You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

107 lines
3.5 KiB
PHP

<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
require_once __DIR__ . "/required.php";
require_once __DIR__ . "/lib/item.php";
switch ($VARS['action']) {
case "addtocart":
$item = $VARS['item'];
$qty = $VARS['qty'];
if (!$binstack->has('items', ['AND' => ['itemid' => $item, 'price[>]' => 0]])) {
header('Location: ./?page=cart&msg=invaliditem');
die("Invalid item");
}
$cart = [];
if (!empty($_SESSION['cart'])) {
$cart = $_SESSION['cart'];
}
if (empty($cart[$item])) {
$cart[$item] = $qty;
} else {
$cart[$item] += $qty;
}
$_SESSION['cart'] = $cart;
header('Location: ./?page=cart&msg=itemadded');
die();
break;
case "updatecart":
$item = $VARS['item'];
$qty = $VARS['qty'];
$cart = [];
if (!empty($_SESSION['cart'])) {
$cart = $_SESSION['cart'];
}
$cart[$item] = $qty;
if ($qty <= 0) {
unset($cart[$item]);
}
$_SESSION['cart'] = $cart;
header('Location: ./?page=cart&msg=itemupdated');
break;
case "login":
$email = $VARS['email'];
$password = $VARS['password'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header('Location: ./?page=login&msg=invalidemail');
die("Invalid email address.");
}
if ($database->has('customers', ['email' => $email])) {
$hash = $database->get('customers', 'password', ['email' => $email]);
if (password_verify($password, $hash)) {
$_SESSION['shop_account'] = $database->get('customers', ['customerid (id)', 'name', 'password (hashed_password)', 'email'], ['email' => $email]);
header('Location: ./?page=account');
die();
} else {
header('Location: ./?page=login&msg=badlogin');
die("Bad login.");
}
} else {
header('Location: ./?page=login&msg=badlogin');
die("Bad login.");
}
break;
case "logout":
$_SESSION['shop_account'] = null;
header('Location: ./');
break;
case "signup":
$name = $VARS['name'];
$email = $VARS['email'];
$password = $VARS['password'];
$phone = $VARS['phone'];
if (empty($name) || empty($email) || empty($password)) {
header('Location: ./?page=signup&msg=missingdata');
die("Missing required data.");
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header('Location: ./?page=signup&msg=invalidemail');
die("Invalid email address.");
}
if ($database->has('customers', ['OR' => ['name' => $name, 'email' => $email]])) {
header('Location: ./?page=signup&msg=accountinuse');
die("Name or email already in use.");
}
if (empty($phone)) {
$phone = null;
}
$database->insert('customers', ['name' => $name, 'email' => $email, 'password' => password_hash($password, PASSWORD_BCRYPT), 'phone' => $phone]);
$_SESSION['shop_account'] = $database->get('customers', ['name', 'password (hashed_password)', 'email'], ['email' => $email]);
header('Location: ./?page=account');
die();
break;
}