Sindbad~EG File Manager
<?php
session_start();
require_once('DB.php');
require_once('query.php');
$SerialNumber = $_GET['SerialNumber'];
$ProductType = $_GET['ProductType'];
function writeRed($errmsg)
{ echo "<P> <em><font color=\"#FF0000\">";
echo $errmsg;
echo "</font></em></P>";
}
if(!empty($_SESSION['PaymentType']))
$ptype = $_SESSION['PaymentType'];
else
$ptype = "MasterCard";
if(!empty($_SESSION['CustomerType']))
$ctype = $_SESSION['CustomerType'];
else
$ctype = "individual";
if(!empty($_SESSION['SessionShippingMethodID']))
$ShippingMethodID = $_SESSION['SessionShippingMethodID'];
else
$ShippingMethodID = 1; // download only
$format = "%01.2f"; // good for American currency, dollars and cents
function SqlDate($today)
// convert a PHP date object to a string in yyyy-mm-dd format
{ return $today['year'] . "-" . $today['mon'] . "-" . $today['mday'];
}
if(is_null($_SESSION['CustomerID']))
{ $sql = "SELECT CustomerID FROM Customers ORDER BY CustomerID DESC LIMIT 1;";
$q = query($sql);
$q->fetchInto($row);
$_SESSION['CustomerID'] = ++$row[0];
// This will be the new CustomerID
// Now add a temporary record of a customer with this ID and dummy other values
$CompanyName = "";
$ContactFirstName = "";
$ContactLastName = "";
$BillingAddress = "";
$City = "";
$StateOrProvince = "";
$PostalCode = "";
$Country = "";
$ContactTitle = "";
$PhoneNumber = "";
$Email = "";
$sql = "INSERT INTO Customers ( CompanyName, ContactFirstName, ContactLastName, BillingAddress, City, StateOrProvince,
PostalCode, Country, ContactTitle,PhoneNumber, Email)
VALUES( '$CompanyName',
'$ContactFirstName',
'$ContactLastName',
'$BillingAddress',
'$City',
'$StateOrProvince',
'$Country',
'$ContactTitle',
'$PhoneNumber',
'$StreetAddress2',
'$Email'
);";
$q = Query($sql); // this record will automatically get the CustomerID we found above and stored in $_SESSION['CustomerID'].
// Now create a dummy entry in the orders table.
$sql = "SELECT OrderID FROM Orders ORDER BY OrderID DESC LIMIT 1;";
$q = query($sql);
$q->fetchInto($row);
$_SESSION['OrderID'] = ++$row[0];
/* Initialize variables for the fields of an Order. First come OrderID and CustomerID which are session variables. */
$EmployeeID = 1; // the website uses employee ID 1
$today = getdate();
$OrderDate = $today['month']." ".$today['mday']." ".$today['year'];
$SqlOrderDate = SqlDate($today);
$PurchaseOrderNumber = "";
$ShipFirstName = "";
$ShipLastName = "";
$ShipAddress = "";
$ShipCity = "";
$ShipStateOrProvince = "";
$ShipPostalCode = "";
$ShipCountry = "";
$ShipPhoneNumber = "";
$SqlShipDate = "0000-00-00"; // we don't know it yet
$FreightCharge = 0.0;
$SalesTaxRate = 0.0;
$Status = 'fresh';
$oid = $_SESSION['OrderID'];
$cid = $_SESSION['CustomerID'];
$sql = "INSERT INTO Orders ( OrderID,CustomerID,EmployeeID,OrderDate,PurchaseOrderNumber,ShipFirstName, ShipLastName,ShipAddress,ShipCity,
ShipStateOrProvince,ShipPostalCode,ShipCountry,ShipPhoneNumber,ShipDate,ShippingMethodID,
FreightCharge,SalesTaxRate,Status)
VALUES(
'$oid', '$cid',
'$EmployeeID',
'$SqlOrderDate',
'$PurchaseOrderNumber',
'$ShipFirstName',
'$ShipLastName',
'$ShipAddress',
'$ShipCity',
'$ShipStateOrProvince',
'$ShipPostalCode',
'$ShipCountry',
'$ShipPhoneNumber',
'$SqlShipDate',
'$ShippingMethodID',
'$FreightCharge',
'$SalesTaxRate',
'$Status'
);";
$q = Query($sql); // store the Order record.
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- DW6 -->
<?php
include ('include/head.php'); ?>
<body onmousemove="closesubnav(event);">
<?php include ('include/body.php'); ?>
<div class="style1" id="pageName">
<?php if($_GET['error'] == 1)
{ // redirected from Order2; individual wants to pay by purchase order
writeRed("<p> Un acquisto singolo non pu� essere espletato tramite ordine di pagamento.</p>");
}
?>
<p></p>
<h2> Purchase MathXpert
<img alt="MathXpert logo" src="TransparentMathXpertLogo.gif" height="50" width="118"/>
</h2>
<p class="glink">
<strong>Il tuo ordine: </strong>
<form name="OrderForm" action="https://www.HelpWithMath.com/Order2.php" method="post" >
<table border="1" cellpadding=3>
<tr> <td> <strong> Prodotto </strong></td><td align=right><strong>Prezzo unitario </strong></td><td><strong>Quantit�</strong></td> <td> <strong>Prezzo</strong></td></tr>
<?php
// first clear out any OrderDetail records with this OrderID. This is needed in case the
// user came here before, then used the back button instead of Confirm and Continue.
$oid = $_SESSION['OrderID'];
if(is_null($oid))
die(); // before we damage the database with a screwed up DELETE command
$sql = "DELETE FROM `Order Details` WHERE OrderID=$oid;";
$q = query($sql);
// Now store the order (fresh or revised) in the OrderDetails table, and show it on the screen
$sql = "SELECT * FROM Products;";
$q = query($sql);
$format = "%01.2f"; // good for American currency, dollars and cents
$total = 0.0;
$discount = 0.0;
while($q->fetchInto($row))
{ $productid = $row[0];
$unitprice = sprintf($format,$row[2]);
$name = $row[3];
$quantity = $_POST[$name];
if($quantity == 0)
continue;
echo "<tr> <td> $row[1] </td> <td align=right> $unitprice </td>"; // name and price
echo "<td align=right> $quantity </td>"; // number of that product ordered
$price = sprintf($format,$unitprice * $quantity);
$total += $price;
echo "<td align=right> $price </td>";
// now store this item in the OrderDetails table under the correct OrderID
$sql2 = "INSERT INTO `Order Details` (OrderID, ProductID,Quantity,UnitPrice,Discount)
VALUES( '$oid', '$productid', '$quantity','$unitprice','$discount');";
query($sql2);
}
$total = sprintf($format,$total);
echo "<tr><td><strong>Totale</strong> </td> <td></td> <td></td> <td><strong>$total</strong></td></tr>";
?>
</table>
<p> Questo acquisto � a favore di <input type="radio" name="CustomerType" value ="singolo" <?php if($ctype == "individual") echo "checked"; ?>> una persona o famiglia
<input type="radio" name="CustomerType" value ="societ�" <?php if($ctype == "company") echo "checked"; ?>> una scuola o una societ�. (la scelta non influisce sul prezzo.) </p>
<p> Pagher� per mezzo di <input type="radio" name="PaymentType" value ="MasterCard" <?php if($ptype == "MasterCard") echo "checked"; ?>> MasterCard
<input type="radio" name="PaymentType" value ="Visa" <?php if($ptype == "Visa") echo "checked"; ?>> Visa
<input type="radio" name="PaymentType" value ="Ordine di pagamento" <?php if($ptype == "PurchaseOrder") echo "checked"; ?>> Ordine di pagamento.
</p>
<h2>Preferenze di spedizione</h2>
<p> Che tu scarichi MathXpert oggi o meno, puoi farti spedire un CD se lo vuoi. <br> Se ordini un CD,
ti sar� spedito il giorno lavorativo successivo a oggi.</p>
<table border="1" cellpadding=3>
<tr><td><strong>Metodo di pagamento</strong></td> <td><strong>Costo</strong></td> <td></td></tr>
<tr><td>Scarica soltanto, no CD</td><td>$0.0</td><td> <input type="radio" name="ShippingMethodID" value ="1" <?php if($ShippingMethodID == 1) echo "checked"; ?>></td></tr>
<tr><td>US Mail (per gli Stati Uniti) </td> <td>$4.00</td><td> <input type="radio" name="ShippingMethodID" value ="2" <?php if($ShippingMethodID == 2) echo "checked"; ?>></td></tr>
<tr><td>FedEx (per gli Stati Uniti)</td> <td>$14.00</td><td> <input type="radio" name="ShippingMethodID" value ="3" <?php if($ShippingMethodID == 3) echo "checked"; ?>></td></tr>
<tr><td>Posta aerea (fuori degli Stati Uniti)</td> <td>$6.00</td><td> <input type="radio" name="ShippingMethodID" value ="4" <?php if($ShippingMethodID == 4) echo "checked"; ?>></td></tr>
</table>
<p>
<input type="submit" name="Submit" value="Confirm and continue">
</p>
</form>
</div>
<?php include ('include/footer.php');
?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists