Use separate required.php for online store

2018-06-23 19:05:20 -06:00 · 2018-06-23 19:05:20 -06:00 · 78187b5224
commit 78187b5224
parent 275c32f2dd
5 changed files with 174 additions and 13 deletions
--- a/public/action.php
+++ b/public/action.php
@ -6,7 +6,7 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

-require_once __DIR__ . "/../required.php";
+require_once __DIR__ . "/required.php";
 require_once __DIR__ . "/lib/item.php";

 switch ($VARS['action']) {
--- a/public/index.php
+++ b/public/index.php
@ -6,7 +6,7 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

-require_once __DIR__ . "/../required.php";
+require_once __DIR__ . "/required.php";

 define("NICKELBOX", true);

@ -16,6 +16,7 @@ $config = $database->select("config", ['key', 'value']);
 $settings = [
    "sitename" => "Shop",
    "theme" => "default",
+    "tax" => 8.5,
 ];
 foreach ($config as $c) {
    $settings[$c['key']] = $c['value'];
--- a/public/lib/item.php
+++ b/public/lib/item.php
@ -6,7 +6,7 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

-require_once __DIR__ . "/../../required.php";
+require_once __DIR__ . "/../required.php";

 class Item {

@ -115,6 +115,7 @@ END;
        $catid = $item->getCategoryId();
        $catname = $item->getCategoryName();
        $price = $item->getPrice();
+        $linetotal = number_format($price * $qty, 2);
        $html = <<<END
 <div class="list-group-item d-flex flex-wrap">
    <div>
@ -132,6 +133,7 @@ END;
            <input type="hidden" name="item" value="$id" />
            <input type="hidden" name="action" value="updatecart" />
        </form>
+        <div class="text-right"><b>$$linetotal</b></div>
    </div>
 </div>
 END;
--- a/public/parts/cart.php
+++ b/public/parts/cart.php
@ -1,5 +1,4 @@
 <?php
-
 /*
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
@ -16,6 +15,20 @@ if (!empty($_SESSION['cart'])) {
    $cart = $_SESSION['cart'];
 }

+$total = 0.0;
+$tax = 0.0;
+$listhtml = "";
+if (count($cart) > 0) {
+    foreach ($cart as $i => $qty) {
+        $item = new Item($i);
+        $listhtml .= RenderItem::cart($item, $qty);
+        $total += ($item->getPrice() * $qty);
+    }
+} else {
+    $listhtml = "<p>The cart is empty.</p>";
+}
+
+$tax = $total * ($settings['tax'] / 100.0);
 ?>

 <div class="container mt-4">
@ -23,15 +36,33 @@ if (!empty($_SESSION['cart'])) {

    <div class="list-group list-group-flush">
        <?php
-        if (count($cart) > 0) {
-            foreach ($cart as $i => $qty) {
-                echo RenderItem::cart(new Item($i), $qty);
-            }
-        } else {
-            ?>
-            <p>The cart is empty.</p>
-            <?php
-        }
+        echo $listhtml;
        ?>
    </div>
+
+    <div class="d-flex mt-3 justify-content-between">
+        <div class="ml-auto text-right">
+            <?php
+            if ($tax > 0.0) {
+                ?>
+                <h5 class="mr-3">
+                    Subtotal: <?php
+                    echo "$" . number_format($total, 2);
+                    ?>
+                </h5>
+                <h5 class="mr-3">
+                    Tax: <?php
+                    echo "$" . number_format($tax, 2);
+                    ?>
+                </h5>
+                <?php
+            }
+            ?>
+            <h4 class="mr-3">
+                Total: <?php
+                echo "$" . number_format($total + $tax, 2);
+                ?>
+            </h4>
+        </div>
+    </div>
 </div>
--- a/public/required.php
+++ b/public/required.php
@ -0,0 +1,127 @@
+<?php
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * This file contains global settings and utility functions.
+ */
+ob_start(); // allow sending headers after content
+// Settings file
+require __DIR__ . '/../settings.php';
+
+// Unicode, solves almost all stupid encoding problems
+header('Content-Type: text/html; charset=utf-8');
+
+// Strip PHP version
+header('X-Powered-By: PHP');
+
+// Security
+header('X-Content-Type-Options: nosniff');
+header('X-XSS-Protection: 1; mode=block');
+header('X-Frame-Options: "DENY"');
+header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
+$SECURE_NONCE = base64_encode(random_bytes(8));
+
+$session_length = 60 * 60 * 24 * 2; // 2 days
+ini_set('session.gc_maxlifetime', $session_length);
+session_set_cookie_params($session_length, "/", null, false, false);
+
+session_start(); // stick some cookies in it
+// renew session cookie
+setcookie(session_name(), session_id(), time() + $session_length, "/", false, false);
+
+header("Content-Security-Policy: "
+        . "default-src 'self';"
+        . "object-src 'none'; "
+        . "img-src * data:; "
+        . "media-src 'self'; "
+        . "frame-src 'self'; "
+        . "font-src 'self'; "
+        . "connect-src *; "
+        . "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; "
+        . "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server");
+
+//
+// Composer
+require __DIR__ . '/../vendor/autoload.php';
+
+/**
+ * Kill off the running process and spit out an error message
+ * @param string $error error message
+ */
+function sendError($error) {
+    global $SECURE_NONCE;
+    die("<!DOCTYPE html>"
+            . "<meta charset=\"UTF-8\">"
+            . "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">"
+            . "<title>Error</title>"
+            . "<style nonce=\"" . $SECURE_NONCE . "\">"
+            . "h1 {color: red; font-family: sans-serif; font-size: 20px; margin-bottom: 0px;} "
+            . "h2 {font-family: sans-serif; font-size: 16px;} "
+            . "p {font-family: monospace; font-size: 14px; width: 100%; wrap-style: break-word;} "
+            . "i {font-size: 12px;}"
+            . "</style>"
+            . "<h1>A fatal application error has occurred.</h1>"
+            . "<i>(This isn't your fault.)</i>"
+            . "<h2>Details:</h2>"
+            . "<p>" . htmlspecialchars($error) . "</p>");
+}
+
+date_default_timezone_set(TIMEZONE);
+
+// Database settings
+// Also inits database and stuff
+use Medoo\Medoo;
+
+$database;
+$binstack;
+try {
+    $database = new Medoo([
+        'database_type' => DB_TYPE,
+        'database_name' => DB_NAME,
+        'server' => DB_SERVER,
+        'username' => DB_USER,
+        'password' => DB_PASS,
+        'charset' => DB_CHARSET
+    ]);
+    $binstack = new Medoo([
+        'database_type' => BINSTACK_DB_TYPE,
+        'database_name' => BINSTACK_DB_NAME,
+        'server' => BINSTACK_DB_SERVER,
+        'username' => BINSTACK_DB_USER,
+        'password' => BINSTACK_DB_PASS,
+        'charset' => BINSTACK_DB_CHARSET
+    ]);
+} catch (Exception $ex) {
+    //header('HTTP/1.1 500 Internal Server Error');
+    sendError("Database error.  Try again later.  $ex");
+}
+
+
+if (!DEBUG) {
+    error_reporting(0);
+} else {
+    error_reporting(E_ALL);
+    ini_set('display_errors', 'On');
+}
+
+
+$VARS;
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $VARS = $_POST;
+    define("GET", false);
+} else {
+    $VARS = $_GET;
+    define("GET", true);
+}
+
+/**
+ * Checks if a string or whatever is empty.
+ * @param $str The thingy to check
+ * @return boolean True if it's empty or whatever.
+ */
+function is_empty($str) {
+    return (is_null($str) || !isset($str) || $str == '');
+}