Scripting e-mail problems - PHP coders PLEASE HELP!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
advisual
Forum Newbie
Posts: 4
Joined: Wed Apr 19, 2006 3:56 pm

Scripting e-mail problems - PHP coders PLEASE HELP!

Post by advisual »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi All,

For some reason when the script below attempts to send email confirmation to the submitter and admin it changes the [b]@ to %40[/b] and [b]spaces to %20[/b], so neither the admin or submitter are receiving confirmation.

When I look at the orders log, while it logs eveything all the spaces have %20 and the @ = %40.

Does anyone have any idea how to correct this in this script so that the confirmations can be properly forwarded.

Thanks ion advance

Code: Select all

<?php
include ("./processor/index.php");
include ("./admin/payment_1.php");
include ("./admin/configuration_1.php");
include ("./localization/".$language.".php");

// Time generator
$timestamp = time();
$hoursdiff = $zone;
$hoursdiff = $hoursdiff * 3600;
$timestamp = $timestamp - $hoursdiff;
$sendtime = date("h:iA", $timestamp);
$senddate = date("m/d/y");
$ip = getenv("REMOTE_ADDR");

session_start();
$sessionid = $_SESSION["sessionid"];
if ($sessionid == ""){
	$sessionid =  md5 (uniqid(rand()));
	session_register(sessionid);
}

// Check referring domain
if ($referers){
	$referers = explode(" ", $referers);
	$found = false;
	$temp = explode("/",getenv("HTTP_REFERER"));
	$referer = $temp[2];
	for ($x=0; $x < count($referers); $x++){
		if (ereg ($referers[$x], $referer)) {
			$found = true;
		}
	}
	if (!$found && !empty($referer)){
		include ("./admin/header.inc.php");
		?>
		<center>
		<table border="0" cellpadding="1" cellspacing="1" width="160">
		<tr>
		<td>
		<div style="padding:6px">
		<center><table cellpadding="0" cellspacing="3" border="0" width="160">
		<tr><td><p align="center">
		<center><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color=<? echo $TextColor; ?>"><p><b><? echo $DomainError; ?> - <? echo $referrer; ?></b></p></font></center>
		</td></tr></table>
		</div>
		</td>
		</tr>
		</table>
		</center>
		<?
		include ("./admin/footer.inc.php");
		exit();
	}
}
// Check all fields have been filled out before submitting order
if ( $_REQUEST["action"] == "submit" ) {
	$name 	    = rawurlencode($_REQUEST["name"]);
	$email 	    = rawurlencode($_REQUEST["email"]);
	$company    = rawurlencode($_REQUEST["company"]);
	$address    = rawurlencode($_REQUEST["address"]);
	$postcode0   = rawurlencode($_REQUEST["postcode0"]);
	$telephone  = rawurlencode($_REQUEST["telephone"]);
	if (empty($_REQUEST["name"]) or empty($_REQUEST["email"]) or empty($_REQUEST["address"]) or empty($_REQUEST["postcode0"])) {
		header("Refresh: 0;url=phpcart.php?action=confirm&name=". "$name&email=$email&company=$company&address=$address" ."&postcode0=$postcode0&telephone=$telephone&alert=1");
		exit();
	} else {
		header("Refresh: 150000;url=$home");
	}
}

// Include html header
include ("./admin/header.inc.php");
		?>
		<center>
		<table border="0" cellpadding="1" cellspacing="1" width="160">
		<tr>
		<td>
		<div style="padding:6px">
		<div align="center">
		<center><table cellpadding="0" cellspacing="3" border="0" width="160">
		<tr><td><p align="center">
		<?

if ($_REQUEST["action"]) {

	// Create session file
	if (!file_exists("./sessions/".$sessionid.".dat"))
		copy("./sessions/empty", "./sessions/".$sessionid.".dat");

	// Add product to cart
	if ($_REQUEST["action"]=="add") {
		$row = 1;
		$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
		while ($data = fgetcsv ($fp, 500)) {
			$row++;
			if ($data[0] == $_REQUEST["id"] && $noduplicates = "Y") {
				?>
				<center><font size="<? echo $fontSize+1; ?>" face="<? echo $font; ?>" color="<? echo $TextColor; ?>"><b><? echo $ProductInBasket; ?></b></font></center>
				<?
				break;
			}
		}
		if($data[0]!=$_REQUEST["id"]) { // we must have reached the end of the file
			if (!$_REQUEST["option1"]) {
				$option_print = "";
				} else {
				$option_print = "- ".$_REQUEST["option1"]." ".$_REQUEST["option2"]." ".$_REQUEST["option3"];
				}
			$descr_option = $_REQUEST["descr"]." $option_print";
			fputs($fp,$_REQUEST["id"].",".$descr_option.",".$_REQUEST["price"].",".$_REQUEST["quantity"].",".$_REQUEST["postage"]."\n");
		}
		fclose($fp);
	}

	// Clear all shopping cart contents
	if ($_REQUEST["action"]=="clear") {
		$fp = fopen ("./sessions/".$sessionid.".dat", "w");
		fclose($fp);
		$_REQUEST["action"]="add";
	}

	// Delete product from cart
	if ($_REQUEST["action"]=="delete") {
		$row = 1;
		$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
		while ($data = fgetcsv ($fp, 500)) {
			if ($_REQUEST["id"]==$row) {
				$row++;
				continue;
			} else {
				$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$data[3].",".$data[4];
				$row++;
			}
		}
		fclose ($fp);
		$fp = fopen ("./sessions/".$sessionid.".dat", "w");
		if (!empty($new_data)) {
			$new_data_insert = implode ("\n", $new_data);
			fputs($fp, $new_data_insert."\n");
		}
		fclose($fp);
		$_REQUEST["action"]="view";
	}

	// Recalculate cart-contents
	if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
		$theproduct = $_REQUEST["product"];
		$row = 1;
		$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
		while ($data = fgetcsv ($fp, 500)) {
			if (!empty($theproduct)) {
				if ($theproduct[$row] == "0" || empty($theproduct[$row])) {
					$row++;
					continue;
				} else {
					$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$theproduct[$row].",".$data[4];
					$row++;
				}
			}
		}
		fclose ($fp);

		if (!empty($new_data)) {
			$new_data_insert = implode ("\n", $new_data);
			$fp = fopen ("./sessions/".$sessionid.".dat", "w");
				fputs($fp, $new_data_insert."\n");
			fclose ($fp);
		}
	}

	// Print basket contents
	$tot_pos = 0;
	$tot_postage = $PostalAmount;
	$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
	if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
		?>
		<center>
		<form action="phpcart.php" method="post" target="_self">
		<input type="hidden" name="action" value="submit">
		<table border=1 cellspacing=0 width=553 bordercolor=#000000>
			<tr>
				<td align=center bgcolor=#FFFFFF width=543>
				<p align=center>
				<font face=Arial color=#FF0000 size=2>
				<b><? echo $confirmNote; ?>:</b></font>
				<font face=Arial color=#000080 size=2><? echo $Note; ?></font></p>
				</td>
			</tr>
		</table>
		<table width=500 align=center border=0 cellpadding=5 cellspacing=2>
			<col width=200 align=left><col width=400 align=left><tr>
			<th colspan=2 bgcolor="<? echo $PgBack; ?>"><font face="<? echo $font; ?>" size="<? echo $fontSize + 1; ?>" color="<? echo $TextColor; ?>"><? echo $confirmOrderMessage;?></font></th>
			</tr><tr>
			<th colspan=2 bgcolor="<? echo $headerColor; ?>"><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $titleColor; ?>"><? echo $PersonalInfoWord; ?></font></th>
			</tr><tr><td bgcolor="<? echo $rowsColor; ?>">
			<?
		if (empty($_REQUEST["name"]) and !empty($alert)) {
			?><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $titleColor; ?>"><b><? echo $NameWord; ?></b></font>
			<?
		} else {
			?><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $TextColor; ?>"><? echo $NameWord; ?></font>
			<?
		}
		print"	</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"name\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["name"];
		print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
		if (empty($_REQUEST["email"]) and !empty($alert)) {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$EmailWord</B></FONT>";
		} else {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\" COLOR=\"$TextColor\">$EmailWord</FONT>";
		}
		print "	</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"email\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["email"];
		print "\"></TD></TR><TR>
			<TD BGCOLOR=$rowsColor><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$CompanyWord</FONT></TD>
			<TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"company\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["company"];
		print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
		if (empty($_REQUEST["address"]) and !empty($alert)) {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$deliveryAddress</B></FONT>";
		} else {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$deliveryAddress</FONT>";
		}
		print "	</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"address\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["address"];
		print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
		if ((empty($_REQUEST["postcode0"])) and !empty($alert)) {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$postcode</B></FONT>";
		} else {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$postcode</FONT>";
		}
		print "	</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"postcode0\" maxlength=10 STYLE=\"font-size: 8pt\" SIZE=12 VALUE=\"".$_REQUEST["postcode0"];
		print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor>
			<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$phoneFax</FONT>
			</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"telephone\" STYLE=\"font-size: 8pt\" SIZE=14 VALUE=\"".$_REQUEST["telephone"];
		print "\"></TD></TR>";
		print "<TR><TD BGCOLOR=$rowsColor>
			<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$p_method</FONT>
			</TD><TD BGCOLOR=$rowsColor><select size='1' name='pmethod'>";
// ========================
		if ($twocheckout_active=="Yes"){
		print "<option value='2Checkout'>".$CreditCard."</option>";
		}
		if ($paystamp_active=="Yes"){
		print "<option value='Paystamp'>".$CreditCard."</option>";
		}
		if ($eway_active=="Yes"){
		print "<option value='eWay'>".$CreditCard."</option>";
		}
		if ($worldpay_active=="Yes"){
		print "<option value='WorldPay_CC'>".$CreditCard."</option>";
		print "<option value='WorldPay_DC'>Debit Card</option>";
		}
		if ($paypal_active=="Yes"){
		print "<option value='Paypal'>PayPal</option>";
		}
		if ($nochex_active=="Yes"){
		print "<option value='Nochex'>Nochex</option>";
		}
		if ($fastpay_active=="Yes"){
		print "<option value='Fastpay'>FastPay</option>";
		}
		if ($authorize_active=="Yes"){
		print "<option value='Authorize.net'>".$CreditCard."</option>";
		}
		if ($authorize_sim_active=="Yes"){
		print "<option value='Authorize_sim.net'>".$CreditCard."</option>";
		}
		if ($moneyb_active=="Yes"){
		print "<option value='MoneyBookers'>Money Bookers</option>";
		}
		if ($ematters_active=="Yes"){
		print "<option value='eMatters'>".$CreditCard."</option>";
		}
		if ($asiadebit_active=="Yes"){
		print "<option value='Asiadebit'>".$CreditCard."</option>";
		print "<option value='Asiadebit'>".$DebitCard."</option>";
		}
		if ($paysystems_active=="Yes"){
		print "<option value='Paysystems'>".$CreditCard."</option>";
		print "<option value='Paysystems'>".$DebitCard."</option>";
		}
		if ($paymate_active=="Yes"){
		print "<option value='Paymate'>Paymate</option>";
		}
		if ($ewmerchant_active=="Yes"){
		print "<option value='EWMerchant'>EW Merchant</option>";
		}
		if ($egold_active=="Yes"){
		print "<option value='E-Gold'>E-Gold</option>";
		}
		if ($net1_active=="Yes"){
		print "<option value='Net1'>".$CreditCard."</option>";
		}
		if ($securetrading_active=="Yes"){
		print "<option value='SecureTrading'>".$CreditCard."</option>";
		}
		if ($verisign_active=="Yes"){
		print "<option value='Verisign'>".$CreditCard."</option>";
		print "<option value='Verisign'>".$DebitCard."</option>";
		}
		if ($offline_active=="Yes"){
		print "<option value='Cash'>".$Cash."</option>";
		print "<option value='Cheque'>".$Check."</option>";
		}
// ========================
		print "</select>";
		print "</TD></TR>";
		print "</TD></TR>";
	if ($notes_active=="Yes"){
		print "<TR><TD BGCOLOR=$rowsColor valign=top>
			<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$NotesWord</FONT>
			</TD><TD BGCOLOR=$rowsColor>
			<textarea rows=3 name=notes cols=25>";
			print $_REQUEST["notes"];
		print "</textarea>";
		print "</TD></TR>";
	}
		print "</TABLE></CENTER>";
	}
	if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view")
		print "	<FORM ACTION=\"phpcart.php\" METHOD=\"post\" TARGET=\"_self\" NAME=\"prodForm\">
			<INPUT TYPE=\"hidden\" NAME=\"action\" VALUE=\"confirm\"> ";
	if ($_REQUEST["action"]!="submit")
		print "<CENTER><TABLE WIDTH=500 BORDER=0 ALIGN=\"center\" CELLPADDING=5 CELLSPACING=2 STYLE=\"font-family: arial; font-size: 10pt\" width=\"1\" BGCOLOR=$PgBack>
			<COL WIDTH=20 ALIGN=center>
			<COL WIDTH=100 ALIGN=center>
			<COL WIDTH=320 ALIGN=left>
			<COL WIDTH=70 ALIGN=right>
			<COL WIDTH=30 ALIGN=center>
			<COL WIDTH=80 ALIGN=right> ";
	if($_REQUEST["action"]=="add" || $_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout" || $_REQUEST["action"]=="view") {
		print "<SCRIPT LANGUAGE=\"javascript\">
			function round (n) {
				n = Math.round(n * 100) / 100;
				n = (n + 0.001) + '';
				return n.substring(0, n.indexOf('.') + 3);
			}
			function getTotalCost () {
				totalCost = 0;
				for (i = 4; i < (document.prodForm.length - 2); i += 4) {
					totalCost += parseFloat(document.prodForm[i].value);
				}
				document.prodForm.total.value = round(totalCost);
			} </SCRIPT>
			<TR BGCOLOR=\"$headerColor\" width=\"1\">
			<TH COLSPAN=2><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$IDWord</B></FONT></TH>
			<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$descriptionWord</B></FONT></TH>
			<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$productPriceWord &nbsp;</B></FONT></TH>
			<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$quantityWord</B></FONT></TH>
			<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$sumPriceWord &nbsp;</B></FONT></TH></TR> ";
		$line_no = 1;
		$tracker = 4;
		while ($data = fgetcsv ($fp, 500)) {
			$num = count ($data);
			print "	<TR BGCOLOR=$rowsColor>
				<TD><A HREF=\"phpcart.php?action=delete&id=$line_no\"><IMG SRC=\"./images/trashicon.gif\" BORDER=0 WIDTH=16 HEIGHT=16 ALT=\"Remove $data[1] from Basket?\"></A></TD>
				<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[0]</FONT></TD>
				<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[1]</FONT></TD>
				<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[2] &nbsp;</FONT></TD> ";
			if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
				print "<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[3]</FONT></TD>";
			} else {
				print "	<TD><!-- DUMMY FIELD TO FIX NETSCAPE BUG --><INPUT TYPE=\"hidden\">
					<INPUT TYPE=\"text\" NAME=\"product[$line_no]\" VALUE=\"$data[3]\" SIZE=2 STYLE=\"text-color:$TextColor;font-size:8pt;text-align:center\" onChange=\"getTotalCost();\" onLoad=\"getTotalCost();\" onClick='getTotalCost();' onMouseOver='getTotalCost();' onMouseOut='getTotalCost();' onKeyUp='getTotalCost();'></TD>";
			}
			if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view") {
				print "	<TD><!-- DUMMY FIELD TO FIX NETSCAPE BUG --><INPUT TYPE=\"hidden\">
					<INPUT TYPE=\"text\" NAME=\"\" DISABLED STYLE=\"font-size:8pt;text-align:right;
					background-color:$rowsColor;text-color:$TextColor;border-width:0;padding-right:5pt\"
					VALUE=\"".$data[2] * $data[3]."\" SIZE=8 COLOR=\"$TextColor\"></TD></TR> ";
			} else {
				print "	<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">". ($data[2] * $data[3]) ."&nbsp;</TD></TR> ";
			}
			if (! empty($no_prod) ) {
				$no_prod = $no_prod + $data[3];
			}
			$tot_pos = $tot_pos + ($data[2] * $data[3]);
			$tot_postage = $tot_postage + ($data[4]);

			$tracker += 4;
			$line_no++;
		}
		if ($line_no == 1) {
			print "	<TR BGCOLOR=$rowsColor>
				<TD COLSPAN=6 ALIGN=center><B>$emptyCart</B></TD></TR>";
		}
		$tot_pos = number_format( ($tot_pos), 2, '.', '');
		$subtotal = number_format( ($tot_pos), 2);
		$vatVal = ($tot_pos)/(100)*$salesVAT;
		$vat = number_format( ($vatVal), 2);
		$postage = number_format( ($tot_postage), 2);
		$total = number_format( ($tot_pos+$vat+$postage), 2, '.', '');
		print "	<INPUT TYPE=\"hidden\" NAME=\"rows\" VALUE=\"$row\">";
		fclose ($fp);
	}
	if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view") {
		print "	<TR BGCOLOR=$rowsColor><TD BGCOLOR=\"$PgBack\" COLSPAN=5><p align=right></TD><TD>
			<INPUT TYPE=\"text\" NAME=\"total\" DISABLED STYLE=\"font-size:8pt;text-align:right;
			background-color:$rowsColor;border-width:0;padding-right:5pt\" VALUE=\"".$data[2] * $data[3]."\" SIZE=8></TD>
			</TR><TR><TD COLSPAN=3 ALIGN=left><A HREF=\"$home\"><IMG SRC=\"./images/$backPicture\" BORDER=0></A></TD>
			<TD COLSPAN=4 ALIGN=right>\n";
			if ($line_no > 1)
				print "<INPUT TYPE=\"image\" SRC=\"./images/$orderPicture\" BORDER=0 STYLE=\"border-width: 0\" onMouseOver='getTotalCost();'>\n";
			print "</TD></TR></TABLE></CENTER></FORM> 
			<script LANGUAGE=\"javascript\">
			getTotalCost();
			</script>";
	} else if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
	 	print "	<TR>
			<TD COLSPAN=3 ALIGN=left ROWSPAN=5><CENTER><A HREF=\"?action=view\"><IMG SRC=\"./images/$viewPicture\" BORDER=0></A></CENTER><BR><B><SMALL>$extrasText</SMALL></B><BR></TD>
			<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$SubTotalWord</B></FONT></TD>
			<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$tot_pos &nbsp;</FONT></TD>
			</TR>";
	if (!empty($salesVAT)) {
		print "	<TR>
			<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$VATWord</B></FONT></TD>
			<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$vat &nbsp;</FONT></TD>
			</TR>";
	} else {
	 	print " ";
	}
	if (!empty($PostalAmount)) {
		print "	<TR>
			<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$PostageWord</B></FONT></TD>
	        	<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$postage &nbsp;</FONT></TD>
	        	</TR>";
	} else {
	 	print " ";
	}
	 	print "	<TR>
		        <TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$TotalSumWord</B></FONT></TD>
			<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$total &nbsp;</FONT></TD>
			</TR><TR>
			<TD COLSPAN=3 ALIGN=center BGCOLOR=$rowsColor><INPUT TYPE=\"submit\" STYLE=\"font-family: $font; font-weight: bold; padding: 2pt\" VALUE=\"$orderButtonText\"></TD>
			</TR></FORM><TR><TD HEIGHT=20></TD></TR></TABLE></CENTER>";
	}
}
$method = "Payment Method:\n";
$pmethod0 = $_REQUEST["pmethod"]."\n";
$line1 = " ----------------------------------------------\n";
$SP0 = "\n";
	// Submit order
	if ($_REQUEST["action"]=="submit") {
		$order_no = (substr(uniqid (""), 2, 7));
		$order_id = strtoupper($order_no);

		$fp = fopen ("./sessions/".$sessionid.".dat", "r");
		$row = 1;
		while ($data = fgetcsv ($fp, 500)) {
			$new_data[$row] = " ----------------------------------------------\n";
			$row++;
			$new_data[$row] = $data[0]."    ".$data[1]."\n";
			$row++;
			$new_data[$row] = $data[3]." qty at $currency".$data[2]."    =    $currency".$data[2] * $data[3]."\n";
			$row++;
			if (! empty($no_prod) ) {
				$no_prod = $no_prod + $data[3];
			}
			$tot_pos = $tot_pos + ($data[2] * $data[3]);
			$tot_postage = $tot_postage + ($data[4]);
		}
		$tot_pos = number_format( ($tot_pos), 2, '.', '');
		$subtotal = number_format( ($tot_pos), 2);
		$vatVal = ($tot_pos)/(100)*$salesVAT;
		$vat = number_format( ($vatVal), 2);
		$postage = number_format( ($tot_postage), 2);
		$total = number_format( ($tot_pos+$vat+$postage), 2, '.', '');
		fclose ($fp);
		if (!empty($new_data))
			$new_data_insert = implode ("<BR>", $new_data);

// Send email to admin
$message = "<html>\n";
$message .= "<head>\n";
$message .= "<title>Order</title>\n";
$message .= "</head>\n";
$message .="<body>\n";

$message .= "<font face=Verdana size=2>\n";
$message .= " --------------------------------------- <BR>\n";
$message .= "<B>$companyName</B><BR>\n";
$message .= "Web Order Summary<BR>\n";
$message .= "Date: $senddate<BR>\n";
$message .= "Order ID: $order_id<BR>\n";
$message .= " --------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Summary</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "<b>Name:</b> $name<BR>\n";
$message .= "<b>E-mail:</b> <a href=mailto:$email>$email</a><BR>\n";
$message .= "<BR>\n";
$message .= "<b>Postal Address:</b><BR>\n";
$message .= "$address<BR>\n";
$message .= "$postcode0<BR>\n";
$message .= "<BR>\n";
$message .= "<b>Telephone:</b> $telephone<BR>\n";
$message .= "<BR>\n";
$message .= "<b>$CompanyWord:</b> $company<BR>\n";
$message .= "<BR>\n";
if (!empty($_REQUEST["notes"])) {
$message .= "<B>Order Notes:</B><BR>".$_REQUEST["notes"]."<BR>\n";
}
$message .= "<BR>\n";
$message .= "$new_data_insert<BR>\n";
$message .= " -------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Sub Total = $currency$subtotal<BR>\n";
if (!empty($salesVAT)) {
$message .= "";
} else {
$message .= "Sales Tax = $currency$vat<BR>\n";
}
if (!empty($PostalAmount)) {
$message .= "";
} else {
$message .= "Post & Packaging = $currency$postage<BR>\n";
}
$message .= "Total = $currency$total<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Information</B><BR>\n";
$message .= "$method $pmethod0<BR>\n";
$message .= "<BR>\n";
$message .= "$CustomerHasReceipt<BR>\n";
$message .= "</font>\n";
$message .= "</body>\n";
$message .= "</html>\n";

$eol = "\r\n";
$headers  = "MIME-Version: 1.0$eol";
$headers .= "Content-type: text/html; charset=iso-8859-1$eol";
$headers .= "From:  $name <$email>$eol";

mail($salesEmail, "Web Order Confirmation - Order ID: $order_id", $message, $headers);

// Send email to customer
$message = "<html>\n";
$message .= "<head>\n";
$message .= "<title>Order</title>\n";
$message .= "</head>\n";
$message .="<body>\n";
$message .= "<font face=Verdana size=2>\n";
$message .= " --------------------------------------------- <BR>\n";
$message .= "<B>$companyName</B><BR>\n";
$message .= "Web Order Summary<BR>\n";
$message .= "Date: $senddate<BR>\n";
$message .= "Order ID: $order_id<BR>\n";
$message .= " --------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Dear Customer,<BR>\n";
$message .= "<BR>\n";
$message .= "Thank you very much for ordering your goods from $companyName. A summary of your order can be found below.";
$message .= "<BR><BR>\n";

$message .= "<B>Order Summary</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "<b>Name:</b> $name<BR>\n";
$message .= "<b>E-mail:</b> <a href=mailto:$email>$email</a><BR>\n";
$message .= "<BR>\n";
$message .= "<b>Postal Address:</b><BR>\n";
$message .= "$address<BR>\n";
$message .= "$postcode0<BR>\n";
$message .= "<BR>\n";
$message .= "<b>Telephone:</b> $telephone<BR>\n";
$message .= "<BR>\n";
$message .= "$new_data_insert<BR>\n";
$message .= " -------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Sub Total = $currency$subtotal<BR>\n";
if (!empty($salesVAT)) {
$message .= "";
} else {
$message .= "Sales Tax = $currency$vat<BR>\n";
}
if (!empty($PostalAmount)) {
$message .= "";
} else {
$message .= "Post & Packaging = $currency$postage<BR>\n";
}
$message .= "Total = $currency$total<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Information</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "Your order will be shipped as soon as payment has been received.";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "If you have any problems or questions, please contact us by <a href=mailto:$salesEmail?subject=Order%20ID%20-%20$order_id%20>clicking here</a>.";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "Thank you,<BR>\n";
$message .= "The $companyName Team<BR>\n";
$message .= "</font>\n";
$message .= "</body>\n";
$message .= "</html>\n";

$headers  = "MIME-Version: 1.0$eol";
$headers .= "Content-type: text/html; charset=iso-8859-1$eol";
$headers .= "From:  $companyName <$salesEmail>$eol";

mail($email, "Web Order Confirmation - Order ID: $order_id", $message, $headers);


// THIS PART MAKES IT WRITE TO THE ORDER FOLDER

if ($enableCopy == Activate) {
	if (!empty($new_data))
		$new_data_insert = implode ("\n", $new_data);
$file = fopen ("orders/$order_id.txt", "w");
if (!$file) {
    echo "<p>Unable to open remote file for writing. Please make sure 'orders' Folder is chmod to 777\n";
    exit;
}
/* Write the data here. */
fputs ($file, "IP: $ip
Date: $senddate
Time: $sendtime

$NameWord: $name
$CompanyWord: $company
$EmailWord: $email
$AddressWord: $address
$postcode: $postcode0

$PhoneWord: $telephone


$new_data_insert
-----------------------------------------------------------
Order Notes:
$notes

$SubTotalWord  =  $currency$subtotal
$PostageWord  =  $currency$postage
$TotalSumWord  =  $currency$total

$line1$SP0$method $pmethod0 $SP0$line1


$ThisOrderHasRef: $order_id
$CustomerHasReceipt\n");
fclose ($file);
}
	// Payment Processor Section - Which ever processors you have setup will now be sent for
	switch ($_REQUEST["pmethod"]){
		case "Nochex" : include ("processor/nochex.inc.php"); break;
		case "2Checkout" : include ("processor/2checkout.inc.php"); break;
		case "Paystamp" : include ("processor/paystamp.inc.php"); break;
		case "eWay" : include ("processor/eway.inc.php"); break;
		case "Paypal" : include ("processor/paypal.inc.php"); break;
		case "WorldPay_CC" : 
		case "WorldPay_DC" : include ("processor/worldpay.inc.php"); break;
		case "Authorize.net" : include ("processor/authorize.inc.php"); break;
		case "Authorize_sim.net" : include ("processor/authorize-sim.inc.php"); break;
		case "MoneyBookers" : include ("processor/moneybookers.inc.php"); break;
		case "eMatters" : include ("processor/ematters.inc.php"); break;
		case "Fastpay" : include ("processor/fastpay.inc.php"); break;
		case "Asiadebit" : include ("processor/asiadebit.inc.php"); break;
		case "Paysystems" : include ("processor/paysystems.inc.php"); break;
		case "Paymate" : include ("processor/paymate.inc.php"); break;
		case "EWMerchant" : include ("processor/ewmerchant.inc.php"); break;
		case "E-Gold" : include ("processor/egold.inc.php"); break;
		case "Net1" : include ("processor/net1.inc.php"); break;
		case "SecureTrading" : include ("processor/securetrading.inc.php"); break;
		case "Verisign" : include ("processor/verisign.inc.php"); break;
		case "Cash" : 
		case "Cheque" : include ("processor/offline.inc.php"); break;
	}
	unlink("./sessions/".$sessionid.".dat");
}
print "</td></tr></table>";
print "</center>";
print "</div>";
print "</div>";
print "</td>";
print "</tr>";
print "</table>";
print "</center>";
include ("./admin/footer.inc.php"); ?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

GRRRRRRRRR

Post by Mordred »

Missing semicolon on line 5276.
sojos
Forum Newbie
Posts: 5
Joined: Mon Sep 25, 2006 4:42 pm

Post by sojos »

You use rawurlencode() to prepare your parameters for the redirect. This adds the %40 to the refresh url which is right. But your rawurlencode() also affects the email address used in the mail() function and thats wrong.
advisual
Forum Newbie
Posts: 4
Joined: Wed Apr 19, 2006 3:56 pm

Post by advisual »

sojos wrote:You use rawurlencode() to prepare your parameters for the redirect. This adds the %40 to the refresh url which is right. But your rawurlencode() also affects the email address used in the mail() function and thats wrong.
Hi,

Thans for the response. I am somewhat of a newbie. How would I add the changes to correct the problem and where?

Thanks
sojos
Forum Newbie
Posts: 5
Joined: Mon Sep 25, 2006 4:42 pm

Post by sojos »

I have removed all rawurlencode() functions and added it again further below. I hope it works but I can't review the whole code and I can't test it.

Code: Select all

<?php
include ("./processor/index.php");
include ("./admin/payment_1.php");
include ("./admin/configuration_1.php");
include ("./localization/".$language.".php");

// Time generator
$timestamp = time();
$hoursdiff = $zone;
$hoursdiff = $hoursdiff * 3600;
$timestamp = $timestamp - $hoursdiff;
$sendtime = date("h:iA", $timestamp);
$senddate = date("m/d/y");
$ip = getenv("REMOTE_ADDR");

session_start();
$sessionid = $_SESSION["sessionid"];
if ($sessionid == ""){
$sessionid = md5 (uniqid(rand()));
session_register(sessionid);
}

// Check referring domain
if ($referers){
$referers = explode(" ", $referers);
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++){
if (ereg ($referers[$x], $referer)) {
$found = true;
}
}
if (!$found && !empty($referer)){
include ("./admin/header.inc.php");
?>
<center>
<table border="0" cellpadding="1" cellspacing="1" width="160">
<tr>
<td>
<div style="padding:6px">
<center><table cellpadding="0" cellspacing="3" border="0" width="160">
<tr><td><p align="center">
<center><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color=<? echo $TextColor; ?>"><p><b><? echo $DomainError; ?> - <? echo $referrer; ?></b></p></font></center>
</td></tr></table>
</div>
</td>
</tr>
</table>
</center>
<?
include ("./admin/footer.inc.php");
exit();
}
}
// Check all fields have been filled out before submitting order
if ( $_REQUEST["action"] == "submit" ) {
$name = $_REQUEST["name"];
$email = $_REQUEST["email"];
$company = $_REQUEST["company"];
$address = $_REQUEST["address"];
$postcode0 = $_REQUEST["postcode0"];
$telephone = $_REQUEST["telephone"];
if (empty($_REQUEST["name"]) or empty($_REQUEST["email"]) or empty($_REQUEST["address"]) or empty($_REQUEST["postcode0"])) {
header("Refresh: 0;url=phpcart.php?action=confirm&name=".rawurlencode($name). "&email=".rawurlencode($email)."&company=".rawurlencode($company). "&address=".rawurlencode($address)."&postcode0=".rawurlencode($postcode0). "&telephone=".rawurlencode($telephone)."&alert=1");
exit();
} else {
header("Refresh: 150000;url=$home");
}
}

// Include html header
include ("./admin/header.inc.php");
?>
<center>
<table border="0" cellpadding="1" cellspacing="1" width="160">
<tr>
<td>
<div style="padding:6px">
<div align="center">
<center><table cellpadding="0" cellspacing="3" border="0" width="160">
<tr><td><p align="center">
<?

if ($_REQUEST["action"]) {

// Create session file
if (!file_exists("./sessions/".$sessionid.".dat"))
copy("./sessions/empty", "./sessions/".$sessionid.".dat");

// Add product to cart
if ($_REQUEST["action"]=="add") {
$row = 1;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
while ($data = fgetcsv ($fp, 500)) {
$row++;
if ($data[0] == $_REQUEST["id"] && $noduplicates = "Y") {
?>
<center><font size="<? echo $fontSize+1; ?>" face="<? echo $font; ?>" color="<? echo $TextColor; ?>"><b><? echo $ProductInBasket; ?></b></font></center>
<?
break;
}
}
if($data[0]!=$_REQUEST["id"]) { // we must have reached the end of the file
if (!$_REQUEST["option1"]) {
$option_print = "";
} else {
$option_print = "- ".$_REQUEST["option1"]." ".$_REQUEST["option2"]." ".$_REQUEST["option3"];
}
$descr_option = $_REQUEST["descr"]." $option_print";
fputs($fp,$_REQUEST["id"].",".$descr_option.",".$_REQUEST["price"].",".$_REQUEST["quantity"].",".$_REQUEST["postage"]."\n");
}
fclose($fp);
}

// Clear all shopping cart contents
if ($_REQUEST["action"]=="clear") {
$fp = fopen ("./sessions/".$sessionid.".dat", "w");
fclose($fp);
$_REQUEST["action"]="add";
}

// Delete product from cart
if ($_REQUEST["action"]=="delete") {
$row = 1;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
while ($data = fgetcsv ($fp, 500)) {
if ($_REQUEST["id"]==$row) {
$row++;
continue;
} else {
$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$data[3].",".$data[4];
$row++;
}
}
fclose ($fp);
$fp = fopen ("./sessions/".$sessionid.".dat", "w");
if (!empty($new_data)) {
$new_data_insert = implode ("\n", $new_data);
fputs($fp, $new_data_insert."\n");
}
fclose($fp);
$_REQUEST["action"]="view";
}

// Recalculate cart-contents
if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
$theproduct = $_REQUEST["product"];
$row = 1;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
while ($data = fgetcsv ($fp, 500)) {
if (!empty($theproduct)) {
if ($theproduct[$row] == "0" || empty($theproduct[$row])) {
$row++;
continue;
} else {
$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$theproduct[$row].",".$data[4];
$row++;
}
}
}
fclose ($fp);

if (!empty($new_data)) {
$new_data_insert = implode ("\n", $new_data);
$fp = fopen ("./sessions/".$sessionid.".dat", "w");
fputs($fp, $new_data_insert."\n");
fclose ($fp);
}
}

// Print basket contents
$tot_pos = 0;
$tot_postage = $PostalAmount;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
?>
<center>
<form action="phpcart.php" method="post" target="_self">
<input type="hidden" name="action" value="submit">
<table border=1 cellspacing=0 width=553 bordercolor=#000000>
<tr>
<td align=center bgcolor=#FFFFFF width=543>
<p align=center>
<font face=Arial color=#FF0000 size=2>
<b><? echo $confirmNote; ?>:</b></font>
<font face=Arial color=#000080 size=2><? echo $Note; ?></font></p>
</td>
</tr>
</table>
<table width=500 align=center border=0 cellpadding=5 cellspacing=2>
<col width=200 align=left><col width=400 align=left><tr>
<th colspan=2 bgcolor="<? echo $PgBack; ?>"><font face="<? echo $font; ?>" size="<? echo $fontSize + 1; ?>" color="<? echo $TextColor; ?>"><? echo $confirmOrderMessage;?></font></th>
</tr><tr>
<th colspan=2 bgcolor="<? echo $headerColor; ?>"><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $titleColor; ?>"><? echo $PersonalInfoWord; ?></font></th>
</tr><tr><td bgcolor="<? echo $rowsColor; ?>">
<?
if (empty($_REQUEST["name"]) and !empty($alert)) {
?><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $titleColor; ?>"><b><? echo $NameWord; ?></b></font>
<?
} else {
?><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $TextColor; ?>"><? echo $NameWord; ?></font>
<?
}
print" </TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"name\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["name"];
print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
if (empty($_REQUEST["email"]) and !empty($alert)) {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$EmailWord</B></FONT>";
} else {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\" COLOR=\"$TextColor\">$EmailWord</FONT>";
}
print " </TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"email\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["email"];
print "\"></TD></TR><TR>
<TD BGCOLOR=$rowsColor><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$CompanyWord</FONT></TD>
<TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"company\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["company"];
print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
if (empty($_REQUEST["address"]) and !empty($alert)) {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$deliveryAddress</B></FONT>";
} else {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$deliveryAddress</FONT>";
}
print " </TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"address\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["address"];
print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
if ((empty($_REQUEST["postcode0"])) and !empty($alert)) {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$postcode</B></FONT>";
} else {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$postcode</FONT>";
}
print " </TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"postcode0\" maxlength=10 STYLE=\"font-size: 8pt\" SIZE=12 VALUE=\"".$_REQUEST["postcode0"];
print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor>
<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$phoneFax</FONT>
</TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"telephone\" STYLE=\"font-size: 8pt\" SIZE=14 VALUE=\"".$_REQUEST["telephone"];
print "\"></TD></TR>";
print "<TR><TD BGCOLOR=$rowsColor>
<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$p_method</FONT>
</TD><TD BGCOLOR=$rowsColor><select size='1' name='pmethod'>";
// ========================
if ($twocheckout_active=="Yes"){
print "<option value='2Checkout'>".$CreditCard."</option>";
}
if ($paystamp_active=="Yes"){
print "<option value='Paystamp'>".$CreditCard."</option>";
}
if ($eway_active=="Yes"){
print "<option value='eWay'>".$CreditCard."</option>";
}
if ($worldpay_active=="Yes"){
print "<option value='WorldPay_CC'>".$CreditCard."</option>";
print "<option value='WorldPay_DC'>Debit Card</option>";
}
if ($paypal_active=="Yes"){
print "<option value='Paypal'>PayPal</option>";
}
if ($nochex_active=="Yes"){
print "<option value='Nochex'>Nochex</option>";
}
if ($fastpay_active=="Yes"){
print "<option value='Fastpay'>FastPay</option>";
}
if ($authorize_active=="Yes"){
print "<option value='Authorize.net'>".$CreditCard."</option>";
}
if ($authorize_sim_active=="Yes"){
print "<option value='Authorize_sim.net'>".$CreditCard."</option>";
}
if ($moneyb_active=="Yes"){
print "<option value='MoneyBookers'>Money Bookers</option>";
}
if ($ematters_active=="Yes"){
print "<option value='eMatters'>".$CreditCard."</option>";
}
if ($asiadebit_active=="Yes"){
print "<option value='Asiadebit'>".$CreditCard."</option>";
print "<option value='Asiadebit'>".$DebitCard."</option>";
}
if ($paysystems_active=="Yes"){
print "<option value='Paysystems'>".$CreditCard."</option>";
print "<option value='Paysystems'>".$DebitCard."</option>";
}
if ($paymate_active=="Yes"){
print "<option value='Paymate'>Paymate</option>";
}
if ($ewmerchant_active=="Yes"){
print "<option value='EWMerchant'>EW Merchant</option>";
}
if ($egold_active=="Yes"){
print "<option value='E-Gold'>E-Gold</option>";
}
if ($net1_active=="Yes"){
print "<option value='Net1'>".$CreditCard."</option>";
}
if ($securetrading_active=="Yes"){
print "<option value='SecureTrading'>".$CreditCard."</option>";
}
if ($verisign_active=="Yes"){
print "<option value='Verisign'>".$CreditCard."</option>";
print "<option value='Verisign'>".$DebitCard."</option>";
}
if ($offline_active=="Yes"){
print "<option value='Cash'>".$Cash."</option>";
print "<option value='Cheque'>".$Check."</option>";
}
// ========================
print "</select>";
print "</TD></TR>";
print "</TD></TR>";
if ($notes_active=="Yes"){
print "<TR><TD BGCOLOR=$rowsColor valign=top>
<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$NotesWord</FONT>
</TD><TD BGCOLOR=$rowsColor>
<textarea rows=3 name=notes cols=25>";
print $_REQUEST["notes"];
print "</textarea>";
print "</TD></TR>";
}
print "</TABLE></CENTER>";
}
if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view")
print " <FORM ACTION=\"phpcart.php\" METHOD=\"post\" TARGET=\"_self\" NAME=\"prodForm\">
<INPUT TYPE=\"hidden\" NAME=\"action\" VALUE=\"confirm\"> ";
if ($_REQUEST["action"]!="submit")
print "<CENTER><TABLE WIDTH=500 BORDER=0 ALIGN=\"center\" CELLPADDING=5 CELLSPACING=2 STYLE=\"font-family: arial; font-size: 10pt\" width=\"1\" BGCOLOR=$PgBack>
<COL WIDTH=20 ALIGN=center>
<COL WIDTH=100 ALIGN=center>
<COL WIDTH=320 ALIGN=left>
<COL WIDTH=70 ALIGN=right>
<COL WIDTH=30 ALIGN=center>
<COL WIDTH=80 ALIGN=right> ";
if($_REQUEST["action"]=="add" || $_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout" || $_REQUEST["action"]=="view") {
print "<SCRIPT LANGUAGE=\"javascript\">
function round (n) {
n = Math.round(n * 100) / 100;
n = (n + 0.001) + '';
return n.substring(0, n.indexOf('.') + 3);
}
function getTotalCost () {
totalCost = 0;
for (i = 4; i < (document.prodForm.length - 2); i += 4) {
totalCost += parseFloat(document.prodForm[i].value);
}
document.prodForm.total.value = round(totalCost);
} </SCRIPT>
<TR BGCOLOR=\"$headerColor\" width=\"1\">
<TH COLSPAN=2><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$IDWord</B></FONT></TH>
<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$descriptionWord</B></FONT></TH>
<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$productPriceWord &nbsp;</B></FONT></TH>
<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$quantityWord</B></FONT></TH>
<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$sumPriceWord &nbsp;</B></FONT></TH></TR> ";
$line_no = 1;
$tracker = 4;
while ($data = fgetcsv ($fp, 500)) {
$num = count ($data);
print " <TR BGCOLOR=$rowsColor>
<TD><A HREF=\"phpcart.php?action=delete&id=$line_no\"><IMG SRC=\"./images/trashicon.gif\" BORDER=0 WIDTH=16 HEIGHT=16 ALT=\"Remove $data[1] from Basket?\"></A></TD>
<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[0]</FONT></TD>
<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[1]</FONT></TD>
<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[2] &nbsp;</FONT></TD> ";
if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
print "<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[3]</FONT></TD>";
} else {
print " <TD><!-- DUMMY FIELD TO FIX NETSCAPE BUG --><INPUT TYPE=\"hidden\">
<INPUT TYPE=\"text\" NAME=\"product[$line_no]\" VALUE=\"$data[3]\" SIZE=2 STYLE=\"text-color:$TextColor;font-size:8pt;text-align:center\" onChange=\"getTotalCost();\" onLoad=\"getTotalCost();\" onClick='getTotalCost();' onMouseOver='getTotalCost();' onMouseOut='getTotalCost();' onKeyUp='getTotalCost();'></TD>";
}
if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view") {
print " <TD><!-- DUMMY FIELD TO FIX NETSCAPE BUG --><INPUT TYPE=\"hidden\">
<INPUT TYPE=\"text\" NAME=\"\" DISABLED STYLE=\"font-size:8pt;text-align:right;
background-color:$rowsColor;text-color:$TextColor;border-width:0;padding-right:5pt\"
VALUE=\"".$data[2] * $data[3]."\" SIZE=8 COLOR=\"$TextColor\"></TD></TR> ";
} else {
print " <TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">". ($data[2] * $data[3]) ."&nbsp;</TD></TR> ";
}
if (! empty($no_prod) ) {
$no_prod = $no_prod + $data[3];
}
$tot_pos = $tot_pos + ($data[2] * $data[3]);
$tot_postage = $tot_postage + ($data[4]);

$tracker += 4;
$line_no++;
}
if ($line_no == 1) {
print " <TR BGCOLOR=$rowsColor>
<TD COLSPAN=6 ALIGN=center><B>$emptyCart</B></TD></TR>";
}
$tot_pos = number_format( ($tot_pos), 2, '.', '');
$subtotal = number_format( ($tot_pos), 2);
$vatVal = ($tot_pos)/(100)*$salesVAT;
$vat = number_format( ($vatVal), 2);
$postage = number_format( ($tot_postage), 2);
$total = number_format( ($tot_pos+$vat+$postage), 2, '.', '');
print " <INPUT TYPE=\"hidden\" NAME=\"rows\" VALUE=\"$row\">";
fclose ($fp);
}
if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view") {
print " <TR BGCOLOR=$rowsColor><TD BGCOLOR=\"$PgBack\" COLSPAN=5><p align=right></TD><TD>
<INPUT TYPE=\"text\" NAME=\"total\" DISABLED STYLE=\"font-size:8pt;text-align:right;
background-color:$rowsColor;border-width:0;padding-right:5pt\" VALUE=\"".$data[2] * $data[3]."\" SIZE=8></TD>
</TR><TR><TD COLSPAN=3 ALIGN=left><A HREF=\"$home\"><IMG SRC=\"./images/$backPicture\" BORDER=0></A></TD>
<TD COLSPAN=4 ALIGN=right>\n";
if ($line_no > 1)
print "<INPUT TYPE=\"image\" SRC=\"./images/$orderPicture\" BORDER=0 STYLE=\"border-width: 0\" onMouseOver='getTotalCost();'>\n";
print "</TD></TR></TABLE></CENTER></FORM>
<script LANGUAGE=\"javascript\">
getTotalCost();
</script>";
} else if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
print " <TR>
<TD COLSPAN=3 ALIGN=left ROWSPAN=5><CENTER><A HREF=\"?action=view\"><IMG SRC=\"./images/$viewPicture\" BORDER=0></A></CENTER><BR><B><SMALL>$extrasText</SMALL></B><BR></TD>
<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$SubTotalWord</B></FONT></TD>
<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$tot_pos &nbsp;</FONT></TD>
</TR>";
if (!empty($salesVAT)) {
print " <TR>
<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$VATWord</B></FONT></TD>
<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$vat &nbsp;</FONT></TD>
</TR>";
} else {
print " ";
}
if (!empty($PostalAmount)) {
print " <TR>
<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$PostageWord</B></FONT></TD>
<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$postage &nbsp;</FONT></TD>
</TR>";
} else {
print " ";
}
print " <TR>
<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$TotalSumWord</B></FONT></TD>
<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$total &nbsp;</FONT></TD>
</TR><TR>
<TD COLSPAN=3 ALIGN=center BGCOLOR=$rowsColor><INPUT TYPE=\"submit\" STYLE=\"font-family: $font; font-weight: bold; padding: 2pt\" VALUE=\"$orderButtonText\"></TD>
</TR></FORM><TR><TD HEIGHT=20></TD></TR></TABLE></CENTER>";
}
}
$method = "Payment Method:\n";
$pmethod0 = $_REQUEST["pmethod"]."\n";
$line1 = " ----------------------------------------------\n";
$SP0 = "\n";
// Submit order
if ($_REQUEST["action"]=="submit") {
$order_no = (substr(uniqid (""), 2, 7));
$order_id = strtoupper($order_no);

$fp = fopen ("./sessions/".$sessionid.".dat", "r");
$row = 1;
while ($data = fgetcsv ($fp, 500)) {
$new_data[$row] = " ----------------------------------------------\n";
$row++;
$new_data[$row] = $data[0]." ".$data[1]."\n";
$row++;
$new_data[$row] = $data[3]." qty at $currency".$data[2]." = $currency".$data[2] * $data[3]."\n";
$row++;
if (! empty($no_prod) ) {
$no_prod = $no_prod + $data[3];
}
$tot_pos = $tot_pos + ($data[2] * $data[3]);
$tot_postage = $tot_postage + ($data[4]);
}
$tot_pos = number_format( ($tot_pos), 2, '.', '');
$subtotal = number_format( ($tot_pos), 2);
$vatVal = ($tot_pos)/(100)*$salesVAT;
$vat = number_format( ($vatVal), 2);
$postage = number_format( ($tot_postage), 2);
$total = number_format( ($tot_pos+$vat+$postage), 2, '.', '');
fclose ($fp);
if (!empty($new_data))
$new_data_insert = implode ("<BR>", $new_data);

// Send email to admin
$message = "<html>\n";
$message .= "<head>\n";
$message .= "<title>Order</title>\n";
$message .= "</head>\n";
$message .="<body>\n";

$message .= "<font face=Verdana size=2>\n";
$message .= " --------------------------------------- <BR>\n";
$message .= "<B>$companyName</B><BR>\n";
$message .= "Web Order Summary<BR>\n";
$message .= "Date: $senddate<BR>\n";
$message .= "Order ID: $order_id<BR>\n";
$message .= " --------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Summary</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "<b>Name:</b> $name<BR>\n";
$message .= "<b>E-mail:</b> <a href=mailto:$email>$email</a><BR>\n";
$message .= "<BR>\n";
$message .= "<b>Postal Address:</b><BR>\n";
$message .= "$address<BR>\n";
$message .= "$postcode0<BR>\n";
$message .= "<BR>\n";
$message .= "<b>Telephone:</b> $telephone<BR>\n";
$message .= "<BR>\n";
$message .= "<b>$CompanyWord:</b> $company<BR>\n";
$message .= "<BR>\n";
if (!empty($_REQUEST["notes"])) {
$message .= "<B>Order Notes:</B><BR>".$_REQUEST["notes"]."<BR>\n";
}
$message .= "<BR>\n";
$message .= "$new_data_insert<BR>\n";
$message .= " -------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Sub Total = $currency$subtotal<BR>\n";
if (!empty($salesVAT)) {
$message .= "";
} else {
$message .= "Sales Tax = $currency$vat<BR>\n";
}
if (!empty($PostalAmount)) {
$message .= "";
} else {
$message .= "Post & Packaging = $currency$postage<BR>\n";
}
$message .= "Total = $currency$total<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Information</B><BR>\n";
$message .= "$method $pmethod0<BR>\n";
$message .= "<BR>\n";
$message .= "$CustomerHasReceipt<BR>\n";
$message .= "</font>\n";
$message .= "</body>\n";
$message .= "</html>\n";

$eol = "\r\n";
$headers = "MIME-Version: 1.0$eol";
$headers .= "Content-type: text/html; charset=iso-8859-1$eol";
$headers .= "From: $name <$email>$eol";

mail($salesEmail, "Web Order Confirmation - Order ID: $order_id", $message, $headers);

// Send email to customer
$message = "<html>\n";
$message .= "<head>\n";
$message .= "<title>Order</title>\n";
$message .= "</head>\n";
$message .="<body>\n";
$message .= "<font face=Verdana size=2>\n";
$message .= " --------------------------------------------- <BR>\n";
$message .= "<B>$companyName</B><BR>\n";
$message .= "Web Order Summary<BR>\n";
$message .= "Date: $senddate<BR>\n";
$message .= "Order ID: $order_id<BR>\n";
$message .= " --------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Dear Customer,<BR>\n";
$message .= "<BR>\n";
$message .= "Thank you very much for ordering your goods from $companyName. A summary of your order can be found below.";
$message .= "<BR><BR>\n";

$message .= "<B>Order Summary</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "<b>Name:</b> $name<BR>\n";
$message .= "<b>E-mail:</b> <a href=mailto:$email>$email</a><BR>\n";
$message .= "<BR>\n";
$message .= "<b>Postal Address:</b><BR>\n";
$message .= "$address<BR>\n";
$message .= "$postcode0<BR>\n";
$message .= "<BR>\n";
$message .= "<b>Telephone:</b> $telephone<BR>\n";
$message .= "<BR>\n";
$message .= "$new_data_insert<BR>\n";
$message .= " -------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Sub Total = $currency$subtotal<BR>\n";
if (!empty($salesVAT)) {
$message .= "";
} else {
$message .= "Sales Tax = $currency$vat<BR>\n";
}
if (!empty($PostalAmount)) {
$message .= "";
} else {
$message .= "Post & Packaging = $currency$postage<BR>\n";
}
$message .= "Total = $currency$total<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Information</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "Your order will be shipped as soon as payment has been received.";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "If you have any problems or questions, please contact us by <a href=mailto:$salesEmail?subject=Order%20ID%20-%20$order_id%20>clicking here</a>.";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "Thank you,<BR>\n";
$message .= "The $companyName Team<BR>\n";
$message .= "</font>\n";
$message .= "</body>\n";
$message .= "</html>\n";

$headers = "MIME-Version: 1.0$eol";
$headers .= "Content-type: text/html; charset=iso-8859-1$eol";
$headers .= "From: $companyName <$salesEmail>$eol";

mail($email, "Web Order Confirmation - Order ID: $order_id", $message, $headers);


// THIS PART MAKES IT WRITE TO THE ORDER FOLDER

if ($enableCopy == Activate) {
if (!empty($new_data))
$new_data_insert = implode ("\n", $new_data);
$file = fopen ("orders/$order_id.txt", "w");
if (!$file) {
echo "<p>Unable to open remote file for writing. Please make sure 'orders' Folder is chmod to 777\n";
exit;
}
/* Write the data here. */
fputs ($file, "IP: $ip
Date: $senddate
Time: $sendtime

$NameWord: $name
$CompanyWord: $company
$EmailWord: $email
$AddressWord: $address
$postcode: $postcode0

$PhoneWord: $telephone


$new_data_insert
-----------------------------------------------------------
Order Notes:
$notes

$SubTotalWord = $currency$subtotal
$PostageWord = $currency$postage
$TotalSumWord = $currency$total

$line1$SP0$method $pmethod0 $SP0$line1


$ThisOrderHasRef: $order_id
$CustomerHasReceipt\n");
fclose ($file);
}
// Payment Processor Section - Which ever processors you have setup will now be sent for
switch ($_REQUEST["pmethod"]){
case "Nochex" : include ("processor/nochex.inc.php"); break;
case "2Checkout" : include ("processor/2checkout.inc.php"); break;
case "Paystamp" : include ("processor/paystamp.inc.php"); break;
case "eWay" : include ("processor/eway.inc.php"); break;
case "Paypal" : include ("processor/paypal.inc.php"); break;
case "WorldPay_CC" :
case "WorldPay_DC" : include ("processor/worldpay.inc.php"); break;
case "Authorize.net" : include ("processor/authorize.inc.php"); break;
case "Authorize_sim.net" : include ("processor/authorize-sim.inc.php"); break;
case "MoneyBookers" : include ("processor/moneybookers.inc.php"); break;
case "eMatters" : include ("processor/ematters.inc.php"); break;
case "Fastpay" : include ("processor/fastpay.inc.php"); break;
case "Asiadebit" : include ("processor/asiadebit.inc.php"); break;
case "Paysystems" : include ("processor/paysystems.inc.php"); break;
case "Paymate" : include ("processor/paymate.inc.php"); break;
case "EWMerchant" : include ("processor/ewmerchant.inc.php"); break;
case "E-Gold" : include ("processor/egold.inc.php"); break;
case "Net1" : include ("processor/net1.inc.php"); break;
case "SecureTrading" : include ("processor/securetrading.inc.php"); break;
case "Verisign" : include ("processor/verisign.inc.php"); break;
case "Cash" :
case "Cheque" : include ("processor/offline.inc.php"); break;
}
unlink("./sessions/".$sessionid.".dat");
}
print "</td></tr></table>";
print "</center>";
print "</div>";
print "</div>";
print "</td>";
print "</tr>";
print "</table>";
print "</center>";
include ("./admin/footer.inc.php"); ?>
superdez
Forum Commoner
Posts: 33
Joined: Tue Jul 03, 2007 1:36 pm

Post by superdez »

The following code has what seems to be an undefined global variable:

Code: Select all

$_REQUEST["product"]
What is the use of this and how can this be rewritten so as not to use an undefined global variable since any user could input a value for that variable.


Code: Select all

// Recalculate cart-contents
if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
$theproduct = $_REQUEST["product"];
$row = 1;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
while ($data = fgetcsv ($fp, 500)) {
if (!empty($theproduct)) {
if ($theproduct[$row] == "0" || empty($theproduct[$row])) {
$row++;
continue;
} else {
$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$theproduct[$row].",".$data[4];
$row++;
}
}
}
fclose ($fp);

if (!empty($new_data)) {
$new_data_insert = implode ("\n", $new_data);
$fp = fopen ("./sessions/".$sessionid.".dat", "w");
fputs($fp, $new_data_insert."\n");
fclose ($fp);
}
}
laxman
Forum Newbie
Posts: 3
Joined: Wed Dec 19, 2007 10:59 pm

SPAM PROBLEM

Post by laxman »

I am getting lot's of spam mail problem please let me know how to stop spam email from my website.


Laxman Bhattarai
santos.john
Forum Newbie
Posts: 1
Joined: Sat Dec 29, 2007 4:30 am

Re: SPAM PROBLEM

Post by santos.john »

laxman wrote:I am getting lot's of spam mail problem please let me know how to stop spam email from my website.


Laxman Bhattarai
Hey Laxman, i suggest u to install some anti-spam module.
User avatar
andym01480
Forum Contributor
Posts: 390
Joined: Wed Apr 19, 2006 5:01 pm

Post by andym01480 »

One reason you are probably getting spam is because you are using user input in the headers of the sales email without checking it for nasties

Code: Select all

$headers .= "From:  $name <$email>$eol";
This is called "header injection" - google to find out what it means!

You need to make sure that the $name contains what you expect a name to look like - upper and lower case characters, full stops and apostrophes so that Mr John O'Reilly would be valid!
http://www.webpronews.com/expertarticle ... g-php-ereg tells you how!

Then you need to make sure $email just contains a valid email address and nothing else! Google for ereg email to find one you like. Make sure it is fairly new as some of them throw out valid email address that end in .info etc.

That will stop spammers using your site to send spam which you get copies of!
Post Reply