Jump to content

long shopping cart script

webnick

By webnick
in MySQL Help

 Share

Recommended Posts

webnick Newbie

webnick

Posted
Posted
I've written a long script to try and post payments to a gateway. It was working fine for a week but now the client reports the script posts to the gateway but the page hangs blank. I would sure appreciate any feedback on this. I'm not sure of sessions are the best way to work with a shopping cart; maybe this is part of the issue? Or a long SQL query?!

Thanks for feedback.

[code]<? // Script prepares/ submits invoce for credit card processing
foreach($_POST AS $key => $value) { ${$key} = $value; } // Make form variables available by name

if($_POST['consent'] == "true") { // Start the transaction

// Open database connection
$connection = mysql_connect($dbServer, $dbUser, $dbPass);
$db = mysql_select_db($dbName);
if (!$connection || !$db) {
exit(mysql_error());
}

// Check posted passwords
if (!isset($password) || $password == "" || sha1($password) !== sha1($password2)) {
exit('Sorry, passwords provided did not match.');
} else {
// Add user info to database
$login = $email;
$pass = sha1($password);
unset($_POST['password']);
unset($_POST['password2']);
$birthday = "$birthmo/$birthdy/$birthyr";
$cust_name = "$first_name $last_name";

$sql = "SELECT `id`, `password` FROM `onlineusers` WHERE `login`='$login' LIMIT 1"; // Check if username is in use
$result = mysql_query($sql);
if (mysql_numrows($result) > 0) {
$row = mysql_fetch_array($result);
if($row['password'] !== $pass) { exit('Sorry, password or username did not match our records.'); }
$currentuser = $row['id'];
$sql = "UPDATE `onlineusers` SET
`birthday`='$birthday',
`first_name`='$first_name',
`last_name`='$last_name',
`email`='$email',
`address`='$address',
`address2`='$address2',
`city`='$city',
`state`='$state',
`phone`='$phone',
`phone2`='$phone2',
`x_first_name`='$x_first_name',
`x_last_name`='$x_last_name',
`x_company`='$x_company',
`x_address`='$x_address',
`x_address2`='$x_address2',
`x_city`='$x_city',
`x_state`='$x_state',
`x_zip`='$x_zip',
`x_card_num`='$x_card_num',
`x_card_type`='$x_card_type',
`x_exp_date`='$x_exp_date',
`x_cardid`='$x_cardid'
WHERE `login`='$login' AND `password`='$pass' LIMIT 1;"; // Make sure to verify the password against record
} else {
$id = time('U');
$currentuser = $id;
$sql = "INSERT INTO `onlineusers` (`id`, `login`, `password`, `birthday`, `first_name`, `last_name`, `email`, `address`, `address2`, `city`, `state`, `phone`, `phone2`, `x_first_name`, `x_last_name`, `x_company`, `x_address`, `x_address2`, `x_city`, `x_state`, `x_zip`, `x_card_num`, `x_card_type`, `x_exp_date`, `x_cardid`)
VALUES ('$id', '$login', '$pass', '$birthday', '$first_name', '$last_name', '$email', '$address', '$address2', '$city', '$state', '$phone', '$phone2', '$x_first_name', '$x_last_name', '$x_company', '$x_address', '$x_address2', '$x_city', '$x_state', '$x_zip', '$x_card_num', '$x_card_type', '$x_exp_date', '$x_cardid');";
}
if (!mysql_query($sql)) {
exit(mysql_error());
}
}

// Prepare values for Authorize.net
$DEBUGGING = 0; // Display additional information to track down problems
$TESTING = 0; // Set the testing flag so that transactions are not live
$ERROR_RETRIES = 2; // Number of transactions to post if soft errors occur
$auth_net_login_id = "foo";
$auth_net_tran_key = "bar";
$auth_net_url = "https://secure.authorize.net/gateway/transact.dll"; // https://test.authorize.net/gateway/transact.dll
$authnet_values = array(
"x_login" => $auth_net_login_id,
"x_version" => "3.1",
"x_delim_char" => "|",
"x_delim_data" => "TRUE",
"x_url" => "FALSE",
"x_type" => "AUTH_ONLY", //AUTH_CAPTURE, AUTH_ONLY, CAPTURE_ONLY, CREDIT, VOID, PRIOR_AUTH_CAPTURE
"x_method" => "",
"x_tran_key" => $auth_net_tran_key,
"x_relay_response" => "FALSE", // always FLASE with AIM system
"x_invoice_num" => "",
"x_cust_id" => "$currentuser",
"x_card_num" => "",
"x_exp_date" => "",
"x_description" => "",
"x_line_item" => "",
"x_amount" => "",
"x_first_name" => "",
"x_last_name" => "",
"x_address" => "",
"x_city" => "",
"x_state" => "",
"x_zip" => "",
"x_email" => "$email",
"x_ship_to_first_name" => "$first_name",
"x_ship_to_last_name" => "$last_name");

// Build post query
$postdata = "";
foreach($authnet_values as $key => $val) {
if(array_key_exists($key, $_POST)) { // If they're part of the Authnet post, replace array with post values
if(!is_array($_POST[$key])) {
$val = $_POST[$key];
}
}
$postdata .= "$key=". urlencode($val) ."&";
}

// Get line-items for invoice. These pipes should not be URL encoded
$itemNo = "1";
foreach($_POST['x_line_item'] as $key => $val) {
$postdata .= "x_line_item=item$itemNo<|>$first_name $last_name<|>$key<|>1<|>$val<|>N&";
$itemNo++;
}

// Now post the transaction
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $auth_net_url);
curl_setopt($ch, CURLOPT_HEADER, 0); // set to 0 to eliminate header info from response
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Returns response data instead of TRUE(1)
curl_setopt($ch, CURLOPT_POSTFIELDS, rtrim($postdata,"& ")); // use HTTP POST to send form data
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // uncomment this line if you get no gateway response.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); // uncomment this line if you get no gateway response.
$response = curl_exec($ch); // execute POST and get results
curl_close($ch);

// Interpet the post response
$text = $response;

// Use this hack to get transaction Response Code
$fpos = strpos($text, $authnet_values['x_delim_char']);
$fval = $text{$fpos - 1};
if($fval == "1") {
$fval = "Approved";
} elseif($fval == "2") {
$fval = "Declined";
} elseif($fval == "3") {
$fval = "Error";
}

$anet_rsp = "";
$h = substr_count($text, $authnet_values['x_delim_char']); // Count the number of substring occurrences
$h++;
for($j=1; $j <= $h; $j++) // Iterate through each part of response code
{
$p = strpos($text, $authnet_values['x_delim_char']); // Find position of first delineation in returned string
if ($p === false) {
if($j >= 69) { // Merchant definied variables for fields above 69
$anet_rsp .= "\n($j) Merchant-defined: $text <br />";
} else {
$anet_rsp .= "\n($j) $text <br />";
}
}
else { // x_delim_char was found, now return response code values
$p++;
$pstr = substr($text, 0, $p); // this prepares the text and returns one value of the submitted and processed name/value pairs at a time
$pstr_trimmed = substr($pstr, 0, -1); // removes "|" at the end

if($pstr_trimmed == "") {
$pstr_trimmed = "NO VALUE RETURNED <br />";
}

switch($j) {
case 1:
/* This wasn't finding Response Code
$fval = "";
if($pstr_trimmed == "1") {
$fval = "Approved";
} elseif($pstr_trimmed == "2") {
$fval = "Declined";
} elseif($pstr_trimmed == "3") {
$fval = "Error";
} */
$anet_rsp .= "\n($j) Response Code: $fval <br />";
break;
case 2:
$anet_rsp .= "\n($j) Response Subcode: $pstr_trimmed <br />";
break;
case 3:
$anet_rsp .= "\n($j) Response Reason Code: $pstr_trimmed <br />";
break;
case 4:
$anet_rsp .= "\n($j) Response Reason Text: $pstr_trimmed <br />";
break;
case 5:
$anet_rsp .= "\n($j) Approval Code: $pstr_trimmed <br />";
break;
default:
if($j >= 69){
$anet_rsp .= "\n($j) Merchant-defined: $pstr_trimmed";
} elseif($pstr_trimmed == "NO VALUE RETURNED <br />") { // Do nothing
} else {
$anet_rsp .= "\n($j) $pstr_trimmed <br />";
}
break;
}
// Remove the part that we identified and work with the rest of the string
$text = substr($text, $p);
}
}

// Add record for each purchase item
if($fval == "Approved") {
$sql = "INSERT INTO `onlinesales` (`id`, `date`, `x_cust_id`, `cust_name`, `x_invoice_num`, `x_amount`, `x_line_item`, `itemprice` ) VALUES ";
foreach($_POST['x_line_item'] as $key => $val) {
$sql .= "\n(NULL, '$date', '$currentuser', '$cust_name', '$x_invoice_num', '$x_amount', '$key', '$val'),";
}
$sql = substr($sql, 0, -1); // Trim last comma from query
@mysql_query($sql); // No MYSQL errors at this point. Transaction was already sent

$umessage = "\n<p>$fval: Your transaction was submitted and approved. A recipt has been e-mailed to the address provided.<br />";
$umessage .= "\n<div style=\"border:1px solid orange;padding:1em\">";
$umessage .= "\nInvoice date: $date <br />Invoice No: $x_invoice_num<br /><br />";
$umessage .= "\n<em>Transaction Codes:</em><br />\n$anet_rsp</div>";

} else {
$umessage = "\n<p>$fval: There was an error in the submitted transaction. Please use your 'back' button to try again.</p>";
$umessage .= "\n<div style=\"border:1px solid orange;padding:1em\"><em>Transaction Codes:</em><br />\n$anet_rsp</div>";
}
}
else {
$umessage = "Error. We don't have enough information for this request";
}

?>
<html>
<head>
<title>Checkout</title>
</head>
<body>
<?= $umessage;
print_r($_SESSION); ?>
</body>
</html>
[/code]
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.