reptilemart
10-28-2002, 09:33 AM
Hello,
I am currently using a shopping cart system (javascript) on my website. I am having trouble at the moment in the following areas:
I cannot pass variables (cart items) from my non-secure area to my secure area. These variables are stored in cookies, but due to the change in URL's from non-secure to secure, they are unable to be retreived.
I have been told that the *.html or *.php page itself does not need to be secure, but the perl script that takes care of the send mail does. Is this true? If it is, does anyone know how to retreive these variables in the perl script and get them to send to me with the other details. All of the other details are currently getting sent, just the actual order itself is being left out.
I'll include some of the code below:
Shopping Cart JavaScript (just showing the variables)
--------------------------------
OutputItemId = 'ID_';
OutputItemQuantity = 'QUANTITY_';
OutputItemPrice = 'PRICE_';
OutputItemName = 'NAME_';
OutputItemShipping = 'SHIPPING_';
OutputItemAddtlInfo = 'ADDTLINFO_';
OutputOrderSubtotal = 'SUBTOTAL';
OutputOrderShipping = 'SHIPPING';
OutputOrderTax = 'TAX';
OutputOrderTotal = 'TOTAL';
AppendItemNumToOutput = true;
------------------------------------------------------------------
Perl checkout script (secured)
-------------------------------------
#!/usr/bin/perl
use CGI::Carp qw(fatalsToBrowser);
#=====================================================================||
# NOP Design JavaScript Shopping Cart ||
# PERL CGI Checkout Module ||
# ||
# For more information on SmartSystems, or how NOPDesign can help you ||
# Please visit us on the WWW at http://www.nopdesign.com ||
||
# JavaScript Shop Module, V.4.2.2 ||
#=====================================================================||
# ||
# Function: Writes available form elements from the NOP ||
# Free Cart (http://www.nopdesign.com/freecart) ||
# and other form elements to an email file, and ||
# send user confirmation ||
# ||
#=====================================================================||
require 5.001;
######################
# #
# User defined variables: #
# $dbFileName - string value containing the complete #
# path of the user database. #
# $header - string value containing the complete #
# path of the HTML page header #
# $footer - string value containing the complete #
# path of the HTML page footer #
######################
$header = 'header.html';
$footer = 'footer.html';
$mailprogram = "/usr/lib/sendmail -t";
$youremail = "reptilemart\@optusnet.com.au";
#These are required fields. I recommend enforcing these by javascript,
#but let's just make sure here as well.
@required = (
'b_first',
'b_last',
'b_addr',
'b_city',
'b_state',
'b_postcode',
'b_phone',
'b_email',
's_first',
's_last',
'CARDTYPE',
's_cnumber',
's_expry',
);
####################
#FUNCTION: urlDecode #
#RETURNS: The decoded string. #
#PARAMETERS: An encoded string. #
#PURPOSE: Decodes a URL encoded string. #
####################
sub urlDecode {
my ($string) = @_;
$string =~ tr/+/ /;
$string =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex($1))/eg;
$string =~ s/['"]/\'/g;
return ($string);
}
####################
#FUNCTION: processCGI #
#RETURNS: #
#PARAMETERS: #
#PURPOSE: Retrieves form data submitted via the 'GET' #
# method and decodes it. You may then access #
# the passed in variables via calls to $[name] #
# where [name] is the name of the form element. #
####################
sub processCGI {
local ($cgiData, $key, $value, $pair, @pairs);
if ($ENV{'REQUEST_METHOD'} eq 'GET') { $cgiData = $ENV{'QUERY_STRING'}; }
else { $cgiData = <STDIN>; }
@pairs = split (/&/, $cgiData);
foreach $pair (@pairs) {
($key, $value) = split (/\=/, $pair);
$key = &urlDecode($key);
$value = &urlDecode($value);
if(defined ${$key}){
${$key} .= ", ".$value;
}else{
${$key} = $value;
}
}
}
####################
#FUNCTION: doError #
#RETURNS: #
#PARAMETERS: A error message string. #
#PURPOSE: Generates an HTML page indicating an error #
# occurred. #
####################
Sub doError {
my ($errString) = @_;
print "Content-type: text/html\n\n";
open (HEAD, $header);
@LINES = <HEAD>;
close HEAD;
print @LINES;
print "$errString<BR><BR>\n";
open (FOOT, $footer);
@LINES = <FOOT>;
close FOOT;
print @LINES;
exit;
}
####################
### MAIN
####################
# process the form input.
&processCGI;
&populateDateVar;
foreach $check(@required) {
unless ($check) {
doFormError("It appears that you forgot to fill in the <strong>$check</strong> field.");
exit;
}
}
# checks for valid email address
if( &invalidE($b_email) ){
doFormError('You submitted an invalid email address.');
}
# Send email order to customer...
open (MAIL,"|$mailprogram");
print MAIL "To: $youremail\n";
print MAIL "From: $b_email\n";
print MAIL "Subject: New Online Order\n";
print MAIL "\n\n";
print MAIL "A new order has been received. A summary of this order appears below.\n";
print MAIL "\n";
print MAIL "Order Date: $months[$month] $day, $year $hour:$min:$sec \n";
print MAIL " \n";
print MAIL "Send To: \n";
print MAIL "-------- \n";
print MAIL "Name: $b_first $b_last \n";
print MAIL "Address: $b_addr \n";
print MAIL " $b_addr2 \n";
print MAIL " $b_city, $b_state $b_postcode \n";
print MAIL "Phone: $b_phone \n";
print MAIL "Fax: $b_fax \n";
print MAIL " \n";
print MAIL "Card Details: \n";
print MAIL "-------- \n";
print MAIL "First Name: $s_first \n";
print MAIL "Last Name: $s_last \n";
print MAIL "Card Type: $CARDTYPE \n";
print MAIL "Card Number: $s_cnumber \n";
print MAIL "Expiry: $s_expry \n";
print MAIL "CVV2: $s_CVV2 \n";
print MAIL " \n";
print MAIL " \n";
print MAIL "Qty Price(\$) Product ID - Product Name\n";
print MAIL "===================================================================== \n";
print MAIL "$QUANTITY_1 \$$PRICE_1 $ID_1 - $NAME_1 $ADDTLINFO_1 \n";
if( $NAME_2 ) {print MAIL "$QUANTITY_2 \$$PRICE_2 $ID_2 - $NAME_2 $ADDTLINFO_2 \n";}
if( $NAME_3 ) {print MAIL "$QUANTITY_3 \$$PRICE_3 $ID_3 - $NAME_3 $ADDTLINFO_3 \n";}
if( $NAME_4 ) {print MAIL "$QUANTITY_4 \$$PRICE_4 $ID_4 - $NAME_4 $ADDTLINFO_4 \n";}
if( $NAME_5 ) {print MAIL "$QUANTITY_5 \$$PRICE_5 $ID_5 - $NAME_5 $ADDTLINFO_5 \n";}
if( $NAME_6 ) {print MAIL "$QUANTITY_6 \$$PRICE_6 $ID_6 - $NAME_6 $ADDTLINFO_6 \n";}
if( $NAME_7 ) {print MAIL "$QUANTITY_7 \$$PRICE_7 $ID_7 - $NAME_7 $ADDTLINFO_7 \n";}
if( $NAME_8 ) {print MAIL "$QUANTITY_8 \$$PRICE_8 $ID_8 - $NAME_8 $ADDTLINFO_8 \n";}
if( $NAME_9 ) {print MAIL "$QUANTITY_9 \$$PRICE_9 $ID_9 - $NAME_9 $ADDTLINFO_9 \n";}
if( $NAME_10 ){print MAIL "$QUANTITY_10 \$$PRICE_10 $ID_10 - $NAME_10 $ADDTLINFO_10 \n";}
if( $NAME_11 ){print MAIL "$QUANTITY_11 \$$PRICE_11 $ID_11 - $NAME_11 $ADDTLINFO_11 \n";}
if( $NAME_12 ){print MAIL "$QUANTITY_12 \$$PRICE_12 $ID_12 - $NAME_12 $ADDTLINFO_12 \n";}
if( $NAME_13 ){print MAIL "$QUANTITY_13 \$$PRICE_13 $ID_13 - $NAME_13 $ADDTLINFO_13 \n";}
print MAIL "===================================================================== \n";
print MAIL "SUBTOTAL: $SUBTOTAL \n";
print MAIL "TOTAL: $TOTAL \n";
print MAIL "\n";
print MAIL "FREIGHT: $SHIPPING \n";
print MAIL "\n\n";
print MAIL "Comments: \n";
print MAIL "--------- \n";
print MAIL "$comment \n";
print MAIL " \n";
close MAIL;
print "Content-type: text/html\n\n";
exit;
----------------------------------------------------------------------------------
Sorry for all the code, just that I REALLY need help as I am supposed to be opening in 3-4 days and I can't get the damned thing working. :(
Thanks in advance, and thanks for taking the time to read all this.
Peter.
I am currently using a shopping cart system (javascript) on my website. I am having trouble at the moment in the following areas:
I cannot pass variables (cart items) from my non-secure area to my secure area. These variables are stored in cookies, but due to the change in URL's from non-secure to secure, they are unable to be retreived.
I have been told that the *.html or *.php page itself does not need to be secure, but the perl script that takes care of the send mail does. Is this true? If it is, does anyone know how to retreive these variables in the perl script and get them to send to me with the other details. All of the other details are currently getting sent, just the actual order itself is being left out.
I'll include some of the code below:
Shopping Cart JavaScript (just showing the variables)
--------------------------------
OutputItemId = 'ID_';
OutputItemQuantity = 'QUANTITY_';
OutputItemPrice = 'PRICE_';
OutputItemName = 'NAME_';
OutputItemShipping = 'SHIPPING_';
OutputItemAddtlInfo = 'ADDTLINFO_';
OutputOrderSubtotal = 'SUBTOTAL';
OutputOrderShipping = 'SHIPPING';
OutputOrderTax = 'TAX';
OutputOrderTotal = 'TOTAL';
AppendItemNumToOutput = true;
------------------------------------------------------------------
Perl checkout script (secured)
-------------------------------------
#!/usr/bin/perl
use CGI::Carp qw(fatalsToBrowser);
#=====================================================================||
# NOP Design JavaScript Shopping Cart ||
# PERL CGI Checkout Module ||
# ||
# For more information on SmartSystems, or how NOPDesign can help you ||
# Please visit us on the WWW at http://www.nopdesign.com ||
||
# JavaScript Shop Module, V.4.2.2 ||
#=====================================================================||
# ||
# Function: Writes available form elements from the NOP ||
# Free Cart (http://www.nopdesign.com/freecart) ||
# and other form elements to an email file, and ||
# send user confirmation ||
# ||
#=====================================================================||
require 5.001;
######################
# #
# User defined variables: #
# $dbFileName - string value containing the complete #
# path of the user database. #
# $header - string value containing the complete #
# path of the HTML page header #
# $footer - string value containing the complete #
# path of the HTML page footer #
######################
$header = 'header.html';
$footer = 'footer.html';
$mailprogram = "/usr/lib/sendmail -t";
$youremail = "reptilemart\@optusnet.com.au";
#These are required fields. I recommend enforcing these by javascript,
#but let's just make sure here as well.
@required = (
'b_first',
'b_last',
'b_addr',
'b_city',
'b_state',
'b_postcode',
'b_phone',
'b_email',
's_first',
's_last',
'CARDTYPE',
's_cnumber',
's_expry',
);
####################
#FUNCTION: urlDecode #
#RETURNS: The decoded string. #
#PARAMETERS: An encoded string. #
#PURPOSE: Decodes a URL encoded string. #
####################
sub urlDecode {
my ($string) = @_;
$string =~ tr/+/ /;
$string =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex($1))/eg;
$string =~ s/['"]/\'/g;
return ($string);
}
####################
#FUNCTION: processCGI #
#RETURNS: #
#PARAMETERS: #
#PURPOSE: Retrieves form data submitted via the 'GET' #
# method and decodes it. You may then access #
# the passed in variables via calls to $[name] #
# where [name] is the name of the form element. #
####################
sub processCGI {
local ($cgiData, $key, $value, $pair, @pairs);
if ($ENV{'REQUEST_METHOD'} eq 'GET') { $cgiData = $ENV{'QUERY_STRING'}; }
else { $cgiData = <STDIN>; }
@pairs = split (/&/, $cgiData);
foreach $pair (@pairs) {
($key, $value) = split (/\=/, $pair);
$key = &urlDecode($key);
$value = &urlDecode($value);
if(defined ${$key}){
${$key} .= ", ".$value;
}else{
${$key} = $value;
}
}
}
####################
#FUNCTION: doError #
#RETURNS: #
#PARAMETERS: A error message string. #
#PURPOSE: Generates an HTML page indicating an error #
# occurred. #
####################
Sub doError {
my ($errString) = @_;
print "Content-type: text/html\n\n";
open (HEAD, $header);
@LINES = <HEAD>;
close HEAD;
print @LINES;
print "$errString<BR><BR>\n";
open (FOOT, $footer);
@LINES = <FOOT>;
close FOOT;
print @LINES;
exit;
}
####################
### MAIN
####################
# process the form input.
&processCGI;
&populateDateVar;
foreach $check(@required) {
unless ($check) {
doFormError("It appears that you forgot to fill in the <strong>$check</strong> field.");
exit;
}
}
# checks for valid email address
if( &invalidE($b_email) ){
doFormError('You submitted an invalid email address.');
}
# Send email order to customer...
open (MAIL,"|$mailprogram");
print MAIL "To: $youremail\n";
print MAIL "From: $b_email\n";
print MAIL "Subject: New Online Order\n";
print MAIL "\n\n";
print MAIL "A new order has been received. A summary of this order appears below.\n";
print MAIL "\n";
print MAIL "Order Date: $months[$month] $day, $year $hour:$min:$sec \n";
print MAIL " \n";
print MAIL "Send To: \n";
print MAIL "-------- \n";
print MAIL "Name: $b_first $b_last \n";
print MAIL "Address: $b_addr \n";
print MAIL " $b_addr2 \n";
print MAIL " $b_city, $b_state $b_postcode \n";
print MAIL "Phone: $b_phone \n";
print MAIL "Fax: $b_fax \n";
print MAIL " \n";
print MAIL "Card Details: \n";
print MAIL "-------- \n";
print MAIL "First Name: $s_first \n";
print MAIL "Last Name: $s_last \n";
print MAIL "Card Type: $CARDTYPE \n";
print MAIL "Card Number: $s_cnumber \n";
print MAIL "Expiry: $s_expry \n";
print MAIL "CVV2: $s_CVV2 \n";
print MAIL " \n";
print MAIL " \n";
print MAIL "Qty Price(\$) Product ID - Product Name\n";
print MAIL "===================================================================== \n";
print MAIL "$QUANTITY_1 \$$PRICE_1 $ID_1 - $NAME_1 $ADDTLINFO_1 \n";
if( $NAME_2 ) {print MAIL "$QUANTITY_2 \$$PRICE_2 $ID_2 - $NAME_2 $ADDTLINFO_2 \n";}
if( $NAME_3 ) {print MAIL "$QUANTITY_3 \$$PRICE_3 $ID_3 - $NAME_3 $ADDTLINFO_3 \n";}
if( $NAME_4 ) {print MAIL "$QUANTITY_4 \$$PRICE_4 $ID_4 - $NAME_4 $ADDTLINFO_4 \n";}
if( $NAME_5 ) {print MAIL "$QUANTITY_5 \$$PRICE_5 $ID_5 - $NAME_5 $ADDTLINFO_5 \n";}
if( $NAME_6 ) {print MAIL "$QUANTITY_6 \$$PRICE_6 $ID_6 - $NAME_6 $ADDTLINFO_6 \n";}
if( $NAME_7 ) {print MAIL "$QUANTITY_7 \$$PRICE_7 $ID_7 - $NAME_7 $ADDTLINFO_7 \n";}
if( $NAME_8 ) {print MAIL "$QUANTITY_8 \$$PRICE_8 $ID_8 - $NAME_8 $ADDTLINFO_8 \n";}
if( $NAME_9 ) {print MAIL "$QUANTITY_9 \$$PRICE_9 $ID_9 - $NAME_9 $ADDTLINFO_9 \n";}
if( $NAME_10 ){print MAIL "$QUANTITY_10 \$$PRICE_10 $ID_10 - $NAME_10 $ADDTLINFO_10 \n";}
if( $NAME_11 ){print MAIL "$QUANTITY_11 \$$PRICE_11 $ID_11 - $NAME_11 $ADDTLINFO_11 \n";}
if( $NAME_12 ){print MAIL "$QUANTITY_12 \$$PRICE_12 $ID_12 - $NAME_12 $ADDTLINFO_12 \n";}
if( $NAME_13 ){print MAIL "$QUANTITY_13 \$$PRICE_13 $ID_13 - $NAME_13 $ADDTLINFO_13 \n";}
print MAIL "===================================================================== \n";
print MAIL "SUBTOTAL: $SUBTOTAL \n";
print MAIL "TOTAL: $TOTAL \n";
print MAIL "\n";
print MAIL "FREIGHT: $SHIPPING \n";
print MAIL "\n\n";
print MAIL "Comments: \n";
print MAIL "--------- \n";
print MAIL "$comment \n";
print MAIL " \n";
close MAIL;
print "Content-type: text/html\n\n";
exit;
----------------------------------------------------------------------------------
Sorry for all the code, just that I REALLY need help as I am supposed to be opening in 3-4 days and I can't get the damned thing working. :(
Thanks in advance, and thanks for taking the time to read all this.
Peter.