<%@ Language=VBScript %> <% '************************************************************************* ' DO NOT MODIFY THIS SCRIPT IF YOU WANT UPDATES TO WORK! ' Function : Order Maintenance ' Product : CandyPress Store Administration ' Version : 2.5 ' Modified : February 2004 ' Copyright: Copyright (C) 2004 CandyPress.Com ' See "license.txt" for this product for details regarding ' licensing, usage, disclaimers, distribution and general ' copyright requirements. If you don't have a copy of this ' file, you may request one at webmaster@candypress.com '************************************************************************* Option explicit Response.Buffer = true const adminLevel = 1 %> <% 'Database dim mySQL, cn, rs, rs2 'cartHead dim idOrder dim idCust dim orderDate dim orderDateInt dim randomKey dim subTotal dim taxTotal dim shipmentTotal dim Total dim shipmentMethod dim name dim lastName dim customerCompany dim phone dim email dim address dim city dim locState dim locCountry dim zip dim shippingName dim shippingLastName dim shippingPhone dim shippingAddress dim shippingCity dim shippingLocState dim shippingLocCountry dim shippingZip dim paymentType dim cardType dim cardNumber dim cardExpMonth dim cardExpYear dim cardVerify dim cardName dim generalComments dim orderStatus dim auditInfo dim storeComments dim storeCommentsPriv dim adjustReason dim adjustAmount dim discPerc dim discTotal dim handlingFeeTotal dim otherFeeTotal 'cartRows dim idCartRow dim idProduct dim sku dim quantity dim unitPrice dim unitWeight dim description 'CartRowsOptions dim idCartRowOption dim idOption dim optionPrice dim optionDescrip 'Work Fields dim action 'Action to be taken with this order dim orderStatusMail 'Email customer when Order Status changes? dim orderStatusStockAdj 'Adjust stock level when Order Status changes? dim delUordHours 'Number of hours to delete Unfinalized orders? '************************************************************************* 'Open Database Connection call openDB() 'Store Configuration if loadConfig() = false then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Could not load Store Configuration settings.") end if 'Get action action = trim(lCase(Request.Form("action"))) if len(action) = 0 then action = trim(lCase(Request.QueryString("action"))) end if if action <> "edit" _ and action <> "del" _ and action <> "paid" _ and action <> "deluord" _ and action <> "bulkdel" then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Action Indicator.") end if 'Get idOrder if action = "edit" or action = "del" or action = "paid" then idOrder = trim(Request.Form("idOrder")) if len(idOrder) = 0 then idOrder = trim(Request.QueryString("idOrder")) end if if idOrder = "" or not isNumeric(idOrder) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Order Number.") else idOrder = CLng(idOrder) end if end if 'EDIT if action = "edit" then 'Get Order Status and validate it orderStatus = UCase(trim(Request.Form("orderStatus"))) if len(orderStatus) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Order Status.") end if 'Get miscellaneous fields orderStatusMail = trim(Request.Form("orderStatusMail")) orderStatusStockAdj = trim(Request.Form("orderStatusStockAdj")) 'Get CC Type cardType = trim(replace(Request.Form("cardType"),"""","")) 'Get CC Number cardNumber = trim(replace(Request.Form("cardNumber"),"""","")) cardNumber = Ascii2Hex(EnDeCrypt(cardNumber,rc4Key)) 'Get CC Month Exp. cardExpMonth = trim(Request.Form("cardExpMonth")) if len(cardExpMonth) > 0 and not isNumeric(cardExpMonth) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Expiry Month.") end if 'Get CC Year Exp. cardExpYear = trim(Request.Form("cardExpYear")) if len(cardExpYear) > 0 and not isNumeric(cardExpYear) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Expiry Year.") end if 'Get CC Verify Number cardVerify = trim(replace(Request.Form("cardVerify"),"""","")) 'Get CC Name cardName = trim(replace(Request.Form("cardName"),"""","")) 'Get Sub Total subTotal = trim(Request.Form("subTotal")) if isNumeric(subTotal) then subTotal = CDbl(subTotal) else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Sub Total.") end if 'Get Discount Percentage discPerc = trim(Request.Form("discPerc")) if isNumeric(discPerc) then discPerc = CDbl(discPerc) else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Discount Percentage.") end if 'Get Discount Total discTotal = trim(Request.Form("discTotal")) if isNumeric(discTotal) then discTotal = CDbl(discTotal) else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Discount Total.") end if 'Get Shipping Total shipmentTotal = trim(Request.Form("shipmentTotal")) if isNumeric(shipmentTotal) then shipmentTotal = CDbl(shipmentTotal) else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Shipping Total.") end if 'Get Handling Fee handlingFeeTotal = trim(Request.Form("handlingFeeTotal")) if isNumeric(handlingFeeTotal) then handlingFeeTotal = CDbl(handlingFeeTotal) else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Handling Fee.") end if 'Get Other Fees otherFeeTotal = trim(Request.Form("otherFeeTotal")) if isNumeric(otherFeeTotal) then otherFeeTotal = CDbl(otherFeeTotal) else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Other Fees.") end if 'Get Tax Total taxTotal = trim(Request.Form("taxTotal")) if isNumeric(taxTotal) then taxTotal = CDbl(taxTotal) else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Tax Total.") end if 'Get Adjustment Amount adjustAmount = trim(Request.Form("adjustAmount")) if isNumeric(adjustAmount) then adjustAmount = CDbl(adjustAmount) else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid Adjustment Amount.") end if 'Get Adjustment Reason adjustReason = trim(replace(Request.Form("AdjustReason"),"""","")) if adjustAmount > 0 and len(adjustReason) = 0 then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Adjustment Reason required if Adjustment Amount is entered.") end if 'Get other fields which can be modified storeCommentsPriv = trim(replace(Request.Form("storeCommentsPriv"),"""","")) storeComments = trim(replace(Request.Form("storeComments"),"""","")) Email = trim(replace(Request.Form("Email"),"""","")) Name = trim(replace(Request.Form("name"),"""","")) shippingName = trim(replace(Request.Form("shippingName"),"""","")) LastName = trim(replace(Request.Form("LastName"),"""","")) shippingLastName = trim(replace(Request.Form("shippingLastName"),"""","")) Address = trim(replace(Request.Form("Address"),"""","")) shippingAddress = trim(replace(Request.Form("shippingAddress"),"""","")) City = trim(replace(Request.Form("City"),"""","")) ShippingCity = trim(replace(Request.Form("ShippingCity"),"""","")) Zip = trim(replace(Request.Form("Zip"),"""","")) shippingZip = trim(replace(Request.Form("shippingZip"),"""","")) locState = trim(replace(Request.Form("locState"),"""","")) shippingLocState = trim(replace(Request.Form("shippingLocState"),"""","")) locCountry = trim(replace(Request.Form("locCountry"),"""","")) shippingLocCountry = trim(replace(Request.Form("shippingLocCountry"),"""","")) CustomerCompany = trim(replace(Request.Form("CustomerCompany"),"""","")) Phone = trim(replace(Request.Form("Phone"),"""","")) shippingPhone = trim(replace(Request.Form("shippingPhone"),"""","")) shipmentMethod = trim(replace(Request.Form("shipmentMethod"),"""","")) paymentType = trim(Request.Form("paymentType")) 'Re-Calculate Order Total if lCase(paymentType) = "creditcard" Then if left(storeCommentsPriv,1) = 1 Then Total = subTotal - discTotal + shipmentTotal + handlingFeeTotal + otherFeeTotal + taxTotal + adjustAmount end if if left(storeCommentsPriv,1) = 2 Then Total = (subTotal - discTotal + shipmentTotal + handlingFeeTotal + otherFeeTotal + taxTotal + adjustAmount) * (1 + (juros/100)) ^ 2 end if if left(storeCommentsPriv,1) = 3 Then Total = (subTotal - discTotal + shipmentTotal + handlingFeeTotal + otherFeeTotal + taxTotal + adjustAmount) * (1 + (juros/100)) ^ 3 end if if left(storeCommentsPriv,1) = 4 Then Total = (subTotal - discTotal + shipmentTotal + handlingFeeTotal + otherFeeTotal + taxTotal + adjustAmount) * (1 + (juros/100)) ^ 4 end if if left(storeCommentsPriv,1) = 5 Then Total = (subTotal - discTotal + shipmentTotal + handlingFeeTotal + otherFeeTotal + taxTotal + adjustAmount) * (1 + (juros/100)) ^ 5 end if if left(storeCommentsPriv,1) = 6 Then Total = (subTotal - discTotal + shipmentTotal + handlingFeeTotal + otherFeeTotal + taxTotal + adjustAmount) * (1 + (juros/100)) ^ 6 end if else total = subTotal - discTotal + shipmentTotal + handlingFeeTotal + otherFeeTotal + taxTotal + adjustAmount end if 'Update cartHead mySQL="UPDATE cartHead SET " _ & "storeCommentsPriv='" & replace(storeCommentsPriv,"'","''") & "'," _ & "storeComments='" & replace(storeComments,"'","''") & "'," _ & "Email='" & replace(Email,"'","''") & "'," _ & "Name='" & replace(name,"'","''") & "'," _ & "shippingName='" & replace(shippingName,"'","''") & "'," _ & "LastName='" & replace(LastName,"'","''") & "'," _ & "shippingLastName='" & replace(shippingLastName,"'","''") & "'," _ & "Address='" & replace(Address,"'","''") & "'," _ & "shippingAddress='" & replace(shippingAddress,"'","''") & "'," _ & "City='" & replace(City,"'","''") & "'," _ & "ShippingCity='" & replace(ShippingCity,"'","''") & "'," _ & "Zip='" & replace(Zip,"'","''") & "'," _ & "shippingZip='" & replace(shippingZip,"'","''") & "'," _ & "locState='" & replace(locState,"'","''") & "'," _ & "shippingLocState='" & replace(shippingLocState,"'","''") & "'," _ & "locCountry='" & replace(locCountry,"'","''") & "'," _ & "shippingLocCountry='"& replace(shippingLocCountry,"'","''") & "'," _ & "CustomerCompany='" & replace(CustomerCompany,"'","''") & "'," _ & "Phone='" & replace(Phone,"'","''") & "'," _ & "shippingPhone='" & replace(shippingPhone,"'","''") & "'," _ & "shipmentMethod='" & replace(shipmentMethod,"'","''") & "'," _ & "paymentType='" & replace(paymentType,"'","''") & "'," _ & "cardType='" & replace(cardType,"'","''") & "'," _ & "cardNumber='" & replace(cardNumber,"'","''") & "'," _ & "cardExpMonth='" & replace(cardExpMonth,"'","''") & "'," _ & "cardExpYear='" & replace(cardExpYear,"'","''") & "'," _ & "cardVerify='" & replace(cardVerify,"'","''") & "'," _ & "cardName='" & replace(cardName,"'","''") & "'," _ & "AdjustReason='" & replace(adjustReason,"'","''") & "'," _ & "discPerc=" & discPerc & "," _ & "discTotal=" & discTotal & "," _ & "subTotal=" & subTotal & "," _ & "shipmentTotal=" & shipmentTotal & "," _ & "handlingFeeTotal=" & handlingFeeTotal & "," _ & "otherFeeTotal=" & otherFeeTotal & "," _ & "taxTotal=" & taxTotal & "," _ & "AdjustAmount=" & adjustAmount & "," _ & "Total=" & total & " " _ & "WHERE idOrder = " & idOrder set rs = openRSexecute(mySQL) 'Call the Order Status Update routine call updOrderStatus(idOrder,orderStatus,orderStatusMail,orderStatusStockAdj,"") call closedb() Response.Redirect "SA_order.asp?recallCookie=1&msg=" & server.URLEncode("Order was Updated.") end if 'DELETE or BULK DELETE if action = "del" or action = "bulkdel" then 'Declare additional variables dim delI 'Array index dim delArray 'List of idOrders that will be deleted 'If just one delete is being performed, we populate just the 'first position in the delete array, else we populate the array 'with a list of all the orders that were selected for deletion. if action = "del" then delArray = split(idOrder) else delArray = split(Request.Form("idOrder"),",") end if 'Set CursorLocation of the Connection Object to Client cn.CursorLocation = adUseClient 'Loop through list of orders and delete one by one for delI = LBound(delArray) to UBound(delArray) 'BEGIN Transaction cn.BeginTrans 'Delete records from cartHead mySQL = "DELETE FROM cartHead " _ & "WHERE idOrder = " & trim(delArray(delI)) set rs = openRSexecute(mySQL) 'Delete records from cartRows mySQL = "DELETE FROM cartRows " _ & "WHERE idOrder = " & trim(delArray(delI)) set rs = openRSexecute(mySQL) 'Delete records from cartRowsOptions mySQL = "DELETE FROM cartRowsOptions " _ & "WHERE idOrder = " & trim(delArray(delI)) set rs = openRSexecute(mySQL) 'END Transaction cn.CommitTrans next call closedb() Response.Redirect "SA_order.asp?recallCookie=1&msg=" & server.URLEncode("Selected Order(s) were Deleted.") end if 'DELETE Unfinalized orders if action = "deluord" then 'Deleted order counter dim delOrderCount delOrderCount = 0 'Get delUordHours and validate it delUordHours = trim(Request.Form("delUordHours")) if len(delUordHours) = 0 then delUordHours = trim(Request.QueryString("delUordHours")) end if if delUordHours = "" or not isNumeric(delUordHours) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode("Invalid number of Hours selected.") else delUordHours = CLng(delUordHours) end if 'Read cartHead mySQL = "SELECT idOrder " _ & "FROM cartHead " _ & "WHERE orderDateInt < '" & dateInt(dateAdd("h",(delUordHours*-1),currDateTime("DT",timeOffSet))) & "' " _ & "AND orderStatus = 'U' " set rs = openRSexecute(mySQL) do while not rs.eof 'Increment counter delOrderCount = delOrderCount + 1 'Get Order ID idOrder = rs("idOrder") 'Delete records from cartRowsOptions mySQL = "DELETE FROM cartRowsOptions " _ & "WHERE idOrder = " & idOrder set rs2 = openRSexecute(mySQL) 'Delete records from cartRows mySQL = "DELETE FROM cartRows " _ & "WHERE idOrder = " & idOrder set rs2 = openRSexecute(mySQL) 'Delete records from cartHead mySQL = "DELETE FROM cartHead " _ & "WHERE idOrder = " & idOrder set rs2 = openRSexecute(mySQL) rs.movenext loop call closeRS(rs) call closedb() Response.Redirect "SA_order.asp?recallCookie=1&msg=" & server.URLEncode(delOrderCount & " Unfinalized order(s) older than " & delUordHours & " hour(s) were Deleted.") end if 'PAID - Called from Authorize.Net utility if action = "paid" then 'Get miscellaneous fields orderStatusMail = trim(Request.Form("orderStatusMail")) orderStatusStockAdj = trim(Request.Form("orderStatusStockAdj")) 'Call the Order Status Update routine call updOrderStatus(idOrder,"1",orderStatusMail,orderStatusStockAdj,"") call closedb() Response.Redirect "SA_order.asp?recallCookie=1&msg=" & server.URLEncode("Order was Updated.") end if 'Just in case we ever get this far... call closedb() Response.Redirect "SA_order.asp?recallCookie=1" %>