<%@ Language=VBScript %>
<%
'*************************************************************************
' DO NOT MODIFY THIS SCRIPT IF YOU WANT UPDATES TO WORK!
' Function : Gateway between HTTP and HTTPS sessions.
'          : This script must always be run under an HTTP session. It 
'          : will redirect to the target environment as required.
' Product  : CandyPress Store Frontend
' Version  : 2.5
' Modified : February 2004
' Copyright: Copyright (C) 2004 CandyPress.Com 
'            See "license.txt" for this product for details regarding 
'            licensing, usage, disclaimers, distribution and general 
'            copyright requirements. If you don't have a copy of this 
'            file, you may request one at webmaster@candypress.com
'*************************************************************************
Option explicit
Response.Buffer = true
%>
<!--#include file="../UserMods/_INClanguage_.asp"-->
<!--#include file="_INCconfig_.asp"-->
<!--#include file="_INCappDBConn_.asp"-->
<!--#include file="_INCappFunctions_.asp"-->
<%
'Variables
dim action
dim randomKey
dim deletedItems

'Database
dim mySQL
dim conntemp
dim rstemp
dim rstemp2

'Session
dim idOrder
dim idCust

'*************************************************************************

'Open Database Connection
call openDb()

'Store Configuration
if loadConfig() = false then
	call errorDB(langErrConfig,"")
end if

'Check Action Indicator
action = lCase(Request.QueryString("action"))
if  action <> "logon" _
and action <> "logonaff" _
and action <> "checkout" _
and action <> "save" _
and action <> "retrieve" then
	response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrAction)
end if

'********************************
'* HTTP -> HTTPS (10_logon.asp) * splash.asp
'********************************
if action = "logon" _
or action = "logonaff" _
or action = "checkout" _
or action = "save" then

	'Get idOrder from Session
	idOrder = sessionCart()
	
	'If active shopping cart exists, create random key
	if not isNull(idOrder) then

		'Create Random Key to ensure order number is not tampered with
		randomKey = rndKey(99999999)
		mySQL = "UPDATE cartHead " _
		      & "SET    randomKey = '" & validSQL(randomKey,"A") & "' " _
			  & "WHERE  idOrder = "    & validSQL(idOrder,"I")
		set rsTemp = openRSexecute(mySQL)
		call closeRS(rsTemp)

	end if
	
	'Close DB Connection
	call closedb()

	'Redirect to "10_logon.asp"
	Response.Redirect urlSSL & "10_Logon.asp?action=" & action & "&idOrder=" & idOrder & "&randomKey=" & randomKey

'****************************
'* HTTPS -> HTTP (cart.asp) *
'****************************
elseif action = "retrieve" then
	
	'Validate Order Number passed via QueryString
	idOrder = Request.QueryString("idOrder")
	if not isNumeric(idOrder) then
		response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder)
	end if

	'Validate Random Key passed via QueryString
	randomKey = Request.QueryString("randomKey")
	if not isNumeric(randomKey) then
		response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvRandKey)
	end if

	'Validate Order/Random Key/Status combination on DB
	mySQL = "SELECT idOrder " _
		  & "FROM   cartHead " _
		  & "WHERE  idOrder = "    & validSQL(idOrder,"I")   & " " _
		  & "AND    randomKey = '" & validSQL(randomKey,"A") & "' " _
		  & "AND   (orderStatus = 'U' OR orderStatus = 'S') "
	set rsTemp = openRSexecute(mySQL)
	if rstemp.eof then
		response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder)
	end if
	call closeRS(rsTemp)

	'Set Session Value
	session(storeID & "idOrder") = idOrder

	'Check quantity against available stock if stock level checking 
	 'is enabled.
	 if pHideAddStockLevel <> -1 then
	  'See if quantities of the product are still available
	  mySQL = "SELECT idproduct,description,sku,quantity " _
	     & "FROM   cartRows " _
	     & "WHERE  idOrder = "    & validSQL(idOrder,"I")   & " " 
	  set rsTemp2 = openRSexecute(mySQL)
	  do while not rsTemp2.eof
	   mySQL = "SELECT stock " _
	         & "FROM products " _
	         & "WHERE idProduct = " & validSQL(rsTemp2("idProduct"),"I") & "; "
	   set rsTemp = openRSexecute(mySQL)
   
	   if rsTemp2("quantity") > rsTemp("stock") then
	    deletedItems = deletedItems & rsTemp2("description") & " (" & rsTemp2("sku") & ") " & ErrOutStock & "<br>"
	    closeRS(rsTemp)
	    mySQL = "UPDATE cartrows " _
	          & "SET quantity = 0 " _
	          & "WHERE idOrder = " & validSQL(idOrder,"I") & " " _
	       & "AND   idProduct = " & validSQL(rsTemp2("idProduct"),"I") & ";"
	    set rsTemp = openRSexecute(mySQL)
	    closeRS(rsTemp)
	   end if
	   rsTemp2.movenext
	  loop
	 end if

	'Close DB Connection
	call closedb()

	'Redirect to "cart.asp"
	Response.Redirect urlNonSSL & "cart.asp"
	
end if

'**********************************************************************
'Generate a Random Key
'**********************************************************************
function rndKey(upperbound)
	randomize
	rndKey = DatePart("y",now()) _
		   & DatePart("h",now()) _
		   & DatePart("n",now()) _
		   & DatePart("s",now()) _
		   & Int(upperbound * Rnd + 1)
end function

%>