validation.inc.php
Code: Select all
<?php
function validateorder($string,$name)
{
//First check for blank values (DL# is Optional)
if ($name!="DL#" && $string=="" )
die ("Missing $name Information");
//Next remove excess spaces and convert to uppercase
$string=trim(strtoupper($string));
//Make sure values are A-Z, 0-9, Space, Hyphen, Period, @ symbol, # sign
for($loop=0;$loop<strlen($string);$loop++)
{
if( !(($string[$loop]>='A' && $string[$loop]<='Z') || ($string[$loop]>=0 && $string[$loop]<=9) || $string[$loop]==' ' || $string[$loop]=='-' || $string[$loop]=='.' || $string[$loop]=='@'||$string[$loop]=='#'))
{
die ("Invalid Character In $name");
}
}
return ($string);
}
function validatecomment($string,$name)
{
//First check for blank values
if ($string=="" )
die ("Missing $name Information");
//Next remove excess spaces and convert to uppercase
$string=trim(strtoupper($string));
//Make sure values are A-Z, 0-9, Space, Hyphen, Period, @ symbol, ?, Comma, Colon, # sign, '\r', '\n'
for($loop=0;$loop<strlen($string);$loop++)
{
if( !(($string[$loop]>='A' && $string[$loop]<='Z') || ($string[$loop]>='0' && $string[$loop]<='9') || $string[$loop]==' ' || $string[$loop]=='-' || $string[$loop]=='.' || $string[$loop]=='@' || $string[$loop]=='?' || $string[$loop]==',' || $string[$loop]==':' || $string[$loop]=='#'|| $string[$loop]=="\r" || $string[$loop]=="\n"))
{
die ("Invalid Character In $name");
}
}
return ($string);
}
?>order.php
Code: Select all
<html>
<head><title>Order</title></head>
<body>
<?
//Include Comment Validation
include("validation.inc.php");
//Get Value From Users
$dlnumber=validateorder($_POST['dlnumber'],'DL#');
$dlfname=validateorder($_POST['dlfname'],'Driver License First Name');
$dlmname=validateorder($_POST['dlmname'],'Driver License Middle Name');
$dllname=validateorder($_POST['dllname'],'Driver License Last Name');
$dladdress=validateorder($_POST['dladdress'],'Driver License Address');
$dlcity=validateorder($_POST['dlcity'],'Driver License City');
$dlzip=validateorder($_POST['dlzip'],'Driver License Zip');
$dldob=validateorder($_POST['dldob'],'Driver License DOB');
$shipname=validateorder($_POST['shipname'],'Shipping Name');
$shipaddress=validateorder($_POST['shipaddress'],'Shipping Address');
$shipcity=validateorder($_POST['shipcity'],'Shipping City');
$shipstate=validateorder($_POST['shipstate'],'Shipping State');
$shipzip=validateorder($_POST['shipzip'],'Shipping Zip');
$email=validateorder($_POST['email'],'Email');
//Check That File Is Zip File And Size Is Greater Than 0b And 300kb Or Less
if ($_FILES["filez"]["type"]!="application/x-zip-compressed" )
die("File Is Not Zipped");
if ($_FILES["filez"]["size"] <1 || $_FILES["filez"]["size"] > 300000 )
die ("Bad File Size");
//Connect To Database
$username="myuser";
$password="mypass";
$database="orders";
mysql_connect("localhost",$username,$password) or die("Unable To Connect To Server");
@mysql_select_db($database) or die( "Unable to select database");
//Insert Current Time, Status, And Users Email Address Into Database
$query="INSERT INTO orders (orderdate,status,email) VALUES (now(),'Pending','$email')";
mysql_query($query) or die("Error Inserting Info Into Database");
//Find orderid (auto_incremented) From Database
$query="SELECT orderid FROM orders WHERE email= '$email' ";
$result=mysql_query($query);
//Take Last Entry of Email Address
$num=mysql_numrows($result);
$orderid=mysql_result($result,$num-1,"orderid");
//Write Data To File
$myFile = "Orders\\$orderid".".txt";
$fh = fopen($myFile, 'w') or die ("Could Not Open File For Writing");
$string= "Order ID: $orderid\r\n".
"DL#: $dlnumber\r\n".
"Name: $dlfname $dlmname $dllname\r\n".
"Address: $dladdress\r\n".
"City: $dlcity\r\n".
"Zip: $dlzip\r\n".
"DOB: $dldob\r\n\r\n".
"Shipping Name: $shipname\r\n".
"Shipping Address: $shipaddress\r\n".
"Shipping City: $shipcity\r\n".
"Shipping State: $shipstate\r\n".
"Shipping Zip: $shipzip\r\n".
"Email: $email";
fwrite($fh, $string);
fclose($fh);
//Move User Uploaded Picture File
$mypic="Orders\\".$orderid.".zip";
move_uploaded_file($_FILES["filez"]["tmp_name"], $mypic);
//Encrypt Files
passthru("gpg --always-trust -a -r jimmy -e $myFile",$retval);
if($retval)
{
die("Error Encrypting Data File");
}
passthru("gpg --always-trust -a -r jimmy -e $mypic",$retval);
if($retval)
{
die("Error Encrypting Picture File");
}
//Securely Delete Non Encrypted Files
passthru("sd $myFile",$retval);
if($retval)
{
die("Error Deleting Data File");
}
passthru("sd $mypic",$retval);
if($retval)
{
die("Error Deleting Picture File");
}
echo "<center><h2>Your Order ID is</h2> <h1> $orderid</h1></center>";
?>
</body>
</html>Code: Select all
<?php
//Include Comment Validation
include("validation.inc.php");
//Get Values From User
$subject=validatecomment($_POST['subject'],'subject');
$comment=validatecomment($_POST['comment'],'message');
//Email Comments To Me
//mail('myaddress@aol.com',$subject,$comment);
?>Code: Select all
<?php
//Include Order Validation
include("validation.inc.php");
//Get Values From User
$orderid=validateorder($_POST['orderid'],'Order ID');
$email=validateorder($_POST['email'],'Email');
//Connect To Database
$username="myuser";
$password="mypass";
$database="orders";
mysql_connect('localhost',$username,$password) or die ("Error Connecting To Database");
@mysql_select_db($database) or die( "Unable To Select Database");
//Check Database For Records
$query="SELECT * FROM orders WHERE orderid='$orderid' AND email='$email'";
$result=mysql_query($query);
$num=mysql_numrows($result);
//No Records Found
if ($num==0)
{
echo "<center><h1>Order Not Found</h1></center>";
}
else
{
$orderid=mysql_result($result,0,"orderid");
$status=mysql_result($result,0,"status");
$tracking=mysql_result($result,0,"tracking");
echo "<center><table><tr><td>Order ID</td><td>Status</td><td>Tracking</td></tr>".
"<tr><td>$orderid</td><td>$status</td><td>$tracking</td></tr></table></center>";
}
mysql_close();
?>