<%@ Language=VBScript %> <% '************************************************************************* ' DO NOT MODIFY THIS SCRIPT IF YOU WANT UPDATES TO WORK! ' Function : Request payment from 3rd party payment processors ' Product : CandyPress Store Frontend ' Version : 2.5 ' Modified : February 2004 ' Copyright: Copyright (C) 2004 CandyPress.Com ' See "license.txt" for this product for details regarding ' licensing, usage, disclaimers, distribution and general ' copyright requirements. If you don't have a copy of this ' file, you may request one at webmaster@candypress.com '************************************************************************* Option explicit Response.Buffer = true %> <% 'cartHead dim orderStatus dim orderDate dim subTotal dim taxTotal dim shipmentTotal dim handlingFeeTotal dim otherFeeTotal dim Total dim Name dim LastName dim CustomerCompany dim Phone dim Email dim Address dim City dim Zip dim locState dim locCountry dim cardType dim cardNumber dim cardExpMonth dim cardExpYear dim cardName dim cardVerify dim paymentType 'Work Fields dim countryCode dim stateCode dim i,f dim qIdOrder dim refererURL 'Database dim mySQL dim conntemp dim rstemp dim rstemp2 'Session dim idOrder dim idCust '************************************************************************* 'Open Database Connection call openDb() 'Store Configuration if loadConfig() = false then call errorDB(langErrConfig,"") end if 'Get/Set Cart/Order Session idOrder = sessionCart() 'Get/Set Customer Session idCust = sessionCust() 'Check that the Customer is currently logged in if isNull(idCust) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrNotLoggedIn) end if 'NOTE : Some gateways require that this page's URL be fixed (eg. 'LinkPoint). We can therefore NOT pass any variable info to this 'script in a querystring. This information must be passed via the 'session object, or via a POST action from a form. 'Get Order Number and Validate qIdOrder = session(storeID & "idOrderPaySubmit") if len(qIdOrder) = 0 then qIdOrder = Request.Form("idOrder") end if if len(qIdOrder) = 0 then qIdOrder = Request.QueryString("idOrder") end if if len(qIdOrder) = 0 or not IsNumeric(qIdOrder) then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder) end if 'Retrieve some information we may need from cartHead mySQL="SELECT orderStatus,orderDate,subTotal,taxTotal,shipmentTotal,Total," _ & " Name,LastName,CustomerCompany,Phone,Email,Address,City,Zip," _ & " locState,locCountry,cardType,cardNumber,cardExpMonth," _ & " cardExpYear,cardName,cardVerify,paymentType,handlingFeeTotal," _ & " otherFeeTotal " _ & "FROM cartHead " _ & "WHERE idOrder = " & validSQL(qIdOrder,"I") & " " _ & "AND idCust = " & validSQL(idCust,"I") set rsTemp = openRSexecute(mySQL) if not rstemp.eof then orderStatus = rstemp("orderStatus") orderDate = rstemp("orderDate") subTotal = rstemp("subTotal") taxTotal = rstemp("taxTotal") shipmentTotal = rstemp("shipmentTotal") Total = rstemp("Total") Name = trim(rstemp("name")) LastName = trim(rstemp("LastName")) CustomerCompany = trim(rstemp("CustomerCompany")) Phone = trim(rstemp("Phone")) Email = trim(rstemp("Email")) Address = trim(rstemp("Address")) City = trim(rstemp("City")) Zip = trim(rstemp("Zip")) locState = trim(rstemp("locState")) locCountry = trim(rstemp("locCountry")) cardType = trim(rstemp("cardType")) cardNumber = trim(EnDeCrypt(Hex2Ascii(rstemp("cardNumber")),rc4Key)) cardExpMonth = trim(rstemp("cardExpMonth")) cardExpYear = trim(rstemp("cardExpYear")) cardName = trim(rstemp("cardName")) cardVerify = trim(rstemp("cardVerify")) paymentType = trim(rstemp("paymentType")) handlingFeeTotal = rstemp("handlingFeeTotal") otherFeeTotal = rstemp("otherFeeTotal") else response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrder) end if call closeRS(rsTemp) 'The order will have the full country and state description. Retrieve 'the country and state codes for the benefit of some payment processors 'that require the country and state codes, and not the description. countryCode = getCountryCode(locCountry) stateCode = getStateCode(locState,countryCode) 'Validate Payment Processor(s) if lCase(paymentType) <> "paypal" _ and lCase(paymentType) <> "2checkout" _ and lCase(paymentType) <> "authorizenet" _ and lCase(paymentType) <> "custom" then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvPayment) end if 'Validate Order Status if orderStatus <> "0" then response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(langErrInvOrdStat) end if 'What page did we come from? refererURL = lCase(Request.ServerVariables("HTTP_REFERER")) %> <% 'Close Database Connection call closeDB() '********************************************************************** 'Main Shopping Cart Display Area '********************************************************************** sub cartMain() %>
<%=langGenSubmitPayment%> <% 'Determine if this is part of the checkout process if instr(refererURL,lCase("40_SubmitOrder.asp")) <> 0 then %> <%=langGenStep4%> <% else Response.Write " " end if %>

<% 'What Payment Processor? if lCase(paymentType) = "paypal" then call payPayPal() end if if lCase(paymentType) = "2checkout" then call pay2CheckOut() end if if lCase(paymentType) = "authorizenet" then if UCase(pAuthNetType) = "AIM" then call payAuthorizeNetAIM() else call payAuthorizeNetSIM() end if end if if lCase(paymentType) = "custom" then call payCustomRoutine() end if %>

<%=langGenOrderSummary%>
<%=langGenFullName%>  <%=name & " " & lastname%>
<%=langGenOrderNumber%>  <%=pOrderPrefix & "-" & qIdOrder%>
<%=langGenOrderDate%>  <%=formatTheDate(orderDate)%>
<%=langGenTotal%>  <%=pCurrencySign & moneyS(Total)%>
<%=langGenPayment%>  <%=paymentMsg(paymentType, total, cardNumber)%>

<% end sub '********************************************************************** 'PayPal payments 'Notes : Relies on you specifying seperate URL's for transactions that ' are successful and unsuccessful. Because we have one script ' that deals with both, we construct the two return URL's to ' go to the same page, but we add a status indicator to the ' URL. '********************************************************************** sub payPayPal() 'Determine target URL if demoMode = "Y" then %>
<% else %> <% end if %> ">
<%=langGenPayNowMsg%>

-->       <--

<% end sub '********************************************************************** '2CheckOut payments 'Notes : Always returns control to the same URL, regardless of the ' status of the transaction. The return URL has to be entered ' into your 2CheckOut account settings. When control is ' returned, 2CheckOut passes a status indicator which can be ' checked. '********************************************************************** sub pay2CheckOut() 'Determine target URL if demoMode = "Y" then %>
<% else %> <% end if %> ">
<%=langGenPayNowMsg%>

-->       <--

<% end sub '********************************************************************** 'AuthorizeNet SIM payments 'Notes : Always returns control to the same URL, regardless of the ' status of the transaction. The return URL is passed to the ' Authorize.Net routine. When control is returned, Authorize.Net ' passes a status indicator which can be checked. '********************************************************************** sub payAuthorizeNetSIM() 'Determine target URL if demoMode = "Y" then %>
<% else %> <% end if %> <%call InsertFP(authNetLogin,authNetTxKey,moneyD(total),qIdOrder,authNetCurrCode)%> ">
<%=langGenPayNowMsg%>

-->       <--

<% end sub '********************************************************************** 'AuthorizeNet AIM payments 'Notes : Creates a form into which customer enters their CC info. ' This is then passed to Authorize.Net for validation and ' processing. '********************************************************************** sub payAuthorizeNetAIM() 'Determine target URL if demoMode = "Y" then %>
<% else %> <% end if %>
<%=langGenCCnumber%>
<%=langGenCCexpire%> /
<%=langGenCCcvv%>

<% end sub '********************************************************************** 'Custom payments 'Notes : Custom payments should only be used if the appropriate code ' : has been entered into the custom payment user include files. '********************************************************************** sub payCustomRoutine() %> <% end sub '************************************************************************* 'Get Country Code from Country Description '************************************************************************* function getCountryCode(locName) dim mySQL, rsTemp getCountryCode = trim(locName) 'Get Country Code mySQL = "SELECT locCountry " _ & "FROM locations " _ & "WHERE locName = '" & validSQL(trim(locName),"A") & "' " _ & "AND (locState = '' OR locState IS NULL)" set rsTemp = openRSexecute(mySQL) if not rsTemp.eof then getCountryCode = rsTemp("locCountry") end if call closeRS(rsTemp) end function '************************************************************************* 'Get State Code from State Description and Country Code '************************************************************************* function getStateCode(locName,countryCode) dim mySQL, rsTemp getStateCode = trim(locName) 'Get State Code mySQL = "SELECT locState " _ & "FROM locations " _ & "WHERE locName = '" & validSQL(trim(locName),"A") & "' " _ & "AND locCountry = '" & validSQL(trim(countryCode),"A") & "' " _ & "AND NOT(locState = '' OR locState IS NULL)" set rsTemp = openRSexecute(mySQL) if not rsTemp.eof then getStateCode = rsTemp("locState") end if call closeRS(rsTemp) end function %>