- Joined
- Dec 4, 2007
- Messages
- 1,936
- Reaction score
- 96
On the first page a MySQL row is added with a bunch of variables from what you enter into the field. But I want to somehow use $invoiceid in the second form too, and then do
No matter what I try, I can't seem to get it to work. I tried $_GET, but maybe I'm just doing it wrong. Can anyone offer some assistance?
theme/orderform.html
includes/orderform.php
theme/loginform.html
includes/login.php
Code:
UPDATE orders SET `email` = '$email' WHERE `invoiceid` = '$invoiceid'
No matter what I try, I can't seem to get it to work. I tried $_GET, but maybe I'm just doing it wrong. Can anyone offer some assistance?
theme/orderform.html
Code:
<div class="mainimage"><br />
<div class="ordergold">
<div class="orderform">
<div class="tablehead">
Secure Order Form
</div>
<form action="includes/orderform.php" method="post" enctype="multipart/form-data">
<div class="goldquantity">
Select Gold Quantity (Millions)<br />
<input type="text" class="forminput" name="goldquantity" value="0" required="required">
</div>
<div class="totalcost">
Total (US Dollars)<br />
<div class="formnoninput">$ 0</div>
</div>
<div class="displayname">
Display Name<br />
<input type="text" class="forminput" name="displayname" value="" required="required">
</div>
<div class="paymentmethod">
Payment Method<br />
<div class="formnoninput">Paypal</div>
</div>
<div class="clear">
</div>
<input class="continue" type="submit" value="" />
</form>
</div>
</div>
</div>
includes/orderform.php
PHP:
<?php
include('config.php');
include('functions.php');
$goldquantity = $_POST['goldquantity'];
$pricemil = 0.35;
$totalcost = $goldquantity * $pricemil;
$displayname = $_POST['displayname'];
$invoice = time();
$ipaddress = $_SERVER['REMOTE_ADDR'];
mysql_query("INSERT INTO orders(`goldquantity`, `totalcost`, `displayname`, `paymentmethod`, `invoiceid`, `ipaddress`, `complete`) VALUES('" . $goldquantity . "', '" . $totalcost . "', '" . $displayname . "', 'Paypal', '" . $invoice . "', '" . $ipaddress . "', '0')") or die(mysql_error());
echo '<meta http-equiv="REFRESH" content="0;url=../loginform.php">';
?>
theme/loginform.html
Code:
<div class="mainimage"><br />
<div class="ordergold">
<div class="orderform">
<div class="tablehead">
Secure Log In
</div>
<form action="includes/login.php" method="post" enctype="multipart/form-data">
<div class="ordertext">
To continue with your order, please log in using the form below. Alternatively if you don't have an account, please <u><a href="registerform.php">click here</a></u> to register one.
</div>
<div class="goldquantity">
E-mail Address<br />
<input type="text" class="forminput" name="email" value="" required="required">
</div>
<div class="totalcost">
Password<br />
<input type="password" class="forminput" name="password" value="" required="required">
</div>
<div class="clear">
</div>
<input class="continue" type="submit" value="" />
</form>
</div>
</div>
</div>
includes/login.php
PHP:
<?php
session_start();
include('config.php');
include('functions.php');
$email = clean($_POST['email']);
$passwordb = clean($_POST['password']);
$invoiceid = $_GET['invoiceid'];
$password = passwordenc($email, $passwordb);
mysql_query("UPDATE orders SET email = '$email' WHERE invoiceid = '$invoiceid'") or die(mysql_error());
$qry = "SELECT * FROM users WHERE email = '$email' AND password = '".$password."'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) == 1) {
session_regenerate_id();
$get = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $get['id'];
$_SESSION['SESS_NAME'] = $get['email'];
session_write_close();
header("location: ../idupload.php");
exit();
}else {
header("location: ../loginform.php");
exit();
}
}else {
header("location: ../idupload.php");
}
?>