Merge pull request #35 from BinarySoftware/SE2GoldenMaster

StockExperience 2.0 Golden Master

Author: BinarySoftware

backend/db(needs_setup).php

@@ -1,5 +1,14 @@
+<!--
+  db.html
+  StockExperience
+
+  Edited by BinarySoftware on 07/03/2019.
+  Copyright ©2019 BinarySoftware/Maciej Mikołajek. All rights reserved.
+
+  Purpose:  Database connection settings - you need to set them according to specs of your server, then rename file to db.php
+-->
+
 <?php
-/* Database connection settings */
 $host = 'your_host';
 $user = 'your_username';
 $pass = 'your_password';

backend/debug.php

@@ -1,13 +1,26 @@
+<!--
+  debug.html
+  StockExperience
+
+  Edited by BinarySoftware on 07/03/2019.
+  Copyright ©2019 BinarySoftware/Maciej Mikołajek. All rights reserved.
+
+  Purpose: Methods for debugging app, not crucial to functioning
+-->
+
 <?php
 
-function console_log( $data ){
+// using this method to log small bits of data to the console while debugging
+function console_log( $data ) {
     echo '<script>';
     echo 'console.log('. json_encode( $data ) .')';
     echo '</script>';
-  }
+}
 
-function console_log_messages( ...$messages ){
+  // using this method to log larger arrays of data to the console while debugging
+function console_log_messages( ...$messages ) {
     $msgs = '';
+
     foreach ($messages as $msg) {
         $msgs .= json_encode($msg);
     }

backend/forgotBackend.php

@@ -1,32 +1,43 @@
 <?php
 require 'db.php';
 session_start();
+?>
 
-if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) 
-{   
+<!--
+  forgotBackend.html
+  StockExperience
+
+  Edited by BinarySoftware on 07/03/2019.
+  Copyright ©2019 BinarySoftware/Maciej Mikołajek. All rights reserved.
+
+  Purpose: Backend part for sending data to user if user requested to change password
+-->
+
+<?php
+// this page is used in order to help users in case they have forgotten their password
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {   
     $email = $mysqli->escape_string($_POST['email']);
     $result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
-    if ( $result->num_rows == 0 ) // User doesn't exist
-    { 
+    if ( $result->num_rows == 0 ) {// result has no rows, hence user doesn't exist 
         $_SESSION['message'] = "Użytkownik z takim adresem nie istnieje!";
         echo "<script type='text/javascript'> document.location = '../error.php'; </script>";
-    }
-    else { // User exists (num_rows != 0)
-        $user = $result->fetch_assoc(); // $user becomes array with user data
+    } else { // User exists (num_rows != 0)
+        $user = $result->fetch_assoc(); // $user - array containing all user data
         $email = $user['email'];
         $hash = $user['hash'];
         $first_name = $user['first_name'];
-        // Session message to display on success.php
+
+        //message informing user to check their inbox
         $_SESSION['message'] = "<p>Proszę sprawdzić mail <span>$email</span>"
         . " gdzie został wysłany link do ukończenia zerowania hasła!</p>";
-        // Send registration confirmation link (reset.php)
         $to      = $email;
         $subject = 'Zerowanie hasła ( StockExperience )';
         $message_body = '
         Witaj '.$first_name.',
         Prosiłeś o możliwość wyzerowania hasła, oto twój link:
         http://stockexperiencepl.000webhostapp.com/reset.php?email='.$email.'&hash='.$hash;  
         mail($to, $subject, $message_body);
+
         echo "<script type='text/javascript'> document.location = '../success.php'; </script>";
   }
 }

backend/login.php

@@ -1,13 +1,22 @@
+<!--
+  login.html
+  StockExperience
+
+  Edited by BinarySoftware on 07/03/2019.
+  Copyright ©2019 BinarySoftware/Maciej Mikołajek. All rights reserved.
+
+  Purpose: Backend part for logging in user
+-->
+
 <?php
 // Escape email to protect against SQL injections
 $email = $mysqli->escape_string($_POST['email']);
 $result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
 
-if ( $result->num_rows == 0 ){ // User doesn't exist
+if ( $result->num_rows == 0 ) { // result has no rows, hence user doesn't exist
      $_SESSION['message'] = "Użytkownik z takim adresem nie istnieje!";
     echo "<script type='text/javascript'> document.location = '../error.php'; </script>";
-}
-else { // User exists
+} else { // User exists
     $user = $result->fetch_assoc();
     if ( password_verify($_POST['password'], $user['password']) ) {
         $_SESSION['email'] = $user['email'];
@@ -16,11 +25,10 @@
         $_SESSION['active'] = $user['active'];
         $_SESSION['money'] = $user['money'];
         $_SESSION['action_qty_dict'] = $user['action_qty_dict'];
-        // This is how we'll know the user is logged in
+        // flag to check if user is logged in, for later use
         $_SESSION['logged_in'] = true;
         echo "<script type='text/javascript'> document.location = '../profile.php'; </script>";
-    }
-    else {
+    } else { // wrong password
         $_SESSION['message'] = "Błędne hasło!";
         echo "<script type='text/javascript'> document.location = '../error.php'; </script>";
     }

backend/profileBackend.php

@@ -1,15 +1,25 @@
 <?php
 error_reporting(0);
 require 'db.php';
-// require 'debug.php';
 session_start();
+?>
 
+<!--
+  profileBackend.html
+  StockExperience
+
+  Edited by BinarySoftware on 07/03/2019.
+  Copyright ©2019 BinarySoftware/Maciej Mikołajek. All rights reserved.
+
+  Purpose: Backend part for setting up profile page
+-->
+
+<?php
 // Check if user is logged in using the session variable
 if ( $_SESSION['logged_in'] != 1 ) {
     $_SESSION['message'] = "Nie wyświetlimy danych bez zalogowania!";
     echo "<!DOCTYPE html><script type='text/javascript'> document.location = '../error.php'; </script>";
-}
-else {
+} else { //correct check, parse data
     $email = $mysqli->escape_string($_SESSION['email']);
     $result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
     $user = $result->fetch_assoc();
@@ -41,8 +51,7 @@
 
     $Header = $DOM->getElementsByTagName('tr');
     //#Get header name of the table
-    foreach($Header as $NodeHeader) 
-    {
+    foreach($Header as $NodeHeader) {
       $aDataTableHeaderHTML[] = trim($NodeHeader->textContent);
     }
 
@@ -63,35 +72,15 @@
                 $actions_dict = implode(",", $actions_ar);
                 $sql = "UPDATE users SET money='$money', action_qty_dict='$actions_dict' WHERE email='$email'";
                 if ( $mysqli->query($sql) ) {
-                    echo "<!DOCTYPE html><div id=\"ActionSendWindow\", class=\"modal\">
-                            <div class=\"modal-content\">
-                              <span class=\"close\">x</span>
-                              <h3 style='color:#000000'>Pomyslnie zakupiono akcje</h3>
-                            </div>
-                          </div>";
+                  createModal("Pomyślnie zakupiono akcje");
                 } else {
-                    echo "<!DOCTYPE html><div id=\"ActionSendWindow\", class=\"modal\">
-                            <div class=\"modal-content\">
-                              <span class=\"close\">x</span>
-                              <h3 style='color:#000000'>Problem z serwerem, transakcja odrzucona</h3>
-                            </div>
-                          </div>";
+                  createModal("Problem z serwerem, transakcja odrzucona");
                 }
             } else {
-                    echo "<!DOCTYPE html><div id=\"ActionSendWindow\", class=\"modal\">
-                            <div class=\"modal-content\">
-                              <span class=\"close\">x</span>
-                              <h3 style='color:#000000'>Za mało środków na koncie, transakcja odrzucona</h3>
-                            </div>
-                          </div>";
+              createModal("Za mało środków na koncie, transakcja odrzucona");
                 }
         } else {
-            echo "<!DOCTYPE html><div id=\"ActionSendWindow\", class=\"modal\">
-                    <div class=\"modal-content\">
-                      <span class=\"close\">x</span>
-                      <h3 style='color:#000000'>Brak wartosci podanej w okienku</h3>
-                    </div>
-                  </div>";
+          createModal("Brak wartości podanej w okienku");
         }
       //sell index
       } elseif ( isset( $_GET[$index[0].'s'] ) ) {
@@ -104,38 +93,29 @@
                 $actions_dict = implode(",", $actions_ar);
                 $sql = "UPDATE users SET money='$money', action_qty_dict='$actions_dict' WHERE email='$email'";
                 if ( $mysqli->query($sql) ) {
-                    echo "<!DOCTYPE html><div id=\"ActionSendWindow\", class=\"modal\">
-                            <div class=\"modal-content\">
-                              <span class=\"close\">x</span>
-                              <h3 style='color:#000000'>Pomyslnie sprzedano akcje</h3>
-                            </div>
-                          </div>";
+                  createModal("Pomyślnie sprzedano posiadane akcje");
                 } else {
-                    echo "<!DOCTYPE html><div id=\"ActionSendWindow\", class=\"modal\">
-                            <div class=\"modal-content\">
-                              <span class=\"close\">x</span>
-                              <h3 style='color:#000000'>Problem z serwerem, transakcja odrzucona</h3>
-                            </div>
-                          </div>";
+                  createModal("Problem z serwerem, transakcja odrzucona");
                 }
             } else {
-                    echo "<!DOCTYPE html><div id=\"ActionSendWindow\", class=\"modal\">   
-                            <div class=\"modal-content\">
-                              <span class=\"close\">x</span>
-                              <h3 style='color:#000000'>Za mało akcji, transakcja odrzucona</h3>
-                            </div>
-                          </div>";
+              createModal("Za mało posiadanych akcji, transakcja odrzucona");
                 }
         } else {
-            echo "<!DOCTYPE html><div id=\"ActionSendWindow\", class=\"modal\">                
-                    <div class=\"modal-content\">
-                      <span class=\"close\">x</span>
-                      <h3 style='color:#000000'>Brak wartosci podanej w okienku</h3>
-                    </div>
-                  </div>";
+          createModal("Brak wartości podanej w okienku");
       }
     }
+    //recalculate wallet
     $totalMoneyInStocks += floatval($price)*floatval($index[1]);
   }
 }
+
+function createModal( $message ) {
+  echo '<!DOCTYPE html><div id="ActionSendWindow", class="modal">   
+                            <div class="modal-content">
+                              <span class="close">x</span>
+                              <h3 style="color:#010101">'.$message.'</h3>
+                            </div>
+                          </div>';
+}
+
 ?>

backend/register.php

@@ -1,3 +1,13 @@
+<!--
+  register.html
+  StockExperience
+
+  Edited by BinarySoftware on 07/03/2019.
+  Copyright ©2019 BinarySoftware/Maciej Mikołajek. All rights reserved.
+
+  Purpose: Backend part for registering new user
+-->
+
 <?php
 // Set session variables to be used on profile.php page
 $_SESSION['email'] = $_POST['email'];
@@ -17,11 +27,10 @@
 if ( $result->num_rows > 0 ) {
     $_SESSION['message'] = 'Uzytkownik z takim mailem już istnieje!';
     echo "<script type='text/javascript'> document.location = '../error.php'; </script>";
-}
-else { 
+} else { 
     // active is 0 by DEFAULT
     //Small forloop to make mainteneance easier in case of changes in stock indexes
-    $indexes = ["KGH","PKO","PKN","PZU","JSW","CCC","DNP","CDR","LTS","ALR","TPE","PEO","SAN","PGN","GNB","ENG","PGE","ENA","EUR","KRU","PKP","LPP","PLY","MIL","CPS","OPL","MBK","EAT","BMC","VST","GTC","BFT","MRB","11B","MAB","EURPLN","CHFPLN","USDPLN","GBPPLN"];
+    $indexes = ["KGH","PKO","PKN","PZU","JSW","CCC","DNP","CDR","LTS","ALR","TPE","PEO","SAN","PGN","GNB","ENG","PGE","ENA","EUR","KRU","PKP","LPP","PLY","MIL","CPS","OPL","MBK","EAT","BMC","VST","GTC","BFT","MRB","11B","MAB","EURPLN","CHFPLN","USDPLN","GBPPLN"]; //indexes we want to use from GPW
     $listIndexValue = "";
     $lastElement = end($indexes);
     foreach ($indexes as &$index) {
@@ -32,15 +41,15 @@
             $listIndexValue .= "-0,";
         }
     }
+    //sql query to add user to app
     $sql = "INSERT INTO users (first_name, last_name, email, password, hash, money, action_qty_dict) " 
     . "VALUES ('$first_name','$last_name','$email','$password','$hash','100000','$listIndexValue')";
 
-    // Add user to the database
-    if ( $mysqli->query($sql) ){
+    if ( $mysqli->query($sql) ) {
         $_SESSION['active'] = 0; //0 until user activates their account with verify.php
         $_SESSION['logged_in'] = true; // So we know the user has logged in
         $_SESSION['message'] = "Link weryfikacyjny wysłany na: $email, prosimy o weryfikacje przez kliknięcie w link!";
-        // Send registration confirmation link (verify.php)
+        // Send registration confirmation link (verify.php) via email
         $to = $email;
         $subject = 'Weryfikacja konta ( StockExperience )';
         $message_body = '
@@ -50,7 +59,7 @@
         https://stockexperiencepl.000webhostapp.com/backend/verify.php?email='.$email.'&hash='.$hash;  
         mail( $to, $subject, $message_body );
         echo "<script type='text/javascript'> document.location = '../profile.php'; </script>";
-    } else {
+    } else { //if anything has gone wrongs
         $_SESSION['message'] = 'Błąd rejestracji!';
         echo "<script type='text/javascript'> document.location = '../error.php'; </script>";
     }

backend/resetBackend.php

@@ -1,15 +1,26 @@
 <?php
 require 'db.php';
 session_start();
+?>
+
+<!--
+  resetBackend.html
+  StockExperience
+
+  Edited by BinarySoftware on 07/03/2019.
+  Copyright ©2019 BinarySoftware/Maciej Mikołajek. All rights reserved.
+
+  Purpose: Backend part of forgot.php
+-->
+
+<?php
 // Make sure email and hash variables aren't empty
-if( isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash']) )
-{
+if( isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash']) ) {
     $email = $mysqli->escape_string($_GET['email']); 
     $hash = $mysqli->escape_string($_GET['hash']); 
-    // Make sure user email with matching hash exist
+    // Make sure user email with matching hash exist in db
     $result = $mysqli->query("SELECT * FROM users WHERE email='$email' AND hash='$hash'");
-    if ( $result->num_rows == 0 )
-    { 
+    if ( $result->num_rows == 0 ) { 
         $_SESSION['message'] = "Zły adres do wyzerowania hasła!";
         echo "<script type='text/javascript'> document.location = '../error.php'; </script>";
     }

backend/reset_password.php

@@ -1,7 +1,19 @@
 <?php
-/* Password reset process, updates database with new user password */
 require 'db.php';
 session_start();
+?>
+
+<!--
+  reset_password.html
+  StockExperience
+
+  Edited by BinarySoftware on 07/03/2019.
+  Copyright ©2019 BinarySoftware/Maciej Mikołajek. All rights reserved.
+
+  Purpose: Backend part of reset.php
+-->
+
+<?php
 // Make sure the form is being submitted with method="post"
 if ($_SERVER['REQUEST_METHOD'] == 'POST') { 
     // Make sure the two passwords match
@@ -15,8 +27,7 @@
         $_SESSION['message'] = "Hasło pomyślnie wyzerowane!";
         echo "<script type='text/javascript'> document.location = '../success.php'; </script>";
         }
-    }
-    else {
+    } else {
         $_SESSION['message'] = "Hasła się nie zgadzają!";
         echo "<script type='text/javascript'> document.location = '../error.php'; </script>";
     }