Advertisement
Foxxything

Untitled

Aug 7th, 2022
1,447
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.46 KB | None | 0 0
  1. <?php
  2.   $token = filter_input(INPUT_POST, 'token', FILTER_UNSAFE_RAW);
  3.  
  4.   if (!$token || $token !== $_SESSION['token']) {
  5.     // show an error message
  6.     echo '<p class="error">Error: invalid form submission</p>';
  7.     // return 405 http status code
  8.     header($_SERVER['SERVER_PROTOCOL'] . ' 405 Method Not Allowed');
  9.     exit;
  10.   }
  11.  
  12.   // unset the token so it cannot be used again
  13.   unset($_SESSION['token']);
  14.  
  15.   $companyName = filter_input(INPUT_POST, 'companyName', FILTER_UNSAFE_RAW);
  16.   $phoneNumber = filter_input(INPUT_POST, 'phoneNumber', FILTER_UNSAFE_RAW);
  17.  
  18.   $parameters = [
  19.     'firstName' => 'First name',
  20.     'lastName' => 'Last name',
  21.     'email' => 'Email',
  22.     'password' => 'Password',
  23.     'confirmPassword' => 'Confirm password',
  24.     'country' => 'Country',
  25.     'address' => 'Address',
  26.   ];
  27.  
  28.   $errors = $inputs = [];
  29.   foreach ($parameters as $name => $label) {
  30.     $value = filter_input(INPUT_POST, $name, FILTER_UNSAFE_RAW);
  31.     if (empty($value)) {
  32.       $errors[$name] = sprintf('%s is required', $label);
  33.     } else {
  34.       $inputs[$name] = $value;
  35.     }
  36.   }
  37.  
  38.   $stateOrProvince = $_POST['state'] ?? $_POST['province'];
  39.   $stateOrProvince = filter_input(INPUT_POST, $stateOrProvince, FILTER_UNSAFE_RAW);
  40.  
  41.   $city = $_POST['UScity'] ?? $_POST['CAcity'];
  42.   $city = filter_input(INPUT_POST, $city, FILTER_UNSAFE_RAW);
  43.  
  44.   $state = filter_input(INPUT_POST, 'state', FILTER_UNSAFE_RAW);
  45.   $province = filter_input(INPUT_POST, 'province', FILTER_UNSAFE_RAW);
  46.   $UScity = filter_input(INPUT_POST, 'UScity', FILTER_UNSAFE_RAW);
  47.   $CAcity = filter_input(INPUT_POST, 'CAcity', FILTER_UNSAFE_RAW);
  48.  
  49.   if (empty($stateOrProvince)) {
  50.     $errors['stateOrProvince'] = 'State or province is required';
  51.   } else {
  52.     $inputs['stateOrProvince'] = $stateOrProvince;
  53.   }
  54.  
  55.   if (empty($city)) {
  56.     $errors['city'] = 'City is required';
  57.   } else {
  58.     $inputs['city'] = $city;
  59.   }
  60.  
  61.   if (empty($inputs['password']) || $inputs['password'] !== $inputs['confirmPassword']) {
  62.     $errors['password'] = 'Password and confirm password must match';
  63.   } else {
  64.     $inputs['password'] = password_hash($inputs['password'], PASSWORD_DEFAULT);
  65.   }
  66.  
  67.   if (!empty($errors)) {
  68.     // show the errors
  69.     echo '<p class="error">Error: invalid form submission</p>';
  70.     echo '<ul>';
  71.     foreach ($errors as $error) {
  72.       echo '<li>' . $error . '</li>';
  73.     }
  74.     echo '</ul>';
  75.     // return 405 http status code
  76.     header($_SERVER['SERVER_PROTOCOL'] . ' 405 Method Not Allowed');
  77.     exit;
  78.   }
  79.  
  80.   require './vendor/autoload.php'; // get the Stripe client
  81.   require './config.php'; // get the PDO connection
  82.  
  83.   // step 1: remove the preUser data from the database
  84.   $sql = 'DELETE FROM preUser WHERE email = :email';
  85.   $stmt = $pdo->prepare($sql);
  86.   $stmt->execute([
  87.     'email' => $inputs['email'],
  88.   ]);
  89.  
  90.   // step 2: create a new customer on Stripe
  91.   $stripe = new \Stripe\StripeClient($stripe['secret_key']);
  92.   $customer = $stripe->customers->create([
  93.     'address' => [
  94.       'city' => $inputs['city'],
  95.       'country' => $inputs['country'],
  96.       'line1' => $inputs['address'],
  97.       'state' => $inputs['stateOrProvince'],
  98.     ],
  99.     'email' => $inputs['email'],
  100.     'name' => $inputs['firstName'] . ' ' . $inputs['lastName'],
  101.     'phone' => $inputs['phoneNumber'],
  102.   ]);
  103.  
  104.   // step 3: create a new user in the database
  105.   $sqlData = [
  106.     'id' => $customer->id,
  107.     'firstName' => $inputs['firstName'],
  108.     'lastName' => $inputs['lastName'],
  109.     'email' => $inputs['email'],
  110.     'password' => $inputs['password'],
  111.     'country' => $inputs['country'],
  112.     'address' => $inputs['address'],
  113.   ];
  114.  
  115.   if ($inputs['country'] === 'US') {
  116.     $sqlData['state'] = $inputs['stateOrProvince'];
  117.     $sqlData['city'] = $inputs['city'];
  118.   } else {
  119.     $sqlData['province'] = $inputs['stateOrProvince'];
  120.     $sqlData['city'] = $inputs['city'];
  121.   }
  122.  
  123.   if (!empty($inputs['phoneNumber'])) {
  124.     $sqlData['phoneNumber'] = $inputs['phoneNumber'];
  125.   }
  126.  
  127.   if (!empty($inputs['companyName'])) {
  128.     $sqlData['companyName'] = $inputs['companyName'];
  129.   }  
  130.  
  131.   $columns = array_keys($sqlData); // no shielding with backticks
  132.  
  133.   $values = array_map(
  134.     function (string $value) use ($pdo): string {
  135.       return $pdo->quote($value); // escape values
  136.     },
  137.     array_values($sqlData)
  138.   );
  139.  
  140.  
  141.   $query = sprintf(
  142.     'INSERT INTO `%s` (%s) VALUES (%s);',
  143.     'users',
  144.     implode(', ', $columns),
  145.     implode(', ', $values)
  146.   );
  147.  
  148.   $pdo->query($query);
  149.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement