ready to deploy

application/config/config.php

@@ -326,6 +326,7 @@ $config['cache_query_string'] = FALSE;
 |
 */
 $config['encryption_key'] = 'femEDWTX$AQ@6HggkKn8RWGf!*ufK?KC';
+//femEDWTX$AQ@6HggkKn8RWGf!*ufK?KC
 
 /*
 |--------------------------------------------------------------------------
@@ -461,8 +462,13 @@ $config['csrf_protection'] = true;
 $config['csrf_token_name'] = 'csrf_test_name';
 $config['csrf_cookie_name'] = 'csrf_cookie_name';
 $config['csrf_expire'] = 7200;
-$config['csrf_regenerate'] = TRUE;
-$config['csrf_exclude_uris'] = array();
+$config['csrf_regenerate'] = false;
+$config['csrf_exclude_uris'] = array(
+	'cart/add_to_cart', 'cart/load_cart',
+	'home/products', 'cart/delete_product_from_cart', 'cart/increase_qty', 'cart/decrease_qty',
+	'auth/resetpassword'
+
+);
 
 /*
 |--------------------------------------------------------------------------

application/config/database.php

@@ -78,6 +78,9 @@ $db['default'] = array(
 	'hostname' => '104.199.82.156',
 	'username' => 'tetiana',
 	'password' => 'yaremko_tetiana',
+//	'hostname' => 'localhost',
+//	'username' => 'root',
+//	'password' => '',
 	'database' => 'mydb',
 	'dbdriver' => 'mysqli',
 	'dbprefix' => '',

application/config/routes.php

@@ -49,6 +49,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 | Examples:	my-controller/index	-> my_controller/index
 |		my-controller/my-method	-> my_controller/my_method
 */
-$route['default_controller'] = 'auth/login';
+$route['default_controller'] = 'welcome';
+//$route['default_controller'] = 'auth/login';
 $route['404_override'] = '';
 $route['translate_uri_dashes'] = FALSE;

application/controllers/Admin.php

@@ -49,7 +49,6 @@ class Admin extends CI_Controller {
 						}
 					}
 
-
 				$this->load->view('admin/aside');
 				$this->load->view('admin/add_product');
 			}
@@ -57,7 +56,6 @@ class Admin extends CI_Controller {
 
 
 			public function product_inventory() {
-
 				$this->load->model('Admin_model', 'admin');
 				$data=$this->admin->get_data();
 				$this->load->view('admin/aside');

application/controllers/Auth.php

 <?php
+defined('BASEPATH') OR exit('No direct script access allowed');
 
 class Auth extends CI_Controller
 {
@@ -6,6 +7,7 @@ class Auth extends CI_Controller
 	function __construct()
 	{
 		parent::__construct();
+
 	}
 
 	public function logged_in_check()
@@ -27,9 +29,12 @@ class Auth extends CI_Controller
 	{
 
 		$this->logged_in_check();
-		$this->form_validation->set_rules("email", "Email", "trim|required");
+
+
+		$this->form_validation->set_rules("email", "Email", "trim|required|valid_email");
 		$this->form_validation->set_rules("password", "Password", "trim|required");
 		if ($this->form_validation->run() == true) {
+
 			$this->load->model('auth_model', 'auth');
 			$this->load->model('Cart_model', 'cmodel');
 			$status = $this->auth->validate();
@@ -45,7 +50,6 @@ class Auth extends CI_Controller
 				$this->session->set_userdata($this->auth->get_data());
 				$this->session->set_userdata("logged_in", true);
 
-
 					$data=$this->cmodel->getAllFromCart();
 					$this->cmodel->set_user_cart($this->session->userdata('email'), $data);
 
@@ -91,6 +95,7 @@ class Auth extends CI_Controller
 	}
 
 	public function verify () {
+		require_once(APPPATH.'libraries/random.php');
 
 		$email=$this->input->get('email');
 		$token= $this->input->get('token');
@@ -118,6 +123,7 @@ class Auth extends CI_Controller
 	}
 
 	public function forgotPassword () {
+		require_once(APPPATH.'libraries/random.php');
 		$this->form_validation->set_rules("email", "Email", "trim|required");
 		if($this->form_validation->run() == false) {
 			$this->load->view('forgotPassword');
@@ -148,6 +154,7 @@ class Auth extends CI_Controller
 
 
 	public function resetPassword() {
+		require_once(APPPATH.'libraries/random.php');
 		$email =$this->input->get('email');
 		$token =$this->input->get('token');
 		$user = $this->db->get_where('users', array('email'=>$email))->row_array();

application/controllers/Cart.php

@@ -16,6 +16,8 @@ class Cart extends CI_Controller
 		} else {
 			$this->cmodel->add_to_cart($prod_id);
 		}
+
+
 		echo $this->show_cart();
 	}
 
@@ -23,9 +25,12 @@ class Cart extends CI_Controller
 		$this->cart->destroy();
 		$this->load->model('Cart_model', 'cmodel');
 		$data=$this->cmodel->getAllFromCart();
+		//$data['token'] = $this->security->get_csrf_hash();
 		if ($this->session->userdata("logged_in")) {
 			//$this->cmodel->set_user_cart($this->session->userdata('email'), $data);
 			$data=$this->cmodel->getAllFromUserCart($this->session->userdata('email'));
+			//$data['token'] = $this->security->get_csrf_hash();
+
 
 
 		}
@@ -84,9 +89,11 @@ class Cart extends CI_Controller
 
     				';
 		return $output;
+
 	}
 
 
+
 //load mini-cart
 	public function load_cart(){
 		echo $this->show_cart();

application/hooks/acl.php

@@ -9,8 +9,8 @@
 	$allowAll['auth']['register']=true;
 	$allowAll['auth']['forgotPassword']=true;
 	$allowAll['auth']['logout']=true;
-	$allowAll['auth']['resetPassword']=true;
-	$allowAll['auth']['changePassword']=true;
+	$allowAll['auth']['resetpassword']=true;
+	$allowAll['auth']['changepassword']=true;
 	$allowAll['auth']['verify'] =true;
 
 	$allowAll['home']['products']=true;

application/models/Auth_model.php

@@ -3,9 +3,11 @@
 class Auth_model extends CI_Model {
 
 	private $_data=array();
+
+
 	public function validate() {
-		$email =$this->input->post('email');
-		$password =md5($this->input->post('password'));
+		$email =$this->security->xss_clean($this->input->post('email'));
+		$password =$this->security->xss_clean(md5($this->input->post('password')));
 		$this->db->select('*');
 		$this->db->from('users');
 		$this->db->where('email', $email);
@@ -57,9 +59,9 @@ class Auth_model extends CI_Model {
 
 	public function updateEmail()
 	{
-		$new_email = $this->input->post('new_email');
-		$new_name = $this->input->post('new_name');
-		$new_surname = $this->input->post('new_surname');
+		$new_email = $this->security->xss_clean($this->input->post('new_email'));
+		$new_name = $this->security->xss_clean($this->input->post('new_name'));
+		$new_surname = $this->security->xss_clean($this->input->post('new_surname'));
 
 		$session_email = $this->session->userdata('email');
 		$user = $this->db->get_where('users', array('email' => $session_email));

application/models/Register_model.php

@@ -35,8 +35,8 @@ class Register_model extends CI_Model {
 		$config = array(
 			'protocol'=>'smtp',
 			'smtp_host'=>'ssl://smtp.googlemail.com',
-			'smtp_user'=>'tetiankayaremko@gmail.com',
-			'smtp_pass'=>'tetiana_yaremko1995',
+			'smtp_user'=>'tetianayaremko@gmail.com',
+			'smtp_pass'=>'55aKenuh',
 			'smtp_port'=> '465',
 			'mailtype'=> 'html',
 			'charset'=> 'iso-8859-1',

application/views/login1.php

@@ -40,14 +40,15 @@
 
 							<?php echo $error ? $error : 'Enter your username and password' ?>
 						</div>
+
 							<?php echo form_open(); ?>
-							<?php $error =form_error("email", "<p class='text-danger'>", '</p>');?>
+							<?php $error =form_error("email", "<small class='text-danger'>", '</small>');?>
 							<div class="form-group <?php echo $error ? 'has-error' : '' ?>">
 								<label for="email">Email</label>
 								<input type="email" value="<?php echo set_value("email") ?>" name="email"/>
 								<div class="input-error"> <?php echo $error; ?> </div>
 							</div>
-							<?php $error =form_error("password", "<p class='text-danger'>", '</p>');?>
+							<?php $error =form_error("password", "<small class='text-danger'>", '</small>');?>
 							<div class="form-group">
 								<label for="password">Password</label>
 								<input type="password"   name="password"/>

application/views/templates/home_t.php

@@ -97,11 +97,13 @@
 							<?php if($item->status=='sold'): ?>
 							<p class="sold-btn">Sold out</p>
 							<?php  else:  ?>
+
 							<button  class="cart-btn" id="<?php echo $item->id;?>" data-butnid="<?php echo $item->id;?>" data-productid="<?php echo $item->id;?>" data-productartist="<?php echo $item->artist;?>"
-									data-producttitle="<?php echo $item->title;?>" data-productprice="<?php echo $item->price;?>" data-productimage="<?php echo $item->image;?>">
+									data-producttitle="<?php echo $item->title;?>" data-productprice="<?php echo $item->price;?>" data-productimage="<?php echo $item->image;?>"  value="add to cart" >
 								<i class="fa fa-shopping-cart"></i>
 								Add to cart
 							</button>
+
 							<?php endif; ?>
 						</div>
 
@@ -137,6 +139,7 @@
 </div>
 		<script type="text/javascript">
 			 baseUrl = '<?php echo base_url(); ?>';
+			// csrf_value = '<?php echo $this->security->get_csrf_hash(); ?>';
 		</script>
 		<script src="<?php echo base_url(); ?>asset/js/scrypt.js"></script>
 <script src="<?php echo base_url(); ?>asset/js/jquery-3.3.1.min.js"></script>

asset/js/scrypt.js

@@ -31,10 +31,14 @@ $(document).ready(function() {
 			{
 				$('#detail-cart').html(data);
 			}
+
 		});
 	}
 
-	$('.cart-btn').click(function () {
+
+
+
+	$('.cart-btn').click(function (event) {
 		var product_id = $(this).data("productid");
 		var product_artist = $(this).data("productartist");
 		var product_title = $(this).data("producttitle");
@@ -47,10 +51,14 @@ $(document).ready(function() {
 				method : "POST",
 				data : {product_id: product_id, product_artist: product_artist, product_title: product_title, product_price: product_price, quantity:quantity, image:image},
 				success: function(data){
+					$('.cart-btn').val(data.token);
 					load_cart_data();
 					showCart();
+
 				},
 			});
+		//el.stopImmediatePropagation();
+
 			})