function newOrderViaJS($exchange, $product, $buy_or_sell, $qty, $price, $user)
{
if ($_SESSION["instabid_userId"] == NULL) {
return '{"result":"FAIL","msg":"Sorry but this user is unidentified creating a risk of outside fraudulent access. You have to call the function authorize_user_to_bid(userId) in instabid.php first"}';
} elseif ($_SESSION["instabid_userId"] != $user) {
return '{"result":"FAIL","msg":"Sorry but this user is identified differently in the javascript call than in the php function authorize_user_to_bid(userId) in instabid.php you called earlier. This user could be attempting to spoof another user"}';
} else {
//return $_SESSION["instabid_userId"];
return newOrder($exchange, $product, $buy_or_sell, $qty, $price, $user);
}
}
<?php
chdir("../../common");
require_once "init.php";
chdir("../database");
require_once "storeFrontend.php";
// Get data
$storeId = intval($_GET["storeId"]);
$userId = $_SESSION['storesLogin'][$storeId]['userId'];
$address = $_GET["address"];
setUserAddress($userId, $address);
$cart = $_SESSION['storesLogin'][$storeId]['cart'];
// Create order
$orderId = newOrder($userId);
$total = 0;
foreach ($cart as $item) {
$productId = $item["id"];
$quantity = $item["qt"];
$baseCost = getProduct($productId);
$baseCost = $baseCost["price"];
$total += $quantity * $baseCost;
addProductToOrder($orderId, $productId, $quantity, $baseCost);
}
// Create an invoice
$code = substr(str_shuffle(md5(time())), 0, 10);
$store = getStoreById($storeId);
$domain = $store[0]["domain"];
$vat = $store[0]["vat"];
$total *= 1 + $vat;
$id = createInvoice($code, $total, $vat, $orderId);
// Clear cart
