time = time(); $this->startSession(); } /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession(){ global $database; //The database connection session_start(); //Tell PHP to start the session /* Set referrer page */ if(isset($_SESSION['url'])){ $this->referrer = $_SESSION['url']; }else{ $this->referrer = "/"; } /* Set current url */ $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; } //function check session function check_ses(){ if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID'])=='')) { unset($_SESSION['SESS_MEMBER_ID']); header("Location: index.php?logout=1"); }else{ if (isset($_SESSION['LAST_ACTIVITIES']) && (time() - $_SESSION['LAST_ACTIVITIES'] > 7200)) { // last request was more than 2 hours ago session_destroy(); // destroy session data in storage session_unset(); header("Location: index.php?logout=1"); // unset $_SESSION variable for the runtime }else{ $_SESSION['LAST_ACTIVITIES'] = time(); // update last activity time stamp return 1; }//end else }//end else }// end function checkses //safe string - results in mysql escaped string function safe($value){ $value = @trim($value); return mysql_real_escape_string($value); } //end //MAIL OPTIONS function getshippingtype($value){ if($value == "01"){ $shipping = "UPS Next Day Air"; }else if($value == "02"){ $shipping = "UPS 2nd Day Air"; }else if($value == "03"){ $shipping = "UPS Ground"; }else if($value == "11"){ $shipping = "USPS Express"; }else if($value == "12"){ $shipping = "USPS Priority"; }else{ $shipping = "In-store Pickup"; } return mysql_real_escape_string($shipping); } //end //+++++++ //----------------- //+++++++ //----------------- //process payment function processpaymentx($i_CreditCardType, $i_CreditCardNumber, $i_CVV2, $i_ExpMonth, $i_ExpYear, $i_BillingFirstName, $i_BillingLastName, $i_BillingStreet1, $i_BillingCityName, $i_BillingStateOrProvince, $i_BillingPostalCode, $i_x_amount, $i_taxamt, $i_items, $i_x_invoice_num, $i_ip){ global $database, $form; //$field = "CreditCardType"; // if($i_CreditCardType != "Visa" && $i_CreditCardType != "MasterCard" && $i_CreditCardType != "Discover" && $i_CreditCardType != "American Express"){ // $form->setError($field, "* CC Value Incorrect"); //} $field = "CreditCardNumber"; if(!$i_CreditCardNumber || strlen($i_CreditCardNumber = trim($i_CreditCardNumber)) == 0){ $form->setError($field, "* Credit Card Number not entered"); }else if(!is_numeric($i_CreditCardNumber)){ $form->setError($field, "* Credit Card Number invalid"); } $field = "CVV2"; if(!$i_CVV2 || strlen($i_CVV2 = trim($i_CVV2)) == 0){ $form->setError($field, "* CCV Number not entered"); }else if(!is_numeric($i_CVV2)){ $form->setError($field, "* CCV invalid"); } $field = "ExpYear"; if(!is_numeric($i_ExpYear) || !is_numeric($i_ExpMonth)){ $form->setError($field, "* Exp date incorrect"); } else if ($i_ExpYear < date("Y")){ $form->setError($field, "* Card Expired"); }else if ($i_ExpMonth < date("m") && $i_ExpYear == date("Y")) { $form->setError($field, "* Card Expired"); } $field = "BillingFirstName"; if(!$i_BillingFirstName || strlen($i_BillingFirstName = trim($i_BillingFirstName)) == 0){ $form->setError($field, "* First Name not entered"); } $field = "BillingLastName"; if(!$i_BillingLastName || strlen($i_BillingLastName = trim($i_BillingLastName)) == 0){ $form->setError($field, "* Last Name not entered"); } $field = "BillingStreet1"; if(!$i_BillingStreet1 || strlen($i_BillingStreet1 = trim($i_BillingStreet1)) == 0){ $form->setError($field, "* Street not entered"); } $field = "BillingCityName"; if(!$i_BillingCityName || strlen($i_BillingCityName = trim($i_BillingCityName)) == 0){ $form->setError($field, "* City not entered"); } $field = "BillingStateOrProvince"; if(!$i_BillingStateOrProvince || strlen($i_BillingStateOrProvince = trim($i_BillingStateOrProvince)) == 0){ $form->setError($field, "* State not entered"); }else if(strlen($pos_zip = trim($i_BillingStateOrProvince)) != 2){ $form->setError($field, "* State incorrect"); } $field = "BillingPostalCode"; if(!$i_BillingPostalCode || strlen($i_BillingPostalCode = trim($i_BillingPostalCode)) == 0 || !is_numeric($i_BillingPostalCode)){ $form->setError($field, "* Zip Incorrect"); } $field = "other"; if(!$i_x_amount || strlen($i_x_amount = trim($i_x_amount)) == 0){ $form->setError($field, "* Amount Error"); } $field = "other"; if(!$i_items || strlen($i_items = trim($i_items)) == 0){ $form->setError($field, "* Item Error"); } /* Return if form errors exist */ if($form->num_errors > 0){ return 1; }else{ return 0; } }//end process payment //+++++++ //----------------- //+++++++ //----------------- //add to cart function tiunbvvbzxalp($subsession, $subproID, $subproduct, $subprice, $subweight, $subqty){ global $database, $form; $subsession = mysql_real_escape_string($subsession); $subproID = mysql_real_escape_string($subproID); $subproduct = mysql_real_escape_string($subproduct); $subprice = mysql_real_escape_string($subprice); $subweight = mysql_real_escape_string($subweight); $subqty = mysql_real_escape_string($subqty); $add_and_cart_qty = $subqty; $field = 'qty'; $tq = "SELECT qty FROM ".TBL_ITEMS." WHERE rowID = '$subproID'"; $resulta = $database->query($tq); $row = mysql_fetch_assoc($resulta); $geh_qty = $row['qty']; $q = "SELECT proID,qty FROM ".TBL_CART." WHERE sessionID = '$subsession'"; $result = $database->query($q); $num_rows = mysql_numrows($result); for($i=0; $i<$num_rows; $i++){ $cart_proID = mysql_result($result,$i,"proID"); $cart_qty = mysql_result($result,$i,"qty"); if($cart_proID == $subproID){ $add_and_cart_qty = $add_and_cart_qty + $cart_qty; } } if(!$subqty|| strlen($subqty = trim($subqty)) == 0){ $form->setError($field, "*quantity not entered"); } else if(!eregi("^([0-9])", ($subqty = trim($subqty)))){ $form->setError($field, "* The Quantity entered was not numeric. Please Retry."); } else if($geh_qty < $add_and_cart_qty){ $form->setError($field, "* The quantity you entered is not available."); } if($form->num_errors > 0){ return 1; //Errors with form } /* No errors, add the new account to the */ else{ if($database->additemtocarttt($subsession, $subproID, $subproduct, $subprice, $subweight, $subqty)){ return 0; //New user added succesfully }else{ return 2; //Registration attempt failed } } }// end function function deleteItem($subID){ global $database; $subID = mysql_real_escape_string($subID); if($database->deleteItem($subID)){ return 0; //New user added succesfully }else{ return 2; //Registration attempt failed } } function updateitem($subID, $subqty){ global $database; $subID = mysql_real_escape_string($subID); $subqty = mysql_real_escape_string($subqty); if($database->updateItem($subID, $subqty)){ return 0; //New user added succesfully }else{ return 2; //Registration attempt failed } } //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++Send Cust Info _++++++++++++++++++++++++++++++++++++++ function custinfo9okm($i_tgc_id,$mildiscount,$invoice,$custID,$custip,$transid,$amount,$count,$items,$type_of_shipping,$shipamountx,$time,$fname,$lname,$address,$city,$state,$zip,$country,$billingfname,$billinglname,$billingaddress,$billingcity,$billingstate,$billingzip,$phone,$email,$comments,$pickedup,$taxamy){ global $database, $form, $mailer; $mailer->sendOrderinfo7j($i_tgc_id,$mildiscount,$invoice,$custID,$custip,$transid,$amount,$count,$items,$type_of_shipping,$shipamountx,$time,$fname,$lname,$address,$city,$state,$zip,$country,$billingfname,$billinglname,$billingaddress,$billingcity,$billingstate,$billingzip,$phone,$email,$comments,$pickedup,$taxamy); $mailer->sendCustomerOrder98jj($i_tgc_id,$mildiscount,$invoice,$custID,$custip,$transid,$amount,$count,$items,$type_of_shipping,$shipamountx,$time,$fname,$lname,$address,$city,$state,$zip,$country,$billingfname,$billinglname,$billingaddress,$billingcity,$billingstate,$billingzip,$phone,$email,$comments,$pickedup,$taxamy); return 0; } //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++Send Cust Info OUT++++++++++++++++++++++++++++++++++++++ };//session /** * Initialize session object - This must be initialized before * the form object because the form uses session variables, * which cannot be accessed unless the session has started. */ $session = new Session; /* Initialize form object */ $form = new Form; ?>