location.href=..home.php?name=includecontact.php; alert Nama atau Email Anda tidak lengkap.; script ?php } ? 26. Checkoutconfirmation . php ?php Line 1 : Make sure this file is included instead of requested directly Line 2 : Check if step is defined and the value is two Line 3 : The POST request must come from this page but the value of step is one if definedWEB_ROOT || isset_GET[step] || int_GET[step] = 2 || _SERVER[HTTP_REFERER] = http: . _SERVER[HTTP_HOST] . _SERVER[PHP_SELF] . ?step=1 { exit; } errorMessage = nbsp;; Make sure all the required field exist is _POST and the value is not empty Note: txtShippingAddress2 and txtPaymentAddress2 are optional requiredField = arraytxtShippingFirstName, txtShippingLastName, txtShippingAddress1,txtShippingPhone, txtShippingState, txtShippingCity, txtShippingPostalCode, txtPaymentFirstName, txtPaymentLastName, txtPaymentAddress1, txtPaymentPhone, txtPaymentState, txtPaymentCity, txtPaymentPostalCode; if checkRequiredPostrequiredField { errorMessage = Input not complete; } cartContent = getCartContent; ? style type=textcss -- .style1 {color: FFCCFF} a:link { color: FFFFFF; Universitas Sumatera Utara } -- style table width=550 border=0 align=center cellpadding=10 cellspacing=0 tr tdspan class=style1Step 2 Of 3 : Confirm Order spantd tr table p id=errorMessage?php echo errorMessage; ?p form action=?php echo _SERVER[PHP_SELF]; ??step=3 method=post name=frmCheckout id=frmCheckout ?php if _POST[optPayment] == paypal { ? table width=550 border=0 align=center cellpadding=10 cellspacing=0 tr td align=centerstrong:: IMPORTANT NOTE :: strongtd tr tr tdpBefore clicking the quot;Confirm Orderquot; button open a new browser window and go to a href=https:developer.paypal.com target=_blankhttps:developer.paypal.coma then login using this username and password :br Email : armanpiphpwebcommerce.combr Password : phpwebcobr br After you click on the quot;Confirm Orderquot; button below you will be redirected to paypal website. On the paypal checkout page use these info to login and complete the checkout process :br Email : testmephpwebcommerce.com br Password : phpwebco p pBy the way, please dont change the password or delete the test email okay :-ptd tr table pnbsp;p ?php } ? table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=infoTable tr class=infoTableHeader td colspan=3Ordered Itemtd tr Universitas Sumatera Utara tr class=label tdItemtd tdUnit Pricetd tdTotaltd tr ?php numItem = countcartContent; subTotal = 0; for i = 0; i numItem; i++ { extractcartContent[i]; subTotal += pd_price ct_qty; ? tr class=content td class=content?php echo ct_qty x pd_name; ?td td align=right?php echo displayAmountpd_price; ?td td align=right?php echo displayAmountct_qty pd_price; ?td tr ?php } ? tr class=content td colspan=2 align=rightSub-totaltd td align=right?php echo displayAmountsubTotal; ?td tr tr class=content td colspan=2 align=rightShippingtd td align=right?php echo displayAmountshopConfig[shippingCost]; ?td tr tr class=content td colspan=2 align=rightTotaltd td align=right?php echo displayAmountshopConfig[shippingCost] + subTotal; ?td tr table pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=infoTable tr class=infoTableHeader td colspan=2Shipping Informationtd tr tr td width=150 class=labelFirst Nametd td class=content?php echo _POST[txtShippingFirstName]; ? Universitas Sumatera Utara input name=hidShippingFirstName type=hidden id=hidShippingFirstName value=?php echo _POST[txtShippingFirstName]; ?td tr tr td width=150 class=labelLast Nametd td class=content?php echo _POST[txtShippingLastName]; ? input name=hidShippingLastName type=hidden id=hidShippingLastName value=?php echo _POST[txtShippingLastName]; ?td tr tr td width=150 class=labelAddress1td td class=content?php echo _POST[txtShippingAddress1]; ? input name=hidShippingAddress1 type=hidden id=hidShippingAddress1 value=?php echo _POST[txtShippingAddress1]; ?td tr tr td width=150 class=labelAddress2td td class=content?php echo _POST[txtShippingAddress2]; ? input name=hidShippingAddress2 type=hidden id=hidShippingAddress2 value=?php echo _POST[txtShippingAddress2]; ?td tr tr td width=150 class=labelPhone Numbertd td class=content?php echo _POST[txtShippingPhone]; ? input name=hidShippingPhone type=hidden id=hidShippingPhone value=?php echo _POST[txtShippingPhone]; ?td tr tr td width=150 class=labelProvince Statetd td class=content?php echo _POST[txtShippingState]; ? input name=hidShippingState type=hidden id=hidShippingState value=?php echo _POST[txtShippingState]; ? td tr tr td width=150 class=labelCitytd td class=content?php echo _POST[txtShippingCity]; ? input name=hidShippingCity type=hidden id=hidShippingCity value=?php echo _POST[txtShippingCity]; ? td tr tr td width=150 class=labelPostal Codetd td class=content?php echo _POST[txtShippingPostalCode]; ? input name=hidShippingPostalCode type=hidden id=hidShippingPostalCode value=?php echo _POST[txtShippingPostalCode]; ?td tr table Universitas Sumatera Utara pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=infoTable tr class=infoTableHeader td colspan=2Payment Informationtd tr tr td width=150 class=labelFirst Nametd td class=content?php echo _POST[txtPaymentFirstName]; ? input name=hidPaymentFirstName type=hidden id=hidPaymentFirstName value=?php echo _POST[txtPaymentFirstName]; ?td tr tr td width=150 class=labelLast Nametd td class=content?php echo _POST[txtPaymentLastName]; ? input name=hidPaymentLastName type=hidden id=hidPaymentLastName value=?php echo _POST[txtPaymentLastName]; ?td tr tr td width=150 class=labelAddress1td td class=content?php echo _POST[txtPaymentAddress1]; ? input name=hidPaymentAddress1 type=hidden id=hidPaymentAddress1 value=?php echo _POST[txtPaymentAddress1]; ?td tr tr td width=150 class=labelAddress2td td class=content?php echo _POST[txtPaymentAddress2]; ? input name=hidPaymentAddress2 type=hidden id=hidPaymentAddress2 value=?php echo _POST[txtPaymentAddress2]; ? td tr tr td width=150 class=labelPhone Numbertd td class=content?php echo _POST[txtPaymentPhone]; ? input name=hidPaymentPhone type=hidden id=hidPaymentPhone value=?php echo _POST[txtPaymentPhone]; ?td tr tr td width=150 class=labelProvince Statetd td class=content?php echo _POST[txtPaymentState]; ? input name=hidPaymentState type=hidden id=hidPaymentState value=?php echo _POST[txtPaymentState]; ? td tr tr td width=150 class=labelCitytd td class=content?php echo _POST[txtPaymentCity]; ? Universitas Sumatera Utara input name=hidPaymentCity type=hidden id=hidPaymentCity value=?php echo _POST[txtPaymentCity]; ?td tr tr td width=150 class=labelPostal Codetd td class=content?php echo _POST[txtPaymentPostalCode]; ? input name=hidPaymentPostalCode type=hidden id=hidPaymentPostalCode value=?php echo _POST[txtPaymentPostalCode]; ?td tr table pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=infoTable tr td width=150 class=infoTableHeaderPayment Method td td class=content?php echo _POST[optPayment] == paypal ? Paypal : Cash on Delivery; ? input name=hidPaymentMethod type=hidden id=hidPaymentMethod value=?php echo _POST[optPayment]; ? tr table pnbsp;p p align=center input name=btnBack type=button id=btnBack value=lt;lt; Modify ShippingPayment Info onClick=window.location.href=checkout.php?step=1; style=background:urlimagessubmit.gif nbsp;nbsp; input name=btnConfirm type=submit id=btnConfirm value=Confirm Order gt;gt; style=background:urlimagessubmit.gif form pnbsp;p 27. Processuser . php ?php require_once ....libraryconfig.php; require_once ..libraryfunctions.php; checkUser; action = isset_GET[action] ? _GET[action] : ; switch action { case add : addUser; break; Universitas Sumatera Utara case modify : modifyUser; break; case delete : deleteUser; break; default : if action is not defined or unknown move to main user page headerLocation: index.php; } function addUser { userName = _POST[txtUserName]; password = _POST[txtPassword]; the password must be at least 6 characters long and is a mix of alphabet numbers ifstrlenpassword 6 || preg_match[a-z]i, password || preg_match[0-9], password { bad password } check if the username is taken sql = SELECT user_name FROM tbl_user WHERE user_name = userName; result = dbQuerysql; if dbNumRowsresult == 1 { headerLocation: index.php?view=adderror= . urlencodeUsername already taken. Choose another one; } else { sql = INSERT INTO tbl_user user_name, user_password, user_regdate VALUES userName, PASSWORDpassword, NOW; dbQuerysql; headerLocation: index.php; } } Modify a user function modifyUser { Universitas Sumatera Utara userId = int_POST[hidUserId]; password = _POST[txtPassword]; sql = UPDATE tbl_user SET user_password = PASSWORDpassword WHERE user_id = userId; dbQuerysql; headerLocation: index.php; } Remove a user function deleteUser { if isset_GET[userId] int_GET[userId] 0 { userId = int_GET[userId]; } else { headerLocation: index.php; } sql = DELETE FROM tbl_user WHERE user_id = userId; dbQuerysql; headerLocation: index.php; } ? 28. changepass . php ?php index.php Main user page after login require_once libconfig.php; require_once libfunctions.php; require_once libopendb.php; require_once libcheckUser.php; errorMessage = ; if isset_POST[btnModify] { userId = _SESSION[userId]; oldPassword = _POST[txtOldPassword]; Universitas Sumatera Utara newPassword = _POST[txtNewPassword1]; sql = SELECT userId FROM tbl_user WHERE userId = userId AND password = PASSWORDoldPassword; result = mysql_querysql or diemysql_error; if mysql_num_rowsresult = 1 { errorMessage = Old password is incorrect; } else { sql = UPDATE tbl_user SET password = PASSWORDnewPassword WHERE userId = userId; mysql_querysql or dieModify failed. . mysql_error; headerLocation: index.php; exit; }} pageTitle = Change Password; require_once libheader1.php; ? p align=centerstrongfont color=660000?php echo errorMessage; ?fontstrongp form action=?php echo _SERVER[....plaincart1adminuserREQUEST_URI]; ? method=post name=frmPassword id=frmPassword table width=550 border=0 align=center cellpadding=2 cellspacing=1 class=whiteTable tr td width=150 align=left valign=topOld Passwordtd td width=10 align=left valign=top:td td align=left valign=top input name=txtOldPassword type=password class=box id=txtOldPassword size=20 maxlength=20td tr tr td width=150 align=left valign=topNew Passwordtd td width=10 align=left valign=top:td td align=left valign=topinput name=txtNewPassword1 type=password class=box id=txtNewPassword1 size=20 maxlength=20td tr tr td width=150 align=left valign=topRepeat New Passwordtd td width=10 align=left valign=top:td td align=left valign=top input name=txtNewPassword2 type=password class=box id=txtNewPassword2 size=20 maxlength=20 small smalltd Universitas Sumatera Utara tr tr td width=150nbsp;td td width=10nbsp;td tdnbsp;td tr tr td colspan=3div align=center input name=btnModify type=submit class=bluebox id=btnModify value=Submit onClick=return checkPassword; nbsp;nbsp; input name=btnCancel type=button class=bluebox id=btnCancel onClick=window.location.href=listUser.php; value=Cancel divtd tr tr td colspan=3nbsp;td tr table form script language=JavaScript type=textjavascript function checkPassword { theForm = window.document.frmPassword; if theForm.txtOldPassword.value == { alertEnter current password; theForm.txtOldPassword.focus; return false; } else if theForm.txtNewPassword1.value == { alertEnter new password; theForm.txtNewPassword1.focus; return false; } else if theForm.txtNewPassword2.value == { alertRepeat new password; theForm.txtNewPassword2.focus; return false; } else if theForm.txtNewPassword1.value = theForm.txtNewPassword2.value { alertNew password don\t match; theForm.txtNewPassword2.focus; return false; } else Universitas Sumatera Utara { return true; }} script ?php require_once libfooter1.php; ? 29. Processproduct . php ?php require_once ....libraryconfig.php; require_once ..libraryfunctions.php; checkUser; action = isset_GET[action] ? _GET[action] : ; switch action { case addProduct : addProduct; break; case modifyProduct : modifyProduct; break; case deleteProduct : deleteProduct; break; case deleteImage : deleteImage; break; default : if action is not defined or unknown move to main product page headerLocation: index.php; } function addProduct { catId = _POST[cboCategory]; name = _POST[txtName]; description = _POST[mtxDescription]; price = str_replace,, , double_POST[txtPrice]; qty = int_POST[txtQty]; images = uploadProductImagefleImage, SRV_ROOT . imagesproduct; Universitas Sumatera Utara mainImage = images[image]; thumbnail = images[thumbnail]; sql = INSERT INTO tbl_product cat_id, pd_name, pd_description, pd_price, pd_qty, pd_image, pd_thumbnail, pd_date VALUES catId, name, description, price, qty, mainImage, thumbnail, NOW; result = dbQuerysql; headerLocation: index.php?catId=catId; } Upload an image and return the uploaded image name function uploadProductImageinputName, uploadDir { image = _FILES[inputName]; imagePath = ; thumbnailPath = ; if a file is given if trimimage[tmp_name] = { ext = substrstrrchrimage[name], ., 1; extensions[image[type]]; generate a random new file name to avoid name conflict imagePath = md5rand time . .ext; listwidth, height, type, attr = getimagesizeimage[tmp_name]; make sure the image width does not exceed the maximum allowed width if LIMIT_PRODUCT_WIDTH width MAX_PRODUCT_IMAGE_WIDTH { result = createThumbnailimage[tmp_name], uploadDir . imagePath, MAX_PRODUCT_IMAGE_WIDTH; imagePath = result; } else { result = move_uploaded_fileimage[tmp_name], uploadDir . imagePath; } if result { create thumbnail thumbnailPath = md5rand time . .ext; result = createThumbnailuploadDir . imagePath, uploadDir . thumbnailPath, THUMBNAIL_WIDTH; create thumbnail failed, delete the image if result Universitas Sumatera Utara { unlinkuploadDir . imagePath; imagePath = thumbnailPath = ; } else { thumbnailPath = result; } } else { the product cannot be upload resized imagePath = thumbnailPath = ; }} return arrayimage = imagePath, thumbnail = thumbnailPath; } Modify a product function modifyProduct { productId = int_GET[productId]; catId = _POST[cboCategory]; name = _POST[txtName]; description = _POST[mtxDescription]; price = str_replace,, , _POST[txtPrice]; qty = _POST[txtQty]; images = uploadProductImagefleImage, SRV_ROOT . imagesproduct; mainImage = images[image]; thumbnail = images[thumbnail]; if uploading a new image remove old image if mainImage = { _deleteImageproductId; mainImage = mainImage; thumbnail = thumbnail; } else { if were not updating the image make sure the old path remain the same in the database mainImage = pd_image; thumbnail = pd_thumbnail; } sql = UPDATE tbl_product Universitas Sumatera Utara SET cat_id = catId, pd_name = name, pd_description = description, pd_price = price, pd_qty = qty, pd_image = mainImage, pd_thumbnail = thumbnail WHERE pd_id = productId; result = dbQuerysql; headerLocation: index.php; } Remove a product function deleteProduct { if isset_GET[productId] int_GET[productId] 0 { productId = int_GET[productId]; } else { headerLocation: index.php; } remove any references to this product from tbl_order_item and tbl_cart sql = DELETE FROM tbl_order_item WHERE pd_id = productId; dbQuerysql; sql = DELETE FROM tbl_cart WHERE pd_id = productId; dbQuerysql; get the image name and thumbnail sql = SELECT pd_image, pd_thumbnail FROM tbl_product WHERE pd_id = productId; result = dbQuerysql; row = dbFetchAssocresult; remove the product image and thumbnail if row[pd_image] { unlinkSRV_ROOT . imagesproduct . row[pd_image]; unlinkSRV_ROOT . imagesproduct . row[pd_thumbnail]; } remove the product from database; sql = DELETE FROM tbl_product WHERE pd_id = productId; dbQuerysql; headerLocation: index.php?catId= . _GET[catId]; } Universitas Sumatera Utara Remove a product image function deleteImage { if isset_GET[productId] int_GET[productId] 0 { productId = int_GET[productId]; } else { headerLocation: index.php; } deleted = _deleteImageproductId; update the image and thumbnail name in the database sql = UPDATE tbl_product SET pd_image = , pd_thumbnail = WHERE pd_id = productId; dbQuerysql; headerLocation: index.php?view=modifyproductId=productId; } function _deleteImageproductId { we will return the status whether the image deleted successfully deleted = false; sql = SELECT pd_image, pd_thumbnail FROM tbl_product WHERE pd_id = productId; result = dbQuerysql or dieCannot delete product image. . mysql_error; if dbNumRowsresult { row = dbFetchAssocresult; extractrow; if pd_image pd_thumbnail { remove the image file deleted = unlinkSRV_ROOT . imagesproductpd_image; deleted = unlinkSRV_ROOT . imagesproductpd_thumbnail; }} return deleted; } ? 30. Processorder.php Universitas Sumatera Utara ?php require_once ....libraryconfig.php; require_once ..libraryfunctions.php; checkUser; action = isset_GET[action] ? _GET[action] : ; switch action { case modify : modifyOrder; break; default : if action is not defined or unknown move to main category page headerLocation: index.php; } function modifyOrder { if isset_GET[oid] || int_GET[oid] = 0 || isset_GET[status] || _GET[status] == { headerLocation: index.php; } orderId = int_GET[oid]; status = _GET[status]; sql = UPDATE tbl_order SET od_status = status, od_last_update = NOW WHERE od_id = orderId; result = dbQuerysql; headerLocation: index.php?view=liststatus=status; } ? 31. Detail.php ?php if definedWEB_ROOT { exit; } if isset_GET[oid] || int_GET[oid] = 0 { headerLocation: index.php; } orderId = int_GET[oid]; get ordered items Universitas Sumatera Utara sql = SELECT pd_name, pd_price, od_qty FROM tbl_order_item oi, tbl_product p WHERE oi.pd_id = p.pd_id and oi.od_id = orderId ORDER BY od_id ASC; result = dbQuerysql; orderedItem = array; while row = dbFetchAssocresult { orderedItem[] = row; } get order information sql = SELECT od_date, od_last_update, od_status, od_shipping_first_name, od_shipping_last_name, od_shipping_address1, od_shipping_address2, od_shipping_phone, od_shipping_state, od_shipping_city, od_shipping_postal_code, od_shipping_cost, od_payment_first_name, od_payment_last_name, od_payment_address1, od_payment_address2, od_payment_phone, od_payment_state, od_payment_city , od_payment_postal_code, od_memo FROM tbl_order WHERE od_id = orderId; result = dbQuerysql; extractdbFetchAssocresult; orderStatus = arrayNew, Paid, Shipped, Completed, Cancelled; orderOption = ; foreach orderStatus as status { orderOption .= option value=\status\; if status == od_status { orderOption .= selected; } orderOption .= statusoption\r\n; } ? pnbsp;p form action= method=get name=frmOrder id=frmOrder table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=detailTable tr td colspan=2 align=center id=infoTableHeaderOrder Detailtd tr tr td width=150 class=labelOrder Numbertd td class=content?php echo orderId; ?td tr tr Universitas Sumatera Utara td width=150 class=labelOrder Datetd td class=content?php echo od_date; ?td tr tr td width=150 class=labelLast Updatetd td class=content?php echo od_last_update; ?td tr tr td class=labelStatustd td class=content select name=cboOrderStatus id=cboOrderStatus class=box ?php echo orderOption; ? select input name=btnModify type=button id=btnModify value=Modify Status class=box onClick=modifyOrderStatus?php echo orderId; ?;td tr table form pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=detailTable tr id=infoTableHeader td colspan=3Ordered Itemtd tr tr align=center class=label tdItemtd tdUnit Pricetd tdTotaltd tr ?php numItem = countorderedItem; subTotal = 0; for i = 0; i numItem; i++ { extractorderedItem[i]; subTotal += pd_price od_qty; ? tr class=content td?php echo od_qty X pd_name; ?td td align=right?php echo displayAmountpd_price; ?td td align=right?php echo displayAmountod_qty pd_price; ?td tr ?php } ? tr class=content td colspan=2 align=rightSub-totaltd Universitas Sumatera Utara td align=right?php echo displayAmountsubTotal; ?td tr tr class=content td colspan=2 align=rightShippingtd td align=right?php echo displayAmountod_shipping_cost; ?td tr tr class=content td colspan=2 align=rightTotaltd td align=right?php echo displayAmountod_shipping_cost + subTotal; ?td tr table pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=detailTable tr id=infoTableHeader td colspan=2Shipping Informationtd tr tr td width=150 class=labelFirst Nametd td class=content?php echo od_shipping_first_name; ? td tr tr td width=150 class=labelLast Nametd td class=content?php echo od_shipping_last_name; ? td tr tr td width=150 class=labelAddress1td td class=content?php echo od_shipping_address1; ? td tr tr td width=150 class=labelAddress2td td class=content?php echo od_shipping_address2; ? td tr tr td width=150 class=labelPhone Numbertd td class=content?php echo od_shipping_phone; ? td tr tr td width=150 class=labelProvince Statetd td class=content?php echo od_shipping_state; ? td tr tr td width=150 class=labelCitytd td class=content?php echo od_shipping_city; ? td tr Universitas Sumatera Utara tr td width=150 class=labelPostal Codetd td class=content?php echo od_shipping_postal_code; ? td tr table pnbsp;p table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=detailTable tr id=infoTableHeader td colspan=2Payment Informationtd tr tr td width=150 class=labelFirst Nametd td class=content?php echo od_payment_first_name; ? td tr tr td width=150 class=labelLast Nametd td class=content?php echo od_payment_last_name; ? td tr tr td width=150 class=labelAddress1td td class=content?php echo od_payment_address1; ? td tr tr td width=150 class=labelAddress2td td class=content?php echo od_payment_address2; ? td tr tr td width=150 class=labelPhone Numbertd td class=content?php echo od_payment_phone; ? td tr tr td width=150 class=labelProvince Statetd td class=content?php echo od_payment_state; ? td tr tr td width=150 class=labelCitytd td class=content?php echo od_payment_city; ? td tr tr td width=150 class=labelPostal Codetd td class=content?php echo od_payment_postal_code; ? td tr table pnbsp;p Universitas Sumatera Utara table width=550 border=0 align=center cellpadding=5 cellspacing=1 class=detailTable tr id=infoTableHeader td colspan=2Buyers Memotd tr tr td colspan=2 class=label?php echo nl2brod_memo; ? td tr table pnbsp;p p align=center input name=btnBack type=button id=btnBack value=Back class=box onClick=window.history.back; p pnbsp;p pnbsp;p 32. Functions . php ?php