$template->setCurrentBlock("items"); $template->setVariable("ORDER_TOTAL", sprintf("\$%4.2f\n", $orderTotalPrice)); $template->parseCurrentBlock("items"); $template->setCurrentBlock(); $template->showWinestore(NO_CART, B_HOME); } // ---------- session_start(); // Connect to a authenticated session sessionAuthenticate(S_SHOWCART); // Check the correct parameters have been passed if (!isset($_GET["cust_id"]) || !isset($_GET["order_id"])) { $_SESSION["message"] = "Incorrect parameters to order-step4.php"; header("Location: " . S_SHOWCART); exit; } // Check this customer matches the $cust_id $connection = DB::connect($dsn, true); if (DB::isError($connection)) { trigger_error($connection->getMessage(), E_USER_ERROR); } $cust_id = pearclean($_GET, "cust_id", 5, $connection); $order_id = pearclean($_GET, "order_id", 5, $connection); $real_cust_id = getCust_id($_SESSION["loginUsername"]); if ($cust_id != $real_cust_id) { $_SESSION["message"] = "You can only view your own receipts!"; header("Location: " . S_HOME); exit; } // Show the confirmation HTML page show_HTML_receipt($cust_id, $order_id, $connection);
$connection = DB::connect($dsn, true); if (DB::isError($connection)) { trigger_error($connection->getMessage(), E_USER_ERROR); } // Check if the user is already logged in if (isset($_SESSION["loginUsername"])) { $_SESSION["message"] = "You are already logged in!"; header("Location: " . S_HOME); exit; } // Register and clear an error array - just in case! if (isset($_SESSION["loginErrors"])) { unset($_SESSION["loginErrors"]); } $_SESSION["loginErrors"] = array(); // Set up a formVars array for the POST variables $_SESSION["loginFormVars"] = array(); foreach ($_POST as $varname => $value) { $_SESSION["loginFormVars"]["{$varname}"] = pearclean($_POST, $varname, 50, $connection); } // Validate password -- has it been provided and is the length between 6 and // 8 characters? if (checkMandatory("loginPassword", "password", "loginErrors", "loginFormVars")) { checkMinAndMaxLength("loginPassword", 6, 8, "password", "loginErrors", "loginFormVars"); } // Validate email -- has it been provided and is it valid? if (checkMandatory("loginUsername", "email/username", "loginErrors", "loginFormVars")) { emailCheck("loginUsername", "email/username", "loginErrors", "loginFormVars"); } // Check if this is a valid user and, if so, log them in checkLogin($_SESSION["loginFormVars"]["loginUsername"], $_SESSION["loginFormVars"]["loginPassword"], $connection);
// Check that the cart isn't empty if (!isset($_SESSION["order_no"])) { $_SESSION["message"] = "Your cart is empty!"; header("Location: " . S_SHOWCART); exit; } $connection = DB::connect($dsn, true); if (DB::isError($connection)) { trigger_error($connection->getMessage(), E_USER_ERROR); } // Register an error array - just in case! $_SESSION["ccErrors"] = array(); // Set up a formVars array for the POST variables $_SESSION["ccFormVars"] = array(); foreach ($_POST as $varname => $value) { $_SESSION["ccFormVars"]["{$varname}"] = pearclean($_POST, $varname, 128, $connection); } // Check if mandatory credit card entered if (checkMandatory("creditcard", "SurchargeCard", "ccErrors", "ccFormVars")) { // Validate credit card using Luhn algorithm checkCard("creditcard", "ccErrors", "ccFormVars"); } // Check if mandatory credit card expiry entered if (checkMandatory("expirydate", "expiry date", "ccErrors", "ccFormVars")) { // Validate credit card expiry date checkExpiry("expirydate", "ccErrors", "ccFormVars"); } // Now the script has finished the validation, // check if there were any errors if (count($_SESSION["ccErrors"]) > 0) { // There are errors. Relocate back to step #1
require_once "DB.php"; require_once "../includes/winestore.inc"; set_error_handler("customHandler"); // Have the correct parameters been provided? if (empty($_GET["wineId"]) || empty($_GET["qty"])) { $_SESSION["message"] = "Incorrect parameters to addtocart.php"; header("Location: {$_SERVER["HTTP_REFERER"]}"); exit; } session_start(); $connection = DB::connect($dsn, true); if (DB::isError($connection)) { trigger_error($connection->getMessage(), E_USER_ERROR); } $wineId = pearclean($_GET, "wineId", 5, $connection); $qty = pearclean($_GET, "qty", 3, $connection); $update = false; // If the user has added items to their cart, then // the variable $_SESSION["order_no"] will be registered // First, decide on which tables to lock // We don't touch orders if the cart already exists if (isset($_SESSION["order_no"])) { $query = "LOCK TABLES inventory READ, items WRITE"; } else { $query = "LOCK TABLES inventory READ, items WRITE, orders WRITE"; } // LOCK the tables $result = $connection->query($query); if (DB::isError($result)) { trigger_error($result->getMessage(), E_USER_ERROR); }
// This script updates quantities in the cart // It expects parameters of the form XXX=YYY // where XXX is a wine_id and YYY is the new // quantity of that wine that should be in the // cart require_once "DB.php"; require_once "../includes/winestore.inc"; set_error_handler("customHandler"); session_start(); $connection = DB::connect($dsn, true); if (DB::isError($connection)) { trigger_error($connection->getMessage(), E_USER_ERROR); } // Clean up the data, and save the results in an array foreach ($_GET as $varname => $value) { $parameters[$varname] = pearclean($_GET, $varname, 4, $connection); } // Did they want to update the quantities? // (this should be true except if the user arrives here unexpectedly) if (empty($parameters["update"])) { $_SESSION["message"] = "Incorrect parameters to " . S_UPDATECART; header("Location: " . S_SHOWCART); exit; } // If the user has added items to their cart, then // the session variable order_no will be registered // Go through each submitted value and update the cart foreach ($parameters as $itemName => $itemValue) { // Ignore the update variable if ($itemName != "update") { // Does this item's name look like a wine_id?
} $template->setCurrentBlock("links"); $template->parseCurrentBlock("links"); } else { $template->setCurrentBlock("outtext"); $template->setVariable("OUTTEXT", "No wines found matching your criteria."); $template->parseCurrentBlock("outtext"); $template->setCurrentBlock("links"); $template->parseCurrentBlock("links"); } } // --------- session_start(); $template = new winestoreTemplate(T_SEARCH); $connection = DB::connect($dsn, true); if (DB::isError($connection)) { trigger_error($connection->getMessage(), E_USER_ERROR); } // Store the search parameters so the <form> redisplays the // previous search $_SESSION["searchFormVars"]["region_name"] = pearclean($_GET, "region_name", 100, $connection); $_SESSION["searchFormVars"]["wine_type"] = pearclean($_GET, "wine_type", 32, $connection); // If an offset isn't provided, set it to 0 if (isset($_GET["offset"])) { $_SESSION["searchFormVars"]["offset"] = pearclean($_GET, "offset", 5, $connection); } else { $_SESSION["searchFormVars"]["offset"] = 0; } // Show the user their search showWines($connection, $template); $template->showWinestore(SHOW_ALL, B_HOME | B_SHOW_CART | B_SEARCH | B_LOGINLOGOUT);