/**
* Overwrite the method from abstract PageController.
* Possibility to handle requests sent to the 'shipping' page.
*/
public function handleRequestInMain()
{
// redirect the user if it's not logged in.
if (isset($_SESSION[Session::USER])) {
$this->redirect("mydata.php");
}
// handle only POST requests
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// create a NamedQuery, then add all given params in POST array
$namedQuery = new NamedQuery($this->QUERY_INSERT_USER);
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-firstname"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-lastname"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-email"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-address"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-addressnr"]));
$namedQuery->addParam(QueryParam::TYPE_INTEGER, StringUtils::removeTags($_POST["name-zipcode"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-city"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-country"]));
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::convertInSha1($_POST["name-password"]));
// try to execute the query
if (!CRUDService::getInstance()->executeNamedQuery($namedQuery)) {
Logger::error("error registering a new user");
} else {
// query was OK.
// reload the user's data and store them in the session
$namedQuery = new NamedQuery($this->QUERY_LOAD_USER);
$namedQuery->addParam(QueryParam::TYPE_STRING, $_POST["name-email"]);
$result = CRUDService::getInstance()->fetchNamedQuery($namedQuery, "User");
$_SESSION[Session::USER] = serialize($result[0]);
$this->redirect("home.php");
}
}
}
/**
* Overwrite the abstract function from Superclass.
* If a user POST-ed login data, check whether the data
* is correct or not.
* In case it's not, show the user a message that the login was not ok.
* Otherwise, set the user's data into the session and redirect to
* the 'Home' page.
*/
public function handleRequestInMain()
{
// handle only POST requests
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// read e-mail from POST and try to load a user by its e-mail
$namedQuery = new NamedQuery($this->QUERY_LOAD_USER);
$namedQuery->addParam(QueryParam::TYPE_STRING, StringUtils::removeTags($_POST["name-email"]));
$result = CRUDService::getInstance()->fetchNamedQuery($namedQuery, "User");
// if there is no (or more which should not be possible) result, return an error
if (count($result) !== 1) {
$this->getView()->setMessage($this->MSG_ERROR);
return;
}
// now that we really found just 1 user, check its password
$user = $result[0];
if ($user->getPassword() === StringUtils::convertInSha1($_POST["name-password"])) {
// persist user in session and redirect user to the main page
$_SESSION[Session::USER] = serialize($user);
$this->redirect("home.php");
} else {
$this->getView()->setMessage($this->MSG_ERROR);
}
}
}
/**
* Create an e-mail and check whether we are on localhost or not.
* If localhost, we can't send an e-mail because of missing e-mail
* provider. Otherwise, send an e-mail to the client with all
* information concerning the ordering.
* @return boolean e-mail send state
*/
private function sendMail()
{
$receiver = StringUtils::removeTags($_POST["name-email"]);
$subject = LanguageHelper::getTranslatedValue(Config::EMAIL_SUBJECT);
$message = $this->createMailBody();
// to send an HTML e-mail, the Content-type header must be set
$headers = "MIME-Version: 1.0 \r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1 \r\n";
// additional headers
$headers .= "From: 'lawnmower.ch Online Shop' <" . Config::EMAIL_SHOP_ADDRESS . "> \r\n";
if (Config::EMAIL_USE_BCC) {
$headers .= "Bcc: " . Config::EMAIL_SHOP_ADDRESS . "\r\n";
}
// if we are on localhost, always return true
if (StringUtils::isLocalhost()) {
return true;
}
// try to send the e-mail and return whether it was sent or not
return mail($receiver, $subject, $message, $headers);
}