$quantity = ''; foreach ($_SESSION['cart'] as $pid => $value) { $print_ids .= $pid . ','; $quantity .= $value['quantity'] . ','; } $print_ids = trim(substr($print_ids, 0, -1)); $quantity = trim(substr($quantity, 0, -1)); $conn = connection(); $sql = "INSERT INTO orders (customer_id, total) VALUES (:customer, :total)"; $sql_params = array(':customer' => $customer, ':total' => $total); $results = insertContent($conn, $sql, $sql_params); if (is_numeric($results)) { $conn->beginTransaction(); $sql = "INSERT INTO order_content (order_id, print_id, quantity, price, customer_id)\n VALUES (:order_id, :print_id, :quantity, :price, :customer_id)"; $sql_params = array(':order_id' => rand(0, 1000000), ':print_id' => json_encode($print_ids), ':quantity' => json_encode($quantity), ':price' => $total, ':customer_id' => $_SESSION['user']['customer_id']); $results = insertContent($conn, $sql, $sql_params); if (is_numeric($results)) { $conn->commit(); unset($_SESSION['cart']); $message = '<p>Thank you for your order. You will be notified when the items ship.</p>'; echo $message; // Send emails and do whatever else. } else { $conn->rollBack(); $message = '<p>Your order could not be processed due to a system error. You will be contacted in order to have the problem fixed. We apologize for the inconvenience.</p>'; // Send the order information to the administrator. } } else { $conn->rollBack(); $message = '<p>Your order could not be processed due to a system error. You will be contacted in order to have the problem fixed. We apologize for the inconvenience.</p>'; // Send the order information to the administrator.
exit; //header("Location: register.php"); } } if (isset($_POST['create_account_submit'])) { $conn = connection(); $post = validate_form(); error_check($post); $sql = "INSERT INTO customers(first_name, last_name, email, password, salt) \n VALUES (:first_name,:last_name,:email,:password,:salt)"; $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); $password = hash('sha256', $post['password'] . $salt); for ($i = 0; $i < 65536; $i++) { $password = hash('sha256', $password . $salt); } $sql_params = array(':first_name' => $post['first_name'], ':last_name' => $post['last_name'], ':email' => $post['email'], ':password' => $password, ':salt' => $salt); $success = insertContent($conn, $sql, $sql_params); if (filter_var($success, FILTER_VALIDATE_INT)) { $_SESSION['user']['email'] = $post['email']; $_SESSION['user']['first_name'] = $post['first_name']; $_SESSION['user']['last_name'] = $post['last_name']; header("Location: ../index.php"); } else { $_SESSION['error']['create_account'] = "there was a problem creating your account. please contact someone about it."; header("Location: ../register.php"); } } if (isset($_POST['sign_in_submit'])) { $conn = connection(); $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); $email = filter_var($email, FILTER_VALIDATE_EMAIL); $submitted_username = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');