function newOrderViaJS($exchange, $product, $buy_or_sell, $qty, $price, $user) { if ($_SESSION["instabid_userId"] == NULL) { return '{"result":"FAIL","msg":"Sorry but this user is unidentified creating a risk of outside fraudulent access. You have to call the function authorize_user_to_bid(userId) in instabid.php first"}'; } elseif ($_SESSION["instabid_userId"] != $user) { return '{"result":"FAIL","msg":"Sorry but this user is identified differently in the javascript call than in the php function authorize_user_to_bid(userId) in instabid.php you called earlier. This user could be attempting to spoof another user"}'; } else { //return $_SESSION["instabid_userId"]; return newOrder($exchange, $product, $buy_or_sell, $qty, $price, $user); } }
<?php chdir("../../common"); require_once "init.php"; chdir("../database"); require_once "storeFrontend.php"; // Get data $storeId = intval($_GET["storeId"]); $userId = $_SESSION['storesLogin'][$storeId]['userId']; $address = $_GET["address"]; setUserAddress($userId, $address); $cart = $_SESSION['storesLogin'][$storeId]['cart']; // Create order $orderId = newOrder($userId); $total = 0; foreach ($cart as $item) { $productId = $item["id"]; $quantity = $item["qt"]; $baseCost = getProduct($productId); $baseCost = $baseCost["price"]; $total += $quantity * $baseCost; addProductToOrder($orderId, $productId, $quantity, $baseCost); } // Create an invoice $code = substr(str_shuffle(md5(time())), 0, 10); $store = getStoreById($storeId); $domain = $store[0]["domain"]; $vat = $store[0]["vat"]; $total *= 1 + $vat; $id = createInvoice($code, $total, $vat, $orderId); // Clear cart