<%@ Language=VBScript %>
<%
'*************************************************************************
' DO NOT MODIFY THIS SCRIPT IF YOU WANT UPDATES TO WORK!
' Function : 2CheckOut.Com auto order update.
' Product  : CandyPress Store Frontend
' Version  : 2.5
' Modified : February 2004
' Copyright: Copyright (C) 2004 CandyPress.Com 
'            See "license.txt" for this product for details regarding 
'            licensing, usage, disclaimers, distribution and general 
'            copyright requirements. If you don't have a copy of this 
'            file, you may request one at webmaster@candypress.com
'*************************************************************************
Option explicit
Response.Buffer = true
%>
<!--#include file="../UserMods/_INClanguage_.asp"-->
<!--#include file="_INCconfig_.asp"-->
<!--#include file="_INCappDBConn_.asp"-->
<!--#include file="_INCappFunctions_.asp"-->
<!--#include file="_INCappEmail_.asp"-->
<!--#include file="_INCupdStatus_.asp"-->
<!--#include file="_INCmd5_.asp"-->
<%
'Work Fields
dim qIdOrder
dim qIdOrder2CO
dim qTotal
dim qKey
dim statusInd
dim formattedDateTime
dim payMessage
dim payMessageVar

'Database
dim mySQL
dim conntemp
dim rstemp
dim rstemp2

'Session
dim idOrder
dim idCust

'*************************************************************************

'Open Database Connection
call openDb()

'Store Configuration
if loadConfig() = false then
	call errorDB(langErrConfig,"")
end if

'Get/Set Cart/Order Session
idOrder = sessionCart()

'Get/Set Customer Session
idCust  = sessionCust()

'Get a Date and Time formatted to the user's specifications
formattedDateTime = formatTheDate(currDateTime("DT",timeOffSet)) & " " & currDateTime("T",timeOffSet)

'Get Form variables
qIdOrder	= trim(Request.Form("cart_order_id"))
qIdOrder2CO	= trim(Request.Form("order_number"))
qTotal		= trim(Request.Form("total"))
qKey		= trim(Request.Form("key"))
statusInd	= trim(Request.Form("credit_card_processed"))

'Validate Form variables were passed
if len(qIdOrder)=0 or len(qIdOrder2CO)=0 or len(qTotal)=0 or len(qKey)=0 then
	statusInd = "error"
else

	'Check status passed back by 2CheckOut.Com
	if UCase(statusInd) = "Y" then
	
		'Check MD5 Hash Key
		if UCase(qKey) = UCase(md5(TwoCheckoutMD5 & TwoCheckOutSID & qIdOrder2CO & qTotal)) then
		
			'Check the current Order Status for "Pending"
			mySQL = "SELECT orderStatus " _
				  & "FROM   cartHead " _
				  & "WHERE  idOrder = " & validSQL(qIdOrder,"I")
			set rsTemp = openRSexecute(mySQL)
			if rsTemp.eof then
				statusInd = "error"
			else
				statusInd = "success"
				'Update status, adjust stock levels, send email
				if rsTemp("orderStatus") = "0" then 
					call updOrderStatus(qIdOrder,"1","Y","Y","DATE : " & formattedDateTime & vbCrLf & "2CheckOut : Status = " & statusInd)
				end if
			end if
			call closeRS(rsTemp)

		else
			statusInd = "error"
		end if
	else
		statusInd = "error"
	end if
end if

'Clean up and redirect to Thank You/Error page
call closeDB()
Response.Redirect "60_PayReturn.asp?CP_idOrder=" & qIdOrder & "&CP_Status=" & statusInd

%>