Sindbad~EG File Manager
<?php
/* 12.28.17 redirect to PaymentForm.php (which is for SimplifyCommerce) rather than PaymentInfo.php (which was for Authorize.net) */
session_start();
if(is_null($_SESSION['CustomerID'])) // CustomerID is set in Order.php, which you should have to go through to get here.
{ header("Location:index.php");
exit;
}
// The purpose of this page is to fill out the Order and Payment data and store it in the database.
// Specifically we need to collect: PurchaseOrderNumber if appropriate, ShipFirstName, ShipLastName ShipAddress, ShipCity,
// ShipStateOrProvince, ShipPostalCode,ShipCountry,ShipPhoneNumber, ShippingMethodID.
require_once('DB.php');
require_once('query.php');
require_once('dates.php');
require_once('normalize.php');
function writeRed($errmsg)
{ echo "<P> <em><font color=\"#FF0000\">";
echo $errmsg;
echo "</font></em></P>";
}
function ComputeFreightCharge($shipmethod)
{ if($shipmethod == 1) // download only
return 0.0;
if($shipmethod == 2) // US Mail, domestic
return 4.0;
if($shipmethod == 3) // FedEx, domestic
return 14.0;
if($shipmethod == 4) // foreign airmail
return 6.0;
}
// This page has three states: Enter, Edit, and Success.
// At first you are in Enter; if the Submit button is pushed so there is posted data, then you go to
// success if the data is valid, and edit if there are errors or omissions.
$cid = $_SESSION['CustomerID'];
$oid = $_SESSION['OrderID'];
$PageState=$_GET['state'];
if(is_null($PageState))
$PageState = 'Enter';
$today = getdate();
$OrderDate = format_date($today);
$SqlOrderDate = SqlDate($today);
if($PageState == 'Enter')
{ // initialize data for the form fields
// using data from the Order item under $oid
$sql = "SELECT * FROM Orders WHERE OrderId='$oid';";
$q = query($sql);
$q->fetchInto($row);
$ShipFirstName = $row[5];
$ShipLastName = $row[6];
$ShipAddress = $row[7];
$ShipCity =$row[8];
$ShipStateOrProvince=$row[9];
$ShipPostalCode = $row[10];
$ShipCountry=$row[11];
$ShipPhoneNumber=$row[12];
$EmployeeID = 1; // website always uses this employee ID
$PurchaseOrderNumber = "";
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
$FreightCharge = ComputeFreightCharge($ShippingMethodID);
$SalesTaxRate = ""; // I don't have a retail outlet.
$Status = "fresh";
// status can be "fresh", "authorized", "downloaded", "to be shipped", or "shipped"
}
else
{ // initialize variables using data that was already in the form
// data for the Order table
// $oid and $cid come first, then
$EmployeeID = 1; // website always uses this employee ID
// OrderDate already initialized
$PurchaseOrderNumber = $_POST['PurchaseOrderNumber'];
$ShipFirstName = $_POST['ShipFirstName'];
$ShipLastName = $_POST['ShipLastName'];
$ShipAddress = $_POST['ShipAddress'];
$ShipCity = $_POST['ShipCity'];
$ShipStateOrProvince = $_POST['ShipStateOrProvince'];
$ShipPostalCode = $_POST['ShipPostalCode'];
$ShipCountry = $_POST['ShipCountry'];
$ShipPhoneNumber = $_POST['ShipPhone'];
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
$FreightCharge = ComputeFreightCharge($ShippingMethodID);
// ShipDate has already been stored
$ValidShipCity = !empty($ShipCity) && !ereg(",",$ShipCity) ; // commas not allowed
$ValidShipFirstName = !empty($ShipFirstName) && !ereg(",",$ShipFirstName) ;
$ValidShipLastName = !empty($ShipLastName) && !ereg(",",$ShipLastName);
$ValidShipAddress = !empty($ShipAddress) && !ereg(",",$ShipAddress);
$ValidShipStateOrProvince = !empty($ShipStateOrProvince) && !ereg(",",$ShipStateOrProvince);
$ValidShipPostalCode = !empty($ShipPostalCode) && !ereg(",",$ShipPostalCode);
if(empty($ShipCountry) || ereg(",",$ShipCountry))
$ValidShipCountry = false;
else
{ if(trim($ShipCountry) != "")
$ShipCountry = normalizeCountry($ShipCountry);
$ValidShipCountry = true;
}
$errors = !$ValidShipFirstName || !$ValidShipLastName || !$ValidShipCity || !$ValidShipAddress || !$ValidShipStateOrProvince || !$ValidShipPostalCode || !$ValidShipCountry;
if($errors == false)
{ // put the data in the database and then go on to next php page
$sql = "UPDATE Orders SET
ShipFirstName = '$ShipFirstName',
ShipLastName = '$ShipLastName',
ShipAddress = '$ShipAddress',
ShipCity ='$ShipCity',
ShipStateOrProvince='$ShipStateOrProvince',
ShipPostalCode ='$ShipPostalCode',
ShipCity='$ShipCity',
ShipStateOrProvince='$ShipStateOrProvince',
ShipPostalCode ='$ShipPostalCode',
ShipCountry='$ShipCountry',
ShipPhoneNumber='$ShipPhoneNumber',
FreightCharge='$FreightCharge'
WHERE OrderID=$oid;";
$q = query($sql); // put the Order data in the database
header("Location:PaymentForm.php"); // go on to credit card number and authorization
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- DW6 -->
<?php include ('include/head.php'); ?>
<body onmousemove="closesubnav(event);">
<?php include ('include/body.php'); ?>
<div class="style1" id="pageName">
<p></p>
<h2> Shipping Information
<img alt="MathXpert logo" src="TransparentMathXpertLogo.gif" height="50" width="118"/>
</h2>
<p>
<?php if($PageState == 'Edit')
{ // write errors; there must be some or we would have redirected to PaymentInfo.php
writeRed("Please try again. <br>");
if(!$ValidShipFirstName || !$ValidShipLastName)
writeRed("You must enter both a first and last name. <br>");
if(!$ValidShipCity)
writeRed("You must enter the city name. <br>");
if(!$ValidShipPostalCode)
{ if(empty($PostalCode))
writeRed("You must enter a postal code.<br>");
else
writeRed("The postal code you entered is invalid. <br>");
}
if(!$ValidShipCountry)
writeRed("You must enter a country. <br.");
}
?>
<p>Even though we will not be shipping anything, the credit card processor still requires shipping information.
</p>
<FORM action= "<?php echo $_SERVER['PHP_SELF'] . "?state=Edit";
?>" method="POST">
<TABLE WIDTH="544" BORDER="0" CELLSPACING="1" CELLPADDING="1" id="TABLE2" height="319">
<TR>
<TD width="349">First Name <span class="style1"></span></TD>
<TD width="182">
<INPUT id="ShipFirstName" type="text" size="30" name="ShipFirstName" value = "<?php echo $ShipFirstName ?>"></TD>
</TR>
<TR>
<TD width="349">Last Name <span class="style1"></span></TD>
<TD width="182">
<INPUT id="ShipLastName" type="text" size="30" name="ShipLastName" value = "<?php echo $ShipLastName ?>"></TD>
</TR>
<TR>
<TD width="349">Shipping Address</TD>
<TD>
<INPUT id="ShipAddress" type="text" size="30" name="ShipAddress" value = "<?php echo $ShipAddress ?>"></TD>
</TR>
<TR>
<TD width="349">City</TD>
<TD>
<INPUT id="ShipCity" type="text" size="30" name="ShipCity" value = "<?php echo $ShipCity ?>"></TD>
</TR>
<TR>
<TD width="349">State or Province (two capital letters please) </TD>
<TD>
<INPUT id="ShipStateOrProvince" type="text" size="2" name="ShipStateOrProvince" value = "<?php echo $ShipStateOrProvince ?>"></TD>
</TR>
<TR>
<TD width="349">Postal Code </TD>
<TD>
<INPUT id="ShipPostalCode" type="text" size="5" name="ShipPostalCode" value = "<?php echo $ShipPostalCode ?>"></TD>
</TR>
<TR>
<TD width="349">Country (enter US for United States)</TD>
<TD>
<INPUT id="ShipCountry" type="text" size="30" name="ShipCountry" value = "<?php echo $ShipCountry ?>"></TD>
</TR>
</TABLE>
<P align="center">
<INPUT id="SubmitCustomerInfo" type="submit" value="Submit" name="SubmitCustomerInfo"></P>
</FORM>
</div>
<?php include ('include/footer.php'); ?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists