Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $token = filter_input(INPUT_POST, 'token', FILTER_UNSAFE_RAW);
- if (!$token || $token !== $_SESSION['token']) {
- // show an error message
- echo '<p class="error">Error: invalid form submission</p>';
- // return 405 http status code
- header($_SERVER['SERVER_PROTOCOL'] . ' 405 Method Not Allowed');
- exit;
- }
- // unset the token so it cannot be used again
- unset($_SESSION['token']);
- $companyName = filter_input(INPUT_POST, 'companyName', FILTER_UNSAFE_RAW);
- $phoneNumber = filter_input(INPUT_POST, 'phoneNumber', FILTER_UNSAFE_RAW);
- $parameters = [
- 'firstName' => 'First name',
- 'lastName' => 'Last name',
- 'email' => 'Email',
- 'password' => 'Password',
- 'confirmPassword' => 'Confirm password',
- 'country' => 'Country',
- 'address' => 'Address',
- ];
- $errors = $inputs = [];
- foreach ($parameters as $name => $label) {
- $value = filter_input(INPUT_POST, $name, FILTER_UNSAFE_RAW);
- if (empty($value)) {
- $errors[$name] = sprintf('%s is required', $label);
- } else {
- $inputs[$name] = $value;
- }
- }
- $stateOrProvince = $_POST['state'] ?? $_POST['province'];
- $stateOrProvince = filter_input(INPUT_POST, $stateOrProvince, FILTER_UNSAFE_RAW);
- $city = $_POST['UScity'] ?? $_POST['CAcity'];
- $city = filter_input(INPUT_POST, $city, FILTER_UNSAFE_RAW);
- $state = filter_input(INPUT_POST, 'state', FILTER_UNSAFE_RAW);
- $province = filter_input(INPUT_POST, 'province', FILTER_UNSAFE_RAW);
- $UScity = filter_input(INPUT_POST, 'UScity', FILTER_UNSAFE_RAW);
- $CAcity = filter_input(INPUT_POST, 'CAcity', FILTER_UNSAFE_RAW);
- if (empty($stateOrProvince)) {
- $errors['stateOrProvince'] = 'State or province is required';
- } else {
- $inputs['stateOrProvince'] = $stateOrProvince;
- }
- if (empty($city)) {
- $errors['city'] = 'City is required';
- } else {
- $inputs['city'] = $city;
- }
- if (empty($inputs['password']) || $inputs['password'] !== $inputs['confirmPassword']) {
- $errors['password'] = 'Password and confirm password must match';
- } else {
- $inputs['password'] = password_hash($inputs['password'], PASSWORD_DEFAULT);
- }
- if (!empty($errors)) {
- // show the errors
- echo '<p class="error">Error: invalid form submission</p>';
- echo '<ul>';
- foreach ($errors as $error) {
- echo '<li>' . $error . '</li>';
- }
- echo '</ul>';
- // return 405 http status code
- header($_SERVER['SERVER_PROTOCOL'] . ' 405 Method Not Allowed');
- exit;
- }
- require './vendor/autoload.php'; // get the Stripe client
- require './config.php'; // get the PDO connection
- // step 1: remove the preUser data from the database
- $sql = 'DELETE FROM preUser WHERE email = :email';
- $stmt = $pdo->prepare($sql);
- $stmt->execute([
- 'email' => $inputs['email'],
- ]);
- // step 2: create a new customer on Stripe
- $stripe = new \Stripe\StripeClient($stripe['secret_key']);
- $customer = $stripe->customers->create([
- 'address' => [
- 'city' => $inputs['city'],
- 'country' => $inputs['country'],
- 'line1' => $inputs['address'],
- 'state' => $inputs['stateOrProvince'],
- ],
- 'email' => $inputs['email'],
- 'name' => $inputs['firstName'] . ' ' . $inputs['lastName'],
- 'phone' => $inputs['phoneNumber'],
- ]);
- // step 3: create a new user in the database
- $sqlData = [
- 'id' => $customer->id,
- 'firstName' => $inputs['firstName'],
- 'lastName' => $inputs['lastName'],
- 'email' => $inputs['email'],
- 'password' => $inputs['password'],
- 'country' => $inputs['country'],
- 'address' => $inputs['address'],
- ];
- if ($inputs['country'] === 'US') {
- $sqlData['state'] = $inputs['stateOrProvince'];
- $sqlData['city'] = $inputs['city'];
- } else {
- $sqlData['province'] = $inputs['stateOrProvince'];
- $sqlData['city'] = $inputs['city'];
- }
- if (!empty($inputs['phoneNumber'])) {
- $sqlData['phoneNumber'] = $inputs['phoneNumber'];
- }
- if (!empty($inputs['companyName'])) {
- $sqlData['companyName'] = $inputs['companyName'];
- }
- $columns = array_keys($sqlData); // no shielding with backticks
- $values = array_map(
- function (string $value) use ($pdo): string {
- return $pdo->quote($value); // escape values
- },
- array_values($sqlData)
- );
- $query = sprintf(
- 'INSERT INTO `%s` (%s) VALUES (%s);',
- 'users',
- implode(', ', $columns),
- implode(', ', $values)
- );
- $pdo->query($query);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement