API tools faq
paste
Guest User

Untitled

a guest
Feb 12th, 2018
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.97 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once 'DbOperation.php';
  3. if(isset($_REQUEST['code'])){
  4. $code = $_REQUEST['code'];
  5. $db = new DbOperation();
  6. $response = array();
  7. if($code == 'product'){
  8. $action = $_REQUEST['action'];
  9. switch ($action) {
  10. case 'get':
  11. $sales = 0;
  12. $category = isset($_GET['cat']) ? $_GET['cat'] : 0;
  13. $catGroup = isset($_GET['ctg']) ? $_GET['ctg'] : 0;
  14. $subCat = isset($_GET['sct']) ? $_GET['sct'] : 0;
  15. $brand = isset($_GET['brd']) ? $_GET['brd'] : 0;
  16. $region = isset($_GET['rgn']) ? FILTER_INPUT(INPUT_GET, "rgn", FILTER_SANITIZE_NUMBER_INT) : '';
  17. $minPrice = FILTER_INPUT(INPUT_GET, "mnp", FILTER_SANITIZE_NUMBER_INT);
  18. $maxPrice = FILTER_INPUT(INPUT_GET, "mxp", FILTER_SANITIZE_NUMBER_INT);
  19. $limit = isset($_GET['lmt']) ? FILTER_INPUT(INPUT_GET, "lmt", FILTER_SANITIZE_NUMBER_INT) : 50;
  20. $page = isset($_GET['pge']) ? FILTER_INPUT(INPUT_GET, "pge", FILTER_SANITIZE_NUMBER_INT) : 0;
  21. $searchString = isset($_GET['sch']) ? FILTER_INPUT(INPUT_GET, "sch", FILTER_SANITIZE_NUMBER_INT) : '';
  22. $prefcurr = isset($_GET['prf']) ? FILTER_INPUT(INPUT_GET, "prf", FILTER_SANITIZE_STRING) : 'NGN';
  23. $result = $db->getAllProducts($catGroup,$category,$subCat,$region,$maxPrice,$minPrice,$searchString,$prefcurr,$limit,$page,$brand);
  24. if(isset($result)){
  25. $response['data'] = $result;
  26. $response['error'] = false;
  27. $response['brand'] = $brand;
  28. }
  29. else{
  30. $response['error'] = true;
  31. $response['message'] = 'Internal server errored during processing';
  32. }
  33. break;
  34. case 'getspecial':
  35. $tab = isset($_GET['tab']) ? filter_input(INPUT_GET,"tab",FILTER_SANITIZE_NUMBER_INT) : 0;
  36. //$currency = isset($_GET['prf']) ? $_GET['prf'] : 'NGN';
  37. $result = $db->getAllSpecialProducts($tab);
  38. if(isset($result)){
  39. $response['data'] = $result;
  40. $response['error'] = false;
  41. }
  42. else{
  43. $response['error'] = true;
  44. $response['message'] = 'Internal server errored during processing';
  45. }
  46. break;
  47. }
  48. }
  49. elseif($code == 'customer'){
  50. $action = $_REQUEST['action'];
  51. switch ($action) {
  52. case 'login':
  53. if(isset($_REQUEST['email']))
  54. $email = $_REQUEST['email'];
  55. if(isset($_REQUEST['password']))
  56. $password = $_REQUEST['password'];
  57. if(!isset($email) && strlen($email) > 0)
  58. $err = 'Please enter email address';
  59. if(!isset($password) && strlen($password) > 0)
  60. $err = 'Please enter password';
  61. if(isset($err)){
  62. $response['error'] = true;
  63. $response['message'] = $err;
  64. }
  65. else{
  66. $result = $db->customerLogin($email,$password);
  67. if(isset($result)){
  68. if(is_array($result)){
  69. $response = $result;
  70. $response['error'] = false;
  71. }
  72. else{
  73. $response['error'] = true;
  74. $response['message'] = $result;
  75. }
  76. }
  77. else{
  78. $response['error'] = true;
  79. $response['message'] = 'Internal server errored during processing';
  80. }
  81. }
  82. break;
  83. case 'guest':
  84. $currency = isset($_POST['prf']) ? FILTER_INPUT(INPUT_POST, "prf", FILTER_SANITIZE_STRING) : 'NGN';
  85. $result = $db->guestLogin($currency);
  86. if(isset($result)){
  87. if(is_array($result)){
  88. $response = $result;
  89. $response['error'] = false;
  90. }
  91. else{
  92. $response['error'] = true;
  93. $response['message'] = $result;
  94. }
  95. }
  96. else{
  97. $response['error'] = true;
  98. $response['message'] = 'Internal server errored during processing';
  99. }
  100. break;
  101. case 'forgot':
  102. $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
  103. $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
  104. $result = $db->forgotPassword( $email, $username);
  105. if(isset($result)){
  106. $response['data'] = $result;
  107. $response['error'] = false;
  108. }
  109. else{
  110. $response['error'] = true;
  111. $response['message'] = 'Internal server errored during processing';
  112. }
  113. break;
  114. case 'register':
  115. $firstName = filter_input(INPUT_POST,"fname",FILTER_SANITIZE_STRING);
  116. $lastName = filter_input(INPUT_POST,"lname",FILTER_SANITIZE_STRING);
  117. $email = filter_input(INPUT_POST,"email",FILTER_SANITIZE_EMAIL);
  118. $userName = filter_input(INPUT_POST,"uname",FILTER_SANITIZE_STRING);
  119. $password = filter_input(INPUT_POST,"pwd",FILTER_SANITIZE_STRING);
  120. $memword = filter_input(INPUT_POST,"memword",FILTER_SANITIZE_STRING);
  121. $day = filter_input(INPUT_POST,"day",FILTER_SANITIZE_NUMBER_INT);
  122. $month = filter_input(INPUT_POST,"month",FILTER_SANITIZE_NUMBER_INT);
  123. $year = filter_input(INPUT_POST,"year",FILTER_SANITIZE_NUMBER_INT);
  124. $gender = filter_input(INPUT_POST,"gender",FILTER_SANITIZE_STRING);
  125. $telephone = filter_input(INPUT_POST,"telephone",FILTER_SANITIZE_STRING);
  126. $mobile = filter_input(INPUT_POST,"mobile",FILTER_SANITIZE_STRING);
  127. $prefcurr = filter_input(INPUT_POST,"prf",FILTER_SANITIZE_STRING);
  128.  
  129. //Phone validation
  130. $telephone = str_replace(" ","",$telephone);
  131. $mobile = str_replace(" ","",$mobile);
  132.  
  133. $TelephoneDigits = str_replace("+","",$telephone);
  134. $TelephoneDigits = str_replace("-","",$TelephoneDigits);
  135. $TelephoneDigits = str_replace("(","",$TelephoneDigits);
  136. $TelephoneDigits = str_replace(")","",$TelephoneDigits);
  137.  
  138. $MobileDigits = str_replace("+","",$mobile);
  139. $MobileDigits = str_replace("-","",$MobileDigits);
  140. $MobileDigits = str_replace(")","",$MobileDigits);
  141. $MobileDigits = str_replace("(","",$MobileDigits);
  142.  
  143. if((!$firstName||!$lastName||!$email||!$userName||!$password||!$gender||(!$telephone && !$mobile))){
  144. $errortext = "Error: Please fill in all the required fields.";
  145. }
  146. elseif (strlen($password) < 6 || strlen($password) > 20) {
  147. $errortext = "Error: Password length should be between 6 and 20 characters.";
  148. }
  149. elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  150. $errortext = "Error: Invalid email format";
  151. }
  152. elseif($telephone != "" && (!is_numeric($TelephoneDigits) || (strlen($TelephoneDigits) >= 7 && strlen($TelephoneDigits <= 15)))){
  153. $errortext = "Error: Incorrect telephone number format";
  154. }
  155. elseif ($telephone == "") {
  156. $telephone = 0;
  157. }
  158. elseif($mobile != "" && (!is_numeric($MobileDigits) || (strlen($MobileDigits) >= 7 && strlen($MobileDigits <= 15)))){
  159. $errortext = "Error: Incorrect mobile number format";
  160. }
  161. elseif($gender != "M" && $gender != "F"){
  162. $errortext = "ERROR: ILLEGAL VALUE RECEIVED FOR FIELD: GENDER";
  163. }
  164.  
  165. if(isset($errortext)){
  166. $response = array();
  167. $response['error'] = true;
  168. $response['message'] = $errortext;
  169. }
  170. else{
  171. $result = $db->createCustomer($firstName,$lastName,$userName,$email,$password,$gender,$mobile,$telephone,$day,$month,$year,$memword,$prefcurr);
  172. if(isset($result)){
  173. if($result == "Account successfully created"){
  174. $result = $db->customerLogin($email,$password);
  175. $response = $result;
  176. $response['error'] = false;
  177. $response['message'] = "Account successfully created";
  178. }
  179. else{
  180. $response['error'] = true;
  181. $response['message'] = $result;
  182. }
  183. }
  184. else{
  185. $response['error'] = true;
  186. $response['message'] = 'Internal server errored during processing';
  187. }
  188. }
  189. break;
  190. case 'get':
  191. $id = isset($_GET['id']) ? $_GET['id'] : '';
  192. $result = $db->getCustomer($id);
  193. if(isset($result)){
  194. if(is_array($result)){
  195. $response = $result;
  196. $response['error'] = false;
  197. }
  198. else{
  199. $response['error'] = true;
  200. $response['message'] = $result;
  201. }
  202. }
  203. else{
  204. $response['error'] = true;
  205. $response['message'] = 'Internal server errored during processing';
  206. }
  207. break;
  208. case 'getAddress':
  209. $id = isset($_GET['id']) ? $_GET['id'] : '';
  210. $result = $db->getCustomerAddresses($id);
  211. if(isset($result)){
  212. if(is_array($result)){
  213. $response['data'] = $result;
  214. $response['error'] = false;
  215. }
  216. else{
  217. $response['error'] = true;
  218. $response['message'] = $result;
  219. }
  220. }
  221. else{
  222. $response['error'] = true;
  223. $response['message'] = 'Internal server errored during processing';
  224. }
  225. break;
  226. case 'addAddress':
  227. $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
  228. $AddrLine1 = filter_input(INPUT_POST,"addr1",FILTER_SANITIZE_STRING);
  229. $AddrLine2 = filter_input(INPUT_POST,"addr2",FILTER_SANITIZE_STRING);
  230. $AddrLine3 = filter_input(INPUT_POST,"addr3",FILTER_SANITIZE_STRING);
  231. $AddrDesc = filter_input(INPUT_POST,"addrdesc",FILTER_SANITIZE_STRING);
  232. $DelAddrYN = strtoupper(filter_input(INPUT_POST,"deladdr",FILTER_SANITIZE_STRING));
  233. $CorAddrYN = strtoupper(filter_input(INPUT_POST,"coraddr",FILTER_SANITIZE_STRING));
  234. $City = filter_input(INPUT_POST,"city",FILTER_SANITIZE_STRING);
  235. $State = filter_input(INPUT_POST,"state",FILTER_SANITIZE_STRING);
  236. $Country = filter_input(INPUT_POST,"country",FILTER_SANITIZE_STRING);
  237. $AddrType = filter_input(INPUT_POST,"addrtype",FILTER_SANITIZE_NUMBER_INT);
  238. $Postcode = filter_input(INPUT_POST,"postcode",FILTER_SANITIZE_STRING);
  239. $type = filter_input(INPUT_POST,"type",FILTER_SANITIZE_NUMBER_INT);
  240.  
  241. $errortext = "";
  242. $error = false;
  243.  
  244. if ($AddrLine1 == ""){
  245. $errortext .= "Error: You must enter a value for field: AddrLine1.<br>";
  246. $error = true;
  247. }
  248. if ($DelAddrYN == ""){
  249. $errortext .= "Error: You must enter a value for field: Delivery Address.<br>";
  250. $error = true;
  251. }
  252. if ($CorAddrYN == ""){
  253. $errortext .= "Error: You must enter a value for field: Correspondence Address.<br>";
  254. $error = true;
  255. }
  256. if ($City == ""){
  257. $errortext .= "Error: You must enter a value for field: City.<br>";
  258. $error = true;
  259. }
  260. if ($State == ""){
  261. $errortext .= "Error: You must enter a value for field: State $state.<br>";
  262. $error = true;
  263. }
  264. if ($Country == ""){
  265. $errortext .= "Error: You must enter a value for field: Country.<br>";
  266. $error = true;
  267. }
  268. if ($Postcode == ""){
  269. $errortext .= "Error: You must enter a value for field: PostCode.<br>";
  270. $error = true;
  271. }
  272. if ($AddrType == ""){
  273. $errortext .= "Error: You must enter a value for field: AddrType.<br>";
  274. $error = true;
  275. }
  276. if ($DelAddrYN != "" && $DelAddrYN != "N" && $DelAddrYN != "Y"){
  277. $errortext .= "Error: Illegal value received for field: Delivery Address.<br>";
  278. $error = true;
  279. }
  280. if ($CorAddrYN != "" && $CorAddrYN != "Y" && $CorAddrYN != "N"){
  281. $errortext .= "Error: Illegal value received for field: Correspondence Address.<br>";
  282. $error = true;
  283. }
  284. if (!is_numeric($State) && $State != "" && $State != "nonesel"){
  285. $errortext .= "Error: Illegal value received for field: State.<br> ".$State;
  286. $error = true;
  287. }
  288. if(!$error){
  289. if($type == 1)
  290. $result = $db->addCustomerPrimaryAddress($id,$AddrLine1,$AddrLine2,$AddrLine3,$City,$State,$Country,$Postcode,$AddrType,$DelAddrYN,$CorAddrYN,$AddrDesc);
  291. else
  292. $result = $db->addCustomerAddress($id,$AddrLine1,$AddrLine2,$AddrLine3,$City,$State,$Country,$Postcode,$AddrType,$DelAddrYN,$CorAddrYN,$AddrDesc);
  293. if(isset($result)){
  294. $response['error'] = false;
  295. $response['data'] = $db->getCustomerAddresses($id);
  296. }
  297. else{
  298. $response['error'] = true;
  299. $response['message'] = 'Internal server errored during processing';
  300. }
  301. }
  302. else{
  303. $response['error'] = true;
  304. $response['message'] = $errortext;
  305. }
  306. break;
  307. case 'addGuestAddress':
  308. $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
  309. $sid = filter_input(INPUT_POST,"sid",FILTER_SANITIZE_STRING);
  310. $AddrLine1 = filter_input(INPUT_POST,"addr1",FILTER_SANITIZE_STRING);
  311. $AddrLine2 = filter_input(INPUT_POST,"addr2",FILTER_SANITIZE_STRING);
  312. $AddrLine3 = filter_input(INPUT_POST,"addr3",FILTER_SANITIZE_STRING);
  313. $AddrDesc = filter_input(INPUT_POST,"addrdesc",FILTER_SANITIZE_STRING);
  314. $City = filter_input(INPUT_POST,"city",FILTER_SANITIZE_STRING);
  315. $State = filter_input(INPUT_POST,"state",FILTER_SANITIZE_STRING);
  316. $Country = filter_input(INPUT_POST,"country",FILTER_SANITIZE_STRING);
  317. $AddrType = filter_input(INPUT_POST,"addrtype",FILTER_SANITIZE_NUMBER_INT);
  318. $Postcode = filter_input(INPUT_POST,"postcode",FILTER_SANITIZE_STRING);
  319. $email = filter_input(INPUT_POST,"email",FILTER_SANITIZE_STRING);
  320. $phone = filter_input(INPUT_POST,"phone",FILTER_SANITIZE_STRING);
  321. $fname = filter_input(INPUT_POST,"fname",FILTER_SANITIZE_STRING);
  322. $lname = filter_input(INPUT_POST,"lname",FILTER_SANITIZE_STRING);
  323.  
  324. $errortext = "";
  325. $error = false;
  326.  
  327. if ($AddrLine1 == ""){
  328. $errortext .= "Error: You must enter a value for field: AddrLine1.<br>";
  329. $error = true;
  330. }
  331. if ($City == ""){
  332. $errortext .= "Error: You must enter a value for field: City.<br>";
  333. $error = true;
  334. }
  335. if ($State == ""){
  336. $errortext .= "Error: You must enter a value for field: State $state.<br>";
  337. $error = true;
  338. }
  339. if ($Country == ""){
  340. $errortext .= "Error: You must enter a value for field: Country.<br>";
  341. $error = true;
  342. }
  343. if ($Postcode == ""){
  344. $errortext .= "Error: You must enter a value for field: PostCode.<br>";
  345. $error = true;
  346. }
  347. if ($AddrType == ""){
  348. $errortext .= "Error: You must enter a value for field: AddrType.<br>";
  349. $error = true;
  350. }
  351. if (!is_numeric($State) && $State != "" && $State != "nonesel"){
  352. $errortext .= "Error: Illegal value received for field: State.<br> ".$State;
  353. $error = true;
  354. }
  355. if(!$error){
  356. $result = $db->addGuestAddress($id,$AddrLine1,$AddrLine2,$AddrLine3,$City,$State,$Country,$Postcode,$AddrType,$AddrDesc,$fname,$lname,$phone);
  357. if(isset($result)){
  358. $db->addGuestEmail($sid,$email);
  359. $response['error'] = false;
  360. $response['data'] = $db->getCustomerAddresses($id);
  361. }
  362. else{
  363. $response['error'] = true;
  364. $response['message'] = 'Internal server errored during processing';
  365. }
  366. }
  367. else{
  368. $response['error'] = true;
  369. $response['message'] = $errortext;
  370. }
  371. break;
  372. case 'transactions':
  373. $id = isset($_GET['id']) ? $_GET['id'] : '';
  374. $sid = isset($_GET['sid']) ? $_GET['sid'] : '';
  375. $result = $db->getCustomerTransactions($id);
  376. if(isset($result)){
  377. if(is_array($result)){
  378. $response['data'] = $result;
  379. $response['error'] = false;
  380. }
  381. else{
  382. $response['error'] = true;
  383. $response['message'] = $result;
  384. }
  385. }
  386. else{
  387. $response['error'] = true;
  388. $response['message'] = 'Internal server errored during processing';
  389. }
  390. break;
  391. case 'wishlist':
  392. $id = isset($_GET['id']) ? $_GET['id'] : '';
  393. $prefcurr = isset($_GET['prf']) ? $_GET['prf'] : '';
  394. $result = $db->getCustomerWishlist($id,$prefcurr);
  395. if(isset($result)){
  396. if(is_array($result)){
  397. $response['data'] = $result;
  398. $response['error'] = false;
  399. }
  400. else{
  401. $response['error'] = true;
  402. $response['message'] = $result;
  403. }
  404. }
  405. else{
  406. $response['error'] = true;
  407. $response['message'] = 'Internal server errored during processing';
  408. }
  409. break;
  410. case 'addWish':
  411. $prodid = filter_input(INPUT_POST,"prodid",FILTER_SANITIZE_NUMBER_INT);
  412. $itemName = filter_input(INPUT_POST,"prodname",FILTER_SANITIZE_STRING);
  413. $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
  414. $agent = filter_input(INPUT_POST,"agent",FILTER_SANITIZE_NUMBER_INT);
  415. $result = $db->addToCustomerWishlist($id,$prodid,$agent,$itemName);
  416. if(isset($result)){
  417. $response['error'] = false;
  418. $response['message'] = $result;
  419. }
  420. else{
  421. $response['error'] = true;
  422. $response['message'] = 'Internal server errored during processing';
  423. }
  424. break;
  425. case 'removeWish':
  426. $item = filter_input(INPUT_POST,"prodid",FILTER_SANITIZE_NUMBER_INT);
  427. $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
  428. $agent = filter_input(INPUT_POST,"agent",FILTER_SANITIZE_NUMBER_INT);
  429. $result = $db->removefromlist($id,$item,$agent);
  430. if(isset($result)){
  431. $response['error'] = false;
  432. $response['message'] = $result;
  433. }
  434. else{
  435. $response['error'] = true;
  436. $response['message'] = 'Internal server errored during processing';
  437. }
  438. break;
  439. case 'update':
  440. $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
  441. $FirstName = filter_input(INPUT_POST,"fname",FILTER_SANITIZE_STRING);
  442. $LastName = filter_input(INPUT_POST,"lname",FILTER_SANITIZE_STRING);
  443. $Day = filter_input(INPUT_POST,"day",FILTER_SANITIZE_NUMBER_INT);
  444. $Month = filter_input(INPUT_POST,"month",FILTER_SANITIZE_NUMBER_INT);
  445. $Year = filter_input(INPUT_POST,"year",FILTER_SANITIZE_NUMBER_INT);
  446. $Gender = filter_input(INPUT_POST,"gender",FILTER_SANITIZE_STRING);
  447. $Currency = filter_input(INPUT_POST,"currency",FILTER_SANITIZE_STRING);
  448.  
  449. $Email = filter_input(INPUT_POST,"email",FILTER_SANITIZE_EMAIL);
  450. $Telephone = filter_input(INPUT_POST,"phone",FILTER_SANITIZE_NUMBER_INT);
  451. $Mobile = filter_input(INPUT_POST,"mobile",FILTER_SANITIZE_NUMBER_INT);
  452. //Phone validation
  453. $Telephone = str_replace(" ","",$Telephone);
  454. $Mobile = str_replace(" ","",$Mobile);
  455. $TelephoneDigits = str_replace("+","",$Telephone);
  456. $TelephoneDigits = str_replace("-","",$TelephoneDigits);
  457. $TelephoneDigits = str_replace("(","",$TelephoneDigits);
  458. $TelephoneDigits = str_replace(")","",$TelephoneDigits);
  459. $MobileDigits = str_replace("+","",$Mobile);
  460. $MobileDigits = str_replace("-","",$MobileDigits);
  461. $MobileDigits = str_replace(")","",$MobileDigits);
  462. $MobileDigits = str_replace("(","",$MobileDigits);
  463.  
  464. if((!$FirstName||!$LastName||!$Gender)){
  465. $errortext = "Error: Please fill in all the required fields.";
  466. }
  467. elseif (!$Email || (!$Mobile && !$Telephone)){
  468. $errortext = "Error: Please fill out all the required fields. You must include either a Telephone or Mobile number.";
  469. }
  470. elseif (!filter_var($Email, FILTER_VALIDATE_EMAIL)&&$Email!="") {
  471. $errortext = "Error: Invalid email format";
  472. }
  473. elseif($Telephone != "" && (!is_numeric($TelephoneDigits) || (strlen($TelephoneDigits) >= 7 && strlen($TelephoneDigits <= 15)))){
  474. $errortext = "Error: Incorrect telephone number format";
  475. }
  476. elseif($Mobile != "" && (!is_numeric($MobileDigits) || (strlen($MobileDigits) >= 7 && strlen($MobileDigits <= 15)))){
  477. $errortext = "Error: Incorrect mobile number format";
  478. }
  479. if(!isset($errortext)){
  480. $update1 = $db->updateCustomerProfile($id,$FirstName,$LastName,$Day,$Month,$Year,$Gender,$Currency);
  481. $update2 = $db->updateCustomerContact($id,$Telephone,$Mobile,$Email);
  482. if($update1 && $update2){
  483. $response['error'] = false;
  484. $response['data'] = $db->getCustomerAddresses($id);
  485. }
  486. else{
  487. // $response['error'] = true;
  488. }
  489. }
  490. else{
  491. $response['error'] = true;
  492. $response['message'] = $errortext;
  493. }
  494. break;
  495. }
  496. }
  497.  
  498. else {
  499.  
  500. echo "No code is parsed";
  501. }
  502.  
  503. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!