Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/wreyesus/Sencillo_Carrito_de_Compras_en_PHP/llms.txt

Use this file to discover all available pages before exploring further.

index.php is the entry point for the YUME|TEC store. It renders the main homepage — complete with a banner, a featured products image, and the site’s primary navigation — and also handles member authentication via a jQuery-powered slide-down panel anchored to the very top of every page. When a visitor submits valid credentials, the script writes session variables and redirects them to index2.php, the authenticated version of the homepage.

How the login panel works

The sliding login panel is built around two div elements nested inside #toppanel: the #panel container holds the login form itself, and the .tab container exposes the toggle button that the user clicks to reveal it. The panel begins collapsed; js/slide.js listens for clicks on #open and animates div#panel downward with jQuery’s slideDown("slow"). A matching click on #close calls slideUp("slow") to retract it.
<div id="toppanel">
  <div id="panel"><!-- login form --></div>
  <div class="tab"><!-- toggle button --></div>
</div>
The JavaScript driving this behaviour lives in js/slide.js and is loaded after jQuery 1.3.2:
$(document).ready(function() {

  // Expand Panel
  $("#open").click(function(){
    $("div#panel").slideDown("slow");
  });

  // Collapse Panel
  $("#close").click(function(){
    $("div#panel").slideUp("slow");
  });

  // Switch buttons from "Entrar" to "Cerrar Panel" on click
  $("#toggle a").click(function () {
    $("#toggle a").toggle();
  });

});
The page loads two jQuery versions: jquery-1.7.1.min.js from the project root and js/jquery-1.3.2.min.js from the js/ sub-directory. slide.js depends on 1.3.2 and must be loaded after it.

Authentication flow

When the visitor fills in the login form and clicks Entrar, the browser POSTs log (username) and pwd (password) to index2.php (the form’s action attribute). index2.php detects $_POST['log'], queries the usuario table, and on success writes two session keys before issuing a redirect.
1

Receive POST data

$_POST['log'] is assigned to $nickname and $_POST['pwd'] to $contrasena.
2

Query the database

A SELECT is run against the usuario table matching both columns:
$consulta2 = "SELECT * FROM usuario WHERE nickname='$nickname' AND contrasena='$contrasena'";
$result = mysql_query($consulta2) or die(mysql_error());
$filasn = mysql_num_rows($result);
3

Validate and redirect

If at least one row is returned and $_GET['nologin'] is not set, the session is populated and the browser is sent to index2.php:
if ($filasn > 0) {
    $rowsresult = mysql_fetch_array($result);
    $_SESSION['idusuario'] = $rowsresult['idusuario'];
    $_SESSION['usuario'] = $nickname;
    header("location:index2.php?login=true");
}
$_SESSION['idusuario'] stores the numeric primary key from the usuario table, and $_SESSION['usuario'] stores the plaintext nickname. Both are used by subsequent pages to identify the logged-in member.
The login query is vulnerable to SQL injection because $nickname and $contrasena are interpolated directly into the query string without escaping or parameterisation. In production code, always use prepared statements with PDO or MySQLi — for example:
$stmt = $pdo->prepare("SELECT * FROM usuario WHERE nickname = ? AND contrasena = ?");
$stmt->execute([$nickname, $contrasena]);
Additionally, the mysql_* extension used throughout this project was removed in PHP 7. Migrate to mysqli_* or PDO for any modern deployment.

Session-aware navigation

The tab bar inside #toppanel checks $_SESSION['usuario'] to personalise the greeting and the action button on every page:
// Greeting: "Hola Invitado!" vs "Hola <username>"
if (!isset($_SESSION["usuario"])) {
    echo "Invitado";
} else {
    echo $_SESSION["usuario"];
}

// Toggle label: "Entrar" for guests, "Salir" for members
if (!isset($_SESSION["usuario"])) {
    echo "Entrar";
} else {
    echo "Salir";
}
When a user is already logged in, the #panel login form is replaced by a plain Cerrar Sesion link pointing to cerrar_sesion.php, which destroys the session and returns the visitor to the guest state. The #nav unordered list provides the five top-level links available from index.php. Logged-in users land on index2.php after authentication, which mirrors this navigation but points Inicio back to index2.php instead.
LabelTarget filePurpose
Inicioindex.phpHomepage — featured products and banner
Nosotrosnosotros.phpAbout page for the YUME|TEC team
Productoscategorias.phpCategory landing page for all product lines
Contactocontacto.phpContact form powered by PHPMailer
Carritocarrito.phpShopping cart — view and edit pending items

Build docs developers (and LLMs) love