function main() { if (hasPrivilege('customer')) { // Check customer Loged in $userId = $_SESSION[getSpKey()]['customer']; $sql = "SELECT * FROM `customers` WHERE `id` = '{$userId}' "; $result = dbQuery($sql); while (($records = mysql_fetch_assoc($result)) !== false) { $customerDetails = array('id' => $records['id'], 'customer_name' => $records['customer_name'], 'customer_family' => $records['customer_family'], 'customer_email' => $records['customer_email'], 'customer_gender' => $records['customer_gender'], 'customer_mobile' => $records['customer_mobile'], 'customer_city' => $records['customer_city'], 'customer_state' => $records['customer_state'], 'customer_zipcode' => $records['customer_zipcode'], 'customer_emergency_number' => $records['customer_emergency_number'], 'customer_address' => $records['customer_address']); } mysql_free_result($result); // edit Customer Details if (isset($_POST['btnEditSubmit'])) { $txtDetails = array('customer_name' => isset($_POST['txtName']) ? $_POST['txtName'] : null, 'customer_family' => isset($_POST['txtFamily']) ? $_POST['txtFamily'] : null, 'customer_email' => isset($_POST['txtEmail']) ? $_POST['txtEmail'] : null, 'customer_mobile' => isset($_POST['txtMobile']) ? $_POST['txtMobile'] : null, 'customer_city' => isset($_POST['txtCity']) ? $_POST['txtCity'] : null, 'customer_state' => isset($_POST['txtState']) ? $_POST['txtState'] : null, 'customer_zipcode' => isset($_POST['txtZipCode']) ? $_POST['txtZipCode'] : null, 'customer_emergency_number' => isset($_POST['txtEmergencyNumber']) ? $_POST['txtEmergencyNumber'] : null, 'customer_address' => isset($_POST['txtAddress']) ? $_POST['txtAddress'] : null); $dataIsCorrect = true; foreach ($txtDetails as $pieceOfData) { if (is_null($pieceOfData)) { addMessage('اطلاعات محصول به درستی وارد نشده است', FAILURE); $dataIsCorrect = false; break; } } } } else { $url = BASE_URL . 'signup'; return array('redirect' => $url); } $resp['data'] = array('customerDetails' => $customerDetails); return $resp; }
function main() { // Login Form if (isset($_POST['login'])) { // handle login $email = $_POST['email']; $password = sha1($_POST['password']); $sql = "SELECT * FROM `customers` WHERE `customer_email`='{$email}' AND `customer_password`='{$password}';"; $result = dbQuery($sql); if (mysql_num_rows($result) != 1) { $url = BASE_URL . '/signup'; //@todo create error message addMessage('نام کاربری یا رمز عبور اشتباه وارد شده است.', FAILURE); } else { $user = mysql_fetch_assoc($result); //@todo save user id in session //@todo create welcome message $url = BASE_URL . '/customer'; $spKey = getSpKey(); $_SESSION[$spKey]['customer'] = $user['id']; $userName = $user['customer_name']; addMessage($userName . ' عزیز خوش آمدید.', SUCSESS); } mysql_free_result($result); return array('redirect' => $url); } // SignUp Form if (isset($_POST['signup'])) { $firstName = safeQuery($_POST['firstName']); $lastName = safeQuery($_POST['lastName']); $mobile = safeQuery($_POST['mobile']); $email = safeQuery($_POST['email']); $password = sha1($_POST['password']); $gender = $_POST['gender']; if (isPhone($mobile) && isEmail($email) && !empty(trim($firstName)) && !empty(trim($lastName)) && !empty(trim($mobile)) && !empty(trim($email)) && !empty(trim($password))) { $sql = "SELECT * FROM `customers` WHERE `customer_email`='{$email}'"; $result = dbQuery($sql); if (mysql_num_rows($result) == 0) { $sql = "INSERT INTO `customers`(`customer_name`,`customer_family`,`customer_email`,`customer_password`,`customer_gender`,`customer_mobile`)\n VALUES('{$firstName}','{$lastName}','{$email}','{$password}','{$gender}','{$mobile}')"; $result = dbQuery($sql); addMessage('ثبت نام شما با موفقیت انجام شد. با آدرس ایمیل و رمز عور انتخابی وارد شوید', SUCSESS); $url = BASE_URL . '/customer'; } else { $url = BASE_URL . '/signup'; //@todo create error message addMessage('آدرس ایمیل واد شده تکراری میباشد، برای بازیابی رمز عبور کلیک کنید.', FAILURE); } mysql_free_result($result); } else { $url = BASE_URL . '/signup'; //@todo create error message addMessage('اطلاعات فرم ثبت نام به درستی وارد نشده است.', FAILURE); } return array('redirect' => $url); } }
function hasPrivilege($acl) { switch ($acl) { case 'customer': $key = 'customer'; break; case 'admin': $key = 'admin'; break; default: $key = 'guest'; } return isset($_SESSION[getSpKey()][$key]); }
function elementLoginLogout() { if (isset($_SESSION[getSpKey()])) { if ($_SESSION[getSpKey()]['customer']) { $userId = $_SESSION[getSpKey()]['customer']; $sql = "SELECT `id`,`customer_name` FROM `customers` WHERE `id` = '{$userId}'"; $result = dbQuery($sql); while (($row = mysql_fetch_array($result)) !== false) { $userDetails[] = array('id' => $row['id'], 'customer_name' => $row['customer_name']); } mysql_free_result($result); return array('userDetails' => $userDetails); } } }
function main() { unset($_SESSION[getSpKey()]); header('location:../signup'); }