Update

2020-05-17 21:49:59 +01:00 · 2020-05-17 21:49:59 +01:00 · ce25d87c0b
commit ce25d87c0b
parent cb69e20e3b
10 changed files with 419 additions and 53 deletions
--- a/functions/index.js
+++ b/functions/index.js
@ -77,6 +77,28 @@ app.get('/search', function(request, responce){
 	}
 })

+app.get('/admin-review', async function(request, responce){
+	var dbRef = database.ref("/products")
+	if (request.query.authToken) {
+		let uid = await authCheck(request.query.authToken)
+		if (uid == "If84zSzRvlcCqRs0ZPJRpAcY1He2") {
+			dbRef.orderByChild("status").equalTo("pending").once('value', function(snapshot){
+				if (snapshot.exists()) {
+					let products = snapshot.val()
+					responce.render('admin-review.ejs', {products: products})
+				} else {
+					var products = {'x': {name: 'Nothing to review...',price: ''}}
+					responce.render('admin-review.ejs', {products: products})
+				}
+			})
+		} else {
+			responce.render('404.ejs')
+		}
+	} else {
+		responce.render('404.ejs')
+	}
+})
+
 app.get('/additmpage', function(request, responce){
 	responce.render('add-item.ejs')
 })
@ -217,7 +239,7 @@ app.get('/user-profile', function(request, responce){
 					name: user.fName + " " + user.lName,
 					location: user.address,
 					rating: "WIP",
-					startDate: "WIP",
+					memberSince: user.memberSince,
 					pPic: user.pPic
 				}
 				productsRef.orderByChild("owner").equalTo(user.UID).once('value', function(snapshot){
@ -234,9 +256,9 @@ app.get('/user-profile', function(request, responce){

 						if (Object.keys(filteredProducts).length > 1) {delete filteredProducts["0"]}

-						responce.render('user-profile.ejs', {userProducts:filteredProducts, user:userProfile})
+						responce.render('user-profile.ejs', {userProducts:filteredProducts, user:userProfile, userDBID:request.query.dbid})
 					} else {
-						responce.render('user-profile.ejs', {userProducts:[], user:userProfile})
+						responce.render('user-profile.ejs', {userProducts:[], user:userProfile, userDBID:request.query.dbid})
 					}
 				})
 				.catch(e => {
@ -276,13 +298,17 @@ app.post('/register-new-user-api', async function(request, responce){
 				let lName = rBody.data.lName
 				let address = rBody.data.address
 				let pPic = rBody.data.pPic
+				let today = new Date()
+				let month = today.toLocaleString('default', { month: 'long' })
+				let year = today.getFullYear()
 				let uData = {
 					fName:fName,
 					lName:lName,
 					UID:uid,
 					email:email,
 					address:address,
-					pPic:"x"
+					pPic:"x",
+					memberSince: month + " " + year
 				}
 				let usersRef = database.ref('/users')
 				let result = await usersRef.push(uData)
@ -305,6 +331,44 @@ app.post('/register-new-user-api', async function(request, responce){
 	}
 })

+app.post('/contact-api', async function(request, responce){
+	if (request.body.userDBID && request.body.authToken && request.body.usrMsg) {
+		let bMsg = request.body.usrMsg
+		let sellerDBID = request.body.userDBID
+		let uid = await authCheck(request.body.authToken)
+		if (uid) {
+			let usersRef = database.ref("/users")
+			snapshot = await usersRef.orderByChild("UID").equalTo(uid).once('value')
+			if (snapshot.exists()) {
+				let vals = snapshot.val()
+				let keys = Object.keys(vals)
+				let user = vals[keys[0]]
+				let userEmail = user.email
+				let userName = user.fName + ' ' + user.lName
+				let sellerRef = database.ref("/users/" + sellerDBID)
+				snapshot = await sellerRef.once('value')
+				if (snapshot.exists()) {
+					let seller = snapshot.val()
+					let sellerName = seller.fName
+					let sellerEmail = seller.email
+					let content = sellerMessageContentMaker(sellerName, userName, userEmail, bMsg)
+					let subject = 'New message!'
+					sendEmail(sellerEmail, subject, content)
+					responce.send({success:true, error:null})
+				} else {
+					responce.send({success:false, error:'User does not exist!'})
+				}
+			} else {
+				responce.send({success:false, error:'Unregistered user!'})
+			}
+		} else {
+			responce.send({success:false, error:'invalid auth token'})
+		}
+	} else {
+		responce.send({success:false, error:'invalid data'})
+	}
+})
+
 app.post('/request-api', async function(request, responce){
 	if (request.body.prodID && request.body.authToken && request.body.usrMsg) {
 		let bMsg = request.body.usrMsg
@ -333,7 +397,8 @@ app.post('/request-api', async function(request, responce){
 						let buyerName = buyer.fName + ' ' + buyer.lName
 						let buyerEmail = buyer.email
 						let content = contentMaker(sellerName, buyerName, buyerEmail, productName, pid, bMsg)
-						sendEmail(sellerEmail, content)
+						let subject = 'Someone\'s interested!'
+						sendEmail(sellerEmail, subject, content)
 						responce.send({success:true, error:null})
 					} else {
 						responce.send({success:false, error:'Unregistered user!'})
@ -362,7 +427,7 @@ app.post('/toggle-sale-api', async function(request, responce){
 			var snapshot = await productRef.once('value')
 			if (snapshot.exists()) {
 				let product = snapshot.val()
-				if (await verifyOwner(uid, productID) && product.status != "sold") {
+				if (await verifyOwner(uid, productID) && (product.status == "on-sale" || product.status == "off-sale")) {
 					let status = "x"
 					if (targetState == true) {
 						status = "on-sale"
@ -457,7 +522,30 @@ app.post('/shipping-adress-edit-api', function(request, responce){
 			})
 	}
 	else {
-		responce.send({error: 'invalid data'})
+		responce.send({success:false, error: 'invalid data'})
+	}
+})
+
+app.post('/product-ar-api', async function(request, responce){
+	if (request.body.authToken && request.body.prodID && (request.body.approved != null)) {
+		let uid = await authCheck(request.body.authToken)
+		if (uid == "If84zSzRvlcCqRs0ZPJRpAcY1He2") {
+			var productStatus = "rejected"
+			if (request.body.approved == true) {productStatus = "on-sale"}
+			productRef = database.ref("/products/" + request.body.prodID)
+			let snapshot = await productRef.once('value')
+			if (snapshot.exists()) {
+				productRef.update({status:productStatus})
+				.then(responce.send({success:true, error: null}))
+				.catch(e=>{responce.send({success:false, error: e})})
+			} else {
+				responce.send({success:false, error: 'Item does not exist'})
+			}
+		} else {
+			responce.send({success:false, error: 'Unauthorized'})
+		}
+	} else {
+		responce.send({success:false, error: 'invalid data'})
 	}
 })

@ -497,6 +585,7 @@ app.post('/new-product-api', async function(request, responce){
 				let image = request.body.image
 				let product = request.body.product
 				let imageName = image.name
+				product.status = "pending"
 				let newProductRef = database.ref('/products')
 				newProductRef.push(product).then(key => {
 					let productKey = key.key
@ -568,6 +657,11 @@ function contentMaker(sName, bName, bEmail, pName, pid, bMsg){
 	return text
 }

+function sellerMessageContentMaker(sName, bName, bEmail, bMsg){
+	let text = "Hi " + sName + "\n \n" + bName + " would like to send you a message.\n\nUser email: " + bEmail +"\n\nMessage:\n" + bMsg
+	return text
+}
+
 async function authCheck(token) {
 	let uid = false
 	decodedToken = await admin.auth().verifyIdToken(token).catch(e=>{console.log(e)})
@ -621,11 +715,11 @@ async function verifyOwner(uid, pid) {
 	}
 }

-function sendEmail(address, content){
+function sendEmail(address, subject, content){
 	var mailOptions = {
 		from: 'Project GG',
 		to: address,
-		subject: 'Someone\'s interested!',
+		subject: subject,
 		text: content
 	}
 	transporter.sendMail(mailOptions, function(error, info){
--- a/functions/views/admin-review.ejs
+++ b/functions/views/admin-review.ejs
@ -0,0 +1,23 @@
+<%- include("partials/header") %>
+
+			<div class="products">
+				<p>Search results:</p>
+				<div class="my-products-container">
+					<% var keys = Object.keys(products) %>
+					<% keys.forEach(function(key){ %>
+					<div class="my-product-container" id="<%= key%>">
+						<img class="dyn-img" onclick={window.location.replace('product?productid=<%=key%>')} title="<%= products[key].img %>" alt="img" src="media/var.png">
+						<div class="my-product-details-container">
+							<p class="top-a"><%= products[key].name%></p>
+							<p class="middle-top-a">£ <%= products[key].price%></p>
+							<p class="middle-bottom-a"><button onclick={sendApprove('<%= key%>')} class="admin-approve" id="admin-approve-btn">Approve</button></p>
+							<p class="bottom-a"><button onclick={sendReject('<%= key%>')} class="admin-reject" id="admin-reject-btn">Reject</button></p>
+						</div>
+					</div>
+                    <% }) %>
+				</div>
+			</div>
+			<div class="space"></div>
+		</div>
+	</main>
+<%- include("partials/footer") %>
--- a/functions/views/css/style.css
+++ b/functions/views/css/style.css
@ -846,6 +846,65 @@ input:focus, textarea:focus, select:focus{
 	width: 100%;
 	height: 100%;
 }
+
+.admin-approve {
+	height: 33px;
+	width: 120px;
+	display: block;
+	font-size: 19px;
+	font-family: osl;
+	box-shadow: 0px 2px 3px #A5A5A5;
+	margin-bottom: 0;
+	margin-top: -13px;
+	border-radius: 0;
+	border: none;
+	background-color: #52FF5B;
+	transition: 0.3s;
+}
+.admin-approve:hover {
+	background-color: aqua;
+}
+.admin-approve:active {
+	background-color: whitesmoke;
+	transition: 0.1s;
+}
+
+.admin-reject {
+	height: 33px;
+	width: 120px;
+	display: block;
+	font-size: 19px;
+	font-family: osl;
+	box-shadow: 0px 2px 3px #A5A5A5;
+	margin-bottom: 0;
+	margin-top: -13px;
+	border-radius: 0;
+	border: none;
+	background-color: #F43030;
+	transition: 0.3s;
+}
+.admin-reject:hover {
+	background-color: violet;
+}
+.admin-reject:active {
+	background-color: black;
+	color: white;
+	transition: 0.1s;
+}
+
+.top-a {
+	padding-top: 5px;
+}
+.middle-top-a {
+	padding-top: 20px;
+}
+.middle-bottom-a {
+	padding-top: 20px;
+}
+.bottom-a {
+	padding-top: 20px;
+}
+
 /* DARK MODE SUPPORT: */
 /* @media (prefers-color-scheme: dark) {
 	body, .page, main, .navbar {
--- a/functions/views/js/fAuth.js
+++ b/functions/views/js/fAuth.js
@ -1 +1 @@
-function checkAuth(){firebase.auth().onAuthStateChanged(function(e){if(e){try{document.getElementById("uname-dom").innerHTML="Loading..."}catch(e){}firebase.auth().currentUser.getIdToken().then(function(e){let t={uToken:e},n={method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json"}};fetch("login-user-api",n).then(e=>e.json()).then(function(e){if(1==e.success)if(e.registered)document.getElementById("uname-dom").innerHTML="Hello, "+e.name;else{try{document.getElementById("uname-dom").innerHTML="Unregistered!",document.getElementById("notifications").innerHTML="🔔 | Register your account",document.getElementById("notifications").setAttribute("href","registration"),document.getElementById("notifications").setAttribute("style","color: red;")}catch(e){}"registration"!=window.location.href.split("/").pop()&&window.location.replace("registration")}else console.log(e.error),document.getElementById("notifications").innerHTML="🔔 | What the fuck just happened.....",document.getElementById("notifications").setAttribute("style","color: pink;")})});try{document.getElementById("uname-field").setAttribute("style","display: block;"),document.getElementById("login-field").setAttribute("style","display: none;"),document.getElementById("uname-field").setAttribute("style","display: block;"),document.getElementById("login-field").setAttribute("style","display: none;")}catch(e){}try{document.getElementById("uAuthMsg").setAttribute("style","display: none;")}catch(e){}try{document.getElementById("authField").setAttribute("style","display: block;")}catch(e){}}else{document.getElementById("uname-field").setAttribute("style","display: none;"),document.getElementById("login-field").setAttribute("style","display: block;"),document.getElementById("uname-dom").innerHTML="Unregistered";try{document.getElementById("uAuthMsg").setAttribute("style","display: block;")}catch(e){}try{document.getElementById("authField").setAttribute("style","display: none;")}catch(e){}}})}function signinwithgoogle(){var e=new firebase.auth.GoogleAuthProvider;firebase.auth().signInWithPopup(e).then(function(e){console.log("User signed in...")}).catch(function(e){console.log(e)})}function signinwithfb(){var e=new firebase.auth.FacebookAuthProvider;firebase.auth().signInWithPopup(e).then(function(e){console.log("User signed in...")}).catch(function(e){console.log(e)})}function signinwithemail(){const e=document.getElementById("fuid"),t=document.getElementById("fpwd");var n=e.value,i=t.value;firebase.auth().signInWithEmailAndPassword(n,i).catch(e=>console.log(e.message)).then(function(n){t.value="",e.value=""})}function signout(){firebase.auth().signOut(),window.location.replace("home")}checkAuth();try{var pwField=document.getElementById("fpwd");pwField.addEventListener("keyup",function(e){13===e.keyCode&&(e.preventDefault(),document.getElementById("blogin").click())})}catch(e){}
+function checkAuth(){firebase.auth().onAuthStateChanged(function(e){if(e){if("dev@dev.dev"==e.email)try{document.getElementById("admin").setAttribute("style","display: block;")}catch(e){}try{document.getElementById("uname-dom").innerHTML="Loading..."}catch(e){}firebase.auth().currentUser.getIdToken().then(function(e){let t={uToken:e},n={method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json"}};fetch("login-user-api",n).then(e=>e.json()).then(function(e){if(1==e.success)if(e.registered)document.getElementById("uname-dom").innerHTML="Hello, "+e.name;else{try{document.getElementById("uname-dom").innerHTML="Unregistered!",document.getElementById("notifications").innerHTML="🔔 | Register your account",document.getElementById("notifications").setAttribute("href","registration"),document.getElementById("notifications").setAttribute("style","color: red;")}catch(e){}"registration"!=window.location.href.split("/").pop()&&window.location.replace("registration")}else console.log(e.error),document.getElementById("notifications").innerHTML="🔔 | What the fuck just happened.....",document.getElementById("notifications").setAttribute("style","color: pink;")})});try{document.getElementById("uname-field").setAttribute("style","display: block;"),document.getElementById("login-field").setAttribute("style","display: none;"),document.getElementById("uname-field").setAttribute("style","display: block;"),document.getElementById("login-field").setAttribute("style","display: none;")}catch(e){}try{document.getElementById("uAuthMsg").setAttribute("style","display: none;")}catch(e){}try{document.getElementById("authField").setAttribute("style","display: block;")}catch(e){}}else{document.getElementById("uname-field").setAttribute("style","display: none;"),document.getElementById("login-field").setAttribute("style","display: block;"),document.getElementById("uname-dom").innerHTML="Unregistered";try{document.getElementById("uAuthMsg").setAttribute("style","display: block;")}catch(e){}try{document.getElementById("authField").setAttribute("style","display: none;")}catch(e){}}})}function admin_review(){firebase.auth().currentUser.getIdToken().then(function(e){window.location.replace("admin-review?authToken="+e)})}function signinwithgoogle(){var e=new firebase.auth.GoogleAuthProvider;firebase.auth().signInWithPopup(e).then(function(e){console.log("User signed in...")}).catch(function(e){console.log(e)})}function signinwithfb(){var e=new firebase.auth.FacebookAuthProvider;firebase.auth().signInWithPopup(e).then(function(e){console.log("User signed in...")}).catch(function(e){console.log(e)})}function signinwithemail(){const e=document.getElementById("fuid"),t=document.getElementById("fpwd");var n=e.value,i=t.value;firebase.auth().signInWithEmailAndPassword(n,i).catch(e=>console.log(e.message)).then(function(n){t.value="",e.value=""})}function signout(){firebase.auth().signOut(),window.location.replace("home")}checkAuth();try{var pwField=document.getElementById("fpwd");pwField.addEventListener("keyup",function(e){13===e.keyCode&&(e.preventDefault(),document.getElementById("blogin").click())})}catch(e){}
--- a/functions/views/js/fAuth.src.js
+++ b/functions/views/js/fAuth.src.js
@ -1,6 +1,12 @@
 function checkAuth(){
 	firebase.auth().onAuthStateChanged(function(user){
 		if (user) {
+			if (user.email == "dev@dev.dev") {
+				try {
+					document.getElementById('admin').setAttribute('style', 'display: block;')
+				}
+				catch(error){}
+			}

 			try {document.getElementById('uname-dom').innerHTML = "Loading..."}
 			catch(error){}
@ -62,6 +68,12 @@ function checkAuth(){

 checkAuth()

+function admin_review() {
+	firebase.auth().currentUser.getIdToken().then(function(idToken) {
+		window.location.replace("admin-review?authToken="+idToken)
+	})
+}
+

 function signinwithgoogle(){
 	var googleAuthProvider = new firebase.auth.GoogleAuthProvider()
--- a/functions/views/js/fdb.js
+++ b/functions/views/js/fdb.js
--- a/functions/views/js/fdb.src.js
+++ b/functions/views/js/fdb.src.js
@ -15,7 +15,7 @@ async function productSubmitEventHandler(){
 			submitBtn.innerHTML = "Uploading..."
 			submitBtn.disabled = true

-			let newProduct = {id: 1,name: "",desc: "",img: "default.png",location: "",stock: 1,status: "on-sale",price: 0,owner: "",holder: ""}
+			let newProduct = {id: 1,name: "",desc: "",img: "default.png",location: "",stock: 1,status: "pending",price: 0,owner: "",holder: ""}

 			const nameField = document.getElementById('pName')
 			const descField = document.getElementById('pDesc')
@ -70,7 +70,7 @@ async function productSubmitEventHandler(){
 				})
 			})
 		} else {
-			document.getElementById("api-response").innerHTML = "Fill in all required fields!"
+			document.getElementById("api-response").innerHTML = "Fill in all required fields! (try readding the image)"
 			document.getElementById("api-response").setAttribute("style", "display: block")
 		}
 	} else {
@ -232,38 +232,46 @@ function toggle_sale() {
 }

 function mark_as_sold(){
-	firebase.auth().currentUser.getIdToken().then(function(idToken) {
-		let item_id = document.getElementById("productID").getAttribute("product_id")
-		let sold_btn = document.getElementById("soldBtn")
-		const url = 'sold-api'
-		let data = {prodID: item_id, authToken: idToken}
-		let postData = { method: 'POST', body: JSON.stringify(data), headers: {'Content-Type': 'application/json'}}
-		fetch(url, postData)
-		.then(response => response.json())
-		.then(function(result){
-			if (result.success == true) {
-				sold_btn.setAttribute("style", "background: #00DD00; width:200px;")
-				sold_btn.innerHTML = "Sold!"
-				sold_btn.disabled = true
-				let sale_button = document.getElementById("toggleSaleBtn")
-				let edit_button = document.getElementById("editBtn")
-				sale_button.disabled = true
-				edit_button.disabled = true
-			}
-			else {
+	let sold_btn = document.getElementById("soldBtn")
+	if (sold_btn.innerHTML == "Mark Sold") {
+		sold_btn.innerHTML = "Confirm?"
+		sold_btn.setAttribute('style', 'background:white;')
+	} else if (sold_btn.innerHTML == "Confirm?") {
+		firebase.auth().currentUser.getIdToken().then(function(idToken) {
+			let item_id = document.getElementById("productID").getAttribute("product_id")
+			const url = 'sold-api'
+			let data = {prodID: item_id, authToken: idToken}
+			let postData = { method: 'POST', body: JSON.stringify(data), headers: {'Content-Type': 'application/json'}}
+			fetch(url, postData)
+			.then(response => response.json())
+			.then(function(result){
+				if (result.success == true) {
+					sold_btn.setAttribute("style", "background: #00DD00; width:200px;")
+					sold_btn.innerHTML = "Sold!"
+					sold_btn.disabled = false
+					let sale_button = document.getElementById("toggleSaleBtn")
+					let edit_button = document.getElementById("editBtn")
+					sale_button.disabled = true
+					edit_button.disabled = true
+				}
+				else {
+					sold_btn.setAttribute("style", "background: red;")
+					sold_btn.innerHTML = "ERROR"
+					document.getElementById("api-response").innerHTML = "Error: " + e
+					document.getElementById("api-response").setAttribute("style", "display: block")
+				}
+			})
+			.catch (e=>{
 				sold_btn.setAttribute("style", "background: red;")
 				sold_btn.innerHTML = "ERROR"
 				document.getElementById("api-response").innerHTML = "Error: " + e
 				document.getElementById("api-response").setAttribute("style", "display: block")
-			}
+			})
 		})
-		.catch (e=>{
-			sold_btn.setAttribute("style", "background: red;")
-			sold_btn.innerHTML = "ERROR"
-			document.getElementById("api-response").innerHTML = "Error: " + e
-			document.getElementById("api-response").setAttribute("style", "display: block")
-		})
-	})
+	} else {
+		window.location.replace('home')
+	}
+	
 }

 function my_product(productID) {
@ -400,6 +408,33 @@ function u_r_submit(){
 	}
 }

+function sendApprove(key) {
+	sendAR(true, key)
+}
+
+function sendReject(key) {
+	sendAR(false, key)
+}
+
+function sendAR(approved, prodID) { 
+	let prodElement = document.getElementById(prodID)
+	firebase.auth().currentUser.getIdToken().then(function(idToken){
+		let url = 'product-ar-api'
+		let data = {authToken: idToken, prodID: prodID, approved:approved}
+		let postData = {method: 'POST', body: JSON.stringify(data),headers: {'Content-Type': 'application/json'}}
+		fetch(url, postData)
+		.then(response => response.json())
+		.then(function(result){
+			if (result.success) {
+				prodElement.setAttribute('style', 'display:none;')
+			} else {
+				prodElement.setAttribute('style', 'background:red; transition:0.3s;')
+				console.log(result.error)
+			}
+		})
+	})
+}
+
 function initFileDropListner() {
 	let dropZone = document.getElementById("dropzone")
 	if (dropZone) {
@ -447,9 +482,52 @@ function fileAddSequence(file){

 function contactSeller() {
 	const cBtn = document.getElementById('contact-btn')
-	cBtn.innerHTML = "Unsupported, contact through product listing"
-	cBtn.setAttribute('style', "width:410px; transition: 0.7s; background:#FFAAAA; color:gray;")
-	cBtn.disabled = true
+	const bMessage = document.getElementById('sMsg')
+	if (cBtn.innerHTML == "Contact") {
+		if (firebase.auth().currentUser) {
+			cBtn.setAttribute("style", "background: #87e5ff; width:410px;")
+			cBtn.innerHTML = "Send?"
+			bMessage.setAttribute('style', 'display: block;')
+		} else {
+			cBtn.innerHTML = "Please sign in"
+			cBtn.setAttribute("style", "background: #FFa5af; width:300px;")
+		}
+	}
+	else if (cBtn.innerHTML == "Send?") {
+		if (firebase.auth().currentUser) {
+			firebase.auth().currentUser.getIdToken().then(function(idToken) {
+				cBtn.innerHTML = "Sending..."
+				cBtn.disabled = true
+				let userMessage = bMessage.value
+				let user_dbid = document.getElementById("userDBID").getAttribute("user_dbid")
+				const url = 'contact-api'
+				let data = {userDBID: user_dbid, authToken: idToken, usrMsg: userMessage}
+				let postData = {method: 'POST', body: JSON.stringify(data), headers: {'Content-Type': 'application/json'}}
+				fetch(url, postData)
+				.then(response => response.json())
+				.then(function(result){
+					console.log(result)
+					if (result.success == true) {
+						cBtn.setAttribute("style", "background: #00DD00; width:410px; transition: 0.7s;")
+						cBtn.innerHTML = "Done! Go Home"
+						cBtn.disabled = false
+					}
+					else {
+						cBtn.setAttribute("style", "background: red;")
+						cBtn.disabled = true
+						cBtn.innerHTML = "ERROR"
+						document.getElementById("api-response").innerHTML = "Error: " + result.error
+						document.getElementById("api-response").setAttribute("style", "display: block")
+					}
+				})
+			})
+		} else {
+			reqBtn.innerHTML = "Please sign in"
+		}
+	}
+	else {
+		window.location.replace('home')
+	}
 }

 try {
--- a/functions/views/partials/header.ejs
+++ b/functions/views/partials/header.ejs
@ -38,6 +38,11 @@
 					</div>
 				</div>
 				<div class="user-info">
+					<div>
+						<a href="javascript:;" onclick="admin_review()" class="notifications" id="admin" style="display: none;">
+							🔑
+						</a>
+					</div>
 					<div>
 						<a href="#" class="notifications" id="notifications">
 							&#x1F514; | <%= 0%>
--- a/functions/views/user-profile.ejs
+++ b/functions/views/user-profile.ejs
@ -1,11 +1,12 @@
 <%- include("partials/header") %>
            <div id="api-response" class="purchase-message" style="display: none;color: #DD0000"></div>
+            <div id="userDBID" style="display: none;" user_dbid="<%= userDBID%>"></div>
 			<div class="product-page-container">
 				<div class="product-page-info-container">
 					<div class="product-page-img"><img class="dyn-img" src="media/noimage.png" title="<%= user.pPic %>"></div>
 					<div class="product-page-info">			
 						<h2><%= user.name %> </h2>
-						<p>Member since <%= user.startDate %></p>
+						<p>Member since <%= user.memberSince %></p>
 						<p>Location: <%= user.location %></p>
 						<p>Rating: <%= user.rating %></p>
 						<p></p>
--- a/server.js
+++ b/server.js
@ -75,6 +75,28 @@ app.get('/search', function(request, responce){
 	}
 })

+app.get('/admin-review', async function(request, responce){
+	var dbRef = database.ref("/products")
+	if (request.query.authToken) {
+		let uid = await authCheck(request.query.authToken)
+		if (uid == "If84zSzRvlcCqRs0ZPJRpAcY1He2") {
+			dbRef.orderByChild("status").equalTo("pending").once('value', function(snapshot){
+				if (snapshot.exists()) {
+					let products = snapshot.val()
+					responce.render('admin-review.ejs', {products: products})
+				} else {
+					var products = {'x': {name: 'Nothing to review...',price: ''}}
+					responce.render('admin-review.ejs', {products: products})
+				}
+			})
+		} else {
+			responce.render('404.ejs')
+		}
+	} else {
+		responce.render('404.ejs')
+	}
+})
+
 app.get('/additmpage', function(request, responce){
 	responce.render('add-item.ejs')
 })
@ -215,7 +237,7 @@ app.get('/user-profile', function(request, responce){
 					name: user.fName + " " + user.lName,
 					location: user.address,
 					rating: "WIP",
-					startDate: "WIP",
+					memberSince: user.memberSince,
 					pPic: user.pPic
 				}
 				productsRef.orderByChild("owner").equalTo(user.UID).once('value', function(snapshot){
@ -232,9 +254,9 @@ app.get('/user-profile', function(request, responce){

 						if (Object.keys(filteredProducts).length > 1) {delete filteredProducts["0"]}

-						responce.render('user-profile.ejs', {userProducts:filteredProducts, user:userProfile})
+						responce.render('user-profile.ejs', {userProducts:filteredProducts, user:userProfile, userDBID:request.query.dbid})
 					} else {
-						responce.render('user-profile.ejs', {userProducts:[], user:userProfile})
+						responce.render('user-profile.ejs', {userProducts:[], user:userProfile, userDBID:request.query.dbid})
 					}
 				})
 				.catch(e => {
@ -274,13 +296,17 @@ app.post('/register-new-user-api', async function(request, responce){
 				let lName = rBody.data.lName
 				let address = rBody.data.address
 				let pPic = rBody.data.pPic
+				let today = new Date()
+				let month = today.toLocaleString('default', { month: 'long' })
+				let year = today.getFullYear()
 				let uData = {
 					fName:fName,
 					lName:lName,
 					UID:uid,
 					email:email,
 					address:address,
-					pPic:"x"
+					pPic:"x",
+					memberSince: month + " " + year
 				}
 				let usersRef = database.ref('/users')
 				let result = await usersRef.push(uData)
@ -303,6 +329,44 @@ app.post('/register-new-user-api', async function(request, responce){
 	}
 })

+app.post('/contact-api', async function(request, responce){
+	if (request.body.userDBID && request.body.authToken && request.body.usrMsg) {
+		let bMsg = request.body.usrMsg
+		let sellerDBID = request.body.userDBID
+		let uid = await authCheck(request.body.authToken)
+		if (uid) {
+			let usersRef = database.ref("/users")
+			snapshot = await usersRef.orderByChild("UID").equalTo(uid).once('value')
+			if (snapshot.exists()) {
+				let vals = snapshot.val()
+				let keys = Object.keys(vals)
+				let user = vals[keys[0]]
+				let userEmail = user.email
+				let userName = user.fName + ' ' + user.lName
+				let sellerRef = database.ref("/users/" + sellerDBID)
+				snapshot = await sellerRef.once('value')
+				if (snapshot.exists()) {
+					let seller = snapshot.val()
+					let sellerName = seller.fName
+					let sellerEmail = seller.email
+					let content = sellerMessageContentMaker(sellerName, userName, userEmail, bMsg)
+					let subject = 'New message!'
+					sendEmail(sellerEmail, subject, content)
+					responce.send({success:true, error:null})
+				} else {
+					responce.send({success:false, error:'User does not exist!'})
+				}
+			} else {
+				responce.send({success:false, error:'Unregistered user!'})
+			}
+		} else {
+			responce.send({success:false, error:'invalid auth token'})
+		}
+	} else {
+		responce.send({success:false, error:'invalid data'})
+	}
+})
+
 app.post('/request-api', async function(request, responce){
 	if (request.body.prodID && request.body.authToken && request.body.usrMsg) {
 		let bMsg = request.body.usrMsg
@ -331,7 +395,8 @@ app.post('/request-api', async function(request, responce){
 						let buyerName = buyer.fName + ' ' + buyer.lName
 						let buyerEmail = buyer.email
 						let content = contentMaker(sellerName, buyerName, buyerEmail, productName, pid, bMsg)
-						sendEmail(sellerEmail, content)
+						let subject = 'Someone\'s interested!'
+						sendEmail(sellerEmail, subject, content)
 						responce.send({success:true, error:null})
 					} else {
 						responce.send({success:false, error:'Unregistered user!'})
@ -360,7 +425,7 @@ app.post('/toggle-sale-api', async function(request, responce){
 			var snapshot = await productRef.once('value')
 			if (snapshot.exists()) {
 				let product = snapshot.val()
-				if (await verifyOwner(uid, productID) && product.status != "sold") {
+				if (await verifyOwner(uid, productID) && (product.status == "on-sale" || product.status == "off-sale")) {
 					let status = "x"
 					if (targetState == true) {
 						status = "on-sale"
@ -455,7 +520,30 @@ app.post('/shipping-adress-edit-api', function(request, responce){
 			})
 	}
 	else {
-		responce.send({error: 'invalid data'})
+		responce.send({success:false, error: 'invalid data'})
+	}
+})
+
+app.post('/product-ar-api', async function(request, responce){
+	if (request.body.authToken && request.body.prodID && (request.body.approved != null)) {
+		let uid = await authCheck(request.body.authToken)
+		if (uid == "If84zSzRvlcCqRs0ZPJRpAcY1He2") {
+			var productStatus = "rejected"
+			if (request.body.approved == true) {productStatus = "on-sale"}
+			productRef = database.ref("/products/" + request.body.prodID)
+			let snapshot = await productRef.once('value')
+			if (snapshot.exists()) {
+				productRef.update({status:productStatus})
+				.then(responce.send({success:true, error: null}))
+				.catch(e=>{responce.send({success:false, error: e})})
+			} else {
+				responce.send({success:false, error: 'Item does not exist'})
+			}
+		} else {
+			responce.send({success:false, error: 'Unauthorized'})
+		}
+	} else {
+		responce.send({success:false, error: 'invalid data'})
 	}
 })

@ -495,6 +583,7 @@ app.post('/new-product-api', async function(request, responce){
 				let image = request.body.image
 				let product = request.body.product
 				let imageName = image.name
+				product.status = "pending"
 				let newProductRef = database.ref('/products')
 				newProductRef.push(product).then(key => {
 					let productKey = key.key
@ -566,6 +655,11 @@ function contentMaker(sName, bName, bEmail, pName, pid, bMsg){
 	return text
 }

+function sellerMessageContentMaker(sName, bName, bEmail, bMsg){
+	let text = "Hi " + sName + "\n \n" + bName + " would like to send you a message.\n\nUser email: " + bEmail +"\n\nMessage:\n" + bMsg
+	return text
+}
+
 async function authCheck(token) {
 	let uid = false
 	decodedToken = await admin.auth().verifyIdToken(token).catch(e=>{console.log(e)})
@ -619,11 +713,11 @@ async function verifyOwner(uid, pid) {
 	}
 }

-function sendEmail(address, content){
+function sendEmail(address, subject, content){
 	var mailOptions = {
 		from: 'Project GG',
 		to: address,
-		subject: 'Someone\'s interested!',
+		subject: subject,
 		text: content
 	}
 	transporter.sendMail(mailOptions, function(error, info){