|
PHP - Safe Customer Data
I built a address book for customers and i realize now im not sure the best way to allow the customer to edit/delete their addresses, but stopping them from pulling/editing other customers info.
Even if i use post data only they could still view the page source and see the address ID being posted to the next page and change it, to see or edit someone elses data... Should i encrypt the ID? Is that even good enough? Im using PHP/MYSQL Similar TutorialsAm new here - looks like a great foru! I would sincerely appreciate any help anyone can give me. I have been trying to solve my problem for hours and I am not having any luck, so I thought I would post and see if anyone can help. I am very stuck and am not making much progress on this project, and I am certain the answer is very simple. I am constructing a form to collect data for a specialized purpose. The form and program actually work for its intended function, but I am trying to enhance the user experience by preventing customers from having to reenter all of their data should there be a problem with any of the data submitted. I have been able to do that with the contact form portion, but what I am having trouble with is the portion which has as many as 400 possible entries. So, in a nutshell, if the customers contact data is incomplete or in error, the form will ask them to return to the page and correct things. The previous data entered has been saved in the session and the input value will equal the previous entry. i.e. <tr> <td align="right" class="infoBox"><?php echo ENTRY_EMAIL_ADDRESS; ?></td> <td align=left><?php echo "<input type=text name='cemail' value=\"$cemail\" size=35 maxlength=35>" ?></td> </tr> Works perfectly, all well and good there. On the other 400 more or less entries, I am having a difficult time tweaking the string concatenation to work to achieve similar results. There are 4 columns each with $points entries asking for a dimension in either feet or inches. The <input name=> is one of ptaf,ptai,ptbf,ptbi, appended programatically with the corresponding row number or data point. i.e. "ptaf1", "ptai1", etc... This is produced by the example below and works perfectly also. <?php { $points=100; $i=1; while ($i <= $points) {echo ' <tr><td align="center" width="6"><b> ' .$i . '</b></td> <td align="right" NOWRAP>A' .$i . ' (ft) <input type="text" name="ptaf'.$i.'" size=4 maxlength=3> </td> <td align="right" NOWRAP>A' .$i . ' (in) <input type="text" name="ptai'.$i.'" size=4 maxlength=4> </td> <td align="right" NOWRAP>B' .$i . ' (ft) <input type="text" name="ptbf'.$i.'" size=4 maxlength=3> </td> <td align="right" NOWRAP>B' .$i . ' (in) <input type="text" name="ptbi'.$i.'" size=4 maxlength=4> </td> '; $i++; } } ?> I am trying to add <input value=$ptai.$i> for each field but as I mentioned I am not having any luck. It seems as if I have tried every combination imagineable, but still no luck. My head is spinning! The closest I seem to have gotten was with this: <td align="right" NOWRAP>A' .$i . ' (ft) <input type="text" size=6 maxlength=3 name="ptaf'.$i.'" value="' . "$ptaf" . $i . '" ></td> But line 17 for example returns this: <input type="text" value="17" name="ptaf17" maxlength="3" size="6"> To recap, I am trying to have the value set to whatever the customer may have entered previously. Again, I would most appreciate any help anyone can give me. If you need clarification on anything please let me know. Thanks AJ Help! I'm stuck! This is the feedback form file I made. Code: [Select] <html> <head><title>Bob's Auto Parts - Customer Feedback</title></head> <body> <h1>Customer Feedback</h1> <p>Please tell us what you think.</p> <form action="processfeedback.php" method="post"> <p>Your name:<br/> <input type="text" name="name" size="40" /></p> <p>Your email address:<br/> <input type="text" name="email" size="40" /></p> <p>Your feedback:<br/> <textarea name="feedback" rows="8" cols="40" wrap="virtual" /></textarea></p> <p><input type="submit" value="Send feedback" /></p> </form> </body> </html> And this is the process feedback file I made. Code: [Select] <?php //create short variable names $name = trim($_POST['name']); $email = trim($_POST['email']); $feedback = trim($_POST['feedback']); //set up some static information $toaddress = "wolocaw@localhost"; $subject = "Feedback from web site"; $mailcontent = "Customer name: ".$name."\n". "Customer email: ".$email."\n". "Customer comments:\n".$feedback."\n"; $fromaddress = "From: webserver@example.com"; //invoke mail() function to send mail mail($toaddress, $subject, $mailcontent, $fromaddress); ?> <html> <head> <title>Bob's Auto Parts - Feedback Submitted</title> </head> <body> <h1>Feedback submitted</h1> <p>Your feedback (shown below) has been sent.</p> <p><?php echo nl2br($mailcontent); ?> </p> </body> </html> After I fill out the form, it brings me to a page that says "Feedback submitted" at the top and "Your feedback (shown below) has been sent." below it. And that's it. nl2br($mailcontent) doesn't do anything. What am I doing wrong? I don't understand! How can I do the following: 1. Upon successful login, generate a random 8-digit customer number and assign it to that customer and writes that data to mYsQl. 2. Screen then refreshes and reads, "Welcome Mr Smith". Hi all, I want some help regarding my banking project. I have a customer registration form in my project.After successfully completion of the form users have to click on the "Open Account" button.Thereafter a customer id(Auto increment value) should be generated.It was stored in the database where other form details are also being stored. How can i call to this one by one customer id's?? Heshan, Hi Guys, Basically, I have a long php script to calculate the nearest branch dependant on there postcode hence why $to = $branchemail at the end. It will send it to HQ if anything goes wrong as a safeguard. Here is a small piece of my php code: if (strlen($branchemail) == 0){ // Default Address if anything goes wrong $to = "hq@example.com"; } else { // The address of the branch to send to $to = $branchemail; } What I can't seem to do is also send the customer filling in the php form a copy of the email sent. The variable for the customers email is $email I have tried this and it doesn't seem to work either... // The address of the branch to send to $to = $branchemail; $to .= $email; } At the bottom of the script, there is this code to physically send the email. This also always sends a copy to hq aswell. echo "Thank you for contacting us, we have received your message and we aim to respond your very shortly."; mail($to, $subject, $body, $mailheader); // THIS LINE TO CC Email mail("hq@example.com", $subject, $body, $mailheader); } else { echo "There has been an error code 1. Please try again."; So basically I just can't get it to send a copy to the customer filling it in ($email) Any idea's because my mind has gone blank. Cheers, S Hi guys, I want something to be clarified. The supervisor of my system is responsible for approving accounts. When he logged into the system he should be able to view the customer records based on customer ID. That is when he types the relevant customer ID and clicks on search button the relevant record is displayed in a form. That part is OK. Thereafter he should approve the account by clicking on "Approve Account" button. I want to know how can he make sure relevant customer_id is approved or not. customer table includes fields of, customer_id, nic, full_name, name_with_initials, address, contact_number, gender. I want to whether i have add an extra field to my customer table saying "approves status" or whatever. Can anyone give me a suggestion?? Thanks, Heshan Customers can view transaction history for approved and declined transactions (the reason for the decline should be included). Transactions are logged with their transaction reference numbers and status. Hi guys.
Having been around here a little while, this is my first post, so please be gentle!
I have a question regarding creating an installer file. For years I've developed web based PHP apps for customers, ranging from simple stock systems to customer databases and booking systems. I've always used XAMPP to install the necessary modules, and then manually created the databases and copied the files into the htdocs folder.
I'm now looking at possibly branching out and offering products as standalone purchases, and obviously don't want to have to attend the customer's property each time to set up and install everything. Ideally, I would like to create a standalone Windows based installer that would install PHP, MySQL, create the databases and put the web app into the htdocs folder. In essence, allow a customer to download the application's "installer", which the run through in a standard wizard based format, and then at the end everything is ready to go.
Does anyone know if this is possible?
Many thanks,
MR
Hi My website is a Wordpress WooCommerce. I modified the PHP function that worked well before I added the multiple customer roles. I have regular customers and regular and tier-level wholesalers. I live in Canada and with have two taxes to apply (GST & PST). We also have customers/wholesalers that get exempted from one tax (PST) only or both taxes. I have one regular wholesale role with two tax exemption roles: 'wholesale_customer', 'wholesale_pst_exempt', 'wholesale_tax_exempt'. I have 4 tier levels wholesale roles with each their own tax exemption roles: 'wholesale_silvia_silver', 'wholesale_silvia_gold', 'wholesale_silvia_premium', 'wholesale_silvia_union' 'wholesale_silvia_silver_pst_exempt', 'wholesale_silvia_gold_pst_exempt', 'wholesale_silvia_premium_pst_exempt', 'wholesale_silvia_union_pst_exempt' 'wholesale_silvia_silver_tax_exempt', 'wholesale_silvia_gold_tax_exempt', 'wholesale_silvia_premium_tax_exempt', 'wholesale_silvia_union_tax_exempt' The tier levels are new and I'm trying to update my existing function that applies different tax rates based on customer user roles. I also have filters to alter the shipping tax for the different tax class based on the customer role. Here are the function and filter that I have updated to add the additional tier level wholesale roles. The changes I've made are not working because I don't see the tax exemptions. Both taxes are always being applied. Can someone help me figure out what I've done wrong to the code that stopped it from working? I'm not proficient in PHP, so was trying my best to make this work.
/*
* APPLY DIFFERENT TAX RATE BASED ON CUSTOMER USER ROLE
* (Code compacted in one unique hook instead of 5 functions with the same hook)
*/
function all_custom_tax_classes( $tax_class, $product ) {
global $current_user;
// Getting the current user
$curr_user = wp_get_current_user();
$curr_user_data = get_userdata($current_user->ID);
// 1 customer_tax_exempt
/* special tax rate: zero if role: Customer Tax Exempt */
/*if ( in_array( 'customer_tax_exempt', $curr_user_data->roles ) )
$tax_class = 'CustomerTaxExemptClass';
// 2 customer_pst_exempt
// special tax rate: charge only GST if role: Customer PST Exempt
if ( in_array( 'customer_pst_exempt', $curr_user_data->roles ) )
$tax_class = 'CustomerPSTExemptClass';
*/
// 3, 4 & 5 WHOLESLE SUITE SPECIAL WHOLESALE TAX RATES
if (isset($current_user) && class_exists('WWP_Wholesale_Roles')) {
$wwp_wholesale_roles = WWP_Wholesale_Roles::getInstance();
$wwp_wholesale_role = $wwp_wholesale_roles->getUserWholesaleRole();
// special tax rate: charge both PST and GST if roles: Wholesale Customer, Wholesale Silvia Silver, Wholesale Silvia Gold, Wholesale Silvia Premium, Wholesale Silvia Union
if (!empty($wwp_wholesale_role) && in_array('wholesale_customer', $wwp_wholesale_role) && in_array('wholesale_silvia_silver', $wwp_wholesale_role) && in_array('wholesale_silvia_gold', $wwp_wholesale_role) && in_array('wholesale_silvia_premimum', $wwp_wholesale_role) && in_array('wholesale_silvia_union', $wwp_wholesale_role)) {
// Where 'wholesale_customer, wholesale_silvia_silver, wholesale_silvia_gold, wholesale_silvia_premium, wholesale_silvia_union' are the names of the wholesale roles to target
$tax_class = 'WholesalePSTGST';
}
// special tax rate: charge only GST if roles: Wholesale PST Exempt, Wholesale Silvia Silver PST Exempt, Wholesale Silvia Gold PST Exempt, Wholesale Silvia Premium PST Exempt, Wholesale Silvia Union PST Exempt
if (!empty($wwp_wholesale_role) && in_array('wholesale_pst_exempt', $wwp_wholesale_role) && in_array('wholesale_silvia_silver_pst_exempt', $wwp_wholesale_role) && in_array('wholesale_silvia_gold_pst_exempt', $wwp_wholesale_role) && in_array('wholesale_silvia_premium_pst_exempt', $wwp_wholesale_role) && in_array('wholesale_silvia_union_pst_exempt', $wwp_wholesale_role)) {
// Where 'wholesale_pst_exempt, wholesale_silvia_silver_pst_exempt, wholesale_silvia_gold_pst_exempt, wholesale_silvia_premium_pst_exempt, wholesale_silvia_union_pst_exempt' are the names of the wholesale roles to target
$tax_class = 'WholesalePSTExempt';
}
// special tax rate: zero if roles: Wholesale Tax Exempt, Wholesale Silvia Silver Tax Exempt, Wholesale Silvia Gold Tax Exempt, Wholesale Silvia Premium Tax Exempt, Wholesale Silvia Union Tax Exempt
if (!empty($wwp_wholesale_role) && in_array('wholesale_tax_exempt', $wwp_wholesale_role) && in_array('wholesale_silvia_silver_tax_exempt', $wwp_wholesale_role)&& in_array('wholesale_silvia_gold_tax_exempt', $wwp_wholesale_role) && in_array('wholesale_silvia_premium_tax_exempt', $wwp_wholesale_role) && in_array('wholesale_silvia_union_tax_exempt', $wwp_wholesale_role)) {
// Where 'wholesale_tax_exempt, wholesale_silvia_silver_tax_exempt, wholesale_silvia_gold_tax_exempt, wholesale_silvia_premium_tax_exempt, wholesale_silvia_union_tax_exempt' are the names of the wholesale role to target
$tax_class = 'WholesaleZeroTax';
}
}
return $tax_class;
}
/* ADDITIONAL FILTERS TO ALTER THE SHIPPING TAX FOR DIFFERENT TAX CLASSES BASED ON CUSTOMER USER ROLE */
add_filter( 'woocommerce_product_get_tax_class', 'all_custom_tax_classes', 1, 2 );
add_filter( 'woocommerce_product_variation_get_tax_class', 'all_custom_tax_classes', 1, 2 );
add_filter( 'option_woocommerce_shipping_tax_class' , function( $option_value ) {
global $wc_wholesale_prices;
if ( $wc_wholesale_prices && is_a( $wc_wholesale_prices , 'WooCommerceWholeSalePrices' ) ) {
$current_user_wholesale_roles = $wc_wholesale_prices->wwp_wholesale_roles->getUserWholesaleRole();
if ( in_array( 'wholesale_customer', $current_user_wholesale_roles ) ){
return 'wholesalepstgst';
} elseif (in_array( 'wholesale_silvia_silver', $current_user_wholesale_roles) ){
return 'wholesalepstgst';
} elseif (in_array( 'wholesale_silvia_gold', $current_user_wholesale_roles) ){
return 'wholesalepstgst';
} elseif (in_array( 'wholesale_silvia_premium', $current_user_wholesale_roles) ){
return 'wholesalepstgst';
} elseif (in_array( 'wholesale_silvia_union', $current_user_wholesale_roles) ){
return 'wholesalepstgst';
} elseif (in_array( 'wholesale_pst_exempt', $current_user_wholesale_roles) ){
return 'wholesalepstexempt';
} elseif (in_array( 'wholesale_silvia_silver_pst_exempt', $current_user_wholesale_roles) ){
return 'wholesalepstexempt';
} elseif (in_array( 'wholesale_silvia_gold_pst_exempt', $current_user_wholesale_roles) ){
return 'wholesalepstexempt';
} elseif (in_array( 'wholesale_silvia_premium_pst_exempt', $current_user_wholesale_roles) ){
return 'wholesalepstexempt';
} elseif (in_array( 'wholesale_silvia_union_pst_exempt', $current_user_wholesale_roles) ){
return 'wholesalepstexempt';
} elseif (in_array( 'wholesale_tax_exempt', $current_user_wholesale_roles) ){
return 'wholesalezerotax';
} elseif (in_array( 'wholesale_silvia_silver_tax_exempt', $current_user_wholesale_roles) ){
return 'wholesalezerotax';
} elseif (in_array( 'wholesale_silvia_gold_tax_exempt', $current_user_wholesale_roles) ){
return 'wholesalezerotax';
} elseif (in_array( 'wholesale_silvia_premium_tax_exempt', $current_user_wholesale_roles) ){
return 'wholesalezerotax';
} elseif (in_array( 'wholesale_silvia_union_tax_exempt', $current_user_wholesale_roles) ){
return 'wholesalezerotax';
}
}
return $option_value;
} , 10 , 1 );
Thank you Lyse Edited June 18, 2019 by LyseSpecify website platforms Forgot Your Password Not working at the customer end, how to solve this error? Reset Password Email not sending to the customer mail account. Edited June 13, 2019 by aveevahello dear php-freaks
well this is just a question that came up to my mind today:
can we put amazon-customer reviews on private websites just ran across this statement: aybe. I wrote the original answer below earlier. I don't have time to look into this right now because I'm no longer on a project concerned with Amazon reviews, but their webpage at Product Advertising API states "The Product Advertising API helps you advertise Amazon products using product search and look up capability, product information and features such as Customer Reviews..." as of 2011-12-08. So I hope someone looks into it and posts back here; feel free to edit this answer. derived he https://stackoverflo...9451851#9451851 so what is the case: just let us know ? Well there are some plugins out there that do that: eg. for wordpress we can use ScrapeAZon. I guess that it does exactly what many many are loooking for. cf https://wordpress.or...on/screenshots/ On a shortnote: probably it is not allowed in some states - in others it probalby will be allowed. What do you say.. I have a contact form with a file upload button, when you click on “submit” you are redirected on Paypal everything works fine but, I would like to send the contact form only when visitors have paid on Paypal. I’ve searched on google but I have not found a way to do this. Can anyone help? Cheers, Aidan. using this below is it safe against hackers? Code: [Select] $post_id = intval($_GET['report']); if ($post_id < 1) message($lang_common['Bad request']); query: Code: [Select] $result = $db->query('SELECT subject, forum_id FROM '.$db->prefix.'topics WHERE id='.$topic_id) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); should i escape my $topic_id ? Code: [Select] $stick_topic = isset($_POST['stick_topic']) ? '1' : '0'; does this need to be escaped while entering the database or no because the values could only be 1 or 0 ? srry it's just i got hacked so i am trying to do my security #1 Hello all. Just wanted to run this past you guys to see if I am missing anything important. I am making a script that I plan to allow a lot of other people around the web to use, so I want to make sure it's as bullet proof as possible. I am passing two values and grabbing them with a _GET, one is a big number, and the other is only letters and 8 characters long. her's my code so far. Code: [Select] <?php $clan = $_GET['clanid']; // make sure its an INT //if(isint($clan)){ if(ereg("[^0-9]", $clan)){ //im an int. echo ("ERROR Invalid CLANID"); die; } // make sure its a 8 letter only word. $style=$_GET['style']; // cut style down to 8 characters long. $style=substr($style, 0, 8); if(ereg("[^a-zA-Z]+", $style)) { // Contains only letters. echo("ERROR Invalid STYLE NAME"); die; } ?> to my noob php eye's it looks pretty solid, I cant think of any way a malicious user could get past it, but like I said, thought I would run it past you guys first , you can never be to careful. Advice please. I am setting up a new machine here and I can't remember which to download. What information do you need to be aware of to know whether to install 'non thread safe' or 'thread safe'. I did some googling but didn't find anything that was clear. And is 5.3 good to go or should I stick with 5.2. Thanks in advance for your input! Hi guys, I have been using the same code for years now to include my default page and pull content into my layouts.
I found the code online and its a bit confusing so was just wondering if its still safe to use, and is it all needed nowadays?
or is there a simpler way i could be doing this?
Thanks for any help
<?php
if (isset($_GET['nav']))
{
if (strpos($_GET['nav'], "/"))
{
$direc = substr(str_replace('..', '', $_GET['nav']), 0, strpos($_GET['nav'], "/")) . "/";
$file = substr(strrchr($_GET['nav'], "/"), 1);
if (file_exists($direc.$file.".php"))
{
require($direc.$file.".php");
} else {
require("error.php");
}
} else {
if (file_exists(basename($_GET['nav']).".php"))
{
require(basename($_GET['nav']).".php");
} else {
require("error.php");
}
}
} else {
require("links.php");
}
?>
I have a button that uses $_POST to send information to another page. The data is in a hidden input so it's not possible for users to change information. I have nothing to check if the data is correct on the other page. Is it still possible for people to change the $_POST data though? Or somehow send false $_POST data to the other page? I'm using a woocommerce order report plugin, some customers order multiple products but order report shows only number of order and one product name: I want to see all product names: also I want to see customer notes it doesn't show up
<?php
/**
* Plugin Name: Custom Order Report
* Description: Generates a report on individual WooCommerce products sold during a specified time period.
* Version: 1.4.8
*/
// Add the Product Sales Report to the WordPress admin
add_action('admin_menu', 'hm_psrf_admin_menu');
function hm_psrf_admin_menu() {
add_submenu_page('woocommerce', 'Custom Order Report', 'Custom Order Report', 'view_woocommerce_reports', 'hm_sbpf', 'hm_sbpf_page');
}
function hm_psrf_default_report_settings() {
return array(
'report_time' => '30d',
'report_start' => date('Y-m-d', current_time('timestamp') - (86400 * 31)),
'report_end' => date('Y-m-d', current_time('timestamp') - 86400),
'order_statuses' => array('wc-processing', 'wc-on-hold', 'wc-completed'),
'products' => 'all',
'product_cats' => array(),
'product_ids' => '',
'variations' => 0,
'orderby' => 'quantity',
'orderdir' => 'desc',
'fields' => array('product_id', 'product_sku', 'product_name', 'quantity_sold', 'gross_sales'),
'limit_on' => 0,
'limit' => 10,
'include_header' => 1,
'exclude_free' => 0
);
}
// This function generates the Product Sales Report page HTML
function hm_sbpf_page() {
$savedReportSettings = get_option('hm_psr_report_settings');
if (isset($_POST['op']) && $_POST['op'] == 'preset-del' && !empty($_POST['r']) && isset($savedReportSettings[$_POST['r']])) {
unset($savedReportSettings[$_POST['r']]);
update_option('hm_psr_report_settings', $savedReportSettings);
$_POST['r'] = 0;
echo('<script type="text/javascript">location.href = location.href;</script>');
}
$reportSettings = (empty($savedReportSettings) ?
hm_psrf_default_report_settings() :
array_merge(hm_psrf_default_report_settings(),
$savedReportSettings[
isset($_POST['r']) && isset($savedReportSettings[$_POST['r']]) ? $_POST['r'] : 0
]
));
// For backwards compatibility with pre-1.4 versions
if (!empty($reportSettings['cat'])) {
$reportSettings['products'] = 'cats';
$reportSettings['product_cats'] = array($reportSettings['cat']);
}
$fieldOptions = array(
'order_id' => 'Order ID',
/*'product_id' => 'Product ID',*/
'customer_name' => 'Customer Name',
/*'variation_id' => 'Variation ID',*/
'city' => 'City',
'address' => 'Address',
'product_name' => 'Product Name',
'quantity_sold' => 'Quantity Sold',
/*'product_sku' => 'Product SKU',*/
'gross_sales' => 'Gross Sales',
'product_categories' => 'Schools',
/*'variation_attributes' => 'Variation Attributes',*/
/*'gross_after_discount' => 'Gross Sales (After Discounts)'*/
'ceremony_date' => 'Ceremony Date',
'ceremony_time' => 'Ceremony Time',
);
include(dirname(__FILE__).'/admin.php');
}
// Hook into WordPress init; this function performs report generation when
// the admin form is submitted
add_action('init', 'hm_sbpf_on_init', 9999);
function hm_sbpf_on_init() {
global $pagenow;
// Check if we are in admin and on the report page
if (!is_admin())
return;
if ($pagenow == 'admin.php' && isset($_GET['page']) && $_GET['page'] == 'hm_sbpf' && !empty($_POST['hm_sbp_do_export'])) {
// Verify the nonce
check_admin_referer('hm_sbpf_do_export');
$newSettings = array_intersect_key($_POST, hm_psrf_default_report_settings());
foreach ($newSettings as $key => $value)
if (!is_array($value))
$newSettings[$key] = htmlspecialchars($value);
// Update the saved report settings
$savedReportSettings = get_option('hm_psr_report_settings');
$savedReportSettings[0] = array_merge(hm_psrf_default_report_settings(), $newSettings);
update_option('hm_psr_report_settings', $savedReportSettings);
// Check if no fields are selected or if not downloading
if (empty($_POST['fields']) || empty($_POST['hm_sbp_download']))
return;
// Assemble the filename for the report download
$filename = 'Product Sales - ';
if (!empty($_POST['cat']) && is_numeric($_POST['cat'])) {
$cat = get_term($_POST['cat'], 'product_cat');
if (!empty($cat->name))
$filename .= addslashes(html_entity_decode($cat->name)).' - ';
}
$filename .= date('Y-m-d', current_time('timestamp')).'.csv';
// Send headers
header('Content-Type: text/csv');
header('Content-Disposition: attachment; filename="'.$filename.'"');
// Output the report header row (if applicable) and body
$stdout = fopen('php://output', 'w');
if (!empty($_POST['include_header']))
hm_sbpf_export_header($stdout);
hm_sbpf_export_body($stdout);
exit;
}
}
// This function outputs the report header row
function hm_sbpf_export_header($dest, $return=false) {
$header = array();
foreach ($_POST['fields'] as $field) {
switch ($field) {
case 'order_id':
$header[] = 'Order ID';
break;
case 'product_name':
$header[] = 'Product Name';
break;
case 'quantity_sold':
$header[] = 'Quantity Sold';
break;
case 'gross_sales':
$header[] = 'Gross Sales';
break;
case 'product_categories':
$header[] = 'Schools';
break;
case 'customer_name':
$header[] = 'Customer Name';
break;
case 'city':
$header[] = 'City';
break;
case 'address':
$header[] = 'Address';
break;
case 'ceremony_date':
$header[] = 'Ceremony Date';
break;
case 'ceremony_time':
$header[] = 'Ceremony Time';
break;
}
}
if ($return)
return $header;
fputcsv($dest, $header);
}
// This function generates and outputs the report body rows
function hm_sbpf_export_body($dest, $return=false) {
global $woocommerce, $wpdb;
$product_ids = array();
if ($_POST['products'] == 'cats') {
$cats = array();
foreach ($_POST['product_cats'] as $cat)
if (is_numeric($cat))
$cats[] = $cat;
$product_ids = get_objects_in_term($cats, 'product_cat');
} else if ($_POST['products'] == 'ids') {
foreach (explode(',', $_POST['product_ids']) as $productId) {
$productId = trim($productId);
if (is_numeric($productId))
$product_ids[] = $productId;
}
}
// Calculate report start and end dates (timestamps)
switch ($_POST['report_time']) {
case '0d':
$end_date = strtotime('midnight', current_time('timestamp'));
$start_date = $end_date;
break;
case '1d':
$end_date = strtotime('midnight', current_time('timestamp')) - 86400;
$start_date = $end_date;
break;
case '7d':
$end_date = strtotime('midnight', current_time('timestamp')) - 86400;
$start_date = $end_date - (86400 * 6);
break;
case '1cm':
$start_date = strtotime(date('Y-m', current_time('timestamp')).'-01 midnight -1month');
$end_date = strtotime('+1month', $start_date) - 86400;
break;
case '0cm':
$start_date = strtotime(date('Y-m', current_time('timestamp')).'-01 midnight');
$end_date = strtotime('+1month', $start_date) - 86400;
break;
case '+1cm':
$start_date = strtotime(date('Y-m', current_time('timestamp')).'-01 midnight +1month');
$end_date = strtotime('+1month', $start_date) - 86400;
break;
case '+7d':
$start_date = strtotime('midnight', current_time('timestamp')) + 86400;
$end_date = $start_date + (86400 * 6);
break;
case '+30d':
$start_date = strtotime('midnight', current_time('timestamp')) + 86400;
$end_date = $start_date + (86400 * 29);
break;
case 'custom':
$end_date = strtotime('midnight', strtotime($_POST['report_end']));
$start_date = strtotime('midnight', strtotime($_POST['report_start']));
break;
default: // 30 days is the default
$end_date = strtotime('midnight', current_time('timestamp')) - 86400;
$start_date = $end_date - (86400 * 29);
}
// Assemble order by string
$orderby = (in_array($_POST['orderby'], array('product_id', 'gross', 'gross_after_discount')) ? $_POST['orderby'] : 'quantity');
$orderby .= ' '.($_POST['orderdir'] == 'asc' ? 'ASC' : 'DESC');
// Create a new WC_Admin_Report object
include_once($woocommerce->plugin_path().'/includes/admin/reports/class-wc-admin-report.php');
$wc_report = new WC_Admin_Report();
$wc_report->start_date = $start_date;
$wc_report->end_date = $end_date;
//echo(date('Y-m-d', $end_date));
$where_meta = array();
if ($_POST['products'] != 'all') {
$where_meta[] = array(
'type' => 'order_item_meta',
'meta_key' => '_product_id',
'operator' => 'in',
'meta_value' => $product_ids
);
}
if (!empty($_POST['exclude_free'])) {
$where_meta[] = array(
'meta_key' => '_line_total',
'meta_value' => 0,
'operator' => '!=',
'type' => 'order_item_meta'
);
}
// Get report data
// Avoid max join size error
$wpdb->query('SET SQL_BIG_SELECTS=1');
// Prevent plugins from overriding the order status filter
add_filter('woocommerce_reports_order_statuses', 'hm_psrf_report_order_statuses', 9999);
// Based on woocoommerce/includes/admin/reports/class-wc-report-sales-by-product.php
$sold_products = $wc_report->get_order_report_data(array(
'data' => array(
'_product_id' => array(
'type' => 'order_item_meta',
'order_item_type' => 'line_item',
'function' => '',
'name' => 'product_id'
),
'_qty' => array(
'type' => 'order_item_meta',
'order_item_type' => 'line_item',
'function' => 'SUM',
'name' => 'quantity'
),
'_line_subtotal' => array(
'type' => 'order_item_meta',
'order_item_type' => 'line_item',
'function' => 'SUM',
'name' => 'gross'
),
'_line_total' => array(
'type' => 'order_item_meta',
'order_item_type' => 'line_item',
'function' => 'SUM',
'name' => 'gross_after_discount'
),
/*usama*/
'order_id' => array(
'type' => 'order_item',
'order_item_type' => 'line_item',
'function' => '',
'name' => 'order_id'
)
/*usama*/
),
'query_type' => 'get_results',
'group_by' => 'order_id',
'where_meta' => $where_meta,
'order_by' => $orderby,
'limit' => (!empty($_POST['limit_on']) && is_numeric($_POST['limit']) ? $_POST['limit'] : ''),
'filter_range' => ($_POST['report_time'] != 'all'),
'order_types' => wc_get_order_types('order_count'),
'order_status' => hm_psrf_report_order_statuses()
));
// Remove report order statuses filter
remove_filter('woocommerce_reports_order_statuses', 'hm_psrf_report_order_statuses', 9999);
if ($return)
$rows = array();
// Output report rows
foreach ($sold_products as $product) {
$row = array();
/*usama*/
$order = wc_get_order($product->order_id);
$customerName = $order->get_billing_first_name().' '.$order->get_billing_last_name();
$billingCity = $order->get_billing_city();
$billingAddress1 = $order->get_billing_address_1();
//echo $product->order_id;
//echo $customerName.$city.$billingAddress1;
//echo '<pre>';print_r($order);exit;
/*usama*/
foreach ($_POST['fields'] as $field) {
switch ($field) {
case 'order_id':
$row[] = $product->order_id;
break;
case 'product_name':
$row[] = html_entity_decode(get_the_title($product->product_id));
break;
case 'quantity_sold':
$row[] = $product->quantity;
break;
case 'gross_sales':
$row[] = $product->gross;
break;
/*case 'variation_id':
$row[] = (empty($product->variation_id) ? '' : $product->variation_id);
break;
case 'product_sku':
$row[] = get_post_meta($product->product_id, '_sku', true);
break;*/
case 'product_categories':
$terms = get_the_terms($product->product_id, 'product_cat');
if (empty($terms)) {
$row[] = '';
} else {
$categories = array();
foreach ($terms as $term)
$categories[] = $term->name;
$row[] = implode(', ', $categories);
}
break;
case 'customer_name':
$row[] = $customerName;
break;
case 'city':
$row[] = $billingCity;
break;
case 'address':
$row[] = $billingAddress1;
break;
/*case 'gross_after_discount':
$row[] = $product->gross_after_discount;
break;*/
/*usama*/
case 'ceremony_date':
$row[] = $order->get_meta( '_billing_myfield12', true );
break;
case 'ceremony_time':
$row[] = $order->get_meta( '_billing_myfield13', true );
break;
}
}
if ($return)
$rows[] = $row;
else
fputcsv($dest, $row);
}
if ($return)
return $rows;
}
add_action('admin_enqueue_scripts', 'hm_psrf_admin_enqueue_scripts');
function hm_psrf_admin_enqueue_scripts() {
wp_enqueue_style('hm_psrf_admin_style', plugins_url('css/hm-product-sales-report.css', __FILE__));
wp_enqueue_style('pikaday', plugins_url('css/pikaday.css', __FILE__));
wp_enqueue_script('moment', plugins_url('js/moment.min.js', __FILE__));
wp_enqueue_script('pikaday', plugins_url('js/pikaday.js', __FILE__));
}
// Schedulable email report hook
add_filter('pp_wc_get_schedulable_email_reports', 'hm_psrf_add_schedulable_email_reports');
function hm_psrf_add_schedulable_email_reports($reports) {
$reports['hm_psr'] = array(
'name' => 'Product Sales Report',
'callback' => 'hm_psrf_run_scheduled_report',
'reports' => array(
'last' => 'Last used settings'
)
);
return $reports;
}
function hm_psrf_run_scheduled_report($reportId, $start, $end, $args=array(), $output=false) {
$savedReportSettings = get_option('hm_psr_report_settings');
if (!isset($savedReportSettings[0]))
return false;
$prevPost = $_POST;
$_POST = $savedReportSettings[0];
$_POST['report_time'] = 'custom';
$_POST['report_start'] = date('Y-m-d', $start);
$_POST['report_end'] = date('Y-m-d', $end);
$_POST = array_merge($_POST, array_intersect_key($args, $_POST));
if ($output) {
echo('<table><thead><tr>');
foreach (hm_sbpf_export_header(null, true) as $heading) {
echo("<th>$heading</th>");
}
echo('</tr></thead><tbody>');
foreach (hm_sbpf_export_body(null, true) as $row) {
echo('<tr>');
foreach ($row as $cell)
echo('<td>'.htmlspecialchars($cell).'</td>');
echo('</tr>');
}
echo('</tbody></table>');
$_POST = $prevPost;
return;
}
$filename = get_temp_dir().'/Product Sales Report.csv';
$out = fopen($filename, 'w');
if (!empty($_POST['include_header']))
hm_sbpf_export_header($out);
hm_sbpf_export_body($out);
fclose($out);
$_POST = $prevPost;
return $filename;
}
function hm_psrf_report_order_statuses() {
$wcOrderStatuses = wc_get_order_statuses();
$orderStatuses = array();
if (!empty($_POST['order_statuses'])) {
foreach ($_POST['order_statuses'] as $orderStatus) {
if (isset($wcOrderStatuses[$orderStatus]))
$orderStatuses[] = substr($orderStatus, 3);
}
}
return $orderStatuses;
}
/* Review/donate notice */
register_activation_hook(__FILE__, 'hm_psrf_first_activate');
function hm_psrf_first_activate() {
$pre = 'hm_psr';
$firstActivate = get_option($pre.'_first_activate');
if (empty($firstActivate)) {
update_option($pre.'_first_activate', time());
}
}
if (is_admin() && get_option('hm_psr_rd_notice_hidden') != 1 && time() - get_option('hm_psr_first_activate') >= (14*86400)) {
add_action('admin_notices', 'hm_psrf_rd_notice');
add_action('wp_ajax_hm_psrf_rd_notice_hide', 'hm_psrf_rd_notice_hide');
}
function hm_psrf_rd_notice() {
$pre = 'hm_psr';
$slug = 'product-sales-report-for-woocommerce';
echo('
<div id="'.$pre.'_rd_notice" class="updated notice is-dismissible"><p>Do you use the <strong>Product Sales Report</strong> plugin?
Please support our free plugin by <a href="" target="_blank">making a donation</a>!product-sales-report-for-woocommerce
Thanks!</p></div>
<script>jQuery(document).ready(function($){$(\'#'.$pre.'_rd_notice\').on(\'click\', \'.notice-dismiss\', function(){jQuery.post(ajaxurl, {action:\'hm_psrf_rd_notice_hide\'})});});</script>
');
}
function hm_psrf_rd_notice_hide() {
$pre = 'hm_psr';
update_option($pre.'_rd_notice_hidden', 1);
}
?>
I am using this script for "remember me" option: if (isset($_POST['rememberme'])) { /* Set cookie to last 1 year */ setcookie('username', $_POST['user_name'], time() + 60 * 60 * 24 * 365); setcookie('password', sha1($_POST['user_pass']), time() + 60 * 60 * 24 * 365); } Is it safe to save user data in cookie or there is better way? Can somebody steal password if there is more than one user at same computer? What do you suggest? |
|||||||