$v) // echo $k . " is: $v
"; session_name(SESSION_NAME); session_start(); if (isset($_GET["clear"])) session_unset(); #print_r($_COOKIE); # check cookie if any $cookiematched = false; $cookieafid = 0; if (isset($_COOKIE[AFF_CLICK_COOKIENAME])) { $af = new Affiliate(); $c = $_COOKIE[AFF_CLICK_COOKIENAME]; $ok = $af->checkCookie($c); # echo "ok=$ok"; if (strlen($ok)) # bad cookie, let's vomit { $x = explode("-",$c); if (count($x) == 3) { setcookie(AFF_CLICK_COOKIENAME,"",$x[1], dirname($_SERVER["PHP_SELF"]) . "/"); diesoft(AFF_CLICK_COOKIENAME . " cookie invalid: '$c'"); } } else { $cookiematched = true; $x = explode("-",$c); $cookieafid = $x[0]; # echo "cookie ok
"; } } # objects if (!isset($_SESSION["cl"])) $_SESSION["cl"] = new Client(); if (!isset($_SESSION["ri"])) $_SESSION["ri"] = new Resinfo(); if (!isset($_SESSION["or"])) $_SESSION["or"] = new Order(); if (!isset($_SESSION["ci"])) $_SESSION["ci"] = new Card(); if (!isset($_SESSION["fi"])) $_SESSION["fi"] = new Resfile(); if (!isset($_SESSION["post"])) $_SESSION["post"] = array(); if (!isset($_SESSION["ws"])) $_SESSION["ws"] = new Website(); $ap = new AltPayment(); $cl =& $_SESSION["cl"]; $ri =& $_SESSION["ri"]; $or =& $_SESSION["or"]; $ci =& $_SESSION["ci"]; $fi =& $_SESSION["fi"]; $ws =& $_SESSION["ws"]; $cl->noError(); $ri->noError(); $or->noError(); $ci->noError(); $fi->noError(); $ws->noError(); $p =& $_SESSION["post"]; if (!isset($_GET["site"]) && !isset($_POST["site"])) diehard("No site defined"); if (isset($_GET["site"])) $site = $_GET["site"]; else $site = $_POST["site"]; $site = addslashes(basename($site)); if (!isset($_POST["page"]) || !count($p)) $page = 1; else $page = $_POST["page"]; # ordertype $ORDERTYPE = $or->getOrderType(); if (isset($_GET["ot"])) { if ($page != 1) diehard("ot= can be used only in order form page 1"); $ot = false; foreach ($ORDERTYPE_ARR as $otid => $otarr) { if ($_GET["ot"] == $otarr[0]) { $ot = $otarr[0]; break; } } if ($ot === false) diehard("Unknown ot= value"); $ok = $or->setOrderType($otid); if (!$ok) diehard("Cannot set OrderType: " . $or->lastError()); $ORDERTYPE = $otid; # some non-standard order specific defaults if (isset($_GET["clear"])) { # if it's clear sets the default for CL ordertype if ($ORDERTYPE == ORDER_TYPE_COVERLETTER) { reset($CLONLY_TYPE); $ok = $ri->setCLtype(key($CLONLY_TYPE)); if (!$ok) diehard("Ordeform@" . __LINE__ . " error"); } } } #echo "ot=" . $or->getOrderType() . "
"; # data gathering continues... if (isset($_GET["ccerr"])) $page = 2; if (!strlen($site)) diehard("Site empty"); if (!strlen($page)) diehard("Page empty"); if (!is_numeric($page)) diehard("Page not numeric"); if (ceil($page) != $page) diehard("Page is float"); if ($page < 1 or $page > 2) diehard("Invalid page"); if (addslashes($site) != $site) diehard("Invalid site"); $site = strtolower(basename($site)); # website recognition $wsid = $ws->getIDByWebname($site); $wserr = true; while (!$wsid) { $ok = $ws->setName("$site"); if (!$ok) break; $ok = $ws->setWebname($site); if (!$ok) break; $ok = $ws->setMail("set.this@address.com"); if (!$ok) break; $ok = $ws->setPass(rand(1234,999999)); if (!$ok) break; $ok = $ws->Update(); if (!$ok) break; $wserr = false; $wsid = $ws->getID(); break; } if ($wsid) { $ws = new Website($wsid); if ($ws->wasOK()) $wserr = false; } if ($wserr) diesoft("New Website error: " . $ws->lastError()); # in-line variables $NEXT = ""; $ORDERF_MAXFILESIZE = CONST_FILE_MAXSIZE; $ORDERF_PAGE = $page; $ORDERF_SITE = $site; $ORDERF_ACTION1 = $CODEBASE . "/order/orderf.php"; $ORDERF_ACTION2 = $CODEBASE . "/order/orderf.php"; # hacks if (!isset($_POST["type"])) $ORDERF_TYPE = "c"; # this doesn't work function retrvar($var,$post,$obj,$method) { global $$var,$p,$_POST; if (isset($_POST[$post])) $p[$post] = $_POST[$post]; else $p[$post] = $obj->$method(); # echo "pp=$p[$post] var=$var "; $$var = $p[$post]; } function retrcheck($var,$post,$obj,$method) { global $$var,$p,$_POST,$_SERVER,$_GET; if ($_SERVER["REQUEST_METHOD"] == "GET" && isset($_GET["ccerr"])) { $$var = ($obj->$method() ? "checked" : ""); return; } if (isset($_POST[$post])) $p[$post] = "checked"; else $p[$post] = ""; $$var = $p[$post]; } # get variables retrvar("ORDERF_FIRST","firstname",$cl,"getFirst"); retrvar("ORDERF_LAST","lastname",$cl,"getLast"); retrvar("ORDERF_ADDR1","address",$cl,"getAddr1"); retrvar("ORDERF_ADDR2","address2",$cl,"getAddr2"); retrvar("ORDERF_CITY","city",$cl,"getCity"); retrvar("ORDERF_STATE","state",$cl,"getState"); retrvar("ORDERF_ZIP","postal",$cl,"getZip"); retrvar("ORDERF_TLF","phone",$cl,"getTlf"); retrvar("ORDERF_TLF2","phone2",$cl,"getTlf2"); if ($ORDERF_TLF2 == "none") $ORDERF_TLF2 = ""; retrvar("ORDERF_EMAIL","email",$cl,"getMail"); retrvar("ORDERF_EMAIL2","email2",$cl,"getMail"); retrvar("ORDERF_OBJECTIVE","objective",$ri,"getObjective"); retrvar("ORDERF_EDUCATION","education",$ri,"getEducation"); retrvar("ORDERF_EXPERIENCE","experience",$ri,"getExperience"); retrvar("ORDERF_ACTIVITIES","activities",$ri,"getActivities"); retrvar("ORDERF_CVSUMMARY","cvsummary",$ri,"getCVSummary"); retrvar("ORDERF_CVACHIEVEMENTS","cvachievements",$ri,"getCVAchievements"); retrvar("ORDERF_CVPUBLICATIONS","cvpublications",$ri,"getCVPublications"); retrvar("ORDERF_MISC","misc",$ri,"getMisc"); retrvar("ORDERF_TYPE","type",$ri,"getRestype"); retrvar("ORDERF_COUPON","coupon",$or,"getCouponTxt"); #retrcheck("ORDERF_STD","standard"); $ORDERF_STD = "checked"; retrvar("ORDERF_CL_TYPE","cltype",$ri,"getCLtype"); #echo "cltype=$ORDERF_CL_TYPE

"; $ORDERF_CL_TYPE_DESC = $ri->descCLTypeLong(); retrcheck("ORDERF_COVERL","coverl",$or,"getCoverLetter"); retrcheck("ORDERF_HTML","html",$or,"getHTMLService"); retrcheck("ORDERF_EXTDL","extdl",$or,"getExtendedDl"); retrcheck("ORDERF_LETTER1","letter1",$or,"getLetter1"); retrcheck("ORDERF_SNAIL","snail",$or,"getSnail"); retrcheck("ORDERF_HUNTER","hunter",$or,"getJobhunter"); retrcheck("ORDERF_RUSH","rush",$or,"getRushID"); retrvar("ORDERF_CCT","type",$ci,"getType"); retrvar("ORDERF_CCN","card",$ci,"getNumber"); retrvar("ORDERF_MON","month",$ci,"getMonth"); retrvar("ORDERF_YEAR","year",$ci,"getYear"); retrvar("ORDERF_BANK","bank",$ci,"getBank"); retrvar("ORDERF_HOLDER","cardname",$ci,"getHolder"); if (!isset($_SESSION["payment"])) $_SESSION["payment"] = "cc"; $ORDERF_PAYMENT = (isset($_POST["payment"]) ? $_POST["payment"] : $_SESSION["payment"]); $_SESSION["payment"] = $ORDERF_PAYMENT; # set to on on first reload if ($_SERVER["REQUEST_METHOD"] == "POST" && $page == 1) $ORDERF_EXTDL = "checked"; # prices... $pr = new Prices(); $prices = $pr->getPrices(); if (!$prices) diehard("Cannot get prices: " . $p->lastError()); # see if we have special prices for this website $altpr = $pr->setWebsiteID($wsid); if ($altpr) # true -- has all the prices set; so change them { $prices = $pr->getPrices(); if ($prices === false) diehard("Cannot get prices for Website ID#$wsid: " . $pr->lastError()); } # populate in-form variables foreach ($prices as $n => $v) { $var = "PRICE_$n"; $$var = $v[0]; } $se = new Settings(); $settings = $se->getSettings(); if (!$settings) diehard("getSettings: " . $p->lastError()); foreach ($settings as $n => $v) { $var = "SETTING_$n"; $$var = $v[0]; } # year select $CARDYEAR_SELECT = ""; $starty = date("Y",time()); $endy = $starty+11; for ($i = $starty; $i < $endy; $i++) { $CARDYEAR_SELECT .= "$i\n"; } $err = ""; if (isset($_SESSION["finished"])) diehard("You cannot re-submit your order."); while ($_SERVER["REQUEST_METHOD"] == "POST" && $page == 2) { if (!isset($_POST["email2"]) || !isset($_POST["email"])) { $err = "E-mail missing in POST"; break; } /* if ($_POST["email"] != $_POST["email2"]) { $err = "E-mail address is different"; break; } */ $ok = $cl->setMail($ORDERF_EMAIL); if (!$ok) { $err = "E-mail address invalid"; # . $cl->lastError(); break; } $ok = $cl->setFirst($ORDERF_FIRST); if (!$ok) { $err = "First name invalid"; # . $cl->lastError(); break; } $ok = $cl->setLast($ORDERF_LAST); if (!$ok) { $err = "Last name invalid"; # . $cl->lastError(); break; } $ok = $cl->setAddr1($ORDERF_ADDR1); if (!$ok) { $err = "Adress line invalid"; # . $cl->lastError(); break; } $ok = $cl->setAddr2($ORDERF_ADDR2); if (!$ok) { $err = "Second address line invalid"; # . $cl->lastError(); break; } $ok = $cl->setCity($ORDERF_CITY); if (!$ok) { $err = "City name invalid"; # . $cl->lastError(); break; } $ok = $cl->setState($ORDERF_STATE); if (!$ok) { $err = "Invalid state/province entered"; # . $cl->lastError(); break; } $ok = $cl->setZip($ORDERF_ZIP); if (!$ok) { $err = "ZIP/postal code invalid"; # . $cl->lastError(); break; } $ok = $cl->setTlf($ORDERF_TLF); if (!$ok) { $err = "Phone number invalid"; # . $cl->lastError(); break; } $ok = $cl->setTlf2($ORDERF_TLF2); if (!$ok) { $err = "Additional phone number invalid"; # . $cl->lastError(); break; } $ok = $or->setPkgid((strlen($ORDERF_STD) ? 1 : 0)); if (!$ok) { $err = "Standard package not selected"; # . $or->lastError(); break; } $ok = $or->setRushid((strlen($ORDERF_RUSH) ? 1 : 0)); if (!$ok) { $err = "Rush option invalid"; # . $or->lastError(); break; } $ok = $or->setSnail((strlen($ORDERF_SNAIL) ? 1 : 0)); if (!$ok) { $err = "Snail service invalid"; # . $or->lastError(); break; } $ok = $or->setJobhunter((strlen($ORDERF_HUNTER) ? 1 : 0)); if (!$ok) { $err = "Jobhunter service invalid"; # . $or->lastError(); break; } $ok = $or->setLetter1((strlen($ORDERF_LETTER1) ? 1 : 0)); if (!$ok) { $err = "Follow up letter service invalid"; # . $or->lastError(); break; } $ok = $or->setCoverLetter((strlen($ORDERF_COVERL) ? 1 : 0)); if (!$ok) { $err = "Cover letter service invalid"; # . $or->lastError(); break; } $ok = $or->setHTMLService((strlen($ORDERF_HTML) ? 1 : 0)); if (!$ok) { $err = "HTML service invalid"; # . $or->lastError(); break; } $ok = $or->setExtendedDl((strlen($ORDERF_EXTDL) ? 1 : 0)); if (!$ok) { $err = "Extended Download service invalid"; # . $or->lastError(); break; } $ok = $or->setCouponTxt($ORDERF_COUPON); if (!$ok) { $err = "Coupon text invalid"; # . $or->lastError(); break; } if ($ORDERF_PAYMENT == "cc") { $ok = $ci->setType($ORDERF_CCT); if (!$ok) { $err = "Card type not selected"; # . $ci->lastError(); break; } $ok = $ci->setNumber($ORDERF_CCN); if (!$ok) { $err = "Card number missing/invalid"; # . $ci->lastError(); break; } $ok = $ci->setMonth($ORDERF_MON); if (!$ok) { $err = "Card expiration month not selected"; # $ci->lastError(); break; } $ok = $ci->setYear($ORDERF_YEAR); if (!$ok) { $err = "Card expiration year not selected"; # $ci->lastError(); break; } $nowmy = sprintf("%02d%02d",date("Y"),date("m")); $nowy = date("Y"); if ($ci->getYear() < $nowy) { $err = "Card expiration year in the past"; break; } if (sprintf("%02d%02d",$ci->getYear(),$ci->getMonth()) < $nowmy) { $err = "Card expiration in the past"; break; } $ok = $ci->setHolder($ORDERF_HOLDER); if (!$ok) { $err = "Card holder name missing/invalid"; # . $ci->lastError(); break; } $ok = $ci->setBank($ORDERF_BANK); if (!$ok) { $err = "Card bank invalid"; # . $ci->lastError(); break; } $ok = $ci->Update(); if (!$ok) diehard("Card Problem: " . $ci->lastError()); } # cc payment # see if it's returning client if($ORDERTYPE != ORDER_TYPE_SAMPLE) { $oldid = $cl->getIDByMail($cl->getMail()); $oldclient = ($oldid ? $oldid : 0); if (!$oldclient) # new client, make new entry in client db { $ok = $cl->Update(); if (!$ok) diehard("Client Problem: " . $cl->lastError()); } $ok = $or->setClid(($oldclient ? $oldclient : $cl->getID())); if ($ok) { if ($ORDERF_PAYMENT == "cc") $ok = $or->setCardID($ci->getID()); } else { $ci->Delete(); if (!$oldclient) $cl->Delete(); diehard("Order Placement Problem: " . $or->lastError()); } } # calculate price $sale = $pr->Calculate($or); /* $sale = $pr->Calculate($or->getPkgID(),$or->getRushID(), $or->getSnail(),$or->getJobhunter(),$or->getLetter1(), $or->getCoverLetter(),$or->getHTMLService(), $or->getExtendedDl()); */ # echo "sale=$sale
"; $cu = new Coupon(); $cuid = $cu->getIDByPhrase($ORDERF_COUPON); if ($cuid) { $cu = new Coupon($cuid); if ($cu->wasOK()) { $sale = $cu->calcDiscount($sale,$cu->getDiscount()); $or->setCouponDisc($cu->getDiscount()); } } $ok = $or->setSale($sale); $ORDERF_SALE = $sale; $ORDERF_CPASS = $cl->getPass(); # make orderinfo text switch ($or->getOrderType()) { case ORDER_TYPE_COMMON: $ORDERINFO = "Standard resume package $" . $PRICE_WEB_STD_PACKAGE; break; case ORDER_TYPE_COVERLETTER: $ORDERINFO = "Cover Letter order $" . $PRICE_WEB_CL_ORDER; break; case ORDER_TYPE_CV: $ORDERINFO = "CV order $" . $PRICE_WEB_CV_ORDER; break; case ORDER_TYPE_SAMPLE: $ORDERINFO = "Resume sample $" . $PRICE_WEB_SAMPLE; break; default: $ORDERINFO = "*** UNKNOWN ORDER TYPE '$ot' ***"; break; } if ($or->getRushID()) $ORDERINFO .= "\nRush service $" . $PRICE_WEB_RUSH1_SERVICE; if ($or->getSnail()) $ORDERINFO .= "\nSnail mail service $" . $PRICE_WEB_SNAIL_SERVICE; if ($or->getJobhunter()) $ORDERINFO .= "\nJob Hunter package $" . $PRICE_WEB_JOBHUNTER_PACKAGE; if ($or->getLetter1()) $ORDERINFO .= "\nFollow Up/Thank You letter $" . $PRICE_WEB_LETTER1_SERVICE; if ($or->getCoverLetter()) $ORDERINFO .= "\nCover Letter $" . $PRICE_WEB_COVER_LETTER; if ($or->getHTMLService()) $ORDERINFO .= "\nHTML Service $" . $PRICE_WEB_HTML_SERVICE; if ($or->getExtendedDl()) $ORDERINFO .= "\nExtended Download Service $" . $PRICE_WEB_EXTDL_SERVICE; # go on, buddy if (!$ok) diehard("Order Price Problem: " . $or->lastError()); $ok = $or->setWebsiteID($ws->getID()); if (!$ok) diehard("Order Website ID# Problem: " . $or->lastError()); $ok = $or->Update(); if (!$ok) diehard("Order Problem: " . $or->lastError()); if (strlen($fi->getDiskfilename())) { $ok = $fi->setOrderID($or->getID()); if (!$ok) { $or->Delete(); if (!$oldclient) $cl->Delete(); $ci->Delete(); diehard("Uploaded File OrderID Problem: " . $fi->lastError()); } $ok = $fi->Update(); if (!$ok) { $or->Delete(); if (!$oldclient) $cl->Delete(); $ci->Delete(); diehard("Uploaded File Problem: " . $fi->lastError()); } } $ok = $ri->setOrderid($or->getID()); if($ORDERTYPE != ORDER_TYPE_SAMPLE) { if ($ok) $ok = $ri->Update(); if (!$ok) { $ci->Delete(); if (!$oldclient) $cl->Delete(); $or->Delete(); diehard("Order Info Problem: " . $ri->lastError()); } } if ($ORDERF_PAYMENT == "cc") { # authorize # CCAuth($oid,$cardid,$ccn,$ccexpm,$ccexpy, # $first,$last,$ad1,$ad2,$city,$state,$zip, # $phone,$country,$mail,$desc,$sale) list($code,$explain) = CCAuth( $or->getID(), $ci->getID(), $ci->getNumber(), $ci->getMonth(), $ci->getYear(), $cl->getFirst(), $cl->getLast(), $cl->getAddr1(), $cl->getAddr2(), $cl->getCity(), $cl->getState(), $cl->getZip(), $cl->getTlf(), $cl->getCountry(), $cl->getMail(), $or->descOrderTypeCCDesc(), $sale); if ($code != "AUTH") { $BACK = $_SERVER["PHP_SELF"] . "?site=$site&ccerr=" . $code . time(); $CARDERROR = $explain; $cerr = sitegfx($site,"error"); require_once($cerr); $ri->Delete(); $ci->Delete(); $or->Delete(); $fi->Delete(); exit; } } # cc payment $ap = new AltPayment(); if ($ORDERF_PAYMENT == "check") { $aperr = true; while (1) { $ok = $ap->setType($ORDERF_PAYMENT); if (!$ok) break; $ok = $ap->setOrderID($or->getID()); if (!$ok) break; $ok = $ap->Update(); if (!$ok) break; $aperr = false; break; } if ($aperr) diehard("Order AltPayment problem: " . $ap->lastError()); $code = "AUTH"; # make snail hidden $q = "INSERT INTO hideit VALUES('" . $or->getID() . "','snail',NOW())"; $db->query($q); } if ($code == "AUTH") { # sale went ok, let's check for affiliate $af = new Affiliate(); $afids = $af->getIDByName($site); # if cookie matched the click is added for the COOKIE # affilaite if ($cookieafid) $afids = array($cookieafid); $af = false; while (1) { if (!count($afids)) break; if (count($afids) > 1) { diesoft("Affilate ERROR: " . count($afids) . " affiliates with name '$site' " . " defined"); break; } $afid = $afids[0]; $af = new Affiliate($afid); if (!$af->wasOK()) { diesoft("Affilate ID#$afid ERROR: " . $af->lastError()); break; } $afo = new AffOrder(); $errafo = true; while (1) { $ok = $afo->setAffiliateID($af->getID()); if (!$ok) break; $ok = $afo->setOrderID($or->getID()); if (!$ok) break; $ok = $afo->setRatePerOrder($af->getRatePerOrder()); if (!$ok) break; $affsale = round($sale * $af->getRatePerSale() / 100,2); $ok = $afo->setAffSale($affsale); if (!$ok) break; $ok = $afo->setIsCookie($cookiematched); if (!$ok) break; $ok = $afo->setValidOrder($ORDERF_PAYMENT == "cc" ? 1 : 0); if (!$ok) break; $ok = $afo->Update(); if (!$ok) break; $errafo = false; break; } if ($errafo) { diesoft("Affiliate ID#$afid AffOrder ERROR: " . $afo->lastError()); break; } break; } } # POMs -- check if there are any and if so -- do some lap dance $pom = new PreOrderMsg(); if ($pom->wasOK()) { $poms = $pom->listClientPOMs($cl->getMail()); if (count($poms)) $ok = $pom->markClientPOMsOnOrder($or->getID(),$poms); } # send receipt $SITENAME = $site; $CUSTNAME = $cl->getFirst() . " " . $cl->getLast(); $WEBSITE = $site; $SALE = sprintf("%.02f",$sale); $ORDERID = $or->getID(); $TRACKLINK = $CODEBASE . "/client/"; $TRACKPASS = $cl->getPass(); $CCLINK = $TRACKLINK; $CCPASS = $TRACKPASS; $ORDERTYPEDESC = $or->descOrderTypeName(); $ORDERTYPEDESCUC = strtoupper($ORDERTYPEDESC); $ORDERCOMPLETE = $SETTING_COMPLETE_DAYS; if ($ORDERTYPE == ORDER_TYPE_COVERLETTER) $ORDERCOMPLETE = $SETTING_COMPLETE_DAYS_CL; if ($ORDERTYPE == ORDER_TYPE_CV) $ORDERCOMPLETE = $SETTING_COMPLETE_DAYS_CV; # referral stuff $REFERRAL = $ws->getName() . " [not an affiliate]"; if ($af) $REFERRAL = $af->getName() . " [affiliate]"; $receiptl = ($or->hasAltPayment() ? CLIENTRECEIPT_LETTER_NONCC : CLIENTRECEIPT_LETTER); $receipts = ($or->hasAltPayment() ? CLIENTRECEIPT_LETTER_NONCC_SUBJECT : CLIENTRECEIPT_LETTER_SUBJECT); $subj = sprintf($receipts,strtoupper($or->descOrderTypeName())); list($body,$varinfo) = preparemessage($receiptl); eval("\$body = \"" . addslashes($body) . "\";"); $body = stripslashes($body); $to = $cl->getMail(); if (strlen($body)) { list($mbody,$headers) = makefilemessage(ordersmail($site), #MSG_CLIENT_FROM, $to,$subj,$body); if ($body === false) warnadmin("Cannot make client receipt: " . $headers); else { $m = mail($to,$subj,$mbody,$headers); if (!$m) warnadmin("Receipt sending failed to=$to" . " subj=$subj headers=$headers\n\n" . " body=$body"); } } else warnadmin("Cannot prepare receipt message: " . $varinfo); list($message,$varinfo) = preparemessage(ORDERBACKUP_2_LETTER); if ($message !== false) { eval("\$message = \"" . addslashes($message) . "\";"); $message = stripslashes($message); $to = ORDERBACKUP_MAIL; $subj = sprintf(ORDERBACKUP_2_LETTER_SUBJECT,$ORDERF_SITE, $or->descOrderTypeName()); $body = $message; list($body,$headers) = makefilemessage($cl->getMail(), $to,$subj,$body); if ($body !== false) { $m = mail($to,$subj,$body,$headers); if (!$m) warnadmin("Cannot send ORDERBACKUP_2_LETTER"); } else warnadmin("Cannot makefilemessage ORDERBACKUP_2_LETTER"); } else warnadmin("Cannot preparemessage ORDERBACKUP_2_LETTER"); # display thankyou page $_SESSION["finished"] = true; $go = "Location: ../order/orderf-thankyou.php?oid=" . $or->getID() . "&site=$site&ck=" . md5("$site Order ID#$" . $or->getID()); # echo ($go); header($go); exit; } # this stuff happens only on page1 while ($_SERVER["REQUEST_METHOD"] == "POST" && $page == 1) { $uploaded = false; if (isset($_FILES["file_1"]["tmp_name"]) && strlen($_FILES["file_1"]["name"])) { $uploaded = true; if (strlen($fi->getDiskfilename())) @unlink($fi->getDiskfilename()); $fname = "resfile" . "-" . simuniqueid(); $ok = move_uploaded_file($_FILES["file_1"]["tmp_name"], UPFILESDIR . "/" . $fname); if (!$ok) { $err = "Error uploading file"; break; } @chmod(UPFILESDIR . "/" . $fname,0666); $ok = $fi->setFilename(basename($_FILES["file_1"]["name"])); if (!$ok) { $err = "Invalid file name"; @unlink($fname); $uploaded = false; break; } $ok = $fi->setDiskfilename($fname); if (!$ok) { $err = "Invalid disk file name"; @unlink($fname); $uploaded = false; break; } $ok = $fi->setDeleted(0); if (!$ok) { $err = "File undelete failed"; @unlink($fname); $uploaded = false; break; } $fi->setUploaded(); } $ok = $cl->setMail($ORDERF_EMAIL); if (!$ok) { $err = "E-mail address invalid"; # . $cl->lastError(); break; } $ok = $ri->setObjective($ORDERF_OBJECTIVE); if (!$ok) { $err = "Objective text too long"; # . $ri->lastError(); break; } $ok = $ri->setEducation($ORDERF_EDUCATION); if (!$ok) { $err = "Education text too long"; # . $ri->lastError(); break; } $ok = $ri->setExperience($ORDERF_EXPERIENCE); if (!$ok) { $err = "Eperience text too long"; # . $ri->lastError(); break; } $ok = $ri->setActivities($ORDERF_ACTIVITIES); if (!$ok) { $err = "Activities text too long"; # . $ri->lastError(); break; } $ok = $ri->setMisc($ORDERF_MISC); if (!$ok) { $err = "Misc text too long"; # . $ri->lastError(); break; } $ok = $ri->setCVSummary($ORDERF_CVSUMMARY); if (!$ok) { $err = "Summary text too long"; # . $ri->lastError(); break; } $ok = $ri->setCVAchievements($ORDERF_CVACHIEVEMENTS); if (!$ok) { $err = "Achievemetns text too long"; # . $ri->lastError(); break; } $ok = $ri->setCVPublications($ORDERF_CVPUBLICATIONS); if (!$ok) { $err = "Publications text too long"; # . $ri->lastError(); break; } if ($ORDERTYPE == ORDER_TYPE_COVERLETTER) { $ok = $ri->setCLtype($ORDERF_CL_TYPE); if (!$ok) { $err = "Cover letter type invalid"; break; } } # $ok = $ri->setRestype($ORDERF_TYPE); $ok = $ri->setRestype("c"); if (!$ok) { $err = "Type invalid" . $ri->lastError(); break; } /* if (!$uploaded && !strlen($ri->getObjective())) { $err = "Objective text required when no file is uploaded"; break; } if (!$uploaded && !strlen($ri->getEducation())) { $err = "Education text required when no file is uploaded"; break; } if (!$uploaded && !strlen($ri->getActivities())) { $err = "Activities text required when no file is uploaded"; break; } if (!$uploaded && !strlen($ri->getExperience())) { $err = "Experience text required when no file is uploaded"; break; } */ switch ($or->getOrderType()) { case ORDER_TYPE_COVERLETTER: $obackupf = ORDERBACKUP_CL_1_LETTER; break; case ORDER_TYPE_CV: $obackupf = ORDERBACKUP_CV_1_LETTER; break; default: $obackupf = ORDERBACKUP_1_LETTER; break; } list($message,$varinfo) = preparemessage($obackupf); if ($message !== false) { eval("\$message = \"" . addslashes($message) . "\";"); $message = stripslashes($message); $to = ORDERBACKUP_MAIL; $subj = sprintf(ORDERBACKUP_1_LETTER_SUBJECT,$ORDERF_SITE,$or->descOrderTypeName()); $body = $message; if($ORDERTYPE == ORDER_TYPE_SAMPLE) { $to = $SETTING_SAMPLE_EMAIL_ADDR; $body .= "\n\nBilling Info:"; $body .= "\nName: ".$ORDERF_FIRST." ".$ORDERF_LAST; $body .= "\nAddress: ".$ORDERF_ADDR1; if(strlen($ORDERF_ADDR2)) $body .= "\n "; $body .= "\nCity: ".$ORDERF_CITY." State: ".$ORDERF_STATE." Zip: ".$ORDERF_ZIP; $body .= "\nPhone: ".$ORDERF_TLF; if(strlen($ORDERF_TLF2)) $body .= "\nAlt Phone: ".$ORDERF_TLF2; $body .= "\nCard Type: ".$ORDERF_CCT; $body .= "\nCard Numb: ".$ORDERF_CCN; $body .= "\nCard Expi: ".$ORDERF_MON."/".$ORDERF_YEAR; $body .= "\nCust Name: ".$ORDERF_HOLDER; $body .= "\nBank: ".$ORDERF_BANK."\n\n"; } list($body,$headers) = makefilemessage($ORDERF_EMAIL, $to,$subj,$body,($uploaded ? UPFILESDIR . "/" . $fi->getDiskfilename() : ""), ($uploaded ? $fi->getFilename() : "")); if ($body !== false) { $m = mail($to,$subj,$body,$headers); if (!$m) warnadmin("Cannot send ORDERBACKUP_1_LETTER"); } else warnadmin("Cannot makefilemessage ORDERBACKUP_1_LETTER"); } else warnadmin("Cannot preparemessage ORDERBACKUP_1_LETTER"); if($ORDERTYPE == ORDER_TYPE_SAMPLE) { //require("../inc/sample.inc.php"); /*do_pageskip_for_sample($cl, $ci, $or, $pr, $ORDERF_EMAIL, $ORDERF_EMAIL2, $ORDERF_FIRST, $ORDERF_LAST, $ORDERF_ADDR1, $ORDERF_ADDR2, $ORDERF_CITY, $ORDERF_STATE, $ORDERF_ZIP, $ORDERF_TLF, $ORDERF_TLF2, $ORDERF_COUPON, $ORDERF_CCT, $ORDERF_CCN, $ORDERF_MON, $ORDERF_YEAR, $ORDERF_HOLDER, $ORDERF_BANK, $ORDERF_STD); */ if (!isset($_POST["email2"]) || !isset($_POST["email"])) { $err = "E-mail missing in POST"; break; } $ok = $cl->setMail($ORDERF_EMAIL); if (!$ok) { $err = "E-mail address invalid - listed as: " . $ORDERF_EMAIL . $cl->lastError(); break; } $ok = $cl->setFirst($ORDERF_FIRST); if (!$ok) { $err = "First name invalid"; # . $cl->lastError(); break; } $ok = $cl->setLast($ORDERF_LAST); if (!$ok) { $err = "Last name invalid"; # . $cl->lastError(); break; } $ok = $cl->setAddr1($ORDERF_ADDR1); if (!$ok) { $err = "Adress line invalid"; # . $cl->lastError(); break; } $ok = $cl->setAddr2($ORDERF_ADDR2); if (!$ok) { $err = "Second address line invalid"; # . $cl->lastError(); break; } $ok = $cl->setCity($ORDERF_CITY); if (!$ok) { $err = "City name invalid"; # . $cl->lastError(); break; } $ok = $cl->setState($ORDERF_STATE); if (!$ok) { $err = "Invalid state/province entered"; # . $cl->lastError(); break; } $ok = $cl->setZip($ORDERF_ZIP); if (!$ok) { $err = "ZIP/postal code invalid"; # . $cl->lastError(); break; } $ok = $cl->setTlf($ORDERF_TLF); if (!$ok) { $err = "Phone number invalid"; # . $cl->lastError(); break; } $ok = $cl->setTlf2($ORDERF_TLF2); if (!$ok) { $err = "Additional phone number invalid"; # . $cl->lastError(); break; } $ok = $or->setPkgid((strlen($ORDERF_STD) ? 1 : 0)); if (!$ok) { $err = "Standard package not selected"; # . $or->lastError(); break; } $ok = $or->setCouponTxt($ORDERF_COUPON); if (!$ok) { $err = "Coupon text invalid"; # . $or->lastError(); break; } $ok = $ci->setType($ORDERF_CCT); if (!$ok) { $err = "Card type not selected"; # . $ci->lastError(); break; } $ok = $ci->setNumber($ORDERF_CCN); if (!$ok) { $err = "Card number missing/invalid"; # . $ci->lastError(); break; } $ok = $ci->setMonth($ORDERF_MON); if (!$ok) { $err = "Card expiration month not selected"; # $ci->lastError(); break; } $ok = $ci->setYear($ORDERF_YEAR); if (!$ok) { $err = "Card expiration year not selected"; # $ci->lastError(); break; } $nowmy = sprintf("%02d%02d",date("Y"),date("m")); $nowy = date("Y"); if ($ci->getYear() < $nowy) { $err = "Card expiration year in the past"; break; } if (sprintf("%02d%02d",$ci->getYear(),$ci->getMonth()) < $nowmy) { $err = "Card expiration in the past"; break; } $ok = $ci->setHolder($ORDERF_HOLDER); if (!$ok) { $err = "Card holder name missing/invalid"; # . $ci->lastError(); break; } $ok = $ci->setBank($ORDERF_BANK); if (!$ok) { $err = "Card bank invalid"; # . $ci->lastError(); break; } $ok = $ci->Update(); if (!$ok) diehard("Card Problem: " . $ci->lastError()); # calculate price $sale = $pr->Calculate($or); $ok = $or->setSale($sale); $ORDERF_SALE = $sale; $ORDERF_CPASS = $cl->getPass(); # make orderinfo text switch ($or->getOrderType()) { case ORDER_TYPE_COMMON: $ORDERINFO = "Standard resume package $" . $PRICE_WEB_STD_PACKAGE; break; case ORDER_TYPE_COVERLETTER: $ORDERINFO = "Cover Letter order $" . $PRICE_WEB_CL_ORDER; break; case ORDER_TYPE_CV: $ORDERINFO = "CV order $" . $PRICE_WEB_CV_ORDER; break; case ORDER_TYPE_SAMPLE: $ORDERINFO = "Resume sample $" . $PRICE_WEB_SAMPLE; break; default: $ORDERINFO = "*** UNKNOWN ORDER TYPE '$ot' ***"; break; } # go on, buddy if (!$ok) diehard("Order Price Problem: " . $or->lastError()); if (strlen($fi->getDiskfilename())) { $ok = $fi->setOrderID(999999); if (!$ok) { $or->Delete(); if (!$oldclient) $cl->Delete(); $ci->Delete(); diehard("Uploaded File OrderID Problem: " . $fi->lastError()); } $ok = $fi->Update(); if (!$ok) { $or->Delete(); if (!$oldclient) $cl->Delete(); $ci->Delete(); diehard("Uploaded File Problem: " . $fi->lastError()); } } # authorize # CCAuth($oid,$cardid,$ccn,$ccexpm,$ccexpy, # $first,$last,$ad1,$ad2,$city,$state,$zip, # $phone,$country,$mail,$desc,$sale) list($code,$explain) = CCAuth( $or->getID(), $ci->getID(), $ci->getNumber(), $ci->getMonth(), $ci->getYear(), $cl->getFirst(), $cl->getLast(), $cl->getAddr1(), $cl->getAddr2(), $cl->getCity(), $cl->getState(), $cl->getZip(), $cl->getTlf(), $cl->getCountry(), $cl->getMail(), $or->descOrderTypeCCDesc(), $sale); if ($code != "AUTH") { $BACK = $_SERVER["PHP_SELF"] . "?site=$site&ccerr=" . $code . time(); $CARDERROR = $explain; $cerr = sitegfx($site,"error"); require_once($cerr); $ri->Delete(); $ci->Delete(); $or->Delete(); $fi->Delete(); exit; } # send receipt $SITENAME = $site; $CUSTNAME = $cl->getFirst() . " " . $cl->getLast(); $WEBSITE = $site; $SALE = sprintf("%.02f",$sale); $ORDERID = $or->getID(); $TRACKLINK = $CODEBASE . "/client/"; $TRACKPASS = $cl->getPass(); $CCLINK = $TRACKLINK; $CCPASS = $TRACKPASS; $ORDERTYPEDESC = $or->descOrderTypeName(); $ORDERTYPEDESCUC = strtoupper($ORDERTYPEDESC); $ORDERCOMPLETE = $SETTING_COMPLETE_DAYS; if ($ORDERTYPE == ORDER_TYPE_COVERLETTER) $ORDERCOMPLETE = $SETTING_COMPLETE_DAYS_CL; if ($ORDERTYPE == ORDER_TYPE_CV) $ORDERCOMPLETE = $SETTING_COMPLETE_DAYS_CV; # referral stuff $REFERRAL = $ws->getName() . " [not an affiliate]"; $receiptl = CLIENTRECEIPT_LETTER; $receipts = CLIENTRECEIPT_LETTER_SUBJECT; $subj = sprintf($receipts,strtoupper($or->descOrderTypeName())); list($body,$varinfo) = preparemessage($receiptl); eval("\$body = \"" . addslashes($body) . "\";"); $body = stripslashes($body); $to = $cl->getMail(); if (strlen($body)) { list($mbody,$headers) = makefilemessage(ordersmail($site), #MSG_CLIENT_FROM, $to,$subj,$body); if ($body === false) warnadmin("Cannot make client receipt: " . $headers); else { $m = mail($to,$subj,$mbody,$headers); if (!$m) warnadmin("Receipt sending failed to=$to" . " subj=$subj headers=$headers\n\n" . " body=$body"); } } else warnadmin("Cannot prepare receipt message: " . $varinfo); # display thankyou page $_SESSION["finished"] = true; $go = "Location: ../order/orderf-sample-thankyou.php?oid=" . $or->getID() . "&site=$site&ck=" . md5("$site Order ID#$" . $or->getID()); header($go); exit; } else { $ORDERF_PAGE = 2; break; } } # display the form $ot = $or->getOrderType(); $otfilesuffix = $or->descOrderTypeSuffix(); $orderf1 = "./orderforms/$site$otfilesuffix.php"; $orderf2 = "./orderforms/$site-2$otfilesuffix.php"; #echo "of1=$orderf1 of2=$orderf2 suff=$otfilesuffix
"; if (!file_exists($orderf1)) $orderf1 = "./orderforms/DEFAULT$otfilesuffix.php"; if (!is_file($orderf1)) diehard("'$orderf1' does not exist or is not a file"); if (!file_exists($orderf2)) $orderf2 = "./orderforms/DEFAULT-2$otfilesuffix.php"; if (!is_file($orderf2)) diehard("'$orderf2' does not exist or is not a file"); if (strlen($err)) diesoft("$err"); # hacks once again /* if (!isset($_POST["email2"]) && $ORDERF_PAGE == 2) { $ORDERF_EMAIL2 = $_SESSION["post"]["email"]; } */ if (($ORDERF_PAGE == 1) || ($ORDERTYPE == ORDER_TYPE_SAMPLE)) require_once($orderf1); else require_once($orderf2); #echo "payment: $ORDERF_PAYMENT"; #echo "

"; print_r($_SESSION); echo "
"; ?>