#include #include # BEGIN ... COMMIT oder BEGIN ... ROLLBACK "; $cd = ""; $cn = ""; $tbest = "" ."Bestellung Nr. %d

"; $tind = "Anzahl" ."Artikel" ."Einzel" ."Gesamt"; $trow = "%d " ."" ."%s, %s" ."%6.2f" ."%6.2f"; $tporto = "" ."Porto und Verpackung" ."%6.2f" ."%6.2f"; $tsum = "Summe" ."%7.2f"; # Kundennr. !Kundennr. # / \ Kundendaten vollständig # / \ / \ # korrekt inkorrekt / \ # \ \ / Kunden aufnehmen # \ \ / / # \ Hinweis / # \ ->Back / # \ / # \ / # Bestellung aufnehmen # -> Lagerbestand ändern # -> Bestelliste # Bestätigung per Mail # Danke im Web # # # Infobox für die Kundennummer und das Kennwort # 0="Firma"/"Name"; 1=Name; 2=Kundennr.; 3=Kennwort $pwinfo = "

" ."" ."" ."" ."" ."" ."" ."" ."" ."" ."
\" align=\"center\">" ."Ihre Kundendaten
\">%s\"> \">%s
\">Kundennr.\"> \">%s
\">Kennwort\"> \">%s

"; $ok = 0; #if ($HTTP_REFERER != "http://infocon.infodrom.org/shop/order.php3") { if (strcasecmp ($HTTP_REFERER, "http://wwww.infodrom.ffis.de/infocon.infodrom.org/shop/order.php3") != 0) { echo ("

Hier stimmt etwas nicht."); // nämlich fehlt der richtige Referer-Wert... } else /* Referer */ { if ((strlen ($customer) > 0) && (strlen ($passwd) > 0)) { $dbh = dbconnect(); $sth = dbquery ($dbh, sprintf ("SELECT passwd FROM customer WHERE customer = %d", $customer)); if (pg_NumRows ($sth) > 0) { $row = pg_fetch_array ($sth, 0); if ( (strlen ($row['passwd']) > 0) && ($passwd == $row['passwd'])) { $ok = 1; } else { echo ("

Das angegebene Kennwort stimmt nicht mit dem gespeicherten überein."); } } else { echo ("

Die angegebene Kundennummer ist falsch."); } } else /* customer && passwd */ { if ( (strlen ($lastname) > 0) && (strlen ($firstname) > 0) && (strlen ($street) > 0) && (strlen ($plz) > 0) && (strlen ($city) > 0) && (strlen ($country) > 0) ) { <: for $i (('company','firstname','lastname','appendix','street','city','country')) { printf " \$%s=sql_prepare (\$%s);\n", $i, $i; } :> $dbh = dbconnect(); $sth = dbquery ($dbh, "SELECT max(customer) FROM customer"); if (pg_NumRows ($sth) > 0) { $row = pg_fetch_array ($sth, 0); $customer = $row[0] > ?$row[0]:; $customer++; # Now try to get a password # $pwgen = popen ("pwgen 10", "r"); if (!feof ($pwgen)) { $newpasswd = fgets ($pwgen, 255); pclose ($pwgen); } # ACHTUNG: Hier fehlt jeglicher Sicherheitsmechanismus, der verhindern könnte, daß # eine Firma zig-mal direkt hintereinander mit Bestellungen ... (fixme) $query = sprintf ("INSERT INTO customer (customer,company,firstname,lastname,appendix,street,plz,city,country,passwd) " ."VALUES (%d,'%s','%s','%s','%s','%s',%d,'%s','%s','%s')", $customer,$company,$firstname,$lastname,$appendix,$street,$plz,$city,$country,$newpasswd); $sth = dbquery ($dbh, $query); printf ($pwinfo, strlen ($company)?"Firma":"Name", strlen ($company)?$company:$firstname . " " . $lastname, $customer, $newpasswd); $ok = 1; } else { echo ("

Es ist ein Datenbankfehler aufgetreten."); } } else { echo ("

Nicht alle erforderlichen Felder sind ausgefüllt."); } } } if ($ok) { # Queries to insert Bestellung... $sth = dbquery ($dbh, "SELECT max(dispatch) FROM dispatch"); if (pg_NumRows ($sth) > 0) { $dmin = date("Y") . sprintf ("%05d", ); $row = pg_fetch_array ($sth, 0); $dispatch = $row[0] > $dmin?$row[0]:$dmin; $dispatch++; # fixme: Find out if 1st dispatch will be empty first... # Warning: If another user try to add dispatches, this will fail $sth = dbquery ($dbh, sprintf ("INSERT INTO dispatch (dispatch,customer,date) VALUES (%d,%d,now())", $dispatch, $customer)); $sth = dbquery ($dbh, sprintf ("INSERT INTO status (dispatch,status,staff,date) VALUES (%d,,'web',now())", $dispatch)); if ($split == 1) { $sth = dbquery ($dbh, sprintf ("INSERT INTO dispatch (dispatch,customer,date) VALUES (%d,%d,now())", $dispatch+1, $customer)); $sth = dbquery ($dbh, sprintf ("INSERT INTO status (dispatch,status,staff,date) VALUES (%d,,'web',now())", $dispatch+1)); } printf ($tbest, $ch, $dispatch); echo ($tind); # Status: customer verified || created; 1 or 2 dispatches reserved # WHERE spool > 0 $sth = dbquery ($dbh, "SELECT article.name,article.article,offer.subname,offer.price,offer.articleid,spool.count_spare," ."count_sold " ."FROM article,offer,spool WHERE article.article = offer.article AND offer.articleid = spool.articleid " ."ORDER BY offer.articleid"); $color = $cd; $color2 = $cd; $sum = 0.0; $table = ""; for ($i=0; $i < pg_NumRows ($sth); $i++) { $row = pg_fetch_array ($sth, $i); if (${$row['articleid']} > 0) { $sthi = dbquery ($dbh, sprintf ("UPDATE spool SET count_spare = %d, count_sold = %d WHERE articleid = '%s'", $row['count_spare'] - ${$row['articleid']}, $row['count_sold'] + ${$row['articleid']}, $row['articleid'])); if ($split && (${$row['articleid']} > $row['count_spare'])) { if ($row['count_spare'] > 0) { $color = $color == $cd?$cn:$cd; printf ($trow, $color, $row['count_spare'], $row['article'], $row['name'], $row['subname'], $row['price'], $row['price'] * $row['count_spare']); $sthi = dbquery ($dbh, sprintf ("INSERT INTO dispatchlist (dispatch,articleid,quantity,unitprice) " ."VALUES (%d,'%s',%d,%5.2f)", $dispatch,$row['articleid'],$row['count_spare'],$row['price'])); $sum += $row['price'] * $row['count_spare']; ${$row['articleid']} -= $row['count_spare']; } $sthi = dbquery ($dbh, sprintf ("INSERT INTO dispatchlist (dispatch,articleid,quantity,unitprice) " ."VALUES (%d,'%s',%d,%5.2f)", $dispatch+1,$row['articleid'],${$row['articleid']},$row['price'])); $sum2 += $row['price'] * ${$row['articleid']}; $color2 = $color2 == $cd?$cn:$cd; $table .= sprintf ($trow, $color2, ${$row['articleid']}, $row['article'], $row['name'], $row['subname'], $row['price'], $row['price'] * ${$row['articleid']}); } else { $color = $color == $cd?$cn:$cd; printf ($trow, $color, ${$row['articleid']}, $row['article'], $row['name'], $row['subname'], $row['price'], $row['price'] * ${$row['articleid']}); $sthi = dbquery ($dbh, sprintf ("INSERT INTO dispatchlist (dispatch,articleid,quantity,unitprice) " ."VALUES (%d,'%s',%d,%5.2f)", $dispatch,$row['articleid'],${$row['articleid']},$row['price'])); $sum += $row['price'] * ${$row['articleid']}; ${$row['articleid']} = 0; } } /* ${$row['articleid']} > 0 */ } /* for */ $color = $color == $cd?$cn:$cd; printf ($tporto, $color, $porto, $porto); $sum2 += $porto; printf ($tsum, $ch, $sum); } else { echo ("Interner Fehler."); } if ($split) { echo ("

"); printf ($tbest, $ch, $dispatch+1); echo ($tind); echo ($table); $color2 = $color2 == $cd?$cn:$cd; printf ($tporto, $color2, $porto, $porto); $sum2 += $porto; printf ($tsum, $ch, $sum2); } } else { echo ("

Bitte benutzen Sie den Back-Button ihres Browsers und korrigieren Sie Ihre Eingaben."); } ?>

# Local variables: # mode: indented-text # mode: auto-fill # mode-: iso-accents # end: