[x] in my account of the client, make that the ordrs are actually only of him and not of everybody (there's some of this as I didnt have the calls of the api before)
[x] in the orders put the specs of the products
[x] in reviews connect the vendor on the "vendor by" if not done yet
[x] in writing a review put that the stars are a numeric field
[x] same for price in creating a product
[x] make that the reviews are related only to the product shown
[x] the buy now has some problems - check
[x] show the answer of the review if any
[x] in vendor account show only the products of the vendor with the proper api call
[x] "by vendor" hyperlink on products should be deactivated on the vendor' side and there should only be the name
[x] check that writing a reply to a review works - (Im not sure if the form has been set with the proper call)
[x] ----> the above works but doesnt update the answer (the useEffect) immediately (you need to refresh) - check it otu
[x] make a new page for the vendor to check all the chats in which each possible chat is a card with a button to open.
this button connects the vendor to the correct chat and opens the bottom right corner widget
[ ] remove useless comments
[ ] remove console logs for debugging
[ ] add some docs / explanation
[x] make that the vendor can verify the orders
[ ] replicate stuff also in the unsafe components
[x] success alert while buying a product
[x] if there's time make alerts for saying errors like not enough money
[ ] ---> this above are done but just for buying products; maybe useful for other things as well?
[x] search products for vendors
[x] reviews only of hte product in questione
[x] author in reviews must be the email
[x] searchbar is not showing results given from the search!!!!
[ ] approved reviews are not shown wtf (both vendor and customer sides)
[ ] chat stuff
BACKEND
[x] chat insecure flag to be added
[x] XSS stored
[ ] sanification SQL injection with Query Builder?
[x] retrieving hashed pw should be possible
[ ] remove salt in the password for insecure version
[ ] "delete" of a product is only allowed if there's not dependency in order or reviews to it
[x] get reviews related only a product
[ ] get product obj when getting vendor's orders
[ ] at most one answer per review. Meaning it's not an array the return of getReplies
[x] CHECK that the orders are given always as not approved even if in the db the approved is true
[x] user entity in all types of getting reviews
[ ] search products for vendors (only his prods)
USER GUIDE
[ ] Start writing installatoin and use guide
[ ] for the video francesco check to have the rainbow tables!!
[ ] make the video where exploiting the vulnerabilities on both versions
FRONTEND
BACKEND
USER GUIDE