PHP

The Customer Receipt Page

Example 10-3 shows the customer receipt script, customer.3, that is called after a database write to insert or update a customer. The script is a receipt page that can be bookmarked-it expects a cust_id as a GET method parameter-and the script does nothing but read details from the database. Reloading of the page therefore has no undesirable side effects. Customer receipts can be viewed only when logged in, and a user is permitted to view only her own customer receipts; if the user attempts to retrieve another user's details, a warning message is shown to the user, and the cust_id is updated to be her own.

Example 10-3. The customer.3 customer receipt page
<?php
  // This script shows the user a receipt for their customer
  // UPDATE or INSERT.
  // It carries out no database actions and can be
  // bookmarked. The user must be logged in to view it.
  include 'include.inc';
  set_error_handler("errorHandler");
  // Show the user a customer INSERT or UPDATE receipt
  function show_HTML_receipt($custID, $connection)
  {
    $query = "SELECT * FROM customer
             WHERE cust_id = $custID";
    if (!($result = @ mysql_query ($query, $connection)))
       showerror(  );
    // There is only one matching row
    $row = @ mysql_fetch_array($result);
    echo "\n<h1>Account details for " .
         "<font color=\"red\">" . $row["email"] .
         "</font></h1>\n";
    echo "<p><i>Please record your password " .
         "somewhere safe for future use</i>\n";
    echo "<p>Your shipping and billing details are " .
         "as follows:\n<br><b> " .
         $row["title"] . " " .
         $row["firstname"] . " " .
         $row["initial"] . " " .
         $row["surname"] . "\n<br>" .
         $row["addressline1"] . "\n";
    if ($row["addressline2"] != "")
       echo "\n<br>" .
            $row["addressline2"];
    if ($row["addressline3"] != "")
       echo "\n<br>" .
            $row["addressline3"];
    echo "\n<br>" .
         $row["city"] . " " .
         $row["state"] . " " .
         $row["zipcode"] . "\n<br>" .
         $row["country"] . "</b><br>\n";
    if ($row["phone"] != "")
       echo "\n<br><b>Telephone: " .
            $row["phone"] . "</b>";
    if ($row["fax"] != "")
       echo "\n<br><b>Fax: " .
            $row["fax"] . "</b>";
    $row["dob"] = substr($row["birth_date"], 8, 2) . "/" .
                  substr($row["birth_date"], 5, 2) . "/" .
                  substr($row["birth_date"], 0, 4);
    echo "\n<br><b>Date of Birth: " .
         $row["dob"] . "</b>\n<br>";
  }
  // Main ----------
   // Re-establish the existing session
   session_start(  );
   // Check if the user is logged in - this should never
   // fail unless the script is run incorrectly
   if (!session_is_registered("loginUsername"))
   {
      session_register("message");
      $message = "You must login to view your " .
                 "customer receipt.";
      header("Location: example.cart.1.php");
      exit;
   }
   // Check the correct parameters have been passed
   if (!isset($custID))
   {
      session_register("message");
      $message = "Incorrect parameters to " .
                 "example.customer.3.php";
      // Redirect the browser back to the calling page,
      // using the HTTP response header "Location:"
      // and the PHP environment variable $HTTP_REFERER
      header("Location: $HTTP_REFERER");
      exit;
   }
   // Check this customer matches the custID
   if ($custID != getCustomerID($loginUsername, NULL))
   {
      session_register("message");
      $message = "You can only view your own " .
                 "customer receipt!";
      $custID = getCustomerID($loginUsername, NULL);
   }
   // Open a connection to the DBMS
   if (!($connection = @ mysql_pconnect($hostName,
                                        $username,
                                        $password)))
      showerror(  );
   if (!mysql_select_db($databaseName, $connection))
      showerror(  );
?>
<!DOCTYPE HTML PUBLIC
   "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html401/loose.dtd">
<html>
<head>
  <title>Alexa and Dave's Online Wines</title>
</head>
<body bgcolor="white">
<?php
   // Show the user login status
   showLogin(  );
   // Show the user any messages
   showMessage(  );
   // Show the customer confirmation
   show_HTML_receipt($custID, $connection);
   // Show buttons
   echo "<form action=\"example.cart.5.php\"" .
        " method=\"GET\">";
   echo "<table>";
   echo "<td><input type=\"submit\" name=\"home\"" .
        " value=\"Home\"></td>";
?>
</table>
</form>
<br><a href="http://validator.w3.org/check/referer"><img
     src="http://www.w3.org/Icons/valid-html401"
     height="31" width="88" align="right" border="0"
     alt="Valid HTML 4.01!"></a>
</body>
</html>