<% 'This file is part of ProductCart, an ecommerce application developed and sold by Early Impact LLC. ProductCart, its source code, the ProductCart name and logo are property of Early Impact, LLC. Copyright 2001-2003. All rights reserved. You are not allowed to use, alter, distribute and/or resell any parts of ProductCart's source code without the written consent of Early Impact. To contact Early Impact, please visit www.earlyimpact.com. %> <% response.Buffer=true %> <% 'Capture any redirects dim pcRequestRedirect pcRequestRedirect=getUserInput(request("redirectUrl"),250) if Session("SFStrRedirectUrl")<>"" AND pcRequestRedirect="" then else Session("SFStrRedirectUrl")=pcRequestRedirect end if dim pcPageMode pcPageMode=request("cmode") if pcPageMode="" then pcPageMode=0 else if NOT validNum(pcPageMode) then pcPageMode=0 end if end if 'pcPageMode '0=checkout '1=login '2=retreive password '3=autologin if pcPageMode=2 then pcFromPageMode=getUserInput(request("fmode"),1) if not validNum(pcFromPageMode) then pcFromPageMode=0 end if end if if pcPageMode=3 and request("LoginEmail")<>"" then 'if admin is placing order, clear any previous "place order" sessions session("idCustomer")=0 session("pcSFPassWordExists")="" session("pcSFLoginPassword")="" session("pcSFLoginEmail")="" session("idorder")="" session("pcStrCustName")="" session("pcSFIdDbSession")="" session("pcSFRandomKey")="" Session("customerType")=0 session("customerCategory")=0 session("ATBCustomer")=0 session("ATBPercentage")=0 session("ATBPercentOff")=0 Session("pcSFpcBillingFirstName")="" Session("pcSFpcBillingLastName")="" Session("pcSFpcBillingCompany")="" Session("pcSFpcBillingPhone")="" Session("pcSFpcCustomerEmail2")="" Session("pcSFpcBillingAddress")="" Session("pcSFpcBillingPostalCode")="" Session("pcSFpcBillingStateCode")="" Session("pcSFpcBillingProvince")="" Session("pcSFpcBillingCity")="" Session("pcSFpcBillingCountryCode")="" Session("pcSFpcBillingAddress2")="" Session("pcSFpcShippingFirstName")="" Session("pcSFpcShippingLastName")="" Session("pcSFpcShippingCompany")="" Session("pcSFpcShippingAddress")="" Session("pcSFpcShippingAddress2")="" Session("pcSFpcShippingCity")="" Session("pcSFpcShippingStateCode")="" Session("pcSFpcShippingProvince")="" Session("pcSFpcShippingPostalCode")="" Session("pcSFpcShippingCountryCode")="" Session("pcSFpcShippingPhone")="" Session("pcSFpcShippingResidential")="" Session("pcSFpcShippingNickName")="" Session("pcSFpcShippingReferenceId")="" Session("pcSFpcShippingIdRefer")="" Session("pcSFpcShippingFax")="" Session("pcSFpcShippingEmail")="" Session("pcSFTF1")="" Session("pcSFDF1")="" Session("SFStrRedirectUrl")="" end if If (Session("SFStrRedirectUrl")<>"" AND pcPageMode<>0) AND (session("idCustomer")<>0 and session("idCustomer")<>"") then response.redirect "Login.asp?lmode=2" end if session("pcSFCMode")=pcPageMode 'Get path for Advanced Security if scSecurity=1 then Dim pcSecurityPath, strSiteSecurityURL pcSecurityPath=Request.ServerVariables("PATH_INFO") pcSecurityPath=mid(pcSecurityPath,1,InStrRev(pcSecurityPath,"/")-1) If UCase(Trim(Request.ServerVariables("HTTPS")))="OFF" then strSiteSecurityURL="http://" & Request.ServerVariables("HTTP_HOST") & pcSecurityPath & "/" Else strSiteSecurityURL="https://" & Request.ServerVariables("HTTP_HOST") & pcSecurityPath & "/" End if end if dim query, conntemp, rs 'check if email is passed to retrieve password if pcPageMode=2 AND request("SubmitPM.y")<>"" then pcv_intErr=0 'set to zero pcs_ValidateEmailField "LoginEmail", true, 250 'pcs_ValidateEmailField "LoginEmail", true 'pcStrEmail=getUserInput(replace(trim(request.form("LoginEmail")),"'","''"),250) pcStrEmail = Session("pcSFLoginEmail") query="SELECT name, lastname, email, [password] from customers WHERE email='" &pcStrEmail& "'" call opendb() set rs=server.CreateObject("ADODB.RecordSet") set rs=conntemp.execute(query) if not rs.eof then pcStrName=rs("name") pcStrLastName=rs("lastname") pcStrEmail=rs("email") pcStrPassword=enDeCrypt(rs("Password"),scCrypPass) pcStrSubject=dictLanguage.Item(Session("language")&"_forgotpasswordmailsubject") pcStrBody=dictLanguage.Item(Session("language")&"_forgotpasswordmailbody1") pcStrBody=replace(pcStrBody,"#password",pcStrPassword) pcStrBody=replace(pcStrBody,"#firstname",pcStrName) pcStrBody=replace(pcStrBody,"#lastname",pcStrLastName) call sendmail (scEmail, scEmail, pcStrEmail, pcStrSubject, pcStrBody) call closedb() response.redirect "checkout.asp?cmode="&pcFromPageMode&"&EmailNotFound=0" else 'password not found.. call closedb() response.redirect "checkout.asp?cmode="&pcFromPageMode&"&EmailNotFound=1" end if end if session("availableShipStr")="" session("provider")="" pcAutoLoginAllowed=0 if pcPageMode=0 then '***************************************************************************************************** '// START: Validate AND Set "pcCartArray" AND "pcCartIndex" '***************************************************************************************************** %><% pcs_VerifySession '***************************************************************************************************** '// END: Validate AND Set "pcCartArray" AND "pcCartIndex" '***************************************************************************************************** ppcCartIndex=Session("pcCartIndex") if countCartRows(pcCartArray, ppcCartIndex)=0 then response.redirect "msg.asp?message=9" end if 'is this customer using Express Checkout? if session("ExpressCheckoutPayment")="YES" then if calculateCartTotal(pcCartArray, ppcCartIndex)>session("pcPay_PayPalExp_OrderTotal") then session("ExpressCheckoutPayment")="" session("idCustomer")=0 end if end if session("pcPay_PayPalExp_OrderTotal")=calculateCartTotal(pcCartArray, ppcCartIndex) If session("customerType")=1 Then if calculateCartTotal(pcCartArray, ppcCartIndex) show message response.redirect "msg.asp?message=205" end if Else if calculateCartTotal(pcCartArray, ppcCartIndex) show message response.redirect "msg.asp?message=206" end if End If ' check if user already logged in if session("idCustomer")<>0 and session("idCustomer")<>"" then 'see if customer is allowed to purchase call opendb() query="SELECT suspend FROM customers WHERE idCustomer="&session("idCustomer")&";" set rs=server.CreateObject("ADODB.RecordSet") set rs=conntemp.execute(query) if rs("suspend")="1" then set rs=nothing call closedb() response.redirect "msg.asp?message=131" response.end else set rs=nothing call closedb() if pcv_intErr=0 then response.redirect "login.asp" end if end if end if end if if (request.form("SubmitCO.y")<>"") or (pcPageMode=3) then pcv_intErr=0 'set to zero 'Autologin if pcPageMode=3 then 'check if admin is logged in if session("admin")=-1 then pcAutoLoginAllowed=1 end if if pcAutoLoginAllowed=1 then '// Request "LoginPassword", trim, and set to Session pcStrLoginEmail=getUserInput(request("LoginEmail"),250) session("pcSFLoginEmail")=pcStrLoginEmail '// Request "LoginPassword", trim, and set to Session pcStrLoginPassword=getUserInput(request("LoginPassword"),100) if len(pcStrLoginPassword)>0 then session("pcSFPassWordExists")="YES" session("pcSFLoginPassword") = pcStrLoginPassword session("pcSFLoginPassword")=Decrypt(session("pcSFLoginPassword"),9286803311968) end if if len(session("pcSFLoginEmail"))<1 AND session("idCustomer")=0 then response.redirect("checkout.asp?cmode=1&msgcode=1") end if else response.redirect("checkout.asp?cmode=1") end if 'end Autologin else pcs_ValidateEmailField "LoginEmail", true, 0 'pcs_ValidateEmailField "LoginEmail", true 'pcStrLoginEmail=replace(request.form("LoginEmail"),"'","''") 'session("pcSFLoginEmail")=pcStrLoginEmail 'if pcStrLoginEmail="" then ' pcv_intErr=pcv_intErr+1 'End if '// Request "LoginPassword", trim, and set to Session pcs_ValidateTextField "LoginPassword", false, 0 'pcStrLoginPassword=request.form("LoginPassword") 'session("pcSFLoginPassword")=pcStrLoginPassword pcs_ValidateTextField "PassWordExists", false, 0 'session("pcSFPassWordExists")=request.Form("PassWordExists") 'if pcStrLoginPassword="" AND session("pcSFPassWordExists")="YES" then if session("pcSFLoginPassword")="" AND session("pcSFPassWordExists")="YES" then pcv_intErr=pcv_intErr+1 End if 'if len(pcStrLoginEmail)<1 AND session("idCustomer")=0 then if len(session("pcSFLoginEmail"))<1 AND session("idCustomer")=0 then response.redirect("checkout.asp?cmode="&pcPageMode&"&msgmode=1") end if end if if session("ErrLoginEmail")="" AND pcAutoLoginAllowed=0 then if scSecurity=1 AND ((scUserLogin=1 AND session("pcSFPassWordExists")="YES") OR (scUserReg=1 AND session("pcSFPassWordExists")<>"YES")) then Session("store_postnum")=replace(request("postnum"),"'","''") pcv_Test=0 if (session("store_userlogin")<>"1") AND (session("store_adminre")<>"1") then session("store_userlogin")="" session("store_postnum")="" session("store_num")="" session("store_adminre")="" pcv_test=1 end if if pcv_Test=0 AND session("store_adminre")<>"1" then if InStr(ucase(Request.ServerVariables("HTTP_REFERER")),ucase(strSiteSecurityURL & "checkout.asp"))<>1 then session("store_userlogin")="" session("store_postnum")="" session("store_num")="" session("store_adminre")="" pcv_test=1 end if session("store_adminre")="" end if if pcv_Test=0 AND scUseImgs=1 then if (session("store_num")="") OR (session("store_num")&"" <> Session("store_postnum")&"") then session("store_userlogin")="" session("store_postnum")="" session("store_num")="" session("store_adminre")="" pcv_test=1 end if end if if pcv_Test=1 then If scAlarmMsg=1 then if session("AttackCount")="" then session("AttackCount")=0 end if session("AttackCount")=session("AttackCount")+1 if session("AttackCount")>=scAttackCount then session("AttackCount")=0%> <%end if End if response.redirect("checkout.asp?cmode="&pcPageMode&"&msgmode=4") end if end if end if if pcv_intErr=0 then erypassword=encrypt((session("pcSFLoginPassword")), 9286803311968) session("pcSFEryPassword")=erypassword if pcPageMode=0 then response.redirect "login.asp?lmode=0" else 'just logging in response.redirect "login.asp?lmode=2" end if else '// handle error end if end if '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ' Section C - Config Client-Side Validation '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ response.write ""&vbcrlf '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ' END: FORM VALIDATION '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ %>
<% msgMode=getUserInput(request.querystring("msgmode"),1) select case msgMode case "2" msg=dictLanguage.Item(Session("language")&"_validate_2") case "3" msg=dictLanguage.Item(Session("language")&"_validate_3") case "4" msg=dictLanguage.Item(Session("language")&"_security_2") case "5" msg=dictLanguage.Item(Session("language")&"_validate_4") case else msg="" end select if msg="" then msg=getUserInput(request.querystring("msg"),0) end if If msg<>"" then %>
<%=msg%>
<% end if %> <% if pcPageMode=0 then %> <% end if if pcPageMode=2 then pcPageTitle=dictLanguage.Item(Session("language")&"_checkout_22") else pcPageTitle=dictLanguage.Item(Session("language")&"_checkout_23") end if %>

<%=pcPageTitle%>
<% '// Check if only PayPal Express is enabled if session("customerType")=1 then query="SELECT gwcode FROM paytypes WHERE active=-1;" else query="SELECT gwcode FROM paytypes WHERE active=-1 and Cbtob=0;" end if call opendb() set rsPPObj=server.CreateObject("ADODB.RecordSet") set rsPPObj=conntemp.execute(query) dim intPPECheck, intPPECnt, intPPEOnly intPPECheck=0 intPPECnt=0 intPPEOnly=0 do until rsPPObj.eof PPE_GwCode=rsPPObj("gwcode") if PPE_GwCode="999999" then intPPECheck=1 end if intPPECnt=intPPECnt+1 rsPPObj.movenext loop set rsPPObj=nothing if intPPECnt=1 AND intPPECheck=1 then intPPEOnly=1 end if call closedb() if intPPEOnly=0 then %> <% if session("ErrLoginEmail")<>"" then %> <% end if %> <% end if if pcPageMode=2 then %> <% else if intPPEOnly=0 then %> <% if scSecurity=1 AND scUserReg=1 then pcShowStyle="" else pcShowStyle="none" end if if scSecurity=1 AND scUserLogin=1 then pcShowLoginStyle="" else pcShowLoginStyle="none" end if %> <% if scAllowCheckoutWR <> 0 and pcPageMode = 0 then %> <% end if %> <% 'If Advanced Security is turned on if scSecurity=1 then Session("store_userlogin")="1" session("store_adminre")="1" Session("store_postnum")="" session("store_num")=" " if (scUserLogin=1 OR scUserReg=1) and (scUseImgs=1) then %> <% else response.write "
" end if %> <% else response.write "
" end if %> <% end if call opendb() if session("customerType")=1 then query="SELECT idPayment, paymentDesc, priceToAdd, percentageToAdd, gwcode, type, paymentNickName FROM paytypes WHERE active=-1 AND (gwCode=999999 OR gwCode=46 OR gwCode=53) ORDER by paymentPriority;" else query="SELECT idPayment, paymentDesc, priceToAdd, percentageToAdd, gwcode, type, paymentNickName FROM paytypes WHERE active=-1 and Cbtob=0 AND (gwCode=999999 OR gwCode=46 OR gwCode=53) ORDER by paymentPriority;" end if set rs=server.CreateObject("ADODB.RecordSet") set rs=conntemp.execute(query) If NOT rs.eof Then intPayPalExp=1 '// Determine which API to use (US or UK) query="SELECT pcPay_PayPal.pcPay_PayPal_Partner, pcPay_PayPal.pcPay_PayPal_Vendor FROM pcPay_PayPal WHERE (((pcPay_PayPal.pcPay_PayPal_ID)=1));" set rsPayPalType=Server.CreateObject("ADODB.Recordset") set rsPayPalType=conntemp.execute(query) pcPay_PayPal_Partner=rsPayPalType("pcPay_PayPal_Partner") pcPay_PayPal_Vendor=rsPayPalType("pcPay_PayPal_Vendor") if pcPay_PayPal_Partner<>"" AND pcPay_PayPal_Vendor<>"" then pcPay_PayPal_Version = "UK" else pcPay_PayPal_Version = "US" end if set rsPayPalType=nothing Else intPayPalExp=0 End If set rs=nothing '==================================== ' START: PayPal Express '==================================== if intPayPalExp=1 AND pcPageMode<>1 then %> <% end if '==================================== ' END: PayPal Express '==================================== %> <% end if %>

<%=dictLanguage.Item(Session("language")&"_checkout_24")%>
  <%=dictLanguage.Item(Session("language")&"_Custmoda_16")%>

<%=dictLanguage.Item(Session("language")&"_Custmoda_4")%> " size="20"><%pcs_RequiredImageTag "LoginEmail", true%>
" name="SubmitPM" id="SubmitPM" class="submit">  " alt="<%=dictLanguage.Item(Session("language")&"_altTag_15")%>">

<%=dictLanguage.Item(Session("language")&"_checkout_25")%>
onClick="document.getElementById('show_security').style.display='<%=pcShowLoginStyle%>'"<% end if%> class="clearBorder">

<%=dictLanguage.Item(Session("language")&"_checkout_26")%>
onClick="document.getElementById('show_security').style.display='<%=pcShowStyle%>'"<% end if %> class="clearBorder">

<%=dictLanguage.Item(Session("language")&"_checkout_27")%>
onClick="document.getElementById('show_security').style.display='<%=pcShowStyle%>'"<% end if %> class="clearBorder">

<%=dictLanguage.Item(Session("language")&"_checkout_28")%>

<%response.write dictLanguage.Item(Session("language")&"_security_1")%>


<%For k=1 to 6%><%Next%>
<% if pcPageMode=1 OR pcPageMode=3 then %> " name="SubmitCO" id="submit"> <% else %> " name="SubmitCO" id="submit"> <% end if %>
Fast, Secure Checkout with PayPal
<% '// Display the API Button Code if pcPay_PayPal_Version = "US" then %>
Acceptance Mark
<% else %>
Acceptance Mark
<% end if %>

Save time, Checkout securely. Pay without sharing your financial information.
<% if pcPageMode<>2 then pcIntEmailNotFound=getUserInput(request("EmailNotFound"),1) if Not ValidNum(pcIntEmailNotFound) then pcIntEmailNotFound="" end if '------------------------------ ' START: password reminder '------------------------------ %>
<% if pcIntEmailNotFound<>"" then %> <% else %> <% end if %>
<% if pcIntEmailNotFound=1 then %>
<% response.write dictLanguage.Item(Session("language")&"_forgotpassworderror") %>
<% else %>
<%response.write dictLanguage.Item(Session("language")&"_checkout_11")%>
<% end if %>

<%response.write dictLanguage.Item(Session("language")&"_Custva_3")%> <%response.write dictLanguage.Item(Session("language")&"_Custva_8")%>
<% end if '------------------------------ ' END: password reminder '------------------------------ %>
<% '// Managed Form Sessions Auto-Cleared 'session("ErrLoginEmail")="" 'session("pcSFLoginEmail")="" '// Clear Un-Managed Sessions session("pcSFLoginPassword")="" session("pcSFPassWordExists")="" session("pcSFEryPassword")="" call closedb() %>