$allFulfilled = false; if ($fulfilled === $unfulfilled) { $allFulfilled = true; } if (!$allFulfilled) { $customerOrders .= "<section id='{$id}' class='clearfix'><div class='col-sm-3'>{$id}</div>\n <div class='col-sm-3'>{$fulfilled}</div>\n <div class='col-sm-3'>{$unfulfilled}</div>\n <div class='col-sm-3'>\n <button type='button' class='btn btn-danger'\n type='submit' name='submit'\n data-confirm='Delete the order?'\n data-id='{$id}'\n data-customer='{$_GET['id']}'\n data-unfulfilled='{$unfulfilled}'\n >\n Delete Order</button>\n </div></section>"; } if ($allFulfilled) { $customerOrders .= "<section id='{$id}' class='fulfilled clearfix'><div class='col-sm-3'>{$id}</div>\n <div class='col-sm-3'>{$fulfilled}</div>\n <div class='col-sm-3'>{$unfulfilled}</div>\n <div class='col-sm-3'></div></section>"; } } } // Demo purposes only to showcase an attack. $orderData->session = $_SESSION; $orderData->session['customerid'] = $customerID; $controller = new InitCustomerController($models, $orderData); $controller->setCustomerValues(); $customerInfo = $controller->getCustomerValues(); $address = htmlentities($customerInfo['address']); $email = htmlentities($customerInfo['email']); $phone = htmlentities($customerInfo['phone']); $instructions = !empty($customerInfo['instructions']) ? htmlentities($customerInfo['instructions']) : null; $customerInformation = "<p>We will send a confirmation email to {$email} when your packages are ready.</p>\n<p>They will be\ndelivered to {$address} and we will call you at {$phone} when they are delivered.</p>"; if ($instructions) { $customerInformation .= "<p>You also specified the following additional instructions:</p>\n <blockquote>{$instructions}</blockquote>"; } ?> <?php require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . 'partials/customers/viewordersNavbar.php'; require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "partials/customers/viewordersForm.php";
$logger = new FullLog('Customer Edit Form'); $checkAuth = new CheckAuth($logger); $isCustomer = $checkAuth->isCustomer(); if (!$isCustomer) { header("Location:{$rootPath}badsite/index.php?errors=Not an authenticated consumer.`"); } $pdo = new PDOSingleton(); $models = new stdClass(); $models->redis = $redis; $models->errorRunner = $errorRunner; $models->logger = $logger; $models->checkAuth = $checkAuth; $models->pdo = $pdo; $customerModel = new stdClass(); $customerModel->session = $_SESSION; $customer = new InitCustomerController($models, $customerModel); $customer->setCustomerValues(); $customerValues = $customer->getCustomerValues(); extract($customerValues); $errorList = ''; if (isset($error)) { $errorList .= "<div id='inlineErrorHolder'\n class='alert alert-danger' role='alert'>\n <div id='inlineErrorContent'>{$error}</div>\n </div>"; } require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . 'partials/customers/customerEditNavbar.php'; require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . 'partials/customers/customerEditMain.php'; require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "partials/footer.php"; ?> <script type="text/javascript" src="<?php echo $jsPath; ?> customeredit.js"></script>