require_once "./global.php";
require "./cart_class.php";
//session_name("cartsessid");
if(isset($_GET[cartsessid])) session_id($_GET[cartsessid]);
@ session_save_path("/home/users/web/b1924/ipw.ahpcocom/phpsessions");
session_start();
$cart=$_SESSION['cart'];
//if cart is empty
if($cart->cart_count==0) {
redirect("http://".$siteset[domain]."/cart.php","Your Cart is empty now!
...");
exit;
}
//order item info : Item Name & Subtotal & Item_Total
$items=$cart->Get_Cart_Count()>0?$cart->cart_item:0;
$subtotal=array(); //Per Item's sub-total value
$itemname=array();
$item_total=0; //All Items' Total(except tax&shipping)
if($items) {
foreach($items as $key=>$item) {
if($item) {
$sub=number_format(($item[3]*$item[4]), 2, '.', '');
array_push($subtotal,$sub);
array_push($itemname,$item[1]);
}
}
foreach($subtotal as $stotal) $item_total=number_format(($item_total+$stotal),2,'.','');
}
$tpl->assign("subtotal",$subtotal);
$tpl->assign("item_total",$item_total);
$tpl->assign("itemname",$itemname);
unset($subtotal,$itemname);
######################POST Confirmation
if($_POST[step]=="confirm") {
//if have not post payment form:
if($_SESSION[post_payment][step]!="payment") {
redirect("checkout.php","You don't seem to have posted your payment info...");
exit;
}
//the same order form is not allowed to post>1times
if (!session_is_registered("confirmtimes")) {
$confirmtimes=0;
session_register("confirmtimes");
}
$confirmtimes++;
if($confirmtimes==1) {
//Insert DB(orderinfo,order_form) info:
//$spid=substr(uniqid(""),5);
$ordertime=time();
$totalvalue=$_SESSION[total];
$tax=$_SESSION[tax];
$shippingcost=$_SESSION[shippingcost];
foreach($_SESSION[post_shipping] as $key=>$shippingval) $$key=$shippingval;
foreach($_SESSION[post_payment] as $key=>$paymentval) $$key=$paymentval;
$card_expire=$Date_Day."/".$Date_Month."/".$Date_Year;
$insert_ids=array();
if(is_array($items)) foreach($items as $item) {
if($item) {
$db->query("INSERT INTO orderinfo (product_id,product_name,price,quantity)
VALUES ('".addslashes($item[0])."','".addslashes($item[1])."','".addslashes($item[3])."','".addslashes($item[4])."')");
array_push($insert_ids,$db->insert_id());
}
}
$insert_ids=implode(",",$insert_ids);
$qry="INSERT INTO order_form (orderinfo,totalvalue,tax,firstname,lastname,companyname,email,phone,address1,address2,country,city,state,zip,message,ordertime,shipping_id,shipping_fee,payment_id,account_number,account_holder,card_expire,firstname2,lastname2,companyname2,email2,phone2,address12,address22,country2,city2,state2,zip2)
VALUES ('".addslashes($insert_ids)."','".addslashes($totalvalue)."','".addslashes($tax)."','".addslashes($firstname)."','".addslashes($lastname)."','".addslashes($companyname)."',
'".addslashes($email)."','".addslashes($phone)."','".addslashes($address1)."','".addslashes($address2)."','".addslashes($country)."','".addslashes($city)."',
'".addslashes($state)."','".addslashes($zip)."','".addslashes($message)."','".intval($ordertime)."','".intval($shipping_id)."','".addslashes($shippingcost)."','".intval($payment_id)."','".addslashes($account_number)."','".addslashes($account_holder)."','".addslashes($card_expire)."','".addslashes($firstname2)."','".addslashes($lastname2)."','".addslashes($companyname2)."',
'".addslashes($email2)."','".addslashes($phone2)."','".addslashes($address12)."','".addslashes($address22)."','".addslashes($country2)."','".addslashes($city2)."',
'".addslashes($state2)."','".addslashes($zip2)."')";
$db->query($qry);
//Create orderid
$formid=$db->insert_id();
$orderid=create_orderid($formid);
$db->query("UPDATE orderinfo SET formid='".addslashes($orderid)."' WHERE id in($insert_ids) ");
$db->query("UPDATE order_form SET spid='".addslashes($orderid)."' WHERE id='$formid'");
session_unregister("confirmtimes");
session_unregister("cart");
session_destroy();
$tpl->assign("spid",$orderid);
$done=1;
}
$success_info=$db->get_col("SELECT success_info FROM siteinfo");
$success_info=$success_info[0];
$tpl->assign("success_info",$success_info);
unset($success_info);
$output=$tpl->fetch("checkout_success_done.htm");
echo str_replace($tpl_imgdir_name, $tpl->template_dir.$tpl_imgdir_name,$output);
exit;
}
######################
//payment method
$qry="SELECT * FROM payment";
$payment_id=$db->get_col($qry,0);
$payment_name=$db->get_col(NULL,1);
$tpl->assign("payment_id",$payment_id);
$tpl->assign("payment_name",$payment_name);
unset($payment_id,$payment_name);
######################POST Payment info.
if($_POST[step]=="payment") {
//if have not post shipping info.
if($_SESSION[post_shipping][step]!="shipping") {
redirect("checkout.php","You don't seem to have entered your billing/shipping info...");
exit;
}
$account_number=trim($_POST[account_number]);
$message=trim($_POST[message]);
//Check payment input
if(empty($account_number)) $tpl->assign("accountnum_0","Your Card/Account Number is required.");
if(empty($_POST[payment_id])) $tpl->assign("payid_0","You don't seem to have chose a Credit Card.");
$tpl_vars = $tpl->get_template_vars();
$invalid=($tpl_vars[accountnum_0] || $tpl_vars[payid_0]);
unset($tpl_vars);
//post payment form is invalid
if($invalid) {
$output=$tpl->fetch("checkout_payment.htm");
echo str_replace($tpl_imgdir_name, $tpl->template_dir.$tpl_imgdir_name,$output);
exit;
}
//payment form is valid
$paymentname=$db->get_col("SELECT name,description FROM payment WHERE id=$_POST[payment_id]",0);
$paymentinfo=$db->get_col(NULL,1);
$paymentname=$paymentname[0];
$paymentinfo=$paymentinfo[0];
$tpl->assign("paymentname",$paymentname);
$tpl->assign("paymentinfo",$paymentinfo);
unset($paymentname,$paymentinfo);
$post_payment=$_POST;
session_register("post_payment");
//print_rr($_SESSION);
//Show Confirmation page
$output=$tpl->fetch("checkout_confirm.htm");
echo str_replace($tpl_imgdir_name, $tpl->template_dir.$tpl_imgdir_name,$output);
exit;
}
######################
//shipping method
$qry="SELECT * FROM shipping";
$shipping_id=$db->get_col($qry,0);
$shipping_name=$db->get_col(NULL,1);
$shipping_price=$db->get_col(NULL,2);
$tpl->assign("shipping_id",$shipping_id);
$tpl->assign("shipping_name",$shipping_name);
$tpl->assign("shipping_price",$shipping_price);
unset($shipping_id,$shipping_name,$shipping_price);
######################POST Shipping info.
if($_POST[step]=="shipping") {
//firstname:Shipping | firstname2:Billing
$firstname=trim($_POST[firstname]); $firstname2=trim($_POST[firstname2]);
$lastname=trim($_POST[lastname]); $lastname2=trim($_POST[lastname2]);
$email=trim($_POST[email]); $email2=trim($_POST[email2]);
$phone=trim($_POST[phone]); $phone2=trim($_POST[phone2]);
$address1=trim($_POST[address1]); $address12=trim($_POST[address12]);
$city=trim($_POST[city]); $city2=trim($_POST[city2]);
$zip=trim($_POST[zip]); $zip2=trim($_POST[zip2]);
//Check the post form
if(empty($firstname)) $tpl->assign("firstname_0","err"); if(empty($firstname2)) $tpl->assign("firstname2_0","err");
if(empty($lastname)) $tpl->assign("lastname_0","err"); if(empty($lastname2)) $tpl->assign("lastname2_0","err");
if(empty($email)) $tpl->assign("email_0","err"); if(empty($email2)) $tpl->assign("email2_0","err");
if(empty($phone)) $tpl->assign("phone_0","err"); if(empty($phone2)) $tpl->assign("phone2_0","err");
if(empty($address1)) $tpl->assign("address1_0","err"); if(empty($address12)) $tpl->assign("address12_0","err");
if(empty($city)) $tpl->assign("city_0","err"); if(empty($city2)) $tpl->assign("city2_0","err");
if(empty($state)) $tpl->assign("state_0","err"); if(empty($state2)) $tpl->assign("state2_0","err");
if(empty($country)) $tpl->assign("country_0","err"); if(empty($country2)) $tpl->assign("country2_0","err");
if(empty($zip)) $tpl->assign("zip_0","err"); if(empty($zip2)) $tpl->assign("zip2_0","err");
if(empty($_POST[shipping_id])) $tpl->assign("shipping_id_0","err");
if($country != $country2) $tpl->assign("country_err","err");
if (!eregi("^([a-z.0-9_-])+@([a-zZ0-9_-])+(\.[a-z0-9_-])+[a-z]{2,3}$",$email)) $tpl->assign("email_err","err");
if (!eregi("^([a-z.0-9_-])+@([a-zZ0-9_-])+(\.[a-z0-9_-])+[a-z]{2,3}$",$email2)) $tpl->assign("email_err2","err");
$tpl_vars = $tpl->get_template_vars();
$valid=1;
foreach($tpl_vars as $var) {
if($var=="err") $valid=0;
}
//$valid=!($tpl_vars[firstname_0] || $tpl_vars[lastname_0] || $tpl_vars[email_0] || $tpl_vars[phone_0] || $tpl_vars[address1_0] || $tpl_vars[city_0] || $tpl_vars[state_0] || $tpl_vars[zip_0] || $tpl_vars[shipping_id_0] || $tpl_vars[email_err1] || $tpl_vars[email_err2]);
unset($tpl_vars);
if($valid) //shipping Form is valid
{
###====Recalculate Order Total Value====###
require "tax_shipping_config.php";
//calculate Tax:
$tax= calculate_tax($item_total,$state);
$total=number_format(($item_total+$tax),2,'.','');
//calulate Shipping:
$shippingcost=calculate_shipping($_POST[shipping_id],$total);
$total=number_format(($total+$shippingcost),2,'.','');
$tpl->assign("shippingcost",$shippingcost);
$tpl->assign("tax",$tax);
$tpl->assign("total",$total);
$post_shipping=$_POST;
session_register("post_shipping");
session_register("item_total");
session_register("shippingcost");
session_register("tax");
session_register("total");
$taxrate=$taxrate_in_the_zone;
session_register("taxrate");
$shippingname=$db->get_var("SELECT name FROM shipping WHERE id=$_POST[shipping_id]");
session_register("shippingname");
//print_rr($_SESSION);
//Show Payment page
$output=$tpl->fetch("checkout_payment.htm");
echo str_replace($tpl_imgdir_name, $tpl->template_dir.$tpl_imgdir_name,$output);
exit;
}
//Form is invalid
}
######################
/*
$tpl_vars = $tpl->get_template_vars();
print_rr($tpl_vars);
*/
$output=$tpl->fetch("checkout_,ahp2004.htm");
echo str_replace($tpl_imgdir_name, $tpl->template_dir.$tpl_imgdir_name,$output);
?>