if (isset($_POST['Movie'])) {
$_SESSION['movie'] = $_POST['Movie'];
}
if (isset($_POST['Day'])) {
$_SESSION['day'] = $_POST['Day'];
}
if (isset($_POST['Time'])) {
$_SESSION['time'] = $_POST['Time'];
}
if (isset($_POST['Seat'])) {
$_SESSION['seat'] = $_POST['Seat'];
}
if (isset($_POST['order'])) {
if (isset($_POST['product_id'])) {
$product_id = $_POST['product_id'];
addToCart($product_id);
}
}
?>
<nav>
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="movies.php">Movies</a></li>
<li><a class="active" href="booking.php">Booking</a></li>
<li><a href="contact-us.php">Contact Us</a></li>
</ul>
</nav>
<div class="content-full-height">
<div class="container-main">
<script>
function addToShopCart(itemID)
{
alert(itemID);
//alert("<?php
addToCart(itemID);
?>
");
}
</script>
<?php
session_start();
function connectToDB()
{
$ini_array = parse_ini_file("credentials.ini");
$serverName = $ini_array["servername"];
$userName = $ini_array["username"];
$password = $ini_array["password"];
//echo $password;
$con = mysqli_connect($serverName, $userName, $password, 'project');
if (!$con) {
die("Cannot connect: " . mysqli_connect_error());
} else {
//echo "Connection successful.\n\n";
}
return $con;
}
function closeDB($con)
{
mysqli_close($con);
<?php
require_once 'functions.php';
$action = strip_tags($_GET["action"]);
switch ($action) {
case "changeQuantity":
changeQuantity($_GET['id'], $_GET['val'], $_GET['price']);
break;
case "addToCart":
addToCart($_GET['id'], $_GET['price']);
break;
case "getCart":
getCart();
break;
case "del":
delProduct($_GET['id']);
break;
case "complite":
complite();
break;
}
<?php
require_once "../includes/LIB-project1.php";
require_once "../includes/Paginator.class.php";
require_once "../includes/Database.class.php";
//open connection
$dbObj = new Database();
//if set, add to cart and unset variable for future use
if (isset($_GET['addToCart'])) {
addToCart($dbObj, $_GET['addToCart']);
unset($_GET['addToCart']);
//unset it so it'll pick up future ones
}
//null = css files
$css = array("main.css", "bootstrap.min.css");
$curr_page = "Home";
//even though the page is Admin, still considered "Account"
//git divs for sales / category
$pageHTML = getSalesCatalog($dbObj, $curr_page);
//include the template
include "../includes/HTML_template.php";
//close everything
$dbObj->closeDbh();
$iid = $_POST['item_id'];
$item = new Item();
$item->populatItem($iid);
$qtty = abs($_POST['qtty']);
$size = $_POST['price_group'];
switch ($size) {
case 'S':
$price = $item->prices;
break;
case 'M':
$price = $item->pricem;
break;
case 'L':
$price = $item->pricel;
}
addToCart($iid, $item->itemname, $qtty, $price, $item->itemCode, $remarks);
$notice = sprintf(__('Added %s to the cart (Quantity: %s)'), $item->itemname, $qtty);
}
get_top_nav();
//Call the navigation
?>
<div id="wrap">
<div id="widecb" >
<div id="additemnav">
<ul>
<li><a href="<?php
echo HOME . 'menu/6';
?>
" title=""><?php
<?php
/**
* Created by PhpStorm.
* User: master
* Date: 2016/7/13
* Time: 20:47
*/
session_start();
$project = $_SESSION['project'];
$option = $_POST['option'];
$items = $_POST['items'];
//$items = json_decode($items,true);
if ($option == 'add') {
addToCart($items, $project);
echo "success";
} else {
if ($option == 'remove') {
removeFromCart($items, $project);
//print_r($_SESSION[$project]['idList']);
echo "success";
} else {
if ($option == 'show') {
echo json_encode($_SESSION[$project]['idList']);
} else {
if ($option = 'removeAll') {
removeAll($project);
echo "success";
}
}
}
<?php
session_start();
require_once '../includes/helper.php';
require_once '../includes/codemojo.php';
$gamificationService->addAchievements(getUserID(), 'reader');
addToCart($_POST['title'], $_POST['price']);
response(array("code" => 200));
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<?php
require_once '../includes/session-start.req-inc.php';
require_once '../functions/cart-functions.php';
require_once '../functions/dbConn.php';
require_once '../functions/until.php';
require_once '../functions/category-functions.php';
require_once '../functions/products-functions.php';
startCart();
$allCategories = getAllCategories();
$allProducts = getAllProducts();
$categorySelected = filter_input(INPUT_GET, 'cat');
$action = filter_input(INPUT_POST, 'action');
if ($action === 'buy') {
$productID = filter_input(INPUT_POST, 'product_id');
addToCart($productID);
}
include_once '../includes/categories.html.php';
include_once '../includes/products.html.php';
?>
</body>
</html>
/**
* Функция которая возвращает массив информации
* о просматриваемой страничка с типом $type
* и $id
* @param null $type
* @param null $id
* @return array
*/
function getContent($type = null, $id = null)
{
/*Если параметры null, то выводим страничку по умолчанию*/
if ($type == null) {
$type = DEFAULT_PAGE;
}
if (isset($_POST['new_submit']) && $_POST['new_submit']) {
$type = NEW_SUBMIT_TYPE;
}
$loginStatus = LOGIN_ALREADY;
if (isset($_GET['unlogin']) && $_GET['unlogin']) {
unlogin();
$loginStatus = LOGIN_EXIT;
}
if ($_POST['submit']) {
$loginStatus = login($_POST['login'], $_POST['password']);
}
/*Инициализируем информацию в зависимости от типа */
$array = array();
switch ($type) {
/*Если тип страницы - текстовая*/
case TEXT_TYPE:
/*Если id не инициализирован выводим главную.
Иначе страницу с id*/
if ($id == null) {
$id = MAIN_PAGE_TEXT_ID;
}
/*Получаем текст из базы*/
$page = getTextContent($id);
$array['content'] = $page['text'];
break;
case CATALOG_TYPE:
/*Если id не инициаизирован */
if (!($id > 0)) {
/*Выбираем первый попавшийся театр*/
$sql = "SELECT id from theatures LIMIT 1";
$res = mysql_query($sql);
$row = mysql_fetch_array($res);
$id = $row['id'];
}
/*Получаем спектали из базы*/
$items = getCatalogItems($id);
//$parent_item = get;
/*Вставляем их в ш для красивого вывода*/
$array['content'] = (include 'templates/content/item/items.php');
break;
case ITEM_TYPE:
$item = getItem($id);
$array['content'] = (include 'templates/content/item/item_big.php');
break;
case NEW_REG_TYPE:
$array['content'] = (include 'templates/content/login/newreg.php');
break;
case NEW_SUBMIT_TYPE:
//Если пароли совпадают
if ($_POST['new_password1'] == $_POST['new_password2']) {
if (addNewUser($_POST['new_login'], $_POST['new_password2'])) {
$array['content'] = 'Поздравляем вы зарегистерированы';
} else {
$array['content'] = 'Такой пользователь уже есть';
}
} else {
$array['content'] = 'Пароли не совпадают';
}
break;
case ADD_CART_TYPE:
addToCart($id);
$cartItems = getCartItems();
$sum = calculateCart();
$array['content'] = (include 'templates/content/cart/cart.php');
break;
case CART_TYPE:
$cartItems = getCartItems();
$sum = calculateCart();
$array['content'] = (include 'templates/content/cart/cart.php');
break;
/*Удаляем одну штуку*/
/*Удаляем одну штуку*/
case REMOVE_CART_TYPE:
$cartItems = getCartItems();
$sum = calculateCart();
removeFromCart($id);
$array['content'] = (include 'templates/content/cart/cart.php');
break;
/*Удаляем весь товар*/
/*Удаляем весь товар*/
case REMOVE_ITEM_CART_TYPE:
$cartItems = getCartItems();
$sum = calculateCart();
removeFromCart($id, CART_REMOVE_ALL);
$array['content'] = (include 'templates/content/cart/cart.php');
break;
case CLEAR_CART_TYPE:
$cartItems = getCartItems();
$sum = calculateCart();
clearCart();
$array['content'] = (include 'templates/content/cart/cart.php');
break;
}
$user = getCurrentUser();
$array['theatures'] = getCatalogCategories();
$items = getCatalogCategories();
$array['leftPanel'] = (include 'templates/content/catalog/catalogCategories.php');
$array['rightPanel'] = (include 'templates/content/login/login.php');
$array['banner_word'] = 'Театры';
$array['title'] = 'Сайт';
return $array;
}
echo $category['name'];
?>
</a>
</li>
<?php
}
?>
</ul>
</div>
<?php
if (isset($_POST['cart'])) {
loginTime();
$qty = $_POST['qty'];
addToCart($_SESSION['customerId'], $product->entity_id, $qty);
}
?>
<?php
if ($product) {
}
?>
<span><?php
echo $product->name;
?>
</span>
<span><?php
echo $product->price;
?>
</span>
include "cart.php";
if (isset($_SESSION['cart'])) {
$cartSum = 0;
$cartCount = 0;
foreach ($_SESSION['cart'] as $itemId => $count) {
$itemSql = getItem($itemId)[0];
$cartSum += $itemSql['price'] * $count;
$cartCount += $count;
}
} else {
$cartSum = 0;
$cartCount = 0;
}
switch ($type) {
case 4:
addToCart($id);
break;
case 5:
freeCart();
header("location: http://" . $_SERVER['HTTP_HOST']);
break;
case 6:
include "cart_out_mail.php";
include "sendmail.php";
sendMail('*****@*****.**', $cartOut, 'Информация по заказку');
freeCart();
freeCart();
break;
case 7:
deleteOneFromCart($id);
header("location: http://" . $_SERVER['HTTP_HOST'] . "?type=4");
oci_bind_by_name($s, ':pid_prefix', $plook);
oci_execute($s);
//fetch a single row depending on product id
$res = oci_fetch_assoc($s);
echo "Product name: ", $res['PRODUCTNAME'], " Price: ", $res['PRODUCTPRICE'];
echo '<a href="cart.php?del=' . $i . '"> Remove item</a><br>';
}
}
if ($cartLen > 0) {
echo '<a href="checkout.php">Proceed to checkout</a><br>';
}
}
//if item has been added
if (isset($_GET['add'])) {
$pID = $_GET['add'];
addToCart($pID);
dispCart();
}
//if item has been deleted
if (isset($_GET['del'])) {
$val = $_GET['del'];
unset($_SESSION['cart'][$val]);
//keep array indexes intact
$_SESSION['cart'] = array_values($_SESSION['cart']);
}
if (!isset($_GET['add'])) {
dispCart();
}
//
echo '<a href="main.php">Keep shopping</a><br>';
//echo "<br>$cartLen";
<?php
include 'modules.php';
if (!isset($_COOKIE['uid'])) {
header('Location: index');
}
$pid = $_GET["pid"];
$type = findType($pid);
$uid = $_COOKIE['uid'];
if (isset($_POST['addToWishButton'])) {
//echo $_COOKIE['uid'];
addToWish($pid, $uid);
//exit();
} else {
if (isset($_POST['addToCartButton'])) {
addToCart($pid, $uid, $_POST['quantity'], $_POST['filter']);
//exit();
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Product Page</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet"
href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script
function addToCart($item_id)
{
global $test;
$user = getUserIdByUserName($_SESSION['user']);
$query = "INSERT into shopping_cart(quantity, item_id, user_id) VALUES(1," . $item_id . "," . $user['user_id'] . ")";
$statement = $test->prepare($query);
$statement->execute();
if ($statement->rowCount()) {
$_SESSION['cart_msg'] = "item was successfully added";
} else {
$_SESSION['cart_msg'] = "Item wasn't added. See your database administrator";
}
$statement->closeCursor();
}
function getUserIdByUserName($username)
{
global $test;
$query = "SELECT user_id FROM user_name WHERE user_name ='{$username}'";
$statement = $test->prepare($query);
$statement->execute();
$user = $statement->fetch();
$statement->closeCursor();
return $user;
}
/*above are shopping-cart functions */
if ($doubles == TRUE) {
$_SESSION['cart_msg'] = "this item is already in your wish list cart";
} else {
addToCart($_GET['item']);
}
header("Location: whybuy.php");
<?php
$mini1 = mysql_connect("localhost", "blognadine", "111111") or die(mysql_error());
mysql_select_db("mini1", $mini1);
$sql = "SELECT * FROM items";
$items = mysql_query($sql, $mini1);
//$_SESSION['cart'] = array('name' => array(),'price' => array(),'itemID' => array(),'stock' => array());
while ($row = mysql_fetch_array($items)) {
echo "<br>" . "<br>";
addToCart($row['name'], $row['price'], $row['itemID'], $row['stock']);
}
$count = 0;
foreach ($_SESSION['cart'] as $attribute => $values) {
echo '<h1>' . $attribute . '</h1>';
echo '<ul>';
foreach ($values as $shit) {
echo '<li>' . $shit . '</li>';
}
echo '</ul>';
}
?>
<?php
function addToCart($name, $price, $itemID, $stock)
{
if (isset($_SESSION['cart'])) {
array_push($_SESSION['cart']['name'], $name);
array_push($_SESSION['cart']['price'], $price);
array_push($_SESSION['cart']['itemID'], $itemID);
array_push($_SESSION['cart']['stock'], $stock);
<?php
include 'config.php';
if (isset($_POST['action'])) {
if ($_POST['action'] == "addToCart") {
addToCart($_POST["id"], $_POST["qty"]);
} else {
if ($_POST['action'] == "checkout") {
checkout();
}
}
}
function credentialCheck($u, $q)
{
$con = connect();
// $query="select * from userData";
//
// $result = $con->query($query);
//
// echo mysqli_num_rows($result);
//
// $row = mysqli_fetch_row($result);
if ($stmt = $con->prepare("select id,FirstName from userData where userName=? and Personal_ans=?")) {
$stmt->bind_param("ss", $u, $q);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($id, $fname);
$stmt->fetch();
if ($stmt->num_rows > 0) {
setcookie("ccookie", encrypt_decrypt('encrypt', $id), time() + 86400 * 30, "/", null, null, true);
return false;
<!DOCTYPE>
<?php
include "functions/functions.php";
session_start();
$username = "******";
$password = "";
$database = "eshop";
$response = "empty";
mysql_connect(localhost, $username, $password);
@mysql_select_db($database) or die("Unable to select database");
if (isset($_GET['product'])) {
addToCart($_GET['product']);
}
if (isset($_GET['logOut'])) {
session_destroy();
header('location: test.php');
}
/*if(isset($_POST['signin'])) {
$response="entered";
$email = htmlentities($_POST['email']);
$password = htmlentities($_POST['user_pass']);
$correct_passwrod = checkUser($email);
if (is_null($correct_passwrod)){
echo "user does not exist";
$response="user does not exist";
}
else {
if ($correct_passwrod == $password) {
$_SESSION['user'] = getId($email);
echo 'okaaaaaaaay';
$response="okaaaaaaaay";
$mode = 'Books';
}
// casting? to int
$page = intval($page);
$browseNode = intval($browseNode);
// wtf??? no reference for safeString function
$search = safeString($search);
if (!isset($_SESSION['cart'])) {
session_register('cart');
$_SESSION['cart'] = [];
}
// instead of three if statements I used switch
// more convenient way
switch ($action) {
case 'addtocart':
addToCart($_SESSION['cart'], $ASIN, $mode);
break;
case 'deletefromcart':
deleteFromCart($_SESSION['cart'], $ASIN);
break;
case 'emptycart':
$_SESSION['cart'] = [];
break;
}
// Page is generating here
// caption generation
require_once 'topbar.php';
// Main part
// or body of the page depends of action which come
// from probably GET or POST
// category list will be shown in most cases
$mode = 'books';
}
$page = intval($page);
// pages and browseNodes must be integers
$browseNode = intval($browseNode);
// it may cause some confusion, but we are stripping characters out from
// $search it seems only fair to modify it now so it will be displayed
// in the heading
$search = safeString($search);
if (!isset($HTTP_SESSION_VARS['cart'])) {
session_register('cart');
$HTTP_SESSION_VARS['cart'] = array();
}
// tasks that need to be done before the top bar is shown
if ($action == 'addtocart') {
addToCart($HTTP_SESSION_VARS['cart'], $ASIN, $mode);
}
if ($action == 'deletefromcart') {
deleteFromCart($HTTP_SESSION_VARS['cart'], $ASIN);
}
if ($action == 'emptycart') {
$HTTP_SESSION_VARS['cart'] = array();
}
// show top bar
require_once 'topbar.php';
// main event loop. Reacts to user action on the calling page
switch ($action) {
case 'detail':
showCategories($mode);
showDetail($ASIN, $mode);
break;
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/Config/db.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/Actions/users.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/Actions/cart.php';
$user = getUser();
$act = $_GET['act'];
switch ($act) {
case "selectcustomer":
selectCustomer();
break;
case "addtocart":
addToCart();
break;
case "confirmorder":
confirmOrder();
break;
}
function selectCustomer()
{
global $user;
$managerID = getManagerID($user['id']);
$query = mysql_query("SELECT COUNT(id) FROM agent_orders WHERE manager_id = '" . $managerID . "' AND status = 0");
$res = mysql_fetch_array($query);
if ($res[0] == 0) {
mysql_query("INSERT INTO agent_orders (manager_id, customer_id, status) VALUES ('" . $managerID . "', '" . $_POST['customerID'] . "', 0)");
} else {
$query = mysql_query("SELECT id, customer_id FROM agent_orders WHERE manager_id = '" . $managerID . "' AND status = 0");
$res = mysql_fetch_array($query);
$orderID = $res['id'];
<?php
//ajax call base rest call handler
session_start();
include '../API/curl_api.php';
include '../../config/config.php';
$cart_action = htmlspecialchars($_POST["cart_action"]);
$token = preg_replace('/\\s+/', '', $_SESSION['authtoken']);
switch ($cart_action) {
case "addTocart":
$pet_id = htmlspecialchars($_POST["pet_id"]);
$pet_price = htmlspecialchars($_POST["pet_price"]);
$pet_image = htmlspecialchars($_POST["pet_image"]);
addToCart($pet_id, $pet_price, $pet_image);
break;
case "removeFromcart":
$pet_id = htmlspecialchars($_POST["pet_id"]);
$cart = $_SESSION['cart'];
removeFromCart($pet_id, $cart);
break;
case "placeOrder":
$url = 'http://' . TRANSACTION_SERVICE . ':' . TRANSACTION_SERVICE_PORT . '/transaction/';
$cart = $_SESSION['cart'];
$cart_ids = array();
foreach ($cart as $json) {
array_push($cart_ids, $json['id']);
}
$card_number = htmlspecialchars($_POST["card_number"]);
$card_holder_name = htmlspecialchars($_POST["card_holder_name"]);
$card_cvc = htmlspecialchars($_POST["card_cvc"]);
$cart_total = $_SESSION['carttotal'];
$seats = array();
$seats['SA'] = $_POST['SA'];
$seats['SP'] = $_POST['SP'];
$seats['SC'] = $_POST['SC'];
$seats['FA'] = $_POST['FA'];
$seats['FC'] = $_POST['FC'];
$seats['B1'] = $_POST['B1'];
$seats['B2'] = $_POST['B2'];
$seats['B3'] = $_POST['B3'];
$price = calculatePrice($seats, $date);
foreach ($seats as $k => $v) {
if ($v == 0) {
unset($seats[$k]);
}
}
addToCart($movie, $date, $price, $sessiontime, $seats);
}
if (isset($_POST['firstname'])) {
checkOut($_POST['firstname'], $_POST['lastname'], $_POST['phone'], $_POST['emailaddress']);
unset($_POST['firstname']);
}
function addToCart($movie, $date, $price, $sessiontime, $seats)
{
$_SESSION['cart'][$movie]['date'] = $date;
$_SESSION['cart'][$movie]['sessiontime'] = $sessiontime;
$_SESSION['cart'][$movie]['price'] = $price;
$_SESSION['cart'][$movie]['seats'] = $seats;
}
function removeFromCart($movie)
{
unset($_SESSION['cart'][$movie]);
$cartTotal = $_SESSION['cart'][0]['total'];
$cartTotal = number_format($cartTotal, 2, '.', '');
echo "<br>Your cart total is \${$cartTotal}<br>";
if ($cartLen > 0) {
echo '<a href="payment_page.php">Proceed to checkout</a><br>';
}
}
//if item has been added
if (isset($_GET['add'])) {
/* *** A2 - Cross-Site Scripting. Using reg ex and sanitize functions to remove unwanted get requests. Add value must be a digit with a length of either 3 or 4.
* *** A4 - Insecure Direct Object Reference. Validating input using reg ex(numbers only) avoids the use of malicious character sequences.
*/
if (preg_match('/(^[0-9]{3,4}$)/', $_GET['add'])) {
$pID = filter_input(INPUT_GET, 'add', FILTER_SANITIZE_SPECIAL_CHARS);
$pID = strip_tags($pID);
addToCart($pID, 1);
dispCart();
} else {
//Only allow 'add' request made up of 3 or 4 digits
die('WARNING: Invalid value entry.<br><a href="main.php">Keep shopping</a>');
}
}
//if item has been deleted
if (isset($_GET['del'])) {
/* *** A2 - Cross-Site Scripting. Using reg ex and sanitize functions to remove unwanted delete item requests. 'del' value must be a digit with a length of either 1 or 2.
* *** A4 - Insecure Direct Object Reference. Validating input using reg ex(numbers only) avoids the use of malicious character sequences.
*/
if (preg_match('/(^[0-9]{1,2}$)/', $_GET['del'])) {
$val = filter_input(INPUT_GET, 'del', FILTER_SANITIZE_SPECIAL_CHARS);
$val = strip_tags($val);
unset($_SESSION['cart'][$val]);
