<% ' Copyright (C) 1998-2005 Cyberstrong Internet Services, Inc. All Rights Reserved ' ' This file has been seeded with unique information at point of sale and ' is traceable to its purchaser. ' ' Your license agreement forbids the removal of this notice. %> <% ' ' GetCst.asp - Get customer data ' Dim CustomerID, rs, rsCustomers, SQL, iPass, ButtonPress 'for editing david wolter if request("Edit") = session("Username") and session("Username") <> "" then session("edit") = request("Edit") end if ' GetField - Get field value if customer is in data base. Otherwise ' use the value presently on the form. For the first pass at this form ' these values will be null. Public Function GetFieldData(ByVal FieldName, ByVal DemoValue) Select Case True Case (gblDemoMode AND iPass = 1) : GetFieldData = DemoValue Case IsObject(rs) : GetFieldData = GetDatabaseValue(FieldName) Case (Request.Form("Login" & FieldName) <> "") : GetFieldData = stripHTML(Request.Form("Login" & FieldName)) Case Else : GetFieldData = stripHTML(Request.Form(FieldName)) End Select End Function ' GetDatabaseValue() - Recover value from database. Suppress recovery of 'ship to' info... Public Function GetDatabaseValue(ByVal argFieldName) Select Case argFieldName Case "ContactFirstName", "ContactLastName", "CompanyName", "BillingAddress1", "BillingAddress2", "City", "StateOrProvince", "PostalCode", "Country", "PhoneNumber", "EmailAddress", "Username", "Passwords","Fax","Organization" GetDatabaseValue = rs(argFieldName) Case Else GetDatabaseValue = "" End Select End Function ' Checked - Sets check mark in check box ... Public Function Checked (ByVal FieldName) If (gblDemoMode AND iPass = 1) Then Checked = "" ElseIf (Not IsObject(rs)) Then ' New customer, use form data from last pass or null string. If (LCase(Request.Form(FieldName)) = "yes") Then Checked = "checked" Else Checked = "" End If Else If (LCase(rs(FieldName)) = "yes") Then Checked = "checked" Else Checked = "" End If End If End Function ' RetrieveCustomer() - Retrieve customer from database ... 'Public Sub RetrieveCustomer() ' set rs = Server.CreateObject("ADODB.Recordset") ' SQL = "SELECT * FROM Customers " & _ ' "WHERE ContactLastName = '" & CleanSQL(stripHTML(Session("Contact")), "a") & "' AND " & _ ' "EmailAddress = '" & CleanSQL(stripHTML(Session("Address")), "a") & "'" ' rs.Open SQL, Conn, adOpenKeyset, adLockOptimistic ' If (rs.RecordCount >= 1) Then ' CustomerID = rs("CustomerID") ' Else ' FormErrorMsg = FormErrorMsg & "We cannot find your customer information.
Please try again or complete the information under Bill To below.
" ' CustomerID = 0 ' rs.Close ' set rs = Nothing ' Make variable no longer be an object ... ' rs = "" ' End If ' Leave recordset open for subsequent display. 'End Sub ' AddUpdateCustomer() - Add or update customer record ... Public Sub AddUpdateCustomer() Dim SQL, Field, Address, AddressList, EMailOk ' Field Checks ... FormErrorMsg = "" Call CheckMissingField("ContactFirstName", "First Name") Call CheckMissingField("ContactLastName", "Last Name") Call CheckMissingField("BillingAddress1", "Address 1") Call CheckMissingField("City", "City") Call CheckMissingField("StateOrProvince", "State") Call CheckMissingField("PostalCode", "Postal Code") Call CheckMissingField("Country", "Country") Call CheckMissingField("PhoneNumber", "Telephone") Call CheckMissingField("EmailAddress", "E-mail") Call CheckMissingField("CompanyName", "Company Name") Call CheckMissingField("Fax", "Fax Number") Call CheckMissingField("Organization", "Organization Type") Call CheckMissingField("Password", "Password") Call CheckMissingField("UsernameForm", "User Name") If (Not (cstUseAutoShipToAddress Or cstSuppressShipTo)) Then Call CheckMissingField("ShipContactFirstName", "Ship To: First Name") Call CheckMissingField("ShipContactLastName", "Ship To: Last Name") Call CheckMissingField("ShipAddress1", "Ship To: Address 1") Call CheckMissingField("ShipCity", "Ship To: City") Call CheckMissingField("ShipStateOrProvince", "Ship To: State") Call CheckMissingField("ShipPostalCode", "Ship To: Postal Code") Call CheckMissingField("ShipCountry", "Ship To: Country") Call CheckMissingField("ShipPhoneNumber", "Ship To: Telephone") End If ' Validate e-mail address ... ' Unsupported feature: Send CC of receipt to address list separated by commas. EMailOk = True If (Request.Form("EmailAddress") = "") Then EMailOk = False Else AddressList = Split(stripHTML(Request.Form("EmailAddress")) & ",", ",") For Each Address in AddressList If (Trim(Address) <> "") Then If (Not IsValidEmail(Address)) Then EMailOk = False End If Next End If If (Not EMailOk) Then FormErrorMsg = FormErrorMsg & "Invalid e-mail address, please try again.
" End If if FormErrorMsg = "" And Session("Username") = "" then if request.Form("Password") <> request.Form("ConfirmPassword") then FormErrorMsg = FormErrorMsg & "You type a wrong password confirmation" & "'
" End if End if ' Bail on errors for subsequent display below ... ' Check duplicate user name...david wolter if session("Username") = "" then Set rsCustomers = Server.CreateObject("ADODB.Recordset") SQL = "SELECT * FROM Customers " rsCustomers.Open "Customers", Conn, adOpenKeyset, adLockOptimistic Do While (Not rsCustomers.EOF) if request.form("UsernameForm") = rsCustomers("Username") then FormErrorMsg = "The User Name is already Taken Please Try Another
" if request.form("UsernameForm") = rsCustomers("Username") then exit do end if rsCustomers.MoveNext Loop rsCustomers.Close : Set rsCustomers = Nothing end if If (FormErrorMsg <> "") Then Exit Sub End If ' Lock application to ensure customer ID uniqueness ... Application.Lock Set rsCustomers = Server.CreateObject("ADODB.Recordset") ' No customer record yet? Try and find one based on field input ... If (CustomerID = 0) Then rsCustomers.Open "Customers", Conn, adOpenKeyset, adLockOptimistic ' Is there already a matching record for this customer on file? ' If so, retrieve this customer's ID to avoid duplicate customer records... SQL = "SELECT * FROM Customers WHERE " For Each Field in rsCustomers.Fields Select Case Field.Name ' Consider these fields only... Case "ContactFirstName", "ContactLastName", "CompanyName", "BillingAddress1", "BillingAddress2", "City", "StateOrProvince", "PostalCode", "Country", "PhoneNumber", "EmailAddress", "Username", "Passwords" ,"Fax" ,"Organization" SQL = SQL & "({fn LCase(" & CleanSQL(Field.Name, "a") & ")} = '" & CleanSQL(LCase(stripHTML(Request.Form(Field.Name))), "a") & "') AND " End Select Next ' Close the SQL statement ... SQL = SQL & "(1 = 1)" rsCustomers.Close rsCustomers.Open SQL, Conn, adOpenKeyset, adLockOptimistic If (rsCustomers.RecordCount <> 0) Then CustomerID = rsCustomers("CustomerID") End If rsCustomers.Close End If ' Record still not found? If (CustomerID = 0) Then ' Create a new customer record ... If (cstServerType = "SQL") Then rsCustomers.CursorLocation = adUseServer End If rsCustomers.Open "Customers", Conn, adOpenKeyset, adLockOptimistic rsCustomers.AddNew Else ' Updating an existing record ... SQL = "SELECT * FROM Customers WHERE CustomerID = " & CleanSQL(CustomerID, "i") rsCustomers.Open SQL, Conn, adOpenKeyset, adLockOptimistic End If ' Fill in record fields ... rsCustomers("CompanyName") = stripHTML(Request.Form("CompanyName")) rsCustomers("ContactFirstName") = stripHTML(Request.Form("ContactFirstName")) rsCustomers("ContactLastName") = stripHTML(Request.Form("ContactLastName")) rsCustomers("BillingAddress1") = stripHTML(Request.Form("BillingAddress1")) rsCustomers("BillingAddress2") = stripHTML(Request.Form("BillingAddress2")) rsCustomers("City") = stripHTML(Request.Form("City")) rsCustomers("StateOrProvince") = stripHTML(Request.Form("StateorProvince")) rsCustomers("PostalCode") = stripHTML(Request.Form("PostalCode")) rsCustomers("Country") = stripHTML(Request.Form("Country")) rsCustomers("PhoneNumber") = stripHTML(Request.Form("PhoneNumber")) rsCustomers("EmailAddress") = stripHTML(Request.Form("EmailAddress")) rsCustomers("Passwords") = stripHTML(Request.Form("Password")) rsCustomers("Username") = stripHTML(Request.Form("UsernameForm")) rsCustomers("Organization") = stripHTML(Request.Form("Organization")) rsCustomers("Fax") = stripHTML(Request.Form("Fax")) rsCustomers("OptIn") = Request.Form("OptIn") If (cstUseAutoShipToAddress) Then ' Ship to address derived from billing ... rsCustomers("ShipCompanyName") = stripHTML(Request.Form("CompanyName")) rsCustomers("ShipContactFirstName") = stripHTML(Request.Form("ContactFirstName")) rsCustomers("ShipContactLastName") = stripHTML(Request.Form("ContactLastName")) rsCustomers("ShipAddress1") = stripHTML(Request.Form("BillingAddress1")) rsCustomers("ShipAddress2") = stripHTML(Request.Form("BillingAddress2")) rsCustomers("ShipCity") = stripHTML(Request.Form("City")) rsCustomers("ShipStateOrProvince") = stripHTML(Request.Form("StateorProvince")) rsCustomers("ShipPostalCode") = stripHTML(Request.Form("PostalCode")) rsCustomers("ShipPhoneNumber") = stripHTML(Request.Form("PhoneNumber")) rsCustomers("ShipCountry") = stripHTML(Request.Form("Country")) rsCustomers("ShipCompanyName") = stripHTML(Request.Form("CompanyName")) rsCustomers("ShipOrganization") = stripHTML(Request.Form("Organization")) 'rsCustomers("ShipFax") = stripHTML(Request.Form("Fax")) Else ' Ship to address controlled manually here... rsCustomers("ShipCompanyName") = stripHTML(Request.Form("ShipCompanyName")) rsCustomers("ShipContactFirstName") = stripHTML(Request.Form("ShipContactFirstName")) rsCustomers("ShipContactLastName") = stripHTML(Request.Form("ShipContactLastName")) rsCustomers("ShipAddress1") = stripHTML(Request.Form("ShipAddress1")) rsCustomers("ShipAddress2") = stripHTML(Request.Form("ShipAddress2")) rsCustomers("ShipCity") = stripHTML(Request.Form("ShipCity")) rsCustomers("ShipStateOrProvince") = stripHTML(Request.Form("ShipStateorProvince")) rsCustomers("ShipPostalCode") = stripHTML(Request.Form("ShipPostalCode")) rsCustomers("ShipPhoneNumber") = stripHTML(Request.Form("ShipPhoneNumber")) rsCustomers("ShipCountry") = stripHTML(Request.Form("ShipCountry")) rsCustomers("ShipOrganization") = stripHTML(Request.Form("ShipOrganization")) End If rsCustomers("LastUpdated") = Date() rsCustomers.Update ' Update/Add record ... ' Pick up customer id from record just created ... If (CustomerID = 0) Then CustomerID = rsCustomers("CustomerID") rsCustomers.Close set rsCustomers = Nothing Application.Unlock End Sub ' WriteClientSideScripts - Write client side scripts to browser... Public Sub WriteClientSideScripts() %> <% End Sub '---------------------------------------------------------------------- ' Main: ' ' Recover selected session variables hidden variables to bridge SSL transition SessionContents("restore") ' If not null when form runs, display FormErrorMsg at top of form ' as form re-displays. if Session("Username") = "" and request("Sign") <> "register" then FormErrorMsg ="You need to Register First Or Log In if you are a returning customer
" else FormErrorMsg = "" End if 'Set Conn = dbOpen("rwl") ' Retrieve customer ID that we just looked up ... CustomerID = CLng(Session(sesCustomerID)) if Session("Username") <> "" then Call RetrieveCustomer() End if ' Handle form events here ... ButtonPress = LCase(GetFormAction()) Select Case True 'Case ButtonPress = "login" 'iPass = 2 'Call RetrieveCustomer() Case ButtonPress = "continue" iPass = 2 Call AddUpdateCustomer() 'if Session(sesItemCount) = "0" then 'response.redirect("default.asp") 'end if if Session("Username") = session("edit") and session("Username") <> "" then session("edit") = "" response.redirect("edited.asp") end if if FormErrorMsg = "" And Session("Username") = "" then Session("Username") = Request.Form("UsernameForm") Session("Password") = Request.Form("Password") 'response.redirect("default.asp") end if if Session(sesItemCount) = "0" and FormErrorMsg = "" then session.abandon() response.redirect("signedup.asp") end if if (FormErrorMsg = "") Then Session(sesCustomerID) = CustomerID dbClose(Conn) Response.Redirect("40GetShp.asp") end if Case GetURLValue("Cancel") = "1" iPass = 2 dbClose(Conn) Session.Abandon Response.Redirect(NonSecureURL(cstCancelURL)) Case ButtonPress = "" ' First form load, set it up ... iPass = 1 'Case Else ' if Session("Username") <> "" and request.form("btnLogin") = "" then 'FormErrorMsg = FormErrorMsg & "Unknown button press, contact software vendor.
" ' End if End Select Session(sesCustomerID) = CLng(Session("CustomerID")) ' Write the page ... Call WriteClientSideScripts() wl("

") wl("

") ' Page position table start ... Call DisplayPageHeader("30", "", "") If (FormErrorMsg <> "") Then wl(FormErrorMsg & "
") End If ' Master table start ... ' Start login section (if enabled) ... If (cstCustomerLoginEnabled) Then wl("") wl("") wl("

") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("



Last Name:	") wl("
E-mail Address:	") wl("

") End If ' Start collect new user section ... wl("") wl("") wl("

Bill To: (New Customers)

") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") else wl("") end if wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") If (cstDisplayStateDDB) Then wl("") wl("") Else wl("") wl("") wl("") wl("") wl("") wl("") End If wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") if session("UserName") = "" then wl("") wl("") wl("") wl("VALUE='' Size=30 class=styGenFieldUserInput>") wl("") end if If (Trim(cstOptInMessage) <> "") Then wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") End If wl("



Company:
Agency:	") if session("Username") = "" then wl("
First Name:
Last Name:
Address 1:
Address 2:
City:
State/Province:	") Call StateDDB("StateOrProvince", "VA") wl("

	Please use two letter state/province code.
Postal Code:
Phone:
Fax:
Country:	") Call CountryDDB("Country", "Dest") wl("
E-mail Address:
User Name	"" then wl("readonly='' class=txtback ") end if wl("VALUE=""" & GetFieldData("Username", "John Doe") & """ Size=30 class=styGenFieldUserInput>
Password	"" then wl("readonly='' class=txtback ") end if wl("VALUE=""" & GetFieldData("Passwords", "*********") & """ Size=30 class=styGenFieldUserInput>
Confirm Password:	"" then wl("readonly='' class=txtback ") end if ' wl("VALUE=""" & GetFieldData("ConfirmPassword", "**********") & """ Size=30 class=styGenFieldUserInput>

	") wl("" & cstOptInMessage & "

") ' Start collect 'ship to' information ... If (Not (cstUseAutoShipToAddress Or cstSuppressShipTo)) Then wl("") wl("") wl("

Ship To: " & _ "" & _ "Same as billing address" & _ "

") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") If (cstDisplayStateDDB) Then wl("") wl("") Else wl("") wl("") wl("") wl("") wl("") wl("") End If wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("") wl("



First Name:
Last Name:
Company:
Address 1:
Address 2:
City:
State/Province:	") Call StateDDB("ShipStateOrProvince", "") wl("

	Please use two letter state/province code.
Postal Code:
Phone:
Country:	") Call CountryDDB("ShipCountry", "Dest") wl("

") End If ' If (Not (cstUseAutoShipToAddress Or cstSuppressShipTo)) ' Place action buttons on form ... wl("") wl("") wl("") wl("") wl("

") ' Reserved for future expansion ... ' Call DisplayLink(NonSecureURL("20Review.asp"), ResourcePath & "images/Back.gif", "Back") : Response.Write(" ") Call DisplayLink(NonSecureURL("30GetCst.asp?Cancel=1"), ResourcePath & "custom/images/CanOrd.gif", "Cancel Order") if request("Edit") = session ("username") or Session(sesItemCount) = "0" then wl(" ") else wl(" ") end if 'response.write("|" & Session(sesItemCount) & "|") wl("

") wl("

") ' Page position table end. ' Save selected session variables as hidden ' variables to bridge SSL transition SessionContents("save") wl("

") dbClose(Conn) %>