<?/* purchase_now.php (c) 2000 Ying Zhang (ying@zippydesign.com) * * TERMS OF USAGE: * This file was written and developed by Ying Zhang (ying@zippydesign.com) * for educational and demonstration purposes only.  You are hereby granted the  * rights to use, modify, and redistribute this file as you like.  The only * requirement is that you must retain this notice, without modifications, at * the top of your source code.  No warranties or guarantees are expressed or * implied. DO NOT use this code in a production environment without * understanding the limitations and weaknesses pretaining to or caused by the * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK! *//****************************************************************************** * MAIN *****************************************************************************/include("../application.php");require_login();$DOC_TITLE = "MyMarket Checkout";$template_to_show = "templates/purchase_now.php";/* form has been submitted */if (match_referer() && isset($HTTP_POST_VARS)) {	$frm = $HTTP_POST_VARS;	$errormsg = validate_form($frm, $errors);	if (empty($errormsg)) {		save_orderinfo($HTTP_POST_VARS);		$qid = get_cart_items();				$DOC_TITLE = "MyMarket Purchase Confirmation";		$template_to_show = "templates/purchase_confirmation.php";	}} if ($info = load_orderinfo()) {	$customer = $info->customer;	$contact = $info->contact;	$address = $info->address;	$comments = $info->comments;} else {	$user = load_userinfo();	$customer = $user->firstname . " " . $user->lastname;	$contact = $user->phone;	$address = $user->address;	}include("$CFG->templatedir/header.php");include("$CFG->templatedir/form_header.php");include($template_to_show);include("$CFG->templatedir/footer.php");/****************************************************************************** * FUNCTIONS *****************************************************************************/function validate_form(&$frm, &$errors) {/* validate the billing information form, and return the error messages in a * string.  if the string is empty, then there are no errors */	$errors = new Object;	$msg = "";	if (empty($frm["customer"])) {		$errors->customer = true;		$msg .= "<li>You did not specify your name";	} elseif (empty($frm["contact"])) {		$errors->contact = true;		$msg .= "<li>You did not specify a way to contact you";	} elseif (empty($frm["address"])) {		$errors->address = true;		$msg .= "<li>You did not specify your billing address";	} elseif (empty($frm["creditcard"])) {		$errors->creditcard = true;		$msg .= "<li>You did not specify your credit card number";	} elseif (empty($frm["expiry"])) {		$errors->creditcard = true;		$msg .= "<li>You did not specify your credit card expiry date";	}	return $msg;}function load_userinfo() {/* this function returns an object containing the user's information (name, * address, etc.  we will use this information to pre-populate the billing * information fields of the form */	global $SESSION; 	$qid = db_query("SELECT firstname, lastname, phone, address FROM users WHERE username = '{$SESSION["user"]["username"]}'");	return db_fetch_object($qid);}?>