<%@ Language=VBScript %> <% '************************************************************************* ' DO NOT MODIFY THIS SCRIPT IF YOU WANT UPDATES TO WORK! ' Function : Customer Maintenance ' Product : CandyPress Store Administration ' Version : 2.5 ' Modified : February 2004 ' Copyright: Copyright (C) 2004 CandyPress.Com ' See "license.txt" for this product for details regarding ' licensing, usage, disclaimers, distribution and general ' copyright requirements. If you don't have a copy of this ' file, you may request one at webmaster@candypress.com '************************************************************************* Option explicit Response.Buffer = true const adminLevel = 1 %> <% 'Database dim mySQL, cn, rs, rs2 'Customer dim idCust dim status dim dateCreated dim dateCreatedInt dim name dim lastName dim customerCompany dim phone dim email dim password dim address dim city dim locState dim locState2 dim locCountry dim zip dim paymentType dim shippingName dim shippingLastName dim shippingPhone dim shippingAddress dim shippingCity dim shippingLocState dim shippingLocState2 dim shippingLocCountry dim shippingZip dim futureMail dim generalComments dim taxExempt dim affiliate dim commPerc 'Work Fields dim action dim orderCount '************************************************************************* 'Open Database Connection call openDB() 'Store Configuration if loadConfig() = false then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Could not load Store Configuration settings.") end if 'Get action action = trim(lCase(Request.Form("action"))) if len(action) = 0 then action = trim(lCase(Request.QueryString("action"))) end if if action <> "edit" and action <> "del" then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Action Indicator.") end if 'Get idCust if action = "edit" or action = "del" then idCust = trim(Request.Form("idCust")) if len(idCust) = 0 then idCust = trim(Request.QueryString("idCust")) end if if idCust = "" or not isNumeric(idCust) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Customer ID.") else idCust = CLng(idCust) end if end if 'EDIT if action = "edit" then 'Get fields Email = trim(replace(Request.Form("Email"),"""","")) if len(Email) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Email.") end if status = trim(Request.Form("status")) taxExempt = trim(Request.Form("taxExempt")) futureMail = trim(Request.Form("futureMail")) affiliate = trim(Request.Form("affiliate")) commPerc = trim(Request.Form("commPerc")) if isNull(commPerc) or commPerc = "" then commPerc = "null" elseif isNumeric(commPerc) then commPerc = CDbl(commPerc) else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Commission Percentage.") end if if UCase(affiliate) = "Y" and not isNumeric(commPerc) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Commission Percentage required if Affiliate.") end if name = trim(replace(Request.Form("name"),"""","")) if len(name) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid First Name.") end if lastName = trim(replace(Request.Form("lastName"),"""","")) if len(lastName) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Last Name.") end if Phone = trim(replace(Request.Form("Phone"),"""","")) if len(Phone) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Phone Number.") end if address = trim(replace(Request.Form("address"),"""","")) if len(address) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Billing Address.") end if city = trim(replace(Request.Form("city"),"""","")) if len(city) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Billing City.") end if zip = trim(replace(Request.Form("zip"),"""","")) if len(zip) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Billing Zip/Postal Code.") end if locState = trim(replace(Request.Form("locState"),"""","")) locState2 = trim(replace(Request.Form("locState2"),"""","")) locCountry = trim(replace(Request.Form("locCountry"),"""","")) if len(locCountry) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Billing Country.") end if customerCompany = trim(replace(Request.Form("customerCompany"),"""","")) paymentType = trim(Request.Form("paymentType")) Password = trim(replace(Request.Form("Password"),"""","")) if len(Password) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Password.") end if shippingName = trim(replace(Request.Form("shippingName"),"""","")) shippingLastName = trim(replace(Request.Form("shippingLastName"),"""","")) shippingPhone = trim(replace(Request.Form("shippingPhone"),"""","")) shippingAddress = trim(replace(Request.Form("shippingAddress"),"""","")) shippingCity = trim(replace(Request.Form("shippingCity"),"""","")) shippingZip = trim(replace(Request.Form("shippingZip"),"""","")) shippingLocState = trim(replace(Request.Form("shippingLocState"),"""","")) shippingLocState2 = trim(replace(Request.Form("shippingLocState2"),"""","")) shippingLocCountry = trim(replace(Request.Form("shippingLocCountry"),"""","")) generalComments = trim(replace(Request.Form("generalComments"),"""","")) 'Update record mySQL="UPDATE customer SET " _ & "status='" & status & "'," _ & "taxExempt='" & taxExempt & "'," _ & "affiliate='" & affiliate & "'," _ & "[name]='" & replace(name,"'","''") & "'," _ & "lastName='" & replace(lastName,"'","''") & "'," _ & "customerCompany='" & replace(customerCompany,"'","''") & "'," _ & "phone='" & replace(phone,"'","''") & "'," _ & "Email='" & replace(Email,"'","''") & "'," _ & "[Password]='" & Ascii2Hex(EnDeCrypt(lCase(Password),rc4Key)) & "'," _ & "futureMail='" & futureMail & "'," _ & "paymentType='" & paymentType & "'," _ & "address='" & replace(address,"'","''") & "'," _ & "city='" & replace(city,"'","''") & "'," _ & "zip='" & replace(zip,"'","''") & "'," _ & "locState='" & replace(locState,"'","''") & "'," _ & "locState2='" & replace(locState2,"'","''") & "'," _ & "locCountry='" & replace(locCountry,"'","''") & "'," _ & "shippingName='" & replace(shippingName,"'","''") & "'," _ & "shippingLastName='" & replace(shippingLastName,"'","''") & "'," _ & "shippingPhone='" & replace(shippingPhone,"'","''") & "'," _ & "shippingAddress='" & replace(shippingAddress,"'","''") & "'," _ & "shippingCity='" & replace(shippingCity,"'","''") & "'," _ & "shippingZip='" & replace(shippingZip,"'","''") & "'," _ & "shippingLocState='" & replace(shippingLocState,"'","''") & "'," _ & "shippingLocState2='" & replace(shippingLocState2,"'","''") & "'," _ & "shippingLocCountry='"& replace(shippingLocCountry,"'","''") & "'," _ & "generalComments='" & replace(generalComments,"'","''") & "'," _ & "commPerc=" & commPerc & " " _ & "WHERE idCust = " & idCust set rs = openRSexecute(mySQL) call closedb() Response.Redirect "SA_cust.asp?recallCookie=1&msg=" & server.URLEncode("Customer was Updated.") end if 'DELETE if action = "del" then 'Check if there are any Orders for this Customer mySQL = "SELECT COUNT(*) AS orderCount " _ & "FROM cartHead " _ & "WHERE idCust=" & idCust set rs = openRSexecute(mySQL) orderCount = rs("orderCount") call closeRS(rs) 'If there were orders, then this Customer can not be deleted if orderCount > 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Customer can not be deleted because there are Orders linked to it.") end if 'Set CursorLocation of the Connection Object to Client cn.CursorLocation = adUseClient 'BEGIN Transaction cn.BeginTrans 'Delete records from customer mySQL = "DELETE FROM customer " _ & "WHERE idCust = " & idCust set rs = openRSexecute(mySQL) 'END Transaction cn.CommitTrans call closedb() Response.Redirect "SA_cust.asp?recallCookie=1&msg=" & server.URLEncode("Customer was Deleted.") end if 'Just in case we ever get this far... call closedb() Response.Redirect "SA_cust.asp?recallCookie=1" %>