<% method stripStringFromString(&theString, StringToEliminate) { //load('ADO'); //local sql1 = "sp_replace_string '" & thestring & "','" & StringToEliminate & "','" & '' & "'" ; //local rs=ADO( sql1, getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); //thestring = rs.getfield("newtext"); //rs.close(); local position = theString.strstr(StringToEliminate); local stringlen = theString.length(); local eliminateLength = StringToEliminate.length(); if (position > -1) { lstring = theString.left(position); rstring = theString.right(stringlen - position - eliminateLength); theString = lstring & rstring; stripStringFromString(theString, StringToEliminate); } } try { if (scope(webRoot)==0) { Library.runfile(CGI.home & 'script\init'); } if (scope(ValidateEmail)==0) { Library.loadfile(CGI.home & 'script\library'); } Library.loadfile(CGI.home & 'script\Currency'); Library.loadfile(CGI.home & 'script\form'); formHandler = cFormHandler(); // init the form variables with (formobj) { .email =''; .order =''; .desc =''; .amount = 0; .url = ''; .name = ''; .logo = ''; .readonly =''; .reason = ''; // reason for sending will contain all info .balanceneeds = 0; .send_method = "account"; .bconfirm = false; .bwebacceptconfirm = false; .fullname =''; .firstname =''; .lastname=''; .email_address_sender=''; .displaycardtype='VISA'; .number=''; .mm=0; .yyyy=0; .issue=''; .cvvno=''; //.holder = ''; .firstline=''; .postcode=''; .checkout_var = false; .form_name = ''; .loadsendcheckedcheckout = false; .loadsendchecked = false; .bFailed =true; .custom=''; .town=''; .county=''; .sendaddress='yes'; .cancelurl=''; .responderurl=''; .tandc = ''; .charge_message=''; .xtra_charge=''; .status='LIVE'; .subscribe =''; .tandc_id=''; .account_name=''; .trusted_seller = 0; } load('ADO'); sql = "sp_get_tandc_id 4"; rstandc = ADO(sql, getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); formobj.tandc_id = rstandc.getfield("param_value"); local bIsInvalidAmount = false; local bIsInvalidUser = false; local bIsInvalidWebaccept = false; local ipaddress = Environment.REMOTE_ADDR; // try // { formHandler.ProcessPost(); // will set bFailed to true or false // } // catch // { // Library.loadfile(CGI.home & 'script\htmlpage'); // htmlPage = cMoneyHTMLPage(); // htmlPage.SetMainPanel('checkoutlinkerror'); // htmlPage.Expand(); // return; // } // IF WE'VE POSTED TO THIS PAGE FROM ELSE WHERE THERE WON'T BE A FORM NAME if ( (Environment.REQUEST_METHOD .eq. "POST") && CGI.defined('fields') && !CGI.fields.defined('formname')) { with (queryobj) { if (!cgiGetField('account_name').length() ==0) { .account_name = cgiGetField('account_name'); } .email_address_sender = cgiGetField('email_address_sender'); .postcode = cgiGetField('postcode'); .county = cgiGetField('county'); .town = cgiGetField('town'); .firstline = cgiGetField('firstline'); .fullname = cgiGetField('fullname'); .firstname =cgiGetField('firstname'); .lastname =cgiGetField('lastname'); .cancelurl = cgiGetField('cancelurl'); .email = cgiGetField('email'); .description = cgiGetField('description'); .ordernumber = cgiGetField('ordernumber'); .returnurl = cgiGetField('returnurl'); .logo = cgiGetField('logo'); .amount = cgiGetField('amount').split('£').join(''); .amount = .amount.split('GBP').join(''); .readonly = cgiGetField('readonly'); .send_method = cgiGetField('send_method'); .custom = cgiGetField('custom'); .responderurl = cgiGetField('responderurl'); .status = cgiGetField('status'); //stripout >< characters try { if (CGI.defined('fields')) { local sval; foreach (sval, CGI.fields.members().sort()) { DebugMsg("Stripping out >"); stripStringFromString(CGI.fields[sval], '>'); stripStringFromString(CGI.fields[sval], '<'); } } } catch { } // if any are empty delete them if (.email .eq. '') .delete('email'); if (.description .eq. '') { .delete('description'); } else { local ten=10; local fourteen=14; .description.split(ten.chr()).join("-"); .description.split(fourteen.chr()).join("-"); stripStringFromString(.description, ten.chr()); stripStringFromString(.description, fourteen.chr()); stripStringFromString(.description, '"'); stripStringFromString(.description, 'quot'); stripStringFromString(.description, '%22'); stripStringFromString(.description, '"'); stripStringFromString(.description, '&;'); stripStringFromString(.description, ';'); } if (.readonly .eq. '') .delete('readonly'); if (.ordernumber .eq. '') .delete('ordernumber'); if (.returnurl .eq. '') .delete('returnurl'); if (.logo .eq. '') { .delete('logo'); } else { stripStringFromString(.logo, "%22"); stripStringFromString(.logo, "\""); } //====================== // New for card payments //====================== // Check the send method - default to card if(.send_method .eq. '') .send_method = "account"; if (.amount .eq. '') .delete('amount'); // Some users have put quotes round their logos/addresses etc, so these need // to be removed or they will not be correctly serialised. } } // pull out anything of use from the querystring // and validate it if (queryobj.defined('account_name')) { formobj.account_name = queryobj.account_name; } if (queryobj.defined('responderurl')) { stripStringFromString(queryobj.responderurl, '>'); stripStringFromString(queryobj.responderurl, '<'); formobj.responderurl = queryobj.responderurl; queryobj.delete('responderurl'); } if (queryobj.defined('status')) { stripStringFromString(queryobj.status, '>'); stripStringFromString(queryobj.status, '<'); formobj.status = queryobj.status; DebugMsg("IN HERE FOR STATUS = " & formobj.status ); } if (queryobj.defined('email_address_sender')) { stripStringFromString(queryobj.email_address_sender, '>'); stripStringFromString(queryobj.email_address_sender, '<'); formobj.email_address_sender = queryobj.email_address_sender; formobj.email_address_sender2 = queryobj.email_address_sender; queryobj.delete('email_address_sender'); } if (queryobj.defined('postcode')) { stripStringFromString(queryobj.postcode, '>'); stripStringFromString(queryobj.postcode, '<'); formobj.postcode = queryobj.postcode; queryobj.delete('postcode'); } if (queryobj.defined('county')) { stripStringFromString(queryobj.county, '>'); stripStringFromString(queryobj.county, '<'); formobj.county = queryobj.county; queryobj.delete('county'); } if (queryobj.defined('town')) { stripStringFromString(queryobj.town, '>'); stripStringFromString(queryobj.town, '<'); formobj.town = queryobj.town; queryobj.delete('town'); } if (queryobj.defined('firstline')) { stripStringFromString(queryobj.firstline, '>'); stripStringFromString(queryobj.firstline, '<'); formobj.firstline = queryobj.firstline; queryobj.delete('firstline'); } // if (queryobj.defined('fullname')) // { // formobj.fullname = queryobj.fullname; // queryobj.delete('fullname'); // } if (queryobj.defined('firstname')) { stripStringFromString(queryobj.firstname, '>'); stripStringFromString(queryobj.firstname, '<'); formobj.fullname = queryobj.firstname; queryobj.delete('firstname'); } if (queryobj.defined('lastname')) { stripStringFromString(queryobj.lastname, '>'); stripStringFromString(queryobj.lastname, '<'); formobj.fullname =formobj.fullname & ' ' & queryobj.lastname; queryobj.delete('lastname'); } // if (queryobj.defined('lastname')) // { // // formobj.lastname = queryobj.lastname; // queryobj.delete('lastname'); // } if (queryobj.defined('custom')) { stripStringFromString(queryobj.custom, '>'); stripStringFromString(queryobj.custom, '<'); formobj.custom = queryobj.custom; } if (queryobj.defined('readonly')) { stripStringFromString(queryobj.readonly, '>'); stripStringFromString(queryobj.readonly, '<'); formobj.readonly = queryobj.readonly; } if (queryobj.defined('description')) { local ten=10; local fourteen=14; local thirtyfour=34; stripStringFromString(queryobj.description, '>'); stripStringFromString(queryobj.description, '<'); formobj.desc = queryobj.description; formobj.desc.split(fourteen.chr()).join("-"); stripStringFromString(formobj.desc, fourteen.chr()); stripStringFromString(formobj.desc, 'quot'); stripStringFromString(formobj.desc, '%22'); stripStringFromString(formobj.desc, '"'); stripStringFromString(formobj.desc, '&;'); stripStringFromString(formobj.desc, ';'); queryobj.description = formobj.desc; } // if(queryobj.defined('desc')) // { // if(cgiGetField('desc').ne. '') // if(queryobj.desc .ne. '') // { // //formobj.desc = cgiGetField('desc'); // } // } if (queryobj.defined('ordernumber')) { stripStringFromString(queryobj.ordernumber, '>'); stripStringFromString(queryobj.ordernumber, '<'); formobj.order = queryobj.ordernumber; } if (queryobj.defined('returnurl')) { stripStringFromString(queryobj.returnurl, '>'); stripStringFromString(queryobj.returnurl, '<'); formobj.url = queryobj.returnurl; } //====================== // New for card payments //====================== if(formobj.send_method .eq. '') formobj.send_method = "debitcard"; // if (queryobj.defined('send_method')) // { // formobj.send_method = cgiGetField('send_method'); // } if (queryobj.defined('cancelurl')) { formobj.cancelurl = queryobj.cancelurl; } if (queryobj.defined('logo')) { stripStringFromString(queryobj.logo, '>'); stripStringFromString(queryobj.logo, '<'); stripStringFromString(queryobj.logo, "%22"); stripStringFromString(queryobj.logo, "\""); formobj.logo = queryobj.logo; } if (queryobj.defined('amount')) { formobj.amount = queryobj.amount.split('£').join(''); formobj.amount = formobj.amount.split('GBP').join(''); if (!formobj.amount.isfloat()) { formobj.strDescrip = 'Syntax error: ' & formobj.amount & ' is not a valid number. Use the format xx.xx'; bIsInvalidAmount = true; } else { local test = formobj.amount.split("."); if (test.length() == 1) { formobj.amount = formobj.amount & '.00'; } if (test.length()== 0 ) { formobj.amount = formobj.amount & '0' } // formobj.amount .eq. formobj.amount.float(); } } else { formobj.strDescrip = 'Syntax error (missing parameter): amount, try: -

/checkout?email=[emailaddress]&amount=[xx.xx]'; bIsInvalidAmount = true; } local email =''; if (queryobj.defined('account_name')) { load('ADO'); local sql1 = "select email_address from classified_accounts INNER JOIN account ON classified_accounts.fk_account_id =account.id where classifieds_display_name ='" & queryobj.account_name.split("'").join("''") & "'" ; local rs=ADO( sql1, getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); if (!rs.eof()) { email = rs.getfield("email_address"); } rs.close(); } if (queryobj.defined('email')) { email = queryobj.email; } DebugMsg("Email = " & email); if (email .ne. '') { stripStringFromString(email, '>'); stripStringFromString(email, '<'); formobj.email = email; DebugMsg("SET FORMOBJ EMAIL = " & email); // test the user Library.loadfile(CGI.home & 'script\user'); Library.loadfile(CGI.home & 'script\account'); local testuser = cUser(); if (!testuser.IsUserSignedUp(formobj.email)) { formobj.strDescrip = "The email address " & formobj.email& " is not registered with Nochex. Please make sure that you either entered the correct email address or inform the site you are trying to pay that their payment link is set up incorrectly."; bIsInvalidUser = true; } else // extract the name from db { local recipaccount = cAccount(); if (recipaccount.ExistsForUser(testuser)) { recipaccount.Open(); recipaccount.OpenLimits(); formobj.trusted_seller = recipaccount.trustedseller; if (!recipaccount.receive) { formobj.strDescrip = formobj.email & " cannot receive money at this time "; bIsInvalidUser = true; } } formobj.name = ExtractDisplayNameForUser(testuser.id); load('ADO'); local sql1 = "sp_account_allow_webaccept " & testuser.id ; local rswebaccept=ADO( sql1, getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); local ballow_webaccept = rswebaccept.getfield("allow_webaccept"); local haveprofile = 0; local bshowfb = 1; rswebaccept.close(); strSQL = "sp_get_account_Profile_rating " & testuser.id; local rs2=ADO(strSQL ,getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); if (rs2.eof() == 0) { formobj.ratingstring= rs2.getfield('ratings_value'); formobj.membersince =rs2.getfield('member_location'); formobj.profile =rs2.getfield('fb_profile'); formobj.ratinggraphic = rs2.getfield('band_value'); if (formobj.profile.length() > 0 || rs2.getfield('fb_photo').length() > 0 ) { haveprofile = 1; } bshowfb = rs2.getfield("displayfeedback"); } rs2.close(); if (ballow_webaccept == 0) { //formobj.strDescrip = "Recipient account cannot accept web Accept transactions."; bIsInvalidWebaccept = true; } else { // DebugMsg("CHECKING DISABLE CARD TRANS"); // strSQL = "Select cast(param_value as int) as param_value from system_parameters where id =1"; // rs=ADO(strSQL ,getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); // local allow_card = rs.getfield("param_value"); // if (allow_card == 1) // { // bIsInvalidWebaccept = true; // } // else // { // now we need to get the recips webaccept amount and check with amount being sent SQL = "Select Web_accept_max_receive from Account Where id = " & testuser.id ; local rswebamount=ADO( SQL, getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); local max_amount = rswebamount.getfield("Web_accept_max_receive"); rswebamount.close(); if (max_amount == 0) { max_amount = getpersist('gnmaxwebaccept'); } if (formobj.amount.isfloat()) { if(formobj.amount > max_amount) { bIsInvalidWebaccept = true; //Because amount exceeded log this trans SQL1 = "sp_xtra2_exceed_log " & testuser.id & "," & formobj.amount & ",'" & formobj.desc.split("'").join("''") & "',1,'" & ipaddress & "'"; local rslog=ADO(SQL1, getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); rslog.close(); } } //} } DebugMsg("INVALID WEB ACCEPT FLAG = " & bIsInvalidWebaccept); } if (testuser.IsUserDeleted(formobj.email)) { formobj.strDescrip = "The money cannot be sent as the NOCHEX account " & formobj.email & " is no longer active"; bIsInvalidUser = true; } } else { formobj.strDescrip = 'Syntax error (missing parameter): email, try: -

/checkout?email=[emailaddress]&amount=[xx.xx]'; bIsInvalidUser = true; } if (Environment.HTTPS.toupper() .ne. 'ON') { formobj.strDescrip = 'The NOCHEX Checkout page must be viewed over a secure "https" channel.

Try again by typing https:// at the beginning of the address.'; bIsInvalidUser = true; } // needed for the sent.html template formobj.remail = formobj.email; formobj.newuser = false; // build up the new registration url local obj = newobject(); obj.ACTION = 'SU'; obj.ref = formobj.email; // now encode it it local regurl = exeSecureHTML() & CGI.constructquery(CGI.makestring(obj)); load('time'); local nType = 2; // menu is send money DebugMsg("the send method was " & formobj.send_method); if (formobj.balanceneeds > 0 && formobj.send_method .eq. "account") { formobj.bFailed = true; formobj.strDescrip = 'You do not have enough money in your NOCHEX account to make this payment. You can either use the "Send from debit card" or "Send from credit card" option or click here to "Load" money in to your NOCHEX account and try again.'; } if (formobj.bFailed) { // setup HTML page Library.loadfile(CGI.home & 'script\htmlpage'); htmlPage = cMoneyHTMLPage(); // if params missing display syntax error page if ( bIsInvalidUser || bIsInvalidAmount) { // Set the main panel htmlPage.SetMainPanel('syntax'); } else { // DebugMsg("XXX form type = " & formobj.form_type); // Set the main panel // DebugMsg("XXX var type = " & formobj.var_type); DebugMsg("We are here bfailed = " & formobj.bFailed & " confirm = " & formobj.bconfirm); DebugMsg(" STATUS INCHECKOUT SCRIP PAGE = " & formobj.status); if (!bIsInvalidWebaccept) { formobj.form_name = 'webacceptpage'; } else { formobj.form_name = 'checkoutpage'; } if (formobj.status.toupper() .eq. 'TEST') { formobj.form_name = 'checkoutpage'; } DebugMsg("checkout vare = " & formobj.checkout_var); if(formobj.checkout_var) { DebugMsg(" Set Form_name = CHECKOUTPAGE"); formobj.form_name = 'checkoutpage'; } DebugMsg("FORM NAME = " & formobj.form_name); htmlPage.SetMainPanel('checkout'); } htmlPage.Expand(); } else { //setup HTML page Library.loadfile(CGI.home & 'script\htmlpage'); htmlPage = cMoneyHTMLPage(); DebugMsg("in here bconfirm = " & formobj.bconfirm & " loadcheck = " & formobj.loadsendcheckedcheckout); // if( formobj.send_method.eq. "card") // { // Before any checks check for Disable flag // DebugMsg("CHECKING DISABLE CARD TRANS"); // load('ADO'); // strSQL = "Select cast(param_value as int) as param_value from system_parameters where id =1"; // rs=ADO(strSQL ,getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); // local allow_card = rs.getfield("param_value"); // // if (allow_card == 1) // { // htmlPage.SetMainPanel('nocardtrans2');; // htmlPage.Expand(); // return; // } // } if(formobj.loadsendcheckedcheckout) { if(formobj.bconfirm) { htmlPage.SetMainPanel('checkoutconf1'); } else { htmlPage.SetMainPanel('checkoutconf'); } } else { if(formobj.loadsendchecked) { if (!bIsInvalidWebaccept) { formobj.form_name = 'webacceptpage'; } else { formobj.form_name = 'checkoutpage'; } DebugMsg("checkout vare = " & formobj.checkout_var); if(formobj.checkout_var) { DebugMsg(" Set Form_name = CHECKOUTPAGE"); formobj.form_name = 'checkoutpage'; } DebugMsg("BCONFIRM IS = " & formobj.bconfirm); if (formobj.form_name .eq. 'checkoutpage'); { if(formobj.bconfirm) { htmlPage.SetMainPanel('checkoutconf1'); } else { htmlPage.SetMainPanel('checkoutconf'); } } if (formobj.form_name .eq. 'webacceptpage'); { if(formobj.bwebacceptconfirm) { htmlPage.SetMainPanel('webaccept_confirm1'); } else { // NEW CHECK // local default_charge = (getpersist("gnCardLoadCostPence").float() / 100); // if (!bIsInvalidWebaccept) // { // load('ADO'); // local sql="sp_xtra_charge " & testuser.id & "," & formobj.amount & "," & default_charge; // local rsxtra_charge=ADO(sql, getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); // // if(rsxtra_charge.getfield("sendcharge") > 0) // { // formobj.charge = rsxtra_charge.getfield("sendcharge"); // } // else // { // local x = 0; // formobj.charge = x; // } // // formobj.amount = rsxtra_charge.getfield("sendamount"); // formobj.total = Currency(rsxtra_charge.getfield("loadamount")); // } // else // { // formobj.total= Currency(formobj.amount + default_charge); // formobj.charge = default_charge; // } // END NEW CHECK DebugMsg("top charge= " & formobj.charge); //return; htmlPage.SetMainPanel('sentchkt'); } } } else { // Set the main panel //DebugMsg("bottom charge= " & formobj.charge); //local default_charge = (getpersist("gnCardLoadCostPence").float() / 100); //load('ADO'); //local sql="sp_xtra_charge " & testuser.id & "," & formobj.amount & "," & default_charge; //local rsxtra_charge=ADO(sql, getpersist('gsDBConnectString'),"ForwardOnly","ReadOnly" ,"Text","Server"); //if(rsxtra_charge.getfield("sendcharge") > 0) //{ // formobj.charge = rsxtra_charge.getfield("sendcharge"); //} //else // { // local x = 0; // formobj.charge = x; // } // local dcharge = formobj.charge; // formobj.total= Currency(formobj.amount + dcharge); // formobj.charge = dcharge; htmlPage.SetMainPanel('sentchkt'); } } htmlPage.Expand(); } } catch { %> <#error#> <% } %>