'US' order by name_en"); while($r = mysql_fetch_row($q)) { $country_codes[] .= $r[0]; $country_names[] .= $r[1]; } mysql_free_result($q); $num_countries = count($country_codes); //read prices// $settings = mysql_fetch_assoc(mysql_query("select * from settings")); $price_piginablankie = rou($settings['price_piginablankie']); $price_rushproduction = rou($settings['price_rushproduction']); $price_giftwrap = rou($settings['price_giftwrap']); $price_sewcute = rou($settings['price_sewcute']); $price_glowthread = rou($settings['price_glowindark']); $price_promocode = 0; $promocode = post('promocode'); $p_piginablankie = $p_rushproduction = $p_giftwrap = $p_sewcute = $p_glowthread = 0; # # # # # $blanketSel = request('blanketSel'); if(!$blanketSel) { $msg = enc("ERROR > You must select blanket style!"); header("Location: selection.php?msg=$msg&sweepstakes={$is_sweepstakes}"); exit; } $blanketSelDec = explode('|', dec($blanketSel)); $style = $blanketSelDec[0]; $blanketColor = $blanketSelDec[1]; $blanketWidth = $blanketSelDec[2]; $blanketHeight = $blanketSelDec[5]; $price = $blanketSelDec[3]; $blanketStyleID = $blanketSelDec[4]; $realStyleID = $blanketSelDec[6]; // is this style personizable ? $pers = mysql_fetch_row(mysql_query("select can_be_personalized, bid from blankets_styles where id='$realStyleID' limit 1")); $blanket_id = $pers[1]; $pers = $pers[0]; // unset($blanketSelDec); $max_chars = 50; if($blanketWidth<30) $max_chars = 30; $posted = post('posted'); $pmethod = post('pmethod'); if(!$pmethod) $pmethod = 2; $msg = NULL; # # # if(!$pers) { $txtTop = $txtRight = $txtLeft = $txtBottom = $tabChosen = $exampleTab = $font = $color = '-'; $plain_or_personalized = 'Plain'; } else { $plain_or_personalized = 'Personalized'; $font = post('font'); $color = post('color'); $txtTop = stripslashes(post('txtTop')); $txtRight = stripslashes(post('txtRight')); $txtLeft = stripslashes(post('txtLeft')); $txtBottom = stripslashes(post('txtBottom')); $exampleTab = array('Not selected', 'X' => 'In your words'); $ocq = mysql_query("select id,name from occasions where maxchars = '$blanketWidth' order by sort_id desc"); while($oc = mysql_fetch_row($ocq)) $exampleTab[$oc[0]] = $oc[1]; mysql_free_result($ocq); $tabChosen = post('examples'); $tabChosen = $tabChosen ? $tabChosen:0; $exampleTab = $exampleTab[$tabChosen]; } $message = stripslashes(post('message')); // accessories $giftWrap = post('giftWrap'); $addPigInABlankie = post('addPigInABlankie'); $rushProduction = post('rushProduction'); $sewCuteActive = post('sewCuteActive'); $glowindark_active = preg_match("/glowindark.*/i", $color); $ac_price = 0; if($giftWrap) { $ac_price += $price_giftwrap; $p_giftwrap = $price_giftwrap; } if($addPigInABlankie) { $ac_price += $price_piginablankie; $p_piginablankie = $price_piginablankie; } if($rushProduction) { $ac_price += $price_rushproduction; $p_rushproduction = $price_rushproduction; } if($sewCuteActive) { $ac_price += $price_sewcute; $p_sewcute = $price_sewcute; } if($glowindark_active) { $ac_price += $price_glowthread; $p_glowthread = $price_glowthread; } ## values from ccard form input::: $billing_name = $is_sweepstakes ? 'SWEEPSTAKES' : stripslashes(post('billing_name')); $billing_country = $is_sweepstakes ? 'SW' : stripslashes(post('billing_country')); $billing_address = $is_sweepstakes ? 'SW' : stripslashes(post('billing_address')); $billing_city = $is_sweepstakes ? 'SW' : stripslashes(post('billing_city')); $billing_state = $is_sweepstakes ? 'SW' : stripslashes(post('billing_state')); $billing_zip = $is_sweepstakes ? '12345' : stripslashes(post('billing_zip')); $card_type = $is_sweepstakes ? 'VISA' : post('card_type'); $card_number = $is_sweepstakes ? '12345678901234' : stripslashes(post('card_number')); $card_cvv = $is_sweepstakes ? '123' : stripslashes(post('card_cvv')); $expDateMonth = $is_sweepstakes ? '01' : post('expDateMonth'); $expDateYear = $is_sweepstakes ? '01' : post('expDateYear'); $phone_number = stripslashes(post('phone_number')); $email_address = stripslashes(post('email_address')); // if these values are not present, check session values perhaps some data is available there if(!$billing_name) { $billing_name = @$_SESSION['xorder']['billing_name']; $_SESSION['xorder']['billing_name'] = null; } if(!$billing_country) { $billing_country = @$_SESSION['xorder']['billing_country']; $_SESSION['xorder']['billing_country'] = null; } if(!$billing_address) { $billing_address = @$_SESSION['xorder']['billing_address']; $_SESSION['xorder']['billing_address'] = null; } if(!$billing_city) { $billing_city = @$_SESSION['xorder']['billing_city']; $_SESSION['xorder']['billing_city'] = null; } if(!$billing_state) { $billing_state = @$_SESSION['xorder']['billing_state']; $_SESSION['xorder']['billing_state'] = null; } if(!$billing_zip) { $billing_zip = @$_SESSION['xorder']['billing_zip']; $_SESSION['xorder']['billing_zip'] = null; } if(!$card_type) { $card_type = @$_SESSION['xorder']['card_type']; $_SESSION['xorder']['card_type'] = null; } if(!$card_number) { $card_number = @$_SESSION['xorder']['card_number']; $_SESSION['xorder']['card_number'] = null; } if(!$card_cvv) { $card_cvv = @$_SESSION['xorder']['card_cvv']; $_SESSION['xorder']['card_cvv'] = null; } if(!$expDateMonth) { $expDateMonth = @$_SESSION['xorder']['expDateMonth']; $_SESSION['xorder']['expDateMonth'] = null; } if(!$expDateYear) { $expDateYear = @$_SESSION['xorder']['expDateYear']; $_SESSION['xorder']['expDateYear'] = null; } if(!$phone_number) { $phone_number = @$_SESSION['xorder']['phone_number']; $_SESSION['xorder']['phone_number'] = null; } if(!$email_address) { $email_address = @$_SESSION['xorder']['email_address']; $_SESSION['xorder']['email_address'] = null; } if(!$promocode) { $promocode = @$_SESSION['xorder']['reorder_promo_code']; $_SESSION['xorder']['reorder_promo_code'] = null; } // if(!$billing_country) $billing_country='US'; if(!$posted) { $bill_is_shipp = $manual_pickup = 0; } else { $bill_is_shipp = post('bill_is_shipp'); $manual_pickup = post('manual_pickup'); } $recipient_name = stripslashes(post('recipient_name')); $recipient_country = post('recipient_country'); $recipient_address = stripslashes(post('recipient_address')); $recipient_city = stripslashes(post('recipient_city')); $recipient_state = stripslashes(post('recipient_state')); $recipient_zip = stripslashes(post('recipient_zip')); if($bill_is_shipp && $posted && $pmethod==2) { $recipient_name = $billing_name; $recipient_country = $billing_country; $recipient_address = $billing_address; $recipient_city = $billing_city; $recipient_state = $billing_state; $recipient_zip = $billing_zip; } if($manual_pickup) { if(!$recipient_name) $recipient_name = '-'; if(!$recipient_address) $recipient_address = '-'; if(!$recipient_country) $recipient_country = '-'; if(!$recipient_city) $recipient_city = '-'; if(!$recipient_state) $recipient_state = '-'; if(!$recipient_zip) $recipient_zip = '-'; } if(!$recipient_country) $recipient_country='US'; ## heard about us $heard_about_us = post('heard_about_us'); $heard_about_us_other = 'Type in here'; $heard_about_us_ = $heard_about_us; if($heard_about_us=='Other') { $heard_about_us_other = post('heard_about_us_other'); if(($heard_about_us_other != 'Type in here') && $heard_about_us_other) $heard_about_us_ .= ':'.$heard_about_us_other; } // check values for ccard , shipping, and phone/email if($pmethod==2 && $posted && (!$card_cvv || !$card_type || !$billing_name || !$billing_address || !$billing_country || !$billing_city || !$billing_state || !$billing_zip || !$card_number || !$expDateMonth || !$expDateYear)) { if(!$msg) $msg = 'ERROR >
Please refer to the following sections noted below and try resubmitting your order once you have successfully addressed these issues:
'; if(!$card_cvv || !$card_type || !$billing_name || !$billing_address || !$billing_country || !$billing_city || !$billing_state || !$billing_zip || !$card_number || !$expDateMonth || !$expDateYear) $msg .= '
Billing information is missing!'; } // check values for shipping, and phone/email if($posted && (!checkPhone($phone_number) || !checkEmail($email_address) || !$recipient_name || !$recipient_address || !$recipient_country || !$recipient_city || !$recipient_state || !$recipient_zip || ($recipient_country=='US' && (strlen($recipient_zip)!=5 || !is_numeric($recipient_zip)) && !$manual_pickup ) )) { if(!$msg) $msg = 'ERROR >
Please refer to the following sections noted below and try resubmitting your order once you have successfully addressed these issues:
'; if(!$recipient_name || !$recipient_address || !$recipient_country || !$recipient_city || !$recipient_state || !$recipient_zip) $msg .= '
Shipping information is missing!'; if($recipient_country=='US' && (strlen($recipient_zip)!=5 || !is_numeric($recipient_zip)) && !$manual_pickup ) $msg .= '
Shipping zip code must have 5 digits!'; if(!checkPhone($phone_number)) $msg .= '
Phone number is missing or invalid, please use this format (example: 214 555 1212)!'; if(!checkEmail($email_address)) $msg .= '
Email address is missing or invalid!'; } ## ///// shipping $sp = mysql_fetch_row(mysql_query("select * from shipping")); $shipping = array($sp[6], $sp[7], $sp[8]); $shprice = array($sp[0], $sp[1], $sp[2]); $shaprice = array($sp[3], $sp[4], $sp[5]); $s = post('s'); if($recipient_country!='US') $s = 2; $s = $s ? $s : 0; $ship_price = rou($shprice[$s]); $ship_price_each = rou($shaprice[$s]); if($manual_pickup) { $ship_price = 0; $ship_price_each = 0; } $subtotal_price = rou($ac_price+$price); // tax $tax = 0; $tax_price = 0; if($pmethod==2 && preg_match("/texas|tex|tx/i",$billing_state) && $billing_country=='US') $tax = 8.25; // total cost $total = rou($subtotal_price + $ship_price); if($tax) { $tax_price = rou($total/100*$tax); $total = rou($total+$tax_price); } // promo code // $invalid_promo_code = NULL; $promo_desc = NULL; if($promocode) { $today = date("Y-m-d"); $promo_type = mysql_fetch_row(mysql_query("select type from promocodes where code like '$promocode' and starts<='$today' and expires>='$today'")); if(!$promo_type) $invalid_promo_code = 1; else { $promo_type = $promo_type[0]; switch ($promo_type) { case 2: $total -= $shprice[0]; $price_promocode = $shprice[0]; $promo_desc = "+Free shipping, -\$$shprice[0] from total cost"; break; case 3: $total -= $shprice[1]; $price_promocode = $shprice[1]; $promo_desc = "+Free shipping, -\$$shprice[1] from total cost"; break; case 4: $price_promocode = ($total/20); $total -= ($total/20); $promo_desc = "-5% from total cost"; break; case 5: $price_promocode = ($total/10); $total -= ($total/10); $promo_desc = "-10% from total cost"; break; case 6: $price_promocode = ($total/20*3); $total -= ($total/20*3); $promo_desc = "-15% from total cost"; break; case 7: $price_promocode = ($total/5); $total -= ($total/5); $promo_desc = "-20% from total cost"; break; case 8: $price_promocode = ($total/4); $total -= ($total/4); $promo_desc = "-25% from total cost"; break; case 9: $price_promocode = ($total/100*30); $total -= ($total/100*30); $promo_desc = "-30% from total cost"; break; case 10: $price_promocode = ($total/100*35); $total -= ($total/100*35); $promo_desc = "-35% from total cost"; break; case 11: $price_promocode = ($total/100*40); $total -= ($total/100*40); $promo_desc = "-40% from total cost"; break; case 12: $price_promocode = ($total/100*45); $total -= ($total/100*45); $promo_desc = "-45% from total cost"; break; case 13: $price_promocode = ($total/2); $total -= ($total/2); $promo_desc = "-50% from total cost"; break; case 14: $total -= $price_rushproduction; $price_promocode = $price_rushproduction; $promo_desc = "Free rush production"; break; case 15: $price_promocode = $shprice[0] + ($total/10); $total -= ($total/10); $total -= $shprice[0]; $promo_desc = "+Free shipping, -\$$shprice[0], and also -10% off total cost"; break; } } } $total = rou($total); // // agree terms $agree_terms = post('AGREE_TERMS'); // $sewCute = post('sewCute'); $animal = post('animal'); if($posted) { if(!$font || !$color || ($sewCuteActive && !$sewCute) || ($addPigInABlankie && !$animal) || !$agree_terms || $invalid_promo_code) if(!$msg) $msg = 'ERROR >
Please refer to the following sections noted below and try resubmitting your order once you have successfully addressed these issues:
'; if(!$font) $msg .= '
You must select a font!'; if(!$color) $msg .= '
You must select a thread color!'; if(($sewCuteActive && !$sewCute)) $msg .= '
Sew Cute activated but you did not select an icon!'; if(($addPigInABlankie && !$animal)) $msg .= '
Pig in a blankie activated but you did not select an animal!'; if($invalid_promo_code) $msg .= '
You have entered an invalid or inactive promotional offer code!'; if(!$agree_terms) $msg .= '
You must agree to terms and conditions!'; if($msg) $_REQUEST['msg'] = enc($msg); else { ## Save order to DB ### reorder promo code if(!$is_sweepstakes) { $reorder_promo_code = 'R' . mt_rand(10000,99999); mysql_query("insert into promocodes(code,type,starts,expires) values('{$reorder_promo_code}',15, adddate(curdate(), INTERVAL -2 DAY), adddate(curdate(), INTERVAL 2 DAY))"); } else $reorder_promo_code = null; ### $ref_url_ = @$_SESSION['ref_url']; $landing_url_ = @$_SESSION['landing_url']; if($manual_pickup) $recipient_address = 'LOCAL PICKUP >>' . $recipient_address; $order_fields = "heard_about_us,ref_url,landing_url,BlanketOrder_DateAdded,DATESUBMIT,font,color,SHIP_PREF,AMOUNT,SHIPPING,SUBTOTAL,TOTAL,BLANKET_STYLE,BLANKET_SIZE,BLANKET_COLOR,BLANKET_PLAIN_PERSONAL,GimmePiggy,SewCute,sewCuteImage,RushDelivery,GiftWrap,Side1,Side2,Side3,Side4,promo_code,SpecMessage,exampleTab,Message"; $order_fields.= ",full_name,billing_country,billing_address,billing_city,billing_state,billing_zip,recipient_name,recipient_country,recipient_state,recipient_city,recipient_zip,card_number,card_type,expiration,phone_number,email,tax,recipient_address"; $order_fields.= ",price_piginablankie,price_rushproduction,price_giftwrap,price_sewcute,price_promocode,price_glowindark,selected_animal,reorder_promo_code"; if($pmethod==3) { $billing_name = $recipient_name; $billing_country = $recipient_country; $billing_address = $recipient_address; $billing_city = $recipient_city; $billing_state = $recipient_state; $billing_zip = $recipient_zip; } $order_values = "'" . mysql_real_escape_string($heard_about_us_) . "','" . mysql_real_escape_string($ref_url_) . "','" . mysql_real_escape_string($landing_url_) . "', NOW(), NOW(),'" . mysql_real_escape_string(htmlspecialchars_rev($font)) . "','" . mysql_real_escape_string(htmlspecialchars_rev($color)) . "','$shipping[$s]','$price','$ship_price','$subtotal_price','$total','" . addslashes(htmlspecialchars_rev($style)) . "','$blanketWidth x $blanketHeight', '" . addslashes(htmlspecialchars_rev($blanketColor)) . "', '{$plain_or_personalized}', '$addPigInABlankie', '$sewCuteActive', '" . mysql_real_escape_string(htmlspecialchars_rev($sewCute)) . "', '$rushProduction', '$giftWrap', '" . addslashes(htmlspecialchars_rev($txtTop)) . "', '" . addslashes(htmlspecialchars_rev($txtRight)) . "', '" . addslashes(htmlspecialchars_rev($txtBottom)) . "', '" . addslashes(htmlspecialchars_rev($txtLeft)) . "','$promocode', '" . addslashes(htmlspecialchars_rev($message)) . "','" . addslashes(htmlspecialchars_rev($exampleTab)) . "', 'declined'"; $order_values.= ",'" . addslashes(htmlspecialchars_rev($billing_name)) . "','" . addslashes(htmlspecialchars_rev($billing_country)) . "','" . addslashes(htmlspecialchars_rev($billing_address)) . "','" . addslashes(htmlspecialchars_rev($billing_city)) . "','" . addslashes(htmlspecialchars_rev($billing_state)) . "','" . addslashes(htmlspecialchars_rev($billing_zip)) . "','" . addslashes(htmlspecialchars_rev($recipient_name)) . "','" . addslashes(htmlspecialchars_rev($recipient_country)) . "','" . addslashes(htmlspecialchars_rev($recipient_state)) . "','" . addslashes(htmlspecialchars_rev($recipient_city)) . "','" . addslashes(htmlspecialchars_rev($recipient_zip)) . "','" . addslashes(htmlspecialchars_rev($card_number)) . "','" . ($pmethod==2? addslashes(htmlspecialchars_rev($card_type)):'PAYPAL') . "','" . ($expDateMonth . '/' . $expDateYear) . "','" . addslashes(htmlspecialchars_rev($phone_number)) . "','" . addslashes(htmlspecialchars_rev($email_address)) . "','" . $tax_price . "','" .addslashes(htmlspecialchars_rev($recipient_address))."'"; $order_values.= ",'$p_piginablankie','$p_rushproduction','$p_giftwrap','$p_sewcute','$price_promocode','$p_glowthread','" . mysql_real_escape_string(strip_tags($animal)) . "','{$reorder_promo_code}'"; if(!mysql_query("insert into orders" . ($is_sweepstakes?'_sweepstakes':'') . "($order_fields) values($order_values)")) exit("Fatal error, unable to write order to database. Please report this error to administrator!"); if($is_sweepstakes) { header("Location: /sweepstakes_thank_you"); exit; } $paypal_custom = mysql_insert_id(); ## Save order details into session if(!isset($_SESSION['xorder']['num_of_orders'])) $_SESSION['xorder']['num_of_orders'] = 0; $_SESSION['xorder']['num_of_orders']++; $_SESSION['xorder']['id'] = $paypal_custom; // fitb order id $_SESSION['xorder']['total'] = $total; // Total $_SESSION['xorder']['tax'] = $tax; // Tax $_SESSION['xorder']['shipping'] = $ship_price ; // Shipping $_SESSION['xorder']['item'] = mesc($style . ' - ' . $blanketColor) ; // Product Name // in case they want to order another blankie, lets save their billing details in session as well $_SESSION['xorder']['billing_name'] = $billing_name; $_SESSION['xorder']['billing_country'] = $billing_country; $_SESSION['xorder']['billing_address'] = $billing_address; $_SESSION['xorder']['billing_city'] = $billing_city; $_SESSION['xorder']['billing_state'] = $billing_state; $_SESSION['xorder']['billing_zip'] = $billing_zip; $_SESSION['xorder']['card_type'] = $card_type; $_SESSION['xorder']['card_cvv'] = $card_cvv; $_SESSION['xorder']['card_number'] = $card_number; $_SESSION['xorder']['expDateMonth'] = $expDateMonth; $_SESSION['xorder']['expDateYear'] = $expDateYear; $_SESSION['xorder']['phone_number'] = $phone_number; $_SESSION['xorder']['email_address'] = $email_address; ##### PAYMENTS if($pmethod==3) ##### BEGIN PAYPAL CODE { $order_desc = "$style, $blanketColor, {$blanketWidth}x{$blanketHeight}\""; if($giftWrap || $addPigInABlankie || $rushProduction || $sewCuteActive) $order_desc .= " with accessories"; $order_desc .= " [$shipping[$s]]"; if($promo_desc) $order_desc .= " (PROMO code: $promo_desc)"; $order_desc = urlencode($order_desc); $paypal_url = 'http://www.paypal.com/cgi-bin/webscr'; $paypal_email = 'todd@sonyabebeblankee.com'; $paypal_return_page = urlencode("https://fillintheblankie.com/order/thankyou.html"); $paypal_cancel_page = urlencode("https://fillintheblankie.com/order/selection.php"); $paypal_notify_page = urlencode("http://fillintheblankie.com/order/ipn.php"); // $paypal_header = urlencode("http://fillintheblankie.com/order/images/Fill_logo_ppal.gif"); // cpp_headerborder_color=79c5e7&cpp_header_image=$paypal_header& $paypal_shipping = "first_name=".urlencode($recipient_name)."&address1=".urlencode($recipient_address)."&city=".urlencode($recipient_city)."&zip=".urlencode($recipient_zip)."&state=".urlencode($recipient_state)."&country=".urlencode($recipient_country); $amount = $total - $ship_price; $paypal_qstr = "cmd=_xclick&address_override=0&$paypal_shipping&item_name=$order_desc&business=$paypal_email&quantity=1&amount=$amount&shipping=$ship_price&shipping2=$ship_price_each&charset=utf-8&return=$paypal_return_page&cancel_return=$paypal_cancel_page¬ify_url=$paypal_notify_page&custom=$paypal_custom"; header("Location: $paypal_url?$paypal_qstr"); exit; } ##### END PAYPAL CODE if($pmethod==2) { ##### BEGIN PAYFLOW CODE require('scr/classes/payflow_curl.php'); $pf_vendor = 'toddwlilly'; $pf_user = 'toddwlilly'; $pf_partner = 'VeriSign'; $pf_password = 'westchest6422'; $payflow = new payflow($pf_vendor, $pf_user, $pf_partner, $pf_password); if ($payflow->get_errors()) exit( $payflow->get_errors()); // extra params $data_array = array('comment1' => '', 'firstname' => '', 'lastname' => '', 'street' => $billing_address, 'city' => $billing_city, 'state' => $billing_state, 'zip' => $billing_zip, 'country' => $billing_country, // iso codes 'cvv' => $card_cvv, 'clientip' => '0.0.0.0' ); $card_exp = sprintf("%02d", $expDateMonth) . substr($expDateYear,2,2); $response = $payflow->sale_transaction($card_number, $card_exp, $total, 'USD', $data_array); if (!$payflow->get_errors()) { // success, write paid to db $_pnref = $response['PNREF']; $_authcode = $response['AUTHCODE']; mysql_query("update orders set paid=1,Message='accepted',PNRef='$_pnref',AuthCode='$_authcode' where id=$paypal_custom limit 1"); $_SESSION['xorder']['reorder_promo_code'] = $reorder_promo_code; // send confirmation email if($pers) order_responder_email($paypal_custom,1); else order_responder_email($paypal_custom,2); // redirect to thank you page header("Location: thankyou.html"); exit; } else { // display a declined card error message $msg = "ERROR >

"; $msg .= "Unable to process credit card information. Please reverify your credit card number and expiration date (or try another card) and hit submit again!"; $msg .= "

Verisign response was: " . $payflow->get_errors() . ''; // $response['RESULT']; // $msg .= "
which means:
" . $response['RESPMSG']; $_REQUEST['msg'] = enc($msg); } } } } ?>