Sindbad~EG File Manager
<?php
// 9.14.10 modified to store only last 4 digits of credit card number in the database.
// 1.26.11 added code to check first digit and deduce credit card type.
// 4.25.11 changed "Mastercard" to "MasterCard" as that is what ValidateCreditCard.php expects.
// 1.17.12 added two more email addresses for test transactions
// Nov. 14 added code for SimplifyCommerce
// 2.12.15 added code to validate state and city are at least one character.
session_start();
require_once('DB.php');
require_once('query.php');
require_once('ValidateCreditCard.php');
require_once('dates.php');
require_once("./SimplifyCommerce/lib/Simplify.php");
$SandboxPublicKey = 'sbpb_NDVjMjQ5N2UtZjEwYS00NGU5LWFmNmQtZmNhMGU2YjU0Nzhm';
$SandboxPrivateKey = 'mNcpIeiGTEudFE46c83VtFv7hEBRjUrIXxndku3VtbB5YFFQL0ODSXAOkNtXTToq';
$LivePublicKey = 'lvpb_YjU5MGI0MDAtY2EwYi00NjAwLWFlN2QtMDIwMDg1OWIzMzI2';
$LivePrivateKey = 'oSd8dXbCyTuV4x4LEptam4HNlk8k+YHBN5PK9GDmdPJ5YFFQL0ODSXAOkNtXTToq';
$PromoCode = trim($_SESSION['PromoCode']);
function promoPrice($PromoCode,$productid, $price)
// price is the price stored in the database.
{ if ($PromoCode == "345XYMarch2007")
return ($price + 0.05) * 0.5 - 0.05; // half price, but then forced to end in .95
// other promotion codes can go here in the future
return $price; // regular price for any other entry in the PromoCode field
}
function writeRed($errmsg)
{ echo "<P> <em><font color=\"#FF0000\">";
echo $errmsg;
echo "</font></em></P>";
}
if(is_null($_SESSION['CustomerID']) || is_null($_SESSION['OrderID'] || is_null($_SESSION['PaymentType'])))
header("Location:index.php"); // got here by typing in the URL maybe
$ptype = "credit card"; // we no longer ask them to choose one; formerly this was $_SESSION['PaymentType'];
if(!empty($_SESSION['CustomerType']))
$ctype = $_SESSION['CustomerType'];
else
$ctype = "individual";
if(!empty($_SESSION['SessionShippingMethodID']))
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
else
$ShippingMethodID = 1; // download only
if(is_null($_GET['State']))
$PageState='Enter';
else
$PageState=$_GET['State'];
$format = "%01.2f"; // good for American currency, dollars and cents
function hidden_field($Name, $Value)
// echo a hidden field description
{ echo "<input type='hidden' name='$Name' value='$Value' >";
}
global $FirstName,$LastName,$BillingAddress,$City,$StateOrProvince,$Country,$PostalCode,$Email;
function display_billing_info($cid)
// display the billing name, address, and phone
{ global $FirstName,$LastName,$BillingAddress,$City,$StateOrProvince,$Country,$PostalCode,$Email;
$sql = "SELECT ContactFirstName,ContactLastName, BillingAddress, City, StateOrProvince, Country, PostalCode, Email FROM Customers WHERE CustomerID='$cid';";
$q = query($sql);
$q->fetchInto($row);
$FirstName = $row[0];
$LastName = $row[1];
$BillingAddress = $row[2];
$City = $row[3];
$StateOrProvince = $row[4];
$Country = $row[5];
$PostalCode = $row[6];
$Email = $row[7];
echo address($FirstName, $LastName, $BillingAddress, $City, $StateOrProvince, $PostalCode,$Country);
}
function address($FirstName, $LastName, $BillingAddress, $City, $StateOrProvince, $PostalCode, $Country)
{ if($Country == "US")
echo "$FirstName $LastName <br> $BillingAddress <br> $City, $StateOrProvince $PostalCode";
else if($Country == "Mexico") // countries where postal code comes after city and state
echo "$FirstName $LastName <br> $BillingAddress <br> $City, $StateOrProvince $PostalCode <br> $Country";
else // countries where postal code precedes city, the norm in most of the world
echo "$FirstName $LastName <br> $BillingAddress <br> $PostalCode $City, $StateOrProvince <br> $Country";
}
global $ShipFirstName,$ShipLastName,$ShipAddress,$ShipCity,$ShipStateOrProvince,$ShipCountry,$ShipPostalCode,$FreightCharge;
function display_shipping_info($oid)
// display the shipping name, address, and phone
{ global $ShipFirstName,$ShipLastName,$ShipAddress,$ShipCity,$ShipStateOrProvince,$ShipCountry,$ShipPostalCode, $FreightCharge;
$sql = "SELECT ShipFirstName, ShipLastName, ShipAddress, ShipCity, ShipStateOrProvince, ShipCountry, ShipPostalCode, FreightCharge FROM Orders WHERE OrderID = '$oid';";
$q = query($sql);
$q->fetchInto($row);
$ShipFirstName = $row[0];
$ShipLastName = $row[1];
$ShipAddress = $row[2];
$ShipCity = $row[3];
$ShipStateOrProvince = $row[4];
$ShipCountry = $row[5];
$ShipPostalCode = $row[6];
$FreightCharge = $row[7];
echo address($ShipFirstName, $ShipLastName, $ShipAddress, $ShipCity, $ShipStateOrProvince, $ShipPostalCode, $ShipCountry);
}
// Get the customer's email address. We only need this so it can recognize beeson@cruzio.com and
// create a test transaction in that case.
$sql = "SELECT Email FROM Customers WHERE CustomerID='$CustomerID';";
$q = Query($sql);
$q->fetchInto($rows);
$Email = $rows[0];
$Errmsg = "";
$msg = "true";
if($PageState == 'Edit')
{ // form has been submitted, so validate the credit card number and the expiration date
$email = $_POST['x_email'];
$test = false;
if($email == 'beesonpublic@gmail.com' ||
$email == 'profbeeson@gmail.com' ||
$email == 'ProfBeeson@gmail.com' ||
$email == 'beeson@cruzio.com')
$test = true;
if($ptype == "Purchase Order")
{ $Errmsg = "To pay by purchase order, send email to ContactHelpWithMath at gmail.com.";
}
else
{ $CardNumber = $_POST['x_card_num'];
$CVC = $_POST['x_cvc'];
if(strlen($CVC)!= 3 ||!is_numeric($CVC))
{ $Errmsg = "Security code must be 3 digits. You entered $CVC.";
}
$FirstDigit = $CardNumber[0];
if($FirstDigit == 5)
{ $CardType = "MasterCard";
$ptype = "MasterCard";
}
else if ($FirstDigit == 4)
{ $CardType = "Visa";
$ptype = "Visa";
}
if($FirstDigit == 4 || $FirstDigit == 5)
{ if($test == true && $CardNumber == "5555555555554444") // used for testing with SimplifyCommerce
$msg = true;
else
$msg = validateCreditCard($CardType, $_POST['x_card_num']);
}
else
$msg = "We can accept only Mastercard or Visa.";
if($msg != "true")
{ if($Errmsg == "")
$Errmsg = $msg;
else
$Errmsg = $Errmsg . "<br>" . $msg;
}
$month = $_POST['ExpirationMonth'];
$monthNum = monthNumber($month); // SimplifyCommerce needs numerical month
$year = $_POST['ExpirationYear'];
$msg = validateExpirationDate($month, $year);
if($msg != "true")
{ $Errmsg = $Errmsg . "<br>" . $msg;
}
$yearTwoDigit = $year % 100; // SimplifyCommerce expects a 2-digit year.
}
if($Errmsg == "")
{ // check that city and state are not blank
if(trim($_POST['x_city']) == "")
$Errmsg = $Errmsg . "<br>" . "City is a required field.";
if(strlen(trim($_POST['x_city'])) == 1)
$Errmsg = $Errmsg . "<br>" . "City must have at least two characters.";
if(trim($_POST['x_state']) == "")
$Errmsg = $Errmsg . "<br>" . "State or province is a required field";
if(strlen(trim($_POST['x_state'])) == 1)
$Errmsg = $Errmsg . "<br>" . "State or province must have at least two characters.";
}
if($Errmsg == "")
{ // no checksum error in credit card number, expiration date is not in the past
$amount = $_POST['x_amount'];
$description = 'MathXpert Software from Help With Math';
$reference = $_SESSION['OrderID'];
$hash = array(
'card' => array(
'addressState' => $_POST['x_state'],
'expMonth' => $monthNum,
'expYear' => $yearTwoDigit,
'addressCity' => $_POST['x_city'],
'cvc' => $_POST['x_cvc'],
'number' => $_POST['x_card_num']));
if($test)
{ Simplify::$publicKey = $SandboxPublicKey;
Simplify::$privateKey = $SandboxPrivateKey;
}
else
{ Simplify::$publicKey = $LivePublicKey;
Simplify::$privateKey = $LivePrivateKey;
}
$cardToken = Simplify_CardToken::createCardToken($hash);
$payment = Simplify_Payment::createPayment(array(
'amount' => $amount * 100, // SimplifyCommerce wants it in cents, not dollars
'token' => $cardToken ->id,
'description' => $description,
'reference' => $reference,
'currency' => 'USD'
));
$response = $payment->paymentStatus;
// Now parse the response
if($response == 'APPROVED')
$ResponseCode = 1;
else if ($response == 'DECLINED')
{ $ResponseCode = 2;
$ResponseReasonText = "Declined";
}
else
{ $ResponseCode = 3; // Error; apparently SimplifyCommerce doesn't do "partial approvals".
$ResponseReasonText = "Error";
}
}
if($Errmsg == "" && $ResponseCode == 1)
{ // change the status of the order to "authorized";
$oid = $_SESSION['OrderID'];
$sql = "UPDATE Orders SET Status = 'authorized' WHERE OrderID='$oid';";
Query($sql); // carry out the update operation
// Create a record of this payment in the database.
$PaymentAmount = $_POST['x_amount'];
$PaymentDate = date("mY"); // mmYYYY
$CreditCardNumber = $_POST['x_card_num'];
$CVC = $_POST['x_cvc'];
$CreditCardExpDate = $_POST['x_exp_date'];
$PaymentMethodID = ($ptype == "MasterCard" ? 0 :
$ptype == "Visa" ? 1 :
$ptype == "American Express" ? 2 :
$ptype == "e-check" ? 3 : 4);
$CardholdersFirstName = $_POST['x_first_name'];
$CardholdersLastName = $_POST['x_last_name'];
// store only the last four digits, as of 9.14.10, so $AccountNumber is used instead of $CreditCardNumber below.
$data = array( $oid,
$PaymentAmount,
$PaymentDate,
$AccountNumber,
$CardholdersFirstName,
$CardholdersLastName,
$CreditCardExpDate,
$PaymentMethodID,
$TransactionID
);
$sql = "INSERT INTO Payments (OrderID, PaymentAmount,PaymentDate,CreditCardNumber,CardholdersFirstName,
CardholdersLastName,CreditCardExpDate,PaymentMethodID,TransactionID)
VALUES (?,?,?,?,?,?,?,?,?);";
PreparedQuery($sql,$data); // insert the new record;
// Now change to a new page and confirm the approval of the transaction.
header("Location: AfterTransaction.php"); // success
}
else
{ $PageState = "error"; // and stay on this page
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- DW6 -->
<?php
include ('include/head.php');
?>
<body onmousemove="closesubnav(event);">
<?php include ('include/body.php'); ?>
<div class="style1" id="pageName">
<p></p>
<h2> Order Summary
<img alt="MathXpert logo" src="TransparentMathXpertLogo.gif" height="50" width="118"/>
</h2>
<p class="glink">
<form name="OrderForm" action=<?php echo $_SERVER['PHP_SELF'] . "?State=Edit"; ?> method="POST" >
<table border="1" cellpadding=3>
<tr> <td> <strong> Product </strong></td><td align=right><strong>Unit Price </strong></td><td><strong>Quantity</strong></td> <td> <strong>Price</strong></td></tr>
<?php
$oid = $_SESSION['OrderID'];
if(is_null($oid))
die(); // before we issue an incorrect SQL query
$sql = "SELECT ProductName, Products.UnitPrice, Quantity, Discount FROM `Order Details`,Products WHERE OrderID=$oid AND `Order Details`.ProductID=Products.ProductID;";
$q = query($sql);
$format = "%01.2f"; // good for American currency, dollars and cents
$total = 0.0;
while($q->fetchInto($row))
{ $productname = $row[0];
$NumericalUnitPrice = $row[1] * (1.0-$row[3]);
if($PromoCode=="345XYMarch2007")
$NumericalUnitPrice = ($NumericalUnitPrice + 0.05) * 0.5 - 0.05; // half price, but then forced to end in .95
$unitprice = sprintf($format,$NumericalUnitPrice);
$quantity = $row[2];
if($quantity == 0)
continue;
echo "<tr> <td> $productname </td> <td align=right> $unitprice </td>"; // name and price
echo "<td align=right> $quantity </td>"; // number of that product ordered
$price = sprintf($format,$unitprice * $quantity);
$total += $price;
echo "<td align=right> $price </td>";
}
$total = sprintf($format,$total);
echo "<tr><td><strong>Subtotal</strong> </td> <td></td> <td></td> <td><strong>$total</strong></td></tr>";
$sql = "SELECT FreightCharge FROM Orders WHERE OrderID = '$oid';";
$q = Query($sql);
$q->fetchInto($row);
$FormattedFreightCharge = sprintf($row[0]);
echo "<tr><td>Shipping </td> <td></td> <td></td> <td><strong>$FormattedFreightCharge</strong></td></tr>";
$total += $row[0];
$total = sprintf($format,$total); // add trailing zero or zeroes if needed.
echo "<tr><td><strong>Total</strong> </td> <td></td> <td></td> <td><strong>$total</strong></td></tr>";
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
$sql = "SELECT ShippingMethod FROM `Shipping Methods` WHERE ShippingMethodID='$ShippingMethodID';";
$q = query($sql);
$q->fetchInto($row);
$ShippingMethod = $row[0];
// is the payment type a credit card? Yes, we can't yet cope with e-check or purchase orders
$IsCreditCard = true;
/*
$sql = "SELECT CreditCard FROM `Payment Methods` WHERE PaymentMethod='$ptype';";
$q = query($sql);
$q->fetchInto($row);
$IsCreditCard = $row[0]; */
?>
</table>
<p></p>
<table border="1" cellpadding=3>
<tr><td>Bill To</td> <td><?php display_billing_info($_SESSION['CustomerID'])?></td></tr>
<tr><td>Payment Method</td> <td><?php echo $ptype ?></td></tr>
<tr><td>Shipping Method</td><td><?php echo $ShippingMethod ?></td></tr>
<?php if($ShippingMethod != "download")
{ echo "<tr><td>Ship To</td><td>";
display_shipping_info($_SESSION['OrderID']);
echo "</td></tr>";
}
?>
</table>
<p> If you want to change anything, use your browser's back button. <br> If you do use your back button, and your browser asks you to confirm this
action, do so without hesitation--it will be fine.
</p>
<h2>Payment Information and Authorization</h2>
<?php // data to submit to payment gateway
$x_version = 3.1;
$x_delim_data = "TRUE";
$x_login = "hel481307642";
$x_password = "towardthe1";
$x_amount = $total;
$x_type = "AUTH_CAPTURE";
$x_method = ($ptype == "ECHECK" ? "ECHECK" : "CC"); // CC = credit card
if($Email == "beeson@cruzio.com" ||
$Email == "beesonpublic@gmail.com" ||
$Email == "ProfBeeson@gmail.com" ||
$Email == "profbeeson@gmail.com"
)
$x_test_request = "TRUE"; // set to TRUE to use test mode at the payment gateway
else
$x_test_request = "FALSE";
if($x_test_request == "TRUE")
echo "Credit card handling is in test mode because you are Michael Beeson.<br>";
// now we still need x_card_num and x_exp_date and x_cvc, to be collected on this page.
?>
<p></p>
<table>
<tr>
<td>
<?php echo "Enter $ptype number:"; ?>
</td>
<td>
<input type="text" name="x_card_num" maxlength="16" size="16" value="<?php echo $_POST['x_card_num']?>">
</td>
</tr>
<tr>
<td> <?php echo "Enter 3-digit security code:"; ?>
</td>
<td><input type="text" name="x_cvc" maxlength = "3" size="3" value="<?php echo $_POST['x_cvc']?>">
(it's on the back of your card)</td>
</tr>
<?php
if($x_method == "CC")
{ // ask for the expiration date
echo "<tr> <td> Expiration date </td><td>";
date_selector("ExpirationMonth","ExpirationYear",$_POST['ExpirationMonth'],$_POST['ExpirationYear']);
echo "</td></tr>";
}
?>
</table>
<?php
if($IsCreditCard)
{ // create a bunch of hidden fields to pass data to the payment gateway
hidden_field("x_version",$x_version);
hidden_field("x_delim_data",$x_delim_data);
hidden_field("x_login",$x_login);
hidden_field("x_password",$x_password);
hidden_field("x_amount",$x_amount);
hidden_field("x_type",$x_type);
hidden_field("x_test_request",$x_test_request);
hidden_field("x_email", $Email); // where to send customer's confirmation
hidden_field("x_email_customer","TRUE"); // yes, send a confirmation email to the customer
hidden_field('x_first_name',$FirstName);
hidden_field('x_last_name',$LastName);
hidden_field('x_address',$BillingAddress);
hidden_field('x_city',$City);
hidden_field('x_state',$StateOrProvince);
hidden_field('x_zip',$PostalCode);
hidden_field('x_country',$Country);
hidden_field('x_ship_to_first_name',$ShipFirstName);
hidden_field('x_ship_to_last_name',$ShipLastName);
hidden_field('x_ship_to_address',$ShipAddress);
hidden_field('x_ship_to_city',$ShipCity);
hidden_field('x_ship_to_state',$ShipStateOrProvince);
hidden_field('x_ship_to_zip',$ShipPostalCode);
hidden_field('x_ship_to_country',$ShipCountry);
}
?>
<p>
<input type="submit" name="Submit" value="Purchase Now">
<?php if($IsCreditCard) echo "This will charge your credit card. Click the button only once."; ?>
</p>
</form>
<?php
if($PageState == "error")
{ // extract the error from $response and report it
writeRed( "The credit card transaction was not approved.");
writeRed( trim($Errmsg) );
writeRed( trim($ResponseReasonText));
if($ResponseCode==4) // partial approval
{ echo "<p>The balance remaining on that card is $BalanceOnCard.</p>";
// now they can choose to use that balance and supply another card (which will be linked using the SplitTenderID),
// or to forget that card with an insufficient balance (in which case we submit an Authorization Reversal and
// return them to this page as if for the first time.
}
}
?>
</div>
<?php include ('include/footer.php');
?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists