Jump to content

Cleaning up my code...

KevinM1

By KevinM1
in PHP Coding Help

 Share

Recommended Posts

KevinM1 Advanced Member

KevinM1

Posted
Posted

I'm not sure if this really belongs here or if it's more suitable for the design/layout sub-section, so feel free to move it if I put it in the wrong place.

 

I've written a simple e-commerce checkout script.  The user's shopping cart is just persistant session info, as I didn't want to create a database table for every user.  Upon checkout, the user is supposed to enter in their personal and credit card info, which, upon submission, will be e-mailed to our sales guy so he can put in the order with our distributor (not the most elegant system, I know, but it seems like it'll work).

 

My biggest problem, right now, is the sheer bulk of the checkout script.  I've tested it, and it works, but it's very long and no doubt heavy handed.  Originally, I created a simple sticky form which worked well.  The only problem is that my boss wanted it only to be sticky if someone didn't input their info correctly.  If they did enter their info in correctly, then he wanted the form to disappear with a little message saying that the order was processed.  I've managed to get all of that functionality into the script, but like I said, it's very bulky right now.  Is there anything I can do to make it more manageable and readable?  I'd like to keep everything in one script, if possible.

 

My code:

<?php

#checkout.php

session_start();
ob_start();

include('../php_config/config.php');
include('../templates/sub_header.inc');

if(!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS'] != 'on')){
   header("Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}

$errMessage = NULL;
$mailMessage = NULL;

if(isset($_POST['continue'])){
   $_SESSION['ip'] = urlencode(serialize($ip));
   $_SESSION['myCart'] = urlencode(serialize($myCart));
   header("Location: http://www.thinkingmachinestore.com/");
   exit();
}

if(isset($_POST['back'])){
   $_SESSION['ip'] = urlencode(serialize($ip));
   $_SESSION['myCart'] = urlencode(serialize($myCart));
   header("Location: " . $_SERVER['PHP_SELF']);
   exit();
}

if(isset($_POST['submit'])){
   if(!empty($_POST['name']) && preg_match("/^[a-zA-Z]+([ a-zA-Z-]+)*$/i", $_POST['name'])){
      $name = $_POST['name'];
      $n = TRUE;
   }

   else{
      $errMessage .= "Please enter your name!<br />\n";
   }

   if(!empty($_POST['address1']) && preg_match("/^[0-9a-zA-Z\.\-\ ]+$/i", $_POST['address1'])){
      $address1 = $_POST['address1'];
      $a1 = TRUE;
   }

   else{
      $errMessage .= "Please enter your address!<br />\n";
   }

   if(!empty($_POST['address2']) && preg_match("/^[0-9a-zA-Z\.\-\ ]+$/i", $_POST['address2'])){
      $address2 = $_POST['address2'];
   }

   else{
      $address2 = '';
   }

   if(!empty($_POST['city']) && preg_match("/^[a-zA-Z\.\-\ ]+$/i", $_POST['city'])){
      $city = $_POST['city'];
      $c = TRUE;
   }

   else{
      $errMessage .= "Please enter your city!<br />\n";
   }

   if(!empty($_POST['state']) && preg_match("/^[a-zA-Z]{2}$/i", $_POST['state'])){
      $state = $_POST['state'];
      $s = TRUE;
   }

   else{
      $errMessage .= "Please enter your state!<br />\n";
   }

   if(!empty($_POST['zipcode']) && preg_match("/^[0-9]{5}(\-[0-9]{4})?$/i", $_POST['zipcode'])){
      $zipcode = $_POST['zipcode'];
      $z = TRUE;
   }

   else{
      $errMessage .= "Please enter your zipcode!<br />\n";
   }

   if(!empty($_POST['home_num']) && preg_match("/^[0-9]{10}$/i", $_POST['home_num'])){
      $homeNum = $_POST['home_num'];
      $hn = TRUE;
   }

   else{
      $errMessage .= "Please enter your home telephone number!<br />\n";
   }

   if(!empty($_POST['email']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['email'])){
      $email = $_POST['email'];
      $e = TRUE;
   }

   else{
      $errMessage .= "Please enter your e-mail address!<br />\n";
   }

   if(isset($_POST['card_name'])){
      $cardName = $_POST['card_name'];
      $cn = TRUE;
   }

   else{
      $errMessage .= "Please select a credit card!<br />\n";
   }

   if(!empty($_POST['card_num']) && preg_match("/^[0-9]{16}$/i", $_POST['card_num'])){
      $cardNum = $_POST['card_num'];
      $cNum = TRUE;
   }

   else{
      $errMessage .= "Please enter your credit card number!<br />\n";
   }

   if(!empty($_POST['CID']) && preg_match("/^[0-9]{3,4}$/i", $_POST['CID'])){
      $cid = $_POST['CID'];
      $cidCheck = TRUE;
   }

   else{
      $errMessage .= "Please enter your credit card's CID!<br />\n";
   }

   if(!empty($_POST['bank_num']) && preg_match("/^[0-9]{10,11}$/i", $_POST['bank_num'])){
      $bankNum = $_POST['bank_num'];
      $bn = TRUE;
   }

   else{
      $errMessage .= "Please enter your credit card's telephone number!<br />\n";
   }

   if($n && $a1 && $c && $s && $z && $hn && $e && $cn && $cNum && cidCheck && $bn){
      if($address2){
         $cartInfo = $myCart -> emailMessage();
         $mailMessage .= "<html><head><title>Order Confirmation</title><body>$name<br />\n$address1<br />\n$address2<br />\n$city, $state $zipcode<br />\nHome Phone Number: $homeNum<br />\nE-mail Address: $email<br />\n<br />\nCredit Card Company: $cardName<br />\nCredit Card Number: $cardNum CID: $cid<br />\nCredit Card Phone Number: $bankNum<br />\n<br />\n$cartInfo<br /></body></html>";
         $headers = 'MIME-Version: 1.0' . "\r\n";
         $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
         mail('stan@thinkingmachineonline.com', 'Thinking Machine Store order', $mailMessage, $headers);
         $myCart = new ShoppingCart();
         echo "<div style='margin-left: auto; margin-right: auto; text-align: center;'>Your order has been processed, $name<br /><form action='{$_SERVER['PHP_SELF']}' method='post'><input type='submit' name='continue' value ='Continue Shopping' /></form></div>\n";
      }

      else{
         $cartInfo = $myCart -> emailMessage();
         $mailMessage .= "<html><head><title>Order Confirmation</title></head><body>$name<br />\n$address1<br />\n$city, $state $zipcode<br />\nHome Phone Number: $homeNum<br />\nE-mail Address: $email<br />\n<br />\nCredit Card Company: $cardName<br />\nCredit Card Number: $cardNum CID: $cid<br />\nCredit Card Phone Number: $bankNum<br />\n<br />\n$cartInfo</body></html>";
         $headers = 'MIME-Version: 1.0' . "\r\n";
         $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
         mail('stan@thinkingmachineonline.com', 'Thinking Machine Store order', $mailMessage, $headers);
         $myCart = new ShoppingCart();
         echo "<div style='margin-left: auto; margin-right: auto; text-align: center;'>Your order has been processed, $name<br /><form action='{$_SERVER['PHP_SELF']}' method='post'><input type='submit' name='continue' value ='Continue Shopping' /></form></div>\n";
      }
   }

   else{
      echo "<div style='margin-left: auto; margin-right: auto; margin-top: 5px; text-align: center;'><a href='viewcart.php'><img src='images/store/storefront_02.jpg' alt='' /></a><img src='images/store/storefront_01a.jpg' alt='' /><a href='checkout.php'><img src='images/store/storefront_02a.jpg' alt='' /></a><div style='color: red; margin-left: auto; margin-right: auto; text-align: center;'>$errMessage</div>\n";?>
<form name="checkout" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" style="margin-left: auto; margin-right: auto; text-align: center;">
   <fieldset class="narrow"><legend>Please input your personal information</legend>
      <p><span style="color: red; font-size: 0.85em;">*Required fields.</span></p>
      <p><label for="name"><span style="color: red;">*</span>Name: </label><input type="text" name="name" value="<?php if(isset($_POST['name'])) echo $_POST['name']; ?>" /></p>
      <p><label for="address1"><span style="color: red;">*</span>Address 1: </label><input type="text" name="address1" value="<?php if(isset($_POST['address1'])) echo $_POST['address1']; ?>" /></p>
      <p><label for="address2"> Address 2: </label><input type="text" name="address2" value="<?php if(isset($_POST['address2'])) echo $_POST['address2']; ?>" /></p>
      <p><label for="city"><span style="color: red;">*</span>City: </label><input type="text" name="city" value="<?php if(isset($_POST['city'])) echo $_POST['city']; ?>" /></p>
      <p><label for="state"><span style="color: red;">*</span>State: </label><input type="text" name="state" value="<?php if(isset($_POST['state'])) echo $_POST['state']; ?>" size="2" maxlength="2" /></p>
      <p><label for="zipcode"><span style="color: red;">*</span>Zipcode: </label><input type="text" name="zipcode" value="<?php if(isset($_POST['zipcode'])) echo $_POST['zipcode']; ?>" /></p>
      <p><label for="home_num"><span style="color: red;">*</span>Home  Telephone  Number: <br /><span style="font-size: 0.75em;">(Include area code, but no dashes, spaces, or parentheses)</span></label><input type="text" name="home_num" value="<?php if(isset($_POST['home_num'])) echo $_POST['home_num']; ?>" /></p>
      <p><label for="email"><span style="color: red;">*</span>E-mail  Address: </label><input type="text" name="email" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" />
   </fieldset>

   <fieldset class="narrow"><legend>Please input your credit card information</legend>
      <p><span style="color: red; font-size: 0.75em;">*All fields are required.</span></p>
      <p><label for="card_name">Credit Card Provider: </label><select name="card_name"><option value="Mastercard">Mastercard</option><option value="Visa">Visa</option><option value="Discover">Discover</option><option value="American Express">American Express</option></select></p>
      <p><label for="card_num">Card Number: <span style="font-size: 0.75em">(No dashes or spaces)</span></label><input type="text" name="card_num" /></p>
      <p><label for="CID">CID: </label><input type="text" name="CID" value="<?php if(isset($_POST['CID'])) echo $_POST['CID']; ?>" size="4" maxlength="4" /></p>
      <p><label for="bank_num">Credit Card Telephone Number: <br /><span style="font-size: 0.75em;">(No dashes, spaces, or parentheses)</span></label><input type="text" name="bank_num" value="<?php if(isset($_POST['bank_num'])) echo $_POST['bank_num']; ?>" /></p>
   </fieldset><br />
      <input type="submit" name="submit" value="Checkout" /><input type="submit" name="continue" value="Continue Shopping" />
</form>

<a href="http://www.equifax.com/DigitalCertificates/"><img src="images/store/equifax.jpg" alt="Equifax SSL Security" /></a>
</div>
<?php
   }
}

else{?>

<div style="margin-left: auto; margin-right: auto; margin-top: 5px; text-align: center;"><a href='viewcart.php'><img src='images/store/storefront_02.jpg' alt='' /></a><img src='images/store/storefront_01a.jpg' alt='' /><a href='checkout.php'><img src='images/store/storefront_02a.jpg' alt='' /></a>
<form name="checkout" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" style="margin-left: auto; margin-right: auto; text-align: center;">
   <fieldset class="narrow"><legend>Please input your personal information</legend>
      <p><span style="color: red; font-size: 0.85em;">*Required fields.</span></p>
      <p><label for="name"><span style="color: red;">*</span>Name: </label><input type="text" name="name" value="<?php if(isset($_POST['name'])) echo $_POST['name']; ?>" /></p>
      <p><label for="address1"><span style="color: red;">*</span>Address 1: </label><input type="text" name="address1" value="<?php if(isset($_POST['address1'])) echo $_POST['address1']; ?>" /></p>
      <p><label for="address2"> Address 2: </label><input type="text" name="address2" value="<?php if(isset($_POST['address2'])) echo $_POST['address2']; ?>" /></p>
      <p><label for="city"><span style="color: red;">*</span>City: </label><input type="text" name="city" value="<?php if(isset($_POST['city'])) echo $_POST['city']; ?>" /></p>
      <p><label for="state"><span style="color: red;">*</span>State: </label><input type="text" name="state" value="<?php if(isset($_POST['state'])) echo $_POST['state']; ?>" size="2" maxlength="2" /></p>
      <p><label for="zipcode"><span style="color: red;">*</span>Zipcode: </label><input type="text" name="zipcode" value="<?php if(isset($_POST['zipcode'])) echo $_POST['zipcode']; ?>" /></p>
      <p><label for="home_num"><span style="color: red;">*</span>Home  Telephone  Number: <br /><span style="font-size: 0.75em;">(Include area code, but no dashes, spaces, or parentheses)</span></label><input type="text" name="home_num" value="<?php if(isset($_POST['home_num'])) echo $_POST['home_num']; ?>" /></p>
      <p><label for="email"><span style="color: red;">*</span>E-mail  Address: </label><input type="text" name="email" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" />
   </fieldset>

   <fieldset class="narrow"><legend>Please input your credit card information</legend>
      <p><span style="color: red; font-size: 0.75em;">*All fields are required.</span></p>
      <p><label for="card_name">Credit Card Provider: </label><select name="card_name"><option value="Mastercard">Mastercard</option><option value="Visa">Visa</option><option value="Discover">Discover</option><option value="American Express">American Express</option></select></p>
      <p><label for="card_num">Card Number: <span style="font-size: 0.75em">(No dashes or spaces)</span></label><input type="text" name="card_num" /></p>
      <p><label for="CID">CID: </label><input type="text" name="CID" value="<?php if(isset($_POST['CID'])) echo $_POST['CID']; ?>" size="4" maxlength="4" /></p>
      <p><label for="bank_num">Credit Card Telephone Number: <br /><span style="font-size: 0.75em;">(No dashes, spaces, or parentheses)</span></label><input type="text" name="bank_num" value="<?php if(isset($_POST['bank_num'])) echo $_POST['bank_num']; ?>" /></p>
   </fieldset><br />
      <input type="submit" name="submit" value="Checkout" /><input type="submit" name="continue" value="Continue Shopping" />
</form>

<a href="http://www.equifax.com/DigitalCertificates/"><img src="images/store/equifax.jpg" alt="Equifax SSL Security" /></a>
</div>

<?php
}

include('../templates/sub_footer.inc');

?>

Link to comment
Share on other sites
ultrus Regular Member

ultrus

Posted
Posted

Hello Nightslyr,

I like your drive for simplicity. I'm not sure how to optimize your script for speed. However, I suggest that you do not send peoples' personal credit card information over email. That opens you up for attacks, possibly even more so as you are sharing the workings of your work on this website.

 

It's generally bad practice to store peoples' financial information on your website unless absolutely necessary. It's much worse to pass financial info via email. If you are just getting started with online transactions, I recommend looking into PayPal or Google Checkout. I also recommend adding SSL to your website to increase security while buyers use your site.

 

Take care.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.