| [ PHPXref.com ] | [ Generated: Sun Jul 20 19:13:40 2008 ] | [ osCommRes 1.2.0 ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 // osCommRes web service 3 require ('../includes/configure.php'); 4 require ('english.php'); 5 error_reporting(E_ALL); 6 7 8 // get the database parameters from stored config file 9 $db["name"]=DB_DATABASE; 10 $db["server"]=DB_SERVER; 11 $db["username"]=DB_SERVER_USERNAME; 12 $db["password"]=DB_SERVER_PASSWORD; 13 14 15 // definition for customer details 16 class customer{ 17 var $gender; 18 var $firstname; 19 var $lastname; 20 var $dob; 21 var $emailaddress; 22 var $telephone; 23 var $mobile; 24 var $newsletter; 25 var $second_email_address; 26 var $second_telephone; 27 var $reserve_newsletter; 28 var $subscription_newsletter; 29 var $type; 30 var $street_address; 31 var $city; 32 var $state; 33 var $country; 34 var $suburb; 35 var $company; 36 var $password; 37 var $postcode; 38 var $admin_id; 39 var $customer_id; 40 var $default_address_id; 41 } 42 43 // function to connect to database 44 function db_connect(){ 45 global $db; 46 $link=mysql_connect($db["server"],$db["username"],$db["password"]); 47 if (!$link){ 48 log_error("1000",sprintf(TEXT_CANNOT_CONNECT,$db["server"],$db["username"],$db["password"]),"db_connect"); 49 return false; 50 } else { 51 if (!mysql_select_db($db["name"])){ 52 log_error("1001",sprintf(TEXT_SELECT_DB,$db["name"]),"db_connect"); 53 return false; 54 } else { 55 return $link; 56 } 57 } 58 } 59 // function to execute query 60 function db_query($query,$link){ 61 $result=mysql_query($query,$link); 62 63 if (!$result){ 64 log_error(1002,sprintf(TEXT_EXECUTE_QUERY,mysql_error($link)),"db_query"); 65 return false; 66 } else { 67 return $result; 68 } 69 } 70 // function to give no of rows 71 function db_num_rows($query){ 72 $rows=mysql_num_rows($query); 73 return $rows; 74 } 75 // function to fetch details of current record 76 function db_fetch_array($query){ 77 $result=mysql_fetch_assoc($query); 78 return $result; 79 } 80 81 // validate given member details in customers table 82 function ValidateMember($detail){ 83 $emailaddress=$detail->emailaddress; 84 $password=$detail->password; 85 $link=db_connect(); 86 return $HTTP_COOKIE_VARS["osCid"); 87 if (!$link){ 88 return "no"; 89 } 90 // first check the user name for valid 91 $customer_sql="SELECT customers_password from customers where customers_email_address='" . $emailaddress . "'"; 92 93 $customer_query=db_query($customer_sql,$link); 94 95 if (!$customer_query) return "no"; 96 97 if (db_num_rows($customer_query)<=0) return "no"; 98 99 $customer_result=db_fetch_array($customer_query); 100 101 // validate for password 102 if (validate_password($password,$customer_result["customers_password"])){ 103 return "yes"; 104 } else{ 105 return "no"; 106 } 107 } 108 // validate given member details in customers table 109 function ValidateSubscriptionMember($detail){ 110 $cur_date="now()"; 111 $emailaddress=$detail->emailaddress; 112 $password=$detail->password; 113 $link=db_connect(); 114 if (!$link){ 115 return "no"; 116 } 117 // first check the user name for valid 118 $customer_sql="SELECT customers_password from customers where customers_email_address='" . $emailaddress . "'"; 119 120 $customer_query=db_query($customer_sql,$link); 121 122 if (!$customer_query) return "no"; 123 124 if (db_num_rows($customer_query)<=0) return "no"; 125 126 $customer_result=db_fetch_array($customer_query); 127 128 // validate for password 129 if (!validate_password($password,$customer_result["customers_password"])){ 130 return "no"; 131 } 132 // check for valid subscriptions he have purchased 133 134 $check_sql="SELECT su.subscription_id from orders o, orders_products op, subscriptions su " . 135 " where o.orders_status>1 and op.products_id=su.subscription_id and o.orders_id=op.orders_id and o.customers_id='" . $user . "' " . 136 " and " . $cur_date . ">=max(o.date_purchased) and " . $cur_date ."<=date_add(max(o.date_purchased),interval su.subscription_period day) order by su.subscription_id "; 137 138 $check_query=db_query($check_sql,$link); 139 140 if (!$check_query) return "no"; 141 142 $result=array(); 143 while($check_result=db_fetch_array($check_sql)){ 144 $result[]=$check_result["subscription_id"]; 145 } 146 147 return $result; 148 } 149 150 // validate given member details in customers table 151 function GetSubscriptionDetails($detail){ 152 $cur_date="now()"; 153 $emailaddress=$detail->emailaddress; 154 $password=$detail->password; 155 $link=db_connect(); 156 if (!$link){ 157 return "no"; 158 } 159 // first check the user name for valid 160 $customer_sql="SELECT customers_password from customers where customers_email_address='" . $emailaddress . "'"; 161 162 $customer_query=db_query($customer_sql,$link); 163 164 if (!$customer_query) return "no"; 165 166 if (db_num_rows($customer_query)<=0) return "no"; 167 168 $customer_result=db_fetch_array($customer_query); 169 170 // validate for password 171 if (!validate_password($password,$customer_result["customers_password"])){ 172 return "no"; 173 } 174 // check for valid subscriptions he have purchased 175 176 $check_sql="SELECT su.subscription_id,max(o.date_purchased) as start_date ,date_add(max(o.date_purchased),interval su.subscription_period day) as expiry_date from orders o, orders_products op, subscriptions su " . 177 " where o.orders_status>1 and op.products_id=su.subscription_id and o.orders_id=op.orders_id and o.customers_id='" . $user . "' " . 178 " and " . $cur_date . ">=max(o.date_purchased) and " . $cur_date ."<=date_add(max(o.date_purchased),interval su.subscription_period day) order by su.subscription_id "; 179 180 $check_query=db_query($check_sql,$link); 181 182 if (!$check_query) return "no"; 183 184 $result=array(); 185 while($check_result=db_fetch_array($check_sql)){ 186 $result[]=array("subscription_id"=>$check_result["subscription_id"],"start_date",$check_result["start_date"], 187 "expiry_date"=>$check_result["expiry_date"] 188 ); 189 } 190 191 return $result; 192 } 193 // validate given member for subscription valid period 194 function ValidateSubscription($detail){ 195 $user=$detail->userID; 196 $subscription=$detail->subscriptionID; 197 198 $cur_date="now()"; 199 $link=db_connect(); 200 if (!$link){ 201 return "no"; 202 } 203 // check current user in orders for subscription 204 $check_sql="SELECT count(*) as total from orders o, orders_products op, subscriptions su " . 205 " where o.orders_status>1 and op.products_id=su.subscription_id and o.orders_id=op.orders_id and o.customers_id='" . $user . "' and su.subscription_id='" . $subscription . "' " . 206 " and " . $cur_date . ">=o.date_purchased and " . $cur_date ."<=date_add(o.date_purchased,interval su.subscription_period day)"; 207 208 $check_query=db_query($check_sql,$link); 209 210 if (!$check_query) return "no"; 211 212 $check_result=db_fetch_array($check_query); 213 if ($check_result["total"]>0){ 214 return "yes"; 215 } else { 216 return "no"; 217 } 218 } 219 220 // function to valdate given password 221 function validate_password($plain, $encrypted) { 222 if ($plain!="" && $encrypted!="") { 223 // split apart the hash / salt 224 $stack = explode(':', $encrypted); 225 226 if (sizeof($stack) != 2) return false; 227 228 if (md5($stack[1] . $plain) == $stack[0]) { 229 return true; 230 } 231 } 232 233 return false; 234 } 235 // function to log error 236 function log_error($error_code,$error_text,$function_name){ 237 global $server; 238 $server->fault($error_code,"Error:",$function_name,$error_text,"Error:"); 239 } 240 241 // function to add or update customer details to the database 242 function AddCustomer($cust){ 243 $error=""; 244 $link=db_connect(); 245 if (!$link){ 246 return 0; 247 } 248 // check for rights to add the user 249 $admin_query=db_query("SELECT admin_firstname,admin_lastname from admin where admin_id='" . $cust->admin_id . "'",$link); 250 251 if (db_num_rows($admin_query)<=0) return TEXT_NO_ADMIN_USER; 252 $admin_files_query=db_query("SELECT admin_groups_id from admin_files where admin_files_name='create_account.php'",$link); 253 $admin_files_result=db_fetch_array($admin_files_query); 254 $admin_files_result["admin_groups_id"]="," . $admin_files_result["admin_groups_id"] .","; 255 256 if (strpos($admin_files_result["admin_groups_id"],"," . $cust->admin_id . ",")===false) return TEXT_NO_RIGHTS; 257 258 $cust->gender=strtolower($cust->gender); 259 if (($cust->gender != 'm') && ($cust->gender != 'f')) { 260 $error.=ERR_GENDER; 261 } 262 if ($cust->firstname=="") $error.= ERR_FIRSTNAME; 263 264 if ($cust->lastname=="") $error.= ERR_LASTNAME; 265 266 if ($cust->dob=="") $error.= ERR_DOB; 267 268 if ($cust->emailaddress==""){ 269 $error.=ERR_EMAIL_ADDRESS; 270 } else { 271 $email_option=""; 272 if (isset($cust->customer_id) && ((int)$cust->customer_id)>0) $email_option=" and customers_id!='" . $cust->customer_id . "' "; 273 $check_email = db_query("select customers_email_address from customers where customers_email_address = '" . db_input($cust->emailaddress,$link) . "'" . $email_option,$link); 274 if (db_num_rows($check_email)>0) { 275 $error.= ERR_EMAIL_EXISTS; 276 } 277 } 278 if ($cust->street_address=="") $error.=ERR_STREET_ADDRESS; 279 if ($cust->postcode=="") $error.=ERR_POSTCODE; 280 if ($cust->city=="") $error.=ERR_CITY; 281 if ($cust->country=="") $error.=ERR_COUNTRY; 282 $zone_id = 0; 283 $entry_state_error = false; 284 $check_query = db_query("select count(*) as total from zones where zone_country_id = '" . db_input($cust->country,$link) . "'",$link); 285 $check_value = db_fetch_array($check_query); 286 $entry_state_has_zones = ($check_value['total'] > 0); 287 if ($entry_state_has_zones) { 288 $zone_query = db_query("select zone_id from zones where zone_country_id = '" . $cust->country . "' and zone_name = '" . $cust->state . "'",$link); 289 if (db_num_rows($zone_query) == 1) { 290 $zone_values = db_fetch_array($zone_query); 291 $zone_id = $zone_values['zone_id']; 292 } else { 293 $zone_query = db_query("select zone_id from zones where zone_country_id = '" . $cust->country . "' and zone_code = '" . $cust->state . "'",$link); 294 if (db_num_rows($zone_query) == 1) { 295 $zone_values = db_fetch_array($zone_query); 296 $zone_id = $zone_values['zone_id']; 297 } else { 298 $error.= ERR_STATE; 299 } 300 } 301 } else { 302 if (!$cust->state) { 303 $error.= ERR_STATE; 304 } 305 } 306 307 if ($cust->telephone=="") $error.=ERR_TELEPHONE; 308 309 if ($error!="") return $error; 310 311 $sql_data_array = array('customers_firstname' => $cust->firstname, 312 'customers_lastname' => $cust->lastname, 313 'customers_email_address' => $cust->emailaddress, 314 'customers_telephone' => $cust->telephone, 315 'customers_fax' => $cust->mobile, 316 'customers_newsletter' => $cust->newsletter, 317 'customers_type' =>$cust->type, 318 'customers_reserve_newsletter'=>$cust->reserve_newsletter, 319 'customers_subscription_newsletter'=>$cust->subscription_newsletter, 320 'customers_password' => encrypt_password($cust->password), 321 'customers_second_email_address' => $cust->second_emailaddress, 322 'customers_second_telephone'=>$cust->second_telephone, 323 'customers_gender' => $cust->gender, 324 'customers_dob'=>$cust->dob 325 ); 326 327 // update in customers table 328 if (isset($cust->customer_id) && ((int)$cust->customer_id)>0){ 329 db_perform('customers', $sql_data_array,'update',$link,"customers_id='" . $cust->customer_id ."'"); 330 $customer_id=$cust->customer_id; 331 } else { 332 db_perform('customers', $sql_data_array,'insert',$link); 333 $customer_id=db_insert_id(); 334 } 335 336 337 338 $sql_data_array = array('customers_id' => $customer_id, 339 'entry_firstname' => $cust->firstname, 340 'entry_lastname' => $cust->lastname, 341 'entry_street_address' => $cust->street_address, 342 'entry_postcode' => $cust->postcode, 343 'entry_city' => $cust->city, 344 'entry_country_id' => $cust->country, 345 'entry_gender'=>$cust->gender, 346 'entry_company'=>$cust->company, 347 'entry_suburb'=>$cust->suburb 348 ); 349 if ($zone_id > 0) { 350 $sql_data_array['entry_zone_id'] = $zone_id; 351 $sql_data_array['entry_state'] = ''; 352 } else { 353 $sql_data_array['entry_zone_id'] = '0'; 354 $sql_data_array['entry_state'] = $cust_state; 355 } 356 357 // update in address book table 358 if (isset($cust->customer_id) && ((int)$cust->customer_id)>0){ 359 db_perform('address_book', $sql_data_array,'update',$link,"customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$cust->default_address_id . "'"); 360 } else { 361 db_perform('address_book', $sql_data_array,'insert',$link); 362 $address_id = db_insert_id(); 363 db_query("update customers set customers_default_address_id = '" . (int)$address_id . "' where customers_id = '" . (int)$customer_id . "'",$link); 364 db_query("insert into customers_info (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created, customers_info_source_id) values ('" . (int)$customer_id . "', '0', now(), '3')",$link); 365 } 366 return 1; 367 } 368 369 // function to get id of newly created record 370 function db_insert_id() { 371 return mysql_insert_id(); 372 } 373 374 // function to insert or update given data 375 function db_perform($table, $data, $action, $link,$parameters="") { 376 reset($data); 377 if ($action == 'insert') { 378 $query = 'insert into ' . $table . ' ('; 379 while (list($columns, ) = each($data)) { 380 $query .= $columns . ', '; 381 } 382 $query = substr($query, 0, -2) . ') values ('; 383 reset($data); 384 while (list(, $value) = each($data)) { 385 switch ((string)$value) { 386 case 'now()': 387 $query .= 'now(), '; 388 break; 389 case 'null': 390 $query .= 'null, '; 391 break; 392 default: 393 $query .= '\'' . db_input($value,$link) . '\', '; 394 break; 395 } 396 } 397 $query = substr($query, 0, -2) . ')'; 398 } elseif ($action == 'update') { 399 $query = 'update ' . $table . ' set '; 400 while (list($columns, $value) = each($data)) { 401 switch ((string)$value) { 402 case 'now()': 403 $query .= $columns . ' = now(), '; 404 break; 405 case 'null': 406 $query .= $columns .= ' = null, '; 407 break; 408 default: 409 $query .= $columns . ' = \'' . db_input($value,$link) . '\', '; 410 break; 411 } 412 } 413 $query = substr($query, 0, -2) . ' where ' . $parameters; 414 } 415 416 return db_query($query, $link); 417 } 418 419 // validate for special chars in the string 420 function db_input($string, $link) { 421 422 if (function_exists('mysql_real_escape_string')) { 423 return mysql_real_escape_string($string, $link); 424 } elseif (function_exists('mysql_escape_string')) { 425 return mysql_escape_string($string); 426 } 427 428 return addslashes($string); 429 } 430 431 // encrypt given password 432 function encrypt_password($plain) { 433 $password = ''; 434 435 for ($i=0; $i<10; $i++) { 436 $password .= mt_rand(); 437 } 438 439