// publication, or educational product without permission from O'Reilly &
// Associates. No warranty is attached; we cannot take responsibility for errors
// or fitness for use.
// require_once "includes/winestore.inc";
require_once 'includes/winestore.inc';
// require_once "includes/template.inc";
require_once 'includes/template.inc';
function clean($input, $maxlength)
{
$input = substr($input, 0, $maxlength);
$input = EscapeShellCmd($input);
return $input;
}
if (isset($_GET["source"])) {
$source = clean($_GET["source"], 60);
$template = new winestoreTemplate(T_SOURCE);
// if ((eregi("^" . D_WEB_PATH . "[a-z0-9]*[.]php$", $source) ||
// if ((mb_ereg_match("^" . D_WEB_PATH . "[a-z0-9]*[.]php$", $source) ||
if ((preg_match(D_WEB_PATH . "#^[a-z0-9]*[.]php\$#i", $source) || preg_match("/^/" . D_WEB_PATH . "/templates\\/[a-z0-9]*[.]tpl\$/i", $source) || $source == D_WEB_PATH . "includes/winestore.inc" || $source == D_WEB_PATH . "includes/customHandler.inc" || $source == D_WEB_PATH . "includes/authenticate.inc" || $source == D_WEB_PATH . "includes/template.inc" || $source == D_WEB_PATH . "includes/validate.inc" || preg_match("/^/" . D_WEB_PATH . "/customer\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/auth\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/order\\/[a-z0-9-]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/search\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/cart\\/[a-z0-9]*[.]php\$/i", $source)) && file_exists(D_INSTALL_PATH . $source)) {
$file = D_INSTALL_PATH . $source;
}
$template->setVariable("PAGE", $source);
if (isset($file)) {
$contents = highlight_file($file, true);
$contents = str_replace("{", "{", $contents);
$contents = str_replace("}", "}", $contents);
$template->setVariable("SOURCE", $contents);
} else {
$template->setVariable("SOURCE", "Filename Not Found or Not Permitted.");
}
$template->setCurrentBlock();
function show_HTML_receipt($custID, $orderID, $connection)
{
$template = new winestoreTemplate(T_ORDERRECEIPT);
// Find customer information
$query = "SELECT * FROM customer, users\n WHERE customer.cust_id = {$custID}\n AND users.cust_id = customer.cust_id";
$result = $connection->query($query);
if (DB::isError($result)) {
trigger_error($result->getMessage(), E_USER_ERROR);
}
$row = $result->fetchRow(DB_FETCHMODE_ASSOC);
// Now setup all the customer fields
$template->setVariable("CUSTTITLE", showTitle($row["title_id"], $connection));
$template->setVariable("SURNAME", $row["surname"]);
$template->setVariable("CUST_ID", $custID);
$template->setVariable("ORDER_ID", $orderID);
$template->setVariable("FIRSTNAME", $row["firstname"]);
$template->setVariable("INITIAL", $row["initial"]);
$template->setVariable("ADDRESS", $row["address"]);
$template->setVariable("CITY", $row["city"]);
$template->setVariable("STATE", $row["state"]);
$template->setVariable("COUNTRY", showCountry($row["country_id"], $connection));
$template->setVariable("ZIPCODE", $row["zipcode"]);
$orderTotalPrice = 0;
// list the particulars of each item in the order
$query = "SELECT i.qty, w.wine_name, i.price, \n w.wine_id, w.year, wi.winery_name\n FROM items i, wine w, winery wi\n WHERE i.cust_id = {$custID}\n AND i.order_id = {$orderID}\n AND i.wine_id = w.wine_id\n AND w.winery_id = wi.winery_id\n ORDER BY item_id";
$result = $connection->query($query);
if (DB::isError($result)) {
trigger_error($result->getMessage(), E_USER_ERROR);
}
// Add each item to the page
while ($row = $result->fetchRow(DB_FETCHMODE_ASSOC)) {
// Work out the cost of this line item
$itemsPrice = $row["qty"] * $row["price"];
$orderTotalPrice += $itemsPrice;
$wineDetail = showWine($row["wine_id"], $connection);
$template->setCurrentBlock("row");
$template->setVariable("QTY", $row["qty"]);
$template->setVariable("WINE", $wineDetail);
$template->setVariable("PRICE", sprintf("\$%4.2f", $row["price"]), 11);
$template->setVariable("TOTAL", sprintf("\$%4.2f", $itemsPrice));
$template->parseCurrentBlock("row");
}
$template->setCurrentBlock("items");
$template->setVariable("ORDER_TOTAL", sprintf("\$%4.2f\n", $orderTotalPrice));
$template->parseCurrentBlock("items");
$template->setCurrentBlock();
$template->showWinestore(NO_CART, B_HOME);
}
