email query results

I am trying to find a 'checkout' handling routine, but I couldn't find one. I also tried to find a name, address, zip, etc. prompt. So the user, somewhere in the form, because it is not clear what the user enters in the form (where do you prompt for his name, address, etc?) enters his email adress. Then at what point do you want the email to be send?

Ronald :cool:

There's no checkout routine code written. It just display the results. The script before this allows the user to select for the cart, and when update is submitted by the user it passes the cart items to the script written above (phpCart_basket.php). Thanks

Can you influence the form on which the order is actually made, i.e. the form that launches this form. If so, can the order form also request an email address from the user, so it can be transferred either in a POST or GET array or via the $_SESSION array? Or do you have to prompt the user from this form??

Let me know and we'll work out the format and content of the email to send.

Ronald :cool:

Thanks so much for helping out. I'm trying to set this for a non-profit I volunteer with. The program is based on four scripts:

phpCart_shop.php is where you select your items

phpCart_basket.php displays the results

functions_cart.php is the middle man

phpCart_manage is a middle man but I'm not sure what it does?

Here is the code for each one, in order

[PHP]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<td width="306"><a href="phpCart_basket.php">View Avionics Stack</a></td>
<?
include "functions_cart.php";
db_connect();
$sel_products = mysql_query("SELECT * FROM $mysql_tablename ORDER BY id");
?>
<table width="100%" border="1" cellspacing="0" cellpadding="5">
<tr><td>&nbsp;</td>
<td><strong>Product</strong></td>
<td><strong>Picurl</strong></td>
<td><strong>Price</strong></td>
</tr>
<?
while ($item = mysql_fetch_array($sel_products)) {
echo "<tr>";
echo "<td><a href=phpCart_manage.php?act=add&pid=".$item["id"].">Add</a></td>";
echo "<td>".$item["product"]."</td>";
echo '<td><img src="'.$item["picurl"].'" width="auto" height="auto" alt="' . $item["product"] . ' Image"></td>';
echo "<td>".$item["price"]."</td>";
echo "</tr>";
}
?>
</table>
</body>
</html>[/PHP]

[PHP]<?
ob_start();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>phpCart</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="phpCart_style.css" rel="stylesheet" type="text/css">

</head>

<body>
<form name="update" method="post" action="phpCart_manage.php">
<table width="50%" border="0" cellspacing="10" cellpadding="0">
<tr bgcolor="#EEEEEE">
<td width="10%" class="bottomline">&nbsp;</td>
<td width="5%" class="bottomline"><strong>Qty</strong></td>
<td width="5%" class="bottomline"><strong>LCode</strong></td>
<td width="50%" class="bottomline"><strong>Product</strong></td>
<td width="10%" class="bottomline"><strong>Image</strong></td>
<td width="10%" class="bottomline"><strong>Price</strong></td>
<td width="10%" class="bottomline"><strong>Line Total </strong></td>
</tr>
<?
include "functions_cart.php";
$totalvalue = 0;

session_start();
// If no sessions has been started $_SESSION["cart"] equals null, thus showing the message no items.
if (!isset($_SESSION["cart"])) {
$_SESSION["cart"] = NULL;
}

if (validate() == TRUE && $_SESSION["cart"] != NULL) {

foreach ($_SESSION["cart"] as $key => $session_data) {

list($ses_id, $ses_quan) = $session_data;

// call database connect function
db_connect();
$sel_products = mysql_query("SELECT * FROM $mysql_tablename WHERE id=".$ses_id."");
$item = mysql_fetch_array($sel_products);

$totalvalue = $totalvalue + ($item["price"]*$ses_quan);
$subtotal = ($item["price"]*$ses_quan);

?>
<tr>
<td class="dividingborder"><a href="<? echo "phpCart_manage.php?act=del&pid=".$ses_id; ?>"><img src="img/icon_del.gif" width="13" height="13" border="0"></a></td>
<td class="dividingborder"><input name="newquan[]" type="text" id="newquan[]4" value="<? echo $ses_quan; ?>" size="5" maxlength="4">
<input name="eid[]" type="hidden" id="eid[]" value="<? echo $ses_id; ?>"></td>
<td class="dividingborder"><? echo $item["code"]; ?></td>
<td class="dividingborder"><? echo $item["product"]; ?></td>
<td class="dividingborder"><? echo '<img src="'.$item["picurl"].'" width="auto" height="auto" alt="' . $item["product"] . ' Image"'; ?></td>

<td class="dividingborder"><? echo $cur_symbol."".number_format($item["price"], 2, '.', ''); ?></td>
<td class="dividingborder"><? echo $cur_symbol."".number_format($subtotal, 2, '.', ''); ?></td>
</tr>
<?
} // end foreach loop

} elseif ($_SESSION["cart"] == NULL) {

echo "<td colspan=\"5\"><center><p>Your basket is currently empty.</p></center></td>";

} else {

echo "<td colspan=\"5\"><center><p>Unknown Error.</p></center></td>";

}
?>
<tr>
<td> <img src="img/icon_del.gif" width="13" height="13"> - delete</td>
<td><? if ($_SESSION["cart"] != NULL) { echo "<input name=\"UpdateChg\" type=\"submit\" id=\"UpdateChg\" value=\"Update\">"; } ?></td>
<td><a href="phpCart_shop.php">Add More Avionics</a></td>
<td><strong>Stack Total</strong></td>
<td><? echo $cur_symbol."".number_format($totalvalue, 2, '.', ''); ?></td>
</tr>
</table>
</form>

</body>
</html>
<?
ob_end_flush();
?>

[/PHP]

[PHP]<?
$mysql_server = "localhost";
$mysql_username = "flying";
$mysql_pwd = "copole";
$mysql_dbname = "flying_phpcart";
$mysql_tablename = "phpcart_products";

$cur_symbol = "$";

// database connect function
function db_connect () {

global $mysql_server, $mysql_username, $mysql_pwd, $mysql_dbname;

$db = mysql_connect($mysql_server, $mysql_username, $mysql_pwd, false, 128) or die("Problem connecting");
mysql_select_db($mysql_dbname,$db) or die("Problem selecting database");

}


// generate random string for cookie and session
function setstp () {

settype($str,"string");

// generate random number
for ($i=0;$i<20;$i++) {

$str .= chr (rand (1, 255));

}

// encode string to 40 characters.
$sha = sha1 ($str);
// set cookie with value and set session with the same value.
setcookie ("SESSSEC", $sha, NULL);
$_SESSION["CookieChk"]['SESSSEC'] = $sha;

}


// add item to cart
function add_item_to_cart($id,$quantity) {

// set cookie and store value in session
setstp();

// call database connect function
db_connect();
// get product id from database
global $mysql_tablename;
$sel_products = mysql_query("SELECT * FROM $mysql_tablename WHERE id=".$id."");
$item = mysql_fetch_array($sel_products);
// returns the number of rows in a result, if 1 item exists if 0 item doesn't exists.
$num_rows = mysql_num_rows($sel_products);

// if item exists then add item to cart
if ($num_rows >= 1) {

session_regenerate_id(TRUE);

$_SESSION["cart"][$id][0] = $item["id"];
$_SESSION["cart"][$id][1] = $quantity;

header ("location:".$_SERVER['HTTP_REFERER']);

}
}


// check cookie and session and then show cart
function validate() {

if (!isset($_COOKIE['SESSSEC'])) {
$valid = FALSE;
// probable attempt at Session Fixation, you should probably log this
} elseif (!isset($_SESSION["CookieChk"]['SESSSEC'])) {
$valid = FALSE;
// umm, this shouldn't occur, but yeah, do whatever you want, maybe log an error or something, probably not needed except to notice bugs in your app....
} elseif ($_COOKIE["SESSSEC"] == $_SESSION["CookieChk"]['SESSSEC']) {
$valid = TRUE;
setstp();
} else {
$valid = FALSE;
// very Proably attempt at session hijacking, because while both items exist they don't match, definately log this
}
return $valid;
}


// delete item from cart
function del_item($id) {

// call database connect function
db_connect();
global $mysql_tablename;
$sel_products = mysql_query("SELECT * FROM $mysql_tablename WHERE id=".$id."");
$item = mysql_fetch_array($sel_products);

session_start();

// remove item from cart
session_regenerate_id();
unset($_SESSION["cart"][$item["id"]]);

header ("location:".$_SERVER['HTTP_REFERER']);

}


?>
[/PHP]
[PHP]<?
ob_start();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>phpCart</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="phpCart_style.css" rel="stylesheet" type="text/css">
<?
// UPDATE BASKET QUANTITY
if (isset($_POST["UpdateChg"])) {

session_start();
include "functions_cart.php";

$i = 0;
$size = count($_POST["eid"]);

for ($i = 0; $i <= $size-1; $i++) {

// call remove bad characters function
$badsymbols = array(" ","-","+","*","/",".");
$_POST["newquan"][$i] = str_replace($badsymbols,"", $_POST["newquan"][$i]);

if (is_numeric($_POST["newquan"][$i])) {

// if any quantity's equal 0 then remove from cart
if ($_POST["newquan"][$i] == 0) {
unset($_SESSION["cart"][$_POST["eid"][$i]]);
}

// update quantity in cart.
if (array_key_exists($_POST["eid"][$i], $_SESSION["cart"])) {

add_item_to_cart($_POST["eid"][$i], $_POST["newquan"][$i]);

}

} // END IF NUMERIC

}

header ("location:".$_SERVER['HTTP_REFERER']);

} // END BASKET QUANTITY

// TEXT LINKS
if (isset($_GET["act"])) {

// ADD ITEM!
if ($_GET["act"] == "add") {

session_start();
include "functions_cart.php";
//unserialize($_SESSION["cart"]);
if (!isset($_SESSION["cart"])) {

// add first item
add_item_to_cart($_GET["pid"],1);

} else if (array_key_exists($_GET["pid"], $_SESSION["cart"])) {

// add 1 to quantity if item in cart already
add_item_to_cart($_GET["pid"],++$_SESSION["cart"][$_GET["pid"]][1]);

} else {

// add any other items after first item
add_item_to_cart($_GET["pid"],1);

}

}


// DELETE ITEM!
if ($_GET["act"] == "del") {

include "functions_cart.php";
del_item($_GET["pid"]);

}

} // END ISSET
?>
</body>
</html>
<?
ob_end_flush();
?>
[/PHP]