<%@ Language=VBScript %>
<%
'*************************************************************************
' DO NOT MODIFY THIS SCRIPT IF YOU WANT UPDATES TO WORK!
' Function : Authorize.Net AIM module. Updates order as required.
' Product  : CandyPress Store Frontend
' Version  : 2.5
' Modified : February 2004
' Copyright: Copyright (C) 2004 CandyPress.Com 
'            See "license.txt" for this product for details regarding 
'            licensing, usage, disclaimers, distribution and general 
'            copyright requirements. If you don't have a copy of this 
'            file, you may request one at webmaster@candypress.com
'*************************************************************************
Option explicit
Response.Buffer = true
%>
<!--#include file="../UserMods/_INClanguage_.asp"-->
<!--#include file="_INCconfig_.asp"-->
<!--#include file="_INCappDBConn_.asp"-->
<!--#include file="_INCappFunctions_.asp"-->
<!--#include file="_INCappEmail_.asp"-->
<!--#include file="_INCupdStatus_.asp"-->
<%
'cartHead
dim Total
dim Name
dim LastName
dim CustomerCompany
dim Phone
dim Email
dim Address
dim City
dim Zip
dim locState
dim locCountry
dim cardNumber
dim cardExpMonth
dim cardExpYear

'Work Fields
dim strRequest
dim strResponse
dim objHttp
dim objHttpStatus
dim formattedDateTime
dim qIdOrder

'Database
dim mySQL
dim conntemp
dim rstemp
dim rstemp2

'Session
dim idOrder
dim idCust

'************************************************************************
 
'Open Database Connection
call openDb()

'Store Configuration
if loadConfig() = false then
	call errorDB(langErrConfig,"")
end if

'Get/Set Cart/Order Session
idOrder = sessionCart()

'Get/Set Customer Session
idCust  = sessionCust()

'Check Order Number
qIdOrder = Request.Form("qIdOrder")
if len(qIdOrder) = 0 or not isNumeric(qIdOrder) then
	Response.Redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder)
end if

'Retrieve some information we'll need from cartHead, and check if the 
'order number and status is valid for the logged on customer.
mySQL="SELECT Total,Name,LastName,CustomerCompany,Phone,Email," _
	& "       Address,City,Zip,locState,locCountry " _
	& "FROM   cartHead " _
	& "WHERE  idOrder     = "  & validSQL(qIdOrder,"I") & " " _
	& "AND    idCust      = "  & validSQL(idCust,"I")   & " " _
	& "AND    orderStatus = '0' "
set rsTemp = openRSexecute(mySQL)
if not rstemp.eof then
	Total				= rstemp("Total")
	Name				= trim(rstemp("name"))
	LastName			= trim(rstemp("LastName"))
	CustomerCompany		= trim(rstemp("CustomerCompany"))
	Phone				= trim(rstemp("Phone"))
	Email				= trim(rstemp("Email"))
	Address				= trim(rstemp("Address"))
	City				= trim(rstemp("City"))
	Zip					= trim(rstemp("Zip"))
	locState			= trim(rstemp("locState"))
	locCountry			= trim(rstemp("locCountry"))
else
	response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder)
end if
call closeRS(rsTemp)

'Construct Request to Authorize.Net. Note : Remove or rename the 
'Transaction Key field from the request for testing purposes.
strRequest = "" _
	& "x_version=" 			& "3.1" _
	& "&x_type="			& "AUTH_CAPTURE" _
	& "&x_method="			& "CC" _
	& "&x_Email_Customer="	& "TRUE" _
	& "&x_Email_Merchant="	& "TRUE" _
	& "&x_Delim_Data=" 		& "TRUE" _
	& "&x_Delim_Char=" 		& "|" _
	& "&x_Encap_Char="		& "*" _
	& "&x_Login="			& authNetLogin _
	& "&x_Tran_Key="		& authNetTxKey _
	& "&x_Amount="			& moneyD(total) _
	& "&x_Invoice_Num="		& qIdOrder _
	& "&x_Description="		& pCompany & " Order " & pOrderPrefix & "-" & qIdOrder _
	& "&x_currency_code="	& authNetCurrCode _
	& "&x_cust_id="			& idCust _
	& "&x_first_name="		& name _
	& "&x_last_name="		& Lastname _
	& "&x_address="			& address _
	& "&x_city="			& city _
	& "&x_zip="				& zip _
	& "&x_state="			& locState _
	& "&x_country="			& locCountry _
	& "&x_company="			& customerCompany _
	& "&x_phone="			& phone _
	& "&x_Email="			& email _
	& "&x_Card_Num="		& Request.Form("cardNumber") _
	& "&x_Exp_Date="		& Request.Form("cardExpMonth") & "-" & Request.Form("cardExpYear")
	
'If CVV code was entered, send that along as well
if len(trim(Request.Form("cardVerify"))) > 0 then
	strRequest = strRequest _
	& "&x_card_code="		& trim(Request.Form("cardVerify"))
end if

'Create XML object
on error resume next
set objHttp = server.Createobject(MSXMLprogID)
if err.number <> 0 then
	Response.Redirect "sysMsg.asp?errMsg=" & server.URLEncode(err.Description)
end if
on error goto 0

'Open connection to Authorize.Net server
objHttp.open "POST", "https://secure.authorize.net/gateway/transact.dll", false

'Send request
objHttp.Send strRequest

'Get response
objHttpStatus = objHttp.status
strResponse   = objHttp.responseText
set objHttp	  = nothing

'Validate HTTP response
if objHttpStatus <> 200 then
	Response.Redirect "sysMsg.asp?errMsg=" & server.URLEncode("HTTP Error : " & objHttpStatus)
	
else
	'Get a Date and Time formatted to the user's specifications
	formattedDateTime = formatTheDate(currDateTime("DT",timeOffSet)) & " " & currDateTime("T",timeOffSet)
	
	'Split response string into array
	strResponse = mid(strResponse,2) 'Trim leading asterisk
	strResponse = split(strResponse,"*|*",-1)

	'Check if payment was accepted by Authorize.Net
	if strResponse(0) = "1" then
		call updOrderStatus(qIdOrder,"1","Y","Y","DATE : " & formattedDateTime & vbCrLf & "AuthNet : " & strResponse(3) & " (" & strResponse(4) & ")")
	else
		Response.Redirect "sysMsg.asp?errMsg=" & server.URLEncode(strResponse(2) & " - " & strResponse(3))
	end if
	
end if

'Clean up and redirect to Thank You/Error page
call closeDB()
Response.Redirect "60_PayReturn.asp?CP_idOrder=" & qIdOrder & "&CP_Status=success"
%>