$items[$i] = $rows[$randitem - 1]; FB::log($items[$i], 'item'); $price = $items[$i]['unit_price']; $tax = "1." . $items[$i]['tax_percent']; $qty[$i] = mt_rand(1, 10); $totalqty += $qty[$i]; $subtotal += $qty[$i] * $price; $saletotal += $subtotal + money_format('%i', $tax); } $user[$t] = mt_rand(1, 4); $till[$t] = mt_rand(1, 5); $date = date("Y-m-d"); $time = date("H-i-s"); $session = date("YmdHis") . "-" . $user[$t] . "-" . $till[$t]; $arr = array('eft' => $saletotal, 'remainder' => 0.0, 'total' => $saletotal, 'id' => 1, 'cost' => $saletotal, 'smallcoin' => 0.1); $output .= dumparray($arr); $paidwith = base64_encode(serialize($arr)); $sqlinsert = "INSERT INTO sales (date,time,customer_id,sale_sub_total,sale_total_cost,paid_with,items_purchased,sold_by,till,session,state) VALUES ('" . $date . "','" . $time . "',1," . $subtotal . "," . $saletotal . ",'" . $paidwith . "'," . $totalqty . "," . $user[$t] . "," . $till[$t] . ",'" . $session . "','completed')"; $output .= $sqlinsert . "<br>"; if ($rec = $db->query($sqlinsert)) { $id = $db->insertID($db->getConnection()); //we have id, go on to insert the sales items for ($i = 0; $i < $num; $i++) { $tax = "1." . $items[$i]['tax_percent']; $itemstotaltax = $items[$i]['unit_price'] - money_format('%i', $items[$i]['unit_price'] / $tax); $itemstotalprice = $items[$i]['unit_price'] * $qty[$i]; $sql = "insert into sales_items(sale_id, item_id, quantity_purchased, item_unit_price, item_trade_price, item_tax_percent, item_total_tax, item_total_cost, item_name, item_description) values(" . $id . "," . $items[$i]['id'] . "," . $qty[$i] . ",'" . $items[$i]['unit_price'] . "','" . $items[$i]['trade_price'] . "','" . $items[$i]['tax_percent'] . "','" . $itemstotaltax . "','" . $itemstotalprice . "','" . $items[$i]['item_number'] . "','" . $items[$i]['item_name'] . "')"; $output .= $sql . "<br>"; $result = $db->query($sql); } } else {
include_once './lib/commonfunctions.php'; require_once './lib/password.php'; # Pre-sanitize all inputs $SANITIZED_POST = sanitize_input($_POST); # Launch the setup script if the config file is not found if (!file_exists($CONFIGFILE)) { require './lib/setup.php'; } else { # Load configuration options require_once $CONFIGFILE; try { $dbh = new PDO("mysql:host=" . $CONFIG['dbhostname'] . ";dbname=" . $CONFIG['mydb'] . ";charset=UTF8", $CONFIG['dbuser'], $CONFIG['dbpass']); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); if (isset($SANITIZED_POST['newmember'])) { require './lib/newmember.php'; } else { if (isset($_SESSION['MemberID'])) { printf("Logged in as user '%s'<br />\n", $_SESSION['hsbuser']); } else { require_once './lib/login.php'; } } $dbh = null; } catch (PDOException $e) { html_header('FAIL'); printf("<H1>Database failed: %s</H1><br />\n", $e->GetMessage()); } } dumparray($_SESSION, '$_SESSION'); html_footer();
if (!isset($CONFIGFILE)) { header('Status: 301 Moved Permanently', false, 301); header('Location: ../index.php'); exit; } $MissingPwText = ''; $MissingUsrText = ''; # Is there a user name ? if (isset($SANITIZED_POST['hsbuser']) and $SANITIZED_POST['hsbuser'] == '') { $MissingUsrText = '<font color="red">Username is required</font>'; } # Is there a password ? if (isset($SANITIZED_POST['hsbpass']) and $SANITIZED_POST['hsbpass'] == '' and !isset($SANITIZED_POST['lostpw'])) { $MissingPwText = '<font color="red">Password is required</font>'; } # Process password reset (TODO) # Check password and set session variable (TODO) # Show login form html_header('Login'); printf(" <H1>%s Members Login Form</H1>\n", $CONFIG['orgname']); printf(" <FORM Method=\"POST\" Action=\"%s\">\n", $_SERVER['SCRIPT_NAME']); printf(" Username: <INPUT type=\"text\" size=20 name=\"hsbuser\" value=\"%s\">%s<br />\n", $SANITIZED_POST['hsbuser'], $MissingUsrText); printf(" Password: <INPUT type=\"password\" size=20 name=\"hsbpass\">%s<br />\n", $MissingPwText); printf(" <INPUT type=\"submit\" value=\"Login\">\n"); printf(" <INPUT TYPE=\"submit\" name=\"lostpw\" value=\"lost password ?\"><br />"); printf(" <INPUT TYPE=\"submit\" name=\"newmember\" value=\"Become a member here\"><br />"); printf(" </FORM>\n"); #printf ("%s<br />\n", password_hash ($SANITIZED_POST['hsbpass'], PASSWORD_DEFAULT) ); #dumparray ($_SERVER, '$_SERVER'); dumparray($SANITIZED_POST, '$SANITIZED_POST');