cybercart.pl

CyberCart Pro Internet Commerce System 3.042 很好的商业购物程序.Good Shopping Cart, Can be used for Multipl

print "HTTP/1.0 200 OK\n";
#
#
# CyberCart Pro Internet Commerce System, Version 3.042
# Copyright 1997, Richard Torzynski
# 2-12-98
# All rights reserved
# This is NOT a shareware script.
#
# support@cybercart.com
# sales@cybercart.com
# http://www.cybercart.com/
#
# License Agreement
# You should carefully read the following terms and conditions
# before using this software.  Unless you have a different license
# agreement signed by TMP Integrated Systems your use of this software
# indicates your acceptance of this license agreement and warranty.
#
# One copy of the CyberCart Pro Internet Commerce System may either
# be used by a single person or business, located on a single web server.
# Copies of this software may not be resold, leased, or distributed without
# the expressed written consent and approval of TMP Integrated 
# Systems.
#
# Disclaimer of Warranty
# THIS SOFTWARE AND ANY ACCOMPANYING FILES ARE SOLD "AS IS" AND
# WITHOUT WARRANTIES AS TO PERFORMANCE OF MERCHANTABILITY OR ANY
# OTHER WARRANTIES WHETHER EXPRESSED OR IMPLIED.  The user must
# assume the entire risk of using this software.  ANY LIABILITY OF
# THE SELLER WILL BE LIMITED EXCLUSIVELY TO PRODUCT REPLACEMENT OR
# REFUND OF PURCHASE PRICE.
# 
# 
# Define File Locations and Directories
# -------------------------------------------------------

# Merchant Setup File locations
$merchant_data = "c:\\merchant";

# sendmail location.  This may vary on systems. Try using unix "whereis smail"
# command at the unix prompt.
$mail_loc = "c:\\blat\\blat.exe";

# Mail server
$mail_server = "mail.name.com";

# Domain that script is running on
$domain = "www.name.com";

# Directory where shipping files are kept.  There should also be a subdirectory
# under this directory called Zones that contains the zone charts.
$shipping_dir = $merchant_data . "\\Shipping\\";

# location of creditcard checking subroutines
$ccmod = $merchant_data . "\\CreditCard.pl";
# require this set of routines
if (-s $ccmod) {
  require($ccmod);
}

# Onanalysis processing module - needed for realtime credit card 
# processing.  Must also be signed up through www.onanalysis.com.
$onanalysis_mod = $merchant_data . "\\onanalysis.pl";
if (-s $onanalysis_mod) {
  require($onanalysis_mod);
}
# onanalysis socklink program.  Needed only if using Onanalysis real-time 
# creditcard processing.
$socklink = "c:\\merchant\\socklink";

# location of shipping routines.  Pulled out to make the main script smaller
# in size.  These will be loaded when calculating shipping costs.
$ccship = $merchant_data . "\\ccship.pl";

%formname = ("Name","orname","Street","street","City","city","State","state",
"Zip","zip","Country","country","Phone","phone","Email","email");

%formnameb = ("Billing Name","ornameb","Billing Street","streetb","Billing City","cityb",
 "Billing State","stateb", "Billing Zip","zipb","Billing Country","countryb");

# --------------------------------------------------------------
#
# DO NOT EDIT BELOW HERE!
#
# --------------------------------------------------------------


# Decode the form
&decode2;



# if calculating shipping load ccship.pl
if ($post_query{'action'} eq "ship") {
  if (-s $ccship) {
    require("$ccship");
  } else {
    &error("Couldn't load shipping routines located at $ccship.");
  }
}


# Check to see if site has linked in
if ($ENV{'PATH_INFO'} =~ m/\:/ ) {
  &enter;
}

# Debug lines.  If you're having trouble installing the scripts,
# uncomment these lines and it'll print the environmental variables so
# you can check if your file and directory addressing is correct.
# &debug;

# Read merchant configuration file
&init_var;

# Assign ID
&assign_id;

# Set the default shipping country if not specified
if (!$shipping_base) {
  $shipping_base = "US";
}

# See if there is a page_name to pass on to the next form.  This will 
# be set to the $home_url variable if a page_name variable is not found.
# The $page_name is used in the $addtext variable below to provide
# a link back to the last catalog page.
&pagename;

# text printed after someone adds an item to their order
$addtext = qq[
<h2>Items Added</h2>
<UL>
<LI>The item(s) requested have been added to your order.
<LI>To review the items in your <I>Shopping Cart</I>, click on the View Cart
button below.</FONT>
<LI><a href=$page_name>Click here</a> to return to the last
catalog page you visited. You can also use the links at the bottom of the
page.</UL>
<P>
<center>
<table>
<tr><td>
<FORM METHOD=POST ACTION=$script_url>\n
<input type=hidden name=merchant value=$post_query{'merchant'}>
<INPUT TYPE=HIDDEN NAME="action" VALUE="order">
<INPUT TYPE=HIDDEN NAME="page_name" VALUE=$page_name>
<INPUT TYPE=SUBMIT VALUE="View Shopping Cart">
</FORM>
</td></tr>
</table></center>\n
</P>
];

# Print header unless an item is being added since a location: url
# is used to print the page ordered from again.
if ($post_query{'action'} ne "add" && $post_query{'action'} ne "send" && $post_query{'action'} ne "cc2") {
  &header;
}

# Set number of properties
$numprop = @properties;

# Set the path for taint check
$ENV{PATH} = "$merchant_data";


$order_file = "$order_dir" . "\\$session_id" . ".tmp";


$sec_file = "$invoice_dir" . "\\$session_id" . ".order";


# Exception for action to handle online and offline billing routines
if ($post_query{'action'} eq "billing") {
  if ($post_query{'processing'} eq "offline") {
        $action = "invoice";
  }
}

# if the script is not running on a secure server, make the secure script the same
# as the regular script.
if (!$secure || 
   ($post_query{'processing'} && $post_query{'processing'} ne "secure")) {
     $secure_url = $script_url;
     $secure = 0;
}  


# Goto appropriate subroutine
if ($post_query{'action'} eq "add") {
  &add;
} else {
  $action = $post_query{'action'};
  &$action;
}

exit;

# End Main Routine
#----------------------------------------------------#



sub add { 
# Add product to temporary order file

$orderflag = 0;
$numprop = @properties;

open(OUTPUT, ">>$order_file") || &error("Cant open $order_file in sub add!");
foreach $a (keys %post_query) {
  if ($a =~ m/quant/) {
    $quant = $post_query{$a};
    if ($quant>0) {
      ($code, $gar) = split(/_/,$a);

      $add_code = $code;

      # Check for min and max order amount
      $min_code = $code . "_min";
      if ($post_query{$min_code}) {
        if ($quant < $post_query{$min_code}) {
           $quant = $post_query{$min_code};
        }
      }
      $max_code = $code . "_max";
      if ($post_query{$max_code}) {
        if ($quant > $post_query{$max_code}) {
           $quant = $post_query{$max_code};
        }
      }
 
      if ($price_file eq "none") {
        $item_price = $code . "_price";
        $item_name = $code . "_name";

        if ($post_query{$item_price} !~ m/-\$/) {
          $add_name = "$post_query{$item_name}";
        } elsif ($post_query{$item_price} !~ m/-nt/) {
          ($opname,$post_query{$item_price})=split(/-/,$post_query{$item_price});
          $post_query{$item_price} =~ s/\$//;
          $add_name = "$post_query{$item_name}-$opname";
        }

      }

      # New code for minimum order
      if ($post_query{$min_code} && $post_query{$max_code}) {
        $add_quant = "$quant!$post_query{$min_code}to$post_query{$max_code}";
      } elsif ($post_query{$min_code} && !$post_query{$max_code}) {
        $add_quant = "$quant!$post_query{$min_code}";
      } elsif ($post_query{$max_code} && !$post_query{$min_code}) {
        $add_quant = "$quant!$post_query{$min_code}";
      } else {
        $add_quant = "$quant";
      }


      $item_price = $code . "_price";
      $curprice = $post_query{$item_price};

      # put item price into order file
      if ($price_file eq "none") {
               
	for ($i=1;$i<$numprop+1;$i++) {
          $item_prop = $code . "_prop" . $i;
          if ($post_query{$item_prop} =~ m/\+/) {
            ($post_query{$item_prop},$propadd) = split(/\+/,$post_query{$item_prop});
            $curprice = $curprice + $propadd;
          } elsif ($post_query{$item_prop} =~ m/\-/) {
            ($post_query{$item_prop},$propadd) = split(/\-/,$post_query{$item_prop});
            $curprice = $curprice - $propadd;
          }
        }

        
        # print (OUTPUT "$curprice:");
        $add_price = $curprice;
      }

      $item_hand = $code . "_handling";
      $add_hand = "$post_query{$item_hand}";

      $item_ship = $code . "_itemship";
      $add_ship = "$post_query{$item_ship}";

      $item_weight = $code . "_weight";
      $add_weight = "$post_query{$weight_ship}";
      


      for ($i=1;$i < 4;$i++) {
        $item_prop = $code . "_prop" . $i;
      }
 
      $item_prop1 = $code . "_prop1";
      $item_prop2 = $code . "_prop2";
      $item_prop3 = $cope . "_prop3";

      $add_prop1 = $post_query{$item_prop1};
      $add_prop2 = $post_query{$item_prop2};
      $add_prop3 = $post_query{$item_prop3};     

      $item_dlfile = $code . "_dlfile";
      $add_dlfile = $post_query{$item_dlfile};

      $add_string = join(':',$add_name,$add_code,$quant,$add_price,$add_hand,$add_ship,$add_weight,$add_prop1,$add_prop2,$add_prop3,$add_dlfile);

      print (OUTPUT "$add_string\n");
      $orderflag = 1;
    }
  }
}
close(OUTPUT);

if ($orderflag) {
  if ($action eq "addplus") {
    return;
  } else {
    &header;
    if ($showorder) {
      print "<center><h1>Current Order</h1></center>";
      print "<p>Your item(s) have been added to your order. Here is your ";
      print "current order:<p>";
      &show_order;
      &show_order2;
    } else {
      print "$addtext";
    }
    &print_links;
    &footer;
  }
} else {
  &header;
  print "<h1>No Item to Add!</h1>";
  print "To order an item, change the value in the order box to something ";
  print "greater than zero.<p>";
  &print_links;
  &footer;
}
}
# End sub add
#----------------------------------------------------#

sub addplus {
# Add an item, then go to checkout
&add;
$action = "place";
&place;
}
# End sub addplus
#----------------------------------------------------#


sub assign_id {
# This routine checks for and assigns a session_id.  If the browser is
# cookie capable then it uses the ip number and the process id to create
# a psuedo random number.  

%cookies = split('[;=] *',$ENV{'HTTP_COOKIE'});

# Check to see which browser is using
$browser = $ENV{'HTTP_USER_AGENT'};
# &debug;

if ($browser =~ /MSIE/i || $browser =~/^Mozilla\/*/i && 
  ($browser !~ /lynx/i && $browser !~ /^Mozilla\/1.*/i)) { 
  if ($action eq "place2" && $secure_domain && $pq{'processing'} eq "secure") {
    # clause for when secure domain is different than unsecure.
    # Session id is passed as a hidden variable 
    $session_id = $post_query{'session_id'};
    print "Set-Cookie: ID=$session_id; path=/\n";
  } elsif ($cookies{'ID'} && $cookies{'ID'} ne "1") {
    # cookie exists and is not being replaced at end of order
    $get_id = $cookies{'ID'};
    # Taint check
    $get_id =~ m/([0-9]*)/;
    $session_id = $1;
  } else {
    # This is statement determining session and order id.  This can be
    # changed to a more random number in any number of ways.
    # ID + random number:
    # srand();
    # $rnum = int(rand(20000));
    # $session_id = $ENV('REMOTE_ADDR') . $rnum;
    # Pseudo random number based on system variables:
    $session_id = $$ . $ENV{'REMOTE_ADDR'};
    $session_id =~ s/\.//g;
    $session_id = substr($session_id,0,8);
    # Or use ip number:
    #$session_id = $ENV{'REMOTE_ADDR'};
    print "Set-Cookie: ID=$session_id; path=/\n";
 
    # run file cleanup routine 
    &cleanup;
  }
} else {
  # Routine for lynx and earlier versions of netscape
  $session_id = $ENV{'REMOTE_ADDR'};
  $session_id =~ s/\.//g;
  &cleanup;
}

}
# End sub assign
#----------------------------------------------------#


sub billing {
# Routine to have customer choose billing method.

# New routine added 5-4-97 to check that shipping method is choosen
if ($shipping_cost ne "none" && !$post_query{'ship_cost'}) {
  print qq[
  <center>
  <table bgcolor=$Table_Body_Color cellpadding=10 border=1><tr><td>
  <h1>Please Choose Shipping Method</h1>
  In order to process your order, you must indicate a shipping
  method.
  </td>
  </tr>
  </table>
  </center>
  <p>
  ];
  &ship;
  exit;
}


print "<h1><center>Billing Method</h1></center>";
&show_order;
print "</form>";
print "<form method=post action=$secure_url>\n";
print "<input type=hidden name=merchant value=$post_query{'merchant'}>\n";
foreach $key (keys %post_query) {
  if ($key ne "action") {
    print "<input type=hidden name=\"$key\" value=\"$post_query{$key}\">\n";
  }
}   
print "<center>\n";
print "<table border=1 cellspacing=0 cellpadding=10 width=\"$Table_width\" bgcolor=\"$Table_Body_Color\">";
print "<tr valign=top><td colspan=2 align=left>\n";
print "<pre><u><b>Billing Information:</b></u><br></pre>";
print "<b>Payment Method:</b><p>\n";
if ($check) {
  print "<input type=radio name=cardtype value=Check><b> Check</b><br>\n";
}
foreach $a (@credit) {
  print "<input type=\"radio\" name=\"cardtype\" value=\"$a\"><b> $a</b><br>\n"; 
}
if ($credit_note) {
  print "<br><b>Note: </b>$credit_note<br>\n";
}
 
# print warning if not on a secure server
if (!$secure && $post_query{'processing'} ne "fax" && $creditcards ne "none") {
  print "<br><b>If you don't feel \n"; 
  print "comfortable sending your credit card number over email, you may call\n";