Exemplos de security\Controllers\Customers ViewOrdersController em PHP

Exemplo n.º 1

Arquivo: ViewOrdersController.php Projeto: anhnt4288/owaspsecuritywithphp

    $pdo = new PDOSingleton(PDOSingleton::CUSTOMERUSER);
    $errorRunner = new ErrorRunner();
    $logger = new FullLog('Customer Viewing Orders');
    $logger->serverData();
    $checkAuth = new CheckAuth($logger);
    $errors = [];
    $isCustomer = $checkAuth->isCustomer();
    $customerID = !empty($_SESSION['customerid']) ? $auth->cInt($_SESSION['customerid']) : null;
    $customerID || ($errors[] = "No customer id.  You have most likely timed out.  Log out and log back in.");
    $isCustomer || ($errors[] = "You are not authenticated as a customer.");
    $models = new stdClass();
    $models->pdo = $pdo;
    $models->errorRunner = $errorRunner;
    $models->logger = $logger;
    $orderData = new stdClass();
    $orderData->customerID = $customerID;
    $controller = new ViewOrdersController($models, $orderData);
    $controller->viewOrders();
    $controller->viewCustomer();
    if (empty($errors)) {
        if ($isAjax) {
            echo json_encode($controller);
        }
        if (!$isAjax) {
            // Do something else.
        }
    }
}
if (!empty($errors)) {
    $errorRunner->runErrors($errors);
}

Exemplo n.º 2

Arquivo: vieworders.php Projeto: anhnt4288/owaspsecuritywithphp

$errorRunner = new ErrorRunner();
$logger = new FullLog('Customer Login Page');
$checkAuth = new CheckAuth($logger);
$customerID = isset($_GET['id']) ? $_GET['id'] : null;
if (!$customerID) {
    $error = rawurlencode('Not an authenticated consumer.');
    die(header("Location:{$rootPath}goodsite/index.php?errors={$error}"));
}
$pdo = new PDOSingleton();
$models = new stdClass();
$models->pdo = $pdo;
$models->errorRunner = $errorRunner;
$models->logger = $logger;
$orderData = new stdClass();
$orderData->customerID = $customerID;
$controller = new ViewOrdersController($models, $orderData);
$controller->viewOrders();
$orders = $controller->getOrders();
$customerOrders = "";
if ($orders) {
    foreach ($orders as $row) {
        $id = htmlentities($row['id']);
        $fulfilled = htmlentities($row['fulfilled']);
        $unfulfilled = htmlentities($row['unfulfilled']);
        $allFulfilled = false;
        if ($fulfilled === $unfulfilled) {
            $allFulfilled = true;
        }
        if (!$allFulfilled) {
            $customerOrders .= "<section id='{$id}' class='clearfix'><div class='col-sm-3'>{$id}</div>\n                                 <div class='col-sm-3'>{$fulfilled}</div>\n                                 <div class='col-sm-3'>{$unfulfilled}</div>\n                                 <div class='col-sm-3'>\n                                     <button type='button' class='btn btn-danger'\n                                     type='submit' name='submit'\n                                     data-confirm='Delete the order?'\n                                     data-id='{$id}'\n                                     data-customer='{$_GET['id']}'\n                                     data-unfulfilled='{$unfulfilled}'\n                                     >\n                                     Delete Order</button>\n                                 </div></section>";
        }