Sindbad~EG File Manager
<?php
session_start();
require_once('DB.php');
require_once('query.php');
require_once('PostToPaymentGateway.php');
require_once('ValidateCreditCard.php');
require_once('dates.php');
function writeRed($errmsg)
{ echo "<P> <em><font color=\"#FF0000\">";
echo $errmsg;
echo "</font></em></P>";
}
if(is_null($_SESSION['CustomerID']) || is_null($_SESSION['OrderID'] || is_null($_SESSION['PaymentType'])))
header("Location:index.php"); // got here by typing in the URL maybe
$ptype = $_SESSION['PaymentType'];
if(!empty($_SESSION['CustomerType']))
$ctype = $_SESSION['CustomerType'];
else
$ctype = "individual";
if(!empty($_SESSION['SessionShippingMethodID']))
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
else
$ShippingMethodID = 1; // download only
if(is_null($_GET['State']))
$PageState='Enter';
else
$PageState=$_GET['State'];
$format = "%01.2f"; // good for American currency, dollars and cents
function hidden_field($Name, $Value)
// echo a hidden field description
{ echo "<input type='hidden' name='$Name' value='$Value' >";
}
global $FirstName,$LastName,$BillingAddress,$City,$StateOrProvince,$Country,$PostalCode,$Email;
function display_billing_info($cid)
// display the billing name, address, and phone
{ global $FirstName,$LastName,$BillingAddress,$City,$StateOrProvince,$Country,$PostalCode,$Email;
$sql = "SELECT ContactFirstName,ContactLastName, BillingAddress, City, StateOrProvince, Country, PostalCode, Email FROM Customers WHERE CustomerID='$cid';";
$q = query($sql);
$q->fetchInto($row);
$FirstName = $row[0];
$LastName = $row[1];
$BillingAddress = $row[2];
$City = $row[3];
$StateOrProvince = $row[4];
$Country = $row[5];
$PostalCode = $row[6];
$Email = $row[7];
echo address($FirstName, $LastName, $BillingAddress, $City, $StateOrProvince, $PostalCode,$Country);
}
function address($FirstName, $LastName, $BillingAddress, $City, $StateOrProvince, $PostalCode, $Country)
{ if($Country == "US")
echo "$FirstName $LastName <br> $BillingAddress <br> $City, $StateOrProvince $PostalCode";
else if($Country == "Mexico") // countries where postal code comes after city and state
echo "$FirstName $LastName <br> $BillingAddress <br> $City, $StateOrProvince $PostalCode <br> $Country";
else // countries where postal code precedes city, the norm in most of the world
echo "$FirstName $LastName <br> $BillingAddress <br> $PostalCode $City, $StateOrProvince <br> $Country";
}
global $ShipFirstName,$ShipLastName,$ShipAddress,$ShipCity,$ShipStateOrProvince,$ShipCountry,$ShipPostalCode,$FreightCharge;
function display_shipping_info($oid)
// display the shipping name, address, and phone
{ global $ShipFirstName,$ShipLastName,$ShipAddress,$ShipCity,$ShipStateOrProvince,$ShipCountry,$ShipPostalCode, $FreightCharge;
$sql = "SELECT ShipFirstName, ShipLastName, ShipAddress, ShipCity, ShipStateOrProvince, ShipCountry, ShipPostalCode, FreightCharge FROM Orders WHERE OrderID = '$oid';";
$q = query($sql);
$q->fetchInto($row);
$ShipFirstName = $row[0];
$ShipLastName = $row[1];
$ShipAddress = $row[2];
$ShipCity = $row[3];
$ShipStateOrProvince = $row[4];
$ShipCountry = $row[5];
$ShipPostalCode = $row[6];
$FreightCharge = $row[7];
echo address($ShipFirstName, $ShipLastName, $ShipAddress, $ShipCity, $ShipStateOrProvince, $ShipPostalCode, $ShipCountry);
}
function prepareGateWayData()
// return an associative array whose keys are the fieldnames specified in the
// payment gateway API, and whose values are the form data from this page.
{ $ans = array('x_version' => $_POST['x_version'],
'x_delim_data' => $_POST['x_delim_data'],
'x_login' => $_POST['x_login'],
'x_password' => $_POST['x_password'],
'x_card_num' => $_POST['x_card_num'],
'x_exp_date' => formatExpirationDate($_POST['ExpirationMonth'], $_POST['ExpirationYear']),
'x_amount' => $_POST['x_amount'],
'x_type' => $_POST['x_type'],
'x_test_request' => $_POST['x_test_request'],
'x_email' => $_POST['x_email'],
'x_email_customer' => $_POST['x_email_customer'],
'x_relay_response' => 'false', // without this the gateway generates Error 92
// 'x_merchant_email' => 'sales@HelpWithMath.com', This results in an EXTRA email;
// we already get one confirming email due to settings in the Merchant Interface.
// you can optionally provide customer and shipping information. Why would I want to do that?
// answer: because then it is included in the confirming email.
'x_first_name' => $_POST['x_first_name'],
'x_last_name' => $_POST['x_last_name'],
'x_address' => $_POST['x_address'],
'x_city' => $_POST['x_city'],
'x_state' => $_POST['x_state'],
'x_zip' => $_POST['x_zip'],
'x_country' => $_POST['x_country'],
'x_ship_to_first_name' => $_POST['x_ship_to_first_name'],
'x_ship_to_last_name' => $_POST['x_ship_to_last_name'],
'x_ship_to_address' => $_POST['x_ship_to_address'],
'x_ship_to_city' => $_POST['x_ship_to_city'],
'x_ship_to_state' => $_POST['x_ship_to_state'],
'x_ship_to_zip' => $_POST['x_ship_to_zip'],
'x_ship_to_country' => $_POST['x_ship_to_country']
);
return $ans;
}
// Get the customer's email address. We only need this so it can recognize beeson@cruzio.com and
// create a test transaction in that case.
$sql = "SELECT Email FROM Customers WHERE CustomerID='$CustomerID';";
$q = Query($sql);
$q->fetchInto($rows);
$Email = $rows[0];
$Errmsg = "";
if($PageState == 'Edit')
{ // form has been submitted, so validate the credit card number and the expiration date
if($ptype == "Purchase Order")
{ $Errmsg = "We are still working on the procedure for accepting purchase orders. Meantime, send email to sales@HelpWithMath.com.";
}
else
{ $msg = validateCreditCard($ptype, $_POST['x_card_num']);
if($msg != "true")
{ $Errmsg = $msg;
}
$month = $_POST['ExpirationMonth'];
$year = $_POST['ExpirationYear'];
$msg = validateExpirationDate($month, $year);
if($msg != "true")
{ $Errmsg = $Errmsg . "<br>" . $msg;
}
}
if($Errmsg == "")
{ // no checksum error in credit card number, expiration date is not in the past
$data = prepareGatewayData();
$response = postGateway($data);
// Now parse the response
$fields = explode(",","dummy" . "," . $response,40); // $data is comma-delimited by default
// tack on "dummy" so the indices of the real data start from 1
$ResponseCode = $fields[1]; // 1 is Approved, 2 is Declined, 3 is error
$ResponseReasonText = $fields[4];
$ApprovalCode = $fields[5]; // six-digit code
$AVSResultCode = $fields[6]; // result of Address Verification System
$TransactionID = $fields[7]; // need this later to void, credit, capture the transaction.
$MD5Hash = $fields[38];
$CardCode = $fields[39]; // result of Card Code verification
}
if($Errmsg == "" && $ResponseCode == 1)
{ // change the status of the order to "authorized";
$oid = $_SESSION['OrderID'];
$sql = "UPDATE Orders SET Status = 'authorized' WHERE OrderID='$oid';";
Query($sql); // carry out the update operation
// Create a record of this payment in the database.
$PaymentAmount = $_POST['x_amount'];
$PaymentDate = date("mY"); // mmYYYY
$CreditCardNumber = $_POST['x_card_num'];
$CreditCardExpDate = $_POST['x_exp_date'];
$PaymentMethodID = ($ptype == "MasterCard" ? 0 :
$ptype == "Visa" ? 1 :
$ptype == "American Express" ? 2 :
$ptype == "e-check" ? 3 : 4);
$CardholdersFirstName = $_POST['x_first_name'];
$CardholdersLastName = $_POST['x_last_name'];
$sql = "INSERT INTO Payments (OrderID, PaymentAmount,PaymentDate,CreditCardNumber,CardholdersFirstName,
CardholdersLastName,CreditCardExpDate,PaymentMethodID,TransactionID)
VALUES ( '$oid',
'$PaymentAmount',
'$PaymentDate',
'$CreditCardNumber',
'$CardholdersFirstName',
'$CardholdersLastName',
'$CreditCardExpDate',
'$PaymentMethodID',
'$TransactionID'
);";
Query($sql); // insert the new record;
// Now change to a new page and confirm the approval of the transaction.
header("Location: AfterTransaction.php"); // success
}
else
{ $PageState = "error"; // and stay on this page
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- DW6 -->
<?php
include ('include/head.php');
?>
<body onmousemove="closesubnav(event);">
<?php include ('include/body.php'); ?>
<div class="style1" id="pageName">
<p></p>
<h2> Order Summary
<img alt="MathXpert logo" src="TransparentMathXpertLogo.gif" height="50" width="118"/>
</h2>
<p class="glink">
<form name="OrderForm" action=<?php echo $_SERVER['PHP_SELF'] . "?State=Edit"; ?> method="POST" >
<table border="1" cellpadding=3>
<tr> <td> <strong> Prodotto </strong></td><td align=right><strong>Prezzo Unitario </strong></td><td><strong>Quantit�</strong></td> <td> <strong>Prezzo</strong></td></tr>
<?php
$oid = $_SESSION['OrderID'];
if(is_null($oid))
die(); // before we issue an incorrect SQL query
$sql = "SELECT ProductName, Products.UnitPrice, Quantity, Discount FROM `Order Details`,Products WHERE OrderID=$oid AND `Order Details`.ProductID=Products.ProductID;";
$q = query($sql);
$format = "%01.2f"; // good for American currency, dollars and cents
$total = 0.0;
while($q->fetchInto($row))
{ $productname = $row[0];
$unitprice = sprintf($format,$row[1] * (1.0-$row[3]));
$quantity = $row[2];
if($quantity == 0)
continue;
echo "<tr> <td> $productname </td> <td align=right> $unitprice </td>"; // name and price
echo "<td align=right> $quantity </td>"; // number of that product ordered
$price = sprintf($format,$unitprice * $quantity);
$total += $price;
echo "<td align=right> $price </td>";
}
$total = sprintf($format,$total);
echo "<tr><td><strong>Totale</strong> </td> <td></td> <td></td> <td><strong>$total</strong></td></tr>";
$sql = "SELECT FreightCharge FROM Orders WHERE OrderID = '$oid';";
$q = Query($sql);
$q->fetchInto($row);
$FormattedFreightCharge = sprintf($row[0]);
echo "<tr><td>Spedizione </td> <td></td> <td></td> <td><strong>$FormattedFreightCharge</strong></td></tr>";
$total += $row[0];
echo "<tr><td><strong>Totale</strong> </td> <td></td> <td></td> <td><strong>$total</strong></td></tr>";
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
$sql = "SELECT ShippingMethod FROM `Shipping Methods` WHERE ShippingMethodID='$ShippingMethodID';";
$q = query($sql);
$q->fetchInto($row);
$ShippingMethod = $row[0];
// is the payment type a credit card?
$sql = "SELECT CreditCard FROM `Payment Methods` WHERE PaymentMethod='$ptype';";
$q = query($sql);
$q->fetchInto($row);
$IsCreditCard = $row[0];
?>
</table>
<p></p>
<table border="1" cellpadding=3>
<tr><td>Fattura a nome di </td> <td><?php display_billing_info($_SESSION['CustomerID'])?></td></tr>
<tr><td>Metodo di pagamento</td> <td><?php echo $ptype ?></td></tr>
<tr><td>Metodo di spedizione</td><td><?php echo $ShippingMethod ?></td></tr>
<?php if($ShippingMethod != "download")
{ echo "<tr><td>Ship To</td><td>";
display_shipping_info($_SESSION['OrderID']);
echo "</td></tr>";
}
?>
</table>
<p> Se vuoi cambiare qualche dettaglio, uso il pulsante Indietro del Browser. <br> Se usi il pulsante Indietro, e il browser ti chiede conferma,
dai la conferma senza esitare --non ci saranno problemi.
</p>
<h2>Informazioni e Autorizzazione al pagamento</h2>
<?php // data to submit to payment gateway
$x_version = 3.1;
$x_delim_data = "TRUE";
$x_login = "hel481307642";
$x_password = "towardthe1";
$x_amount = $total;
$x_type = "AUTH_CAPTURE";
$x_method = ($ptype == "ECHECK" ? "ECHECK" : "CC"); // CC = credit card
if($Email == "beeson@cruzio.com")
$x_test_request = "TRUE"; // set to TRUE to use test mode at the payment gateway
else
$x_test_request = "FALSE";
if($x_test_request == "TRUE")
echo "La manipolazione della carta di credito � in modalit� test, perch� sei Michael Besson.<br>";
// now we still need x_card_num and x_exp_date, to be collected on this page.
?>
<p></p>
<table>
<tr>
<td>
<?php echo "Digita numero $ptype :"; ?>
</td>
<td><input type="text" name="x_card_num" value="<?php echo $_POST['x_card_num']?>">
</td>
</tr>
<?php
if($IsCreditCard)
{ // ask for the expiration date
echo "<tr> <td> Data di scadenza </td><td>";
date_selector("ExpirationMonth","ExpirationYear",$_POST['ExpirationMonth'],$_POST['ExpirationYear']);
echo "</td></tr>";
}
?>
</table>
<?php
if($IsCreditCard)
{ // create a bunch of hidden fields to pass data to the payment gateway
hidden_field("x_version",$x_version);
hidden_field("x_delim_data",$x_delim_data);
hidden_field("x_login",$x_login);
hidden_field("x_password",$x_password);
hidden_field("x_amount",$x_amount);
hidden_field("x_type",$x_type);
hidden_field("x_test_request",$x_test_request);
hidden_field("x_email", $Email); // where to send customer's confirmation
hidden_field("x_email_customer","TRUE"); // yes, send a confirmation email to the customer
hidden_field('x_first_name',$FirstName);
hidden_field('x_last_name',$LastName);
hidden_field('x_address',$BillingAddress);
hidden_field('x_city',$City);
hidden_field('x_state',$StateOrProvince);
hidden_field('x_zip',$PostalCode);
hidden_field('x_country',$Country);
hidden_field('x_ship_to_first_name',$ShipFirstName);
hidden_field('x_ship_to_last_name',$ShipLastName);
hidden_field('x_ship_to_address',$ShipAddress);
hidden_field('x_ship_to_city',$ShipCity);
hidden_field('x_ship_to_state',$ShipStateOrProvince);
hidden_field('x_ship_to_zip',$ShipPostalCode);
hidden_field('x_ship_to_country',$ShipCountry);
}
?>
<p>
<input type="submit" name="Submit" value="Acquista adesso">
<?php if($IsCreditCard) echo "Questo avvier� la transazione tramite carta di credito. Clicca il pulsante una sola volta."; ?>
</p>
</form>
<?php if($PageState == "error")
{ // extract the error from $response and report it
writeRed( "La transazione mediante carta di credito non � stata approvata.");
writeRed( trim($Errmsg) );
writeRed( trim($ResponseReasonText));
}
?>
</div>
<?php include ('include/footer.php');
?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists