<%@ LANGUAGE = "VBScript" %>
<%
cctype=request.form("cctype")
ccnumber=request.form("ccnumber")
ccexpire=request.form("ccexpire")
'Check if user is signed in
if session("custid")="" or session("custid")=null then
response.redirect("signin.asp")
end if
'Check if anything in shopping cart
If IsArray(Session("cart")) = false Then
Dim acart(19,1)
Session("cart") = acart
response.redirect("error.asp?msg=" & Server.URLEncode("Your shopping cart is empty."))
end if
acart=Session("cart")
cempty=true
for i=lbound(acart) to ubound(acart)
if acart(i,0)<>"" and acart(i,1)<>"" then
cempty=false
end if
next
if cempty then
response.redirect("review.asp")
end if
if session("fname")="" or session("lname")="" or session("address1")="" or session("address2")="" or session("city")="" or session("state")="" or session("zip")="" or session("country")="" then
response.redirect("payment.asp")
end if
if session("fname")="" or session("lname")="" or session("address1")="" or session("address2")="" or session("city")="" or session("state")="" or session("zip")="" or session("country")="" then
response.redirect("checkout.asp")
end if
if enablecreditcard then
'******************************************************************
'VERIFY CREDIT CARD DETAILS
'******************************************************************
ccmsg=""
if cctype<>"visa" and cctype<>"americanexpress" and cctype<>"mastercard" and cctype<>"discover" then
ccmsg=ccmsg & "You entered an unknown credit card. "
end if
if not(isnumeric(ccnumber)) then
ccmsg=ccmsg & "You must enter a valid credit card number. "
end if
'check the date
if ccexpire="" or not(isdate(ccexpire)) then
ccmsg=ccmsg & "You must enter a valid date. "
end if
if ccmsg<>"" then
response.redirect("payment.asp?ccmsg=" & Server.URLEncode(ccmsg))
end if
'******************************************************************
end if
'To get orderid back we have to do things a litle differently
Set rsorder = Server.CreateObject("ADODB.RecordSet")
' Open the table
rsorder.Open "orders", strConn, adOpenKeySet, adLockPessimistic, adCmdTable
' Add a new record
rsorder.AddNew
rsorder("dfname") = session("fname")
rsorder("dlname") = session("lname")
rsorder("daddress1") = session("address1")
rsorder("daddress2") = session("address2")
rsorder("dcity") = session("city")
rsorder("dstate") = session("state")
rsorder("dzip") = session("zip")
rsorder("dcountry") = session("country")
rsorder("date")=date() & " " & time()
rsorder("custid")=Session("custid")
if enablecreditcard then
rsorder("ccnumber")=request.form("ccnumber")
rsorder("cctype")=request.form("cctype")
rsorder("ccexpire")=request.form("ccexpire")
end if
' Update the record
rsorder.update
' Retrive the ID
orderid = rsorder("orderid")
' Close the RecordSet
rsorder.Close
Set rsorder = Nothing
' In order to send an email confirmation, we need to build up the message body containing
' the items and quantity of the order
bodyitems=""
emailtotal=0
'Next we need to store each of the items
for i=lbound(acart) to ubound(acart)
if acart(i,0)<>"" and acart(i,1)<>"" then
'Look up price per unit
set rsprice=db.execute("select price,saleprice,name from products where productid=" & acart(i,0))
if rsprice.eof then
response.redirect("error.asp?msg=" & Server.URLEncode("We are unable to process your requst at present."))
end if
if rsprice("saleprice")="" or rsprice("saleprice")=0 then
currentprice=rsprice("price")
else
currentprice=rsprice("saleprice")
end if
bodyitems=bodyitems & acart(i,1) & " " & rsprice("name") & " " & cursymbol & formatnumber(currentprice * acart(i,1)) & chr(13)
emailtotal=emailtotal+(currentprice * acart(i,1))
sql= "insert into orderitems (orderid,productid, qty,priceperunit) values (" & orderid & "," & acart(i,0) & "," & acart(i,1) & "," & currentprice & ")"
set rsorderitems=db.execute(sql)
end if
next
bodyitems=bodyitems & "Grand Total: " & cursymbol & formatnumber(emailtotal)
'Send the email confirmation
'Get customers details
set rscust=db.execute("select * from customers where custid=" & Session("custid"))
if rscust.eof then
response.redirect("error.asp?" & Server.URLEncode("We are unable to process your request at present"))
end if
body1="Dear " & rscust("fname") & chr(13) & "Thank you for shopping at " & storename & ". This is a confirmation of your order. Below you will find details of the order you placed. If you have any questions or queries, please do not hesitate to contact us." & chr(13) & chr(13)
body2= chr(13) & chr(13) & "The order will be delivered to:" & chr(13) & session("fname") & " " & session("lname") & chr(13) & session("address1") & chr(13) & session("address2") & chr(13) & session("city") & chr(13) & session("state") & " " & session("zip") & chr(13) & chr(13)
body3="Your order tracking number is " & orderid & chr(13) & chr(13)
body4="Please use this number when contacting us regarding your order." & chr(13) & chr(13) & "The " & storename & " team."
emailbody=body1 & bodyitems & body2 & body3 & body4
if emailuser=true then
send_mail rscust("email"),rscust("fname") & " " & rscust("lname"),storename & " Confirmation",emailbody
end if
body1="Order#: " & orderid & chr(13) & chr(13)
if emailowner=true then
send_mail owneraddress,"" ,storename & " Sales",body1 & bodyitems
end if
'Finally, empty the cart
Session("cart")=null
%>
<%= storename %>
<%
header
categorymenu
%>
your order is being processed
· Thank you for shopping with <%= storename %>.
Your order tracking number is
<%= orderid %>.
You should keep a record of this in case you need to contact us about your order.