KevinM1 Posted February 7, 2007 Share Posted February 7, 2007 I'm not sure if this really belongs here or if it's more suitable for the design/layout sub-section, so feel free to move it if I put it in the wrong place. I've written a simple e-commerce checkout script. The user's shopping cart is just persistant session info, as I didn't want to create a database table for every user. Upon checkout, the user is supposed to enter in their personal and credit card info, which, upon submission, will be e-mailed to our sales guy so he can put in the order with our distributor (not the most elegant system, I know, but it seems like it'll work). My biggest problem, right now, is the sheer bulk of the checkout script. I've tested it, and it works, but it's very long and no doubt heavy handed. Originally, I created a simple sticky form which worked well. The only problem is that my boss wanted it only to be sticky if someone didn't input their info correctly. If they did enter their info in correctly, then he wanted the form to disappear with a little message saying that the order was processed. I've managed to get all of that functionality into the script, but like I said, it's very bulky right now. Is there anything I can do to make it more manageable and readable? I'd like to keep everything in one script, if possible. My code: <?php #checkout.php session_start(); ob_start(); include('../php_config/config.php'); include('../templates/sub_header.inc'); if(!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS'] != 'on')){ header("Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); } $errMessage = NULL; $mailMessage = NULL; if(isset($_POST['continue'])){ $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: http://www.thinkingmachinestore.com/"); exit(); } if(isset($_POST['back'])){ $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: " . $_SERVER['PHP_SELF']); exit(); } if(isset($_POST['submit'])){ if(!empty($_POST['name']) && preg_match("/^[a-zA-Z]+([ a-zA-Z-]+)*$/i", $_POST['name'])){ $name = $_POST['name']; $n = TRUE; } else{ $errMessage .= "Please enter your name!<br />\n"; } if(!empty($_POST['address1']) && preg_match("/^[0-9a-zA-Z\.\-\ ]+$/i", $_POST['address1'])){ $address1 = $_POST['address1']; $a1 = TRUE; } else{ $errMessage .= "Please enter your address!<br />\n"; } if(!empty($_POST['address2']) && preg_match("/^[0-9a-zA-Z\.\-\ ]+$/i", $_POST['address2'])){ $address2 = $_POST['address2']; } else{ $address2 = ''; } if(!empty($_POST['city']) && preg_match("/^[a-zA-Z\.\-\ ]+$/i", $_POST['city'])){ $city = $_POST['city']; $c = TRUE; } else{ $errMessage .= "Please enter your city!<br />\n"; } if(!empty($_POST['state']) && preg_match("/^[a-zA-Z]{2}$/i", $_POST['state'])){ $state = $_POST['state']; $s = TRUE; } else{ $errMessage .= "Please enter your state!<br />\n"; } if(!empty($_POST['zipcode']) && preg_match("/^[0-9]{5}(\-[0-9]{4})?$/i", $_POST['zipcode'])){ $zipcode = $_POST['zipcode']; $z = TRUE; } else{ $errMessage .= "Please enter your zipcode!<br />\n"; } if(!empty($_POST['home_num']) && preg_match("/^[0-9]{10}$/i", $_POST['home_num'])){ $homeNum = $_POST['home_num']; $hn = TRUE; } else{ $errMessage .= "Please enter your home telephone number!<br />\n"; } if(!empty($_POST['email']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['email'])){ $email = $_POST['email']; $e = TRUE; } else{ $errMessage .= "Please enter your e-mail address!<br />\n"; } if(isset($_POST['card_name'])){ $cardName = $_POST['card_name']; $cn = TRUE; } else{ $errMessage .= "Please select a credit card!<br />\n"; } if(!empty($_POST['card_num']) && preg_match("/^[0-9]{16}$/i", $_POST['card_num'])){ $cardNum = $_POST['card_num']; $cNum = TRUE; } else{ $errMessage .= "Please enter your credit card number!<br />\n"; } if(!empty($_POST['CID']) && preg_match("/^[0-9]{3,4}$/i", $_POST['CID'])){ $cid = $_POST['CID']; $cidCheck = TRUE; } else{ $errMessage .= "Please enter your credit card's CID!<br />\n"; } if(!empty($_POST['bank_num']) && preg_match("/^[0-9]{10,11}$/i", $_POST['bank_num'])){ $bankNum = $_POST['bank_num']; $bn = TRUE; } else{ $errMessage .= "Please enter your credit card's telephone number!<br />\n"; } if($n && $a1 && $c && $s && $z && $hn && $e && $cn && $cNum && cidCheck && $bn){ if($address2){ $cartInfo = $myCart -> emailMessage(); $mailMessage .= "<html><head><title>Order Confirmation</title><body>$name<br />\n$address1<br />\n$address2<br />\n$city, $state $zipcode<br />\nHome Phone Number: $homeNum<br />\nE-mail Address: $email<br />\n<br />\nCredit Card Company: $cardName<br />\nCredit Card Number: $cardNum CID: $cid<br />\nCredit Card Phone Number: $bankNum<br />\n<br />\n$cartInfo<br /></body></html>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail('stan@thinkingmachineonline.com', 'Thinking Machine Store order', $mailMessage, $headers); $myCart = new ShoppingCart(); echo "<div style='margin-left: auto; margin-right: auto; text-align: center;'>Your order has been processed, $name<br /><form action='{$_SERVER['PHP_SELF']}' method='post'><input type='submit' name='continue' value ='Continue Shopping' /></form></div>\n"; } else{ $cartInfo = $myCart -> emailMessage(); $mailMessage .= "<html><head><title>Order Confirmation</title></head><body>$name<br />\n$address1<br />\n$city, $state $zipcode<br />\nHome Phone Number: $homeNum<br />\nE-mail Address: $email<br />\n<br />\nCredit Card Company: $cardName<br />\nCredit Card Number: $cardNum CID: $cid<br />\nCredit Card Phone Number: $bankNum<br />\n<br />\n$cartInfo</body></html>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail('stan@thinkingmachineonline.com', 'Thinking Machine Store order', $mailMessage, $headers); $myCart = new ShoppingCart(); echo "<div style='margin-left: auto; margin-right: auto; text-align: center;'>Your order has been processed, $name<br /><form action='{$_SERVER['PHP_SELF']}' method='post'><input type='submit' name='continue' value ='Continue Shopping' /></form></div>\n"; } } else{ echo "<div style='margin-left: auto; margin-right: auto; margin-top: 5px; text-align: center;'><a href='viewcart.php'><img src='images/store/storefront_02.jpg' alt='' /></a><img src='images/store/storefront_01a.jpg' alt='' /><a href='checkout.php'><img src='images/store/storefront_02a.jpg' alt='' /></a><div style='color: red; margin-left: auto; margin-right: auto; text-align: center;'>$errMessage</div>\n";?> <form name="checkout" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" style="margin-left: auto; margin-right: auto; text-align: center;"> <fieldset class="narrow"><legend>Please input your personal information</legend> <p><span style="color: red; font-size: 0.85em;">*Required fields.</span></p> <p><label for="name"><span style="color: red;">*</span>Name: </label><input type="text" name="name" value="<?php if(isset($_POST['name'])) echo $_POST['name']; ?>" /></p> <p><label for="address1"><span style="color: red;">*</span>Address 1: </label><input type="text" name="address1" value="<?php if(isset($_POST['address1'])) echo $_POST['address1']; ?>" /></p> <p><label for="address2"> Address 2: </label><input type="text" name="address2" value="<?php if(isset($_POST['address2'])) echo $_POST['address2']; ?>" /></p> <p><label for="city"><span style="color: red;">*</span>City: </label><input type="text" name="city" value="<?php if(isset($_POST['city'])) echo $_POST['city']; ?>" /></p> <p><label for="state"><span style="color: red;">*</span>State: </label><input type="text" name="state" value="<?php if(isset($_POST['state'])) echo $_POST['state']; ?>" size="2" maxlength="2" /></p> <p><label for="zipcode"><span style="color: red;">*</span>Zipcode: </label><input type="text" name="zipcode" value="<?php if(isset($_POST['zipcode'])) echo $_POST['zipcode']; ?>" /></p> <p><label for="home_num"><span style="color: red;">*</span>Home Telephone Number: <br /><span style="font-size: 0.75em;">(Include area code, but no dashes, spaces, or parentheses)</span></label><input type="text" name="home_num" value="<?php if(isset($_POST['home_num'])) echo $_POST['home_num']; ?>" /></p> <p><label for="email"><span style="color: red;">*</span>E-mail Address: </label><input type="text" name="email" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" /> </fieldset> <fieldset class="narrow"><legend>Please input your credit card information</legend> <p><span style="color: red; font-size: 0.75em;">*All fields are required.</span></p> <p><label for="card_name">Credit Card Provider: </label><select name="card_name"><option value="Mastercard">Mastercard</option><option value="Visa">Visa</option><option value="Discover">Discover</option><option value="American Express">American Express</option></select></p> <p><label for="card_num">Card Number: <span style="font-size: 0.75em">(No dashes or spaces)</span></label><input type="text" name="card_num" /></p> <p><label for="CID">CID: </label><input type="text" name="CID" value="<?php if(isset($_POST['CID'])) echo $_POST['CID']; ?>" size="4" maxlength="4" /></p> <p><label for="bank_num">Credit Card Telephone Number: <br /><span style="font-size: 0.75em;">(No dashes, spaces, or parentheses)</span></label><input type="text" name="bank_num" value="<?php if(isset($_POST['bank_num'])) echo $_POST['bank_num']; ?>" /></p> </fieldset><br /> <input type="submit" name="submit" value="Checkout" /><input type="submit" name="continue" value="Continue Shopping" /> </form> <a href="http://www.equifax.com/DigitalCertificates/"><img src="images/store/equifax.jpg" alt="Equifax SSL Security" /></a> </div> <?php } } else{?> <div style="margin-left: auto; margin-right: auto; margin-top: 5px; text-align: center;"><a href='viewcart.php'><img src='images/store/storefront_02.jpg' alt='' /></a><img src='images/store/storefront_01a.jpg' alt='' /><a href='checkout.php'><img src='images/store/storefront_02a.jpg' alt='' /></a> <form name="checkout" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" style="margin-left: auto; margin-right: auto; text-align: center;"> <fieldset class="narrow"><legend>Please input your personal information</legend> <p><span style="color: red; font-size: 0.85em;">*Required fields.</span></p> <p><label for="name"><span style="color: red;">*</span>Name: </label><input type="text" name="name" value="<?php if(isset($_POST['name'])) echo $_POST['name']; ?>" /></p> <p><label for="address1"><span style="color: red;">*</span>Address 1: </label><input type="text" name="address1" value="<?php if(isset($_POST['address1'])) echo $_POST['address1']; ?>" /></p> <p><label for="address2"> Address 2: </label><input type="text" name="address2" value="<?php if(isset($_POST['address2'])) echo $_POST['address2']; ?>" /></p> <p><label for="city"><span style="color: red;">*</span>City: </label><input type="text" name="city" value="<?php if(isset($_POST['city'])) echo $_POST['city']; ?>" /></p> <p><label for="state"><span style="color: red;">*</span>State: </label><input type="text" name="state" value="<?php if(isset($_POST['state'])) echo $_POST['state']; ?>" size="2" maxlength="2" /></p> <p><label for="zipcode"><span style="color: red;">*</span>Zipcode: </label><input type="text" name="zipcode" value="<?php if(isset($_POST['zipcode'])) echo $_POST['zipcode']; ?>" /></p> <p><label for="home_num"><span style="color: red;">*</span>Home Telephone Number: <br /><span style="font-size: 0.75em;">(Include area code, but no dashes, spaces, or parentheses)</span></label><input type="text" name="home_num" value="<?php if(isset($_POST['home_num'])) echo $_POST['home_num']; ?>" /></p> <p><label for="email"><span style="color: red;">*</span>E-mail Address: </label><input type="text" name="email" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" /> </fieldset> <fieldset class="narrow"><legend>Please input your credit card information</legend> <p><span style="color: red; font-size: 0.75em;">*All fields are required.</span></p> <p><label for="card_name">Credit Card Provider: </label><select name="card_name"><option value="Mastercard">Mastercard</option><option value="Visa">Visa</option><option value="Discover">Discover</option><option value="American Express">American Express</option></select></p> <p><label for="card_num">Card Number: <span style="font-size: 0.75em">(No dashes or spaces)</span></label><input type="text" name="card_num" /></p> <p><label for="CID">CID: </label><input type="text" name="CID" value="<?php if(isset($_POST['CID'])) echo $_POST['CID']; ?>" size="4" maxlength="4" /></p> <p><label for="bank_num">Credit Card Telephone Number: <br /><span style="font-size: 0.75em;">(No dashes, spaces, or parentheses)</span></label><input type="text" name="bank_num" value="<?php if(isset($_POST['bank_num'])) echo $_POST['bank_num']; ?>" /></p> </fieldset><br /> <input type="submit" name="submit" value="Checkout" /><input type="submit" name="continue" value="Continue Shopping" /> </form> <a href="http://www.equifax.com/DigitalCertificates/"><img src="images/store/equifax.jpg" alt="Equifax SSL Security" /></a> </div> <?php } include('../templates/sub_footer.inc'); ?> Quote Link to comment https://forums.phpfreaks.com/topic/37492-cleaning-up-my-code/ Share on other sites More sharing options...
ultrus Posted February 8, 2007 Share Posted February 8, 2007 Hello Nightslyr, I like your drive for simplicity. I'm not sure how to optimize your script for speed. However, I suggest that you do not send peoples' personal credit card information over email. That opens you up for attacks, possibly even more so as you are sharing the workings of your work on this website. It's generally bad practice to store peoples' financial information on your website unless absolutely necessary. It's much worse to pass financial info via email. If you are just getting started with online transactions, I recommend looking into PayPal or Google Checkout. I also recommend adding SSL to your website to increase security while buyers use your site. Take care. Quote Link to comment https://forums.phpfreaks.com/topic/37492-cleaning-up-my-code/#findComment-179629 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.