Exemple #1
0
        if ($fulfilled === $unfulfilled) {
            $allFulfilled = true;
        }
        if (!$allFulfilled) {
            $customerOrders .= "<section id='{$id}' class='clearfix'><div class='col-sm-3'>{$id}</div>\n                                 <div class='col-sm-3'>{$fulfilled}</div>\n                                 <div class='col-sm-3'>{$unfulfilled}</div>\n                                 <div class='col-sm-3'>\n                                     <button type='button' class='btn btn-danger'\n                                     type='submit' name='submit'\n                                     data-confirm='Delete the order?'\n                                     data-id='{$id}'\n                                     data-customer='{$_GET['id']}'\n                                     data-unfulfilled='{$unfulfilled}'\n                                     >\n                                     Delete Order</button>\n                                 </div></section>";
        }
        if ($allFulfilled) {
            $customerOrders .= "<section id='{$id}' class='fulfilled clearfix'><div class='col-sm-3'>{$id}</div>\n                                 <div class='col-sm-3'>{$fulfilled}</div>\n                                 <div class='col-sm-3'>{$unfulfilled}</div>\n                                 <div class='col-sm-3'></div></section>";
        }
    }
}
// Demo purposes only to showcase an attack.
$orderData->session = $_SESSION;
$orderData->session['customerid'] = $customerID;
$controller = new InitCustomerController($models, $orderData);
$controller->setCustomerValues();
$customerInfo = $controller->getCustomerValues();
$address = htmlentities($customerInfo['address']);
$email = htmlentities($customerInfo['email']);
$phone = htmlentities($customerInfo['phone']);
$instructions = !empty($customerInfo['instructions']) ? htmlentities($customerInfo['instructions']) : null;
$customerInformation = "<p>We will send a confirmation email to {$email} when your packages are ready.</p>\n<p>They will be\ndelivered to {$address} and we will call you at {$phone} when they are delivered.</p>";
if ($instructions) {
    $customerInformation .= "<p>You also specified the following additional instructions:</p>\n    <blockquote>{$instructions}</blockquote>";
}
?>

<?php 
require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . 'partials/customers/viewordersNavbar.php';
require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "partials/customers/viewordersForm.php";
require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "partials/footer.php";
Exemple #2
0
$checkAuth = new CheckAuth($logger);
$isCustomer = $checkAuth->isCustomer();
if (!$isCustomer) {
    header("Location:{$rootPath}badsite/index.php?errors=Not an authenticated consumer.`");
}
$pdo = new PDOSingleton();
$models = new stdClass();
$models->redis = $redis;
$models->errorRunner = $errorRunner;
$models->logger = $logger;
$models->checkAuth = $checkAuth;
$models->pdo = $pdo;
$customerModel = new stdClass();
$customerModel->session = $_SESSION;
$customer = new InitCustomerController($models, $customerModel);
$customer->setCustomerValues();
$customerValues = $customer->getCustomerValues();
extract($customerValues);
$errorList = '';
if (isset($error)) {
    $errorList .= "<div id='inlineErrorHolder'\n            class='alert alert-danger' role='alert'>\n            <div id='inlineErrorContent'>{$error}</div>\n        </div>";
}
require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . 'partials/customers/customerEditNavbar.php';
require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . 'partials/customers/customerEditMain.php';
require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "partials/footer.php";
?>
<script type="text/javascript" src="<?php 
echo $jsPath;
?>
customeredit.js"></script>
</body>