<?/* mymarket.php (c) 2000 Ying Zhang (ying@zippydesign.com) * * TERMS OF USAGE: * This file was written and developed by Ying Zhang (ying@zippydesign.com) * for educational and demonstration purposes only.  You are hereby granted the * rights to use, modify, and redistribute this file as you like.  The only * requirement is that you must retain this notice, without modifications, at * the top of your source code.  No warranties or guarantees are expressed or * implied. DO NOT use this code in a production environment without * understanding the limitations and weaknesses pretaining to or caused by the * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK! */function is_logged_in() {/* this function will return true if the user has logged in.  a user is logged * in if the $SESSION["user"] is set (by the login.php page) and also if the * remote IP address matches what we saved in the session ($SESSION["ip"]) * from login.php -- this is not a robust or secure check by any means, but it * will do for now */	global $SESSION, $REMOTE_ADDR;	return isset($SESSION)		&& isset($SESSION["user"])		&& isset($SESSION["ip"])		&& $SESSION["ip"] == $REMOTE_ADDR;}function require_login() {/* this function checks to see if the user is logged in.  if not, it will show * the login screen before allowing the user to continue */	global $CFG, $SESSION;	if (! is_logged_in()) {		$SESSION["wantsurl"] = qualified_me();		redirect("$CFG->wwwroot/login.php");	}}function require_priv($priv) {/* this function checks to see if the user has the privilege $priv.  if not, * it will display an Insufficient Privileges page and stop */	global $CFG, $SESSION;	if (! $SESSION["user"]["priv"] == $priv) {		include("$CFG->templatedir/insufficient_privileges.php");		die;	}}function has_priv($priv) {/* returns true if the user has the privilege $priv */	global $SESSION;	return $SESSION["user"]["priv"] == $priv;}function build_category_tree(&$output, &$preselected, $parent=0, $indent="") {/* recursively go through the category tree, starting at a parent, and * drill down, printing options for a selection list box.  preselected * items are marked as being selected.  this is not an efficient algorithm * because it has to issue one query per category!!  it's only used because it * is easy to understand. */	$qid = db_query("SELECT id, name FROM categories WHERE parent_id = $parent");	while ($cat =  db_fetch_object($qid)) {		$selected = in_array($cat->id, $preselected) ? "selected" : "";		$output .= "<option value=\"" . ov($cat->id) . "\" $selected>$indent" . ov($cat->name);		if ($cat->id != $parent) {			build_category_tree($output, $preselected, $cat->id, $indent."&nbsp;&nbsp;");		}	}}function generate_password($maxlen=10) {/* returns a randomly generated password of length $maxlen.  inspired by * http://www.phpbuilder.com/columns/jesus19990502.php3 */	global $CFG;	$fillers = "1234567890!@#$%&*-_=+^";	$wordlist = file($CFG->wordlist);	srand((double) microtime() * 1000000);	$word1 = trim($wordlist[rand(0, count($wordlist) - 1)]);	$word2 = trim($wordlist[rand(0, count($wordlist) - 1)]);	$filler1 = $fillers[rand(0, strlen($fillers) - 1)];	return substr($word1 . $filler1 . $word2, 0, $maxlen);}function err(&$errorvar) {/* if $errorvar is set, then print an error marker << */	if (isset($errorvar)) {		echo "<font color=#ff0000>&lt;&lt;</font>";	}}function err2(&$errorvar) {/* like err(), but prints the marker >> */	if (isset($errorvar)) {		echo "<font color=#ff0000>&gt;&gt;</font>";	}}function username_exists($username) {/* returns the true if the username exists */	$qid = db_query("SELECT 1 FROM users WHERE username = '$username'");	return db_num_rows($qid);}function email_exists($email) {/* returns true the email address exists */	$qid = db_query("SELECT 1 FROM users WHERE email = '$email'");	return db_num_rows($qid);}function reset_user_password($username) {/* resets the password for the user with the username $username, and sends it * to him/her via email */	global $CFG;	/* load up the user record */	$qid = db_query("SELECT username, firstname, lastname, email FROM users WHERE username = '$username'");	$user = db_fetch_object($qid);	/* reset the password */	$newpassword = generate_password();	$qid = db_query("UPDATE users SET password = '" . md5($newpassword) ."' WHERE username = '$username'");	/* email the user with the new account information */	$var = new Object;	$var->username = $user->username;	$var->fullname = $user->firstname . " " . $user->lastname;	$var->newpassword = $newpassword;	$var->support = $CFG->support;	$emailbody = read_template("$CFG->templatedir/email/reset_password.php", $var);	mail(		"$var->fullname <$user->email>",		"MyMarket Account Information",		$emailbody,		"From: $var->support");}function get_category_tree($id=0) {/* returns a tree of the product categories, starting from the top to the * category specified by $id */	global $CFG;	$qid = db_query("SELECT parent_id, name FROM categories WHERE id = $id");	if (db_num_rows($qid)) {		list($parent, $name) = db_fetch_row($qid);		$name = "<a href='$CFG->wwwroot/shopping?id=$id'>$name</a>";	} else {		$parent = 0;		$name = "";	}	if ($parent > 0) {				return print_category_tree($parent) . " &gt; " . $name;	} elseif ($id > 0) {		return "<a href='$CFG->wwwroot/shopping'>Top</a> &gt; " . $name;	} elseif ($id == 0) {		return "<a href='$CFG->wwwroot/shopping'>Top</a>";	}}function print_category_tree($id=false) {/* prints the category tree by calling get_category_tree */	echo get_category_tree($id);}function get_cart_items() {/* return a $qid of all the items in the shopping cart */	global $SESSION;	$in_clause = $SESSION["cart"]->get_productid_list();	if (empty($in_clause)) {		return false;	}	return db_query("SELECT id, name, price FROM products WHERE id IN ($in_clause)");}function chop_ccnum($ccnum) {/* this function returns the the first and last 4 digits of the credit card number * and the expiry date.  it is mainly used when we want to display the credit * card number on the screen etc. but we don't want to reveal the whole thing */ 	return substr($ccnum, 0, 4) . "..." . substr($ccnum, -4);}function save_orderinfo(&$frm) {/* this function saves the order information into the session variable * $SESSION["orderinfo"].  it is used in the purchase confirmation stage */	global $SESSION;		$order = new Object();	$order->customer = $frm["customer"];	$order->contact = $frm["contact"];	$order->address = $frm["address"];	$order->creditcard = $frm["creditcard"];	$order->expiry = $frm["expiry"];	$order->comments = $frm["comments"];		$SESSION["orderinfo"] = $order;}function load_orderinfo() {/* this function is the counterpart to save_orderinfo.  it is used to * retrieve the order information in the complete order page */	global $SESSION;		if (empty($SESSION["orderinfo"])) {		return false;	} else {		return $SESSION["orderinfo"];	}}function clear_orderinfo() {/* this function is called to clear the orderinfo session variable, it should * be used after an order was successfully completed */	global $SESSION;	unset($SESSION["orderinfo"]);}?>