<%@ Language=VBScript %>
<%
'*************************************************************************
' DO NOT MODIFY THIS SCRIPT IF YOU WANT UPDATES TO WORK!
' Function : Logon, Logoff and New Accounts
' : Create Cart session under HTTPS
' Product : CandyPress Store Frontend
' Version : 2.5
' Modified : February 2004
' Copyright: Copyright (C) 2004 CandyPress.Com
' See "license.txt" for this product for details regarding
' licensing, usage, disclaimers, distribution and general
' copyright requirements. If you don't have a copy of this
' file, you may request one at webmaster@candypress.com
'*************************************************************************
Option explicit
Response.Buffer = true
%>
<%
'Work fields
dim strReferer
dim arrayErrors
dim action
dim randomKey
dim formID
dim hdrNewCust
dim hdrOldCust
dim butNewCust
dim msgOldCust
dim msgNewCust
dim actNewCust
'Customer
dim status
dim Name
dim LastName
dim Email
dim Password
'Database
dim mySQL
dim conntemp
dim rstemp
dim rstemp2
'Session
dim idOrder
dim idCust
'*************************************************************************
'Open Database Connection
call openDb()
'Store Configuration
if loadConfig() = false then
call errorDB(langErrConfig,"")
end if
'If a cart existed under HTTP session, recreate cart under HTTPS session
idOrder = trim(Request.QueryString("idOrder"))
randomKey = trim(Request.QueryString("randomKey"))
if len(idOrder) > 0 and len(randomKey) > 0 then
call httpsSession(idOrder,randomKey)
end if
'Get/Set Cart/Order Session
idOrder = sessionCart()
'Get/Set Customer Session
idCust = sessionCust()
'Check Action Indicator
action = lCase(trim(Request("action")))
if action <> "logon" _
and action <> "logonaff" _
and action <> "logoff" _
and action <> "save" _
and action <> "checkout" then
Response.Redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrAction)
end if
'If Logoff, clear session and redirect to logoff message
if action = "logoff" then
session(storeID & "idCust") = null
Response.Redirect "sysMsg.asp?msg=" & server.URLEncode(langGenLogoffMsg)
end if
'If Checkout or Save, do some validations on the cart
if action = "checkout" or action = "save" then
'Check if the session is still active
if isNull(idOrder) then
response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrCartEmpty)
end if
'Check if cart has any items
if cartQty(idOrder) = 0 then
response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrCartEmpty)
end if
'Check if minimum order amount has been met (checkout only)
if action = "checkout" then
if cartTotal(idOrder,0) < pMinCartAmount then
response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrMinPrice & pCurrencySign & moneyS(pMinCartAmount))
end if
end if
end if
'Before we display the form for the first time, check if we can simply
'forward to the next page without showing the form.
if trim(Request.Form("formID")) = "" then
'If user already logged on ...
if not isNull(idCust) then
select case action
case "logon", "logonaff"
Response.Redirect "custListOrders.asp"
case "save"
call saveCart(idOrder,idCust)
Response.Redirect "custListOrders.asp"
case "checkout"
Response.Redirect "20_Customer.asp?action=" & action
end select
end if
'Check if the Customer clicked the "Logon" button
else
'Get values from the form
Email = request.form("Email")
Password = request.form("Password")
'Check Customer Logon form
if len(email) = 0 or len(password) = 0 then
'Email OR Password is empty
if len(email) = 0 then
arrayErrors = arrayErrors & "|email"
end if
if len(password) = 0 then
arrayErrors = arrayErrors & "|password"
end if
else
'Check for Invalid Characters
if invalidChar(Email,1,"@.-_") then
arrayErrors = arrayErrors & "|email"
end if
if invalidChar(Password,1,"") then
arrayErrors = arrayErrors & "|password"
end if
end if
'If there weren't any obvious errors so far, check the Customer's
'DB record and if it's valid log him on.
if len(trim(arrayErrors)) = 0 then
'Check Email/Password, and if Customer is still Active
mySQL = "SELECT idCust " _
& "FROM customer " _
& "WHERE email='" & validSQL(email,"A") & "' " _
& "AND password='" & validSQL(Ascii2Hex(EnDeCrypt(lCase(password),rc4Key)),"A") & "' " _
& "AND status='A'"
set rsTemp = openRSexecute(mySQL)
if not rstemp.eof then
'Log the Customer on
idCust = rsTemp("idCust")
session(storeID & "idCust") = idCust
'Forward to next page
select case action
case "logon", "logonaff"
Response.Redirect "custListOrders.asp"
case "save"
call saveCart(idOrder,idCust)
Response.Redirect "custListOrders.asp"
case "checkout"
Response.Redirect "20_Customer.asp?action=" & action
end select
else
'Invalid email/password combo entered
arrayErrors = arrayErrors & "|email"
arrayErrors = arrayErrors & "|password"
end if
call closeRS(rsTemp)
end if
end if
'Adjust display elements according to what type of logon we're showing
if action = "logonaff" then
hdrOldCust = langGenExistAff
hdrNewCust = langGenNewAff
butNewCust = langGenNewAff
msgOldCust = langGenExistAffDesc
msgNewCust = langGenNewAffDesc
else
hdrOldCust = langGenExistCust
hdrNewCust = langGenNewCust
butNewCust = langGenNewCust
msgOldCust = langGenExistCustDesc
msgNewCust = langGenNewCustDesc
end if
'Determine action indicator for a New customer
if action = "logonaff" then
actNewCust = "newaff"
elseif action = "logon" then
actNewCust = "newacc"
else
actNewCust = action
end if
%>
<%
'Close Database Connection
call closedb()
'**********************************************************************
'Main Shopping Cart Display Area.
'**********************************************************************
sub cartMain()
%>
<%=hdrOldCust%>
<%=hdrNewCust%>
<%
end sub
'**********************************************************************
'Create Cart session under HTTPS (if required)
'**********************************************************************
sub httpsSession(idOrder,randomKey)
'Because sessions are not shared between HTTP and HTTPS, we have
'to recreate the HTTP session under HTTPS from the database. To
'make sure that the Order Number was not altered by the user, we
'compare the Random Key in the database against the Random Key
'passed via the querystring. A valid idOrder & randomKey combination
'means the session can be recreated.
'Validate Order Number passed via QueryString
if not isNumeric(idOrder) then
response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder)
end if
'Validate Random Key passed via QueryString
if not isNumeric(randomKey) then
response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvRandKey)
end if
'Validate Order/Random Key combination on DB
mySQL = "SELECT idOrder " _
& "FROM cartHead " _
& "WHERE idOrder = " & validSQL(idOrder,"I") & " " _
& "AND randomKey = '" & validSQL(randomKey,"A") & "' "
set rsTemp = openRSexecute(mySQL)
if rstemp.eof then
response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder)
end if
call closeRS(rsTemp)
'Create session
session(storeID & "idOrder") = idOrder
end sub
%>