-
Notifications
You must be signed in to change notification settings - Fork 1
/
payment_information.php
133 lines (120 loc) · 3.23 KB
/
payment_information.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
<?php
/**
* Version : 0.1
* Author: Battulga Myagmarjav
*/
/* get connect to the MYSQL server */
require 'connect.php';
session_start();
$username = $_SESSION['username'];
/* selecting all cards for reference */
$query = "SELECT Card_number
FROM payment_information
WHERE Username = '" . $username . "';";
$cards = mysql_query($query);
/* inserting a new card */
$query_insert_card = "INSERT INTO payment_information
VALUES(";
/* deleting a card*/
$query_delete_card = "DELETE FROM payment_information
WHERE Card_number = ";
$error_msg = $error_deletion = "";
$card_number = $name = $exp_date = $cvv = "";
$legal = true;
/* save card based on user input */
if (isset($_POST['save'])) {
if (empty($_POST['name']) ||
empty($_POST['card_number'] ||
empty($_POST['exp_date']) ||
empty($_POST['cvv'])))
{
$error_msg = "All inputs are required!";
$legal = false;
}
if(!ctype_digit($_POST['card_number'])) {
$error_msg = "Card number must be only numbers!";
$legal = false;
}
if(!ctype_digit($_POST['cvv'])) {
$error_msg = "CVV must be only numbers!";
$legal = false;
}
if(!ctype_alpha($_POST['name'])) {
$error_msg = "Name cannot contain numbers!";
$legal = false;
}
// if(ctype_alpha($_POST['exp_date']) < ) {
// $error_msg = "Name cannot contain numbers!";
// $legal = false;
// }
/* if user inputs are legal, then process */
if ($legal) {
$card_number = $_POST['card_number'];
$name = $_POST['name'];
$exp_date = $_POST['exp_date'];
$cvv = $_POST['cvv'];
$query_insert_card .= $card_number . ", '" .
$name . "', '" .
$exp_date . "', " .
$cvv . ", '" .
$username . "');";
mysql_query($query_insert_card);
$cards = mysql_query($query); //refreshes
}
}
/* delete card based on user selection if there is any card */
if (isset($_POST['delete']) && $_POST['card'] != 'none') {
$query_delete_card .= $_POST['card'] . ";";
mysql_query($query_delete_card);
$cards = mysql_query($query); //refreshes
}
/* selection fails to pick */
if (isset($_POST['delete']) && $_POST['card'] == 'none') {
$error_deletion = "Select your card!";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Payment Information</title>
</head>
<body style="text-align: center;">
<h1>Payment Information</h1>
<h3>Add Card</h3>
<?php echo $error_msg;?>
<form method="post">
Name on Card
<input type="text" name="name">
<br>
Card Number
<input type="text" name="card_number" minlength='16' maxlength='16'>
<br>
Expiration Date
<input type="date" name="exp_date">
<br>
CVV
<input type="text" name="cvv" minlength='3' maxlength='3'>
<br>
<input type="submit" name="save" value="Save">
<form>
<h3>Deleta Card</h3>
<?php echo $error_deletion;?>
<br>
<form method="post">
Card Number
<select name="card">
<option value="none">none</option>
<?php
if (!empty($cards)) {
while ($row = mysql_fetch_assoc($cards)) {
$card = $row['Card_number'];
echo "<option value=\"" . $card . "\">" . substr($card, 0, 4) . "</option>";
}
}
?>
</select>
<br>
<input type="submit" name="delete" value="Delete">
<form>
</body>
</html>