1 #include <infocon.style>
4 <page title="InfoCon - Online-Shop">
6 <h1 align=center>Bestellung</h1>
9 # BEGIN ... COMMIT oder BEGIN ... ROLLBACK
11 # Porto erst einmal auf 20,-- festgesetzt
19 $tbest = "<tr bgcolor=\"%s\"><td colspan=\"4\" align=\"left\"><font face=\"Helvetica,Arial\">"
20 ."<b>Bestellung Nr. %d</b><p></font></td></tr>";
22 $tind = "<tr bgcolor=\"$ch\"><th width=\"10%\"><font face=\"Helvetica,Arial\">Anzahl</font></th>"
23 ."<th width=\"70%\" align=\"left\"><font face=\"Helvetica,Arial\">Artikel</font></th>"
24 ."<th width=\"10%\" align=\"right\"><font face=\"Helvetica,Arial\">Einzel</font></th>"
25 ."<th width=\"10%\" align=\"right\"><font face=\"Helvetica,Arial\">Gesamt</font></th></tr>";
27 $trow = "<tr bgcolor=\"%s\"><td align=\"right\"><font face=\"Helvetica,Arial\">%d </font></td>"
28 ."<td align=\"left\"><font face=\"Helvetica,Arial\">"
29 ."<a href=\"show.php3?article=%s\">%s, %s</a></font></td>"
30 ."<td align=\"right\"><font face=\"Helvetica,Arial\">%6.2f</font></td>"
31 ."<td align=\"right\"><font face=\"Helvetica,Arial\">%6.2f</font></td></tr>";
33 $tporto = "<tr bgcolor=\"%s\"><td align=\"right\"><font face=\"Helvetica,Arial\">1 </font></td>"
34 ."<td align=\"left\"><font face=\"Helvetica,Arial\"><a href=\"porto.html\">Porto und Verpackung</a></font></td>"
35 ."<td align=\"right\"><font face=\"Helvetica,Arial\">%6.2f</font></td>"
36 ."<td align=\"right\"><font face=\"Helvetica,Arial\">%6.2f</font></td></tr>";
38 $tsum = "<tr bgcolor=\"%s\"><th colspan=\"3\" align=\"left\"><font face=\"Helvetica,Arial\">Summe</font></th>"
39 ."<th align=\"right\"><font face=\"Helvetica,Arial\">%7.2f</font></th></tr>";
42 # Kundennr. !Kundennr.
43 # / \ Kundendaten vollständig
45 # korrekt inkorrekt / \
46 # \ \ / Kunden aufnehmen
52 # Bestellung aufnehmen
53 # -> Lagerbestand ändern
55 # Bestätigung per Mail
60 # Infobox für die Kundennummer und das Kennwort
61 # 0="Firma"/"Name"; 1=Name; 2=Kundennr.; 3=Kennwort
62 $pwinfo = "<div align=\"center\"><table border=\"0\" cellpadding=\"2\" cellspacing=\"0\" summary=\"\">"
63 ."<tr><td colspan=\"3\"bgcolor=\"<colh>\" align=\"center\"><font face=\"Helvetica,Arial\">"
64 ."<b>Ihre Kundendaten</b></font></td></tr>"
65 ."<tr><td bgcolor=\"<cold>\"><font face=\"Helvetica,Arial\"><b>%s</b></font></td>"
66 ."<td bgcolor=\"<coln>\"> </td>"
67 ."<td bgcolor=\"<coln>\"><font face=\"Helvetica,Arial\">%s</font></td></tr>"
68 ."<tr><td bgcolor=\"<cold>\"><font face=\"Helvetica,Arial\"><b>Kundennr.</b></font></td>"
69 ."<td bgcolor=\"<coln>\"> </td>"
70 ."<td bgcolor=\"<coln>\"><font face=\"Helvetica,Arial\">%s</font></td></tr>"
71 ."<tr><td bgcolor=\"<cold>\"><font face=\"Helvetica,Arial\"><b>Kennwort</b></font></td>"
72 ."<td bgcolor=\"<coln>\"> </td>"
73 ."<td bgcolor=\"<coln>\"><font face=\"Helvetica,Arial\">%s</font></td></tr></table></div><p>";
78 #if ($HTTP_REFERER != "http://infocon.infodrom.org/shop/order.php3") {
79 if (strcasecmp ($HTTP_REFERER, "http://wwww.infodrom.ffis.de/infocon.infodrom.org/shop/order.php3") != 0) {
80 echo ("<p>Hier stimmt etwas nicht."); // nämlich fehlt der richtige Referer-Wert...
81 } else /* Referer */ {
83 if ((strlen ($customer) > 0) && (strlen ($passwd) > 0)) {
85 $sth = dbquery ($dbh, sprintf ("SELECT passwd FROM customer WHERE customer = %d", $customer));
86 if (pg_NumRows ($sth) > 0) {
87 $row = pg_fetch_array ($sth, 0);
88 if ( (strlen ($row['passwd']) > 0) && ($passwd == $row['passwd'])) {
91 echo ("<p>Das angegebene Kennwort stimmt nicht mit dem gespeicherten überein.");
94 echo ("<p>Die angegebene Kundennummer ist falsch.");
96 } else /* customer && passwd */ {
97 if ( (strlen ($lastname) > 0)
98 && (strlen ($firstname) > 0)
99 && (strlen ($street) > 0)
100 && (strlen ($plz) > 0)
101 && (strlen ($city) > 0)
102 && (strlen ($country) > 0) ) {
105 for $i (('company','firstname','lastname','appendix','street','city','country')) {
106 printf " \$%s=sql_prepare (\$%s);\n", $i, $i;
111 $sth = dbquery ($dbh, "SELECT max(customer) FROM customer");
112 if (pg_NumRows ($sth) > 0) {
113 $row = pg_fetch_array ($sth, 0);
114 $customer = $row[0] > <kdnrmin>?$row[0]:<kdnrmin>;
117 # Now try to get a password
119 $pwgen = popen ("pwgen 10", "r");
120 if (!feof ($pwgen)) {
121 $newpasswd = fgets ($pwgen, 255);
125 # ACHTUNG: Hier fehlt jeglicher Sicherheitsmechanismus, der verhindern könnte, daß
126 # eine Firma zig-mal direkt hintereinander mit Bestellungen ... (fixme)
127 $query = sprintf ("INSERT INTO customer (customer,company,firstname,lastname,appendix,street,plz,city,country,passwd) "
128 ."VALUES (%d,'%s','%s','%s','%s','%s',%d,'%s','%s','%s')",
129 $customer,$company,$firstname,$lastname,$appendix,$street,$plz,$city,$country,$newpasswd);
130 $sth = dbquery ($dbh, $query);
132 printf ($pwinfo, strlen ($company)?"Firma":"Name",
133 strlen ($company)?$company:$firstname . " " . $lastname, $customer, $newpasswd);
136 echo ("<p>Es ist ein Datenbankfehler aufgetreten.");
140 echo ("<p>Nicht alle erforderlichen Felder sind ausgefüllt.");
148 # Queries to insert Bestellung...
150 $sth = dbquery ($dbh, "SELECT max(dispatch) FROM dispatch");
151 if (pg_NumRows ($sth) > 0) {
152 $dmin = date("Y") . sprintf ("%05d", <dispatchmin>);
153 $row = pg_fetch_array ($sth, 0);
154 $dispatch = $row[0] > $dmin?$row[0]:$dmin;
157 # fixme: Find out if 1st dispatch will be empty first...
158 # Warning: If another user try to add dispatches, this will fail
159 $sth = dbquery ($dbh, sprintf ("INSERT INTO dispatch (dispatch,customer,date) VALUES (%d,%d,now())",
160 $dispatch, $customer));
161 $sth = dbquery ($dbh, sprintf ("INSERT INTO status (dispatch,status,staff,date) VALUES (%d,<st_order>,'web',now())",
165 $sth = dbquery ($dbh, sprintf ("INSERT INTO dispatch (dispatch,customer,date) VALUES (%d,%d,now())",
166 $dispatch+1, $customer));
167 $sth = dbquery ($dbh, sprintf ("INSERT INTO status (dispatch,status,staff,date) VALUES (%d,<st_order>,'web',now())",
171 printf ($tbest, $ch, $dispatch);
174 # Status: customer verified || created; 1 or 2 dispatches reserved
176 $sth = dbquery ($dbh, "SELECT article.name,article.article,offer.subname,offer.price,offer.articleid,spool.count_spare,"
178 ."FROM article,offer,spool WHERE article.article = offer.article AND offer.articleid = spool.articleid "
179 ."ORDER BY offer.articleid");
185 for ($i=0; $i < pg_NumRows ($sth); $i++) {
186 $row = pg_fetch_array ($sth, $i);
188 if (${$row['articleid']} > 0) {
189 $sthi = dbquery ($dbh, sprintf ("UPDATE spool SET count_spare = %d, count_sold = %d WHERE articleid = '%s'",
190 $row['count_spare'] - ${$row['articleid']},
191 $row['count_sold'] + ${$row['articleid']},
194 if ($split && (${$row['articleid']} > $row['count_spare'])) {
196 if ($row['count_spare'] > 0) {
197 $color = $color == $cd?$cn:$cd;
198 printf ($trow, $color, $row['count_spare'], $row['article'], $row['name'], $row['subname'], $row['price'],
199 $row['price'] * $row['count_spare']);
201 $sthi = dbquery ($dbh, sprintf ("INSERT INTO dispatchlist (dispatch,articleid,quantity,unitprice) "
202 ."VALUES (%d,'%s',%d,%5.2f)",
203 $dispatch,$row['articleid'],$row['count_spare'],$row['price']));
204 $sum += $row['price'] * $row['count_spare'];
206 ${$row['articleid']} -= $row['count_spare'];
209 $sthi = dbquery ($dbh, sprintf ("INSERT INTO dispatchlist (dispatch,articleid,quantity,unitprice) "
210 ."VALUES (%d,'%s',%d,%5.2f)",
211 $dispatch+1,$row['articleid'],${$row['articleid']},$row['price']));
212 $sum2 += $row['price'] * ${$row['articleid']};
213 $color2 = $color2 == $cd?$cn:$cd;
214 $table .= sprintf ($trow, $color2, ${$row['articleid']}, $row['article'], $row['name'], $row['subname'], $row['price'],
215 $row['price'] * ${$row['articleid']});
217 $color = $color == $cd?$cn:$cd;
218 printf ($trow, $color, ${$row['articleid']}, $row['article'], $row['name'], $row['subname'], $row['price'],
219 $row['price'] * ${$row['articleid']});
220 $sthi = dbquery ($dbh, sprintf ("INSERT INTO dispatchlist (dispatch,articleid,quantity,unitprice) "
221 ."VALUES (%d,'%s',%d,%5.2f)",
222 $dispatch,$row['articleid'],${$row['articleid']},$row['price']));
223 $sum += $row['price'] * ${$row['articleid']};
224 ${$row['articleid']} = 0;
226 } /* ${$row['articleid']} > 0 */
228 $color = $color == $cd?$cn:$cd;
229 printf ($tporto, $color, $porto, $porto);
231 printf ($tsum, $ch, $sum);
233 echo ("<tr><td><font face=\"Helvetica,Arial\"><b>Interner Fehler.</b></font></td></tr>");
242 printf ($tbest, $ch, $dispatch+1);
245 $color2 = $color2 == $cd?$cn:$cd;
246 printf ($tporto, $color2, $porto, $porto);
248 printf ($tsum, $ch, $sum2);
253 echo ("<p><b>Bitte benutzen Sie den Back-Button ihres Browsers und korrigieren Sie Ihre Eingaben.</b>");
260 # mode: indented-text