542 Chapter 25 Building a Shopping Cart Implementing Payment When the user clicks the Purchase button, we will process her payment details using the process.php script.You can see the results of a successful payment in Figure 25.10. The code for process.php can be found in Listing 25.16. Listing 25.16 process.php—The process.php Script Processes the Customer’s Payment and Tells Her the Result <?php include ('book_sc_fns.php'); // The shopping cart needs sessions, so start one session_start(); do_html_header('Checkout'); $card_type = $HTTP_POST_VARS['card_type']; $card_number = $HTTP_POST_VARS['card_number']; $card_month = $HTTP_POST_VARS['card_month']; $card_year = $HTTP_POST_VARS['card_year']; $card_name = $HTTP_POST_VARS['card_name']; if($HTTP_SESSION_VARS['cart']&&$card_type&&$card_number&& $card_month&&$card_year&&$card_name ) { //display cart, not allowing changes and without pictures display_cart($HTTP_SESSION_VARS['cart'], false, 0); display_shipping(calculate_shipping_cost()); if(process_card($HTTP_POST_VARS)) { //empty shopping cart session_destroy(); echo 'Thankyou for shopping with us. Your order has been placed.'; display_button('index.php', 'continue-shopping', 'Continue Shopping'); } else { echo 'Could not process your card. '; echo 'Please contact the card issuer or try again.'; display_button('purchase.php', 'back', 'Back'); } } else { echo 'You did not fill in all the fields, please try again.<hr />'; display_button('purchase.php', 'back', 'Back'); 31 525x ch25 1/24/03 3:39 PM Page 542 543 Implementing Payment } do_html_footer(); ?> The crux of this script is these lines: if(process_card($HTTP_POST_VARS)) { //empty shopping cart session_destroy(); echo 'Thankyou for shopping with us. Your order has been placed.'; display_button('index.php', 'continue-shopping', 'Continue Shopping'); } We process the user’s card, and, if all is successful, destroy her session. The card processing function as we have written it simply returns true. If you were actually implementing it, you would need to perform some validation (checking that the expiry date was valid and the card number well-formed) and then process the actual payment. Listing 25.16 Continued Figure 25.10 This transaction was successful, and the items will now be shipped. 31 525x ch25 1/24/03 3:39 PM Page 543 544 Chapter 25 Building a Shopping Cart When you set up a live site, you will need to make a decision about what transaction clearing mechanism you want to use.You can n Sign up with a transaction clearing provider.There are many, many alternatives here depending on the area you live in. Some of these will offer real-time clearing, and others won’t.Whether you need live clearing depends on the service you are offering. If you are providing a service online, you will most likely want it; if you are shipping goods, it’s less crucial. Either way, these providers relieve you of the responsibility of storing credit card numbers. n Send a credit card number to yourself via encrypted email, for example, by using PGP or GPG as covered in Chapter 15.When you receive and decrypt the email, you can process these transactions manually. n Store the credit card numbers in your database.We do not recommend this option unless you really, seriously know what you’re doing with system security.You can read Chapter 15 for more details about why this is a bad idea. That’s it for the shopping cart and payment modules. Implementing an Administration Interface The administration interface we have implemented is very simple.All we have done is build a Web interface to the database with some front end authentication.This is much of the same code as used in Chapter 24.We have included it here for completeness, but with little discussion. The administration interface requires a user to log in via the login.php file, which then takes her to the administration menu, admin.php.The login page is shown in Figure 25.11. (We have omitted the login.php file here for brevity—it’s almost exactly the same as the one in Chapter 24. If you want to look at it, it’s on the CD-ROM.) The administration menu is shown in Figure 25.12. 31 525x ch25 1/24/03 3:39 PM Page 544 545 Implementing an Administration Interface Figure 25.11 Users must pass through the login page to access the admin functions. Figure 25.12 The administration menu allows access to the admin functions. 31 525x ch25 1/24/03 3:39 PM Page 545 546 Chapter 25 Building a Shopping Cart The code for the admin menu is shown in Listing 25.17. Listing 25.17 admin.php—This Script Authenticates the Administrator and Lets Her Access the admin Functions <?php // include function files for this application require_once('book_sc_fns.php'); session_start(); if ($HTTP_POST_VARS['username'] && $HTTP_POST_VARS['passwd']) // they have just tried logging in { $username = $HTTP_POST_VARS['username']; $passwd = $HTTP_POST_VARS['passwd']; if (login($username, $passwd)) { // if they are in the database register the user id $HTTP_SESSION_VARS['admin_user'] = $username; } else { // unsuccessful login do_html_header('Problem:'); echo 'You could not be logged in. You must be logged in to view this page.<br />'; do_html_url('login.php', 'Login'); do_html_footer(); exit; } } do_html_header('Administration'); if (check_admin_user()) display_admin_menu(); else echo 'You are not authorized to enter the administration area.'; do_html_footer(); ?> 31 525x ch25 1/24/03 3:39 PM Page 546 . the process .php script.You can see the results of a successful payment in Figure 25.10. The code for process .php can be found in Listing 25.16. Listing 25.16 process .php The process .php Script. the expiry date was valid and the card number well-formed) and then process the actual payment. Listing 25.16 Continued Figure 25.10 This transaction was successful, and the items will now be. 25.17 admin .php This Script Authenticates the Administrator and Lets Her Access the admin Functions < ?php // include function files for this application require_once('book_sc_fns .php& apos;);