Sindbad~EG File Manager
<?php
session_start();
//if(is_null($_SESSION['CustomerID']))
// header("Location:index.php"); // CustomerID is set in Order.php, which should be the referring page
// actually, Authorize.php can also refer to this page, Order2.php.
// The purpose of this page is to fill out the Customer data under CustomerID and store it in the database.
require_once('DB.php');
require_once('query.php');
require_once('dates.php');
require_once('normalize.php');
function writeRed($errmsg)
{ echo "<P> <em><font color=\"#FF0000\">";
echo $errmsg;
echo "</font></em></P>";
}
function validate_email($email)
{ // Create the syntactical validation regular expression
$regexp = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$";
// Presume that the email is invalid
$valid = 0;
// Validate the syntax
if (eregi($regexp, $email))
{ list($username,$domaintld) = split("@",$email);
// Validate the domain
if (getmxrr($domaintld,$mxrecords)) // works on PacWeb server, but not on localhost
$valid = 1;
}
else
$valid = 0;
return $valid;
}
function ship_date($shipmethod)
// date is a PHP date array; shipmethofunction validate_email($email)
// $shipmethod is 1 for download, 2 for US mail, 3 for FedEx
// function returns a PHP data array.
{ $today = getdate();
if($shipmethod == 1)
return $today;
else return next_business_day($today);
}
$cid = $_SESSION['CustomerID'];
$oid = $_SESSION['OrderID'];
if(!empty($_POST['PaymentType']))
$_SESSION['PaymentType'] = $_POST['PaymentType']; // coming from order.php
if(!empty($_POST['CustomerType']))
$_SESSION['CustomerType'] = $_POST['CustomerType'];
if(!empty($_POST['ShippingMethodID']))
$_SESSION['SessionShippingMethodID'] = $_POST['ShippingMethodID'];
$ctype = $_SESSION['CustomerType'];
$ShippingMethod = $_SESSION['SessionShippingMethod'];
if($_SESSION['PaymentType'] == 4 && $_SESSION['CustomerType'] == "individual")
{ // individual wants to pay by purchase order, not allowed
header("Location:Order.php?error=1");
}
$PageState=$_GET['state'];
if(is_null($PageState))
$PageState = 'Enter';
$today = getdate();
$OrderDate = format_date($today);
$SqlOrderDate = SqlDate($today);
if($PageState == 'Enter')
{ // initialize data for the form fields
// data for the customer table could already be there if we got here by the back button;
// otherwise it should be blank, so initialize from the database.
$sql = "SELECT * FROM Customers WHERE CustomerID='$cid';";
$q = query($sql);
$q->fetchInto($row);
$CompanyName = $row[1];
$ContactFirstName = $row[2];
$ContactLastName = $row[3];
$BillingAddress = $row[4];
$City = $row[5];
$StateOrProvince = $row[6];
$PostalCode = $row[7];
$Country = $row[8];
$ContactTitle = $row[9];
$PhoneNumber = $row[10];
$FaxNumber = $row[11];
$Email = $row[12];
$Email2 = $Email;
$EmployeeID = 1; // website always uses this employee ID
// OrderDate already initialized
$Status = "fresh";
// status can be "fresh", "authorized", "downloaded", "to be shipped", or "shipped"
$Nojunkmail = $row[13];
}
else
{ // initialize variables using data that was already in the form
$CompanyName = $_POST['CompanyName'];
$ContactFirstName = $_POST['ContactFirstName'];
$ContactLastName = $_POST['ContactLastName'];
$BillingAddress = $_POST['BillingAddress'];
$City = $_POST['City'];
$StateOrProvince = $_POST['StateOrProvince'];
$PostalCode = $_POST['PostalCode'];
$Country = $_POST['Country'];
$ContactTitle = $_POST['ContactTitle'];
$PhoneNumber = $_POST['PhoneNumber'];
$FaxNumber = $_POST['FaxNumber'];
$Email = $_POST['Email'];
$Email2 = $_POST['Email2'];
$Nojunkmail = $_POST['Nojunkmail'];
// $oid and $cid come first, then
$EmployeeID = 1; // website always uses this employee ID
// Now validate the data, without reporting any errors
$ValidName = (!empty($ContactFirstName) && !empty($ContactLastName) && !ereg(",",$ContactFirstName) && !ereg(",",$ContactLastName));
$ValidCity = !empty($City) && !ereg(",",$City);
$ValidEmail = !empty($Email) && !empty($Email2) && $Email== $Email2 && validate_email($Email);
$ValidBillingAddress = !empty($BillingAddress) && !ereg(",",$BillingAddress);
$ValidStateOrProvince = !empty($StateOrProvince)&& !ereg(",",$StateOrProvince);
$ValidPostalCode = !empty($PostalCode)&& !ereg(",",$PostalCode);
if(empty($Country) || ereg(",",$Country))
$ValidCountry = false;
else
{ if(trim($Country) != "")
$Country = normalizeCountry($Country);
$ValidCountry = true;
}
if($ctype == "company")
{ // they must enter CompanyName, PhoneNumber, and FaxNumber
$ValidCompanyName = !empty($CompanyName);
$ValidPhoneNumber = !empty($PhoneNumber);
$ValidFaxNumber = !empty($FaxNumber);
}
$errors = !$ValidName || !$ValidCity || !$ValidEmail || !$ValidBillingAddress || !$ValidStateOrProvince || !$ValidPostalCode || !$ValidCountry;
if($errors == false)
{ // put the data in the database and then go on to next php page
$sql = "UPDATE Customers SET
CompanyName = '$CompanyName',
ContactFirstName='$ContactFirstName',
ContactLastName='$ContactLastName',
BillingAddress='$BillingAddress',
City='$City',
StateOrProvince='$StateOrProvince',
PostalCode ='$PostalCode',
Country='$Country',
ContactTitle='$ContactTitle',
PhoneNumber='$PhoneNumber',
FaxNumber='$FaxNumber',
Email='$Email',
Nojunkmail= '$Nojunkmail'
WHERE CustomerID=$cid;";
$q = query($sql); // put the data in the database
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
$ShipDate = ship_date($ShippingMethodID);
// update the Order record with shipping information identical to billing information
$ShipFirstName = $ContactFirstName;
$ShipLastName = $ContactLastName;
$ShipAddress = $BillingAddress;
$ShipCity = $City;
$ShipStateOrProvince = $StateOrProvince;
$ShipPostalCode = $PostalCode;
$ShipCountry = $Country;
$ShipPhoneNumber = $PhoneNumber;
$SqlShipDate = SqlDate($ShipDate);
$sql = "UPDATE Orders SET
ShipFirstName = '$ShipFirstName',
ShipLastName = '$ShipLastName',
ShipAddress = '$ShipAddress',
ShipCity ='$ShipCity',
ShipStateOrProvince='$ShipStateOrProvince',
ShipPostalCode ='$ShipPostalCode',
ShipCity='$ShipCity',
ShipDate='$ShipDate',
ShipPostalCode ='$ShipPostalCode',
ShipCountry='$ShipCountry',
ShipPhoneNumber='$ShipPhoneNumber',
ShippingMethodID='$ShippingMethodID',
FreightCharge='$FreightCharge'
WHERE OrderID=$oid;";
// but we still haven't got PurchaseOrderNumber
$q = query($sql); // put the Order data in the database
if($_SESSION['SessionShippingMethodID'] != 1)
{ // anything but "download only"
header("Location:ShipInfo.php"); // go on to shipping information
exit;
}
else
{ // shipping method is download only (no CD will be shipped)
// Now go on to the payment pages
header("Location: https://www.helpwithmath.com/PaymentInfo.php");
exit;
}
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- DW6 -->
<?php include ('include/head.php'); ?>
<body onmousemove="closesubnav(event);">
<?php include ('include/body.php'); ?>
<div class="style1" id="pageName">
<p></p>
<h2> Customer <?php if($_SESSION['CustomerType'] == "company") echo "and School or Company"; ?> Information
<img alt="MathXpert logo" src="TransparentMathXpertLogo.gif" height="50" width="118"/>
</h2>
<p>
<?php if($PageState == 'Edit')
{ // write errors; there must be some or we would have redirected to order3.php
writeRed("Please try again. <br>");
if(!$ValidName)
{ if(empty($ContactFirstName) || empty($ContactLastName))
writeRed("You must enter both a first and last name. <br>");
else
writeRed("Names may not contain commas.<br>");
}
if(!$ValidBillingAddress)
{ if(empty($BillingAddress))
writeRed("You must enter a billing address.<br>");
else
writeRed("Billing address may not contain commas.<br>");
}
if($ctype == "company")
{ if(!$ValidCompanyName)
{ if(empty($CompanyName))
writeRed("You must enter your school or company name.<br>");
else
writeRed("Company name may not contain commas.<br>");
}
if(!$ValidPhoneNumber)
writeRed("You must enter a valid telephone number. <br>");
if(!$ValidFaxNumber)
writeRed("You must enter a valid fax number. <br>");
}
if(!$ValidCity)
{ if(empty($City))
writeRed("You must enter the city name. <br>");
else
writeRed("City name may not contain commas. <br>");
}
if(!$ValidStateOrProvince)
{ if(empty($City))
writeRed("You must enter your state or province. <br>");
else
writeRed("State or province name may not contain commas. <br>");
}
if(!$ValidPostalCode)
{ if(empty($PostalCode))
writeRed("You must enter your postal code.<br>");
else
writeRed("The postal code you entered is invalid. <br>");
}
if(!$ValidCountry)
writeRed("You must enter your country. <br.");
if(empty($Email) || empty($Email2))
writeRed("You must type your email address twice, and they must match exactly. <br>");
else if($Email != $Email2)
writeRed("You entered your email address twice as required, but the two entries did not agree.<br>");
else if(!$ValidEmail)
writeRed("You must enter a valid email address.");
}
?>
<FORM action= "<?php echo $_SERVER['PHP_SELF'] . "?state=Edit";
?>" method="POST">
<TABLE WIDTH="544" BORDER="0" CELLSPACING="1" CELLPADDING="1" id="TABLE2" height="319">
<?php if($ctype == "company")
{ ?>
<TR>
<TD width="349">School or Company Name <span class="style1"></span></TD>
<TD width="182">
<INPUT id="CompanyName" type="text" size="30" name="CompanyName" value = "<?php echo $CompanyName ?>">
</TD>
</TR>
<?php } ?>
<TR>
<TD width="349"> <?php if($ctype == "company") echo "Contact "; ?>First Name <span class="style1"></span></TD>
<TD width="182">
<INPUT id="ContactFirstName" type="text" size="30" name="ContactFirstName" value = "<?php echo $ContactFirstName ?>"></TD>
</TR>
<TR>
<TD width="349"><?php if($ctype == "company") echo "Contact "; ?>Last Name <span class="style1"></span></TD>
<TD>
<INPUT id="ContactLastName" type="text" size="30" name="ContactLastName" value = "<?php echo $ContactLastName ?>"></TD>
</TR>
<?php if($ctype == "company")
{ ?>
<TR>
<TD width="349">Contact Title <span class="style1"></span></TD>
<TD width="182">
<INPUT id="ContactTitle" type="text" size="30" name="ContactTitle" value = "<?php echo $ContactTitle ?>">
</TD>
</TR>
<TR>
<TD width="349">Phone Number <span class="style1"></span></TD>
<TD width="182">
<INPUT id="PhoneNumber" type="text" size="30" name="PhoneNumber" value = "<?php echo $PhoneNumber ?>">
</TD>
</TR>
<TR>
<TD width="349">Fax Number <span class="style1"></span></TD>
<TD width="182">
<INPUT id="FaxNumber" type="text" size="30" name="FaxNumber" value = "<?php echo $FaxNumber ?>">
</TD>
</TR>
<?php } ?>
<TR>
<TD width="349">Billing Address</TD>
<TD>
<INPUT id="BillingAddress" type="text" size="30" name="BillingAddress" value = "<?php echo $BillingAddress ?>"></TD>
</TR>
<TR>
<TD width="349">City</TD>
<TD>
<INPUT id="City" type="text" size="30" name="City" value = "<?php echo $City ?>"></TD>
</TR>
<TR>
<TD width="349">State or Province (two capital letters please) </TD>
<TD>
<INPUT id="StateOrProvince" type="text" size="2" name="StateOrProvince" value = "<?php echo $StateOrProvince ?>"></TD>
</TR>
<TR>
<TD width="349">Postal Code </TD>
<TD>
<INPUT id="PostalCode" type="text" size="5" name="PostalCode" value = "<?php echo $PostalCode ?>"></TD>
</TR>
<TR>
<TD width="349">Country (enter US for United States)</TD>
<TD>
<INPUT id="Country" type="text" size="30" name="Country" value = "<?php echo $Country ?>"></TD>
</TR>
<TR>
<TD width="349">Email address </TD>
<TD>
<INPUT id="Email" type="text" size="30" name="Email" value = "<?php echo $Email ?>"></TD>
</TR>
<TR>
<TD width="349">Email address (type it a second time to catch errors) </TD>
<TD>
<INPUT id="Email2" type="text" size="30" name="Email2" value = "<?php echo $Email2 ?>"></TD>
</TR>
</TABLE>
<table>
<tr><td> Don't ever send me email except to confirm a purchase.</td><td><input type="radio" name="Nojunkmail" value="true" <?php if($Nojunkmail) echo "checked" ?>></td></tr>
<tr><td> You can send me up to one email a month about updates, etc.</td> <td><input type="radio" name = "Nojunkmail" value="false" <?php if(!$Nojunkmail) echo "checked" ?> ></td></tr>
</table>
<P align="center">
<INPUT id="SubmitCustomerInfo" type="submit" value="Submit" name="SubmitCustomerInfo"></P>
</FORM>
</div>
<?php include ('include/footer.php');
?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists