JCS1988 Posted February 7, 2008 Share Posted February 7, 2008 So I have another problem and decided to come back here since everyone is always so helpful. I have a database setup with all my products, users, and orders. You can browse the products and add them to a cart, everything works fine on that part. But I am not sure how to complete the actual check out process. I have a user account system where users can register, then login. Certain pages require a visitor to be logged in, so when the users logs in a session is created. I believe the session is storing 'customer_id', which is located in the customers table under each customers unique ID. The script is below, i'm not sure what exactly is being stored. If you click checkout on this page http://jcs5325.aisites.com/cart.php it will take you to a submit order form that I got from my text book files. The lesson didn't involve user accounts, it just explained how to setup the cart and then type in the info at the last minute. I want this submit order page to use the stored customer_id and access the customer info (first_name, last_name, email, etc) and display it along with the items and total, just like any other confirmation page you would see. In other words I want to completely do away with that form that asks for the information and have the page get the users info that's already in the database. This is the code from my text book, the page can be seen from the link above. <?php session_start(); require("opendbo.php"); require("displaycartfunction.php"); $today = Date("Y-m-d", time()); if ((isset($HTTP_COOKIE_VARS)) || (isset($HTTP_SESSION_VARS)) || (isset($HTTP_GET_VARS))) { extract ($HTTP_COOKIE_VARS); extract ($HTTP_SESSION_VARS); extract ($HTTP_GET_VARS); extract ($HTTP_POST_VARS); extract ($HTTP_SERVER_VARS); } reset ($HTTP_COOKIE_VARS); reset ($HTTP_SESSION_VARS); reset ($HTTP_GET_VARS); reset ($HTTP_POST_VARS); reset ($HTTP_SERVER_VARS); if (!@$submitconfirm) { print ("Please give information for ordering or confirm information present.<br>"); print ("<form action=\"$PHP_SELF\" method=post><br>"); $ofname=""; $olname=""; $obilling=""; $oemail=""; if (@$currentcustomer) {$query="SELECT * from customers where customer_id=$currentcustomer"; $result=mysql_db_query($DBname,$query,$link); $Num_past = mysql_num_rows($result); if ($Num_past>0) { $obilling=mysql_result($result,0,"billing"); $ofname=mysql_result($result,0,"fname"); $olname=mysql_result($result,0,"lname"); $oemail=mysql_result($result,0,"emailaddress"); print ("<input type=hidden name=oldcustomer value=TRUE>"); print("<br>INFO OKAY <input type=\"radio\" name=\"choices\" value=\"OKAY\" CHECKED >"); print ("<br>CHANGE MY INFO <input type=\"radio\" name=\"choices\" value=\"CHANGE\" >"); print ("<br>NEW CUSTOMER <input type=\"radio\" name=\"choices\" value=\"NC\"><br>"); } } print ("First Name <input type=text name='fname' value='".$ofname."'><br>"); print ("Last Name <input type=text name='lname' value='".$olname."'><br>"); print ("Billing information <input type=text name='billing' value='".$obilling."'><br>"); print ("E mail address <input type=text name='email' value='".$oemail."'><br>"); print ("<input type=hidden name='submitconfirm' value=TRUE>"); print ("<input type=submit name='submit' value='SUBMIT/CONFIRM INFORMATION'>"); print ("</form>"); } else { if (!@$oldcustomer) { $query="INSERT INTO customers VALUES ('0','".$fname; $query=$query."','".$lname."','".$billing."','".$email."','X')" ; // X for pass now $result=mysql_db_query($DBname, $query,$link); //need error handling. $currentcustomer=mysql_insert_id(); setcookie("currentcustomer",$currentcustomer); //sets permanent cookie } //end if not old customer--need to insert into db and create cookie else { // old customer. Update db just in case changes were made if (@$choices=='CHANGE') { $query="UPDATE customers set fname='".$fname ; $query = $query . "', lname='".$lname."', billing='".$billing; $query = $query . "', emailaddress='".$email ."' where id=$currentcustomer"; mysql_db_query($DBname,$query,$link); } else if (@$choices=='NC') { $query="INSERT INTO customers VALUES ('0','".$fname; $query=$query."','".$lname."','".$billing."','".$email."','X')" ; // X for pass now $result=mysql_db_query($DBname, $query,$link); //need error handling. $currentcustomer=mysql_insert_id(); $duration = 90 * 24 * 60* 60; //90 days setcookie("currentcustomer",$currentcustomer, time()+$duration); //sets long term } //end if changed to new customer } print("Welcome, $fname <br>"); print ("Today is $today <br>\n"); print ("Here is your order.<hr>"); displaycart(); print ("<hr> We are billing it using the following information: <br> $billing<br>"); $query = "INSERT INTO orders VALUES ('0', '"; $query = $query . $currentcustomer."', '".$today."', 'set',".$totalprice.")"; mysql_db_query($DBname, $query, $link); $orderid=mysql_insert_id(); foreach ($cart as $key=>$value) { $product_id = substr($key, 1); $query="INSERT INTO ordereditems VALUES ('".$orderid."','".$product_id."',".$value.")"; mysql_db_query($DBname,$query,$link); } //ends the foreach /* // uncomment this section to troubleshoot modifications echo "<pre>"; print_r($HTTP_SESSION_VARS); print_r($HTTP_SESSION_VARS['cart']); echo "</pre>"; */ //session_unregister('cart'); unset($HTTP_SESSION_VARS['cart']); unset($HTTP_SESSION_VARS['items']); unset($HTTP_SESSION_VARS['totalprice']); //session_unregister('totalprice'); //session_unregister('items'); unset($cart); unset($items); unset($totalprice); session_destroy(); } //ends handling of form -- the else clause on if submitconfirm ?> </body> </html> This is the page that confirms the users login information, and stores it in a session for access to the private pages. I assume that whatever information this script stores can be used to pull up the customer information during the checkout. <?php //Start session session_start(); //Connect to mysql server $link=mysql_connect("data.jcs5325.aisites.com","jcs5325aii_pho","203633"); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("jcs5325aii_photography"); if(!$db) { die("Unable to select database"); } //Sanitize the value received from login field //to prevent SQL Injection if(!get_magic_quotes_gpc()) { $username=mysql_real_escape_string($_POST['username']); }else { $username=$_POST['username']; } //Create query $qry="SELECT customer_id FROM users WHERE username='$username' AND password='$password'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result)>0) { //Login Successful session_regenerate_id(); $member=mysql_fetch_assoc($result); $_SESSION['SESS_CUSTOMER_ID']=$member['customer_id']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.