From 79aa26cf529ce7df4bb79d611b363523dd0bb799 Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Thu, 11 Dec 2025 19:31:10 +0000
Subject: [PATCH] 1.3

---
 dashboard.php   |   3 +-
 delete_item.php |  41 +++++++++++++
 edit_item.php   | 150 ++++++++++++++++++++++++++++++++++++++++++++++++
 my_listings.php | 106 ++++++++++++++++++++++++++++++++++
 4 files changed, 299 insertions(+), 1 deletion(-)
 create mode 100644 delete_item.php
 create mode 100644 edit_item.php
 create mode 100644 my_listings.php

diff --git a/dashboard.php b/dashboard.php
index dced25f..aadeca6 100644
--- a/dashboard.php
+++ b/dashboard.php
@@ -43,7 +43,8 @@ if ($user_role === 'user') {
                     <p>Welcome to your RentEase dashboard.</p>
                     <p>Your role is: <strong><?php echo htmlspecialchars($user_role); ?></strong></p>
                     <?php if ($user_role === 'vendor'): ?>
-                        <a href="add_item.php" class="btn btn-primary mb-3">Add New Item</a>
+                        <a href="add_item.php" class="btn btn-primary mb-3 me-2">Add New Item</a>
+                        <a href="my_listings.php" class="btn btn-info mb-3">My Listings</a>
                     <?php endif; ?>
 
                     <hr>
diff --git a/delete_item.php b/delete_item.php
new file mode 100644
index 0000000..f6c7734
--- /dev/null
+++ b/delete_item.php
@@ -0,0 +1,41 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+// Ensure user is logged in and is a vendor
+if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'vendor') {
+    header("Location: login.php");
+    exit();
+}
+
+$vendor_id = $_SESSION['user_id'];
+$item_id = $_GET['id'] ?? null;
+
+$pdo = db();
+
+if ($item_id) {
+    try {
+        // Verify ownership before deleting
+        $stmt = $pdo->prepare("SELECT id FROM items WHERE id = ? AND owner_id = ?");
+        $stmt->execute([$item_id, $vendor_id]);
+        $item = $stmt->fetch();
+
+        if ($item) {
+            // Item belongs to the vendor, proceed with deletion
+            $stmt = $pdo->prepare("DELETE FROM items WHERE id = ? AND owner_id = ?");
+            $stmt->execute([$item_id, $vendor_id]);
+
+            $_SESSION['success_message'] = "Item deleted successfully!";
+        } else {
+            $_SESSION['error_message'] = "Item not found or you don't have permission to delete it.";
+        }
+    } catch (PDOException $e) {
+        $_SESSION['error_message'] = "Database error: " . $e->getMessage();
+    }
+} else {
+    $_SESSION['error_message'] = "No item ID provided.";
+}
+
+header("Location: my_listings.php");
+exit();
+?>
diff --git a/edit_item.php b/edit_item.php
new file mode 100644
index 0000000..5773f4e
--- /dev/null
+++ b/edit_item.php
@@ -0,0 +1,150 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+// Ensure user is logged in and is a vendor
+if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'vendor') {
+    header("Location: login.php");
+    exit();
+}
+
+$vendor_id = $_SESSION['user_id'];
+$item_id = $_GET['id'] ?? null;
+$item = null;
+$errors = [];
+$success_message = "";
+
+$pdo = db();
+
+// Fetch item details if ID is provided
+if ($item_id) {
+    $stmt = $pdo->prepare("SELECT * FROM items WHERE id = ? AND owner_id = ?");
+    $stmt->execute([$item_id, $vendor_id]);
+    $item = $stmt->fetch();
+
+    if (!$item) {
+        $errors[] = "Item not found or you don't have permission to edit it.";
+        $item_id = null; // Invalidate item_id if not found or unauthorized
+    }
+} else {
+    $errors[] = "No item ID provided.";
+}
+
+// Handle form submission for updating the item
+if ($_SERVER["REQUEST_METHOD"] == "POST" && $item_id) {
+    $name = trim($_POST['name']);
+    $description = trim($_POST['description']);
+    $price_per_day = trim($_POST['price_per_day']);
+    $location = trim($_POST['location']);
+    $image_url = trim($_POST['image_url']);
+
+    if (empty($name)) {
+        $errors[] = "Item name is required.";
+    }
+    if (empty($price_per_day) || !is_numeric($price_per_day)) {
+        $errors[] = "A valid price is required.";
+    }
+    if (empty($location)) {
+        $errors[] = "Location is required.";
+    }
+
+    if (empty($errors)) {
+        try {
+            $sql = "UPDATE items SET name = :name, description = :description, price_per_day = :price_per_day, location = :location, image_url = :image_url WHERE id = :id AND owner_id = :owner_id";
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute([
+                ':name' => $name,
+                ':description' => $description,
+                ':price_per_day' => $price_per_day,
+                ':location' => $location,
+                ':image_url' => $image_url,
+                ':id' => $item_id,
+                ':owner_id' => $vendor_id
+            ]);
+            $success_message = "Item updated successfully!";
+            // Refresh item data after update
+            $stmt = $pdo->prepare("SELECT * FROM items WHERE id = ? AND owner_id = ?");
+            $stmt->execute([$item_id, $vendor_id]);
+            $item = $stmt->fetch();
+
+        } catch (PDOException $e) {
+            $errors[] = "Database error: " . $e->getMessage();
+        }
+    }
+}
+
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Edit Item - RentEase</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="assets/css/custom.css">
+</head>
+<body>
+
+    <?php include 'header.php'; ?>
+
+    <div class="container mt-5">
+        <div class="row justify-content-center">
+            <div class="col-md-8">
+                <div class="card">
+                    <div class="card-header">
+                        <h2>Edit Rental Item</h2>
+                    </div>
+                    <div class="card-body">
+                        <?php if (!empty($errors)): ?>
+                            <div class="alert alert-danger">
+                                <?php foreach ($errors as $error): ?>
+                                    <p><?php echo htmlspecialchars($error); ?></p>
+                                <?php endforeach; ?>
+                            </div>
+                        <?php endif; ?>
+                        <?php if (!empty($success_message)): ?>
+                            <div class="alert alert-success">
+                                <?php echo htmlspecialchars($success_message); ?>
+                            </div>
+                        <?php endif; ?>
+
+                        <?php if ($item): ?>
+                            <form action="edit_item.php?id=<?php echo htmlspecialchars($item['id']); ?>" method="post">
+                                <div class="mb-3">
+                                    <label for="name" class="form-label">Item Name</label>
+                                    <input type="text" class="form-control" id="name" name="name" value="<?php echo htmlspecialchars($item['name']); ?>" required>
+                                </div>
+                                <div class="mb-3">
+                                    <label for="description" class="form-label">Description</label>
+                                    <textarea class="form-control" id="description" name="description" rows="3"><?php echo htmlspecialchars($item['description']); ?></textarea>
+                                </div>
+                                <div class="mb-3">
+                                    <label for="price_per_day" class="form-label">Price per Day ($)</label>
+                                    <input type="number" class="form-control" id="price_per_day" name="price_per_day" step="0.01" value="<?php echo htmlspecialchars($item['price_per_day']); ?>" required>
+                                </div>
+                                <div class="mb-3">
+                                    <label for="location" class="form-label">Location (e.g., City, State)</label>
+                                    <input type="text" class="form-control" id="location" name="location" value="<?php echo htmlspecialchars($item['location']); ?>" required>
+                                </div>
+                                <div class="mb-3">
+                                    <label for="image_url" class="form-label">Image URL</label>
+                                    <input type="text" class="form-control" id="image_url" name="image_url" value="<?php echo htmlspecialchars($item['image_url'] ?? ''); ?>">
+                                </div>
+                                <button type="submit" class="btn btn-primary">Update Item</button>
+                                <a href="my_listings.php" class="btn btn-secondary">Cancel</a>
+                            </form>
+                        <?php else: ?>
+                            <p>Unable to load item for editing.</p>
+                            <a href="my_listings.php" class="btn btn-primary">Back to My Listings</a>
+                        <?php endif; ?>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <?php include 'footer.php'; ?>
+
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
+</body>
+</html>
diff --git a/my_listings.php b/my_listings.php
new file mode 100644
index 0000000..50fa0cc
--- /dev/null
+++ b/my_listings.php
@@ -0,0 +1,106 @@
+<?php
+session_start();
+
+require_once 'db/config.php'; // Include the database configuration
+
+// If user is not logged in or not a vendor, redirect
+if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'vendor') {
+    header("Location: login.php"); // Redirect to login or a suitable page
+    exit;
+}
+
+$user_id = $_SESSION['user_id'];
+$user_name = $_SESSION['user_name'];
+
+$pdo = db(); // Get the PDO connection
+
+$items = []; // Initialize an empty array to hold items
+
+// Fetch items listed by the current vendor
+    $query = "SELECT * FROM items WHERE owner_id = ?";
+    $params = [$user_id];
+
+    if (isset($_GET['search']) && !empty($_GET['search'])) {
+        $searchTerm = '%' . $_GET['search'] . '%';
+        $query .= " AND (name LIKE ? OR description LIKE ?)";
+        $params[] = $searchTerm;
+        $params[] = $searchTerm;
+    }
+
+    if (isset($_GET['status']) && !empty($_GET['status'])) {
+        $statusFilter = $_GET['status'];
+        $query .= " AND status = ?";
+        $params[] = $statusFilter;
+    }
+
+    $stmt = $pdo->prepare($query);
+    $stmt->execute($params);
+    $items = $stmt->fetchAll();
+?>
+<?php include 'header.php'; ?>
+
+<div class="container mt-5">
+    <div class="row">
+        <div class="col-md-12">
+            <div class="card">
+                <div class="card-header">
+                    <h4><?php echo htmlspecialchars($user_name); ?>'s Listings</h4>
+                </div>
+                <div class="card-body">
+                    <?php if (isset($_SESSION['success_message'])): ?>
+                        <div class="alert alert-success">
+                            <?php echo htmlspecialchars($_SESSION['success_message']); unset($_SESSION['success_message']); ?>
+                        </div>
+                    <?php endif; ?>
+                    <?php if (isset($_SESSION['error_message'])): ?>
+                        <div class="alert alert-danger">
+                            <?php echo htmlspecialchars($_SESSION['error_message']); unset($_SESSION['error_message']); ?>
+                        </div>
+                    <?php endif; ?>
+                    <p>Manage your listed items here.</p>
+
+                    <form action="my_listings.php" method="get" class="mb-4">
+                        <div class="input-group">
+                            <input type="text" class="form-control" placeholder="Search your listings..." name="search" value="<?php echo htmlspecialchars($_GET['search'] ?? ''); ?>">
+                            <select class="form-select" name="status">
+                                <option value="">All Statuses</option>
+                                <option value="available" <?php echo (isset($_GET['status']) && $_GET['status'] === 'available') ? 'selected' : ''; ?>>Available</option>
+                                <option value="rented" <?php echo (isset($_GET['status']) && $_GET['status'] === 'rented') ? 'selected' : ''; ?>>Rented</option>
+                                <option value="unavailable" <?php echo (isset($_GET['status']) && $_GET['status'] === 'unavailable') ? 'selected' : ''; ?>>Unavailable</option>
+                            </select>
+                            <button class="btn btn-outline-secondary" type="submit">Filter</button>
+                        </div>
+                    </form>
+
+                    <?php if (empty($items)): ?>
+                        <p>You have not listed any items yet. <a href="add_item.php">Add a new item</a>.</p>
+                    <?php else: ?>
+                        <div class="row">
+                            <?php foreach ($items as $item): ?>
+                                <div class="col-md-4 mb-4">
+                                    <div class="card h-100">
+                                        <img src="<?php echo htmlspecialchars($item['image_url'] ?? 'https://via.placeholder.com/150'); ?>" class="card-img-top" alt="<?php echo htmlspecialchars($item['name']); ?>">
+                                        <div class="card-body d-flex flex-column">
+                                            <h5 class="card-title"><?php echo htmlspecialchars($item['name']); ?></h5>
+                                            <p class="card-text flex-grow-1"><?php echo htmlspecialchars($item['description']); ?></p>
+                                            <p class="card-text"><strong>Price:</strong> $<?php echo htmlspecialchars(number_format($item['price'], 2)); ?> per day</p>
+                                            <p class="card-text"><strong>Location:</strong> <?php echo htmlspecialchars($item['location']); ?></p>
+                                            <div class="mt-auto">
+                                                <a href="item_details.php?id=<?php echo htmlspecialchars($item['id']); ?>" class="btn btn-info btn-sm">View</a>
+                                                <a href="edit_item.php?id=<?php echo htmlspecialchars($item['id']); ?>" class="btn btn-warning btn-sm">Edit</a>
+                                                <a href="delete_item.php?id=<?php echo htmlspecialchars($item['id']); ?>" class="btn btn-danger btn-sm">Delete</a>
+                                                <p class="text-info mt-2">Status: <?php echo htmlspecialchars(ucfirst($item['status'])); ?></p>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </div>
+                            <?php endforeach; ?>
+                        </div>
+                    <?php endif; ?>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php include 'footer.php'; ?>