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $password);
+
+    if ($success) {
+        $_SESSION['message'] = '<div class="alert alert-success text-center" role="alert">User updated successfully.</div>';
+    } else {
+        $_SESSION['message'] = '<div class="alert alert-danger text-center" role="alert">Failed to update user.</div>';
+    }
+
+    header("Location: " . $_SERVER['REQUEST_URI']);
+    exit();
+}
+
+?>
+
+    <div class="container mt-5">
+        <?php
+        echo $_SESSION['message'] ?? '';
+        unset($_SESSION['message']);
+        ?>
+        <h2 class="mb-4">Administration</h2>
+        <?php include 'users_list.php'; ?>
+    </div>
+
+    <?php include 'modal.php'; ?>
+    <script>
+    var editUserModal = document.getElementById('editUserModal');
+    editUserModal.addEventListener('show.bs.modal', function (event) {
+        editUserModal.querySelector('#editUserId').value = event.relatedTarget.getAttribute('data-id');
+        editUserModal.querySelector('#editEmail').value = event.relatedTarget.getAttribute('data-email');
+        editUserModal.querySelector('#editFirstName').value = event.relatedTarget.getAttribute('data-firstname');
+        editUserModal.querySelector('#editLastName').value = event.relatedTarget.getAttribute('data-lastname');
+    });
+    </script>

components/admin/modal.php

@@ -0,0 +1,33 @@
+<div class="modal fade" id="editUserModal" tabindex="-1" aria-labelledby="editUserModalLabel" aria-hidden="true">
+        <div class="modal-dialog">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <h5 class="modal-title">Edititing user</h5>
+                    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+                </div>
+                <div class="modal-body">
+                    <form id="editUserForm" method="POST" action="">
+                        <input type="hidden" name="userId" id="editUserId">
+                        <div class="mb-3">
+                            <label for="editEmail" class="form-label">Email</label>
+                            <input type="email" class="form-control" id="editEmail" name="email" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="editFirstName" class="form-label">First Name</label>
+                            <input type="text" class="form-control" id="editFirstName" name="firstName" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="editLastName" class="form-label">Last Name</label>
+                            <input type="text" class="form-control" id="editLastName" name="lastName" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="editPassword" class="form-label">Password</label>
+                            <input type="password" class="form-control" id="editPassword" name="password">
+                            <small class="form-text text-muted">Leave blank if you do not want to change the password</small>
+                        </div>
+                        <button type="submit" class="btn btn-primary">Save Changes</button>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>

components/admin/users_list.php

@@ -0,0 +1,30 @@
+<table class="table table-striped">
+            <thead>
+                <tr>
+                    <th scope="col">#</th>
+                    <th scope="col">Email</th>
+                    <th scope="col">First Name</th>
+                    <th scope="col">Last Name</th>
+                    <th scope="col"></th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($users as $user): ?>
+                <tr>
+                    <th scope="row"><?php echo htmlspecialchars($user['id']); ?></th>
+                    <td><?php echo htmlspecialchars($user['email']); ?></td>
+                    <td><?php echo htmlspecialchars($user['firstName']); ?></td>
+                    <td><?php echo htmlspecialchars($user['lastName']); ?></td>
+                    <td>
+                        <button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#editUserModal"
+                                data-id="<?php echo htmlspecialchars($user['id']); ?>"
+                                data-email="<?php echo htmlspecialchars($user['email']); ?>"
+                                data-firstname="<?php echo htmlspecialchars($user['firstName']); ?>"
+                                data-lastname="<?php echo htmlspecialchars($user['lastName']); ?>">
+                            Edit
+                        </button>
+                    </td>
+                </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>

components/homepage/line.php

@@ -10,7 +10,7 @@
     
         foreach ($favoriteStops as $stop) {
             $stop_name = getStopName($stop['stopId']);
-            include 'components/homepage/stop.php';
+            include 'stop.php';
             if (count($favoriteStops) > 1) {
                 echo '<hr class="mt-4">';
             }

components/homepage/main.php

@@ -38,7 +38,7 @@ $lineIds = $query->fetchAll(PDO::FETCH_COLUMN);
 
 <?php
 foreach ($lineIds as $lineId) {
-    include 'components/homepage/line.php';
+    include 'line.php';
 }
 
 if (empty($lineIds)) {
@@ -55,7 +55,7 @@ function removeFavorite(stopId, lineId) {
     formData.append('lineId', lineId);
     formData.append('action', 'remove');
 
-    fetch('/endpoints/updateFavorite.php', {
+    fetch('/updateFavorite.php', {
         method: 'POST',
         body: formData
     })

components/login/main.php

@@ -11,7 +11,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     $_SESSION['user_id'] = $user['id'];
     $_SESSION['first_name'] = $user['first_name'];
     $_SESSION['is_admin'] = $user['is_admin'];
-    header("Location: index.php");
+    header("Location: /");
   } else {
     $errorMessage = "Invalid email or password.";
   }

components/navigate/main.php

@@ -46,7 +46,7 @@ function isFavorite($userId, $stopId, $lineId) {
                                         <div class="modal-body">
                                             <?php $stations = getStops($i); ?>
                                             <div class="row">
-                                                <?php include 'components/navigate/stop_list.php'; ?>
+                                                <?php include 'stop_list.php'; ?>
                                             </div>
                                         </div>
                                     </div>
@@ -72,7 +72,7 @@ document.addEventListener('DOMContentLoaded', function() {
             var action = this.classList.contains('add-stop') ? 'add' : 'remove';
             var buttonElement = this;
 
-            fetch('/endpoints/updateFavorite.php', {
+            fetch('/updateFavorite.php', {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/x-www-form-urlencoded'

components/register/main.php

@@ -1,8 +1,6 @@
 <?php
 
-
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-
     if ($_POST['password'] !== $_POST['confirmPassword']) {
         $errorMessage = "Password doesnt match";
     } else {

components/structure/header.php

@@ -11,4 +11,4 @@
   }
   ?>
 </head>
-<body style="display:none;">
+<body style="display:block;">

components/structure/main.php

@@ -1,7 +1,7 @@
 <?php 
 session_start();
 
-include 'config.php';
+include __DIR__ . '/../../config.php';
 
 $page = basename($_SERVER['PHP_SELF']);
 if (!isset($_SESSION['user_id']) && $page !== 'login.php' && $page !== 'register.php') {
@@ -12,9 +12,9 @@ if (!isset($_SESSION['user_id']) && $page !== 'login.php' && $page !== 'register
     exit();
 }
 
-include 'structure/header.php'; 
+include 'header.php'; 
-include 'structure/navbar.php'; 
+include 'navbar.php'; 
-include 'services/db.php'; 
+include __DIR__ . '/../../services/db.php'; 
     
 ?>
 
@@ -22,7 +22,7 @@ include 'services/db.php';
     <?php include $content; ?>
 </main>
 
-<?php include 'structure/footer.php'; ?>
+<?php include 'footer.php'; ?>
 
 <script>
     window.addEventListener('load', function() {

components/structure/navbar.php

@@ -17,7 +17,7 @@
               <a class="nav-link <?php echo ($_SERVER['REQUEST_URI'] == '/navigate.php') ? 'active' : ''; ?>" href="/navigate.php">Discover</a>
             </li>
             <li class="nav-item">
-              <a class="nav-link" href="#">Account</a>
+            <a class="nav-link <?php echo ($_SERVER['REQUEST_URI'] == '/account.php') ? 'active' : ''; ?>" href="/account.php">Account</a>
             </li>
           </ul>
           <ul class="navbar-nav ms-auto mb-2 mb-lg-0">
@@ -26,7 +26,9 @@
             </li>
           </ul>
           <div class="d-flex">
-            <a class="btn btn-primary" href="#">Admin</a>
+              <?php if(isset($_SESSION['is_admin']) && $_SESSION['is_admin']): ?>
+                  <a class="btn btn-primary" href="/admin.php">Admin</a>
+              <?php endif; ?>
           </div>
         </div>
       </div>

index.php

@@ -1,5 +0,0 @@
-<?php
-
-$content = 'components/homepage/main.php';
-include 'structure/main.php';
-?>

login.php

@@ -1,4 +0,0 @@
-<?php
-$content = 'components/login/main.php';
-include 'structure/main.php';
-?>

navigate.php

@@ -1,4 +0,0 @@
-<?php
-$content = 'components/navigate/main.php';
-include 'structure/main.php';
-?>

public/account.php

@@ -0,0 +1,4 @@
+<?php
+$content = __DIR__ . '/../components/account/main.php';
+include __DIR__ . '/../components/structure/main.php';
+?>

public/admin.php

@@ -0,0 +1,4 @@
+<?php
+$content = __DIR__ . '/../components/admin/main.php';
+include __DIR__ . '/../components/structure/main.php';
+?>

public/index.php

@@ -0,0 +1,4 @@
+<?php
+$content = __DIR__ . '/../components/homepage/main.php';
+include __DIR__ . '/../components/structure/main.php';
+?>

public/login.php

@@ -0,0 +1,4 @@
+<?php
+$content = __DIR__ . '/../components/login/main.php';
+include __DIR__ . '/../components/structure/main.php';
+?>

public/navigate.php

@@ -0,0 +1,4 @@
+<?php
+$content = __DIR__ . '/../components/navigate/main.php';
+include __DIR__ . '/../components/structure/main.php';
+?>

public/register.php

@@ -0,0 +1,4 @@
+<?php
+$content = __DIR__ . '/../components/register/main.php';
+include __DIR__ . '/../components/structure/main.php';
+?>

public/updateFavorite.php

@@ -1,7 +1,7 @@
 <?php
 session_start();
-include '../config.php';
+include __DIR__ . '/../config.php';
-include '../services/db.php';
+include __DIR__ . '/../services/db.php';
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['stopId'], $_POST['lineId'], $_POST['action'])) {
     $userId = $_SESSION['user_id'];

register.php

@@ -1,4 +0,0 @@
-<?php
-$content = 'components/register/main.php';
-include 'structure/main.php';
-?>