Checkoutconfirmation . php ?php Diagram Level Konteks
location.href=..home.php?name=includecontact.php; alert Nama atau Email Anda tidak lengkap.;
script ?php
} ?
26. Checkoutconfirmation . php ?php
Line 1 : Make sure this file is included instead of requested directly Line 2 : Check if step is defined and the value is two
Line 3 : The POST request must come from this page but the value of step is one if definedWEB_ROOT
|| isset_GET[step] || int_GET[step] = 2 || _SERVER[HTTP_REFERER] = http: . _SERVER[HTTP_HOST] .
_SERVER[PHP_SELF] . ?step=1 {
exit; }
errorMessage = nbsp;; Make sure all the required field exist is _POST and the value is not empty
Note: txtShippingAddress2 and txtPaymentAddress2 are optional requiredField = arraytxtShippingFirstName, txtShippingLastName,
txtShippingAddress1,txtShippingPhone, txtShippingState, txtShippingCity, txtShippingPostalCode, txtPaymentFirstName, txtPaymentLastName,
txtPaymentAddress1, txtPaymentPhone, txtPaymentState, txtPaymentCity, txtPaymentPostalCode;
if checkRequiredPostrequiredField {
errorMessage = Input not complete; }
cartContent = getCartContent; ?
style type=textcss --
.style1 {color: FFCCFF} a:link
{
color: FFFFFF;
Universitas Sumatera Utara
} --
style table width=550 border=0 align=center cellpadding=10 cellspacing=0
tr tdspan class=style1Step 2 Of 3 : Confirm Order spantd
tr table
p id=errorMessage?php echo errorMessage; ?p form action=?php echo _SERVER[PHP_SELF]; ??step=3 method=post
name=frmCheckout id=frmCheckout ?php
if _POST[optPayment] == paypal {
? table width=550 border=0 align=center cellpadding=10 cellspacing=0
tr td align=centerstrong:: IMPORTANT NOTE :: strongtd
tr tr
tdpBefore clicking the quot;Confirm Orderquot; button open a new browser window and go to a href=https:developer.paypal.com
target=_blankhttps:developer.paypal.coma then login using this username and password :br
Email : armanpiphpwebcommerce.combr Password : phpwebcobr
br After you click on the quot;Confirm Orderquot; button below
you will be redirected to paypal website. On the paypal checkout page use these info to login and complete the checkout process
:br Email : testmephpwebcommerce.com br
Password : phpwebco p pBy the way, please dont change the password or delete the
test email okay :-ptd tr
table pnbsp;p
?php }
? table width=550 border=0 align=center cellpadding=5 cellspacing=1
class=infoTable tr class=infoTableHeader
td colspan=3Ordered Itemtd tr
Universitas Sumatera Utara
tr class=label tdItemtd
tdUnit Pricetd tdTotaltd
tr ?php
numItem = countcartContent; subTotal = 0;
for i = 0; i numItem; i++ {
extractcartContent[i]; subTotal += pd_price ct_qty;
? tr class=content
td class=content?php echo ct_qty x pd_name; ?td td align=right?php echo displayAmountpd_price; ?td
td align=right?php echo displayAmountct_qty pd_price; ?td tr
?php }
? tr class=content
td colspan=2 align=rightSub-totaltd td align=right?php echo displayAmountsubTotal; ?td
tr tr class=content
td colspan=2 align=rightShippingtd td align=right?php echo displayAmountshopConfig[shippingCost];
?td tr
tr class=content td colspan=2 align=rightTotaltd
td align=right?php echo displayAmountshopConfig[shippingCost] + subTotal; ?td
tr table
pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1
class=infoTable tr class=infoTableHeader
td colspan=2Shipping Informationtd tr
tr td width=150 class=labelFirst Nametd
td class=content?php echo _POST[txtShippingFirstName]; ?
Universitas Sumatera Utara
input name=hidShippingFirstName type=hidden id=hidShippingFirstName value=?php echo _POST[txtShippingFirstName]; ?td
tr tr
td width=150 class=labelLast Nametd td class=content?php echo _POST[txtShippingLastName]; ?
input name=hidShippingLastName type=hidden id=hidShippingLastName value=?php echo _POST[txtShippingLastName]; ?td
tr tr
td width=150 class=labelAddress1td td class=content?php echo _POST[txtShippingAddress1]; ?
input name=hidShippingAddress1 type=hidden id=hidShippingAddress1 value=?php echo _POST[txtShippingAddress1]; ?td
tr tr
td width=150 class=labelAddress2td td class=content?php echo _POST[txtShippingAddress2]; ?
input name=hidShippingAddress2 type=hidden id=hidShippingAddress2 value=?php echo _POST[txtShippingAddress2]; ?td
tr tr
td width=150 class=labelPhone Numbertd td class=content?php echo _POST[txtShippingPhone]; ?
input name=hidShippingPhone type=hidden id=hidShippingPhone value=?php echo _POST[txtShippingPhone]; ?td
tr tr
td width=150 class=labelProvince Statetd td class=content?php echo _POST[txtShippingState]; ? input
name=hidShippingState type=hidden id=hidShippingState value=?php echo _POST[txtShippingState]; ? td
tr tr
td width=150 class=labelCitytd td class=content?php echo _POST[txtShippingCity]; ?
input name=hidShippingCity type=hidden id=hidShippingCity value=?php echo _POST[txtShippingCity]; ? td
tr tr
td width=150 class=labelPostal Codetd td class=content?php echo _POST[txtShippingPostalCode]; ?
input name=hidShippingPostalCode type=hidden id=hidShippingPostalCode value=?php echo _POST[txtShippingPostalCode]; ?td
tr table
Universitas Sumatera Utara
pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1
class=infoTable tr class=infoTableHeader
td colspan=2Payment Informationtd tr
tr td width=150 class=labelFirst Nametd
td class=content?php echo _POST[txtPaymentFirstName]; ? input name=hidPaymentFirstName type=hidden id=hidPaymentFirstName
value=?php echo _POST[txtPaymentFirstName]; ?td tr
tr td width=150 class=labelLast Nametd
td class=content?php echo _POST[txtPaymentLastName]; ? input name=hidPaymentLastName type=hidden id=hidPaymentLastName
value=?php echo _POST[txtPaymentLastName]; ?td tr
tr td width=150 class=labelAddress1td
td class=content?php echo _POST[txtPaymentAddress1]; ? input name=hidPaymentAddress1 type=hidden id=hidPaymentAddress1
value=?php echo _POST[txtPaymentAddress1]; ?td tr
tr td width=150 class=labelAddress2td
td class=content?php echo _POST[txtPaymentAddress2]; ? input name=hidPaymentAddress2 type=hidden id=hidPaymentAddress2 value=?php
echo _POST[txtPaymentAddress2]; ? td
tr tr
td width=150 class=labelPhone Numbertd td class=content?php echo _POST[txtPaymentPhone]; ? input
name=hidPaymentPhone type=hidden id=hidPaymentPhone value=?php echo _POST[txtPaymentPhone]; ?td
tr tr
td width=150 class=labelProvince Statetd td class=content?php echo _POST[txtPaymentState]; ? input
name=hidPaymentState type=hidden id=hidPaymentState value=?php echo _POST[txtPaymentState]; ? td
tr tr
td width=150 class=labelCitytd td class=content?php echo _POST[txtPaymentCity]; ?
Universitas Sumatera Utara
input name=hidPaymentCity type=hidden id=hidPaymentCity value=?php echo _POST[txtPaymentCity]; ?td
tr tr
td width=150 class=labelPostal Codetd td class=content?php echo _POST[txtPaymentPostalCode]; ?
input name=hidPaymentPostalCode type=hidden id=hidPaymentPostalCode value=?php echo _POST[txtPaymentPostalCode]; ?td
tr table
pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1
class=infoTable tr
td width=150 class=infoTableHeaderPayment Method td td class=content?php echo _POST[optPayment] == paypal ? Paypal :
Cash on Delivery; ? input name=hidPaymentMethod type=hidden id=hidPaymentMethod
value=?php echo _POST[optPayment]; ? tr
table pnbsp;p
p align=center input name=btnBack type=button id=btnBack value=lt;lt; Modify
ShippingPayment Info onClick=window.location.href=checkout.php?step=1; style=background:urlimagessubmit.gif
nbsp;nbsp; input name=btnConfirm type=submit id=btnConfirm value=Confirm Order
gt;gt; style=background:urlimagessubmit.gif form
pnbsp;p 27. Processuser . php
?php require_once ....libraryconfig.php;
require_once ..libraryfunctions.php; checkUser;
action = isset_GET[action] ? _GET[action] : ; switch action
{
case add : addUser;
break;
Universitas Sumatera Utara
case modify : modifyUser;
break; case delete :
deleteUser; break;
default : if action is not defined or unknown
move to main user page headerLocation: index.php;
} function addUser
{ userName = _POST[txtUserName];
password = _POST[txtPassword]; the password must be at least 6 characters long and is
a mix of alphabet numbers ifstrlenpassword 6 || preg_match[a-z]i, password ||
preg_match[0-9], password {
bad password }
check if the username is taken sql = SELECT user_name
FROM tbl_user WHERE user_name = userName;
result = dbQuerysql; if dbNumRowsresult == 1
{ headerLocation: index.php?view=adderror= . urlencodeUsername already taken.
Choose another one;
} else {
sql = INSERT INTO tbl_user user_name, user_password, user_regdate VALUES userName, PASSWORDpassword, NOW;
dbQuerysql; headerLocation: index.php;
} }
Modify a user function modifyUser
{
Universitas Sumatera Utara
userId = int_POST[hidUserId]; password = _POST[txtPassword];
sql = UPDATE tbl_user SET user_password = PASSWORDpassword
WHERE user_id = userId; dbQuerysql;
headerLocation: index.php; }
Remove a user function deleteUser
{
if isset_GET[userId] int_GET[userId] 0 {
userId = int_GET[userId]; } else
{ headerLocation: index.php;
} sql = DELETE FROM tbl_user
WHERE user_id = userId; dbQuerysql;
headerLocation: index.php; }
? 28. changepass . php
?php index.php
Main user page after login require_once libconfig.php;
require_once libfunctions.php; require_once libopendb.php;
require_once libcheckUser.php; errorMessage = ;
if isset_POST[btnModify] {
userId = _SESSION[userId]; oldPassword = _POST[txtOldPassword];
Universitas Sumatera Utara
newPassword = _POST[txtNewPassword1]; sql = SELECT userId FROM tbl_user WHERE userId = userId AND password =
PASSWORDoldPassword; result = mysql_querysql or diemysql_error;
if mysql_num_rowsresult = 1 {
errorMessage = Old password is incorrect; } else
{ sql = UPDATE tbl_user
SET password = PASSWORDnewPassword WHERE userId = userId;
mysql_querysql or dieModify failed. . mysql_error; headerLocation: index.php;
exit; }}
pageTitle = Change Password; require_once libheader1.php;
? p align=centerstrongfont color=660000?php echo errorMessage;
?fontstrongp form action=?php echo _SERVER[....plaincart1adminuserREQUEST_URI];
? method=post name=frmPassword id=frmPassword table width=550 border=0 align=center cellpadding=2 cellspacing=1
class=whiteTable tr
td width=150 align=left valign=topOld Passwordtd td width=10 align=left valign=top:td
td align=left valign=top input name=txtOldPassword type=password class=box id=txtOldPassword
size=20 maxlength=20td tr
tr td width=150 align=left valign=topNew Passwordtd
td width=10 align=left valign=top:td td align=left valign=topinput name=txtNewPassword1 type=password
class=box id=txtNewPassword1 size=20 maxlength=20td tr
tr td width=150 align=left valign=topRepeat New Passwordtd
td width=10 align=left valign=top:td td align=left valign=top
input name=txtNewPassword2 type=password class=box id=txtNewPassword2 size=20 maxlength=20
small smalltd
Universitas Sumatera Utara
tr tr
td width=150nbsp;td td width=10nbsp;td
tdnbsp;td tr
tr td colspan=3div align=center
input name=btnModify type=submit class=bluebox id=btnModify value=Submit onClick=return checkPassword;
nbsp;nbsp; input name=btnCancel type=button class=bluebox id=btnCancel
onClick=window.location.href=listUser.php; value=Cancel divtd
tr tr
td colspan=3nbsp;td tr
table form
script language=JavaScript type=textjavascript function checkPassword
{
theForm = window.document.frmPassword; if theForm.txtOldPassword.value ==
{ alertEnter current password;
theForm.txtOldPassword.focus; return false;
} else if theForm.txtNewPassword1.value == {
alertEnter new password; theForm.txtNewPassword1.focus;
return false; } else if theForm.txtNewPassword2.value ==
{ alertRepeat new password;
theForm.txtNewPassword2.focus; return false;
} else if theForm.txtNewPassword1.value = theForm.txtNewPassword2.value {
alertNew password don\t match; theForm.txtNewPassword2.focus;
return false; } else
Universitas Sumatera Utara
{ return true;
}} script
?php require_once libfooter1.php;
? 29. Processproduct . php
?php require_once ....libraryconfig.php;
require_once ..libraryfunctions.php; checkUser;
action = isset_GET[action] ? _GET[action] : ; switch action
{
case addProduct : addProduct;
break; case modifyProduct :
modifyProduct; break;
case deleteProduct : deleteProduct;
break; case deleteImage :
deleteImage; break;
default : if action is not defined or unknown
move to main product page headerLocation: index.php;
} function addProduct
{ catId = _POST[cboCategory];
name = _POST[txtName]; description = _POST[mtxDescription];
price = str_replace,, , double_POST[txtPrice];
qty = int_POST[txtQty]; images = uploadProductImagefleImage, SRV_ROOT . imagesproduct;
Universitas Sumatera Utara
mainImage = images[image]; thumbnail = images[thumbnail];
sql = INSERT INTO tbl_product cat_id, pd_name, pd_description, pd_price, pd_qty, pd_image, pd_thumbnail, pd_date
VALUES catId, name, description, price, qty, mainImage, thumbnail, NOW;
result = dbQuerysql; headerLocation: index.php?catId=catId;
} Upload an image and return the uploaded image name
function uploadProductImageinputName, uploadDir {
image = _FILES[inputName]; imagePath = ;
thumbnailPath = ; if a file is given
if trimimage[tmp_name] = {
ext = substrstrrchrimage[name], ., 1; extensions[image[type]];
generate a random new file name to avoid name conflict imagePath = md5rand time . .ext;
listwidth, height, type, attr = getimagesizeimage[tmp_name]; make sure the image width does not exceed the
maximum allowed width if LIMIT_PRODUCT_WIDTH width
MAX_PRODUCT_IMAGE_WIDTH {
result = createThumbnailimage[tmp_name], uploadDir . imagePath, MAX_PRODUCT_IMAGE_WIDTH;
imagePath = result; } else
{
result = move_uploaded_fileimage[tmp_name], uploadDir . imagePath; }
if result {
create thumbnail thumbnailPath = md5rand time . .ext;
result = createThumbnailuploadDir . imagePath, uploadDir . thumbnailPath, THUMBNAIL_WIDTH;
create thumbnail failed, delete the image if result
Universitas Sumatera Utara
{ unlinkuploadDir . imagePath;
imagePath = thumbnailPath = ; } else
{ thumbnailPath = result;
} } else
{ the product cannot be upload resized
imagePath = thumbnailPath = ; }}
return arrayimage = imagePath, thumbnail = thumbnailPath; }
Modify a product function modifyProduct
{
productId = int_GET[productId]; catId = _POST[cboCategory];
name = _POST[txtName]; description = _POST[mtxDescription];
price = str_replace,, , _POST[txtPrice]; qty = _POST[txtQty];
images = uploadProductImagefleImage, SRV_ROOT . imagesproduct; mainImage = images[image];
thumbnail = images[thumbnail]; if uploading a new image
remove old image if mainImage =
{ _deleteImageproductId;
mainImage = mainImage; thumbnail = thumbnail;
} else {
if were not updating the image make sure the old path remain the same
in the database mainImage = pd_image;
thumbnail = pd_thumbnail; }
sql = UPDATE tbl_product
Universitas Sumatera Utara
SET cat_id = catId, pd_name = name, pd_description = description, pd_price = price,
pd_qty = qty, pd_image = mainImage, pd_thumbnail = thumbnail WHERE pd_id = productId;
result = dbQuerysql; headerLocation: index.php;
} Remove a product
function deleteProduct {
if isset_GET[productId] int_GET[productId] 0 { productId = int_GET[productId];
} else {
headerLocation: index.php; }
remove any references to this product from tbl_order_item and tbl_cart
sql = DELETE FROM tbl_order_item WHERE pd_id = productId;
dbQuerysql; sql = DELETE FROM tbl_cart
WHERE pd_id = productId; dbQuerysql;
get the image name and thumbnail sql = SELECT pd_image, pd_thumbnail
FROM tbl_product WHERE pd_id = productId;
result = dbQuerysql; row = dbFetchAssocresult;
remove the product image and thumbnail if row[pd_image]
{ unlinkSRV_ROOT . imagesproduct . row[pd_image];
unlinkSRV_ROOT . imagesproduct . row[pd_thumbnail]; }
remove the product from database; sql = DELETE FROM tbl_product
WHERE pd_id = productId; dbQuerysql;
headerLocation: index.php?catId= . _GET[catId]; }
Universitas Sumatera Utara
Remove a product image function deleteImage
{
if isset_GET[productId] int_GET[productId] 0 {
productId = int_GET[productId]; } else
{ headerLocation: index.php;
} deleted = _deleteImageproductId;
update the image and thumbnail name in the database sql = UPDATE tbl_product
SET pd_image = , pd_thumbnail = WHERE pd_id = productId;
dbQuerysql; headerLocation: index.php?view=modifyproductId=productId;
} function _deleteImageproductId
{ we will return the status
whether the image deleted successfully
deleted = false; sql = SELECT pd_image, pd_thumbnail
FROM tbl_product WHERE pd_id = productId;
result = dbQuerysql or dieCannot delete product image. . mysql_error; if dbNumRowsresult
{ row = dbFetchAssocresult;
extractrow; if pd_image pd_thumbnail
{ remove the image file
deleted = unlinkSRV_ROOT . imagesproductpd_image; deleted = unlinkSRV_ROOT . imagesproductpd_thumbnail;
}} return deleted;
} ?
30. Processorder.php
Universitas Sumatera Utara
?php require_once ....libraryconfig.php;
require_once ..libraryfunctions.php; checkUser;
action = isset_GET[action] ? _GET[action] : ; switch action
{ case modify :
modifyOrder; break;
default : if action is not defined or unknown
move to main category page headerLocation: index.php;
} function modifyOrder
{
if isset_GET[oid] || int_GET[oid] = 0 || isset_GET[status] || _GET[status] == {
headerLocation: index.php; }
orderId = int_GET[oid]; status = _GET[status];
sql = UPDATE tbl_order SET od_status = status, od_last_update = NOW
WHERE od_id = orderId; result = dbQuerysql;
headerLocation: index.php?view=liststatus=status; }
? 31. Detail.php
?php if definedWEB_ROOT
{
exit; }
if isset_GET[oid] || int_GET[oid] = 0 {
headerLocation: index.php; }
orderId = int_GET[oid]; get ordered items
Universitas Sumatera Utara
sql = SELECT pd_name, pd_price, od_qty FROM tbl_order_item oi, tbl_product p
WHERE oi.pd_id = p.pd_id and oi.od_id = orderId ORDER BY od_id ASC;
result = dbQuerysql; orderedItem = array;
while row = dbFetchAssocresult {
orderedItem[] = row; }
get order information sql = SELECT od_date, od_last_update, od_status, od_shipping_first_name,
od_shipping_last_name, od_shipping_address1, od_shipping_address2, od_shipping_phone, od_shipping_state, od_shipping_city,
od_shipping_postal_code, od_shipping_cost, od_payment_first_name, od_payment_last_name, od_payment_address1, od_payment_address2,
od_payment_phone, od_payment_state, od_payment_city , od_payment_postal_code, od_memo
FROM tbl_order WHERE od_id = orderId;
result = dbQuerysql; extractdbFetchAssocresult;
orderStatus = arrayNew, Paid, Shipped, Completed, Cancelled; orderOption = ;
foreach orderStatus as status {
orderOption .= option value=\status\; if status == od_status
{ orderOption .= selected;
} orderOption .= statusoption\r\n;
} ?
pnbsp;p form action= method=get name=frmOrder id=frmOrder
table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=detailTable
tr td colspan=2 align=center id=infoTableHeaderOrder Detailtd
tr tr
td width=150 class=labelOrder Numbertd td class=content?php echo orderId; ?td
tr tr
Universitas Sumatera Utara
td width=150 class=labelOrder Datetd td class=content?php echo od_date; ?td
tr tr
td width=150 class=labelLast Updatetd td class=content?php echo od_last_update; ?td
tr tr
td class=labelStatustd td class=content select name=cboOrderStatus id=cboOrderStatus
class=box ?php echo orderOption; ? select input name=btnModify type=button
id=btnModify value=Modify Status class=box onClick=modifyOrderStatus?php echo orderId; ?;td
tr table
form pnbsp;p
table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=detailTable
tr id=infoTableHeader td colspan=3Ordered Itemtd
tr tr align=center class=label
tdItemtd tdUnit Pricetd
tdTotaltd tr
?php numItem = countorderedItem;
subTotal = 0; for i = 0; i numItem; i++
{
extractorderedItem[i]; subTotal += pd_price od_qty;
? tr class=content
td?php echo od_qty X pd_name; ?td td align=right?php echo displayAmountpd_price; ?td
td align=right?php echo displayAmountod_qty pd_price; ?td tr
?php }
? tr class=content
td colspan=2 align=rightSub-totaltd
Universitas Sumatera Utara
td align=right?php echo displayAmountsubTotal; ?td tr
tr class=content td colspan=2 align=rightShippingtd
td align=right?php echo displayAmountod_shipping_cost; ?td tr
tr class=content td colspan=2 align=rightTotaltd
td align=right?php echo displayAmountod_shipping_cost + subTotal; ?td
tr table
pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1
class=detailTable tr id=infoTableHeader
td colspan=2Shipping Informationtd tr
tr td width=150 class=labelFirst Nametd
td class=content?php echo od_shipping_first_name; ? td tr
tr td width=150 class=labelLast Nametd
td class=content?php echo od_shipping_last_name; ? td tr
tr td width=150 class=labelAddress1td
td class=content?php echo od_shipping_address1; ? td tr
tr td width=150 class=labelAddress2td
td class=content?php echo od_shipping_address2; ? td tr
tr td width=150 class=labelPhone Numbertd
td class=content?php echo od_shipping_phone; ? td tr
tr td width=150 class=labelProvince Statetd
td class=content?php echo od_shipping_state; ? td tr
tr td width=150 class=labelCitytd
td class=content?php echo od_shipping_city; ? td tr
Universitas Sumatera Utara
tr td width=150 class=labelPostal Codetd
td class=content?php echo od_shipping_postal_code; ? td tr
table pnbsp;p
table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=detailTable
tr id=infoTableHeader td colspan=2Payment Informationtd
tr tr
td width=150 class=labelFirst Nametd td class=content?php echo od_payment_first_name; ? td
tr tr
td width=150 class=labelLast Nametd td class=content?php echo od_payment_last_name; ? td
tr tr
td width=150 class=labelAddress1td td class=content?php echo od_payment_address1; ? td
tr tr
td width=150 class=labelAddress2td td class=content?php echo od_payment_address2; ? td
tr tr
td width=150 class=labelPhone Numbertd td class=content?php echo od_payment_phone; ? td
tr tr
td width=150 class=labelProvince Statetd td class=content?php echo od_payment_state; ? td
tr tr
td width=150 class=labelCitytd td class=content?php echo od_payment_city; ? td
tr tr
td width=150 class=labelPostal Codetd td class=content?php echo od_payment_postal_code; ? td
tr table
pnbsp;p
Universitas Sumatera Utara
table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=detailTable
tr id=infoTableHeader td colspan=2Buyers Memotd
tr tr
td colspan=2 class=label?php echo nl2brod_memo; ? td tr
table pnbsp;p
p align=center input name=btnBack type=button id=btnBack value=Back class=box
onClick=window.history.back; p
pnbsp;p pnbsp;p
32. Functions . php ?php