Sindbad~EG File Manager
<?php
// 9.14.10 modified to store only last 4 digits of credit card number in the database.
// 1.26.11 added code to check first digit and deduce credit card type.
// 4.25.11 changed "Mastercard" to "MasterCard" as that is what ValidateCreditCard.php expects.
// 1.17.12 added two more email addresses for test transactions
session_start();
require_once('DB.php');
require_once('query.php');
require_once('PostToPaymentGateway.php');
require_once('ValidateCreditCard.php');
require_once('dates.php');
$PromoCode = trim($_SESSION['PromoCode']);
function promoPrice($PromoCode,$productid, $price)
// price is the price stored in the database.
{ if ($PromoCode == "345XYMarch2007")
return ($price + 0.05) * 0.5 - 0.05; // half price, but then forced to end in .95
// other promotion codes can go here in the future
return $price; // regular price for any other entry in the PromoCode field
}
function writeRed($errmsg)
{ echo "<P> <em><font color=\"#FF0000\">";
echo $errmsg;
echo "</font></em></P>";
}
if(is_null($_SESSION['CustomerID']) || is_null($_SESSION['OrderID'] || is_null($_SESSION['PaymentType'])))
header("Location:index.php"); // got here by typing in the URL maybe
$ptype = "credit card"; // we no longer ask them to choose one; formerly this was $_SESSION['PaymentType'];
if(!empty($_SESSION['CustomerType']))
$ctype = $_SESSION['CustomerType'];
else
$ctype = "individual";
if(!empty($_SESSION['SessionShippingMethodID']))
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
else
$ShippingMethodID = 1; // download only
if(is_null($_GET['State']))
$PageState='Enter';
else
$PageState=$_GET['State'];
$format = "%01.2f"; // good for American currency, dollars and cents
function hidden_field($Name, $Value)
// echo a hidden field description
{ echo "<input type='hidden' name='$Name' value='$Value' >";
}
global $FirstName,$LastName,$BillingAddress,$City,$StateOrProvince,$Country,$PostalCode,$Email;
function display_billing_info($cid)
// display the billing name, address, and phone
{ global $FirstName,$LastName,$BillingAddress,$City,$StateOrProvince,$Country,$PostalCode,$Email;
$sql = "SELECT ContactFirstName,ContactLastName, BillingAddress, City, StateOrProvince, Country, PostalCode, Email FROM Customers WHERE CustomerID='$cid';";
$q = query($sql);
$q->fetchInto($row);
$FirstName = $row[0];
$LastName = $row[1];
$BillingAddress = $row[2];
$City = $row[3];
$StateOrProvince = $row[4];
$Country = $row[5];
$PostalCode = $row[6];
$Email = $row[7];
echo address($FirstName, $LastName, $BillingAddress, $City, $StateOrProvince, $PostalCode,$Country);
}
function address($FirstName, $LastName, $BillingAddress, $City, $StateOrProvince, $PostalCode, $Country)
{ if($Country == "US")
echo "$FirstName $LastName <br> $BillingAddress <br> $City, $StateOrProvince $PostalCode";
else if($Country == "Mexico") // countries where postal code comes after city and state
echo "$FirstName $LastName <br> $BillingAddress <br> $City, $StateOrProvince $PostalCode <br> $Country";
else // countries where postal code precedes city, the norm in most of the world
echo "$FirstName $LastName <br> $BillingAddress <br> $PostalCode $City, $StateOrProvince <br> $Country";
}
global $ShipFirstName,$ShipLastName,$ShipAddress,$ShipCity,$ShipStateOrProvince,$ShipCountry,$ShipPostalCode,$FreightCharge;
function display_shipping_info($oid)
// display the shipping name, address, and phone
{ global $ShipFirstName,$ShipLastName,$ShipAddress,$ShipCity,$ShipStateOrProvince,$ShipCountry,$ShipPostalCode, $FreightCharge;
$sql = "SELECT ShipFirstName, ShipLastName, ShipAddress, ShipCity, ShipStateOrProvince, ShipCountry, ShipPostalCode, FreightCharge FROM Orders WHERE OrderID = '$oid';";
$q = query($sql);
$q->fetchInto($row);
$ShipFirstName = $row[0];
$ShipLastName = $row[1];
$ShipAddress = $row[2];
$ShipCity = $row[3];
$ShipStateOrProvince = $row[4];
$ShipCountry = $row[5];
$ShipPostalCode = $row[6];
$FreightCharge = $row[7];
echo address($ShipFirstName, $ShipLastName, $ShipAddress, $ShipCity, $ShipStateOrProvince, $ShipPostalCode, $ShipCountry);
}
function prepareGateWayData()
// return an associative array whose keys are the fieldnames specified in the
// payment gateway API, and whose values are the form data from this page.
{ $ans = array('x_version' => $_POST['x_version'],
'x_delim_data' => $_POST['x_delim_data'],
'x_login' => $_POST['x_login'],
'x_password' => $_POST['x_password'],
'x_card_num' => $_POST['x_card_num'],
'x_exp_date' => formatExpirationDate($_POST['ExpirationMonth'], $_POST['ExpirationYear']),
'x_amount' => $_POST['x_amount'],
'x_type' => $_POST['x_type'],
'x_test_request' => $_POST['x_test_request'],
'x_email' => $_POST['x_email'],
'x_email_customer' => $_POST['x_email_customer'],
'x_relay_response' => 'false', // without this the gateway generates Error 92
// 'x_merchant_email' => 'contactHelpWithMath@gmail.com', This results in an EXTRA email;
// we already get one confirming email due to settings in the Merchant Interface.
// you can optionally provide customer and shipping information. Why would I want to do that?
// answer: because then it is included in the confirming email.
'x_first_name' => $_POST['x_first_name'],
'x_last_name' => $_POST['x_last_name'],
'x_address' => $_POST['x_address'],
'x_city' => $_POST['x_city'],
'x_state' => $_POST['x_state'],
'x_zip' => $_POST['x_zip'],
'x_country' => $_POST['x_country'],
'x_ship_to_first_name' => $_POST['x_ship_to_first_name'],
'x_ship_to_last_name' => $_POST['x_ship_to_last_name'],
'x_ship_to_address' => $_POST['x_ship_to_address'],
'x_ship_to_city' => $_POST['x_ship_to_city'],
'x_ship_to_state' => $_POST['x_ship_to_state'],
'x_ship_to_zip' => $_POST['x_ship_to_zip'],
'x_ship_to_country' => $_POST['x_ship_to_country']
);
return $ans;
}
// Get the customer's email address. We only need this so it can recognize beeson@cruzio.com and
// create a test transaction in that case.
$sql = "SELECT Email FROM Customers WHERE CustomerID='$CustomerID';";
$q = Query($sql);
$q->fetchInto($rows);
$Email = $rows[0];
$Errmsg = "";
if($PageState == 'Edit')
{ // form has been submitted, so validate the credit card number and the expiration date
if($ptype == "Purchase Order")
{ $Errmsg = "To pay by purchase order, send email to ContactHelpWithMath at gmail.com.";
}
else
{ $CardNumber = $_POST['x_card_num'];
$FirstDigit = $CardNumber[0];
if($FirstDigit == 5)
{ $CardType = "MasterCard";
$ptype = "MasterCard";
}
else if ($FirstDigit == 4)
{ $CardType = "Visa";
$ptype = "Visa";
}
if($FirstDigit == 4 || $FirstDigit == 5)
$msg = validateCreditCard($CardType, $_POST['x_card_num']);
else
$msg = "We can accept only Mastercard or Visa";
if($msg != "true")
{ $Errmsg = $msg;
}
$month = $_POST['ExpirationMonth'];
$year = $_POST['ExpirationYear'];
$msg = validateExpirationDate($month, $year);
if($msg != "true")
{ $Errmsg = $Errmsg . "<br>" . $msg;
}
}
if($Errmsg == "")
{ // no checksum error in credit card number, expiration date is not in the past
$data = prepareGatewayData();
$response = postGateway($data);
// Now parse the response
$fields = explode(",","dummy" . "," . $response,40); // $data is comma-delimited by default
// tack on "dummy" so the indices of the real data start from 1
$ResponseCode = $fields[1]; // 1 is Approved, 2 is Declined, 3 is error, 4 is partial approval [4 is new in June 2010]
$ResponseReasonText = $fields[4];
$ApprovalCode = $fields[5]; // six-digit code
$AVSResultCode = $fields[6]; // result of Address Verification System
$TransactionID = $fields[7]; // need this later to void, credit, capture the transaction.
$MD5Hash = $fields[38];
$CardCode = $fields[39]; // result of Card Code verification
// following fields added June 2010
$AccountNumber = $fields[41]; // last 4 digits of the card provided
$CardType = $fields[42]; // Visa, MasterCard, American Express, Discover, Diners Club, EnRoute, JCB, as text
$SplitTenderID = $fields[43]; // used for partial authorizations, when the card limit is insufficient
$RequestedAmount = $fields[44]; // amount requested in original authorization
$BalanceOnCard = $fields[45]; // balance on the prepaid or debit card. Can be positive or negative
}
if($Errmsg == "" && $ResponseCode == 1)
{ // change the status of the order to "authorized";
$oid = $_SESSION['OrderID'];
$sql = "UPDATE Orders SET Status = 'authorized' WHERE OrderID='$oid';";
Query($sql); // carry out the update operation
// Create a record of this payment in the database.
$PaymentAmount = $_POST['x_amount'];
$PaymentDate = date("mY"); // mmYYYY
$CreditCardNumber = $_POST['x_card_num'];
$CreditCardExpDate = $_POST['x_exp_date'];
$PaymentMethodID = ($ptype == "MasterCard" ? 0 :
$ptype == "Visa" ? 1 :
$ptype == "American Express" ? 2 :
$ptype == "e-check" ? 3 : 4);
$CardholdersFirstName = $_POST['x_first_name'];
$CardholdersLastName = $_POST['x_last_name'];
// store only the last four digits, as of 9.14.10, so $AccountNumber is used instead of $CreditCardNumber below.
$data = array( $oid,
$PaymentAmount,
$PaymentDate,
$AccountNumber,
$CardholdersFirstName,
$CardholdersLastName,
$CreditCardExpDate,
$PaymentMethodID,
$TransactionID
);
$sql = "INSERT INTO Payments (OrderID, PaymentAmount,PaymentDate,CreditCardNumber,CardholdersFirstName,
CardholdersLastName,CreditCardExpDate,PaymentMethodID,TransactionID)
VALUES (?,?,?,?,?,?,?,?,?);";
PreparedQuery($sql,$data); // insert the new record;
// Now change to a new page and confirm the approval of the transaction.
header("Location: AfterTransaction.php"); // success
}
else
{ $PageState = "error"; // and stay on this page
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- DW6 -->
<?php
include ('include/head.php');
?>
<body onmousemove="closesubnav(event);">
<?php include ('include/body.php'); ?>
<div class="style1" id="pageName">
<p></p>
<h2> Order Summary
<img alt="MathXpert logo" src="TransparentMathXpertLogo.gif" height="50" width="118"/>
</h2>
<p class="glink">
<form name="OrderForm" action=<?php echo $_SERVER['PHP_SELF'] . "?State=Edit"; ?> method="POST" >
<table border="1" cellpadding=3>
<tr> <td> <strong> Product </strong></td><td align=right><strong>Unit Price </strong></td><td><strong>Quantity</strong></td> <td> <strong>Price</strong></td></tr>
<?php
$oid = $_SESSION['OrderID'];
if(is_null($oid))
die(); // before we issue an incorrect SQL query
$sql = "SELECT ProductName, Products.UnitPrice, Quantity, Discount FROM `Order Details`,Products WHERE OrderID=$oid AND `Order Details`.ProductID=Products.ProductID;";
$q = query($sql);
$format = "%01.2f"; // good for American currency, dollars and cents
$total = 0.0;
while($q->fetchInto($row))
{ $productname = $row[0];
$NumericalUnitPrice = $row[1] * (1.0-$row[3]);
if($PromoCode=="345XYMarch2007")
$NumericalUnitPrice = ($NumericalUnitPrice + 0.05) * 0.5 - 0.05; // half price, but then forced to end in .95
$unitprice = sprintf($format,$NumericalUnitPrice);
$quantity = $row[2];
if($quantity == 0)
continue;
echo "<tr> <td> $productname </td> <td align=right> $unitprice </td>"; // name and price
echo "<td align=right> $quantity </td>"; // number of that product ordered
$price = sprintf($format,$unitprice * $quantity);
$total += $price;
echo "<td align=right> $price </td>";
}
$total = sprintf($format,$total);
echo "<tr><td><strong>Subtotal</strong> </td> <td></td> <td></td> <td><strong>$total</strong></td></tr>";
$sql = "SELECT FreightCharge FROM Orders WHERE OrderID = '$oid';";
$q = Query($sql);
$q->fetchInto($row);
$FormattedFreightCharge = sprintf($row[0]);
echo "<tr><td>Shipping </td> <td></td> <td></td> <td><strong>$FormattedFreightCharge</strong></td></tr>";
$total += $row[0];
$total = sprintf($format,$total); // add trailing zero or zeroes if needed.
echo "<tr><td><strong>Total</strong> </td> <td></td> <td></td> <td><strong>$total</strong></td></tr>";
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
$sql = "SELECT ShippingMethod FROM `Shipping Methods` WHERE ShippingMethodID='$ShippingMethodID';";
$q = query($sql);
$q->fetchInto($row);
$ShippingMethod = $row[0];
// is the payment type a credit card? Yes, we can't yet cope with e-check or purchase orders
$IsCreditCard = true;
/*
$sql = "SELECT CreditCard FROM `Payment Methods` WHERE PaymentMethod='$ptype';";
$q = query($sql);
$q->fetchInto($row);
$IsCreditCard = $row[0]; */
?>
</table>
<p></p>
<table border="1" cellpadding=3>
<tr><td>Bill To</td> <td><?php display_billing_info($_SESSION['CustomerID'])?></td></tr>
<tr><td>Payment Method</td> <td><?php echo $ptype ?></td></tr>
<tr><td>Shipping Method</td><td><?php echo $ShippingMethod ?></td></tr>
<?php if($ShippingMethod != "download")
{ echo "<tr><td>Ship To</td><td>";
display_shipping_info($_SESSION['OrderID']);
echo "</td></tr>";
}
?>
</table>
<p> If you want to change anything, use your browser's back button. <br> If you do use your back button, and your browser asks you to confirm this
action, do so without hesitation--it will be fine.
</p>
<h2>Payment Information and Authorization</h2>
<?php // data to submit to payment gateway
$x_version = 3.1;
$x_delim_data = "TRUE";
$x_login = "hel481307642";
$x_password = "towardthe1";
$x_amount = $total;
$x_type = "AUTH_CAPTURE";
$x_method = ($ptype == "ECHECK" ? "ECHECK" : "CC"); // CC = credit card
if($Email == "beeson@cruzio.com" ||
$Email == "beesonpublic@gmail.com" ||
$Email == "ProfBeeson@gmail.com" ||
$Email == "profbeeson@gmail.com"
)
$x_test_request = "TRUE"; // set to TRUE to use test mode at the payment gateway
else
$x_test_request = "FALSE";
if($x_test_request == "TRUE")
echo "Credit card handling is in test mode because you are Michael Beeson.<br>";
// now we still need x_card_num and x_exp_date, to be collected on this page.
?>
<p></p>
<table>
<tr>
<td>
<?php echo "Enter $ptype number:"; ?>
</td>
<td><input type="text" name="x_card_num" value="<?php echo $_POST['x_card_num']?>">
</td>
</tr>
<?php
if($x_method == "CC")
{ // ask for the expiration date
echo "<tr> <td> Expiration date </td><td>";
date_selector("ExpirationMonth","ExpirationYear",$_POST['ExpirationMonth'],$_POST['ExpirationYear']);
echo "</td></tr>";
}
?>
</table>
<?php
if($IsCreditCard)
{ // create a bunch of hidden fields to pass data to the payment gateway
hidden_field("x_version",$x_version);
hidden_field("x_delim_data",$x_delim_data);
hidden_field("x_login",$x_login);
hidden_field("x_password",$x_password);
hidden_field("x_amount",$x_amount);
hidden_field("x_type",$x_type);
hidden_field("x_test_request",$x_test_request);
hidden_field("x_email", $Email); // where to send customer's confirmation
hidden_field("x_email_customer","TRUE"); // yes, send a confirmation email to the customer
hidden_field('x_first_name',$FirstName);
hidden_field('x_last_name',$LastName);
hidden_field('x_address',$BillingAddress);
hidden_field('x_city',$City);
hidden_field('x_state',$StateOrProvince);
hidden_field('x_zip',$PostalCode);
hidden_field('x_country',$Country);
hidden_field('x_ship_to_first_name',$ShipFirstName);
hidden_field('x_ship_to_last_name',$ShipLastName);
hidden_field('x_ship_to_address',$ShipAddress);
hidden_field('x_ship_to_city',$ShipCity);
hidden_field('x_ship_to_state',$ShipStateOrProvince);
hidden_field('x_ship_to_zip',$ShipPostalCode);
hidden_field('x_ship_to_country',$ShipCountry);
}
?>
<p>
<input type="submit" name="Submit" value="Purchase Now">
<?php if($IsCreditCard) echo "This will charge your credit card. Click the button only once."; ?>
</p>
</form>
<?php
if($PageState == "error")
{ // extract the error from $response and report it
writeRed( "The credit card transaction was not approved.");
writeRed( trim($Errmsg) );
writeRed( trim($ResponseReasonText));
if($ResponseCode==4) // partial approval
{ echo "<p>The balance remaining on that card is $BalanceOnCard.</p>";
// now they can choose to use that balance and supply another card (which will be linked using the SplitTenderID),
// or to forget that card with an insufficient balance (in which case we submit an Authorization Reversal and
// return them to this page as if for the first time.
}
}
?>
</div>
<?php include ('include/footer.php');
?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists