/* Validate the form on the server side */ $userid = addslashes(filter_input(INPUT_POST, 'userid')); $pwd = addslashes(filter_input(INPUT_POST, 'pwdInput')); $customerMgr = new CustomerManager(); $customer = $customerMgr->getCustomerByIDPassword($userid, $pwd); $creditMgr = new CreditManager(); $productMgr = new ProductManager(); session_start(); //echo mysql_num_rows($resultSet); if ($customer !== []) { $form_data['success'] = true; $_SESSION["userid"] = $userid; if (isset($_COOKIE["sender_email"])) { $sender_email = $_COOKIE["sender_email"]; if ($sender_email !== $userid) { $has_received = $creditMgr->checkInvitationStatus($sender_email, $userid); if ($has_received === null) { $creditMgr->addCredit($sender_email, $userid); $customerMgr->updateCredit($userid, 10.0); setcookie('sender_email', '', time() - 1); $form_data['status'] = 'success'; $form_data['message'] = "Congratulations! You have got \$10 credits from your friend!"; } else { $form_data['status'] = 'fail'; $form_data['message'] = "You have already received credit from your friend!"; setcookie('sender_email', '', time() - 1); } } else { $form_data['status'] = 'fail'; $form_data['message'] = "Cyclic referral detected!"; setcookie('sender_email', '', time() - 1);
exit; } session_start(); $receiver_email = null; $sender_email = $sender['customer_id']; if (!empty($_SESSION["userid"])) { #Situation 3: browser contains login information $receiver_email = $_SESSION["userid"]; if ($receiver_email == $sender_email) { #Situation 7: receiver and sender share same email. It means it's an illegal self-referral $status = 'fail'; $message = "Cyclic referral detected!"; header("Location: index.php?status={$status}&message={$message}"); exit; } $status = $creditMgr->checkInvitationStatus($sender_email, $receiver_email); if ($status == null) { #Situation 5: receiver has not accepted any credit from sender. Successfully receive credit and redirect to index $creditMgr->addCredit($sender_email, $receiver_email); $customerMgr->updateCredit($receiver_email, 10.0); $status = 'success'; $message = "Congratulations! You have got <br> \$10 credits from your friend!"; header("Location: index.php?status={$status}&message={$message}"); exit; } else { #Situation 6: receiver has already received credit from sender. Redirect to index and prompt error. $status = 'fail'; $message = "You have already received <br> credit from your friend!"; header("Location: index.php?status={$status}&message={$message}"); exit; }