Page 1 of 1

Scripting e-mail problems - PHP coders PLEASE HELP!

Posted: Wed Sep 27, 2006 11:38 am
by advisual
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi All,

For some reason when the script below attempts to send email confirmation to the submitter and admin it changes the [b]@ to %40[/b] and [b]spaces to %20[/b], so neither the admin or submitter are receiving confirmation.

When I look at the orders log, while it logs eveything all the spaces have %20 and the @ = %40.

Does anyone have any idea how to correct this in this script so that the confirmations can be properly forwarded.

Thanks ion advance

Code: Select all

<?php
include ("./processor/index.php");
include ("./admin/payment_1.php");
include ("./admin/configuration_1.php");
include ("./localization/".$language.".php");

// Time generator
$timestamp = time();
$hoursdiff = $zone;
$hoursdiff = $hoursdiff * 3600;
$timestamp = $timestamp - $hoursdiff;
$sendtime = date("h:iA", $timestamp);
$senddate = date("m/d/y");
$ip = getenv("REMOTE_ADDR");

session_start();
$sessionid = $_SESSION["sessionid"];
if ($sessionid == ""){
	$sessionid =  md5 (uniqid(rand()));
	session_register(sessionid);
}

// Check referring domain
if ($referers){
	$referers = explode(" ", $referers);
	$found = false;
	$temp = explode("/",getenv("HTTP_REFERER"));
	$referer = $temp[2];
	for ($x=0; $x < count($referers); $x++){
		if (ereg ($referers[$x], $referer)) {
			$found = true;
		}
	}
	if (!$found && !empty($referer)){
		include ("./admin/header.inc.php");
		?>
		<center>
		<table border="0" cellpadding="1" cellspacing="1" width="160">
		<tr>
		<td>
		<div style="padding:6px">
		<center><table cellpadding="0" cellspacing="3" border="0" width="160">
		<tr><td><p align="center">
		<center><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color=<? echo $TextColor; ?>"><p><b><? echo $DomainError; ?> - <? echo $referrer; ?></b></p></font></center>
		</td></tr></table>
		</div>
		</td>
		</tr>
		</table>
		</center>
		<?
		include ("./admin/footer.inc.php");
		exit();
	}
}
// Check all fields have been filled out before submitting order
if ( $_REQUEST["action"] == "submit" ) {
	$name 	    = rawurlencode($_REQUEST["name"]);
	$email 	    = rawurlencode($_REQUEST["email"]);
	$company    = rawurlencode($_REQUEST["company"]);
	$address    = rawurlencode($_REQUEST["address"]);
	$postcode0   = rawurlencode($_REQUEST["postcode0"]);
	$telephone  = rawurlencode($_REQUEST["telephone"]);
	if (empty($_REQUEST["name"]) or empty($_REQUEST["email"]) or empty($_REQUEST["address"]) or empty($_REQUEST["postcode0"])) {
		header("Refresh: 0;url=phpcart.php?action=confirm&name=". "$name&email=$email&company=$company&address=$address" ."&postcode0=$postcode0&telephone=$telephone&alert=1");
		exit();
	} else {
		header("Refresh: 150000;url=$home");
	}
}

// Include html header
include ("./admin/header.inc.php");
		?>
		<center>
		<table border="0" cellpadding="1" cellspacing="1" width="160">
		<tr>
		<td>
		<div style="padding:6px">
		<div align="center">
		<center><table cellpadding="0" cellspacing="3" border="0" width="160">
		<tr><td><p align="center">
		<?

if ($_REQUEST["action"]) {

	// Create session file
	if (!file_exists("./sessions/".$sessionid.".dat"))
		copy("./sessions/empty", "./sessions/".$sessionid.".dat");

	// Add product to cart
	if ($_REQUEST["action"]=="add") {
		$row = 1;
		$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
		while ($data = fgetcsv ($fp, 500)) {
			$row++;
			if ($data[0] == $_REQUEST["id"] && $noduplicates = "Y") {
				?>
				<center><font size="<? echo $fontSize+1; ?>" face="<? echo $font; ?>" color="<? echo $TextColor; ?>"><b><? echo $ProductInBasket; ?></b></font></center>
				<?
				break;
			}
		}
		if($data[0]!=$_REQUEST["id"]) { // we must have reached the end of the file
			if (!$_REQUEST["option1"]) {
				$option_print = "";
				} else {
				$option_print = "- ".$_REQUEST["option1"]." ".$_REQUEST["option2"]." ".$_REQUEST["option3"];
				}
			$descr_option = $_REQUEST["descr"]." $option_print";
			fputs($fp,$_REQUEST["id"].",".$descr_option.",".$_REQUEST["price"].",".$_REQUEST["quantity"].",".$_REQUEST["postage"]."\n");
		}
		fclose($fp);
	}

	// Clear all shopping cart contents
	if ($_REQUEST["action"]=="clear") {
		$fp = fopen ("./sessions/".$sessionid.".dat", "w");
		fclose($fp);
		$_REQUEST["action"]="add";
	}

	// Delete product from cart
	if ($_REQUEST["action"]=="delete") {
		$row = 1;
		$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
		while ($data = fgetcsv ($fp, 500)) {
			if ($_REQUEST["id"]==$row) {
				$row++;
				continue;
			} else {
				$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$data[3].",".$data[4];
				$row++;
			}
		}
		fclose ($fp);
		$fp = fopen ("./sessions/".$sessionid.".dat", "w");
		if (!empty($new_data)) {
			$new_data_insert = implode ("\n", $new_data);
			fputs($fp, $new_data_insert."\n");
		}
		fclose($fp);
		$_REQUEST["action"]="view";
	}

	// Recalculate cart-contents
	if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
		$theproduct = $_REQUEST["product"];
		$row = 1;
		$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
		while ($data = fgetcsv ($fp, 500)) {
			if (!empty($theproduct)) {
				if ($theproduct[$row] == "0" || empty($theproduct[$row])) {
					$row++;
					continue;
				} else {
					$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$theproduct[$row].",".$data[4];
					$row++;
				}
			}
		}
		fclose ($fp);

		if (!empty($new_data)) {
			$new_data_insert = implode ("\n", $new_data);
			$fp = fopen ("./sessions/".$sessionid.".dat", "w");
				fputs($fp, $new_data_insert."\n");
			fclose ($fp);
		}
	}

	// Print basket contents
	$tot_pos = 0;
	$tot_postage = $PostalAmount;
	$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
	if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
		?>
		<center>
		<form action="phpcart.php" method="post" target="_self">
		<input type="hidden" name="action" value="submit">
		<table border=1 cellspacing=0 width=553 bordercolor=#000000>
			<tr>
				<td align=center bgcolor=#FFFFFF width=543>
				<p align=center>
				<font face=Arial color=#FF0000 size=2>
				<b><? echo $confirmNote; ?>:</b></font>
				<font face=Arial color=#000080 size=2><? echo $Note; ?></font></p>
				</td>
			</tr>
		</table>
		<table width=500 align=center border=0 cellpadding=5 cellspacing=2>
			<col width=200 align=left><col width=400 align=left><tr>
			<th colspan=2 bgcolor="<? echo $PgBack; ?>"><font face="<? echo $font; ?>" size="<? echo $fontSize + 1; ?>" color="<? echo $TextColor; ?>"><? echo $confirmOrderMessage;?></font></th>
			</tr><tr>
			<th colspan=2 bgcolor="<? echo $headerColor; ?>"><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $titleColor; ?>"><? echo $PersonalInfoWord; ?></font></th>
			</tr><tr><td bgcolor="<? echo $rowsColor; ?>">
			<?
		if (empty($_REQUEST["name"]) and !empty($alert)) {
			?><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $titleColor; ?>"><b><? echo $NameWord; ?></b></font>
			<?
		} else {
			?><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $TextColor; ?>"><? echo $NameWord; ?></font>
			<?
		}
		print"	</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"name\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["name"];
		print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
		if (empty($_REQUEST["email"]) and !empty($alert)) {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$EmailWord</B></FONT>";
		} else {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\" COLOR=\"$TextColor\">$EmailWord</FONT>";
		}
		print "	</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"email\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["email"];
		print "\"></TD></TR><TR>
			<TD BGCOLOR=$rowsColor><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$CompanyWord</FONT></TD>
			<TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"company\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["company"];
		print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
		if (empty($_REQUEST["address"]) and !empty($alert)) {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$deliveryAddress</B></FONT>";
		} else {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$deliveryAddress</FONT>";
		}
		print "	</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"address\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["address"];
		print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
		if ((empty($_REQUEST["postcode0"])) and !empty($alert)) {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$postcode</B></FONT>";
		} else {
			print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$postcode</FONT>";
		}
		print "	</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"postcode0\" maxlength=10 STYLE=\"font-size: 8pt\" SIZE=12 VALUE=\"".$_REQUEST["postcode0"];
		print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor>
			<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$phoneFax</FONT>
			</TD><TD BGCOLOR=$rowsColor>
			<INPUT TYPE=\"text\" NAME=\"telephone\" STYLE=\"font-size: 8pt\" SIZE=14 VALUE=\"".$_REQUEST["telephone"];
		print "\"></TD></TR>";
		print "<TR><TD BGCOLOR=$rowsColor>
			<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$p_method</FONT>
			</TD><TD BGCOLOR=$rowsColor><select size='1' name='pmethod'>";
// ========================
		if ($twocheckout_active=="Yes"){
		print "<option value='2Checkout'>".$CreditCard."</option>";
		}
		if ($paystamp_active=="Yes"){
		print "<option value='Paystamp'>".$CreditCard."</option>";
		}
		if ($eway_active=="Yes"){
		print "<option value='eWay'>".$CreditCard."</option>";
		}
		if ($worldpay_active=="Yes"){
		print "<option value='WorldPay_CC'>".$CreditCard."</option>";
		print "<option value='WorldPay_DC'>Debit Card</option>";
		}
		if ($paypal_active=="Yes"){
		print "<option value='Paypal'>PayPal</option>";
		}
		if ($nochex_active=="Yes"){
		print "<option value='Nochex'>Nochex</option>";
		}
		if ($fastpay_active=="Yes"){
		print "<option value='Fastpay'>FastPay</option>";
		}
		if ($authorize_active=="Yes"){
		print "<option value='Authorize.net'>".$CreditCard."</option>";
		}
		if ($authorize_sim_active=="Yes"){
		print "<option value='Authorize_sim.net'>".$CreditCard."</option>";
		}
		if ($moneyb_active=="Yes"){
		print "<option value='MoneyBookers'>Money Bookers</option>";
		}
		if ($ematters_active=="Yes"){
		print "<option value='eMatters'>".$CreditCard."</option>";
		}
		if ($asiadebit_active=="Yes"){
		print "<option value='Asiadebit'>".$CreditCard."</option>";
		print "<option value='Asiadebit'>".$DebitCard."</option>";
		}
		if ($paysystems_active=="Yes"){
		print "<option value='Paysystems'>".$CreditCard."</option>";
		print "<option value='Paysystems'>".$DebitCard."</option>";
		}
		if ($paymate_active=="Yes"){
		print "<option value='Paymate'>Paymate</option>";
		}
		if ($ewmerchant_active=="Yes"){
		print "<option value='EWMerchant'>EW Merchant</option>";
		}
		if ($egold_active=="Yes"){
		print "<option value='E-Gold'>E-Gold</option>";
		}
		if ($net1_active=="Yes"){
		print "<option value='Net1'>".$CreditCard."</option>";
		}
		if ($securetrading_active=="Yes"){
		print "<option value='SecureTrading'>".$CreditCard."</option>";
		}
		if ($verisign_active=="Yes"){
		print "<option value='Verisign'>".$CreditCard."</option>";
		print "<option value='Verisign'>".$DebitCard."</option>";
		}
		if ($offline_active=="Yes"){
		print "<option value='Cash'>".$Cash."</option>";
		print "<option value='Cheque'>".$Check."</option>";
		}
// ========================
		print "</select>";
		print "</TD></TR>";
		print "</TD></TR>";
	if ($notes_active=="Yes"){
		print "<TR><TD BGCOLOR=$rowsColor valign=top>
			<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$NotesWord</FONT>
			</TD><TD BGCOLOR=$rowsColor>
			<textarea rows=3 name=notes cols=25>";
			print $_REQUEST["notes"];
		print "</textarea>";
		print "</TD></TR>";
	}
		print "</TABLE></CENTER>";
	}
	if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view")
		print "	<FORM ACTION=\"phpcart.php\" METHOD=\"post\" TARGET=\"_self\" NAME=\"prodForm\">
			<INPUT TYPE=\"hidden\" NAME=\"action\" VALUE=\"confirm\"> ";
	if ($_REQUEST["action"]!="submit")
		print "<CENTER><TABLE WIDTH=500 BORDER=0 ALIGN=\"center\" CELLPADDING=5 CELLSPACING=2 STYLE=\"font-family: arial; font-size: 10pt\" width=\"1\" BGCOLOR=$PgBack>
			<COL WIDTH=20 ALIGN=center>
			<COL WIDTH=100 ALIGN=center>
			<COL WIDTH=320 ALIGN=left>
			<COL WIDTH=70 ALIGN=right>
			<COL WIDTH=30 ALIGN=center>
			<COL WIDTH=80 ALIGN=right> ";
	if($_REQUEST["action"]=="add" || $_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout" || $_REQUEST["action"]=="view") {
		print "<SCRIPT LANGUAGE=\"javascript\">
			function round (n) {
				n = Math.round(n * 100) / 100;
				n = (n + 0.001) + '';
				return n.substring(0, n.indexOf('.') + 3);
			}
			function getTotalCost () {
				totalCost = 0;
				for (i = 4; i < (document.prodForm.length - 2); i += 4) {
					totalCost += parseFloat(document.prodForm[i].value);
				}
				document.prodForm.total.value = round(totalCost);
			} </SCRIPT>
			<TR BGCOLOR=\"$headerColor\" width=\"1\">
			<TH COLSPAN=2><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$IDWord</B></FONT></TH>
			<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$descriptionWord</B></FONT></TH>
			<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$productPriceWord &nbsp;</B></FONT></TH>
			<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$quantityWord</B></FONT></TH>
			<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$sumPriceWord &nbsp;</B></FONT></TH></TR> ";
		$line_no = 1;
		$tracker = 4;
		while ($data = fgetcsv ($fp, 500)) {
			$num = count ($data);
			print "	<TR BGCOLOR=$rowsColor>
				<TD><A HREF=\"phpcart.php?action=delete&id=$line_no\"><IMG SRC=\"./images/trashicon.gif\" BORDER=0 WIDTH=16 HEIGHT=16 ALT=\"Remove $data[1] from Basket?\"></A></TD>
				<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[0]</FONT></TD>
				<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[1]</FONT></TD>
				<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[2] &nbsp;</FONT></TD> ";
			if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
				print "<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[3]</FONT></TD>";
			} else {
				print "	<TD><!-- DUMMY FIELD TO FIX NETSCAPE BUG --><INPUT TYPE=\"hidden\">
					<INPUT TYPE=\"text\" NAME=\"product[$line_no]\" VALUE=\"$data[3]\" SIZE=2 STYLE=\"text-color:$TextColor;font-size:8pt;text-align:center\" onChange=\"getTotalCost();\" onLoad=\"getTotalCost();\" onClick='getTotalCost();' onMouseOver='getTotalCost();' onMouseOut='getTotalCost();' onKeyUp='getTotalCost();'></TD>";
			}
			if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view") {
				print "	<TD><!-- DUMMY FIELD TO FIX NETSCAPE BUG --><INPUT TYPE=\"hidden\">
					<INPUT TYPE=\"text\" NAME=\"\" DISABLED STYLE=\"font-size:8pt;text-align:right;
					background-color:$rowsColor;text-color:$TextColor;border-width:0;padding-right:5pt\"
					VALUE=\"".$data[2] * $data[3]."\" SIZE=8 COLOR=\"$TextColor\"></TD></TR> ";
			} else {
				print "	<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">". ($data[2] * $data[3]) ."&nbsp;</TD></TR> ";
			}
			if (! empty($no_prod) ) {
				$no_prod = $no_prod + $data[3];
			}
			$tot_pos = $tot_pos + ($data[2] * $data[3]);
			$tot_postage = $tot_postage + ($data[4]);

			$tracker += 4;
			$line_no++;
		}
		if ($line_no == 1) {
			print "	<TR BGCOLOR=$rowsColor>
				<TD COLSPAN=6 ALIGN=center><B>$emptyCart</B></TD></TR>";
		}
		$tot_pos = number_format( ($tot_pos), 2, '.', '');
		$subtotal = number_format( ($tot_pos), 2);
		$vatVal = ($tot_pos)/(100)*$salesVAT;
		$vat = number_format( ($vatVal), 2);
		$postage = number_format( ($tot_postage), 2);
		$total = number_format( ($tot_pos+$vat+$postage), 2, '.', '');
		print "	<INPUT TYPE=\"hidden\" NAME=\"rows\" VALUE=\"$row\">";
		fclose ($fp);
	}
	if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view") {
		print "	<TR BGCOLOR=$rowsColor><TD BGCOLOR=\"$PgBack\" COLSPAN=5><p align=right></TD><TD>
			<INPUT TYPE=\"text\" NAME=\"total\" DISABLED STYLE=\"font-size:8pt;text-align:right;
			background-color:$rowsColor;border-width:0;padding-right:5pt\" VALUE=\"".$data[2] * $data[3]."\" SIZE=8></TD>
			</TR><TR><TD COLSPAN=3 ALIGN=left><A HREF=\"$home\"><IMG SRC=\"./images/$backPicture\" BORDER=0></A></TD>
			<TD COLSPAN=4 ALIGN=right>\n";
			if ($line_no > 1)
				print "<INPUT TYPE=\"image\" SRC=\"./images/$orderPicture\" BORDER=0 STYLE=\"border-width: 0\" onMouseOver='getTotalCost();'>\n";
			print "</TD></TR></TABLE></CENTER></FORM> 
			<script LANGUAGE=\"javascript\">
			getTotalCost();
			</script>";
	} else if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
	 	print "	<TR>
			<TD COLSPAN=3 ALIGN=left ROWSPAN=5><CENTER><A HREF=\"?action=view\"><IMG SRC=\"./images/$viewPicture\" BORDER=0></A></CENTER><BR><B><SMALL>$extrasText</SMALL></B><BR></TD>
			<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$SubTotalWord</B></FONT></TD>
			<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$tot_pos &nbsp;</FONT></TD>
			</TR>";
	if (!empty($salesVAT)) {
		print "	<TR>
			<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$VATWord</B></FONT></TD>
			<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$vat &nbsp;</FONT></TD>
			</TR>";
	} else {
	 	print " ";
	}
	if (!empty($PostalAmount)) {
		print "	<TR>
			<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$PostageWord</B></FONT></TD>
	        	<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$postage &nbsp;</FONT></TD>
	        	</TR>";
	} else {
	 	print " ";
	}
	 	print "	<TR>
		        <TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$TotalSumWord</B></FONT></TD>
			<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$total &nbsp;</FONT></TD>
			</TR><TR>
			<TD COLSPAN=3 ALIGN=center BGCOLOR=$rowsColor><INPUT TYPE=\"submit\" STYLE=\"font-family: $font; font-weight: bold; padding: 2pt\" VALUE=\"$orderButtonText\"></TD>
			</TR></FORM><TR><TD HEIGHT=20></TD></TR></TABLE></CENTER>";
	}
}
$method = "Payment Method:\n";
$pmethod0 = $_REQUEST["pmethod"]."\n";
$line1 = " ----------------------------------------------\n";
$SP0 = "\n";
	// Submit order
	if ($_REQUEST["action"]=="submit") {
		$order_no = (substr(uniqid (""), 2, 7));
		$order_id = strtoupper($order_no);

		$fp = fopen ("./sessions/".$sessionid.".dat", "r");
		$row = 1;
		while ($data = fgetcsv ($fp, 500)) {
			$new_data[$row] = " ----------------------------------------------\n";
			$row++;
			$new_data[$row] = $data[0]."    ".$data[1]."\n";
			$row++;
			$new_data[$row] = $data[3]." qty at $currency".$data[2]."    =    $currency".$data[2] * $data[3]."\n";
			$row++;
			if (! empty($no_prod) ) {
				$no_prod = $no_prod + $data[3];
			}
			$tot_pos = $tot_pos + ($data[2] * $data[3]);
			$tot_postage = $tot_postage + ($data[4]);
		}
		$tot_pos = number_format( ($tot_pos), 2, '.', '');
		$subtotal = number_format( ($tot_pos), 2);
		$vatVal = ($tot_pos)/(100)*$salesVAT;
		$vat = number_format( ($vatVal), 2);
		$postage = number_format( ($tot_postage), 2);
		$total = number_format( ($tot_pos+$vat+$postage), 2, '.', '');
		fclose ($fp);
		if (!empty($new_data))
			$new_data_insert = implode ("<BR>", $new_data);

// Send email to admin
$message = "<html>\n";
$message .= "<head>\n";
$message .= "<title>Order</title>\n";
$message .= "</head>\n";
$message .="<body>\n";

$message .= "<font face=Verdana size=2>\n";
$message .= " --------------------------------------- <BR>\n";
$message .= "<B>$companyName</B><BR>\n";
$message .= "Web Order Summary<BR>\n";
$message .= "Date: $senddate<BR>\n";
$message .= "Order ID: $order_id<BR>\n";
$message .= " --------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Summary</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "<b>Name:</b> $name<BR>\n";
$message .= "<b>E-mail:</b> <a href=mailto:$email>$email</a><BR>\n";
$message .= "<BR>\n";
$message .= "<b>Postal Address:</b><BR>\n";
$message .= "$address<BR>\n";
$message .= "$postcode0<BR>\n";
$message .= "<BR>\n";
$message .= "<b>Telephone:</b> $telephone<BR>\n";
$message .= "<BR>\n";
$message .= "<b>$CompanyWord:</b> $company<BR>\n";
$message .= "<BR>\n";
if (!empty($_REQUEST["notes"])) {
$message .= "<B>Order Notes:</B><BR>".$_REQUEST["notes"]."<BR>\n";
}
$message .= "<BR>\n";
$message .= "$new_data_insert<BR>\n";
$message .= " -------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Sub Total = $currency$subtotal<BR>\n";
if (!empty($salesVAT)) {
$message .= "";
} else {
$message .= "Sales Tax = $currency$vat<BR>\n";
}
if (!empty($PostalAmount)) {
$message .= "";
} else {
$message .= "Post & Packaging = $currency$postage<BR>\n";
}
$message .= "Total = $currency$total<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Information</B><BR>\n";
$message .= "$method $pmethod0<BR>\n";
$message .= "<BR>\n";
$message .= "$CustomerHasReceipt<BR>\n";
$message .= "</font>\n";
$message .= "</body>\n";
$message .= "</html>\n";

$eol = "\r\n";
$headers  = "MIME-Version: 1.0$eol";
$headers .= "Content-type: text/html; charset=iso-8859-1$eol";
$headers .= "From:  $name <$email>$eol";

mail($salesEmail, "Web Order Confirmation - Order ID: $order_id", $message, $headers);

// Send email to customer
$message = "<html>\n";
$message .= "<head>\n";
$message .= "<title>Order</title>\n";
$message .= "</head>\n";
$message .="<body>\n";
$message .= "<font face=Verdana size=2>\n";
$message .= " --------------------------------------------- <BR>\n";
$message .= "<B>$companyName</B><BR>\n";
$message .= "Web Order Summary<BR>\n";
$message .= "Date: $senddate<BR>\n";
$message .= "Order ID: $order_id<BR>\n";
$message .= " --------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Dear Customer,<BR>\n";
$message .= "<BR>\n";
$message .= "Thank you very much for ordering your goods from $companyName. A summary of your order can be found below.";
$message .= "<BR><BR>\n";

$message .= "<B>Order Summary</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "<b>Name:</b> $name<BR>\n";
$message .= "<b>E-mail:</b> <a href=mailto:$email>$email</a><BR>\n";
$message .= "<BR>\n";
$message .= "<b>Postal Address:</b><BR>\n";
$message .= "$address<BR>\n";
$message .= "$postcode0<BR>\n";
$message .= "<BR>\n";
$message .= "<b>Telephone:</b> $telephone<BR>\n";
$message .= "<BR>\n";
$message .= "$new_data_insert<BR>\n";
$message .= " -------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Sub Total = $currency$subtotal<BR>\n";
if (!empty($salesVAT)) {
$message .= "";
} else {
$message .= "Sales Tax = $currency$vat<BR>\n";
}
if (!empty($PostalAmount)) {
$message .= "";
} else {
$message .= "Post & Packaging = $currency$postage<BR>\n";
}
$message .= "Total = $currency$total<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Information</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "Your order will be shipped as soon as payment has been received.";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "If you have any problems or questions, please contact us by <a href=mailto:$salesEmail?subject=Order%20ID%20-%20$order_id%20>clicking here</a>.";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "Thank you,<BR>\n";
$message .= "The $companyName Team<BR>\n";
$message .= "</font>\n";
$message .= "</body>\n";
$message .= "</html>\n";

$headers  = "MIME-Version: 1.0$eol";
$headers .= "Content-type: text/html; charset=iso-8859-1$eol";
$headers .= "From:  $companyName <$salesEmail>$eol";

mail($email, "Web Order Confirmation - Order ID: $order_id", $message, $headers);


// THIS PART MAKES IT WRITE TO THE ORDER FOLDER

if ($enableCopy == Activate) {
	if (!empty($new_data))
		$new_data_insert = implode ("\n", $new_data);
$file = fopen ("orders/$order_id.txt", "w");
if (!$file) {
    echo "<p>Unable to open remote file for writing. Please make sure 'orders' Folder is chmod to 777\n";
    exit;
}
/* Write the data here. */
fputs ($file, "IP: $ip
Date: $senddate
Time: $sendtime

$NameWord: $name
$CompanyWord: $company
$EmailWord: $email
$AddressWord: $address
$postcode: $postcode0

$PhoneWord: $telephone


$new_data_insert
-----------------------------------------------------------
Order Notes:
$notes

$SubTotalWord  =  $currency$subtotal
$PostageWord  =  $currency$postage
$TotalSumWord  =  $currency$total

$line1$SP0$method $pmethod0 $SP0$line1


$ThisOrderHasRef: $order_id
$CustomerHasReceipt\n");
fclose ($file);
}
	// Payment Processor Section - Which ever processors you have setup will now be sent for
	switch ($_REQUEST["pmethod"]){
		case "Nochex" : include ("processor/nochex.inc.php"); break;
		case "2Checkout" : include ("processor/2checkout.inc.php"); break;
		case "Paystamp" : include ("processor/paystamp.inc.php"); break;
		case "eWay" : include ("processor/eway.inc.php"); break;
		case "Paypal" : include ("processor/paypal.inc.php"); break;
		case "WorldPay_CC" : 
		case "WorldPay_DC" : include ("processor/worldpay.inc.php"); break;
		case "Authorize.net" : include ("processor/authorize.inc.php"); break;
		case "Authorize_sim.net" : include ("processor/authorize-sim.inc.php"); break;
		case "MoneyBookers" : include ("processor/moneybookers.inc.php"); break;
		case "eMatters" : include ("processor/ematters.inc.php"); break;
		case "Fastpay" : include ("processor/fastpay.inc.php"); break;
		case "Asiadebit" : include ("processor/asiadebit.inc.php"); break;
		case "Paysystems" : include ("processor/paysystems.inc.php"); break;
		case "Paymate" : include ("processor/paymate.inc.php"); break;
		case "EWMerchant" : include ("processor/ewmerchant.inc.php"); break;
		case "E-Gold" : include ("processor/egold.inc.php"); break;
		case "Net1" : include ("processor/net1.inc.php"); break;
		case "SecureTrading" : include ("processor/securetrading.inc.php"); break;
		case "Verisign" : include ("processor/verisign.inc.php"); break;
		case "Cash" : 
		case "Cheque" : include ("processor/offline.inc.php"); break;
	}
	unlink("./sessions/".$sessionid.".dat");
}
print "</td></tr></table>";
print "</center>";
print "</div>";
print "</div>";
print "</td>";
print "</tr>";
print "</table>";
print "</center>";
include ("./admin/footer.inc.php"); ?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

GRRRRRRRRR

Posted: Wed Sep 27, 2006 12:01 pm
by Mordred
Missing semicolon on line 5276.

Posted: Wed Sep 27, 2006 1:49 pm
by sojos
You use rawurlencode() to prepare your parameters for the redirect. This adds the %40 to the refresh url which is right. But your rawurlencode() also affects the email address used in the mail() function and thats wrong.

Posted: Wed Sep 27, 2006 2:16 pm
by advisual
sojos wrote:You use rawurlencode() to prepare your parameters for the redirect. This adds the %40 to the refresh url which is right. But your rawurlencode() also affects the email address used in the mail() function and thats wrong.
Hi,

Thans for the response. I am somewhat of a newbie. How would I add the changes to correct the problem and where?

Thanks

Posted: Wed Sep 27, 2006 3:09 pm
by sojos
I have removed all rawurlencode() functions and added it again further below. I hope it works but I can't review the whole code and I can't test it.

Code: Select all

<?php
include ("./processor/index.php");
include ("./admin/payment_1.php");
include ("./admin/configuration_1.php");
include ("./localization/".$language.".php");

// Time generator
$timestamp = time();
$hoursdiff = $zone;
$hoursdiff = $hoursdiff * 3600;
$timestamp = $timestamp - $hoursdiff;
$sendtime = date("h:iA", $timestamp);
$senddate = date("m/d/y");
$ip = getenv("REMOTE_ADDR");

session_start();
$sessionid = $_SESSION["sessionid"];
if ($sessionid == ""){
$sessionid = md5 (uniqid(rand()));
session_register(sessionid);
}

// Check referring domain
if ($referers){
$referers = explode(" ", $referers);
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++){
if (ereg ($referers[$x], $referer)) {
$found = true;
}
}
if (!$found && !empty($referer)){
include ("./admin/header.inc.php");
?>
<center>
<table border="0" cellpadding="1" cellspacing="1" width="160">
<tr>
<td>
<div style="padding:6px">
<center><table cellpadding="0" cellspacing="3" border="0" width="160">
<tr><td><p align="center">
<center><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color=<? echo $TextColor; ?>"><p><b><? echo $DomainError; ?> - <? echo $referrer; ?></b></p></font></center>
</td></tr></table>
</div>
</td>
</tr>
</table>
</center>
<?
include ("./admin/footer.inc.php");
exit();
}
}
// Check all fields have been filled out before submitting order
if ( $_REQUEST["action"] == "submit" ) {
$name = $_REQUEST["name"];
$email = $_REQUEST["email"];
$company = $_REQUEST["company"];
$address = $_REQUEST["address"];
$postcode0 = $_REQUEST["postcode0"];
$telephone = $_REQUEST["telephone"];
if (empty($_REQUEST["name"]) or empty($_REQUEST["email"]) or empty($_REQUEST["address"]) or empty($_REQUEST["postcode0"])) {
header("Refresh: 0;url=phpcart.php?action=confirm&name=".rawurlencode($name). "&email=".rawurlencode($email)."&company=".rawurlencode($company). "&address=".rawurlencode($address)."&postcode0=".rawurlencode($postcode0). "&telephone=".rawurlencode($telephone)."&alert=1");
exit();
} else {
header("Refresh: 150000;url=$home");
}
}

// Include html header
include ("./admin/header.inc.php");
?>
<center>
<table border="0" cellpadding="1" cellspacing="1" width="160">
<tr>
<td>
<div style="padding:6px">
<div align="center">
<center><table cellpadding="0" cellspacing="3" border="0" width="160">
<tr><td><p align="center">
<?

if ($_REQUEST["action"]) {

// Create session file
if (!file_exists("./sessions/".$sessionid.".dat"))
copy("./sessions/empty", "./sessions/".$sessionid.".dat");

// Add product to cart
if ($_REQUEST["action"]=="add") {
$row = 1;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
while ($data = fgetcsv ($fp, 500)) {
$row++;
if ($data[0] == $_REQUEST["id"] && $noduplicates = "Y") {
?>
<center><font size="<? echo $fontSize+1; ?>" face="<? echo $font; ?>" color="<? echo $TextColor; ?>"><b><? echo $ProductInBasket; ?></b></font></center>
<?
break;
}
}
if($data[0]!=$_REQUEST["id"]) { // we must have reached the end of the file
if (!$_REQUEST["option1"]) {
$option_print = "";
} else {
$option_print = "- ".$_REQUEST["option1"]." ".$_REQUEST["option2"]." ".$_REQUEST["option3"];
}
$descr_option = $_REQUEST["descr"]." $option_print";
fputs($fp,$_REQUEST["id"].",".$descr_option.",".$_REQUEST["price"].",".$_REQUEST["quantity"].",".$_REQUEST["postage"]."\n");
}
fclose($fp);
}

// Clear all shopping cart contents
if ($_REQUEST["action"]=="clear") {
$fp = fopen ("./sessions/".$sessionid.".dat", "w");
fclose($fp);
$_REQUEST["action"]="add";
}

// Delete product from cart
if ($_REQUEST["action"]=="delete") {
$row = 1;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
while ($data = fgetcsv ($fp, 500)) {
if ($_REQUEST["id"]==$row) {
$row++;
continue;
} else {
$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$data[3].",".$data[4];
$row++;
}
}
fclose ($fp);
$fp = fopen ("./sessions/".$sessionid.".dat", "w");
if (!empty($new_data)) {
$new_data_insert = implode ("\n", $new_data);
fputs($fp, $new_data_insert."\n");
}
fclose($fp);
$_REQUEST["action"]="view";
}

// Recalculate cart-contents
if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
$theproduct = $_REQUEST["product"];
$row = 1;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
while ($data = fgetcsv ($fp, 500)) {
if (!empty($theproduct)) {
if ($theproduct[$row] == "0" || empty($theproduct[$row])) {
$row++;
continue;
} else {
$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$theproduct[$row].",".$data[4];
$row++;
}
}
}
fclose ($fp);

if (!empty($new_data)) {
$new_data_insert = implode ("\n", $new_data);
$fp = fopen ("./sessions/".$sessionid.".dat", "w");
fputs($fp, $new_data_insert."\n");
fclose ($fp);
}
}

// Print basket contents
$tot_pos = 0;
$tot_postage = $PostalAmount;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
?>
<center>
<form action="phpcart.php" method="post" target="_self">
<input type="hidden" name="action" value="submit">
<table border=1 cellspacing=0 width=553 bordercolor=#000000>
<tr>
<td align=center bgcolor=#FFFFFF width=543>
<p align=center>
<font face=Arial color=#FF0000 size=2>
<b><? echo $confirmNote; ?>:</b></font>
<font face=Arial color=#000080 size=2><? echo $Note; ?></font></p>
</td>
</tr>
</table>
<table width=500 align=center border=0 cellpadding=5 cellspacing=2>
<col width=200 align=left><col width=400 align=left><tr>
<th colspan=2 bgcolor="<? echo $PgBack; ?>"><font face="<? echo $font; ?>" size="<? echo $fontSize + 1; ?>" color="<? echo $TextColor; ?>"><? echo $confirmOrderMessage;?></font></th>
</tr><tr>
<th colspan=2 bgcolor="<? echo $headerColor; ?>"><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $titleColor; ?>"><? echo $PersonalInfoWord; ?></font></th>
</tr><tr><td bgcolor="<? echo $rowsColor; ?>">
<?
if (empty($_REQUEST["name"]) and !empty($alert)) {
?><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $titleColor; ?>"><b><? echo $NameWord; ?></b></font>
<?
} else {
?><font face="<? echo $font; ?>" size="<? echo $fontSize; ?>" color="<? echo $TextColor; ?>"><? echo $NameWord; ?></font>
<?
}
print" </TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"name\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["name"];
print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
if (empty($_REQUEST["email"]) and !empty($alert)) {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$EmailWord</B></FONT>";
} else {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\" COLOR=\"$TextColor\">$EmailWord</FONT>";
}
print " </TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"email\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["email"];
print "\"></TD></TR><TR>
<TD BGCOLOR=$rowsColor><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$CompanyWord</FONT></TD>
<TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"company\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["company"];
print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
if (empty($_REQUEST["address"]) and !empty($alert)) {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$deliveryAddress</B></FONT>";
} else {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$deliveryAddress</FONT>";
}
print " </TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"address\" STYLE=\"font-size: 8pt\" SIZE=40 VALUE=\"".$_REQUEST["address"];
print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor> ";
if ((empty($_REQUEST["postcode0"])) and !empty($alert)) {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$postcode</B></FONT>";
} else {
print "<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$postcode</FONT>";
}
print " </TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"postcode0\" maxlength=10 STYLE=\"font-size: 8pt\" SIZE=12 VALUE=\"".$_REQUEST["postcode0"];
print "\"></TD></TR><TR><TD BGCOLOR=$rowsColor>
<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$phoneFax</FONT>
</TD><TD BGCOLOR=$rowsColor>
<INPUT TYPE=\"text\" NAME=\"telephone\" STYLE=\"font-size: 8pt\" SIZE=14 VALUE=\"".$_REQUEST["telephone"];
print "\"></TD></TR>";
print "<TR><TD BGCOLOR=$rowsColor>
<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$p_method</FONT>
</TD><TD BGCOLOR=$rowsColor><select size='1' name='pmethod'>";
// ========================
if ($twocheckout_active=="Yes"){
print "<option value='2Checkout'>".$CreditCard."</option>";
}
if ($paystamp_active=="Yes"){
print "<option value='Paystamp'>".$CreditCard."</option>";
}
if ($eway_active=="Yes"){
print "<option value='eWay'>".$CreditCard."</option>";
}
if ($worldpay_active=="Yes"){
print "<option value='WorldPay_CC'>".$CreditCard."</option>";
print "<option value='WorldPay_DC'>Debit Card</option>";
}
if ($paypal_active=="Yes"){
print "<option value='Paypal'>PayPal</option>";
}
if ($nochex_active=="Yes"){
print "<option value='Nochex'>Nochex</option>";
}
if ($fastpay_active=="Yes"){
print "<option value='Fastpay'>FastPay</option>";
}
if ($authorize_active=="Yes"){
print "<option value='Authorize.net'>".$CreditCard."</option>";
}
if ($authorize_sim_active=="Yes"){
print "<option value='Authorize_sim.net'>".$CreditCard."</option>";
}
if ($moneyb_active=="Yes"){
print "<option value='MoneyBookers'>Money Bookers</option>";
}
if ($ematters_active=="Yes"){
print "<option value='eMatters'>".$CreditCard."</option>";
}
if ($asiadebit_active=="Yes"){
print "<option value='Asiadebit'>".$CreditCard."</option>";
print "<option value='Asiadebit'>".$DebitCard."</option>";
}
if ($paysystems_active=="Yes"){
print "<option value='Paysystems'>".$CreditCard."</option>";
print "<option value='Paysystems'>".$DebitCard."</option>";
}
if ($paymate_active=="Yes"){
print "<option value='Paymate'>Paymate</option>";
}
if ($ewmerchant_active=="Yes"){
print "<option value='EWMerchant'>EW Merchant</option>";
}
if ($egold_active=="Yes"){
print "<option value='E-Gold'>E-Gold</option>";
}
if ($net1_active=="Yes"){
print "<option value='Net1'>".$CreditCard."</option>";
}
if ($securetrading_active=="Yes"){
print "<option value='SecureTrading'>".$CreditCard."</option>";
}
if ($verisign_active=="Yes"){
print "<option value='Verisign'>".$CreditCard."</option>";
print "<option value='Verisign'>".$DebitCard."</option>";
}
if ($offline_active=="Yes"){
print "<option value='Cash'>".$Cash."</option>";
print "<option value='Cheque'>".$Check."</option>";
}
// ========================
print "</select>";
print "</TD></TR>";
print "</TD></TR>";
if ($notes_active=="Yes"){
print "<TR><TD BGCOLOR=$rowsColor valign=top>
<FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$NotesWord</FONT>
</TD><TD BGCOLOR=$rowsColor>
<textarea rows=3 name=notes cols=25>";
print $_REQUEST["notes"];
print "</textarea>";
print "</TD></TR>";
}
print "</TABLE></CENTER>";
}
if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view")
print " <FORM ACTION=\"phpcart.php\" METHOD=\"post\" TARGET=\"_self\" NAME=\"prodForm\">
<INPUT TYPE=\"hidden\" NAME=\"action\" VALUE=\"confirm\"> ";
if ($_REQUEST["action"]!="submit")
print "<CENTER><TABLE WIDTH=500 BORDER=0 ALIGN=\"center\" CELLPADDING=5 CELLSPACING=2 STYLE=\"font-family: arial; font-size: 10pt\" width=\"1\" BGCOLOR=$PgBack>
<COL WIDTH=20 ALIGN=center>
<COL WIDTH=100 ALIGN=center>
<COL WIDTH=320 ALIGN=left>
<COL WIDTH=70 ALIGN=right>
<COL WIDTH=30 ALIGN=center>
<COL WIDTH=80 ALIGN=right> ";
if($_REQUEST["action"]=="add" || $_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout" || $_REQUEST["action"]=="view") {
print "<SCRIPT LANGUAGE=\"javascript\">
function round (n) {
n = Math.round(n * 100) / 100;
n = (n + 0.001) + '';
return n.substring(0, n.indexOf('.') + 3);
}
function getTotalCost () {
totalCost = 0;
for (i = 4; i < (document.prodForm.length - 2); i += 4) {
totalCost += parseFloat(document.prodForm[i].value);
}
document.prodForm.total.value = round(totalCost);
} </SCRIPT>
<TR BGCOLOR=\"$headerColor\" width=\"1\">
<TH COLSPAN=2><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$IDWord</B></FONT></TH>
<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$descriptionWord</B></FONT></TH>
<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$productPriceWord &nbsp;</B></FONT></TH>
<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$quantityWord</B></FONT></TH>
<TH><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$sumPriceWord &nbsp;</B></FONT></TH></TR> ";
$line_no = 1;
$tracker = 4;
while ($data = fgetcsv ($fp, 500)) {
$num = count ($data);
print " <TR BGCOLOR=$rowsColor>
<TD><A HREF=\"phpcart.php?action=delete&id=$line_no\"><IMG SRC=\"./images/trashicon.gif\" BORDER=0 WIDTH=16 HEIGHT=16 ALT=\"Remove $data[1] from Basket?\"></A></TD>
<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[0]</FONT></TD>
<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[1]</FONT></TD>
<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[2] &nbsp;</FONT></TD> ";
if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
print "<TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">$data[3]</FONT></TD>";
} else {
print " <TD><!-- DUMMY FIELD TO FIX NETSCAPE BUG --><INPUT TYPE=\"hidden\">
<INPUT TYPE=\"text\" NAME=\"product[$line_no]\" VALUE=\"$data[3]\" SIZE=2 STYLE=\"text-color:$TextColor;font-size:8pt;text-align:center\" onChange=\"getTotalCost();\" onLoad=\"getTotalCost();\" onClick='getTotalCost();' onMouseOver='getTotalCost();' onMouseOut='getTotalCost();' onKeyUp='getTotalCost();'></TD>";
}
if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view") {
print " <TD><!-- DUMMY FIELD TO FIX NETSCAPE BUG --><INPUT TYPE=\"hidden\">
<INPUT TYPE=\"text\" NAME=\"\" DISABLED STYLE=\"font-size:8pt;text-align:right;
background-color:$rowsColor;text-color:$TextColor;border-width:0;padding-right:5pt\"
VALUE=\"".$data[2] * $data[3]."\" SIZE=8 COLOR=\"$TextColor\"></TD></TR> ";
} else {
print " <TD><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$TextColor\">". ($data[2] * $data[3]) ."&nbsp;</TD></TR> ";
}
if (! empty($no_prod) ) {
$no_prod = $no_prod + $data[3];
}
$tot_pos = $tot_pos + ($data[2] * $data[3]);
$tot_postage = $tot_postage + ($data[4]);

$tracker += 4;
$line_no++;
}
if ($line_no == 1) {
print " <TR BGCOLOR=$rowsColor>
<TD COLSPAN=6 ALIGN=center><B>$emptyCart</B></TD></TR>";
}
$tot_pos = number_format( ($tot_pos), 2, '.', '');
$subtotal = number_format( ($tot_pos), 2);
$vatVal = ($tot_pos)/(100)*$salesVAT;
$vat = number_format( ($vatVal), 2);
$postage = number_format( ($tot_postage), 2);
$total = number_format( ($tot_pos+$vat+$postage), 2, '.', '');
print " <INPUT TYPE=\"hidden\" NAME=\"rows\" VALUE=\"$row\">";
fclose ($fp);
}
if ($_REQUEST["action"]=="add" || $_REQUEST["action"]=="view") {
print " <TR BGCOLOR=$rowsColor><TD BGCOLOR=\"$PgBack\" COLSPAN=5><p align=right></TD><TD>
<INPUT TYPE=\"text\" NAME=\"total\" DISABLED STYLE=\"font-size:8pt;text-align:right;
background-color:$rowsColor;border-width:0;padding-right:5pt\" VALUE=\"".$data[2] * $data[3]."\" SIZE=8></TD>
</TR><TR><TD COLSPAN=3 ALIGN=left><A HREF=\"$home\"><IMG SRC=\"./images/$backPicture\" BORDER=0></A></TD>
<TD COLSPAN=4 ALIGN=right>\n";
if ($line_no > 1)
print "<INPUT TYPE=\"image\" SRC=\"./images/$orderPicture\" BORDER=0 STYLE=\"border-width: 0\" onMouseOver='getTotalCost();'>\n";
print "</TD></TR></TABLE></CENTER></FORM>
<script LANGUAGE=\"javascript\">
getTotalCost();
</script>";
} else if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
print " <TR>
<TD COLSPAN=3 ALIGN=left ROWSPAN=5><CENTER><A HREF=\"?action=view\"><IMG SRC=\"./images/$viewPicture\" BORDER=0></A></CENTER><BR><B><SMALL>$extrasText</SMALL></B><BR></TD>
<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$SubTotalWord</B></FONT></TD>
<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$tot_pos &nbsp;</FONT></TD>
</TR>";
if (!empty($salesVAT)) {
print " <TR>
<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$VATWord</B></FONT></TD>
<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$vat &nbsp;</FONT></TD>
</TR>";
} else {
print " ";
}
if (!empty($PostalAmount)) {
print " <TR>
<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$PostageWord</B></FONT></TD>
<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$postage &nbsp;</FONT></TD>
</TR>";
} else {
print " ";
}
print " <TR>
<TD COLSPAN=2 ALIGN=right BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\"><B>$TotalSumWord</B></FONT></TD>
<TD BGCOLOR=\"$headerColor\"><FONT FACE=\"$font\" SIZE=$fontSize COLOR=\"$titleColor\">$currency$total &nbsp;</FONT></TD>
</TR><TR>
<TD COLSPAN=3 ALIGN=center BGCOLOR=$rowsColor><INPUT TYPE=\"submit\" STYLE=\"font-family: $font; font-weight: bold; padding: 2pt\" VALUE=\"$orderButtonText\"></TD>
</TR></FORM><TR><TD HEIGHT=20></TD></TR></TABLE></CENTER>";
}
}
$method = "Payment Method:\n";
$pmethod0 = $_REQUEST["pmethod"]."\n";
$line1 = " ----------------------------------------------\n";
$SP0 = "\n";
// Submit order
if ($_REQUEST["action"]=="submit") {
$order_no = (substr(uniqid (""), 2, 7));
$order_id = strtoupper($order_no);

$fp = fopen ("./sessions/".$sessionid.".dat", "r");
$row = 1;
while ($data = fgetcsv ($fp, 500)) {
$new_data[$row] = " ----------------------------------------------\n";
$row++;
$new_data[$row] = $data[0]." ".$data[1]."\n";
$row++;
$new_data[$row] = $data[3]." qty at $currency".$data[2]." = $currency".$data[2] * $data[3]."\n";
$row++;
if (! empty($no_prod) ) {
$no_prod = $no_prod + $data[3];
}
$tot_pos = $tot_pos + ($data[2] * $data[3]);
$tot_postage = $tot_postage + ($data[4]);
}
$tot_pos = number_format( ($tot_pos), 2, '.', '');
$subtotal = number_format( ($tot_pos), 2);
$vatVal = ($tot_pos)/(100)*$salesVAT;
$vat = number_format( ($vatVal), 2);
$postage = number_format( ($tot_postage), 2);
$total = number_format( ($tot_pos+$vat+$postage), 2, '.', '');
fclose ($fp);
if (!empty($new_data))
$new_data_insert = implode ("<BR>", $new_data);

// Send email to admin
$message = "<html>\n";
$message .= "<head>\n";
$message .= "<title>Order</title>\n";
$message .= "</head>\n";
$message .="<body>\n";

$message .= "<font face=Verdana size=2>\n";
$message .= " --------------------------------------- <BR>\n";
$message .= "<B>$companyName</B><BR>\n";
$message .= "Web Order Summary<BR>\n";
$message .= "Date: $senddate<BR>\n";
$message .= "Order ID: $order_id<BR>\n";
$message .= " --------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Summary</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "<b>Name:</b> $name<BR>\n";
$message .= "<b>E-mail:</b> <a href=mailto:$email>$email</a><BR>\n";
$message .= "<BR>\n";
$message .= "<b>Postal Address:</b><BR>\n";
$message .= "$address<BR>\n";
$message .= "$postcode0<BR>\n";
$message .= "<BR>\n";
$message .= "<b>Telephone:</b> $telephone<BR>\n";
$message .= "<BR>\n";
$message .= "<b>$CompanyWord:</b> $company<BR>\n";
$message .= "<BR>\n";
if (!empty($_REQUEST["notes"])) {
$message .= "<B>Order Notes:</B><BR>".$_REQUEST["notes"]."<BR>\n";
}
$message .= "<BR>\n";
$message .= "$new_data_insert<BR>\n";
$message .= " -------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Sub Total = $currency$subtotal<BR>\n";
if (!empty($salesVAT)) {
$message .= "";
} else {
$message .= "Sales Tax = $currency$vat<BR>\n";
}
if (!empty($PostalAmount)) {
$message .= "";
} else {
$message .= "Post & Packaging = $currency$postage<BR>\n";
}
$message .= "Total = $currency$total<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Information</B><BR>\n";
$message .= "$method $pmethod0<BR>\n";
$message .= "<BR>\n";
$message .= "$CustomerHasReceipt<BR>\n";
$message .= "</font>\n";
$message .= "</body>\n";
$message .= "</html>\n";

$eol = "\r\n";
$headers = "MIME-Version: 1.0$eol";
$headers .= "Content-type: text/html; charset=iso-8859-1$eol";
$headers .= "From: $name <$email>$eol";

mail($salesEmail, "Web Order Confirmation - Order ID: $order_id", $message, $headers);

// Send email to customer
$message = "<html>\n";
$message .= "<head>\n";
$message .= "<title>Order</title>\n";
$message .= "</head>\n";
$message .="<body>\n";
$message .= "<font face=Verdana size=2>\n";
$message .= " --------------------------------------------- <BR>\n";
$message .= "<B>$companyName</B><BR>\n";
$message .= "Web Order Summary<BR>\n";
$message .= "Date: $senddate<BR>\n";
$message .= "Order ID: $order_id<BR>\n";
$message .= " --------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Dear Customer,<BR>\n";
$message .= "<BR>\n";
$message .= "Thank you very much for ordering your goods from $companyName. A summary of your order can be found below.";
$message .= "<BR><BR>\n";

$message .= "<B>Order Summary</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "<b>Name:</b> $name<BR>\n";
$message .= "<b>E-mail:</b> <a href=mailto:$email>$email</a><BR>\n";
$message .= "<BR>\n";
$message .= "<b>Postal Address:</b><BR>\n";
$message .= "$address<BR>\n";
$message .= "$postcode0<BR>\n";
$message .= "<BR>\n";
$message .= "<b>Telephone:</b> $telephone<BR>\n";
$message .= "<BR>\n";
$message .= "$new_data_insert<BR>\n";
$message .= " -------------------------------------------- <BR>\n";
$message .= "<BR>\n";
$message .= "Sub Total = $currency$subtotal<BR>\n";
if (!empty($salesVAT)) {
$message .= "";
} else {
$message .= "Sales Tax = $currency$vat<BR>\n";
}
if (!empty($PostalAmount)) {
$message .= "";
} else {
$message .= "Post & Packaging = $currency$postage<BR>\n";
}
$message .= "Total = $currency$total<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<B>Order Information</B><BR>\n";
$message .= " ----------------------- <BR>\n";
$message .= "Your order will be shipped as soon as payment has been received.";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "If you have any problems or questions, please contact us by <a href=mailto:$salesEmail?subject=Order%20ID%20-%20$order_id%20>clicking here</a>.";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "<BR>\n";
$message .= "Thank you,<BR>\n";
$message .= "The $companyName Team<BR>\n";
$message .= "</font>\n";
$message .= "</body>\n";
$message .= "</html>\n";

$headers = "MIME-Version: 1.0$eol";
$headers .= "Content-type: text/html; charset=iso-8859-1$eol";
$headers .= "From: $companyName <$salesEmail>$eol";

mail($email, "Web Order Confirmation - Order ID: $order_id", $message, $headers);


// THIS PART MAKES IT WRITE TO THE ORDER FOLDER

if ($enableCopy == Activate) {
if (!empty($new_data))
$new_data_insert = implode ("\n", $new_data);
$file = fopen ("orders/$order_id.txt", "w");
if (!$file) {
echo "<p>Unable to open remote file for writing. Please make sure 'orders' Folder is chmod to 777\n";
exit;
}
/* Write the data here. */
fputs ($file, "IP: $ip
Date: $senddate
Time: $sendtime

$NameWord: $name
$CompanyWord: $company
$EmailWord: $email
$AddressWord: $address
$postcode: $postcode0

$PhoneWord: $telephone


$new_data_insert
-----------------------------------------------------------
Order Notes:
$notes

$SubTotalWord = $currency$subtotal
$PostageWord = $currency$postage
$TotalSumWord = $currency$total

$line1$SP0$method $pmethod0 $SP0$line1


$ThisOrderHasRef: $order_id
$CustomerHasReceipt\n");
fclose ($file);
}
// Payment Processor Section - Which ever processors you have setup will now be sent for
switch ($_REQUEST["pmethod"]){
case "Nochex" : include ("processor/nochex.inc.php"); break;
case "2Checkout" : include ("processor/2checkout.inc.php"); break;
case "Paystamp" : include ("processor/paystamp.inc.php"); break;
case "eWay" : include ("processor/eway.inc.php"); break;
case "Paypal" : include ("processor/paypal.inc.php"); break;
case "WorldPay_CC" :
case "WorldPay_DC" : include ("processor/worldpay.inc.php"); break;
case "Authorize.net" : include ("processor/authorize.inc.php"); break;
case "Authorize_sim.net" : include ("processor/authorize-sim.inc.php"); break;
case "MoneyBookers" : include ("processor/moneybookers.inc.php"); break;
case "eMatters" : include ("processor/ematters.inc.php"); break;
case "Fastpay" : include ("processor/fastpay.inc.php"); break;
case "Asiadebit" : include ("processor/asiadebit.inc.php"); break;
case "Paysystems" : include ("processor/paysystems.inc.php"); break;
case "Paymate" : include ("processor/paymate.inc.php"); break;
case "EWMerchant" : include ("processor/ewmerchant.inc.php"); break;
case "E-Gold" : include ("processor/egold.inc.php"); break;
case "Net1" : include ("processor/net1.inc.php"); break;
case "SecureTrading" : include ("processor/securetrading.inc.php"); break;
case "Verisign" : include ("processor/verisign.inc.php"); break;
case "Cash" :
case "Cheque" : include ("processor/offline.inc.php"); break;
}
unlink("./sessions/".$sessionid.".dat");
}
print "</td></tr></table>";
print "</center>";
print "</div>";
print "</div>";
print "</td>";
print "</tr>";
print "</table>";
print "</center>";
include ("./admin/footer.inc.php"); ?>

Posted: Wed Dec 19, 2007 10:12 am
by superdez
The following code has what seems to be an undefined global variable:

Code: Select all

$_REQUEST["product"]
What is the use of this and how can this be rewritten so as not to use an undefined global variable since any user could input a value for that variable.


Code: Select all

// Recalculate cart-contents
if ($_REQUEST["action"]=="confirm" || $_REQUEST["action"]=="checkout") {
$theproduct = $_REQUEST["product"];
$row = 1;
$fp = fopen ("./sessions/".$sessionid.".dat", "r+");
while ($data = fgetcsv ($fp, 500)) {
if (!empty($theproduct)) {
if ($theproduct[$row] == "0" || empty($theproduct[$row])) {
$row++;
continue;
} else {
$new_data[$row] = $data[0].",".$data[1].",".$data[2].",".$theproduct[$row].",".$data[4];
$row++;
}
}
}
fclose ($fp);

if (!empty($new_data)) {
$new_data_insert = implode ("\n", $new_data);
$fp = fopen ("./sessions/".$sessionid.".dat", "w");
fputs($fp, $new_data_insert."\n");
fclose ($fp);
}
}

SPAM PROBLEM

Posted: Wed Dec 19, 2007 11:16 pm
by laxman
I am getting lot's of spam mail problem please let me know how to stop spam email from my website.


Laxman Bhattarai

Re: SPAM PROBLEM

Posted: Sat Dec 29, 2007 4:35 am
by santos.john
laxman wrote:I am getting lot's of spam mail problem please let me know how to stop spam email from my website.


Laxman Bhattarai
Hey Laxman, i suggest u to install some anti-spam module.

Posted: Sat Dec 29, 2007 4:50 am
by andym01480
One reason you are probably getting spam is because you are using user input in the headers of the sales email without checking it for nasties

Code: Select all

$headers .= "From:  $name <$email>$eol";
This is called "header injection" - google to find out what it means!

You need to make sure that the $name contains what you expect a name to look like - upper and lower case characters, full stops and apostrophes so that Mr John O'Reilly would be valid!
http://www.webpronews.com/expertarticle ... g-php-ereg tells you how!

Then you need to make sure $email just contains a valid email address and nothing else! Google for ereg email to find one you like. Make sure it is fairly new as some of them throw out valid email address that end in .info etc.

That will stop spammers using your site to send spam which you get copies of!