1 #include <infocon.style>
4 <page title="Online-Shop">
7 # BEGIN ... COMMIT oder BEGIN ... ROLLBACK
9 # Porto erst einmal auf 20,-- festgesetzt
17 $tbest = "<tr bgcolor=\"%s\"><td colspan=\"4\" align=\"left\"><font face=\"Helvetica,Arial\">"
18 ."<b>Bestellung Nr. %d</b><p></font></td></tr>";
20 $tind = "<tr bgcolor=\"$ch\"><th width=\"10%\"><font face=\"Helvetica,Arial\">Anzahl</font></th>"
21 ."<th width=\"70%\" align=\"left\"><font face=\"Helvetica,Arial\">Artikel</font></th>"
22 ."<th width=\"10%\" align=\"right\"><font face=\"Helvetica,Arial\">Einzel</font></th>"
23 ."<th width=\"10%\" align=\"right\"><font face=\"Helvetica,Arial\">Gesamt</font></th></tr>";
25 $trow = "<tr bgcolor=\"%s\"><td align=\"right\"><font face=\"Helvetica,Arial\">%d </font></td>"
26 ."<td align=\"left\"><font face=\"Helvetica,Arial\">"
27 ."<a href=\"show.php3?article=%s\">%s, %s</a></font></td>"
28 ."<td align=\"right\"><font face=\"Helvetica,Arial\">%6.2f</font></td>"
29 ."<td align=\"right\"><font face=\"Helvetica,Arial\">%6.2f</font></td></tr>";
31 $tporto = "<tr bgcolor=\"%s\"><td align=\"right\"><font face=\"Helvetica,Arial\">1 </font></td>"
32 ."<td align=\"left\"><font face=\"Helvetica,Arial\"><a href=\"porto.html\">Porto und Verpackung</a></font></td>"
33 ."<td align=\"right\"><font face=\"Helvetica,Arial\">%6.2f</font></td>"
34 ."<td align=\"right\"><font face=\"Helvetica,Arial\">%6.2f</font></td></tr>";
36 $tsum = "<tr bgcolor=\"%s\"><th colspan=\"3\" align=\"left\"><font face=\"Helvetica,Arial\">Summe</font></th>"
37 ."<th align=\"right\"><font face=\"Helvetica,Arial\">%7.2f</font></th></tr>";
40 # Kundennr. !Kundennr.
41 # / \ Kundendaten vollständig
43 # korrekt inkorrekt / \
44 # \ \ / Kunden aufnehmen
50 # Bestellung aufnehmen
51 # -> Lagerbestand ändern
53 # Bestätigung per Mail
58 # Infobox für die Kundennummer und das Kennwort
59 # 0="Firma"/"Name"; 1=Name; 2=Kundennr.; 3=Kennwort
60 $pwinfo = "<div align=\"center\"><table border=\"0\" cellpadding=\"2\" cellspacing=\"0\" summary=\"\">"
61 ."<tr><td colspan=\"3\"bgcolor=\"<colh>\" align=\"center\"><font face=\"Helvetica,Arial\">"
62 ."<b>Ihre Kundendaten</b></font></td></tr>"
63 ."<tr><td bgcolor=\"<cold>\"><font face=\"Helvetica,Arial\"><b>%s</b></font></td>"
64 ."<td bgcolor=\"<coln>\"> </td>"
65 ."<td bgcolor=\"<coln>\"><font face=\"Helvetica,Arial\">%s</font></td></tr>"
66 ."<tr><td bgcolor=\"<cold>\"><font face=\"Helvetica,Arial\"><b>Kundennr.</b></font></td>"
67 ."<td bgcolor=\"<coln>\"> </td>"
68 ."<td bgcolor=\"<coln>\"><font face=\"Helvetica,Arial\">%s</font></td></tr>"
69 ."<tr><td bgcolor=\"<cold>\"><font face=\"Helvetica,Arial\"><b>Kennwort</b></font></td>"
70 ."<td bgcolor=\"<coln>\"> </td>"
71 ."<td bgcolor=\"<coln>\"><font face=\"Helvetica,Arial\">%s</font></td></tr></table></div><p>";
76 #if ($HTTP_REFERER != "http://infocon.infodrom.org/shop/order.php3") {
77 if (strcasecmp ($HTTP_REFERER, "http://wwww.infodrom.ffis.de/infocon.infodrom.org/shop/order.php3") != 0) {
78 echo ("<p>Hier stimmt etwas nicht."); // nämlich fehlt der richtige Referer-Wert...
79 } else /* Referer */ {
81 if ((strlen ($customer) > 0) && (strlen ($passwd) > 0)) {
83 $sth = dbquery ($dbh, sprintf ("SELECT passwd FROM customer WHERE customer = %d", $customer));
84 if (pg_NumRows ($sth) > 0) {
85 $row = pg_fetch_array ($sth, 0);
86 if ( (strlen ($row['passwd']) > 0) && ($passwd == $row['passwd'])) {
89 echo ("<p>Das angegebene Kennwort stimmt nicht mit dem gespeicherten überein.");
92 echo ("<p>Die angegebene Kundennummer ist falsch.");
94 } else /* customer && passwd */ {
95 if ( (strlen ($lastname) > 0)
96 && (strlen ($firstname) > 0)
97 && (strlen ($street) > 0)
98 && (strlen ($plz) > 0)
99 && (strlen ($city) > 0)
100 && (strlen ($country) > 0) ) {
103 for $i (('company','firstname','lastname','appendix','street','city','country')) {
104 printf " \$%s=sql_prepare (\$%s);\n", $i, $i;
109 $sth = dbquery ($dbh, "SELECT max(customer) FROM customer");
110 if (pg_NumRows ($sth) > 0) {
111 $row = pg_fetch_array ($sth, 0);
112 $customer = $row[0] > <kdnrmin>?$row[0]:<kdnrmin>;
115 # Now try to get a password
117 $pwgen = popen ("pwgen 10", "r");
118 if (!feof ($pwgen)) {
119 $newpasswd = fgets ($pwgen, 255);
123 # ACHTUNG: Hier fehlt jeglicher Sicherheitsmechanismus, der verhindern könnte, daß
124 # eine Firma zig-mal direkt hintereinander mit Bestellungen ... (fixme)
125 $query = sprintf ("INSERT INTO customer (customer,company,firstname,lastname,appendix,street,plz,city,country,passwd) "
126 ."VALUES (%d,'%s','%s','%s','%s','%s',%d,'%s','%s','%s')",
127 $customer,$company,$firstname,$lastname,$appendix,$street,$plz,$city,$country,$newpasswd);
128 $sth = dbquery ($dbh, $query);
130 printf ($pwinfo, strlen ($company)?"Firma":"Name",
131 strlen ($company)?$company:$firstname . " " . $lastname, $customer, $newpasswd);
134 echo ("<p>Es ist ein Datenbankfehler aufgetreten.");
138 echo ("<p>Nicht alle erforderlichen Felder sind ausgefüllt.");
146 # Queries to insert Bestellung...
148 $sth = dbquery ($dbh, "SELECT max(dispatch) FROM dispatch");
149 if (pg_NumRows ($sth) > 0) {
150 $dmin = date("Y") . sprintf ("%05d", <dispatchmin>);
151 $row = pg_fetch_array ($sth, 0);
152 $dispatch = $row[0] > $dmin?$row[0]:$dmin;
155 # fixme: Find out if 1st dispatch will be empty first...
156 # Warning: If another user try to add dispatches, this will fail
157 $sth = dbquery ($dbh, sprintf ("INSERT INTO dispatch (dispatch,customer,date) VALUES (%d,%d,now())",
158 $dispatch, $customer));
159 $sth = dbquery ($dbh, sprintf ("INSERT INTO status (dispatch,status,staff,date) VALUES (%d,<st_order>,'web',now())",
163 $sth = dbquery ($dbh, sprintf ("INSERT INTO dispatch (dispatch,customer,date) VALUES (%d,%d,now())",
164 $dispatch+1, $customer));
165 $sth = dbquery ($dbh, sprintf ("INSERT INTO status (dispatch,status,staff,date) VALUES (%d,<st_order>,'web',now())",
169 printf ($tbest, $ch, $dispatch);
172 # Status: customer verified || created; 1 or 2 dispatches reserved
174 $sth = dbquery ($dbh, "SELECT article.name,article.article,offer.subname,offer.price,offer.articleid,spool.count_spare,"
176 ."FROM article,offer,spool WHERE article.article = offer.article AND offer.articleid = spool.articleid "
177 ."ORDER BY offer.articleid");
183 for ($i=0; $i < pg_NumRows ($sth); $i++) {
184 $row = pg_fetch_array ($sth, $i);
186 if (${$row['articleid']} > 0) {
187 $sthi = dbquery ($dbh, sprintf ("UPDATE spool SET count_spare = %d, count_sold = %d WHERE articleid = '%s'",
188 $row['count_spare'] - ${$row['articleid']},
189 $row['count_sold'] + ${$row['articleid']},
192 if ($split && (${$row['articleid']} > $row['count_spare'])) {
194 if ($row['count_spare'] > 0) {
195 $color = $color == $cd?$cn:$cd;
196 printf ($trow, $color, $row['count_spare'], $row['article'], $row['name'], $row['subname'], $row['price'],
197 $row['price'] * $row['count_spare']);
199 $sthi = dbquery ($dbh, sprintf ("INSERT INTO dispatchlist (dispatch,articleid,quantity,unitprice) "
200 ."VALUES (%d,'%s',%d,%5.2f)",
201 $dispatch,$row['articleid'],$row['count_spare'],$row['price']));
202 $sum += $row['price'] * $row['count_spare'];
204 ${$row['articleid']} -= $row['count_spare'];
207 $sthi = dbquery ($dbh, sprintf ("INSERT INTO dispatchlist (dispatch,articleid,quantity,unitprice) "
208 ."VALUES (%d,'%s',%d,%5.2f)",
209 $dispatch+1,$row['articleid'],${$row['articleid']},$row['price']));
210 $sum2 += $row['price'] * ${$row['articleid']};
211 $color2 = $color2 == $cd?$cn:$cd;
212 $table .= sprintf ($trow, $color2, ${$row['articleid']}, $row['article'], $row['name'], $row['subname'], $row['price'],
213 $row['price'] * ${$row['articleid']});
215 $color = $color == $cd?$cn:$cd;
216 printf ($trow, $color, ${$row['articleid']}, $row['article'], $row['name'], $row['subname'], $row['price'],
217 $row['price'] * ${$row['articleid']});
218 $sthi = dbquery ($dbh, sprintf ("INSERT INTO dispatchlist (dispatch,articleid,quantity,unitprice) "
219 ."VALUES (%d,'%s',%d,%5.2f)",
220 $dispatch,$row['articleid'],${$row['articleid']},$row['price']));
221 $sum += $row['price'] * ${$row['articleid']};
222 ${$row['articleid']} = 0;
224 } /* ${$row['articleid']} > 0 */
226 $color = $color == $cd?$cn:$cd;
227 printf ($tporto, $color, $porto, $porto);
229 printf ($tsum, $ch, $sum);
231 echo ("<tr><td><font face=\"Helvetica,Arial\"><b>Interner Fehler.</b></font></td></tr>");
240 printf ($tbest, $ch, $dispatch+1);
243 $color2 = $color2 == $cd?$cn:$cd;
244 printf ($tporto, $color2, $porto, $porto);
246 printf ($tsum, $ch, $sum2);
251 echo ("<p><b>Bitte benutzen Sie den Back-Button ihres Browsers und korrigieren Sie Ihre Eingaben.</b>");
258 # mode: indented-text