#! /usr/bin/perl # $PerlShop_version = 3.2; # # A product of ARPAnet Corp. - perlshop@arpanet.com, www.arpanet.com/perlshop # # Copyright (c) 1996, 1997, 1998, 1999, 2000 by ARAPnet Corp., All rights reserved # # Author: Edward Taussig. # (Portions Copyright (c) 1993 Steven E. Brenner) # (SHA algorithm written by: John Allen (allen@grumman.com). # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version, WITH THE FOLLOWING EXCEPTION: # You may not remove the the code that includes the PerlShop logo and the # link back to the PerlShop home page on any generated pages, # Nor may you modify the PerlShop logo itself. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # ########### Revision History ############################################## # Version 3.2 # -fixed bug in ReadParse giving Invalid Transmission error #3 with Perl 5.005 # -fixed cookie bug. # -References to 'error_trap' replaced with 'err_trap' # -fixed tag being generated before tag (must have tag in catalog page!) # -In the search function, links to the pages found had the path repeated twice in the link. # -put in a failsafe mechanism to remove abandoned lock files. # -check credit card expiration month is 1..12 # -fixed transmission error that is caused by an HTTP_REFERER when using https secure server. # -fixed a y2k bug. # -don't search binary files # -output initial blank lines in err_trap to make sure header is correct. # -fixed errors when $add_navigation = 'no' # -fixed a sockets smtp mail problem $sockaddr = 'SnC4x8' instead of 'Sna4x8'; # # Version 3.1 # -added SSI "include", "fsize", "flastmod", "echo", "config", "exec cgi" commands # -added $add_navigation variable # -allow fractional quantities if: $allow_fractional_qty eq 'yes' # -allow !MYURL! within
block # -allow PSTAG within an html comment # -option to put CC# on email (only if not using a secure server) # -put source/suggestions on email to vendor # -script will now print errors to browser instead of dying # -can now do new search from search results screen # -will now trap errors in order of html tags # -will accept quotes around tag names and values # -added shipping_type of 'none' # Version 3.0 # -added First Virtual payment functionality # -added SecureOrder payment functionality # -added Secure https ability for order form # -added support for cookies # -Search feature will now search subdirectories and highlight hits # -added logging of patterns that were searched for # -added option to treat search string as regular expression (default is now not to) # -added SHA self test # -fixed bug in SHA using ~0 # -fixed bug in CC check digit routine for CC #'s ending in Zero # -fixed bug in locking of logfile # -All dates are now Year 2000 compliant (Incl. CC expire date) # -Standardized Country to 2 character ISO codes # -fixed sockets mail routine to include mime & content headers # -added test for possible prior use of supposedly unique order id # -only put 'view orders' button if orders exist # Version 2.2 # -added image option for generated submit buttons # -added currency and date format customization variables. # -added '!MYWWW!' option anywhere on page for server independence. # -Can now use to create navigation 'link' in addition to submit button. # -added 'ALL' shipping country option. # -added wrapping of long item names to next line(s) on confirmation screen/email. # -added direct sockets sendmail option # -fixed missing quotes around item_name & options in generated hidden tags in view_cart # -Item name left aligned in view_cart table. # -added table for different handling amounts per country. # -version number now prints correctly from command line # -put $cod_charge in customer file only if paying by COD, else 0 # -put sub_total without tax or discount in customer file # -put $Handling charge in customer file # -added $local_time variable and added leading zero to minutes # -changed search catalog function from 'glob' to 'readdir' # -change permissions mask only if using cgiwrap # -fixed self_test for discount/shipping to use 0.01 increment for price # -only put prev/next page links if pstag is used # Version 2.1 # -fixed shipping table indexes did not all start at 0 # -fixed bug in Search catalog function due to converion to all uppercase cgi input # -added !MYURL! option to form tag to allow server independent catalog pages # Version 2.0 # -added edit to check that 'OTHER' shipper chosen if Country not listed in shipping table # -fixed formatting of Qty on confirmation screen/email # -fixed $cod_charge not being written to customer file # -fixed customer/order files not moved from temp directories if $convert_delim_to_commas not set to 'yes' # -added $catalog_country variable # -convert country, shipper and cardtype to uppercase before all comparisons # -add '' buttons/menus only if prev/next page is defined in catalog page # -added $accept_any_country variable to optionally restrict orders to only listed countries # -added internal table validation test # -added support for weight and options hidden fields. # -Search & Replace only done within ... block now for efficiency # -added support for multipart forms # -added support for shipping based on weight # -added support for a Handling charge per order # -updated SHA algorithm to handle longer input # -added $stay_on_page option # -added support for discounts based on price or quantity # -made Windows compatible # -added support for non-taxable items (and/or other kinds of Taxes) # -added Country name to email confirmation if not same as catalog country # -added 'Paid by:' to email confirmation # -changed time format on email confirmation from 24 hour to am/pm format # -The 'ENTER SHOP' button can now have different text # -made all comparisons using cgi input variables case insensitive # -allow any characters (except ") in item_id and item_name values. ############################################################################ require 5.000; ## This script requires perl version 5.000 or higher $|=1; ## Don't buffer output $testing = 'yes'; ## yes, no $use_cgiwrap = 'no'; ## yes, no $use_secure_server = 'no'; ## yes, no $add_navigation = 'no'; ## yes, no (if yes, first line of script will have prev,next page info) $use_cookies = 'yes'; ## yes, no $cookie_expire_days = 1; $allow_ssi_cgi = 'yes'; ## Do NOT set this to 'yes' unless you are sure, it can create a big security hole. $cardno_on_email = 'no'; ## Do NOT set this to 'yes' unless you are sure, it can create a big security hole. $allow_fractional_qty = 'no'; &ReadParse(*input); ### Subroutine ReadParse is part of cgi-lib.pl library, Copyright 1993 Steven E. Brenner (see full text below) print "Content-type: text/html\n"; if (lc $use_cookies ne 'yes') {print "\n";} ### When using cgiwrap, this script's permissions should be set to 700 so that the ## ### script would not even run unless cgiwrap were used, but in case you forgot to ## ### set the permission to 700, the following fail-safe check is used. ## if (($< == 65534) && ($use_cgiwrap eq 'yes')) { print "Attempt to bypass Cgiwrap!\n"; exit; } ###---------- Get the Current Directory and program title ---------- $curr_dir = '/var/www/cart/pny/'; $windows = 0; if (index($0,'\\') != -1) #### True if running on Dos/Windows { $program_title = substr($0, rindex($0, '\\') + 1); $curr_dir = substr($0,0,-(length($0) - rindex($0, '\\') - 1)); $windows = 1; } else #### else running on *nix {$program_title = substr($0, rindex($0, '/') + 1);} ###----------------------------------------------------------------- ########################################################################## ################### Server Customization Variables ####################### ########################################################################## $server_address = 'www.photonewyork.com'; $secure_server_address = "https://ws13.wynn.com"; ## "https://ssl.pair.com/taussig" $cgiwrap_directory = '/cgi-bin/pny'; $cgi_directory = '/cgi-bin/pny'; ###must be actual cgi directory name (not 'cgi-bin' if aliased) $mail_via = 'sendmail'; ### Either 'sockets' or 'sendmail' or 'blat' $blat_loc = 'c:\\winnt35\\system32\\blat'; $sendmail_loc = '/usr/lib/sendmail'; $smtp_addr = '127.0.0.1'; ### must use ip address on Win95, not hostname (hostname ok on NT) $catalog_home = '/products'; ### This is a Subdirectory of Public_Html, NOT cgi-bin!!! $home_page = 'shopindex.html'; $SHOPINDEX = 'shopindex.html'; $image_directory = '/graphics'; ### This is a Subdirectory of Public_Html, NOT cgi-bin!!! $secure_image_directory = '/graphics'; $image_location = "http://$server_address$image_directory"; $home_icon = ''; ### must reside in $image_directory if it exists. $create_page_log = 'yes'; ### ("yes" or "no") $create_search_log = 'yes'; ###----------------------------------------------------------- ### Assume that following subdirectories are directly under ### the (cgi-bin) directory this script is running in. If not, ### change the value of $curr_dir to the desired directory title ### Here (and include the trailing '/'). ###----------------------------------------------------------- $customers_directory = $curr_dir . 'customers'; $orders_directory = $curr_dir . 'orders'; $catalog_directory = $curr_dir . 'catalog'; $token_directory = $curr_dir . 'tokens'; $temp_customers_directory = $curr_dir . 'temp_customers'; $temp_orders_directory = $curr_dir . 'temp_orders'; $log_directory = $curr_dir . 'log'; #$SHOPINDEX = $catalog_directory . "/" . $SHOPINDEX ; ###----------------------------------------------------------- ###push (@INC, $cgi_directory); if ($use_cgiwrap eq 'yes') { umask 077; ## make readable/writeable by owner only $cgi_prog_location = $server_address . $cgiwrap_directory . "/$program_title"; } else {$cgi_prog_location = $server_address . $cgi_directory . "/" . $program_title ;} $delim = chr(1); $convert_delim_to_commas = 'yes'; $menu_bar = ""; #must be empty string here $id_length = 9; #length of unique order id key, must be > 3. $catalog_page = ""; ###--------For Secure Server Setup---------------------------- if ($use_cgiwrap eq 'yes') {$secure_prog_location = "$secure_server_address$cgiwrap_directory/$program_title";} else {$secure_prog_location = "$secure_server_address$cgi_directory/$program_title";} $secure_image_location= "$secure_server_address$secure_image_directory"; ###----------------------------------------------------------- ########################################################################## ################### Company Customization Variables ###################### ########################################################################## #==== To Include an Image on your pages =============# $banner = ''; ### arpanet.gif $hspace = '5'; $vspace = '5'; $border = '0'; $height = '111'; $width = '111'; $align = 'center'; #====================================================# #==== To Add background image or change color =======# $background = ''; ### good1.jpg $text_color = ""; $background_color = "#FFFFFF"; ### white=#FFFFFF $link_color = ""; $vlink_color = ""; $alink_color = ""; #====================================================# $company_name = 'Wynn Data Limited.'; $company_address = '622A President st
Brooklyn NY 11215
'; $company_email = 'sales@wynn.com'; $mail_order_to = 'sales@wynn.com'; $line_length = 80; @accept_payment_by = ('Credit', 'Check', 'COD', 'First Virtual'); ### valid types are: Credit, Check, COD ### if only one entry in @accept_payment_by, it will be the default and user will not have to choose it on order form. @valid_credit_cards = ('Visa', 'MasterCard'); ### valid types are: MasterCard, Visa, American Express, Optima, Carte Blanche, Diners Club, Discover, JCB. $online_credit_verify = 'SecureOrder'; ## Options are: 'no', 'SecureOrder' $online_check_verify = 'no'; ## Options are: 'no', 'SecureOrder' (not implemented yet) $accept_first_virtual = 'yes'; ## 'yes', 'no' ###--------First Virtual Configuration Section----------------- $fv_aab_url = "http://www.fv.com/fv/aab"; ### for Production ## ##$fv_seller_pin = 'test-sums-testseller'; ### Set ONLY if First Virtual is valid payment option!!!! ##$fv_ips = "card.com"; ### for Testing ## $fv_seller_pin = 'test-seize-programmer'; ### Set ONLY if First Virtual is valid payment option!!!! $fv_ips = "test.card.com"; ###----------------------------------------------------------- ###-------SecureOrder Configuration Section------------------- $SecureOrder_id = "TEST1"; ### The 5 character alphanumeric string that is your MER_ID ## for Production ## ##$SecureOrder_check_url = "https://www.atsbank.com/cgi-bin/strcheck"; ##$SecureOrder_credit_url = "https://www.atsbank.com/cgi-bin/strcredit"; ## for Testing ## $SecureOrder_check_url = "/cgi-bin/printenv"; $SecureOrder_credit_url = "/cgi-bin/printenv"; ###----------------------------------------------------------- $cod_charge = 3.00; ### amount to add to order (0.00 if none) @Handling_table = ( ### amount to add to order (0.00 if none) ['US', 2.75], ['CA', 5.00], ['OTHER', 10.00], ); $Pay_checks_to = 'ARPAnet Corp.'; $return_policy = 'All Sales are final. We will be glad to exchange defective items only within 30 days from date of '; $return_policy .= 'sale. Any items returned must be sent back prepaid in the same condition as when originally shipped. '; $return_policy .= 'Shipping and handling charges are not refundable.'; $catalog_country = 'US'; ### must be all capital letters, 2 letter country code. $accept_any_country = 'yes'; ### ('yes' or 'no') #Allow orders from countries not specifically listed in shipping rates table? $local_currency = 'USD'; $currency_decimal = '.'; ### decimal separator for currency format $currency_separator = ','; ### thousands separator for currency format $currency_symbol = '$'; ### Symbol for currency $local_weight = 'lbs.'; ### Unit of measure for WEIGHT field if used. $local_time = 'EST'; ### The time zone your <> is located in (eg: est, pst) $date_format = 'mmddyy';### options are: mmddyy, ddmmyy, mmddyyyy, ddmmyyyy $date_separator = '/'; ###----------------------------------------------------------- ### Leave blank (i.e. = '';) to use default submit buttons ### To use an image, jut use the file title (i.e. = 'update.gif';) $button_image{'UPDATE'} = ''; $button_image{'HOME'} = ''; $button_image{'VIEW ORDERS'} = ''; $button_image{'CHECK OUT'} = ''; $button_image{'SECURE CHECK OUT'} = ''; $button_image{'SUBMIT'} = ''; $button_image{'SECURE SUBMIT'} = ''; $button_image{'PLACE ORDER'} = ''; $button_image{'SEARCH'} = ''; $button_image{'SEARCH CATALOG'} = ''; $button_image{'SHIPPING RATES'} = ''; $button_image{'CONTINUE SHOPPING'} = ''; ###----------------------------------------------------------- # If the WEIGHT or OPTION hidden input fields exist on the catalog page, # then you MUST enter a value for the caption below, otherwise it must be blank (i.e. ''). $weight_caption = 'Weight'; # e.g. 'Weight' $option1_caption = 'Color'; # e.g. 'Color' $option2_caption = 'Size'; # e.g. 'Size' $option3_caption = ''; $shipping_type = 'quantity'; ### shipping_type is either 'price' or 'quantity' or 'weight' or 'included' or 'none' ### price or quantity means the minimum/maximum refers to total prices or total quantities respectively. ### '+' means add the Amount specified to the order total ### '*' means multiply the Amount times the Number of items ordered. ### '%' means take the given percentage of the total Amount ordered. ### Country, Ship via, Minimum, Maximum, Add or Multiply or Percentage, Amount ### #@Shipping_Rates = ( #[$catalog_country, 'UPS Ground', 0, 2, '+', 5.00], ### Index must start at 0 in case $shipping_type='weight' #[$catalog_country, 'UPS Ground', 3, 5, '+', 10.00], ### Min. should be .01 more that prev max. if based on price #[$catalog_country, 'UPS Ground', 6, 99999999,'*', 2.00], #[$catalog_country, 'UPS Blue', 0, 2, '+', 10.00], #[$catalog_country, 'UPS Blue', 3, 5, '+', 15.00], #[$catalog_country, 'UPS Blue', 6, 99999999, '*', 3.00], #[$catalog_country, 'FedEx', 0, 99999999, '+', 10], #['ALL', 'Airborne Express',0, 2, '+', 7.00], ### 'ALL' applies to any country (but is overriden by $accept_any_country = 'no') #['ALL', 'Airborne Express',3, 99999999, '*', 5.00], ### 'ALL' applies to any country #['OTHER','DHL', 0, 3, '*', 5.00], ### Default for any country not specfically listed above. #['OTHER','DHL', 4, 99999999, '*', 4.00], ### Default for any country not specfically listed above. #); @Shipping_Rates = ( [$catalog_country, 'UPS Surface', 0, 99999999,'*', 2.00], [$catalog_country, 'Fedex Standard', 0, 99999999,'*', 2.00], [$catalog_country, 'Fedex Next Morning', 0, 99999999,'*', 2.00], ['ALL','UPS Surface', 0, 99999999, '*', 2.0], ### Default for any country not specfically listed above. ['OTHER','UPS Surface', 0, 0, '*', 0.00], ### Default for any country not specfically listed above. ); $discount_type = 'none'; ### $discount_type is either 'quantity' or 'price' or 'none'. @Discount_Rates = ( ### For no discount use: $discount_type = 'none'; [1, 3, 0.00], ### Min. should be .01 more that prev max. if based on price [4, 99999999, 10.00], ); @Tax_States = ("NY 8.25"); ### List of: State to Apply Tax to, and Tax Rate (NOT percentage!) separated by a singe space ### e.g. @Tax_States = ("NY 8.25", "CA 4.5"); $stay_on_page = 'YES'; ### ('yes' or 'no') #if 'yes', adds cart to current page ### this default can be overriden by cgi input field StayOnPage = YES ${SO} = ''; ${SE} = ''; ### Starting/Ending highlight tag for search results ########################################################################## ############# END OF CUSTOMIZATION AREAS ######################### ########################################################################## ###----------------------------------------------------------- $action = $input{'ACTION'}; ### Create a unique order ID for each user to pass along to each form ### and to use as the file title to store the items ordered if ( (uc substr($action,0,5) eq 'ENTER') || (uc substr($action,0,5) eq 'GO TO') || ( substr($action,0,2) eq '->') || ( substr($action,0,1) eq '[') ) { if ($input{'ORDER_ID'} eq '!ORDERID!') { $token_exists = 0; if ((lc $use_cookies eq 'yes') && (defined($ENV{'HTTP_COOKIE'})) ) { ### RETRIEVE COOKIE HERE AND CHECK IF TOKEN & TEMP_ORDER ### STILL EXISTS AND ASK IF USER WANTS TO CONTINUE OLD ORDER %Cookies = map split (/=/), split (/; /,$ENV{HTTP_COOKIE}); if (defined($Cookies{'orderid'})) { $unique_id = $Cookies{'orderid'}; if ( $unique_id !~ /\d{$id_length}?/ ) {&Transmission_error(0);} $token_file_name = "$token_directory/$unique_id"; $order_file_name = "$temp_orders_directory/$unique_id"; $customer_file_name = "$temp_customers_directory/$unique_id"; # if (-e $token_file_name) { # wynkoop@wynn.com 2002/08/16 # if ( true ) { $token_exists = 1; if (-e $order_file_name) { unlink $customer_file_name; print "\n"; print "\n"; print "Previous Order Selections\n"; &add_menu_bar('CONTINUE SHOPPING'); &add_company_header; ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $mtime, $ctime) = stat(_); ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($atime); $mon++; $year = $year + 1900 ; print "
You have an Existing Order placed on: $mon/$mday/$year, as Shown Below.
"; print "If you do Not want to finish this order Press the RESTART button to delete
"; print "this order and go to the first catalog page to start a new order.

"; print "
"; print "
"; if ($button_image{'RESTART'} eq '') {print "
";} else { print ""; print ""; } print ""; print "
"; print '
'; $add_cart = 1; $resuming_order = 1; &view_cart; &add_button_bar('CONTINUE SHOPPING'); &add_company_footer; exit; } #order file exists } # token file exists }#using cookies and found perlshop cookie } ##using cookies and have a cookie if ($token_exists == 0) { srand(time() ^ ($$ + ($$ << 15))); $rand_len = '9' x ($id_length - 3); do { $unique_id = &zero_fill(abs($$),3) . &zero_fill(int(rand($rand_len)),$id_length - 3); $token_file_name = "$token_directory/$unique_id"; } until (! (-e $token_file_name)); ### Now check if really unique (i.e. does it already exist?) ### Create a random token to use with SHA signature $token = int(rand(1000000)); open(token_file, ">$token_file_name") || &err_trap("Cannot open $token_file_name for writing\n"); print(token_file "$token\n"); close token_file; } if (lc $use_cookies eq 'yes') { &create_cookie('orderid', $unique_id, $cookie_expire_days); print "\n"; } } else {&Transmission_error(1);} } else { if ( (! defined $input{'ACTION'}) && ((lc $online_credit_verify eq 'secureorder') || (lc $online_check_verify eq 'secureorder')) && ($ENV{'QUERY_STRING'} =~ /^(\d+)\&(a|i|d|b){1}?\&(.*)/i) ) { if ($use_secure_server eq 'yes') { if ($ENV{'HTTP_REFERER'} ne $secure_prog_location) {&Transmission_error;} } else { if ($ENV{'HTTP_REFERER'} ne "http://$cgi_prog_location") {&Transmission_error;} } if (length($1) > $id_length) {$unique_id = substr($1, - $id_length);} else {$unique_id = '0' x ($id_length - length($1)); $unique_id .= $1;} $SecureOrder_return_code = $2; $SecureOrder_return_msg = $3; if ($SecureOrder_return_code eq 'a') {$action = 'PLACE ORDER';} elsif ($SecureOrder_return_code eq 'd') { print "\n\n"; print "SecureOrder Error\n"; print "
Sorry, your Charge was declined. "; print "You can go back and try another card, or try again later.
Thank you.

"; exit; } else { print "\n\n"; print "SecureOrder Error\n"; print "
The following error was encounterd in attempting to process your "; print "charge, please press your browser's BACK button, and go back and correct the information.
Thank you.

"; print "
Error: $SecureOrder_return_msg

"; exit; } } else {$unique_id = $input{'ORDER_ID'};} if (($unique_id eq '!ORDERID!') || ( $unique_id !~ /\d{$id_length}?/ )) {&Transmission_error(3);} if (lc $use_cookies eq 'yes') { if ($action eq 'RESTART') {&create_cookie('orderid', $unique_id, $cookie_expire_days);} ## Reset Expiration date elsif ($action eq 'PLACE ORDER') {&create_cookie('orderid', $unique_id, -1);} ## 'delete' cookie print "\n"; } $token_file_name = "$token_directory/$unique_id"; if ( !(-e $token_file_name) ) { print "\n"; print "Already Checked Out\n"; print "\n"; print "

You cannot revise an order after checking out. You must enter the shop "; print "again if you wish to order more items, or contact the merchant directly if you "; print "need to cancel an order.


"; print "
Press the button below if you wish to start a new shopping session.


"; $unique_id = '!ORDERID!'; &add_button_bar(); print "\n"; print "\n"; exit; } } $order_file_name = "$temp_orders_directory/$unique_id"; $customer_file_name = "$temp_customers_directory/$unique_id"; $token_file_name = "$token_directory/$unique_id"; if (uc substr($action,0,6) eq 'SECURE') {$image_location=$secure_image_location;} if ( (uc substr($action,0,5) eq 'ORDER') || (uc substr($action,0,3) eq 'ADD') || (uc substr($action,0,3) eq 'PUT') || (uc substr($action,0,3) eq 'BUY') ) ### write out the order to a file in comma delimited, quoted format (CSV) { ### check for duplicates first if (-e $order_file_name) { open (order_file, $order_file_name)|| &err_trap( "Cannot open $order_file_name for reading\n" ); while () { chop; ($order_id, $item_id, $item_name, $item_price, $item_qty, $item_weight, $item_taxtype, $item_option1, $item_option2, $item_option3) = split(/$delim/,$_); &UnQuote($item_id); &UnQuote($item_option1); &UnQuote($item_option2); &UnQuote($item_option3); #Remove surrounding Quotation marks $index=""; do { if (! defined $input{'ITEM_OPTION1'.$index}) {$input{'ITEM_OPTION1'.$index} = "";} if (! defined $input{'ITEM_OPTION2'.$index}) {$input{'ITEM_OPTION2'.$index} = "";} if (! defined $input{'ITEM_OPTION3'.$index}) {$input{'ITEM_OPTION3'.$index} = "";} if ( ($input{'QTY'.$index} > 0) && ($item_id eq $input{'ITEM_ID'.$index}) && (lc $item_option1 eq lc $input{'ITEM_OPTION1'.$index}) && (lc $item_option2 eq lc $input{'ITEM_OPTION2'.$index}) && (lc $item_option3 eq lc $input{'ITEM_OPTION3'.$index}) ) { print "\n"; print "Duplicate Item\n"; print "\n"; print "

The Item: \"$input{'ITEM_NAME'.$index}\""; if ($item_option1 ne "") {print ", $item_option1";} if ($item_option2 ne "") {print ", $item_option2";} if ($item_option3 ne "") {print ", $item_option3";} print ' Has Already Been Ordered!

'; print "You May Change the Quantity ordered by pressing the VIEW ORDERS button below.


"; &add_button_bar('CONTINUE SHOPPING', 'VIEW ORDERS'); print "\n"; print "\n"; exit; } if ($index eq "") {$index = 1;} else {$index++;} } until (! defined $input{'ITEM_ID'.$index}); }#while order_file close order_file; }#if file exists ### Check if the Item # and Price have been tampered with !!! if (-e $token_file_name) { open(token_file, $token_file_name) || &err_trap("Cannot open token file: $token_file_name"); $token = ; chop($token); $index=""; $item_code=""; $items_ordered=0; do { &Check_Valid_Quantity($input{'QTY'.$index}, $input{'ITEM_NAME'.$index}); ### exit with err msg if not valid quantity if ($input{'QTY'.$index} > 0) {$items_ordered++;} if (! defined $input{'ITEM_WEIGHT'.$index}) {$input{'ITEM_WEIGHT'.$index} = 0;} if (! defined $input{'ITEM_TAXTYPE'.$index}) {$input{'ITEM_TAXTYPE'.$index} = "";} $input{'ITEM_PRICE'.$index} = &UnCurrency($input{'ITEM_PRICE'.$index}); $item_code .= $input{'ITEM_ID'.$index} . $input{'ITEM_PRICE'.$index} . $input{'ITEM_WEIGHT'.$index} . $input{'ITEM_TAXTYPE'.$index}; if ($index eq "") {$index = 1;} else {$index++;} } until (! defined $input{'ITEM_ID'.$index}); $item_code = &SHA( $ENV{'REMOTE_ADDR'} . $item_code . $token); # # removed checking of item_code 2002/08/13 because javascript updates # to cart fields mucked up the checking wynkoop@wynn.com # # if ($item_code ne $input{'ITEM_CODE'}) # {&Transmission_error(4);} } if ($items_ordered == 0) { print "\n"; print "No Items Ordered\n"; print "\n"; print "

All Quantities Were Zero (0), Please go back and enter a valid "; print "quantity for at least one item

"; &add_button_bar('CONTINUE SHOPPING', 'VIEW ORDERS'); print "\n"; print "\n"; exit; } $index=""; open(order_file, ">>$order_file_name") || &err_trap("Cannot open $order_file_name for writing\n"); do { if ($input{'QTY'.$index} > 0) { ### now append the data to the file if (! defined $input{'ITEM_WEIGHT'.$index}) {$input{'ITEM_WEIGHT'.$index} = 0;} if (! defined $input{'ITEM_TAXTYPE'.$index}) {$input{'ITEM_TAXTYPE'.$index} = "";} if (! defined $input{'ITEM_OPTION1'.$index}) {$input{'ITEM_OPTION1'.$index} = "";} if (! defined $input{'ITEM_OPTION2'.$index}) {$input{'ITEM_OPTION2'.$index} = "";} if (! defined $input{'ITEM_OPTION3'.$index}) {$input{'ITEM_OPTION3'.$index} = "";} print(order_file "\"$unique_id\"$delim"); print(order_file "\"$input{'ITEM_ID'.$index}\"$delim"); print(order_file "\"$input{'ITEM_NAME'.$index}\"$delim"); print(order_file "\"$input{'ITEM_PRICE'.$index}\"$delim"); print(order_file "\"$input{'QTY'.$index}\"$delim"); print(order_file "\"$input{'ITEM_WEIGHT'.$index}\"$delim"); print(order_file "\"$input{'ITEM_TAXTYPE'.$index}\"$delim"); print(order_file "\"$input{'ITEM_OPTION1'.$index}\"$delim"); print(order_file "\"$input{'ITEM_OPTION2'.$index}\"$delim"); print(order_file "\"$input{'ITEM_OPTION3'.$index}\"\n"); } if ($index eq "") {$index = 1;} else {$index++;} } until (! defined $input{'ITEM_ID'.$index}); ### now output the order details page close order_file; if (($stay_on_page eq 'yes') || (uc $input{'STAYONPAGE'} eq 'YES')) {$add_cart = 1;} else { &view_cart; exit; } } elsif ($action eq 'VIEW ORDERS') { &view_cart; exit; } elsif ($action eq 'UPDATE') { foreach $index(1..$input{'NUM_ITEMS'} - 1) { &Check_Valid_Quantity($input{'QTY'.$index}, $input{'ITEM_NAME'.$index}); ### exit with err msg if not valid quantity } ### update order file with updated order info $tempfile = $order_file_name . '.bak'; rename($order_file_name, $tempfile); open (order_file, $tempfile)|| &err_trap("Cannot open $order_file_name for reading\n"); open (out_file, ">$order_file_name"); $index = 1; ### if input item is not in order file, ignore it, View Orders page may have been tampered with ### and take all data except Quantity from input file, not from web page, to prevent tampering. while () { chop; ($order_id, $item_id, $item_name, $price, $quantity, $weight, $item_taxtype, $option1, $option2, $option3) = split(/$delim/,$_); &UnQuote($item_id); &UnQuote($option1); &UnQuote($option2); &UnQuote($option3); if ( ($item_id eq $input{'ITEM_ID'.$index}) && ($option1 eq $input{'ITEM_OPTION1'.$index}) && ($option2 eq $input{'ITEM_OPTION2'.$index}) && ($option3 eq $input{'ITEM_OPTION3'.$index}) ) { if ($input{'QTY'.$index} > 0) { print(out_file "\"$unique_id\"$delim"); print(out_file "\"$item_id\"$delim"); print(out_file "$item_name$delim"); print(out_file "$price$delim"); print(out_file "\"$input{'QTY'.$index}\"$delim"); print(out_file "$weight$delim"); print(out_file "$item_taxtype$delim"); print(out_file "\"$option1\"$delim"); print(out_file "\"$option2\"$delim"); print(out_file "\"$option3\"\n"); } } $index += 1; } close out_file; close order_file; unlink $tempfile; if ((($stay_on_page eq 'yes') || (uc $input{'STAYONPAGE'} eq 'YES')) && (! -e $customer_file_name)) {$add_cart = 1;} else { &view_cart; exit; } } elsif (($action eq 'CHECK OUT') or ($action eq 'SECURE CHECK OUT')) { &display_order_form; exit; } elsif (($action eq 'SUBMIT') or ($action eq 'SECURE SUBMIT')) { ### Validate & Save Order (Shipping & Payment) info, and make sure ### it's linked to an Order Number! (i.e. that an order file exists). &check_if_orders_exist; &self_test; $error_msg = ""; &require("First Name", $input{'FNAME'}); &require("Last Name", $input{'LNAME'}); &require("Street1", $input{'STREET1'}); &require("City", $input{'CITY'}); &require("State/Province", $input{'STATE'}); &require("Zip Code", $input{'ZIP'}); &check_country($input{'COUNTRY'}); &require("Country", $input{'COUNTRY'}); &require("Email Address", $input{'EMAIL'}); &check_zip($input{'ZIP'}, $input{'COUNTRY'}); $input{'STATE'} = &check_state($input{'STATE'}, $input{'COUNTRY'}); &check_email($input{'EMAIL'}); if (($input{'PAYBY'} eq 'CREDIT') && ((lc $online_credit_verify eq 'secureorder') || (lc $online_check_verify eq 'secureorder')) && (($input{'DPHONE'} eq '') && ($input{'NPHONE'} eq ''))) {&require("Daytime or Nighttime Phone", $input{'DPHONE'});} $input{'DPHONE'} = &check_phone($input{'DPHONE'}, $input{'COUNTRY'}); $input{'NPHONE'} = &check_phone($input{'NPHONE'}, $input{'COUNTRY'}); $input{'FAX'} = &check_phone($input{'FAX'}, $input{'COUNTRY'}); if (not (exists $input{'PAYBY'})) { $input{'PAYBY'} = uc @accept_payment_by[0]; } if ($input{'PAYBY'} ne 'CREDIT') { if ($input{'CARDNO'} ne "") { $error_msg .= "
  • Credit Card number entered, but Pay By [Credit] not selected."; } } else { # &require("Card Type", $input{'CARDTYPE'}); # &require("Credit Card #", $input{'CARDNO'}); # &require("Expiration Month", $input{'EXPMONTH'}); # &require("Expiration Year", $input{'EXPYEAR'}); # # &check_card_num($input{'CARDNO'}, $input{'CARDTYPE'}); # &check_expire_date($input{'EXPMONTH'}, $input{'EXPYEAR'}); sleep(1); # wynkoop@wynn.com 2002/09/30 } if ($shipping_type ne 'none') { if (($input{'STREET1'} =~ /(^.*[\s.]+|^)box\s+\d+/i ) && ( substr($input{'SHIPTYPE'},0,3) eq 'UPS' || substr($input{'SHIPTYPE'},0,3) eq 'DHL' || substr($input{'SHIPTYPE'},0,5) eq 'FedEx') ) { $error_msg .="
  • $input{'SHIPTYPE'} cannot ship to a P.O. Box. Enter a valid Street address."; } $country_uc = uc($input{'COUNTRY'}); $shipper_found = 0; $country_found = 0; foreach $index(0..$#Shipping_Rates) { ($Ship_Country, $Shipper, $Ship_Min, $Ship_Max, $Ship_Mul, $Ship_Amt) = @{$Shipping_Rates[$index]}; if ( (($country_uc eq uc $Ship_Country) || ($Ship_Country eq 'ALL')) && ($input{'SHIPTYPE'} eq $Shipper) ) {$shipper_found = 1;} if ($country_uc eq uc $Ship_Country) {$country_found = 1;} } if ($shipper_found == 0) { if ($accept_any_country eq 'no') {$error_msg .= "
  • Orders from: $country_uc cannot be accepted at this time, Sorry.
    ";} else { ### If country not in table, make sure Shipper entered is the one in the table for 'OTHER' (last one in table) ($Ship_Country, $Shipper, $Ship_Min, $Ship_Max, $Ship_Mul, $Ship_Amt) = @{$Shipping_Rates[$#Shipping_Rates]}; if (($input{'SHIPTYPE'} ne $Shipper) || ($country_found == 1)) { $valid_shippers = ""; if ($country_found == 0) {$valid_shippers = $Shipper;} $prev_Shipper = ""; foreach $index(0..$#Shipping_Rates) { ($Ship_Country, $Shipper, $Ship_Min, $Ship_Max, $Ship_Mul, $Ship_Amt) = @{$Shipping_Rates[$index]}; if (((uc $Ship_Country eq 'ALL') || ($country_uc eq $Ship_Country)) && ($Shipper ne $prev_Shipper)) { if ($valid_shippers eq "") {$valid_shippers = $Shipper;} else {$valid_shippers .= ', or ' . $Shipper;} } $prev_Shipper = $Shipper; }#foreach $error_msg .= "
  • $input{'SHIPTYPE'} is not a valid Shipper for $country_uc, Only $valid_shippers is.
    "; }#if }#else }#if }#shipping ne none if ($error_msg ne "") { print "\n"; print "Errors on Order Form\n"; print "\n"; print "

    The Following Errors Were Encountered!


    "; print "
    Press your browser's BACK button to Go back to the CheckOut form and fix them. Thank you.

    "; print "

      $error_msg


    "; print "\n"; print "\n"; if ($testing ne 'yes') { exit; } } open(customer_file, ">$customer_file_name") || &err_trap("Cannot open $customer_file_name for writing\n"); print(customer_file "\"$unique_id\"$delim"); print(customer_file "\"$ENV{'REMOTE_ADDR'}\"$delim"); ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $mon++; &Year2000($year); if ($date_format eq 'mmddyy' || $date_format eq 'mmddyyyy') {print(customer_file "\"$mon$date_separator$mday$date_separator$year\"$delim");} elsif ($date_format eq 'ddmmyy' || $date_format eq 'ddmmyyyy') {print(customer_file "\"$mday$date_separator$mon$date_separator$year\"$delim");} print(customer_file "\"$hour:$min:$sec\"$delim"); print(customer_file "\"$input{'TITLE'}\"$delim"); print(customer_file "\"$input{'FNAME'}\"$delim"); print(customer_file "\"$input{'LNAME'}\"$delim"); print(customer_file "\"$input{'COMPANY'}\"$delim"); print(customer_file "\"$input{'STREET1'}\"$delim"); print(customer_file "\"$input{'STREET2'}\"$delim"); print(customer_file "\"$input{'CITY'}\"$delim"); print(customer_file "\"$input{'STATE'}\"$delim"); print(customer_file "\"$input{'ZIP'}\"$delim"); print(customer_file "\"$input{'COUNTRY'}\"$delim"); print(customer_file "\"$input{'EMAIL'}\"$delim"); print(customer_file "\"$input{'DPHONE'}\"$delim"); print(customer_file "\"$input{'DEXTEN'}\"$delim"); print(customer_file "\"$input{'NPHONE'}\"$delim"); print(customer_file "\"$input{'NEXTEN'}\"$delim"); print(customer_file "\"$input{'FAX'}\"$delim"); print(customer_file "\"$input{'SHIPTYPE'}\"$delim"); print(customer_file "\"$input{'PAYBY'}\"$delim"); print(customer_file "\"$input{'CARDTYPE'}\"$delim"); print(customer_file "\"$input{'CARDNO'}\"$delim"); print(customer_file "\"$input{'EXPMONTH'}\"$delim"); print(customer_file "\"$input{'EXPYEAR'}\"$delim"); print(customer_file "\"$input{'SOURCE'}\"$delim"); $input{'SUGGEST'} =~ tr/\"\n\r/\` /d; print(customer_file "\"$input{'SUGGEST'}\"$delim"); print(customer_file "\"$input{'FVPIN'}\"\n"); close customer_file; &view_cart; exit; } elsif ($action eq 'PLACE ORDER') { &send_confirmation; open (order_file, $order_file_name)|| &err_trap("Cannot open $order_file_name for reading\n"); open (out_file, ">$orders_directory/$unique_id"); while () { if ($convert_delim_to_commas eq 'yes') {$_ =~ eval "tr/$delim/,/";} print(out_file $_); } close out_file; open (customer_file, $customer_file_name)|| &err_trap("Cannot open $customer_file_name for reading\n"); open (out_file, ">$customers_directory/$unique_id"); while () { chop; if ($convert_delim_to_commas eq 'yes') {$_ =~ eval "tr/$delim/,/";} $sub_total = sprintf("%.2f", $sub_total); $tax = sprintf("%.2f", $tax); $shipping = sprintf("%.2f", $shipping); $grand_total = sprintf("%.2f", $grand_total); $total_discount = sprintf("%.2f", $total_discount); if ($Payby eq 'COD') {$cod_charge = sprintf("%.2f", $cod_charge);} else {$cod_charge = 0;} $Handling = sprintf("%.2f", $Handling); print(out_file "$_,\"$sub_total\",\"$tax\",\"$shipping\",\"$grand_total\",\"$total_discount\",\"$cod_charge\",\"$Handling\"\n"); } close out_file; if ($testing ne 'yes') { unlink $token_file_name; ##delete token file unlink $order_file_name; unlink $customer_file_name; } exit; } elsif ($action eq 'SHIPPING RATES') { &show_shipping_rates; exit; } elsif ($action eq 'CONTINUE SHOPPING') # wynkoop@wynn.com 2002/08/16 { &continue_shopping; } elsif ($action eq 'HOME') # wynkoop@wynn.com 2002/08/16 { &continue_shopping; } elsif ($action eq 'SEARCH') { print "\n"; print "Search the Catalog\n"; &add_menu_bar('CONTINUE SHOPPING'); &add_company_header; &add_search_screen; &add_company_footer; exit; } elsif (($action eq 'SEARCH CATALOG') || ($input{'DOSEARCH'} eq 'SEARCH CATALOG')) { print "\n"; print "Search Results\n"; &add_menu_bar('SEARCH', 'CONTINUE SHOPPING'); &add_company_header; $found = 0; $pattern = $input{'SEARCH STRING'}; if ($pattern eq "") { print "You did not enter a pattern to search for!"; &add_button_bar('SEARCH', 'CONTINUE SHOPPING'); &add_company_footer; exit; } if ($input{'REGEXP'} ne 'TRUE') {$pattern = "\Q$pattern\E";} if ($input{'MATCHWORD'} eq 'TRUE') {$pattern = '(^|\b)+' . $pattern . '($|\b)+';} if ($input{'MATCHCASE'} ne 'TRUE') {$pattern = '(?i)' . $pattern;} ### Match pattern only if it is not part of a valid HTML tag, ### ### then Remove all HTML tags from matched line ### $matches = 0; &matchfile($catalog_directory); if ($matches == 0) {print "

    The pattern: \"$input{'SEARCH STRING'}\" was Not found!


    ";} else {print '
    ';} &add_search_screen; &add_button_bar('CONTINUE SHOPPING'); &add_company_footer; if ($create_search_log eq 'yes') {&create_log("Searches", $input{'SEARCH STRING'}, $matches );} exit; } elsif ($action eq 'RESTART') { unlink $order_file_name; } #------------------------------------------------------------------# if (defined($input{'THISPAGE'})) { ### Send a catalog page back with the unique ID set $catalog_page = "$catalog_directory/$input{'THISPAGE'}"; if (-e $catalog_page) { open(TEMPLATE, $catalog_page) || &err_trap("cannot open template file: $catalog_page"); } $prev_page = ""; $next_page= ""; if ($add_navigation eq 'yes') { $temp =