mymarket.php

完善的PHP/MySQL电子商务方案

<?
/* mymarket.php (c) 2000 Ying Zhang (ying@zippydesign.com)
 *
 * TERMS OF USAGE:
 * This file was written and developed by Ying Zhang (ying@zippydesign.com)
 * for educational and demonstration purposes only.  You are hereby granted the
 * rights to use, modify, and redistribute this file as you like.  The only
 * requirement is that you must retain this notice, without modifications, at
 * the top of your source code.  No warranties or guarantees are expressed or
 * implied. DO NOT use this code in a production environment without
 * understanding the limitations and weaknesses pretaining to or caused by the
 * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK!
 */

function is_logged_in() {
/* this function will return true if the user has logged in.  a user is logged
 * in if the $SESSION["user"] is set (by the login.php page) and also if the
 * remote IP address matches what we saved in the session ($SESSION["ip"])
 * from login.php -- this is not a robust or secure check by any means, but it
 * will do for now */

	global $SESSION, $REMOTE_ADDR;
	return isset($SESSION)
		&& isset($SESSION["user"])
		&& isset($SESSION["ip"])
		&& $SESSION["ip"] == $REMOTE_ADDR;
}

function require_login() {
/* this function checks to see if the user is logged in.  if not, it will show
 * the login screen before allowing the user to continue */

	global $CFG, $SESSION;
	if (! is_logged_in()) {
		$SESSION["wantsurl"] = qualified_me();
		redirect("$CFG->wwwroot/login.php");
	}
}

function require_priv($priv) {
/* this function checks to see if the user has the privilege $priv.  if not,
 * it will display an Insufficient Privileges page and stop */

	global $CFG, $SESSION;
	if (! $SESSION["user"]["priv"] == $priv) {
		include("$CFG->templatedir/insufficient_privileges.php");
		die;
	}
}

function has_priv($priv) {
/* returns true if the user has the privilege $priv */

	global $SESSION;
	return $SESSION["user"]["priv"] == $priv;
}

function build_category_tree(&$output, &$preselected, $parent=0, $indent="") {
/* recursively go through the category tree, starting at a parent, and
 * drill down, printing options for a selection list box.  preselected
 * items are marked as being selected.  this is not an efficient algorithm
 * because it has to issue one query per category!!  it's only used because it
 * is easy to understand.
 */

	$qid = db_query("SELECT id, name FROM categories WHERE parent_id = $parent");

	while ($cat =  db_fetch_object($qid)) {
		$selected = in_array($cat->id, $preselected) ? "selected" : "";
		$output .= "<option value=\"" . ov($cat->id) . "\" $selected>$indent" . ov($cat->name);
		if ($cat->id != $parent) {
			build_category_tree($output, $preselected, $cat->id, $indent."&nbsp;&nbsp;");
		}
	}
}

function generate_password($maxlen=10) {
/* returns a randomly generated password of length $maxlen.  inspired by
 * http://www.phpbuilder.com/columns/jesus19990502.php3 */

	global $CFG;

	$fillers = "1234567890!@#$%&*-_=+^";
	$wordlist = file($CFG->wordlist);

	srand((double) microtime() * 1000000);
	$word1 = trim($wordlist[rand(0, count($wordlist) - 1)]);
	$word2 = trim($wordlist[rand(0, count($wordlist) - 1)]);
	$filler1 = $fillers[rand(0, strlen($fillers) - 1)];

	return substr($word1 . $filler1 . $word2, 0, $maxlen);
}

function err(&$errorvar) {
/* if $errorvar is set, then print an error marker << */

	if (isset($errorvar)) {
		echo "<font color=#ff0000>&lt;&lt;</font>";
	}
}

function err2(&$errorvar) {
/* like err(), but prints the marker >> */

	if (isset($errorvar)) {
		echo "<font color=#ff0000>&gt;&gt;</font>";
	}
}

function username_exists($username) {
/* returns the true if the username exists */

	$qid = db_query("SELECT 1 FROM users WHERE username = '$username'");
	return db_num_rows($qid);
}

function email_exists($email) {
/* returns true the email address exists */

	$qid = db_query("SELECT 1 FROM users WHERE email = '$email'");
	return db_num_rows($qid);
}

function reset_user_password($username) {
/* resets the password for the user with the username $username, and sends it
 * to him/her via email */

	global $CFG;

	/* load up the user record */
	$qid = db_query("SELECT username, firstname, lastname, email FROM users WHERE username = '$username'");
	$user = db_fetch_object($qid);

	/* reset the password */
	$newpassword = generate_password();
	$qid = db_query("UPDATE users SET password = '" . md5($newpassword) ."' WHERE username = '$username'");

	/* email the user with the new account information */
	$var = new Object;
	$var->username = $user->username;
	$var->fullname = $user->firstname . " " . $user->lastname;
	$var->newpassword = $newpassword;
	$var->support = $CFG->support;

	$emailbody = read_template("$CFG->templatedir/email/reset_password.php", $var);

	mail(
		"$var->fullname <$user->email>",
		"MyMarket Account Information",
		$emailbody,
		"From: $var->support");
}

function get_category_tree($id=0) {
/* returns a tree of the product categories, starting from the top to the
 * category specified by $id */

	global $CFG;

	$qid = db_query("SELECT parent_id, name FROM categories WHERE id = $id");
	if (db_num_rows($qid)) {
		list($parent, $name) = db_fetch_row($qid);
		$name = "<a href='$CFG->wwwroot/shopping?id=$id'>$name</a>";
	} else {
		$parent = 0;
		$name = "";
	}

	if ($parent > 0) {		
		return print_category_tree($parent) . " &gt; " . $name;

	} elseif ($id > 0) {
		return "<a href='$CFG->wwwroot/shopping'>Top</a> &gt; " . $name;

	} elseif ($id == 0) {
		return "<a href='$CFG->wwwroot/shopping'>Top</a>";
	}
}

function print_category_tree($id=false) {
/* prints the category tree by calling get_category_tree */

	echo get_category_tree($id);
}

function get_cart_items() {
/* return a $qid of all the items in the shopping cart */

	global $SESSION;

	$in_clause = $SESSION["cart"]->get_productid_list();
	if (empty($in_clause)) {
		return false;
	}

	return db_query("SELECT id, name, price FROM products WHERE id IN ($in_clause)");
}

function chop_ccnum($ccnum) {
/* this function returns the the first and last 4 digits of the credit card number
 * and the expiry date.  it is mainly used when we want to display the credit
 * card number on the screen etc. but we don't want to reveal the whole thing
 */
 
	return substr($ccnum, 0, 4) . "..." . substr($ccnum, -4);
}

function save_orderinfo(&$frm) {
/* this function saves the order information into the session variable
 * $SESSION["orderinfo"].  it is used in the purchase confirmation stage */

	global $SESSION;	

	$order = new Object();
	$order->customer = $frm["customer"];
	$order->contact = $frm["contact"];
	$order->address = $frm["address"];
	$order->creditcard = $frm["creditcard"];
	$order->expiry = $frm["expiry"];
	$order->comments = $frm["comments"];
	
	$SESSION["orderinfo"] = $order;
}

function load_orderinfo() {
/* this function is the counterpart to save_orderinfo.  it is used to
 * retrieve the order information in the complete order page */

	global $SESSION;	

	if (empty($SESSION["orderinfo"])) {
		return false;
	} else {
		return $SESSION["orderinfo"];
	}
}

function clear_orderinfo() {
/* this function is called to clear the orderinfo session variable, it should
 * be used after an order was successfully completed */

	global $SESSION;
	unset($SESSION["orderinfo"]);
}

?>