Oops

#!/usr/bin/perl -w ##=====================================================================|| ## PERL CGI Checkout Script || ## for use with nopercart.js ## ## Sends one email to the person responsible for online-sales, ## another to the customer as confirmation, ## both containing the form-elements from the nopercart-based cart; ## modified by Eugene Reimer 2007-July. ## ## Further modified 2008-Oct (1) to send back a different HTML page, ## one that invokes your payment-processor; the example below for ## Optimal-Payments is readily adapted to other payment-processors; ## and (2) to correct flaws in the invalidE routine. ## || ##=====================================================================|| require 5.001; ######################################################################### ## # ## User defined variables: # ## $mailprogram - string value containing the complete path to # ## the sendmail binary on the system. # ## $oursalesemail - string value containing the email-address to # ## which online orders are emailed # ## $our2ndemail - a second email-address to which online orders # ## are to be emailed (optional) # ## # ## NOTE: you need a \ before the @ in your email addresses; # ## for example: spam\@nopdesign.com # ######################################################################### $mailprogram = "/usr/sbin/sendmail -t"; ##one common location ##$mailprogram = "/usr/lib/sendmail -t"; ##another common location... $oursalesemail = "reimer\@shaw.ca"; $our2ndemail = ""; ############################################################################ ##-----revise these 2 routines to alter the look of generating webpages----- ############################################################################ sub print_header { print "Oops\n"; } sub print_footer { print "\n"; } ##-----Required fields are best enforced by javascript, and yet checking here is still needed----- @required = ( 'b_first', 'b_last', 'b_addr', 'b_city', 'b_state', 'b_country', 'b_email' ); ############################################################### ##FUNCTION: urlDecode # ##PARAMETERS: An encoded string. # ##RETURNS: The decoded string. # ##PURPOSE: Decodes a URL encoded string. # ############################################################### sub urlDecode { my ($string) = @_; $string =~ tr/+/ /; $string =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex($1))/eg; $string =~ s/['"]/\'/g; return ($string); } ############################################################### ##FUNCTION: processCGI # ##PARAMETERS: # ##PURPOSE: Retrieves form data submitted via GET or POST # ## method and decodes it. You may then access # ## each passed-in variable as $ # ## where is the name of the form element. # ############################################################### sub processCGI { local ($cgiData, $key, $value, $pair, @pairs); if ($ENV{'REQUEST_METHOD'} eq 'GET') { $cgiData = $ENV{'QUERY_STRING'}; } else { $cgiData = ; } @pairs = split (/&/, $cgiData); foreach $pair (@pairs) { ($key, $value) = split (/\=/, $pair); $key = &urlDecode($key); $value = &urlDecode($value); if(defined ${$key}){ ${$key} .= ", ".$value; }else{ ${$key} = $value; } } } ############################################################### ##FUNCTION: doFormError # ##PARAMETERS: A error message string. # ##PURPOSE: Generates an HTML page indicating a form # ## submission error has occurred. # ############################################################### sub doFormError { my ($errString) = @_; print "Content-type: text/html\n\n"; &print_header; print "The form you submitted was not complete.

"; print "$errString

\n"; print "

"; &print_footer; exit; } ############################################################### ##FUNCTION: doError # ##PARAMETERS: A error message string. # ##PURPOSE: Generates an HTML page indicating an error # ## has occurred. # ############################################################### sub doError { my ($errString) = @_; print "Content-type: text/html\n\n"; &print_header; print "$errString

\n"; &print_footer; exit; } ############################################################### ##FUNCTION: invalidE # ##PARAMETERS: An email-address. # ##RETURNS: 1 if invalid, 0 if valid. # ##PURPOSE: Checks that supplied email-address is of the # ## form 'x@y.z' # ##==NOTE: the nopdesign version has serious flaws! # ############################################################### sub invalidE { my ($szEmail) = @_; ##my ($user, $host); ##no longer needed ##$szEmail =~ tr/A-Z/a-z/; ##no longer needed ##($user, $host) = split (/\@/, $szEmail); ##no longer needed if ($szEmail =~ /^[.\w]+\@[.\w]+[.][\w]+$/) { return 0; } else { return 1; } } ############################################################### ##FUNCTION: populateDateVar # ############################################################### sub populateDateVar { @months = (); push(@months,"January"); push(@months,"February"); push(@months,"March"); push(@months,"April"); push(@months,"May"); push(@months,"June"); push(@months,"July"); push(@months,"August"); push(@months,"September"); push(@months,"October"); push(@months,"November"); push(@months,"December"); @days = (); push(@days,"Sunday"); push(@days,"Monday"); push(@days,"Tuesday"); push(@days,"Wednesday"); push(@days,"Thursday"); push(@days,"Friday"); push(@days,"Saturday"); ($sec,$min,$hour,$day,$monthidx,$year,$dayofweekidx) = (localtime(time))[0,1,2,3,4,5,6]; $year += "1900"; $month = $monthidx + 1; if ($sec < 10) { $sec = "0$sec"; } if ($min < 10) { $min = "0$min"; } if ($hour < 10) { $hour = "0$hour"; } if ($day < 10) { $day = "0$day"; } if ($month < 10) { $month = "0$month"; } ##eg: $todaysdate = "$months[$monthidx] $day, $year $hour:$min:$sec"; } ############################################################### ##FUNCTION: printMailFieldsFromForm # ############################################################### sub printMailFieldsFromForm { print MAIL "Order Date: $months[$monthidx] $day, $year $hour:$min:$sec\n"; print MAIL "\n"; print MAIL "Bill To:\n"; print MAIL "--------\n"; print MAIL " $b_first $b_last\n"; print MAIL " $b_addr\n"; if ( $b_addr2 ne "" ) {print MAIL " $b_addr2\n";} print MAIL " $b_city $b_state $b_zip\n"; print MAIL " $b_country\n"; ##print MAIL " $b_phone\n"; print MAIL " $b_email\n"; print MAIL "\n"; print MAIL "Ship To:\n"; print MAIL "--------\n"; if ( $s_addr eq "" ) { ##==!!should test ALL s_ fields== print MAIL " Use Billing Address\n"; } else { print MAIL " $s_first $s_last\n"; print MAIL " $s_addr\n"; if ( $s_addr2 ne "" ) {print MAIL " $s_addr2\n";} print MAIL " $s_city $s_state $s_zip\n"; print MAIL " $s_country\n"; ##print MAIL " $s_phone\n"; print MAIL " $s_email\n"; } print MAIL "\n"; print MAIL "Qty Price(\$) Product ID - Product Name\n"; print MAIL "=====================================================================\n"; if( $NAME_1 ) {print MAIL "$QUANTITY_1 \$$PRICE_1 $ID_1 - $NAME_1\n";} if( $NAME_2 ) {print MAIL "$QUANTITY_2 \$$PRICE_2 $ID_2 - $NAME_2\n";} if( $NAME_3 ) {print MAIL "$QUANTITY_3 \$$PRICE_3 $ID_3 - $NAME_3\n";} if( $NAME_4 ) {print MAIL "$QUANTITY_4 \$$PRICE_4 $ID_4 - $NAME_4\n";} if( $NAME_5 ) {print MAIL "$QUANTITY_5 \$$PRICE_5 $ID_5 - $NAME_5\n";} if( $NAME_6 ) {print MAIL "$QUANTITY_6 \$$PRICE_6 $ID_6 - $NAME_6\n";} if( $NAME_7 ) {print MAIL "$QUANTITY_7 \$$PRICE_7 $ID_7 - $NAME_7\n";} if( $NAME_8 ) {print MAIL "$QUANTITY_8 \$$PRICE_8 $ID_8 - $NAME_8\n";} if( $NAME_9 ) {print MAIL "$QUANTITY_9 \$$PRICE_9 $ID_9 - $NAME_9\n";} if( $NAME_10 ) {print MAIL "$QUANTITY_10 \$$PRICE_10 $ID_10 - $NAME_10\n";} if( $NAME_11 ) {print MAIL "$QUANTITY_11 \$$PRICE_11 $ID_11 - $NAME_11\n";} if( $NAME_12 ) {print MAIL "$QUANTITY_12 \$$PRICE_12 $ID_12 - $NAME_12\n";} if( $NAME_13 ) {print MAIL "$QUANTITY_13 \$$PRICE_13 $ID_13 - $NAME_13\n";} if( $NAME_14 ) {print MAIL "$QUANTITY_14 \$$PRICE_14 $ID_14 - $NAME_14\n";} if( $NAME_15 ) {print MAIL "$QUANTITY_15 \$$PRICE_15 $ID_15 - $NAME_15\n";} print MAIL "=====================================================================\n"; print MAIL "SUBTOTAL: $SUBTOTAL\n"; print MAIL "\n"; print MAIL "SHIPPING: $SHIPPING\n"; print MAIL "TAX: $TAX\n"; print MAIL "TOTAL: $TOTAL\n"; ##print MAIL "\n"; ##print MAIL "Comments:\n"; ##print MAIL "---------\n"; ##print MAIL "$comment\n"; print MAIL "\n"; } ############################################################## ############################################################## ### MAIN ### ############################################################## ############################################################## ##-----process the form input----- &processCGI; &populateDateVar; ##-----check for required fields----- ##==NOTE: the nopdesign code didnot work -- needed the extra deref on $$check foreach $check(@required) { unless ($$check) { doFormError("It appears that you forgot to fill in the $check field."); exit; } } ##-----check for valid email-address----- if( &invalidE($b_email) ){ doFormError('You supplied an invalid email-address.'); } ##-----Send email to us----- open (MAIL,"|$mailprogram"); print MAIL "To: $oursalesemail"; if ( $our2ndemail ne "" ) {print MAIL ", $our2ndemail";} print MAIL "\n"; print MAIL "From: $b_email\n"; print MAIL "Subject: New Online Order\n"; print MAIL "\n\n"; print MAIL "A new order has been received. A summary of this order appears below.\n"; print MAIL "\n"; &printMailFieldsFromForm; close MAIL; ##-----Send email confirmation to the customer----- open (MAIL,"|$mailprogram"); print MAIL "To: $b_email\n"; print MAIL "From: $oursalesemail\n"; print MAIL "Subject: Order Confirmation\n"; print MAIL "\n\n"; print MAIL "Your order has been received. A summary of your order appears below.\n"; print MAIL "\n"; &printMailFieldsFromForm; print MAIL "Thank-you for your order. It will be shipped posthaste.\n\n"; close MAIL; ##-----produce new webpage for customer----- $TOTALNUMERIC=$TOTAL; $TOTALNUMERIC =~ s/\$//g; print "Content-type: text/html\n\n"; print <Load Payment Page

Connecting to our secure payment-processor for Checkout Step-2 of 2...

EndOfThisHereDocument exit;