// publication, or educational product without permission from O'Reilly & // Associates. No warranty is attached; we cannot take responsibility for errors // or fitness for use. // require_once "includes/winestore.inc"; require_once 'includes/winestore.inc'; // require_once "includes/template.inc"; require_once 'includes/template.inc'; function clean($input, $maxlength) { $input = substr($input, 0, $maxlength); $input = EscapeShellCmd($input); return $input; } if (isset($_GET["source"])) { $source = clean($_GET["source"], 60); $template = new winestoreTemplate(T_SOURCE); // if ((eregi("^" . D_WEB_PATH . "[a-z0-9]*[.]php$", $source) || // if ((mb_ereg_match("^" . D_WEB_PATH . "[a-z0-9]*[.]php$", $source) || if ((preg_match(D_WEB_PATH . "#^[a-z0-9]*[.]php\$#i", $source) || preg_match("/^/" . D_WEB_PATH . "/templates\\/[a-z0-9]*[.]tpl\$/i", $source) || $source == D_WEB_PATH . "includes/winestore.inc" || $source == D_WEB_PATH . "includes/customHandler.inc" || $source == D_WEB_PATH . "includes/authenticate.inc" || $source == D_WEB_PATH . "includes/template.inc" || $source == D_WEB_PATH . "includes/validate.inc" || preg_match("/^/" . D_WEB_PATH . "/customer\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/auth\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/order\\/[a-z0-9-]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/search\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/cart\\/[a-z0-9]*[.]php\$/i", $source)) && file_exists(D_INSTALL_PATH . $source)) { $file = D_INSTALL_PATH . $source; } $template->setVariable("PAGE", $source); if (isset($file)) { $contents = highlight_file($file, true); $contents = str_replace("{", "{", $contents); $contents = str_replace("}", "}", $contents); $template->setVariable("SOURCE", $contents); } else { $template->setVariable("SOURCE", "Filename Not Found or Not Permitted."); } $template->setCurrentBlock();
function show_HTML_receipt($custID, $orderID, $connection) { $template = new winestoreTemplate(T_ORDERRECEIPT); // Find customer information $query = "SELECT * FROM customer, users\n WHERE customer.cust_id = {$custID}\n AND users.cust_id = customer.cust_id"; $result = $connection->query($query); if (DB::isError($result)) { trigger_error($result->getMessage(), E_USER_ERROR); } $row = $result->fetchRow(DB_FETCHMODE_ASSOC); // Now setup all the customer fields $template->setVariable("CUSTTITLE", showTitle($row["title_id"], $connection)); $template->setVariable("SURNAME", $row["surname"]); $template->setVariable("CUST_ID", $custID); $template->setVariable("ORDER_ID", $orderID); $template->setVariable("FIRSTNAME", $row["firstname"]); $template->setVariable("INITIAL", $row["initial"]); $template->setVariable("ADDRESS", $row["address"]); $template->setVariable("CITY", $row["city"]); $template->setVariable("STATE", $row["state"]); $template->setVariable("COUNTRY", showCountry($row["country_id"], $connection)); $template->setVariable("ZIPCODE", $row["zipcode"]); $orderTotalPrice = 0; // list the particulars of each item in the order $query = "SELECT i.qty, w.wine_name, i.price, \n w.wine_id, w.year, wi.winery_name\n FROM items i, wine w, winery wi\n WHERE i.cust_id = {$custID}\n AND i.order_id = {$orderID}\n AND i.wine_id = w.wine_id\n AND w.winery_id = wi.winery_id\n ORDER BY item_id"; $result = $connection->query($query); if (DB::isError($result)) { trigger_error($result->getMessage(), E_USER_ERROR); } // Add each item to the page while ($row = $result->fetchRow(DB_FETCHMODE_ASSOC)) { // Work out the cost of this line item $itemsPrice = $row["qty"] * $row["price"]; $orderTotalPrice += $itemsPrice; $wineDetail = showWine($row["wine_id"], $connection); $template->setCurrentBlock("row"); $template->setVariable("QTY", $row["qty"]); $template->setVariable("WINE", $wineDetail); $template->setVariable("PRICE", sprintf("\$%4.2f", $row["price"]), 11); $template->setVariable("TOTAL", sprintf("\$%4.2f", $itemsPrice)); $template->parseCurrentBlock("row"); } $template->setCurrentBlock("items"); $template->setVariable("ORDER_TOTAL", sprintf("\$%4.2f\n", $orderTotalPrice)); $template->parseCurrentBlock("items"); $template->setCurrentBlock(); $template->showWinestore(NO_CART, B_HOME); }