$template->setCurrentBlock("items");
$template->setVariable("ORDER_TOTAL", sprintf("\$%4.2f\n", $orderTotalPrice));
$template->parseCurrentBlock("items");
$template->setCurrentBlock();
$template->showWinestore(NO_CART, B_HOME);
}
// ----------
session_start();
// Connect to a authenticated session
sessionAuthenticate(S_SHOWCART);
// Check the correct parameters have been passed
if (!isset($_GET["cust_id"]) || !isset($_GET["order_id"])) {
$_SESSION["message"] = "Incorrect parameters to order-step4.php";
header("Location: " . S_SHOWCART);
exit;
}
// Check this customer matches the $cust_id
$connection = DB::connect($dsn, true);
if (DB::isError($connection)) {
trigger_error($connection->getMessage(), E_USER_ERROR);
}
$cust_id = pearclean($_GET, "cust_id", 5, $connection);
$order_id = pearclean($_GET, "order_id", 5, $connection);
$real_cust_id = getCust_id($_SESSION["loginUsername"]);
if ($cust_id != $real_cust_id) {
$_SESSION["message"] = "You can only view your own receipts!";
header("Location: " . S_HOME);
exit;
}
// Show the confirmation HTML page
show_HTML_receipt($cust_id, $order_id, $connection);
$connection = DB::connect($dsn, true);
if (DB::isError($connection)) {
trigger_error($connection->getMessage(), E_USER_ERROR);
}
// Check if the user is already logged in
if (isset($_SESSION["loginUsername"])) {
$_SESSION["message"] = "You are already logged in!";
header("Location: " . S_HOME);
exit;
}
// Register and clear an error array - just in case!
if (isset($_SESSION["loginErrors"])) {
unset($_SESSION["loginErrors"]);
}
$_SESSION["loginErrors"] = array();
// Set up a formVars array for the POST variables
$_SESSION["loginFormVars"] = array();
foreach ($_POST as $varname => $value) {
$_SESSION["loginFormVars"]["{$varname}"] = pearclean($_POST, $varname, 50, $connection);
}
// Validate password -- has it been provided and is the length between 6 and
// 8 characters?
if (checkMandatory("loginPassword", "password", "loginErrors", "loginFormVars")) {
checkMinAndMaxLength("loginPassword", 6, 8, "password", "loginErrors", "loginFormVars");
}
// Validate email -- has it been provided and is it valid?
if (checkMandatory("loginUsername", "email/username", "loginErrors", "loginFormVars")) {
emailCheck("loginUsername", "email/username", "loginErrors", "loginFormVars");
}
// Check if this is a valid user and, if so, log them in
checkLogin($_SESSION["loginFormVars"]["loginUsername"], $_SESSION["loginFormVars"]["loginPassword"], $connection);
// Check that the cart isn't empty
if (!isset($_SESSION["order_no"])) {
$_SESSION["message"] = "Your cart is empty!";
header("Location: " . S_SHOWCART);
exit;
}
$connection = DB::connect($dsn, true);
if (DB::isError($connection)) {
trigger_error($connection->getMessage(), E_USER_ERROR);
}
// Register an error array - just in case!
$_SESSION["ccErrors"] = array();
// Set up a formVars array for the POST variables
$_SESSION["ccFormVars"] = array();
foreach ($_POST as $varname => $value) {
$_SESSION["ccFormVars"]["{$varname}"] = pearclean($_POST, $varname, 128, $connection);
}
// Check if mandatory credit card entered
if (checkMandatory("creditcard", "SurchargeCard", "ccErrors", "ccFormVars")) {
// Validate credit card using Luhn algorithm
checkCard("creditcard", "ccErrors", "ccFormVars");
}
// Check if mandatory credit card expiry entered
if (checkMandatory("expirydate", "expiry date", "ccErrors", "ccFormVars")) {
// Validate credit card expiry date
checkExpiry("expirydate", "ccErrors", "ccFormVars");
}
// Now the script has finished the validation,
// check if there were any errors
if (count($_SESSION["ccErrors"]) > 0) {
// There are errors. Relocate back to step #1
require_once "DB.php";
require_once "../includes/winestore.inc";
set_error_handler("customHandler");
// Have the correct parameters been provided?
if (empty($_GET["wineId"]) || empty($_GET["qty"])) {
$_SESSION["message"] = "Incorrect parameters to addtocart.php";
header("Location: {$_SERVER["HTTP_REFERER"]}");
exit;
}
session_start();
$connection = DB::connect($dsn, true);
if (DB::isError($connection)) {
trigger_error($connection->getMessage(), E_USER_ERROR);
}
$wineId = pearclean($_GET, "wineId", 5, $connection);
$qty = pearclean($_GET, "qty", 3, $connection);
$update = false;
// If the user has added items to their cart, then
// the variable $_SESSION["order_no"] will be registered
// First, decide on which tables to lock
// We don't touch orders if the cart already exists
if (isset($_SESSION["order_no"])) {
$query = "LOCK TABLES inventory READ, items WRITE";
} else {
$query = "LOCK TABLES inventory READ, items WRITE, orders WRITE";
}
// LOCK the tables
$result = $connection->query($query);
if (DB::isError($result)) {
trigger_error($result->getMessage(), E_USER_ERROR);
}
// This script updates quantities in the cart
// It expects parameters of the form XXX=YYY
// where XXX is a wine_id and YYY is the new
// quantity of that wine that should be in the
// cart
require_once "DB.php";
require_once "../includes/winestore.inc";
set_error_handler("customHandler");
session_start();
$connection = DB::connect($dsn, true);
if (DB::isError($connection)) {
trigger_error($connection->getMessage(), E_USER_ERROR);
}
// Clean up the data, and save the results in an array
foreach ($_GET as $varname => $value) {
$parameters[$varname] = pearclean($_GET, $varname, 4, $connection);
}
// Did they want to update the quantities?
// (this should be true except if the user arrives here unexpectedly)
if (empty($parameters["update"])) {
$_SESSION["message"] = "Incorrect parameters to " . S_UPDATECART;
header("Location: " . S_SHOWCART);
exit;
}
// If the user has added items to their cart, then
// the session variable order_no will be registered
// Go through each submitted value and update the cart
foreach ($parameters as $itemName => $itemValue) {
// Ignore the update variable
if ($itemName != "update") {
// Does this item's name look like a wine_id?
}
$template->setCurrentBlock("links");
$template->parseCurrentBlock("links");
} else {
$template->setCurrentBlock("outtext");
$template->setVariable("OUTTEXT", "No wines found matching your criteria.");
$template->parseCurrentBlock("outtext");
$template->setCurrentBlock("links");
$template->parseCurrentBlock("links");
}
}
// ---------
session_start();
$template = new winestoreTemplate(T_SEARCH);
$connection = DB::connect($dsn, true);
if (DB::isError($connection)) {
trigger_error($connection->getMessage(), E_USER_ERROR);
}
// Store the search parameters so the <form> redisplays the
// previous search
$_SESSION["searchFormVars"]["region_name"] = pearclean($_GET, "region_name", 100, $connection);
$_SESSION["searchFormVars"]["wine_type"] = pearclean($_GET, "wine_type", 32, $connection);
// If an offset isn't provided, set it to 0
if (isset($_GET["offset"])) {
$_SESSION["searchFormVars"]["offset"] = pearclean($_GET, "offset", 5, $connection);
} else {
$_SESSION["searchFormVars"]["offset"] = 0;
}
// Show the user their search
showWines($connection, $template);
$template->showWinestore(SHOW_ALL, B_HOME | B_SHOW_CART | B_SEARCH | B_LOGINLOGOUT);