Sindbad~EG File Manager
<?php
session_start();
require_once('DB.php');
require_once('query.php');
$SerialNumber = $_GET['SerialNumber'];
$ProductType = $_GET['ProductType'];
$PromoCode = trim($_POST['PromoCode']);
if(isset($PromoCode))
$_SESSION['PromoCode'] = $PromoCode;
function promoPrice($PromoCode,$productid, $price)
// price is the price stored in the database.
{ if ($PromoCode == "345XYMarch2007")
return ($price + 0.05) * 0.5 - 0.05; // half price, but then forced to end in .95
// other promotion codes can go here in the future
return $price; // regular price for any other entry in the PromoCode field
}
function add_underscores($x)
// replaces spaces by underscores and return the result
{ return ereg_replace(" ", "_", $x);
}
function writeRed($errmsg)
{ echo "<P> <em><font color=\"#FF0000\">";
echo $errmsg;
echo "</font></em></P>";
}
if(!empty($_SESSION['PaymentType']))
$ptype = $_SESSION['PaymentType'];
else
$ptype = "MasterCard";
if(!empty($_SESSION['CustomerType']))
$ctype = $_SESSION['CustomerType'];
else
$ctype = "individual";
if(!empty($_SESSION['SessionShippingMethodID']))
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
else
$ShippingMethodID = 1; // download only
$format = "%01.2f"; // good for American currency, dollars and cents
function SqlDate($today)
// convert a PHP date object to a string in yyyy-mm-dd format
{ return $today['year'] . "-" . $today['mon'] . "-" . $today['mday'];
}
if(is_null($_SESSION['CustomerID']))
{ $sql = "SELECT CustomerID FROM Customers ORDER BY CustomerID DESC LIMIT 1;";
$q = query($sql);
$q->fetchInto($row);
$_SESSION['CustomerID'] = ++$row[0];
// This will be the new CustomerID
// Now add a temporary record of a customer with this ID and dummy other values
$CompanyName = "";
$ContactFirstName = "";
$ContactLastName = "";
$BillingAddress = "";
$City = "";
$StateOrProvince = "";
$PostalCode = "";
$Country = "";
$ContactTitle = "";
$PhoneNumber = "";
$Email = "";
$sql = "INSERT INTO Customers ( CompanyName, ContactFirstName, ContactLastName, BillingAddress, City, StateOrProvince,
PostalCode, Country, ContactTitle,PhoneNumber, Email)
VALUES( '$CompanyName',
'$ContactFirstName',
'$ContactLastName',
'$BillingAddress',
'$City',
'$StateOrProvince',
'$Country',
'$ContactTitle',
'$PhoneNumber',
'$StreetAddress2',
'$Email'
);";
$q = Query($sql); // this record will automatically get the CustomerID we found above and stored in $_SESSION['CustomerID'].
// Now create a dummy entry in the orders table.
$sql = "SELECT OrderID FROM Orders ORDER BY OrderID DESC LIMIT 1;";
$q = query($sql);
$q->fetchInto($row);
$_SESSION['OrderID'] = ++$row[0];
/* Initialize variables for the fields of an Order. First come OrderID and CustomerID which are session variables. */
$EmployeeID = 1; // the website uses employee ID 1
$today = getdate();
$OrderDate = $today['month']." ".$today['mday']." ".$today['year'];
$SqlOrderDate = SqlDate($today);
$PurchaseOrderNumber = "";
$ShipFirstName = "";
$ShipLastName = "";
$ShipAddress = "";
$ShipCity = "";
$ShipStateOrProvince = "";
$ShipPostalCode = "";
$ShipCountry = "";
$ShipPhoneNumber = "";
$SqlShipDate = "0000-00-00"; // we don't know it yet
$FreightCharge = 0.0;
$SalesTaxRate = 0.0;
$Status = 'fresh';
$oid = $_SESSION['OrderID'];
$cid = $_SESSION['CustomerID'];
$sql = "INSERT INTO Orders ( OrderID,CustomerID,EmployeeID,OrderDate,PurchaseOrderNumber,ShipFirstName, ShipLastName,ShipAddress,ShipCity,
ShipStateOrProvince,ShipPostalCode,ShipCountry,ShipPhoneNumber,ShipDate,ShippingMethodID,
FreightCharge,SalesTaxRate,Status)
VALUES(
'$oid', '$cid',
'$EmployeeID',
'$SqlOrderDate',
'$PurchaseOrderNumber',
'$ShipFirstName',
'$ShipLastName',
'$ShipAddress',
'$ShipCity',
'$ShipStateOrProvince',
'$ShipPostalCode',
'$ShipCountry',
'$ShipPhoneNumber',
'$SqlShipDate',
'$ShippingMethodID',
'$FreightCharge',
'$SalesTaxRate',
'$Status'
);";
$q = Query($sql); // store the Order record.
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- DW6 -->
<?php
include ('include/head.php'); ?>
<body onmousemove="closesubnav(event);">
<script type="text/javascript">
function validateForm()
{
if(!document.forms["OrderForm"]["Understand"].checked )
{
alert("You must check the box to show you have understood what you are buying.");
return false;
}
}
</script>
<?php include ('include/body.php'); ?>
<div class="style1" id="pageName">
<?php if($_GET['error'] == 1)
{ // redirected from Order2; individual wants to pay by purchase order
writeRed("<p> An individual purchase cannot be paid by purchase order.</p>");
}
?>
<p></p>
<h2> Purchase MathXpert
<img alt="MathXpert logo" src="TransparentMathXpertLogo.gif" height="50" width="118"/>
</h2>
<p class="glink">
<strong>Your order: </strong>
<form name="OrderForm" action="https://www.HelpWithMath.com/Order2.php" onsubmit="return validateForm()" method="post" >
<table border="1" cellpadding=3>
<tr> <td> <strong> Product </strong></td><td align=right><strong>Unit Price </strong></td><td><strong>Quantity</strong></td> <td> <strong>Price</strong></td></tr>
<?php
// first clear out any OrderDetail records with this OrderID. This is needed in case the
// user came here before, then used the back button instead of Confirm and Continue.
$oid = $_SESSION['OrderID'];
if(is_null($oid))
die(); // before we damage the database with a screwed up DELETE command
$sql = "DELETE FROM `Order Details` WHERE OrderID=$oid;";
$q = query($sql);
// Now store the order (fresh or revised) in the OrderDetails table, and show it on the screen
$sql = "SELECT * FROM Products;";
$q = query($sql);
$format = "%01.2f"; // good for American currency, dollars and cents
$total = 0.0;
$discount = 0.0;
while($q->fetchInto($row))
{ $productid = $row[0];
$regularprice = $row[2];
if($PromoCode == "345XYMarch2007")
$unitprice = sprintf($format, promoPrice($PromoCode,$productid, $row[2]));
else
$unitprice = sprintf($format,$row[2]);
$name = add_underscores($row[3]);
$quantity = $_POST[$name];
if($quantity == 0)
continue;
echo "<tr> <td> $row[1] </td> <td align=right> $unitprice </td>"; // name and price
echo "<td align=right> $quantity </td>"; // number of that product ordered
$price = sprintf($format,$unitprice * $quantity);
$total += $price;
echo "<td align=right> $price </td>";
// now store this item in the OrderDetails table under the correct OrderID
$sql2 = "INSERT INTO `Order Details` (OrderID, ProductID,Quantity,UnitPrice,Discount)
VALUES( '$oid', '$productid', '$quantity','$unitprice','$discount');";
if(7<= $productid && $productid <= 9)
$_SESSION['TimeLimit'] = 153; // five months, in days
query($sql2);
}
$total = sprintf($format,$total);
echo "<tr><td><strong>Subtotal</strong> </td> <td></td> <td></td> <td><strong>$total</strong></td></tr>";
?>
</table>
<p> This purchase is for <input type="radio" name="CustomerType" value ="individual" <?php if($ctype == "individual") echo "checked"; ?>> an individual or family
<input type="radio" name="CustomerType" value ="company" <?php if($ctype == "company") echo "checked"; ?>> a school or company. (Your choice does not affect the price.) </p>
<?php if($_SESSION['TimeLimit'] > 0)
{
?>
<p>The version of MathXpert you have selected will run only when connected to the Internet, and only for five months. Check to show that you understand this.
<input type="checkbox" name="Understand" value="yes" > </p>
<?php } ?>
<p> We accept Mastercard or Visa on the website. To pay by purchase order, send us an email (see the Contact Information button at the upper right).
<!-- I will pay by <input type="radio" name="PaymentType" value ="MasterCard" <?php if($ptype == "MasterCard") echo "checked"; ?>> MasterCard
<input type="radio" name="PaymentType" value ="Visa" <?php if($ptype == "Visa") echo "checked"; ?>> Visa
<input type="radio" name="PaymentType" value ="Purchase Order" <?php if($ptype == "PurchaseOrder") echo "checked"; ?>> Purchase order.
-->
</p>
<h2>Delivery is by download </h2>
<?php
if( $_SESSION['TimeLimit'] > 0) // time-limited version
{ echo "<p> You will be able to download your software immediately after purchase, and you (or someone else, for whom you are purchasing MathXpert) will be able to download again in the future if you wish, using the serial number you will be issued today. One-semester versions are not available on CD.</p>";
echo "<input type=\"hidden\" name=\"ShippingMethodID\" value = \"1\">";
}
else
{ ?>
<p> You can download your software immediately, or at
and future time. You will be issued a serial number. You can always download MathXpert again using your serial number, so even if your computer crashes you don't need a CD (and we can even recover your serial number for you if necessary). </p>
<p> If you really want your own
physical backup, make a copy of the single file setup.exe that you download, before or after running it to install MathXpert. Today there are several simpler options to save that copy than on CD. </p>
<p> If you want to give MathXpert as a gift, just email the serial number to the recipient, and they
can download MathXpert onto their own computer. </p>
<span style="font-style: italic"> </span></p>
<?php }?>
<p>
<input type="submit" name="Submit" value="Confirm and continue">
</p>
</form>
</div>
<?php include ('include/footer.php');
?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists