$quantity = '';
foreach ($_SESSION['cart'] as $pid => $value) {
$print_ids .= $pid . ',';
$quantity .= $value['quantity'] . ',';
}
$print_ids = trim(substr($print_ids, 0, -1));
$quantity = trim(substr($quantity, 0, -1));
$conn = connection();
$sql = "INSERT INTO orders (customer_id, total) VALUES (:customer, :total)";
$sql_params = array(':customer' => $customer, ':total' => $total);
$results = insertContent($conn, $sql, $sql_params);
if (is_numeric($results)) {
$conn->beginTransaction();
$sql = "INSERT INTO order_content (order_id, print_id, quantity, price, customer_id)\n VALUES (:order_id, :print_id, :quantity, :price, :customer_id)";
$sql_params = array(':order_id' => rand(0, 1000000), ':print_id' => json_encode($print_ids), ':quantity' => json_encode($quantity), ':price' => $total, ':customer_id' => $_SESSION['user']['customer_id']);
$results = insertContent($conn, $sql, $sql_params);
if (is_numeric($results)) {
$conn->commit();
unset($_SESSION['cart']);
$message = '<p>Thank you for your order. You will be notified when the items ship.</p>';
echo $message;
// Send emails and do whatever else.
} else {
$conn->rollBack();
$message = '<p>Your order could not be processed due to a system error. You will be contacted in order to have the problem fixed. We apologize for the inconvenience.</p>';
// Send the order information to the administrator.
}
} else {
$conn->rollBack();
$message = '<p>Your order could not be processed due to a system error. You will be contacted in order to have the problem fixed. We apologize for the inconvenience.</p>';
// Send the order information to the administrator.
exit;
//header("Location: register.php");
}
}
if (isset($_POST['create_account_submit'])) {
$conn = connection();
$post = validate_form();
error_check($post);
$sql = "INSERT INTO customers(first_name, last_name, email, password, salt) \n VALUES (:first_name,:last_name,:email,:password,:salt)";
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $post['password'] . $salt);
for ($i = 0; $i < 65536; $i++) {
$password = hash('sha256', $password . $salt);
}
$sql_params = array(':first_name' => $post['first_name'], ':last_name' => $post['last_name'], ':email' => $post['email'], ':password' => $password, ':salt' => $salt);
$success = insertContent($conn, $sql, $sql_params);
if (filter_var($success, FILTER_VALIDATE_INT)) {
$_SESSION['user']['email'] = $post['email'];
$_SESSION['user']['first_name'] = $post['first_name'];
$_SESSION['user']['last_name'] = $post['last_name'];
header("Location: ../index.php");
} else {
$_SESSION['error']['create_account'] = "there was a problem creating your account. please contact someone about it.";
header("Location: ../register.php");
}
}
if (isset($_POST['sign_in_submit'])) {
$conn = connection();
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
$submitted_username = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');
