pcwvanbeers/Commerce
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5dd2973a26718506d9faf94a14ad9bb79ddde77b
Commerce/myaccount.php
“VeLiTi” 5dd2973a26 CMXX - Myaccount
2025-02-23 15:25:46 +01:00

351 lines
17 KiB
PHP
Raw Blame History

<?php
// Prevent direct access to file
defined(security_key) or exit;
// User clicked the "Login" button, proceed with the login process... check POST data and validate email
if (isset($_POST['login'], $_POST['email'], $_POST['password']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
//+++++++++++++++++++++++++++++++++++++++++++++++++++++
// LOGIN CONSUMER
//+++++++++++++++++++++++++++++++++++++++++++++++++++++
$payload = json_encode(array("login" => "consumer", "email" => $_POST['email'], "password" => $_POST['password']), JSON_UNESCAPED_UNICODE);
$account = ioAPIv2('/v2/identity/',$payload,$clientsecret);
$account= json_decode($account,true);
if ($account && isset($account['accountID'])) {
// User has logged in, create session data
session_regenerate_id();
$_SESSION['account_loggedin'] = TRUE;
$_SESSION['account_id'] = $account['accountID'];
$_SESSION['account_role'] = $account['profile'];
$products_in_cart = isset($_SESSION['cart']) ? $_SESSION['cart'] : [];
if ($products_in_cart) {
// user has products in cart, redirect them to the checkout page
header('Location: ' . url('index.php?page=checkout'));
} else {
// Redirect the user back to the same page, they can then see their order history
header('Location: ' . url('index.php?page=myaccount'));
}
exit;
} else {
$error = $error_myaccount;
}
}
// Variable that will output registration errors
$register_error = '';
// User clicked the "Register" button, proceed with the registration process... check POST data and validate email
if (isset($_POST['register'], $_POST['email'], $_POST['password'], $_POST['cpassword']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
// Check if the account exists
$account = ioAPIv2('/v2/identity/email='.$_POST['email'],'',$clientsecret);
$account = json_decode($account,true);
if ($account) {
// Account exists!
$register_error = $error_myaccount_exists;
;
} else if ($_POST['cpassword'] != $_POST['password']) {
$register_error = 'Passwords do not match!';
} else if (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
// Password must be between 5 and 20 characters long.
$register_error = $error_account_password_rules;
} else {
// Account doesnt exist, create new account
$payload = json_encode(array("login" => "consumer", "email" => $_POST['email'], "password" => $_POST['password'], "language" => $_SESSION['country_code']), JSON_UNESCAPED_UNICODE);
$account = ioAPIv2('/v2/identity/',$payload,$clientsecret);
$account= json_decode($account,true);
if ($account && isset($account['accountID'])) {
//SEND VERIFICATION EMAIL
ob_start();
include dirname(__FILE__).'/custom/email/email_template_register.php';
$register_mail= ob_get_clean();
send_mail_by_PHPMailer($_POST['email'], $subject, $register_mail,'', '');
exit;
}
}
}
// Determine the current tab page
$tab = isset($_GET['tab']) ? $_GET['tab'] : 'orders';
// If user is logged in
if (isset($_SESSION['account_loggedin'])) {
// Select all the users transations, which will appear under "My Orders"
$stmt = $pdo->prepare('SELECT * FROM transactions WHERE account_id = ? ORDER BY created DESC');
$stmt->execute([ $_SESSION['account_id'] ]);
$transactions = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Select all the users transations, which will appear under "My Orders"
$stmt = $pdo->prepare('SELECT
p.name,
p.id AS product_id,
t.txn_id,
t.payment_status,
t.created AS transaction_date,
ti.item_price AS price,
ti.item_quantity AS quantity,
ti.item_id,
(SELECT m.full_path FROM products_media pm JOIN media m ON m.id = pm.media_id WHERE pm.product_id = p.id ORDER BY pm.position ASC LIMIT 1) AS img
FROM transactions t
JOIN transactions_items ti ON ti.txn_id = t.txn_id
JOIN accounts a ON a.id = t.account_id
JOIN products p ON p.id = ti.item_id
WHERE t.account_id = ?
ORDER BY t.created DESC');
$stmt->execute([ $_SESSION['account_id'] ]);
$transactions_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Retrieve the digital downloads
$transactions_ids = array_column($transactions_items, 'product_id');
if ($transactions_ids) {
$stmt = $pdo->prepare('SELECT product_id, file_path, id FROM products_downloads WHERE product_id IN (' . trim(str_repeat('?,',count($transactions_ids)),',') . ') ORDER BY position ASC');
$stmt->execute($transactions_ids);
$downloads = $stmt->fetchAll(PDO::FETCH_GROUP);
} else {
$downloads = [];
}
// Retrieve account details
$stmt = $pdo->prepare('SELECT * FROM accounts WHERE id = ?');
$stmt->execute([ $_SESSION['account_id'] ]);
$account = $stmt->fetch(PDO::FETCH_ASSOC);
// Update settings
if (isset($_POST['save_details'], $_POST['email'], $_POST['password'])) {
// Assign and validate input data
$first_name = isset($_POST['first_name']) ? $_POST['first_name'] : '';
$last_name = isset($_POST['last_name']) ? $_POST['last_name'] : '';
$address_street = isset($_POST['address_street']) ? $_POST['address_street'] : '';
$address_city = isset($_POST['address_city']) ? $_POST['address_city'] : '';
$address_state = isset($_POST['address_state']) ? $_POST['address_state'] : '';
$address_zip = isset($_POST['address_zip']) ? $_POST['address_zip'] : '';
$address_country = isset($_POST['address_country']) ? $_POST['address_country'] : '';
$address_phone = isset($_POST['address_phone']) ? $_POST['address_phone'] : '';
// Check if account exists with captured email
$stmt = $pdo->prepare('SELECT * FROM accounts WHERE email = ?');
$stmt->execute([ $_POST['email'] ]);
// Validation
if ($_POST['email'] != $account['email'] && $stmt->fetch(PDO::FETCH_ASSOC)) {
$error = 'Account already exists with that email!';
} else if ($_POST['password'] && (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5)) {
$error = 'Password must be between 5 and 20 characters long!';
} else {
// Update account details in database
$password = $_POST['password'] ? password_hash($_POST['password'], PASSWORD_DEFAULT) : $account['password'];
$stmt = $pdo->prepare('UPDATE accounts SET email = ?, password = ?, first_name = ?, last_name = ?, address_street = ?, address_city = ?, address_state = ?, address_zip = ?, address_country = ?, address_phone = ? WHERE id = ?');
$stmt->execute([ $_POST['email'], $password, $first_name, $last_name, $address_street, $address_city, $address_state, $address_zip, $address_country, $address_phone, $_SESSION['account_id'] ]);
// Redirect to settings page
header('Location: ' . url('index.php?page=myaccount&tab=settings'));
exit;
}
}
}
?>
<?=template_header($myaccount_text)?>
<div class="myaccount content-wrapper">
<?php if (!isset($_SESSION['account_loggedin'])): ?>
<div class="login-register">
<div class="login">
<h1><?=$h1_login?></h1>
<form action="" method="post">
<label for="email" class="form-label"><?=$account_create_email?></label>
<input type="email" name="email" id="email" placeholder="john@example.com" required class="form-field">
<label for="password" class="form-label"><?=$account_create_password?></label>
<input type="password" name="password" id="password" placeholder="<?=$account_create_password?>" required class="form-field">
<input name="login" type="submit" value="<?=$h1_login?>" class="btn">
</form>
<?php if ($error): ?>
<p class="error"><?=$error?></p>
<?php endif; ?>
</div>
<div class="register">
<h1><?=$h1_register?></h1>
<form action="" method="post">
<label for="email" class="form-label"><?=$account_create_email?></label>
<input type="email" name="email" id="email" placeholder="john@example.com" required class="form-field">
<label for="password" class="form-label"><?=$account_create_password?></label>
<input type="password" name="password" id="password" placeholder="<?=$account_create_password?>" required class="form-field">
<label for="cpassword" class="form-label"><?=$account_create_password_confirm?></label>
<input type="password" name="cpassword" id="cpassword" placeholder="<?=$account_create_password_confirm?>" required class="form-field">
<input name="register" type="submit" value="<?=$h1_register?>" class="btn">
</form>
<?php if ($register_error): ?>
<p class="error"><?=$register_error?></p>
<?php endif; ?>
</div>
</div>
<?php else: ?>
<h1><?=$h1_myaccount?></h1>
<div class="menu">
<h2><?=$h2_menu?></h2>
<div class="menu-items">
<a href="<?=url('index.php?page=myaccount')?>"><?=$menu_orders?></a>
<a href="<?=url('index.php?page=myaccount&tab=downloads')?>"><?=$menu_downloads?></a>
<a href="<?=url('index.php?page=myaccount&tab=settings')?>"><?=$menu_settings?></a>
</div>
</div>
<?php if ($tab == 'orders'): ?>
<div class="myorders">
<h2><?=$h2_myorders?></h2>
<?php if (empty($transactions)): ?>
<p><?=$myorders_message?></p>
<?php endif; ?>
<?php foreach ($transactions as $transaction): ?>
<div class="order">
<div class="order-header">
<div>
<div><span><?=$myorders_order?></span># <?=$transaction['id']?></div>
<div class="rhide"><span><?=$myorders_date?></span><?=date('F j, Y', strtotime($transaction['created']))?></div>
<div><span><?=$myorders_status?></span><?=$transaction['payment_status']?></div>
</div>
<div>
<div class="rhide"><span><?=$myorders_shipping?></span><?=currency_code?><?=number_format($transaction['shipping_amount'],2)?></div>
<div><span><?=$myorders_total?></span><?=currency_code?><?=number_format($transaction['payment_amount'],2)?></div>
</div>
</div>
<div class="order-items">
<table>
<tbody>
<?php foreach ($transactions_items as $transaction_item): ?>
<?php if ($transaction_item['txn_id'] != $transaction['txn_id']) continue; ?>
<tr>
<td class="img">
<?php if (!empty($transaction_item['img']) && file_exists($transaction_item['img'])): ?>
<img src="<?=base_url?><?=$transaction_item['img']?>" width="50" height="50" alt="<?=$transaction_item['name']?>">
<?php endif; ?>
</td>
<td class="name"><?=$transaction_item['quantity']?> x <?=$transaction_item['name']?></td>
<td class="price"><?=currency_code?><?=number_format($transaction_item['price'] * $transaction_item['quantity'],2)?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<?php endforeach; ?>
</div>
<?php elseif ($tab == 'downloads'): ?>
<div class="mydownloads">
<h2><?=$h2_mydownloads?></h2>
<?php if (empty($downloads)): ?>
<p><?=$mydownloads_message?></p>
<?php endif; ?>
<?php if ($downloads): ?>
<table>
<thead>
<tr>
<td colspan="2"><?=$mydownloads_product?></td>
<td></td>
</tr>
</thead>
<tbody>
<?php $download_products_ids = []; ?>
<?php foreach ($transactions_items as $item): ?>
<?php if (isset($downloads[$item['product_id']]) && !in_array($item['product_id'], $download_products_ids)): ?>
<tr>
<td class="img">
<?php if (!empty($item['img']) && file_exists($item['img'])): ?>
<img src="<?=base_url?><?=$item['img']?>" width="50" height="50" alt="<?=$item['name']?>">
<?php endif; ?>
</td>
<td class="name"><?=$item['name']?></td>
<td>
<?php foreach ($downloads[$item['product_id']] as $download): ?>
<a href="<?=url('index.php?page=download&id=' . md5($item['txn_id'] . $download['id']))?>" download><i class="fa-solid fa-download fa-sm"></i><?=basename($download['file_path'])?></a>
<?php endforeach; ?>
</td>
</tr>
<?php $download_products_ids[] = $item['product_id']; ?>
<?php endif; ?>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
</div>
<?php elseif ($tab == 'settings'): ?>
<div class="settings">
<h2><?=$h2_settings?></h2>
<form action="" method="post">
<label for="email" class="form-label"><?=$settings_email?></label>
<input id="email" type="email" name="email" placeholder="<?=$settings_email?>" value="<?=htmlspecialchars($account['email'], ENT_QUOTES)?>" class="form-field" required>
<label for="password" class="form-label"><?=$settings_new_password?></label>
<input type="password" id="password" name="password" placeholder="<?=$settings_new_password?>" value="" autocomplete="new-password" class="form-field">
<label for="first_name" class="form-label"><?=$shipping_first_name?></label>
<input id="first_name" type="text" name="first_name" placeholder="<?=$shipping_first_name?>" value="<?=htmlspecialchars($account['first_name'], ENT_QUOTES)?>" class="form-field">
<label for="last_name" class="form-label"><?=$shipping_last_name?></label>
<input id="last_name" type="text" name="last_name" placeholder="<?=$shipping_last_name?>" value="<?=htmlspecialchars($account['last_name'], ENT_QUOTES)?>" class="form-field">
<label for="address_street" class="form-label"><?=$shipping_address?></label>
<input id="address_street" type="text" name="address_street" placeholder="<?=$shipping_address?>" value="<?=htmlspecialchars($account['address_street'], ENT_QUOTES)?>" class="form-field">
<label for="address_city" class="form-label"><?=$shipping_city?></label>
<input id="address_city" type="text" name="address_city" placeholder="<?=$shipping_city?>" value="<?=htmlspecialchars($account['address_city'], ENT_QUOTES)?>" class="form-field">
<label for="address_state" class="form-label"><?=$shipping_state?></label>
<input id="address_state" type="text" name="address_state" placeholder="<?=$shipping_state?>" value="<?=htmlspecialchars($account['address_state'], ENT_QUOTES)?>" class="form-field">
<label for="address_zip" class="form-label"><?=$shipping_zip?></label>
<input id="address_zip" type="text" name="address_zip" placeholder="<?=$shipping_zip?>" value="<?=htmlspecialchars($account['address_zip'], ENT_QUOTES)?>" class="form-field">
<label for="address_phone" class="form-label"><?=$shipping_phone?></label>
<input id="address_phone" type="text" name="address_phone" placeholder="<?=$shipping_phone?>" value="<?=htmlspecialchars($account['address_phone'], ENT_QUOTES)?>" class="form-field">
<label for="address_country" class="form-label"><?=$shipping_country?></label>
<select id="address_country" name="address_country" required class="form-field">
<?php foreach(get_countries() as $country): ?>
<option value="<?=$country?>"<?=$country==$account['address_country']?' selected':''?>><?=$country?></option>
<?php endforeach; ?>
</select>
<input name="save_details" type="submit" value="<?=$btn_settings_save?>" class="btn">
</form>
</div>
<?php endif; ?>
<?php endif; ?>
</div>
<?=template_footer()?>
Reference in New Issue View Git Blame Copy Permalink