Exemple #1
0
function doLogin($referer_in, $post)
{
    extract($post);
    if ($submit_login) {
        if (!recaptchaCheck()) {
            return 0;
        }
        $database = connectToDatabase();
        $account = new Account($username);
        if ($account->checkPassword($password)) {
            session_name($username);
            $_SESSION['username'] = $username;
            $_SESSION['id'] = $account->getDatabaseID();
            if ($referer) {
                doRedirect($referer);
            } else {
                renderError("Cannot redirect you to the proper place.  Please press the back button and try again.");
                return 0;
            }
        } else {
            renderError("Your password is incorrect.  Please try again");
            return 0;
        }
    } else {
        renderError("You need to login to do that.");
        displayLoginForm($referer_in);
        return 0;
    }
}
function decomposeForwardUrl($forwardUrl)
{
    $decomposedForwardUrl = @parse_url($forwardUrl);
    if (!$decomposedForwardUrl || !isset($decomposedForwardUrl['scheme']) || $decomposedForwardUrl['scheme'] != 'http' && $decomposedForwardUrl['scheme'] != 'https') {
        renderError(412, 'Precondition Failed', 'Malformed forward URL.');
    }
    return $decomposedForwardUrl;
}
Exemple #3
0
/**
 * Handle add product request
 */
function add_product()
{
    if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        renderError('Нельзя так, только POST');
    }
    product_add($_POST);
    header('Location: ' . $_SERVER['HTTP_REFERER']);
}
Exemple #4
0
/**
 * Validate product, renders error if validation fails
 * @param array $input
 */
function product_validate_input(array $input)
{
    foreach (product_attributes() as $name => $type) {
        if (!array_key_exists($name, $input)) {
            renderError('Упс, кажется, ты забыл заполнить поле ' . $name);
        }
        if (!call_user_func('is_' . $type, $input[$name])) {
            renderError('Ой, поле ' . $name . 'должно иметь тип ' . $type);
        }
    }
}
Exemple #5
0
function displayComponentHierarchy()
{
    global $tables;
    $database = connectToDatabase();
    if (!$database) {
        return;
    }
    $result_class = mysqlQuery("SELECT id,name FROM " . $tables['classes'] . " ORDER BY priority", $database);
    if (!$result_class) {
        renderError("Cannot obtain classes list!");
        return;
    }
    while ($result_array_class = mysql_fetch_array($result_class)) {
        $class_count++;
        echo "<p class='class'>" . $result_array_class['name'] . " ";
        if ($class_count > 1) {
            echo "<span class='up'><a href='?increase_priority=" . $result_array_class['id'] . "'>[UP]</a></span>";
        }
        if ($class_count < mysql_num_rows($result_class)) {
            echo "<span class='down'><a href='?decrease_priority=" . $result_array_class['id'] . "'>[DOWN]</a></span>";
        }
        $result_family = mysqlQuery("SELECT id,name FROM " . $tables['families'] . " WHERE class_id=" . $result_array_class['id'], $database);
        if (!$result_family) {
            renderError("Cannot obtain families list!");
            return;
        }
        $first_family = true;
        while ($result_array_family = mysql_fetch_array($result_family)) {
            if ($first_family) {
                echo "<span class='edit'><a href='?edit_class=" . $result_array_class['id'] . "'>[Edit]</a></span></p>";
            }
            $first_family = false;
            $family_count++;
            echo "<p class='family'>*" . $result_array_family['name'] . " <span class='edit'><a href='?edit_family=" . $result_array_family['id'] . "'>[Edit]</a></span>";
            $result_component = mysqlQuery("SELECT id,name FROM " . $tables['components'] . " WHERE family_id=" . $result_array_family['id'], $database);
            if (!$result_component) {
                renderError("Cannot obtain components list!");
                return;
            }
            $first_component = true;
            while ($result_array_component = mysql_fetch_array($result_component)) {
                $first_component = false;
                if ($first_component) {
                    echo "</p>";
                }
                echo "<p class='component'>-" . $result_array_component['name'] . " <span class='edit'><a href='?edit_component=" . $result_array_component['id'] . "'>[Edit]</a></span><span class='remove'><a href='?remove_component=" . $result_array_component['id'] . "&amp;name=" . $result_array_component['name'] . "'>[Remove]</a></span></p>";
            }
            if ($first_component) {
                echo "<span class='remove'><a href='?remove_family=" . $result_array_family['id'] . "&amp;name=" . $result_array_family['name'] . "'>[Remove]</a></span></p>";
            }
            echo "\r\n\t\t\t\t\t<form class='component' method='post' action='index.php'><p>-\r\n\t\t\t\t\t<input type='hidden' name='submitted' value='1' />\r\n\t\t\t\t\t<input type='hidden' name='next_page' value='3' />\r\n\t\t\t\t\t<input type='hidden' name='family_id' value='" . $result_array_family['id'] . "' />\r\n\t\t\t\t\t<input type='text' name='name' />\r\n\t\t\t\t\t<input type='submit' value='Submit' /></p>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t";
        }
        if ($first_family) {
            echo "<span class='edit'><a href='?edit_class=" . $result_array_class['id'] . "'>[Edit]</a></span>";
            echo "<span class='remove'><a href='?remove_class=" . $result_array_class['id'] . "&amp;name=\"" . $result_array_class['name'] . "\"'>[Remove]</a></span></span><br/>";
        }
        //display all families in this class and all components in those families and the new component form for each family
        echo "\r\n\t\t\t\t\t<form class='family' method='post' action='index.php'><p>*\r\n\t\t\t\t\t<input type='hidden' name='submitted' value='1' />\r\n\t\t\t\t\t<input type='hidden' name='next_page' value='2' />\r\n\t\t\t\t\t<input type='hidden' name='class_id' value='" . $result_array_class['id'] . "' />\r\n\t\t\t\t\t<input type='text' name='name' />\r\n\t\t\t\t\t<input type='submit' value='Submit' /></p>\r\n\t\t\t\t\t</form><br/>\r\n\t\t\t\t\t";
    }
    ?>
		<form class='class' method="post"  action="index.php"><p>
		<input type='hidden' name='submitted' value='1' />
		<input type='hidden' name='next_page' value='1' />
		<input type='text' name='name' />
		<input type='submit' value="Submit" /></p>
		</form>
	<?php 
}
Exemple #6
0
    return htmlspecialchars($s, ENT_QUOTES, 'utf-8');
}
if (isset($_GET['f']) && !empty($_GET['f']) && $_GET['f'] !== __FILE__) {
    $content = @file_get_contents($_GET['f']);
    if ($content === FALSE) {
        renderError('<span class="error"><strong>ERROR:</strong> Failed to open stream!</span>');
    } else {
        $sc = htmlspecialchars(file_get_contents($_GET['f']));
        if (isset($_GET['embedded'])) {
            renderHTMLEmbedded($sc, normalize($_GET['f']));
        } else {
            renderHTML($sc, normalize($_GET['f']));
        }
    }
} else {
    renderError('<span class="error"><strong>ERROR:</strong> Please specify a correct file URI.</span>');
}
?>

<?php 
function renderHTML($sc, $uri)
{
    ?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    
    <title>File Source Code Viewer</title>
<?php

require_once 'utilities.php';
if (count(sscanf($_SERVER['HTTP_REFERER'], "http://oc.ericneill.com/%s.php")) > 0) {
    if (!is_numeric($_GET['id'])) {
        //renderError( "ID must be an integer!" );
    } else {
        if (isset($_GET['id']) && $_GET['id'] > 0) {
            echo displayComponentDescription($_GET['id']);
        }
    }
} else {
    renderError("Bad referrer!");
}
function displayComponentDescription($component_id_in)
{
    global $tables;
    $query = "SELECT description FROM " . $tables['components'] . " WHERE id=" . $component_id_in;
    $result = mysqlGetSingleValue($query);
    return $result;
}
Exemple #8
0
function checkPrivs($filename)
{
    if (!is_readable($filename)) {
        renderError('One of the source files could not be read.');
    }
}
function connectToDatabase()
{
    global $database_server, $database_username, $database_password, $database_name;
    $database = mysql_connect($database_server, $database_username, $database_password);
    if (!$database) {
        renderError("Database Server Unreachable");
        return 0;
    }
    $query_result = mysql_query("USE " . $database_name, $database);
    if (!$query_result) {
        renderError("Database Unreachable");
        return 0;
    }
    $query_result = mysql_query("SET NAMES 'utf8'");
    if (!$query_result) {
        renderError("Unable to set charset");
        return 0;
    }
    return $database;
}
Exemple #10
0
/**
 * Renders not allowed page and stop application
 */
function methodNotAllowed()
{
    renderError('Метод ' . $_SERVER['REQUEST_METHOD'] . ' недопустим для этого запроса, увы ;(');
}
function displayShippingInfoFromPOSTAdmin($order_id_in)
{
    global $tables;
    $database = connectToDatabase();
    $query = "SELECT * FROM " . $tables['shippinginfo'];
    $result = mysqlQuery($query);
    if (!$result || mysql_num_rows($result) < 1) {
        renderError("SHIPPING INFO TABLE EMPTY");
        return;
    }
    echo "<form method='post'>";
    echo "<table>";
    echo "<tr><td>First Name:</td><td><input type=text name='first_name' value='" . $_POST['first_name'] . "'></td></tr>";
    echo "<tr><td>Last Name:</td><td><input type=text name='last_name' value='" . $_POST['last_name'] . "'></td></tr>";
    echo "<tr><td>Middle Initial:</td><td><input type=text name='middle_initial' value='" . $_POST['middle_initial'] . "'></td></tr>";
    echo "<tr><td>Street Address:</td><td><input type=text name='street_address' value='" . $_POST['street_address'] . "'></td></tr>";
    echo "<tr><td>City:</td><td><input type=text name='city' value='" . $_POST['city'] . "'></td></tr>";
    echo "<tr><td>State:</td><td><select name='state'>";
    $states = "<option>AL</option> <option>AK</option> <option>AS</option> <option>AZ</option>\r\n\t<option>AR</option> <option>CA</option> <option>CO</option> <option>CT</option>\r\n\t<option>DE</option> <option>DC</option> <option>FM</option> <option>FL</option>\r\n\t<option>GA</option> <option>GU</option> <option>HI</option> <option>ID</option>\r\n\t<option>IL</option> <option>IN</option> <option>IA</option> <option>KS</option>\r\n\t<option>KY</option> <option>LA</option> <option>ME</option> <option>MH</option>\r\n\t<option>MD</option> <option>MA</option> <option>MI</option> <option>MN</option>\r\n\t<option>MS</option> <option>MO</option> <option>MT</option> <option>NE</option>\r\n\t<option>NV</option> <option>NH</option> <option>NJ</option> <option>NM</option>\r\n\t<option>NY</option> <option>NC</option> <option>ND</option> <option>MP</option>\r\n\t<option>OH</option> <option>OK</option> <option>OR</option> <option>PW</option>\r\n\t<option>PA</option> <option>PR</option> <option>RI</option> <option>SC</option>\r\n\t<option>SD</option> <option>TN</option> <option>TX</option> <option>UT</option>\r\n\t<option>VT</option> <option>VI</option> <option>VA</option> <option>WA</option>\r\n\t<option>WV</option> <option>WI</option> <option>WY</option></select></td></tr>";
    if (isset($_POST['state'])) {
        $states = str_replace(">" . $_POST['state'], " selected='selected'>" . $_POST['state'], $states);
    } else {
        $states = str_replace(">AL", " selected='selected'>AL", $states);
    }
    echo $states;
    echo "<tr><td>Zip-Code:</td><td><input type=text name='zip_code' value='" . $_POST['zip_code'] . "'></td></tr>";
    echo "<tr><td>Shipping Method:</td><td><select name='OC_ship'>";
    while ($result_array = mysql_fetch_array($result)) {
        echo "<option value='" . $result_array['id'] . "'>" . $result_array['name'] . "- \$" . number_format($result_array['cost'], 2, '.', ',') . "</option>";
    }
    echo "</select></td></tr>";
    echo "<tr>";
    echo "<td>Payment Received:</td>";
    echo "<td><input type='checkbox' name='payment' /></td>";
    echo "</tr>";
    echo "<tr>";
    echo "<td>Order Shipped:</td>";
    echo "<td><input type='checkbox' name='shipped' /></td>";
    echo "</tr>";
    echo "<input type='hidden' name='order_id' value='" . $order_id_in . "' />\r\n    <tr><td><input type='submit' value='SUBMIT SHIPPING INFO' name='ship_submit' /></td><td></td>\r\n    </table>\r\n    </form>";
}
Exemple #12
0
     }
     if (THprofile_lcnames) {
         $username = strtolower($_GET['user']);
     } else {
         $username = $_GET['user'];
     }
     if (!$db->userexists($username)) {
         renderError("Invalid user specified!");
     }
     // Only admins can do this.
     if (!$_SESSION['admin']) {
         renderInvalidPermissions();
     }
     //Don't delete yourself.
     if ($_SESSION['username'] == $username) {
         renderError("You cannot lock yourself out!");
     }
     $db->suspenduser($username);
     $actionstring = "Remove\tprofile:" . $username;
     writelog($actionstring, "profiles");
     $sm = sminit("remove.tpl", null, "profiles", false, false);
     $sm->assign("username", $username);
     $sm->display("remove.tpl", null);
 } else {
     // Fall-through case - just show all the available options
     $canSeeMemberlist = 0;
     //is member list available?
     if (THprofile_viewuserpolicy == 0 && ($_SESSION['admin'] || $_SESSION['moderator'] || $_SESSION['mod_array'])) {
         //Mods only
         $canSeeMemberlist = 1;
     } elseif (THprofile_viewuserpolicy == 1 && $_SESSION['username']) {
function displayShippingInfo($order_id_in)
{
    global $tables;
    $database = connectToDatabase();
    $query = "SELECT * FROM " . $tables['shippinginfo'];
    $result = mysqlQuery($query);
    $query_2 = "SELECT shipping_first_name, shipping_last_name,shipping_middle_initial, shipping_address, shipping_city, shipping_state, shipping_zip_code FROM " . $tables['orders'] . " WHERE id=" . $order_id_in;
    $result_2 = mysqlQuery($query_2);
    if (!$result || mysql_num_rows($result) < 1) {
        renderError("SHIPPING INFO TABLE EMPTY");
        return;
    }
    if (!$result_2 || mysql_num_rows($result_2) < 1) {
        renderError("ORDER PASSED IN DOESN'T EXIST");
        return;
    }
    $result_array_2 = mysql_fetch_array($result_2);
    echo "<form method='post'>";
    echo "<table>";
    echo "<tr><td>First Name:</td><td><input type=text name='first_name' value='" . $result_array_2['shipping_first_name'] . "'></td></tr>";
    echo "<tr><td>Last Name:</td><td><input type=text name='last_name' value='" . $result_array_2['shipping_last_name'] . "'></td></tr>";
    echo "<tr><td>Middle Initial:</td><td><input type=text name='middle_initial' value='" . $result_array_2['shipping_middle_initial'] . "'></td></tr>";
    echo "<tr><td>Street Address:</td><td><input type=text name='street_address' value='" . $result_array_2['shipping_address'] . "'></td></tr>";
    echo "<tr><td>City:</td><td><input type=text name='city' value='" . $result_array_2['shipping_city'] . "'></td></tr>";
    echo "<tr><td>State:</td><td><select name='state'>";
    $states = "<option>AL</option> <option>AK</option> <option>AS</option> <option>AZ</option>\r\n\t<option>AR</option> <option>CA</option> <option>CO</option> <option>CT</option>\r\n\t<option>DE</option> <option>DC</option> <option>FM</option> <option>FL</option>\r\n\t<option>GA</option> <option>GU</option> <option>HI</option> <option>ID</option>\r\n\t<option>IL</option> <option>IN</option> <option>IA</option> <option>KS</option>\r\n\t<option>KY</option> <option>LA</option> <option>ME</option> <option>MH</option>\r\n\t<option>MD</option> <option>MA</option> <option>MI</option> <option>MN</option>\r\n\t<option>MS</option> <option>MO</option> <option>MT</option> <option>NE</option>\r\n\t<option>NV</option> <option>NH</option> <option>NJ</option> <option>NM</option>\r\n\t<option>NY</option> <option>NC</option> <option>ND</option> <option>MP</option>\r\n\t<option>OH</option> <option>OK</option> <option>OR</option> <option>PW</option>\r\n\t<option>PA</option> <option>PR</option> <option>RI</option> <option>SC</option>\r\n\t<option>SD</option> <option>TN</option> <option>TX</option> <option>UT</option>\r\n\t<option>VT</option> <option>VI</option> <option>VA</option> <option>WA</option>\r\n\t<option>WV</option> <option>WI</option> <option>WY</option></select></td></tr>";
    if (isset($result_array_2['shipping_state'])) {
        $states = str_replace(">" . $result_array_2['shipping_state'], " selected='selected'>" . $result_array_2['shipping_state'], $states);
    } else {
        $states = str_replace(">AL", " selected='selected'>AL", $states);
    }
    echo $states;
    echo "<tr><td>Zip-Code:</td><td><input type=text name='zip_code' value='" . $result_array_2['shipping_zip_code'] . "'></td></tr>";
    echo "<tr><td>Shipping Method:</td><td><select name='OC_ship'>";
    while ($result_array = mysql_fetch_array($result)) {
        echo "<option value='" . $result_array['id'] . "'>" . $result_array['name'] . "- \$" . number_format($result_array['cost'], 2, '.', ',') . "</option>";
    }
    echo "</select></td>";
    echo "<input type='hidden' name='order_id' value='" . $order_id_in . "' />\r\n    <tr><td><input type='submit' value='SUBMIT SHIPPING INFO' name='ship_submit' /></td><td></td>\r\n    </table>\r\n    </form>";
    echo "<form action='configuration_system.php' method='post'>\r\n    <input type='hidden' name='order_id' value='" . $order_id_in . "' />\r\n    <input type='submit' value='CANCEL' name='Cancel'/>\r\n    </form>";
}
Exemple #14
0
        }
        while ($result_array = mysql_fetch_array($result)) {
            $orderlines++;
            displayOrderline($result_array[0], $orderlines);
            if (!isOrderlineFull($result_array[0])) {
                $incomplete++;
                renderError("This item is not full!");
            }
        }
        if (!$orderlines) {
            noItemsInCart();
        }
        if (!$incomplete) {
            orderComplete(0, $order, 1);
        } else {
            renderError("Please complete all incomplete items before checking out.");
        }
        echo "<br/><br/>";
    }
}
function displayOrderline($orderline_id_in, $orderline_number_in)
{
    //SELECT component.name,component.description,class.id,class.name
    //FROM selectedcomponent
    //JOIN ( component, family, class )
    //ON ( selectedcomponent.component_id=component.id
    //AND component.family_id=family.id
    //AND family.class_id=class.id )
    //WHERE orderline_id=3
    echo "<div class='cart_item'>Item #" . $orderline_number_in . "</div>";
    displayPreviouslySelectedComponentList($orderline_id_in, 'cart.php');
 function updateDatabase($database)
 {
     global $tables;
     if (!$database) {
         renderError("Account update method was passed a null database resource");
         return 0;
     }
     if (!$this->first_name || !$this->last_name || !$this->street_address || !$this->city || !$this->state || !$this->zip_code || !$this->email_address || !$this->area_code || !$this->phone_number || !$this->password || !$this->username) {
         renderError("The update cannot be processed.");
         return 0;
     }
     if ($this->database_id) {
         //UPDATE table SET field='newval', field2='newval2' WHERE id='$database_id'
         $query = "UPDATE " . $tables['accounts'] . " SET " . "first_name='" . $this->first_name . "'," . "last_name='" . $this->last_name . "'," . "middle_initial='" . $this->middle_initial . "'," . "street_address='" . $this->street_address . "'," . "city='" . $this->city . "'," . "state='" . $this->state . "'," . "zip_code='" . $this->zip_code . "'," . "email_address='" . $this->email_address . "'," . "area_code='" . $this->area_code . "'," . "phone_number='" . $this->phone_number . "'," . "password='******' WHERE id='" . $this->database_id . "'";
     } else {
         $query = "INSERT INTO " . $tables['accounts'] . " VALUES ( " . "NULL, " . "'" . $this->last_name . "'," . "'" . $this->first_name . "'," . "'" . $this->middle_initial . "'," . "'" . $this->street_address . "'," . "'" . $this->city . "'," . "'" . $this->state . "'," . "'" . $this->zip_code . "'," . "'" . $this->email_address . "'," . "'" . $this->area_code . "'," . "'" . $this->phone_number . "'," . "'" . $this->username . "'," . "'" . $this->password . "' )";
     }
     if (!query) {
         renderError("Update Failed -- Account update query was empty!!!");
         return 0;
     }
     $query_result = mysqlQuery($query, $database);
     if (mysql_error()) {
         //debug( "query", $query );
         renderError("Unknown MySQL Error; " . mysql_error());
         return 0;
     }
     $query = "SELECT id FROM " . $tables['accounts'] . " WHERE username='******'";
     $query_result = mysqlQuery($query, $database);
     $result_array = mysql_fetch_array($query_result);
     $this->database_id = $result_array[0];
     if (!$this->database_id) {
         renderError("Account creation successful, but failed to set database id.");
         return 0;
     }
     return 1;
 }
Exemple #16
0
         displayPreviouslySelectedComponentList($result_array[0], 'cart.php');
         echo "<br/>";
         $number++;
     }
 } else {
     if (isLoggedIn() && $_GET['edit_id']) {
         //edit order edit_id
         displayShippingInfo($_GET['edit_id']);
     } else {
         if (isLoggedIn()) {
             $database = connectToDatabase();
             $query = "SELECT *\r\n                    FROM " . $tables['orders'] . "\r\n                    WHERE account_id=" . $_SESSION['id'] . " AND placed_date IS NOT NULL";
             $result = mysqlQuery($query, $database);
             $rows = mysql_num_rows($result);
             if ($rows < 1) {
                 renderError("You have not placed any orders yet.");
             } else {
                 if ($rows >= 1) {
                     echo "\r\n            <table border='1' width='100%'>\r\n            <thead>\r\n            <tr>\r\n            <th><span class='edit_account_table_header'>Shipping Name</span></th>\r\n            <th><span class='edit_account_table_header'>Shipping Address</span></th>\r\n            <th><span class='edit_account_table_header'>Created Date</span></th>\r\n            <th><span class='edit_account_table_header'>Placed Date</span></th>\r\n            <th><span class='edit_account_table_header'>Payment Date</span></th>\r\n            <th><span class='edit_account_table_header'>Shipped Date</span></th>\r\n            <th><span class='edit_account_table_header'>Subtotal</span></th>\r\n            <th/>\r\n            <th/>\r\n            </tr>\r\n            </thead><tbody>";
                     for ($row = 0; $row < $rows; $row++) {
                         $result_array = mysql_fetch_array($result);
                         $name = $result_array['shipping_last_name'] . ", " . $result_array['shipping_first_name'] . " " . $result_array['shipping_middle_initial'];
                         $address = $result_array['shipping_address'] . "<br/>" . $result_array['shipping_city'] . ", " . $result_array['shipping_state'] . " " . $result_array['shipping_zip_code'];
                         $subtotal = number_format($result_array['subtotal'], 2, '.', ',');
                         echo "\r\n            <tr>\r\n            <td>" . $name . "</td>\r\n            <td>" . $address . "</td>\r\n            <td>" . $result_array['created_date'] . "</td>\r\n            <td>" . $result_array['placed_date'] . "</td>\r\n            <td>" . $result_array['payment_date'] . "</td>\r\n            <td>" . $result_array['shipped_date'] . "</td>\r\n            <td>\$" . $subtotal . "</td>";
                         echo "<td><span class='edit_accounts'><a href='?view_id=" . $result_array['id'] . "'>[View]</a></span></td>";
                         if ($result_array['shipped_date']) {
                             echo "<td></td></tr>";
                         } else {
                             echo "\r\n                <td><span class='edit_accounts'><a href='?edit_id=" . $result_array['id'] . "'>[Edit]</a></span></td>\r\n                </tr>\r\n                     ";
                         }
Exemple #17
0
        }
        if (strlen($_POST['middle_initial']) > 1) {
            renderError("You may not have more than one letter for middle initial");
            $my_error++;
        }
        if (!validateZipCode($_POST['zip_code'])) {
            renderError("error");
            $my_error++;
        }
        if (!$_POST['street_address']) {
            renderError("error2");
            $my_error++;
        }
        if (!$_POST['city']) {
            renderError("error3");
            $my_error++;
        }
        if ($my_error < 1) {
            $query = "UPDATE orders\r\n                 SET  shipping_first_name='" . $_POST['first_name'] . "',\r\n                     shipping_last_name='" . $_POST['last_name'] . "',\r\n                     shipping_middle_initial='" . $_POST['middle_initial'] . "',\r\n                     shipping_address='" . $_POST['street_address'] . "',\r\n                     shipping_city='" . $_POST['city'] . "', shipping_state='" . $_POST['state'] . "' ,\r\n                     shipping_zip_code='" . $_POST['zip_code'] . "', shippinginfo_id='" . $_POST['OC_ship'] . "', placed_date=NOW()\r\n                     WHERE id=" . $_POST['order_id'] . " LIMIT 1";
            $result = mysqlQuery($query);
            if (!$result || mysql_affected_rows() > 1) {
                renderError("UPDATE FAILED");
            } else {
                echo "UPDATE SUCCESS!!!<br/>";
            }
        } else {
            displayShippingInfoFromPOST($_POST['order_id']);
        }
    }
}
require_once 'footer.php';