The Customer Receipt Page
Example 10-3 shows the customer receipt script, customer.3, that is called after a database write to insert or update a customer. The script is a receipt page that can be bookmarked-it expects a cust_id as a GET method parameter-and the script does nothing but read details from the database. Reloading of the page therefore has no undesirable side effects. Customer receipts can be viewed only when logged in, and a user is permitted to view only her own customer receipts; if the user attempts to retrieve another user's details, a warning message is shown to the user, and the cust_id is updated to be her own.
Example 10-3. The customer.3 customer receipt page
<?php
// This script shows the user a receipt for their customer
// UPDATE or INSERT.
// It carries out no database actions and can be
// bookmarked. The user must be logged in to view it.
include 'include.inc';
set_error_handler("errorHandler");
// Show the user a customer INSERT or UPDATE receipt
function show_HTML_receipt($custID, $connection)
{
$query = "SELECT * FROM customer
WHERE cust_id = $custID";
if (!($result = @ mysql_query ($query, $connection)))
showerror( );
// There is only one matching row
$row = @ mysql_fetch_array($result);
echo "\n<h1>Account details for " .
"<font color=\"red\">" . $row["email"] .
"</font></h1>\n";
echo "<p><i>Please record your password " .
"somewhere safe for future use</i>\n";
echo "<p>Your shipping and billing details are " .
"as follows:\n<br><b> " .
$row["title"] . " " .
$row["firstname"] . " " .
$row["initial"] . " " .
$row["surname"] . "\n<br>" .
$row["addressline1"] . "\n";
if ($row["addressline2"] != "")
echo "\n<br>" .
$row["addressline2"];
if ($row["addressline3"] != "")
echo "\n<br>" .
$row["addressline3"];
echo "\n<br>" .
$row["city"] . " " .
$row["state"] . " " .
$row["zipcode"] . "\n<br>" .
$row["country"] . "</b><br>\n";
if ($row["phone"] != "")
echo "\n<br><b>Telephone: " .
$row["phone"] . "</b>";
if ($row["fax"] != "")
echo "\n<br><b>Fax: " .
$row["fax"] . "</b>";
$row["dob"] = substr($row["birth_date"], 8, 2) . "/" .
substr($row["birth_date"], 5, 2) . "/" .
substr($row["birth_date"], 0, 4);
echo "\n<br><b>Date of Birth: " .
$row["dob"] . "</b>\n<br>";
}
// Main ----------
// Re-establish the existing session
session_start( );
// Check if the user is logged in - this should never
// fail unless the script is run incorrectly
if (!session_is_registered("loginUsername"))
{
session_register("message");
$message = "You must login to view your " .
"customer receipt.";
header("Location: example.cart.1.php");
exit;
}
// Check the correct parameters have been passed
if (!isset($custID))
{
session_register("message");
$message = "Incorrect parameters to " .
"example.customer.3.php";
// Redirect the browser back to the calling page,
// using the HTTP response header "Location:"
// and the PHP environment variable $HTTP_REFERER
header("Location: $HTTP_REFERER");
exit;
}
// Check this customer matches the custID
if ($custID != getCustomerID($loginUsername, NULL))
{
session_register("message");
$message = "You can only view your own " .
"customer receipt!";
$custID = getCustomerID($loginUsername, NULL);
}
// Open a connection to the DBMS
if (!($connection = @ mysql_pconnect($hostName,
$username,
$password)))
showerror( );
if (!mysql_select_db($databaseName, $connection))
showerror( );
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html401/loose.dtd">
<html>
<head>
<title>Alexa and Dave's Online Wines</title>
</head>
<body bgcolor="white">
<?php
// Show the user login status
showLogin( );
// Show the user any messages
showMessage( );
// Show the customer confirmation
show_HTML_receipt($custID, $connection);
// Show buttons
echo "<form action=\"example.cart.5.php\"" .
" method=\"GET\">";
echo "<table>";
echo "<td><input type=\"submit\" name=\"home\"" .
" value=\"Home\"></td>";
?>
</table>
</form>
<br><a href="http://validator.w3.org/check/referer"><img
src="http://www.w3.org/Icons/valid-html401"
height="31" width="88" align="right" border="0"
alt="Valid HTML 4.01!"></a>
</body>
</html>