<%@ Language=VBScript %> <% '************************************************************************* ' DO NOT MODIFY THIS SCRIPT IF YOU WANT UPDATES TO WORK! ' Function : Request payment from 3rd party payment processors ' Product : CandyPress Store Frontend ' Version : 2.5 ' Modified : February 2004 ' Copyright: Copyright (C) 2004 CandyPress.Com ' See "license.txt" for this product for details regarding ' licensing, usage, disclaimers, distribution and general ' copyright requirements. If you don't have a copy of this ' file, you may request one at webmaster@candypress.com '************************************************************************* Option explicit Response.Buffer = true %> <% 'cartHead dim orderStatus dim orderDate dim subTotal dim taxTotal dim shipmentTotal dim handlingFeeTotal dim otherFeeTotal dim adjustAmount dim Total dim Name dim LastName dim CustomerCompany dim Phone dim Email dim Address dim City dim Zip dim locState dim locCountry dim cardType dim cardNumber dim cardExpMonth dim cardExpYear dim cardName dim cardVerify dim paymentType dim randomKey dim discTotal 'CartRows dim IDCartRow dim IDProduct dim Quantity dim unitPrice dim Description dim SKU dim discAmt dim QTE dim optionDescrip dim optionPrice dim optionGroupsTotal 'Work Fields dim countryCode dim stateCode dim i,f dim qIdOrder dim refererURL 'Database dim mySQL dim conntemp dim rstemp dim rstemp2 'Session dim idOrder dim idCust '************************************************************************* 'Open Database Connection call openDb() 'Store Configuration if loadConfig() = false then call errorDB(langErrConfig,"") end if 'Get/Set Cart/Order Session idOrder = sessionCart() 'Get/Set Customer Session idCust = sessionCust() 'Check that the Customer is currently logged in if isNull(idCust) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrNotLoggedIn) end if 'NOTE : Some gateways require that this page's URL be fixed (eg. 'LinkPoint). We can therefore NOT pass any variable info to this 'script in a querystring. This information must be passed via the 'session object, or via a POST action from a form. 'Get Order Number and Validate qIdOrder = session(storeID & "idOrderPaySubmit") if len(qIdOrder) = 0 then qIdOrder = Request.Form("idOrder") end if if len(qIdOrder) = 0 then qIdOrder = Request.QueryString("idOrder") end if if len(qIdOrder) = 0 or not IsNumeric(qIdOrder) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder) end if 'Retrieve some information we may need from cartHead mySQL="SELECT orderStatus,orderDate,randomKey,subTotal,taxTotal,shipmentTotal,Total," _ & " Name,LastName,CustomerCompany,Phone,Email,Address,City,Zip," _ & " locState,locCountry,cardType,cardNumber,cardExpMonth," _ & " cardExpYear,cardName,cardVerify,paymentType,discTotal,handlingFeeTotal," _ & " otherFeeTotal,adjustAmount " _ & "FROM cartHead " _ & "WHERE idOrder = " & validSQL(qIdOrder,"I") & " " _ & "AND idCust = " & validSQL(idCust,"I") set rsTemp = openRSexecute(mySQL) if not rstemp.eof then orderStatus = rstemp("orderStatus") orderDate = rstemp("orderDate") randomKey = rstemp("randomKey") subTotal = rstemp("subTotal") taxTotal = rstemp("taxTotal") shipmentTotal = rstemp("shipmentTotal") Total = rstemp("Total") Name = trim(rstemp("name")) LastName = trim(rstemp("LastName")) CustomerCompany = trim(rstemp("CustomerCompany")) Phone = trim(rstemp("Phone")) Email = trim(rstemp("Email")) Address = trim(rstemp("Address")) City = trim(rstemp("City")) Zip = trim(rstemp("Zip")) locState = trim(rstemp("locState")) locCountry = trim(rstemp("locCountry")) cardType = trim(rstemp("cardType")) cardNumber = trim(EnDeCrypt(Hex2Ascii(rstemp("cardNumber")),rc4Key)) cardExpMonth = trim(rstemp("cardExpMonth")) cardExpYear = trim(rstemp("cardExpYear")) cardName = trim(rstemp("cardName")) cardVerify = trim(rstemp("cardVerify")) paymentType = trim(rstemp("paymentType")) discTotal = rstemp("discTotal") taxTotal = rstemp("taxTotal") handlingFeeTotal = rstemp("handlingFeeTotal") otherFeeTotal = rstemp("otherFeeTotal") adjustAmount = rstemp("adjustAmount") if isNull(adjustAmount) then adjustAmount = 0.00 end if else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder) end if call closeRS(rsTemp) 'The order will have the full country and state description. Retrieve 'the country and state codes for the benefit of some payment processors 'that require the country and state codes, and not the description. countryCode = getCountryCode(locCountry) stateCode = getStateCode(locState,countryCode) 'Validate Payment Processor(s) if lCase(paymentType) <> "paypal" _ and lCase(paymentType) <> "cod" _ and lCase(paymentType) <> "2checkout" _ and lCase(paymentType) <> "authorizenet" _ and lCase(paymentType) <> "pag_digital" _ and lCase(paymentType) <> "custom" then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvPayment) end if 'Validate Order Status if orderStatus <> "0" then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrdStat) end if 'What page did we come from? refererURL = lCase(Request.ServerVariables("HTTP_REFERER")) %> <% 'Close Database Connection call closeDB() '********************************************************************** 'Main Shopping Cart Display Area '********************************************************************** sub cartMain() %>

<%=langGenSubmitPayment%> <% 'Determine if this is part of the checkout process if instr(refererURL,lCase("40_SubmitOrder.asp")) <> 0 then %> <%=langGenStep4%> <% else Response.Write " " end if %> <% 'What Payment Processor? if lCase(paymentType) = "paypal" then call payPayPal() end if if lCase(paymentType) = "cod" then call boleto() end if if lCase(paymentType) = "2checkout" then call pay2CheckOut() end if if lCase(paymentType) = "pag_digital" then call pag_digital() end if if lCase(paymentType) = "authorizenet" then if UCase(pAuthNetType) = "AIM" then call payAuthorizeNetAIM() else call payAuthorizeNetSIM() end if end if if lCase(paymentType) = "custom" then call payCustomRoutine() end if %> <%=langGenOrderSummary%> <%=langGenFullName%>  <%=name & " " & lastname%> <%=langGenOrderNumber%>  <%=pOrderPrefix & "-" & qIdOrder%> <%=langGenOrderDate%>  <%=formatTheDate(orderDate)%> <%=langGenTotal%>  <%=pCurrencySign & moneyS(Total)%> <%=langGenPayment%>  <%=paymentMsg(paymentType, total, cardNumber)%>

<% end sub '********************************************************************** 'PayPal payments 'Notes : Relies on you specifying seperate URL's for transactions that ' are successful and unsuccessful. Because we have one script ' that deals with both, we construct the two return URL's to ' go to the same page, but we add a status indicator to the ' URL. '********************************************************************** sub payPayPal() 'Determine target URL if demoMode = "Y" then %>

<% else %> <% end if %> ">
<%=langGenPayNowMsg%>

-->       <--

<% end sub '********************************************************************** 'Pagamento Digital '********************************************************************** sub pag_digital() 'Determine target URL if demoMode = "Y" then %>

<% else %> <% end if %> <% 'Get all rows for this cart QTE = 0 i = 0 f = "" mySQL = "SELECT SUM(quantity) AS QTE FROM cartRows WHERE cartRows.idOrder = " & validSQL(qidOrder,"I") & " GROUP BY idOrder" set rsTemp = openRSexecute(mySQL) do while not rstemp.eof QTE = rsTemp("QTE") rstemp.movenext loop call closeRS(rsTemp) mySQL = "SELECT IDCartRow,idProduct,quantity," _ & " unitPrice,description,sku," _ & " discAmt " _ & "FROM cartRows " _ & "WHERE cartRows.idOrder = " & validSQL(qidOrder,"I") & " " _ & "ORDER BY idCartRow " set rsTemp = openRSexecute(mySQL) do while not rstemp.eof 'Assign record values to local values IDCartRow = rstemp("idCartRow") IDProduct = rstemp("idProduct") Quantity = rstemp("quantity") unitPrice = rstemp("unitPrice") Description = rstemp("description") SKU = rstemp("sku") discAmt = rstemp("discAmt") if isNull(discAmt) then discAmt = 0.00 end if i = i + 1 if SKU = "" then 'Use idProduct f = f & "" & vbcrlf else 'Use sku f = f & "" & vbcrlf end if 'Write cartRow line (main item) f = f & "" & vbcrlf f = f & " 0 Then f = f & "
**Desconto de: " & pCurrencySign & moneyS(discamt) & "" end if 'Get all options for this row optionGroupsTotal = 0 mySQL = "SELECT optionPrice, optionDescrip " _ & "FROM cartRowsOptions " _ & "WHERE idCartRow = " & validSQL(IDCartRow,"I") set rsTemp2 = openRSexecute(mySQL) do while not rstemp2.eof 'Assign record values to local values optionDescrip = rstemp2("optionDescrip") optionPrice = rstemp2("optionPrice") 'Calculate options Sub Total optionGroupsTotal = optionGroupsTotal + optionPrice if optionPrice <> 0 Then f = f & "
* " & optionDescrip & " - " & pCurrencySign & moneyS(optionPrice) & "" else f = f & "
* " & optionDescrip & "" end if rstemp2.movenext loop call closeRS(rsTemp2) if disctotal > 0 Then f = f & "
**Cupom de desconto: " & pCurrencySign & moneyS(disctotal) & "" end if f = f & """>" & vbcrlf f = f & "" & vbcrlf rstemp.movenext loop call closeRS(rsTemp) %> "> <%=f%>
<%=langGenPayNowMsg%>

-->       <--

<% end sub '********************************************************************** 'BOLETO BANCÁRIO 'Impresso pelo própio cliente. '********************************************************************** sub boleto() %>
<%=langGenPayNowMsg%>

-->       <--
Após a confirmação do pagamento do BOLETO seu pedido será imediatamente liberado para entrega!
<% call closeRS(rsTemp) end sub '********************************************************************** '2CheckOut payments 'Notes : Always returns control to the same URL, regardless of the ' status of the transaction. The return URL has to be entered ' into your 2CheckOut account settings. When control is ' returned, 2CheckOut passes a status indicator which can be ' checked. '********************************************************************** sub pay2CheckOut() 'Determine target URL if demoMode = "Y" then %>

<% else %> <% end if %> ">
<%=langGenPayNowMsg%>

-->       <--

<% end sub '********************************************************************** 'AuthorizeNet SIM payments 'Notes : Always returns control to the same URL, regardless of the ' status of the transaction. The return URL is passed to the ' Authorize.Net routine. When control is returned, Authorize.Net ' passes a status indicator which can be checked. '********************************************************************** sub payAuthorizeNetSIM() 'Determine target URL if demoMode = "Y" then %>

<% else %> <% end if %> <%call InsertFP(authNetLogin,authNetTxKey,moneyD(total),qIdOrder,authNetCurrCode)%> ">
<%=langGenPayNowMsg%>

-->       <--

<% end sub '********************************************************************** 'AuthorizeNet AIM payments 'Notes : Creates a form into which customer enters their CC info. ' This is then passed to Authorize.Net for validation and ' processing. '********************************************************************** sub payAuthorizeNetAIM() 'Determine target URL if demoMode = "Y" then %>

<% else %> <% end if %>

<%=langGenCCnumber%>
<%=langGenCCexpire%>	<%=langGenMonth%> <% for I = 1 to 12 %> <%=I%> <% next %> / <%=langGenYear%> <% for I = year(now()) to year(now()) + 10 %> <%=I%> <% next %>
<%=langGenCCcvv%>

<% end sub '********************************************************************** 'Custom payments 'Notes : Custom payments should only be used if the appropriate code ' : has been entered into the custom payment user include files. '********************************************************************** sub payCustomRoutine() %> <% end sub '************************************************************************* 'Get Country Code from Country Description '************************************************************************* function getCountryCode(locName) dim mySQL, rsTemp getCountryCode = trim(locName) 'Get Country Code mySQL = "SELECT locCountry " _ & "FROM locations " _ & "WHERE locName = '" & validSQL(trim(locName),"A") & "' " _ & "AND (locState = '' OR locState IS NULL)" set rsTemp = openRSexecute(mySQL) if not rsTemp.eof then getCountryCode = rsTemp("locCountry") end if call closeRS(rsTemp) end function '************************************************************************* 'Get State Code from State Description and Country Code '************************************************************************* function getStateCode(locName,countryCode) dim mySQL, rsTemp getStateCode = trim(locName) 'Get State Code mySQL = "SELECT locState " _ & "FROM locations " _ & "WHERE locName = '" & validSQL(trim(locName),"A") & "' " _ & "AND locCountry = '" & validSQL(trim(countryCode),"A") & "' " _ & "AND NOT(locState = '' OR locState IS NULL)" set rsTemp = openRSexecute(mySQL) if not rsTemp.eof then getStateCode = rsTemp("locState") end if call closeRS(rsTemp) end function %>