<?php
session_start();
//9apr10: Removed MailBCC **** KEEPING THIS FOR A WHILE
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);
date_default_timezone_set ('Asia/Kolkata');
include("global.inc.php");
include("connection.inc.php");
global $db;
//echo "<pre>"; print_r($db); echo "</pre>";
$orderFrom = 0;
$errors=0;
$error="The following errors occured while processing your form input.<ul>";
//if(!isset($path))
//{
//Following are received as POSTed params and stored in identical variable names
pt_register('POST','CustName');
pt_register('POST','CustLastName');
pt_register('POST','CustCompanyName');
pt_register('POST','CustAddr');
pt_register('POST','CustStreet');
pt_register('POST','CustTaluka');
pt_register('POST','CustDist');
pt_register('POST','CustState');
pt_register('POST','CustPin');
pt_register('POST','CustEmail');
pt_register('POST','CustWebsite');
pt_register('POST','CustSTD');
pt_register('POST','CustPhone');
pt_register('POST','CustMobile');
pt_register('POST','CustNote');
pt_register('POST','CustMsgCC');
pt_register('POST','grtotal');
pt_register('POST','postage');
//pt_register('POST','order_is_payment_online');
pt_register('POST','AvoidCoockieStorage');
pt_register('POST', 'CopyTheContent');
//}
if($CopyTheContent == 1)
{
$OrderShiptoName = $CustName;
$OrderShiptoSurname = $CustLastName;
$OrderShiptoCompanyName = $CustCompanyName;
$OrderShiptoAddr1 = $CustAddr;
$OrderShiptoAddr2 = $CustStreet;
$OrderShiptoAddr3 = $CustTaluka;
$OrderShiptoCity = $CustDist;
$OrderShiptoState = $CustState;
$OrderShiptoPincode = $CustPin;
$OrderShiptoEmail = $CustEmail;
$OrderShiptoSTD = $CustSTD;
$OrderShiptoPhone = $CustPhone;
$OrderShiptoMobile = $CustMobile;
}else
{
# Shipping details
pt_register('POST','OrderShiptoName');
pt_register('POST','OrderShiptoSurname');
pt_register('POST','OrderShiptoCompanyName');
pt_register('POST','OrderShiptoAddr1');
pt_register('POST','OrderShiptoAddr2');
pt_register('POST','OrderShiptoAddr3');
pt_register('POST','OrderShiptoCity');
pt_register('POST','OrderShiptoState');
pt_register('POST','OrderShiptoPincode');
pt_register('POST','OrderShiptoEmail');
pt_register('POST','OrderShiptoSTD');
pt_register('POST','OrderShiptoPhone');
pt_register('POST','OrderShiptoMobile');
}
/*if (!isset($CustMsgCC))$send_order_copy_to_cust = 0;
else*/
$send_order_copy_to_cust = 1;
//if(!isset($path))
//{
if(isset($_POST['order_is_payment_online']))
$order_is_payment_online = $_POST['order_is_payment_online'];
if($order_is_payment_online[0] == 'Submit For Online Payment')
$order_is_payment_online = 1;
else
$order_is_payment_online = 0;
if ($errors==1)
die ($error);
//Validate the contact details--------------------------------------------------
//Verify mandatory fields
validateMandatory($CustName, "First Name");
validateMandatory($CustLastName, "Last Name");
//validateMandatory($CustCompanyName, "Company Name");
validateMandatory($CustAddr, "Address");
validateMandatory($CustDist, "District/City");
validateMandatory($CustState, "State");
validateMandatory($CustPin, "Pin code");
validateMandatory($CustEmail, "Email address");
validateMandatory($CustSTD, "STD number");
validateMandatory($CustPhone, "Phone number");
//Verify that pin is numeric
validateNumeric($CustPin, "Pin code");
//Verify that pin is a 6 digit number
if (strlen($CustPin) != 6)
die ("Pin code must be 6 digits long!<br>".
"Please go to the previous page and correct this error");
//Verify that email address is valid
validateEmail($CustEmail);
//Verify that STD & phone are numeric
validateNumeric($CustSTD, "STD code");
validateNumeric($CustPhone, "Phone number");
//Verify that mobile is numeric (implicit that this field is not blank)
if ($CustMobile != "") validateNumeric($CustMobile, "Mobile number");
//verify that the Note field doesn't exceed max allowed chars
if (strlen($CustNote) > MAX_NOTE_SIZE_CHARS)
die ("Special instructions must be less than ". MAX_NOTE_SIZE_CHARS ." characters");
# Validate shipping details
//Verify mandatory fields
validateMandatory($OrderShiptoName, "Shipping Details: First Name");
validateMandatory($OrderShiptoSurname, "Shipping Details: Last name");
//validateMandatory($OrderShiptoCompanyName, "Shipping Details: Company Name");
validateMandatory($OrderShiptoAddr1, "Shipping Details: Address/House No.");
validateMandatory($OrderShiptoCity, "Shipping Details: District/City");
validateMandatory($OrderShiptoState, "Shipping Details: State");
validateMandatory($OrderShiptoPincode, "Shipping Details: Pin code");
validateMandatory($OrderShiptoEmail, "Shipping Details: Email address");
validateMandatory($OrderShiptoSTD, "Shipping Details: STD number");
validateMandatory($OrderShiptoPhone, "Shipping Details: Phone number");
//Verify that pin is numeric
validateNumeric($OrderShiptoPincode, "Shipping Details: Pin code");
//Verify that pin is a 6 digit number
if (strlen($OrderShiptoPincode) != 6)
die ("Shipping Details: Pin code must be 6 digits long!<br>".
"Please go to the previous page and correct this error");
//Verify that email address is valid
validateEmail($CustEmail);
//Verify that STD & phone are numeric
validateNumeric($CustSTD, "Shipping Details: STD code");
validateNumeric($OrderShiptoPhone, "Shipping Details: Phone number");
//Verify that mobile is numeric (implicit that this field is not blank)
if ($OrderShiptoMobile != "") validateNumeric($OrderShiptoMobile, "Shipping Details: Mobile number");
//}
//Receive the order data--------------------------------------------------------
$order_arr = array();
//myorder contains the serialized array of order data (book titles, quantity, amount)
if (!isset($_SESSION['myorder']))
die ('Problem fetching order details, please report this to [email protected]');
//unserialize the order data
$order_arr = unserialize($_SESSION['myorder']);
if ($order_arr == false)
die ('Sorry, there was a problem fetching the order details. Please report this to [email protected]');
//Build message content---------------------------------------------------------
//Create order table in HTML format
if(!isset($path))
{
$order_data = '
<table border="1" cellpadding="3" cellspacing="0" style="width: 600px; background-color: cornsilk; font-family: Arial, Helvetica; font-size: 8pt;">
<tr>
<th>Book Title</th>
<th>Price (Rs.)</th>
<th>Quantity</th>
<th>Amount (Rs.)</th>
</tr>
';
//Build the main table columns: title, price, quantity, amount
for ($i=0; $i<sizeof($order_arr); $i++) {
$order_data .= '
<tr>
<td>'.$order_arr[$i][0].'</td>
<td style="text-align: center; width: 5em;">'.$order_arr[$i][1].'</td>
<td style="text-align: right; width: 5em;">'.$order_arr[$i][2].'</td>
<td style="text-align: right; width: 5em;">'.$order_arr[$i][3].'</td>
</tr>
';
}
//Add total & postage if postage is not zero
if ($postage != 0) {
$order_data .= '<tr><td colspan="3" align="right">Total</td><td style="text-align: right;">'.$grtotal.'</td></tr>';
$order_data .= '<tr><td colspan="3" align="right">Postage</td><td style="text-align: right;">'.$postage.'</td></tr>';
}
$grand_total = $grtotal+$postage;
//Add the final payable amount
$order_data .= '<tr><td colspan="3" align="right"><strong>Total amount payable</strong></td><td style="text-align: right;"><strong>'.$grand_total.'</strong></td></tr>';
$order_data .= '</table>';
}
else
{
$order_data = '
<table border="1" cellpadding="3" cellspacing="0" style="width: 600px; background-color: cornsilk; font-family: Arial, Helvetica; font-size: 8pt;">
<tr>
<th colspan="2">Subscription Type</th>
<th colspan="2">Amount (Rs.)</th>
</tr>
';
//Build the main table columns: title, price, quantity, amount
for ($i=0; $i<sizeof($order_arr); $i++) {
$order_data .= '
<tr>
<td colspan="2">'.$order_arr[$i][0].'</td>
<td colspan="2" style="text-align: right; width: 5em;">'.$order_arr[$i][1].'</td>
</tr>
';
}
//Add total & postage if postage is not zero
if ($postage != 0) {
$order_data .= '<tr><td colspan="3" align="right">Total</td><td style="text-align: right;">'.$grtotal.'</td></tr>';
$order_data .= '<tr><td colspan="3" align="right">Postage</td><td style="text-align: right;">'.$postage.'</td></tr>';
}
$grand_total = $grtotal+$postage;
//Add the final payable amount
$order_data .= '<tr><td colspan="3" align="right"><strong>Total amount payable</strong></td><td style="text-align: right;"><strong>'.$grand_total.'</strong></td></tr>';
$order_data .= '<tr><td colspan="4">Where you heard about chakmak: '.$KnownSource.'</td></tr>';
$order_data .= '</table>';
}
$custArray = array(
'CustName' => $CustName,
'CustLastName' => $CustLastName,
'CustCompanyName' => $CustCompanyName,
'CustAddr' => stripcslashes($CustAddr),
'CustStreet' => stripcslashes($CustStreet),
'CustTaluka' => stripcslashes($CustTaluka),
'CustDist' => stripcslashes($CustDist),
'CustPin' => $CustPin,
'CustState' => getStatesName($CustState),
'CustEmail' => $CustEmail,
'CustWebsite' => $CustWebsite,
'CustPhone' => $CustSTD.' '.$CustPhone,
'CustMobile' => $CustMobile,
'CustNote' => stripcslashes($CustNote)
);
$cust_data = customerDetails($custArray);
$ShippingDtlArray = array(
'OrderShiptoName' => $OrderShiptoName,
'OrderShiptoSurname' => $OrderShiptoSurname,
'OrderShiptoCompanyName' => $OrderShiptoCompanyName,
'OrderShiptoAddr1' => stripcslashes($OrderShiptoAddr1),
'OrderShiptoAddr2' => stripcslashes($OrderShiptoAddr2),
'OrderShiptoAddr3' => stripcslashes($OrderShiptoAddr3),
'OrderShiptoCity' => stripcslashes($OrderShiptoCity),
'OrderShiptoPincode' => $OrderShiptoPincode,
'OrderShiptoState' => getStatesName($OrderShiptoState),
'OrderShiptoEmail' => $OrderShiptoEmail,
'OrderShiptoPhone' => $OrderShiptoSTD.' '.$OrderShiptoPhone,
'OrderShiptoMobile' => $OrderShiptoMobile,
);
$cust_shipping_data = shippingDetails($ShippingDtlArray);
if(isset($AvoidCoockieStorage))
{
clearCookies();
}
# Save customer and order to database
$VarQuery = "INSERT INTO customer (".
"cust_name, cust_surname, cust_company_name, cust_addr1, ".
"cust_addr2, cust_addr3, cust_city, cust_state, ".
"cust_country, cust_pincode, cust_email, cust_phone, ".
"cust_mobile, cust_website, cust_ip_addr".
" )".
" VALUES (".
"'".$CustName."', '".$CustLastName."', '".$CustCompanyName."', ".
"'".$CustAddr."', '".$CustStreet."', '".$CustTaluka."', ".
"'".$CustDist."', '".$CustState."', ".INDIA.", '".$CustPin."', ".
"'".$CustEmail."', '".$CustSTD."-".$CustPhone."', ".
"'".$CustMobile."', '".$CustWebsite."', '".$_SERVER['REMOTE_ADDR']."'".
")";
$VarResult = mysqli_query($db, $VarQuery) or die(mysqli_error());
$order_cust_id = mysqli_insert_id($db);
//}
/*else
{
$array = getFromCoockies();
# Save customer and order to database
$VarQuery = "UPDATE customer SET cust_name = '".$CustName."', cust_surname = '".$CustLastName."', ".
"cust_company_name = '".$CustCompanyName."', cust_addr1 = '".$CustAddr."', ".
"cust_addr2 = '".$CustStreet."', cust_addr3 = '".$CustTaluka."', ".
"cust_city = '".$CustDist."', cust_state = '".$CustState."', ".
"cust_country = ".INDIA.", cust_pincode = '".$CustPin."', cust_email = '".$CustEmail."', cust_phone = '".$CustSTD."-".$CustPhone."', ".
"cust_mobile = '".$CustMobile."', cust_website = '".$CustWebsite."', cust_ip_addr = '".$_SERVER['REMOTE_ADDR']."'".
" WHERE cust_id = '".$array['cust_id']."'";
$VarResult = mysql_query($VarQuery) or die(mysql_error());
$order_cust_id = $array['cust_id'];
}*/
$VarQuery = "INSERT INTO customer_order (".
"order_cust_id, order_from, order_datetime, order_special_instructions, order_is_payment_online,".
"order_status, order_shipto_name, order_shipto_surname, ".
"order_shipto_company_name, order_shipto_addr1, order_shipto_addr2, ".
"order_shipto_addr3, order_shipto_city, order_shipto_state, order_shipto_country, ".
"order_shipto_pincode, order_shipto_email, order_shipto_phone, order_shipto_mobile, ".
"order_subtotal, order_postage, order_total, order_items_formatted_list, send_order_copy_to_cust ".
")".
" VALUES (".
$order_cust_id.", ".$orderFrom.", '".date('Y-m-d H:i:s')."', '".$CustNote."', '".$order_is_payment_online."', ".ORDER_CREATED_CODE.", ".
"'".$OrderShiptoName."', '".$OrderShiptoSurname."', '".$OrderShiptoCompanyName."', ".
"'".$OrderShiptoAddr1."', '".$OrderShiptoAddr2."', '".$OrderShiptoAddr3."', ".
"'".$OrderShiptoCity."', '".$OrderShiptoState."', ".INDIA.", '".$OrderShiptoPincode."', ".
"'".$OrderShiptoEmail."', '".$OrderShiptoSTD.'-'.$OrderShiptoPhone."', ".
"'".$OrderShiptoMobile."', ".$grtotal.", ".$postage.", ".$grand_total.", '".base64_encode(serialize($order_data))."', ".
"'".$send_order_copy_to_cust."'".
")";
$VarResult = mysqli_query($db, $VarQuery) or die(mysqli_error($db));
$order_id = mysqli_insert_id($db);
if(!isset($AvoidCoockieStorage))
{
$ArrayToStoreInCookies = array('cust_id=>'.$order_cust_id,
'CustName=>'.$CustName, 'CustLastName=>'.$CustLastName,
'CustCompanyName=>'.$CustCompanyName, 'CustAddr=>'.stripcslashes($CustAddr),
'CustStreet=>'.stripcslashes($CustStreet), 'CustTaluka=>'.stripcslashes($CustTaluka),
'CustDist=>'.stripcslashes($CustDist), 'CustState=>'.$CustState, 'cust_country=>'.INDIA, 'CustPin=>'.$CustPin,
'CustEmail=>'.$CustEmail, 'CustSTD=>'.$CustSTD, 'CustPhone=>'.$CustPhone,
'CustMobile=>'.$CustMobile, 'CustWebsite=>'.$CustWebsite, 'REMOTE_ADDR=>'.$_SERVER['REMOTE_ADDR'],
'CustNote=>'.stripcslashes($CustNote), 'order_is_payment_online=>'.$order_is_payment_online,
'OrderShiptoName=>'.$OrderShiptoName, 'OrderShiptoSurname=>'.$OrderShiptoSurname,
'OrderShiptoCompanyName=>'.$OrderShiptoCompanyName, 'OrderShiptoAddr1=>'.stripcslashes($OrderShiptoAddr1),
'OrderShiptoAddr2=>'.stripcslashes($OrderShiptoAddr2), 'OrderShiptoAddr3=>'.stripcslashes($OrderShiptoAddr3),
'OrderShiptoCity=>'.stripcslashes($OrderShiptoCity), 'OrderShiptoState=>'.$OrderShiptoState,
'order_shipto_country=>'.INDIA, 'OrderShiptoPincode=>'.$OrderShiptoPincode,
'OrderShiptoEmail=>'.$OrderShiptoEmail, 'OrderShiptoSTD=>'.$OrderShiptoSTD,
'OrderShiptoPhone=>'.$OrderShiptoPhone, 'OrderShiptoMobile=>'.$OrderShiptoMobile,
'send_order_copy_to_cust=>'.$send_order_copy_to_cust
);
storeInCookies($ArrayToStoreInCookies);
}
if($order_is_payment_online)
{
//header('Location:payment-gateway.php?o='.$order_id.'&amount='.$grand_total.'&url='.urlencode(RETURN_URL));
//if(isset($path))
//$location = "Location:checkout.php?o=".$order_id."&path=c";
//else
$location = "Location:checkout.php?o=".$order_id;
header($location);
exit();
}
//if(isset($path))
//{
//global $chakmakURL;
// prepareToSwitch($order_id);
//header("Location:".$chakmakURL.'thank-you.php?status=soff&message='.urlencode('Thank you for your subscription'));
//exit();
//}
$name = $CustName.' '.$CustLastName;
$link = ORDER_PATH.'status.php?o='.encryptURLParas($order_id);
$content = FormatMailContent($name, $order_id, $order_data, $cust_data, $cust_shipping_data, $link);
# Send order mail
if(strlen(PEAR_PATH)>0)
{
$subject = 'Your pitara order (Number: '.$order_id.')';
sendmail($name, $CustEmail, $subject, $content);
}
$message = "<h2>Thank you</h2>An email has been sent to you with order details and further instructions.";
header('Location:thank-you.php?message='.urlencode($message));
exit();
//Functions used by this script-------------------------------------------------
function validateMandatory($val, $field) {
$val = trim($val);
if ($val == "") {
die ("You did not enter <strong>$field</strong>!<br>".
"Please go to the previous page and correct this error");
}
}
function validateNumeric($val, $field) {
$val = trim($val);
if (!is_numeric($val)) {
die ("$field must be a number!<br>".
"Please go to the previous page and correct this error");
}
}
function validateEmail($email) {
if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)) {
die ("Invalid Email address format!<br>".
"Please go to the previous page and correct this error");
}
}
?>