$oldPassword = md5 $_POST['old_password'] ; // check their new password is confirmed We compare the password entered in the password box, with the password they entered in the confirmat
Trang 1Changing password
The process for allowing a customer to change their password should be
relatively simple:
1 The customer should enter their current password.
2 The customer should enter their new password.
3 The customer should enter their new password again.
4 We should then check that their current password is valid.
5 Then we should check that their new password and their confirmation of this
new password are the same.
6 We should then hash the new password and update the user's password in
the database to this hash.
Let's look at the code for processing this (Steps 1 to 3 are user actions, steps 4 to 6 are
system actions, which we must provide in our code.)
$oldPassword = md5( $_POST['old_password'] );
// check their new password is confirmed
We compare the password entered in the password box, with the password they
entered in the confirmation box, to ensure they match—if they don't and we change
the password to one of them, the customer may not know what the corrected
password is—as it would seem they made a mistake entering in one of the
password boxes This is essentially a precaution for the customer's benefit.
if( $_POST['new_password'] == $_POST['confirm_newpassword'] )
{
$uid = $this->registry->getObject('authenticate')->getUserID();
$checkPwdSQL = "SELECT * FROM users
WHERE ID={$uid} AND password='{$oldPassword}'";
$this->registry->getObject('db')->executeQuery( $checkPwdSQL );
// check their old password is validpassword is valid is valid
As it is possible that the customer left their account logged in, and someone else
could be at their computer trying to change their password, we need to confirm
that their existing password was entered, verifying it is the customer requesting
the change.
if( $this->registry->getObject('db')->numRows() == 1 )
{
$changes = array();
$changes['password'] = md5( $_POST['new_password'] );
// update their current password to the new password
Trang 2We then update the database to save the customer's new password.
$this->registry->getObject('db')->updateRecords( 'users',
$changes, 'ID=' $uid );
// output success message here
}
else
{
// do our error output here
}
}
else
{
// error output
}
Changing default delivery address
Allowing customers to change their default delivery address should be very
straightforward; we need to check if they submitted some changes, sanitize the
data, and update their details.
private function saveChangesToAccount()
{
// default delivery address
$changes = array();
// We set each array element to be part of the customer's delivery
// address, and set the value to the one the customer is
// submitting
$changes['default_shipping_name'] = $this->registry->
getObject('db')->
sanitizeData( $_POST['default_shipping_name'] );
$changes['default_shipping_address'] = $this->registry->
getObject('db')->
sanitizeData( $_POST['default_shipping_address'] );
$changes['default_shipping_address2'] = $this->registry->
getObject('db')->
sanitizeData( $_POST['default_shipping_address2'] );
$changes['default_shipping_city'] = $this->registry->
getObject('db')->
sanitizeData( $_POST['default_shipping_city'] );
$changes['default_shipping_postcode'] = $this->registry->
getObject('db')->
sanitizeData( $_POST['default_shipping_postcode'] );
$changes['default_shipping_country'] = $this->registry->
getObject('db')->
Trang 3sanitizeData( $_POST['default_shipping_country'] );
// We then update their delivery address, by making changes to the
// users_extra table
$this->registry->getObject('db')->updateRecords( 'users_extra',
$changes, 'ID='
$this->registry->getObject('authenticate')->getUserID() );
// We then update the users table, to update the customer's e-mail
// address
// e-mail address
// The format of the e-mail address should be checked ideally
$changes = array();
$changes['email'] = $this->registry->getObject('db')->
sanitizeData( $_POST['email'] );
$this->registry->getObject('db')->updateRecords( 'users',
$changes, 'ID=' $this->registry->
getObject('authenticate')->getUserID() );
$this->registry->redirectUser( 'useraccount',
'Account details changed', 'Your account details have been
saved', $admin = false );
}
Viewing orders
The orders section of a customer's account area should be broken into two areas:
List of orders, so the customer can select the order they wish to see in
more detail
Viewing order-specific details
Listing orders
To list a customer's order, we simply need a single query to lookup their orders and
their status, which we can then cache and send to the template Within the list of
orders, we would want to display the following information:
Order ID or reference
The total cost of the order
The status of the order
The date the order was placed
We may also wish to display the date the order was last updated, which
could indicate when the order was dispatched, or cancelled, or payment
was processed
•
•
•
•
•
•
•
Trang 4The following query would allow us to list all of the user's orders, detailing the time
the order was placed, the ID, the cost of products, the cost of shipping, and the status
of the order:
"SELECT os.name AS status_name, o.ID AS order_id,
(o.products_cost + o.shipping_cost) AS cost,
DATE_FORMAT(o.timestamp, '%D %b %Y') AS order_placed
FROM orders o, order_statuses os
WHERE os.ID=o.status AND o.user_id=" $this->registry->
getObject('authenticate')->getUserID()
Viewing an order
For viewing an order, we should create a model to encapsulate all of the data for the
order; this should also make things easier for us in the next chapter when we create
our administration interface.
Order model
Our order model needs to allow us to access the following information:
The customer
The delivery address
The items in the order
The total cost of the order
The shipping cost of the order
If a discount voucher was used
The status of the order
The date the order was placed
The model requires two queries to get this data: the first to get the order data itself,
and the second to get the products in the order second to get the products in the order to get the products in the order.
Query for order details
This simple query needs to get details stored in the orders table, as well as the status query needs to get details stored in the orders table, as well as the status needs to get details stored in the orders table, as well as the status
of the order, the payment method, and the shipping method:
$sql = "SELECT o.timestamp, o.user_id, o.comment, o.delivery_comment,
o.shipping_name, o.shipping_address, o.shipping_address2,
o.shipping_city, o.shipping_postcode, o.shipping_country,
o.products_cost, o.shipping_cost, o.voucher_code, os.name
•
•
•
•
•
•
•
•
Trang 5AS order_stauts, p.name AS payment_method, s.name AS
shipping_method "
"FROM orders o, payment_methods p, order_statuses os,
shipping_methods s "
."WHERE o.ID={$id} AND os.ID=o.status AND
s.ID=o.shipping_method AND p.ID=o.payment_method "
."LIMIT 1";
Once the query has been executed and if there is a result, then we can set the model
to valid, and populate its properties with data from the database If no records are
found, we must set the validity of the model to false.
$this->registry->getObject('db')->executeQuery( $sql );
if( $this->registry->getObject('db')->numRows() > 0 )
{
$this->valid = true;
$orderData = $this->registry->getObject('db')->getRows();
$this->id = $id;
$this->status = $orderData['status'];
$this->created = $orderData['timestamp'];
$this->deliveryAddress = array( $orderData['shipping_name'],
$orderData['shipping_address'],
$orderData['shipping_address2'],
$orderData['shipping_city'],
$orderData['shipping_postcode'],
$orderData['shipping_country'] );
$this->productsCost = $orderData['products_cost'];
$this->shippingCost = $orderData['shipping_cost'];
$this->orderCost = $this->productsCost + $this->shippingCost;
$this->shippingMethod = $orderData['shipping_method'];
$this->paymentMethod = $orderData['payment_method'];
$this->user = $orderData['user_id'];
$this->comment = $orderData['comment'];
$this->deliveryNote = $orderData['delivery_comment'];
// items
// items query to go here
}
else
{
$this->valid = false;
}