542 Chapter 25 Building a Shopping CartImplementing Payment When the user clicks the Purchase button, we will process her payment details using the process.phpscript.You can see the resu
Trang 1542 Chapter 25 Building a Shopping Cart
Implementing Payment
When the user clicks the Purchase button, we will process her payment details using the process.phpscript.You can see the results of a successful payment in Figure 25.10 The code for process.phpcan be found in Listing 25.16.
Listing 25.16 process.php—The process.php Script Processes the Customer’s Payment
and Tells Her the Result
<?php include ('book_sc_fns.php');
// The shopping cart needs sessions, so start one session_start();
do_html_header('Checkout');
$card_type = $HTTP_POST_VARS['card_type'];
$card_number = $HTTP_POST_VARS['card_number'];
$card_month = $HTTP_POST_VARS['card_month'];
$card_year = $HTTP_POST_VARS['card_year'];
$card_name = $HTTP_POST_VARS['card_name'];
if($HTTP_SESSION_VARS['cart']&&$card_type&&$card_number&&
$card_month&&$card_year&&$card_name ) {
//display cart, not allowing changes and without pictures display_cart($HTTP_SESSION_VARS['cart'], false, 0);
display_shipping(calculate_shipping_cost());
if(process_card($HTTP_POST_VARS)) {
//empty shopping cart session_destroy();
echo 'Thankyou for shopping with us Your order has been placed.';
display_button('index.php', 'continue-shopping', 'Continue Shopping'); }
else { echo 'Could not process your card ';
echo 'Please contact the card issuer or try again.';
display_button('purchase.php', 'back', 'Back');
} } else { echo 'You did not fill in all the fields, please try again.<hr />';
Trang 2}
do_html_footer();
?>
The crux of this script is these lines:
if(process_card($HTTP_POST_VARS)) {
//empty shopping cart session_destroy();
echo 'Thankyou for shopping with us Your order has been placed.';
display_button('index.php', 'continue-shopping', 'Continue Shopping');
}
We process the user’s card, and, if all is successful, destroy her session.
The card processing function as we have written it simply returns true If you were actually implementing it, you would need to perform some validation (checking that the expiry date was valid and the card number well-formed) and then process the actual payment.
Listing 25.16 Continued
Figure 25.10 This transaction was successful, and the items
will now be shipped
Trang 3544 Chapter 25 Building a Shopping Cart
When you set up a live site, you will need to make a decision about what transaction clearing mechanism you want to use.You can
n Sign up with a transaction clearing provider.There are many, many alternatives here depending on the area you live in Some of these will offer real-time clearing, and others won’t.Whether you need live clearing depends on the service you are offering If you are providing a service online, you will most likely want it; if you are shipping goods, it’s less crucial Either way, these providers relieve you of the responsibility of storing credit card numbers.
n Send a credit card number to yourself via encrypted email, for example, by using PGP or GPG as covered in Chapter 15.When you receive and decrypt the email, you can process these transactions manually.
n Store the credit card numbers in your database.We do not recommend this option unless you really, seriously know what you’re doing with system security.You can read Chapter 15 for more details about why this is a bad idea.
That’s it for the shopping cart and payment modules.
Implementing an Administration Interface
The administration interface we have implemented is very simple All we have done is build a Web interface to the database with some front end authentication.This is much
of the same code as used in Chapter 24.We have included it here for completeness, but with little discussion.
The administration interface requires a user to log in via the login.phpfile, which then takes her to the administration menu,admin.php.The login page is shown in Figure 25.11 (We have omitted the login.phpfile here for brevity—it’s almost exactly the same as the one in Chapter 24 If you want to look at it, it’s on the CD-ROM.) The administration menu is shown in Figure 25.12.
Trang 4Figure 25.11 Users must pass through the login page to
access the admin functions
Figure 25.12 The administration menu allows access to the admin functions
Trang 5546 Chapter 25 Building a Shopping Cart
The code for the admin menu is shown in Listing 25.17.
Listing 25.17 admin.php—This Script Authenticates the Administrator and Lets Her
Access the admin Functions
<?php
// include function files for this application require_once('book_sc_fns.php');
session_start();
if ($HTTP_POST_VARS['username'] && $HTTP_POST_VARS['passwd']) // they have just tried logging in
{
$username = $HTTP_POST_VARS['username'];
$passwd = $HTTP_POST_VARS['passwd'];
if (login($username, $passwd)) {
// if they are in the database register the user id
$HTTP_SESSION_VARS['admin_user'] = $username;
} else { // unsuccessful login do_html_header('Problem:');
echo 'You could not be logged in
You must be logged in to view this page.<br />';
do_html_url('login.php', 'Login');
do_html_footer();
exit;
} }
do_html_header('Administration');
if (check_admin_user()) display_admin_menu();
else echo 'You are not authorized to enter the administration area.';
do_html_footer();