$template->setCurrentBlock("items"); $template->setVariable("ORDER_TOTAL", sprintf("\$%4.2f\n", $orderTotalPrice)); $template->parseCurrentBlock("items"); $template->setCurrentBlock(); $template->showWinestore(NO_CART, B_HOME); } // ---------- session_start(); // Connect to a authenticated session sessionAuthenticate(S_SHOWCART); // Check the correct parameters have been passed if (!isset($_GET["cust_id"]) || !isset($_GET["order_id"])) { $_SESSION["message"] = "Incorrect parameters to order-step4.php"; header("Location: " . S_SHOWCART); exit; } // Check this customer matches the $cust_id $connection = DB::connect($dsn, true); if (DB::isError($connection)) { trigger_error($connection->getMessage(), E_USER_ERROR); } $cust_id = pearclean($_GET, "cust_id", 5, $connection); $order_id = pearclean($_GET, "order_id", 5, $connection); $real_cust_id = getCust_id($_SESSION["loginUsername"]); if ($cust_id != $real_cust_id) { $_SESSION["message"] = "You can only view your own receipts!"; header("Location: " . S_HOME); exit; } // Show the confirmation HTML page show_HTML_receipt($cust_id, $order_id, $connection);
if (checkMandatory("loginPassword", "password", "custErrors", "custFormVars")) { checkMinAndMaxLength("loginPassword", 6, 8, "password", "custErrors", "custFormVars"); } } // Now the script has finished the validation, // check if there were any errors if (count($_SESSION["custErrors"]) > 0) { // There are errors. Relocate back to the client form header("Location: " . S_DETAILS); exit; } // Is this an update? if (isset($_SESSION["loginUsername"])) { // Check the user is properly logged in sessionAuthenticate(S_DETAILS); $cust_id = getCust_id($_SESSION["loginUsername"], $connection); $query = "UPDATE customer SET \n title_id = {$_SESSION["custFormVars"]["title_id"]},\n surname = '{$_SESSION["custFormVars"]["surname"]}',\n firstname = '{$_SESSION["custFormVars"]["firstname"]}',\n initial = '{$_SESSION["custFormVars"]["initial"]}',\n address = '{$_SESSION["custFormVars"]["address"]}',\n city = '{$_SESSION["custFormVars"]["city"]}',\n state = '{$_SESSION["custFormVars"]["state"]}',\n zipcode = '{$_SESSION["custFormVars"]["zipcode"]}',\n country_id = {$_SESSION["custFormVars"]["country_id"]},\n phone = '{$_SESSION["custFormVars"]["phone"]}',\n birth_date = '{$_SESSION["custFormVars"]["birth_date"]}'\n WHERE cust_id = {$cust_id}"; $result = $connection->query($query); if (DB::isError($result)) { trigger_error($result->getMessage(), E_USER_ERROR); } } else { // Lock to get the next available customer ID $result = $connection->query("LOCK TABLES customer WRITE"); if (DB::isError($result)) { trigger_error($result->getMessage(), E_USER_ERROR); } // Find the max cust_id $result = $connection->query("SELECT max(cust_id) FROM customer"); if (DB::isError($result)) { trigger_error($result->getMessage(), E_USER_ERROR);