Пример #1
0
function main()
{
    if (hasPrivilege('customer')) {
        // Check customer Loged in
        $userId = $_SESSION[getSpKey()]['customer'];
        $sql = "SELECT * FROM `customers` WHERE `id` = '{$userId}' ";
        $result = dbQuery($sql);
        while (($records = mysql_fetch_assoc($result)) !== false) {
            $customerDetails = array('id' => $records['id'], 'customer_name' => $records['customer_name'], 'customer_family' => $records['customer_family'], 'customer_email' => $records['customer_email'], 'customer_gender' => $records['customer_gender'], 'customer_mobile' => $records['customer_mobile'], 'customer_city' => $records['customer_city'], 'customer_state' => $records['customer_state'], 'customer_zipcode' => $records['customer_zipcode'], 'customer_emergency_number' => $records['customer_emergency_number'], 'customer_address' => $records['customer_address']);
        }
        mysql_free_result($result);
        // edit Customer Details
        if (isset($_POST['btnEditSubmit'])) {
            $txtDetails = array('customer_name' => isset($_POST['txtName']) ? $_POST['txtName'] : null, 'customer_family' => isset($_POST['txtFamily']) ? $_POST['txtFamily'] : null, 'customer_email' => isset($_POST['txtEmail']) ? $_POST['txtEmail'] : null, 'customer_mobile' => isset($_POST['txtMobile']) ? $_POST['txtMobile'] : null, 'customer_city' => isset($_POST['txtCity']) ? $_POST['txtCity'] : null, 'customer_state' => isset($_POST['txtState']) ? $_POST['txtState'] : null, 'customer_zipcode' => isset($_POST['txtZipCode']) ? $_POST['txtZipCode'] : null, 'customer_emergency_number' => isset($_POST['txtEmergencyNumber']) ? $_POST['txtEmergencyNumber'] : null, 'customer_address' => isset($_POST['txtAddress']) ? $_POST['txtAddress'] : null);
            $dataIsCorrect = true;
            foreach ($txtDetails as $pieceOfData) {
                if (is_null($pieceOfData)) {
                    addMessage('اطلاعات محصول به درستی وارد نشده است', FAILURE);
                    $dataIsCorrect = false;
                    break;
                }
            }
        }
    } else {
        $url = BASE_URL . 'signup';
        return array('redirect' => $url);
    }
    $resp['data'] = array('customerDetails' => $customerDetails);
    return $resp;
}
Пример #2
0
function main()
{
    // Login Form
    if (isset($_POST['login'])) {
        // handle login
        $email = $_POST['email'];
        $password = sha1($_POST['password']);
        $sql = "SELECT * FROM `customers` WHERE `customer_email`='{$email}' AND `customer_password`='{$password}';";
        $result = dbQuery($sql);
        if (mysql_num_rows($result) != 1) {
            $url = BASE_URL . '/signup';
            //@todo create error message
            addMessage('نام کاربری یا رمز عبور اشتباه وارد شده است.', FAILURE);
        } else {
            $user = mysql_fetch_assoc($result);
            //@todo save user id in session
            //@todo create welcome message
            $url = BASE_URL . '/customer';
            $spKey = getSpKey();
            $_SESSION[$spKey]['customer'] = $user['id'];
            $userName = $user['customer_name'];
            addMessage($userName . ' عزیز خوش آمدید.', SUCSESS);
        }
        mysql_free_result($result);
        return array('redirect' => $url);
    }
    // SignUp Form
    if (isset($_POST['signup'])) {
        $firstName = safeQuery($_POST['firstName']);
        $lastName = safeQuery($_POST['lastName']);
        $mobile = safeQuery($_POST['mobile']);
        $email = safeQuery($_POST['email']);
        $password = sha1($_POST['password']);
        $gender = $_POST['gender'];
        if (isPhone($mobile) && isEmail($email) && !empty(trim($firstName)) && !empty(trim($lastName)) && !empty(trim($mobile)) && !empty(trim($email)) && !empty(trim($password))) {
            $sql = "SELECT * FROM `customers` WHERE  `customer_email`='{$email}'";
            $result = dbQuery($sql);
            if (mysql_num_rows($result) == 0) {
                $sql = "INSERT INTO `customers`(`customer_name`,`customer_family`,`customer_email`,`customer_password`,`customer_gender`,`customer_mobile`)\n                                        VALUES('{$firstName}','{$lastName}','{$email}','{$password}','{$gender}','{$mobile}')";
                $result = dbQuery($sql);
                addMessage('ثبت نام شما با موفقیت انجام شد. با آدرس ایمیل و رمز عور انتخابی وارد شوید', SUCSESS);
                $url = BASE_URL . '/customer';
            } else {
                $url = BASE_URL . '/signup';
                //@todo create error message
                addMessage('آدرس ایمیل واد شده تکراری میباشد، برای بازیابی رمز عبور کلیک کنید.', FAILURE);
            }
            mysql_free_result($result);
        } else {
            $url = BASE_URL . '/signup';
            //@todo create error message
            addMessage('اطلاعات فرم ثبت نام به درستی وارد نشده است.', FAILURE);
        }
        return array('redirect' => $url);
    }
}
Пример #3
0
function hasPrivilege($acl)
{
    switch ($acl) {
        case 'customer':
            $key = 'customer';
            break;
        case 'admin':
            $key = 'admin';
            break;
        default:
            $key = 'guest';
    }
    return isset($_SESSION[getSpKey()][$key]);
}
Пример #4
0
function elementLoginLogout()
{
    if (isset($_SESSION[getSpKey()])) {
        if ($_SESSION[getSpKey()]['customer']) {
            $userId = $_SESSION[getSpKey()]['customer'];
            $sql = "SELECT `id`,`customer_name` FROM `customers` WHERE `id` = '{$userId}'";
            $result = dbQuery($sql);
            while (($row = mysql_fetch_array($result)) !== false) {
                $userDetails[] = array('id' => $row['id'], 'customer_name' => $row['customer_name']);
            }
            mysql_free_result($result);
            return array('userDetails' => $userDetails);
        }
    }
}
Пример #5
0
function main()
{
    unset($_SESSION[getSpKey()]);
    header('location:../signup');
}