Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once 'DbOperation.php';
- if(isset($_REQUEST['code'])){
- $code = $_REQUEST['code'];
- $db = new DbOperation();
- $response = array();
- if($code == 'product'){
- $action = $_REQUEST['action'];
- switch ($action) {
- case 'get':
- $sales = 0;
- $category = isset($_GET['cat']) ? $_GET['cat'] : 0;
- $catGroup = isset($_GET['ctg']) ? $_GET['ctg'] : 0;
- $subCat = isset($_GET['sct']) ? $_GET['sct'] : 0;
- $brand = isset($_GET['brd']) ? $_GET['brd'] : 0;
- $region = isset($_GET['rgn']) ? FILTER_INPUT(INPUT_GET, "rgn", FILTER_SANITIZE_NUMBER_INT) : '';
- $minPrice = FILTER_INPUT(INPUT_GET, "mnp", FILTER_SANITIZE_NUMBER_INT);
- $maxPrice = FILTER_INPUT(INPUT_GET, "mxp", FILTER_SANITIZE_NUMBER_INT);
- $limit = isset($_GET['lmt']) ? FILTER_INPUT(INPUT_GET, "lmt", FILTER_SANITIZE_NUMBER_INT) : 50;
- $page = isset($_GET['pge']) ? FILTER_INPUT(INPUT_GET, "pge", FILTER_SANITIZE_NUMBER_INT) : 0;
- $searchString = isset($_GET['sch']) ? FILTER_INPUT(INPUT_GET, "sch", FILTER_SANITIZE_NUMBER_INT) : '';
- $prefcurr = isset($_GET['prf']) ? FILTER_INPUT(INPUT_GET, "prf", FILTER_SANITIZE_STRING) : 'NGN';
- $result = $db->getAllProducts($catGroup,$category,$subCat,$region,$maxPrice,$minPrice,$searchString,$prefcurr,$limit,$page,$brand);
- if(isset($result)){
- $response['data'] = $result;
- $response['error'] = false;
- $response['brand'] = $brand;
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- case 'getspecial':
- $tab = isset($_GET['tab']) ? filter_input(INPUT_GET,"tab",FILTER_SANITIZE_NUMBER_INT) : 0;
- //$currency = isset($_GET['prf']) ? $_GET['prf'] : 'NGN';
- $result = $db->getAllSpecialProducts($tab);
- if(isset($result)){
- $response['data'] = $result;
- $response['error'] = false;
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- }
- }
- elseif($code == 'customer'){
- $action = $_REQUEST['action'];
- switch ($action) {
- case 'login':
- if(isset($_REQUEST['email']))
- $email = $_REQUEST['email'];
- if(isset($_REQUEST['password']))
- $password = $_REQUEST['password'];
- if(!isset($email) && strlen($email) > 0)
- $err = 'Please enter email address';
- if(!isset($password) && strlen($password) > 0)
- $err = 'Please enter password';
- if(isset($err)){
- $response['error'] = true;
- $response['message'] = $err;
- }
- else{
- $result = $db->customerLogin($email,$password);
- if(isset($result)){
- if(is_array($result)){
- $response = $result;
- $response['error'] = false;
- }
- else{
- $response['error'] = true;
- $response['message'] = $result;
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- }
- break;
- case 'guest':
- $currency = isset($_POST['prf']) ? FILTER_INPUT(INPUT_POST, "prf", FILTER_SANITIZE_STRING) : 'NGN';
- $result = $db->guestLogin($currency);
- if(isset($result)){
- if(is_array($result)){
- $response = $result;
- $response['error'] = false;
- }
- else{
- $response['error'] = true;
- $response['message'] = $result;
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- case 'forgot':
- $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
- $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
- $result = $db->forgotPassword( $email, $username);
- if(isset($result)){
- $response['data'] = $result;
- $response['error'] = false;
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- case 'register':
- $firstName = filter_input(INPUT_POST,"fname",FILTER_SANITIZE_STRING);
- $lastName = filter_input(INPUT_POST,"lname",FILTER_SANITIZE_STRING);
- $email = filter_input(INPUT_POST,"email",FILTER_SANITIZE_EMAIL);
- $userName = filter_input(INPUT_POST,"uname",FILTER_SANITIZE_STRING);
- $password = filter_input(INPUT_POST,"pwd",FILTER_SANITIZE_STRING);
- $memword = filter_input(INPUT_POST,"memword",FILTER_SANITIZE_STRING);
- $day = filter_input(INPUT_POST,"day",FILTER_SANITIZE_NUMBER_INT);
- $month = filter_input(INPUT_POST,"month",FILTER_SANITIZE_NUMBER_INT);
- $year = filter_input(INPUT_POST,"year",FILTER_SANITIZE_NUMBER_INT);
- $gender = filter_input(INPUT_POST,"gender",FILTER_SANITIZE_STRING);
- $telephone = filter_input(INPUT_POST,"telephone",FILTER_SANITIZE_STRING);
- $mobile = filter_input(INPUT_POST,"mobile",FILTER_SANITIZE_STRING);
- $prefcurr = filter_input(INPUT_POST,"prf",FILTER_SANITIZE_STRING);
- //Phone validation
- $telephone = str_replace(" ","",$telephone);
- $mobile = str_replace(" ","",$mobile);
- $TelephoneDigits = str_replace("+","",$telephone);
- $TelephoneDigits = str_replace("-","",$TelephoneDigits);
- $TelephoneDigits = str_replace("(","",$TelephoneDigits);
- $TelephoneDigits = str_replace(")","",$TelephoneDigits);
- $MobileDigits = str_replace("+","",$mobile);
- $MobileDigits = str_replace("-","",$MobileDigits);
- $MobileDigits = str_replace(")","",$MobileDigits);
- $MobileDigits = str_replace("(","",$MobileDigits);
- if((!$firstName||!$lastName||!$email||!$userName||!$password||!$gender||(!$telephone && !$mobile))){
- $errortext = "Error: Please fill in all the required fields.";
- }
- elseif (strlen($password) < 6 || strlen($password) > 20) {
- $errortext = "Error: Password length should be between 6 and 20 characters.";
- }
- elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
- $errortext = "Error: Invalid email format";
- }
- elseif($telephone != "" && (!is_numeric($TelephoneDigits) || (strlen($TelephoneDigits) >= 7 && strlen($TelephoneDigits <= 15)))){
- $errortext = "Error: Incorrect telephone number format";
- }
- elseif ($telephone == "") {
- $telephone = 0;
- }
- elseif($mobile != "" && (!is_numeric($MobileDigits) || (strlen($MobileDigits) >= 7 && strlen($MobileDigits <= 15)))){
- $errortext = "Error: Incorrect mobile number format";
- }
- elseif($gender != "M" && $gender != "F"){
- $errortext = "ERROR: ILLEGAL VALUE RECEIVED FOR FIELD: GENDER";
- }
- if(isset($errortext)){
- $response = array();
- $response['error'] = true;
- $response['message'] = $errortext;
- }
- else{
- $result = $db->createCustomer($firstName,$lastName,$userName,$email,$password,$gender,$mobile,$telephone,$day,$month,$year,$memword,$prefcurr);
- if(isset($result)){
- if($result == "Account successfully created"){
- $result = $db->customerLogin($email,$password);
- $response = $result;
- $response['error'] = false;
- $response['message'] = "Account successfully created";
- }
- else{
- $response['error'] = true;
- $response['message'] = $result;
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- }
- break;
- case 'get':
- $id = isset($_GET['id']) ? $_GET['id'] : '';
- $result = $db->getCustomer($id);
- if(isset($result)){
- if(is_array($result)){
- $response = $result;
- $response['error'] = false;
- }
- else{
- $response['error'] = true;
- $response['message'] = $result;
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- case 'getAddress':
- $id = isset($_GET['id']) ? $_GET['id'] : '';
- $result = $db->getCustomerAddresses($id);
- if(isset($result)){
- if(is_array($result)){
- $response['data'] = $result;
- $response['error'] = false;
- }
- else{
- $response['error'] = true;
- $response['message'] = $result;
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- case 'addAddress':
- $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
- $AddrLine1 = filter_input(INPUT_POST,"addr1",FILTER_SANITIZE_STRING);
- $AddrLine2 = filter_input(INPUT_POST,"addr2",FILTER_SANITIZE_STRING);
- $AddrLine3 = filter_input(INPUT_POST,"addr3",FILTER_SANITIZE_STRING);
- $AddrDesc = filter_input(INPUT_POST,"addrdesc",FILTER_SANITIZE_STRING);
- $DelAddrYN = strtoupper(filter_input(INPUT_POST,"deladdr",FILTER_SANITIZE_STRING));
- $CorAddrYN = strtoupper(filter_input(INPUT_POST,"coraddr",FILTER_SANITIZE_STRING));
- $City = filter_input(INPUT_POST,"city",FILTER_SANITIZE_STRING);
- $State = filter_input(INPUT_POST,"state",FILTER_SANITIZE_STRING);
- $Country = filter_input(INPUT_POST,"country",FILTER_SANITIZE_STRING);
- $AddrType = filter_input(INPUT_POST,"addrtype",FILTER_SANITIZE_NUMBER_INT);
- $Postcode = filter_input(INPUT_POST,"postcode",FILTER_SANITIZE_STRING);
- $type = filter_input(INPUT_POST,"type",FILTER_SANITIZE_NUMBER_INT);
- $errortext = "";
- $error = false;
- if ($AddrLine1 == ""){
- $errortext .= "Error: You must enter a value for field: AddrLine1.<br>";
- $error = true;
- }
- if ($DelAddrYN == ""){
- $errortext .= "Error: You must enter a value for field: Delivery Address.<br>";
- $error = true;
- }
- if ($CorAddrYN == ""){
- $errortext .= "Error: You must enter a value for field: Correspondence Address.<br>";
- $error = true;
- }
- if ($City == ""){
- $errortext .= "Error: You must enter a value for field: City.<br>";
- $error = true;
- }
- if ($State == ""){
- $errortext .= "Error: You must enter a value for field: State $state.<br>";
- $error = true;
- }
- if ($Country == ""){
- $errortext .= "Error: You must enter a value for field: Country.<br>";
- $error = true;
- }
- if ($Postcode == ""){
- $errortext .= "Error: You must enter a value for field: PostCode.<br>";
- $error = true;
- }
- if ($AddrType == ""){
- $errortext .= "Error: You must enter a value for field: AddrType.<br>";
- $error = true;
- }
- if ($DelAddrYN != "" && $DelAddrYN != "N" && $DelAddrYN != "Y"){
- $errortext .= "Error: Illegal value received for field: Delivery Address.<br>";
- $error = true;
- }
- if ($CorAddrYN != "" && $CorAddrYN != "Y" && $CorAddrYN != "N"){
- $errortext .= "Error: Illegal value received for field: Correspondence Address.<br>";
- $error = true;
- }
- if (!is_numeric($State) && $State != "" && $State != "nonesel"){
- $errortext .= "Error: Illegal value received for field: State.<br> ".$State;
- $error = true;
- }
- if(!$error){
- if($type == 1)
- $result = $db->addCustomerPrimaryAddress($id,$AddrLine1,$AddrLine2,$AddrLine3,$City,$State,$Country,$Postcode,$AddrType,$DelAddrYN,$CorAddrYN,$AddrDesc);
- else
- $result = $db->addCustomerAddress($id,$AddrLine1,$AddrLine2,$AddrLine3,$City,$State,$Country,$Postcode,$AddrType,$DelAddrYN,$CorAddrYN,$AddrDesc);
- if(isset($result)){
- $response['error'] = false;
- $response['data'] = $db->getCustomerAddresses($id);
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = $errortext;
- }
- break;
- case 'addGuestAddress':
- $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
- $sid = filter_input(INPUT_POST,"sid",FILTER_SANITIZE_STRING);
- $AddrLine1 = filter_input(INPUT_POST,"addr1",FILTER_SANITIZE_STRING);
- $AddrLine2 = filter_input(INPUT_POST,"addr2",FILTER_SANITIZE_STRING);
- $AddrLine3 = filter_input(INPUT_POST,"addr3",FILTER_SANITIZE_STRING);
- $AddrDesc = filter_input(INPUT_POST,"addrdesc",FILTER_SANITIZE_STRING);
- $City = filter_input(INPUT_POST,"city",FILTER_SANITIZE_STRING);
- $State = filter_input(INPUT_POST,"state",FILTER_SANITIZE_STRING);
- $Country = filter_input(INPUT_POST,"country",FILTER_SANITIZE_STRING);
- $AddrType = filter_input(INPUT_POST,"addrtype",FILTER_SANITIZE_NUMBER_INT);
- $Postcode = filter_input(INPUT_POST,"postcode",FILTER_SANITIZE_STRING);
- $email = filter_input(INPUT_POST,"email",FILTER_SANITIZE_STRING);
- $phone = filter_input(INPUT_POST,"phone",FILTER_SANITIZE_STRING);
- $fname = filter_input(INPUT_POST,"fname",FILTER_SANITIZE_STRING);
- $lname = filter_input(INPUT_POST,"lname",FILTER_SANITIZE_STRING);
- $errortext = "";
- $error = false;
- if ($AddrLine1 == ""){
- $errortext .= "Error: You must enter a value for field: AddrLine1.<br>";
- $error = true;
- }
- if ($City == ""){
- $errortext .= "Error: You must enter a value for field: City.<br>";
- $error = true;
- }
- if ($State == ""){
- $errortext .= "Error: You must enter a value for field: State $state.<br>";
- $error = true;
- }
- if ($Country == ""){
- $errortext .= "Error: You must enter a value for field: Country.<br>";
- $error = true;
- }
- if ($Postcode == ""){
- $errortext .= "Error: You must enter a value for field: PostCode.<br>";
- $error = true;
- }
- if ($AddrType == ""){
- $errortext .= "Error: You must enter a value for field: AddrType.<br>";
- $error = true;
- }
- if (!is_numeric($State) && $State != "" && $State != "nonesel"){
- $errortext .= "Error: Illegal value received for field: State.<br> ".$State;
- $error = true;
- }
- if(!$error){
- $result = $db->addGuestAddress($id,$AddrLine1,$AddrLine2,$AddrLine3,$City,$State,$Country,$Postcode,$AddrType,$AddrDesc,$fname,$lname,$phone);
- if(isset($result)){
- $db->addGuestEmail($sid,$email);
- $response['error'] = false;
- $response['data'] = $db->getCustomerAddresses($id);
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = $errortext;
- }
- break;
- case 'transactions':
- $id = isset($_GET['id']) ? $_GET['id'] : '';
- $sid = isset($_GET['sid']) ? $_GET['sid'] : '';
- $result = $db->getCustomerTransactions($id);
- if(isset($result)){
- if(is_array($result)){
- $response['data'] = $result;
- $response['error'] = false;
- }
- else{
- $response['error'] = true;
- $response['message'] = $result;
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- case 'wishlist':
- $id = isset($_GET['id']) ? $_GET['id'] : '';
- $prefcurr = isset($_GET['prf']) ? $_GET['prf'] : '';
- $result = $db->getCustomerWishlist($id,$prefcurr);
- if(isset($result)){
- if(is_array($result)){
- $response['data'] = $result;
- $response['error'] = false;
- }
- else{
- $response['error'] = true;
- $response['message'] = $result;
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- case 'addWish':
- $prodid = filter_input(INPUT_POST,"prodid",FILTER_SANITIZE_NUMBER_INT);
- $itemName = filter_input(INPUT_POST,"prodname",FILTER_SANITIZE_STRING);
- $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
- $agent = filter_input(INPUT_POST,"agent",FILTER_SANITIZE_NUMBER_INT);
- $result = $db->addToCustomerWishlist($id,$prodid,$agent,$itemName);
- if(isset($result)){
- $response['error'] = false;
- $response['message'] = $result;
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- case 'removeWish':
- $item = filter_input(INPUT_POST,"prodid",FILTER_SANITIZE_NUMBER_INT);
- $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
- $agent = filter_input(INPUT_POST,"agent",FILTER_SANITIZE_NUMBER_INT);
- $result = $db->removefromlist($id,$item,$agent);
- if(isset($result)){
- $response['error'] = false;
- $response['message'] = $result;
- }
- else{
- $response['error'] = true;
- $response['message'] = 'Internal server errored during processing';
- }
- break;
- case 'update':
- $id = filter_input(INPUT_POST,"id",FILTER_SANITIZE_STRING);
- $FirstName = filter_input(INPUT_POST,"fname",FILTER_SANITIZE_STRING);
- $LastName = filter_input(INPUT_POST,"lname",FILTER_SANITIZE_STRING);
- $Day = filter_input(INPUT_POST,"day",FILTER_SANITIZE_NUMBER_INT);
- $Month = filter_input(INPUT_POST,"month",FILTER_SANITIZE_NUMBER_INT);
- $Year = filter_input(INPUT_POST,"year",FILTER_SANITIZE_NUMBER_INT);
- $Gender = filter_input(INPUT_POST,"gender",FILTER_SANITIZE_STRING);
- $Currency = filter_input(INPUT_POST,"currency",FILTER_SANITIZE_STRING);
- $Email = filter_input(INPUT_POST,"email",FILTER_SANITIZE_EMAIL);
- $Telephone = filter_input(INPUT_POST,"phone",FILTER_SANITIZE_NUMBER_INT);
- $Mobile = filter_input(INPUT_POST,"mobile",FILTER_SANITIZE_NUMBER_INT);
- //Phone validation
- $Telephone = str_replace(" ","",$Telephone);
- $Mobile = str_replace(" ","",$Mobile);
- $TelephoneDigits = str_replace("+","",$Telephone);
- $TelephoneDigits = str_replace("-","",$TelephoneDigits);
- $TelephoneDigits = str_replace("(","",$TelephoneDigits);
- $TelephoneDigits = str_replace(")","",$TelephoneDigits);
- $MobileDigits = str_replace("+","",$Mobile);
- $MobileDigits = str_replace("-","",$MobileDigits);
- $MobileDigits = str_replace(")","",$MobileDigits);
- $MobileDigits = str_replace("(","",$MobileDigits);
- if((!$FirstName||!$LastName||!$Gender)){
- $errortext = "Error: Please fill in all the required fields.";
- }
- elseif (!$Email || (!$Mobile && !$Telephone)){
- $errortext = "Error: Please fill out all the required fields. You must include either a Telephone or Mobile number.";
- }
- elseif (!filter_var($Email, FILTER_VALIDATE_EMAIL)&&$Email!="") {
- $errortext = "Error: Invalid email format";
- }
- elseif($Telephone != "" && (!is_numeric($TelephoneDigits) || (strlen($TelephoneDigits) >= 7 && strlen($TelephoneDigits <= 15)))){
- $errortext = "Error: Incorrect telephone number format";
- }
- elseif($Mobile != "" && (!is_numeric($MobileDigits) || (strlen($MobileDigits) >= 7 && strlen($MobileDigits <= 15)))){
- $errortext = "Error: Incorrect mobile number format";
- }
- if(!isset($errortext)){
- $update1 = $db->updateCustomerProfile($id,$FirstName,$LastName,$Day,$Month,$Year,$Gender,$Currency);
- $update2 = $db->updateCustomerContact($id,$Telephone,$Mobile,$Email);
- if($update1 && $update2){
- $response['error'] = false;
- $response['data'] = $db->getCustomerAddresses($id);
- }
- else{
- // $response['error'] = true;
- }
- }
- else{
- $response['error'] = true;
- $response['message'] = $errortext;
- }
- break;
- }
- }
- else {
- echo "No code is parsed";
- }
- ?>
Add Comment
Please, Sign In to add comment