<% '************************************************************************************ '* * '* MODIFICATION TO THIS SCRIPT OR ANY FILES INCLUDED WITH * '* ONEWORLDSTOREFRONT IS DONE AT YOUR OWN RISK! * '* Product : OneWorldStoreFront * '* Copyright: Copyright (C) 2004 OneWorldStoreFront.Com * '* Registration Number: 1024507 * '* http://strategis.ic.gc.ca/ * '* * '************************************************************************************ Dim bProdInfoReturned, sDescription, sPrice, sBtoBPrice, sDetails, sListPrice, simageUrl Dim sSmallImageURL, sStock, sSku, sFormQuantity, sFreeShipping , sFreeShipStartDate Dim sFreeShipEndDate, sFreeShipQty, sSearchKeywords, sAllowReviews, sModerateReviews, sNumRanking, sRanking Dim sIDProduct, sIDCategory bProdInfoReturned = False bProdInfoReturned = ReturnProductData() ' have to call this before the template so that we'll have the product's description for the page title %><% '************************************************************************************ '* * '* * '* * '************************************************************************************ Sub ActionSubroutine() Dim sError sAction = Trim(Request("sAction")) bDetail = CONVERSION_SQLEncode2(Request("bDetail"),2) If ( ( sIDProduct = "" ) Or ( NOT IsNumeric(sIDProduct) ) ) Then Call owMessage(LANG_DT( "PROD_DETAIL_NOTFOUND", "Unable to find the product. The product ID# is missing." ), C_ERROR) Else If ( sIDCategory = "" ) Then ' do the slow way of looking it up sSQLText = "SELECT C.idCategory FROM categories C, CatProdMap CP WHERE CP.idProduct = " & sIDProduct & " AND CP.idCategory = C.idCategory" Call DB_getFromDatabase (sSQLText, rsStoreData, "") If ( NOT rsStoreData.EOF ) Then sIDCategory = rsStoreData("idCategory") End If Call DB_closeRecordset(rsStoreData) End If call DB_updateDatabase("UPDATE products SET visits = visits + 1 WHERE idProduct = " & sIDProduct) If ( bProdInfoReturned ) Then ' process reviews here because we know the required product info If ( sAction = "ProductReview" ) Then sError = ProcessReview(sIDProduct, sAllowReviews, sModerateReviews) End If If ( Trim(Request("bSelectOption")) = "T" ) Then ' this var will be set on the querystring from the owAddItem.asp when a user tries to add a product from a product listing page where that product requires at least one option ' and this error should display at the top of the product detail page w/ all the other info under it sError = sError & LANG_DT( "PROD_DETAIL_OPTIONISREQUIRED", "Please choose an option for this product before adding it to your cart." ) End If Call STRUCTURE_Breadcrumbs(sBreadCrumb, sIDCategory) Response.Write " > " & sBreadCrumb If ( sOWCurrencyCode <> "" ) Then sTempCurrencyCode = "(" & sOWCurrencyCode & ")" End If %>

<% If ( sError <> "" ) Then Call owMessage(sError, C_ERROR) End If %>

<%=sDescription%>

<%Call DisplayRating()%> <%If ( NOT bOWStoreClosed ) Then%> <%If ( (sStock>0 or sOWUnderStockBehavior = -1) And ( sFormQuantity > 1 ) ) Then If ( sStock < sFormQuantity ) Then sFormQuantity = sStock End If %> <%=LANG_DT( "PROD_DETAIL_QTYDROPDOWN", "Qty" )%> 1 <%for iX = 2 to sFormQuantity%> <%=iX%> <%next%> <%End If%> <%if sStock>0 or sOWUnderStockBehavior = -1 then%> <%ElseIf sStock <=0 And sOWUnderStockBehavior = 0 Then%> <%=LANG_DT( "PROD_DETAIL_SOLDOUT", "Sold Out!" )%> <%End If%> <%End If%> <%=LANG_DT( "PROD_DETAIL_ITEMNUM", "Item #" )%>: <%=sSku%> <%if Trim(simageUrl)<>"" then%> <%else%> <%If Trim(sSmallImageURL) = "" Then%> <%Else%> <%End If%> <%End If%>				<% if ( CInt(sFreeShipping) = -1 ) then If ( IsDate(sFreeShipStartDate) ) And ( IsDate(sFreeShipEndDate) ) Then If ( CDate(sFreeShipStartDate) <= Now() ) And ( CDate(sFreeShipEndDate) >= Now() ) Then sFreeShipMsg = Replace(Replace(LANG_DT( "PROD_DETAIL_FREESHIP1", "Free shipping from 1: to 2: on this product!" ), "1:", FormatDateTime(CDate(sFreeShipStartDate), 2)), "2:", FormatDateTime(CDate(sFreeShipEndDate), 2)) End If End If If ( ( IsNumeric(sFreeShipQty) ) And ( CInt(sFreeShipQty) > 0 ) ) Then If ( sFreeShipMsg = "" ) Then sFreeShipMsg = Replace(LANG_DT( "PROD_DETAIL_FREESHIP2", "Free shipping on this product when you purchase at least 1:!" ), "1:", sFreeShipQty) & " " Else sFreeShipMsg = Replace(Replace(Replace(LANG_DT( "PROD_DETAIL_FREESHIP3", "Free shipping on this product when you purchase at least 1: from 2: to 3:!" ), "1:", sFreeShipQty), "2:", FormatDateTime(CDate(sFreeShipStartDate), 2)), "3:", FormatDateTime(CDate(sFreeShipEndDate), 2)) & " " End If End If If ( sFreeShipMsg = "" ) Then ' there is just generic free shipping on this, the admin just set this product as "free shipping" w/o any restrictions ' or it's a digital download that doesn't need shipping sFreeShipMsg = LANG_DT( "PROD_DETAIL_FREESHIP4", "Free shipping on this product!" ) End If %> <%=sFreeShipMsg%> <% End If %> <%=sSku%>   <% dList = 0 ' list price (MSRP) dWhole = 0 ' wholesale price (display if greater than 0) dDif = 0 ' difference in price current cust is paying relative to list price dDifPer = 0 ' difference percentage if sBtoBPrice>0 and (bOWShowBtoBPrice or ACCNT_InGroup(iLoginAccountUnq, C_GROUP_WHOLESALE)) then dWhole = sBtoBPrice End If if ((sListPrice-sPrice)>0 and (ACCNT_InGroup(iLoginAccountUnq, C_GROUP_RETAIL) Or (NOT bHasAccount))) then dList = sListPrice End If if (sPrice-sBtoBPrice)>0 and ( sBtoBPrice > 0 ) and ACCNT_InGroup(iLoginAccountUnq, C_GROUP_WHOLESALE) then dDif = sPrice-sBtoBPrice dDifPer = FormatPercent((1-(sBtoBPrice/sListPrice))) Elseif ((sListPrice-sPrice)>0 and ( sPrice > 0 ) and ((ACCNT_InGroup(iLoginAccountUnq, C_GROUP_RETAIL) Or (NOT bHasAccount)))) then dDif = sListPrice-sPrice dDifPer = FormatPercent((1-(CONVERSION_Numeric(sPrice/sListPrice, C_DOUBLE)))) End If %> <%If ( dList > 0 ) Then%> <%End If%> <%If ( ( sPrice > 0 ) Or ( dWhole > 0 ) ) Then%> <%If ( dWhole > 0 ) Then%> <%Else%> <%End If%> <%End If%> <%If ( dDif > 0 ) Then%> <%End If%> <% If ( bOWShowStockView ) Then If ( sStock > 0 ) Then %> <% ElseIf sStock <=0 And sOWUnderStockBehavior = 0 Then %> <% End If End If %> <%=LANG_DT( "PROD_DETAIL_MSRP", "List Price " )%>: <%=CONVERSION_Currency(dList)%> <%=LANG_DT( "PROD_DETAIL_WHOLESALE", "Wholesale Price" )%>: <%=CONVERSION_Currency(dWhole)%> <%=sTempCurrencyCode%> <%=LANG_DT( "DEFAULT_OURPRICE", "Our Price" )%>: <%=CONVERSION_Currency(sPrice)%> <%=sTempCurrencyCode%> <%=LANG_DT( "PROD_DETAIL_YOUSAVE", "You save " )%>: <%=CONVERSION_Currency(dDif)%> (<%=dDifPer%>) <%=LANG_DT( "PROD_DETAIL_INV", "In stock" )%>: <%=sStock%> <%=LANG_DT( "PROD_DETAIL_SOLDOUT", "Sold Out!" )%> <%Call getOptionsGroups(sIDProduct)%> <%=LANG_DT( "PROD_DETAIL_EMAILFRIEND", "Email this product to a friend" )%>
<% Response.Write sDetails If ( sAllowReviews = "Y" ) Then Call ProductReviews(sIDProduct, sIDCategory, "N") End If %>

<% Else Call owMessage(LANG_DT( "PROD_DETAIL_NOTFOUND2", "Unable to find the item specified." ), C_ERROR) End If End If End Sub '************************************************************************************ '************************************************************************************ '* * '* * '* * '************************************************************************************ Function getOptionsGroups(idProduct) dim rsStoreData, rsStoreData2, iCount set rsStoreData = CreateObject("ADODB.Recordset") set rsStoreData2 = CreateObject("ADODB.Recordset") iCount = 0 sSQLText = "SELECT OGP.idOptionGroup, OGP.Required FROM Products P, OptionsGroups_Products OGP WHERE P.idProduct = " & idProduct &" AND P.idProduct = OGP.idProduct" Call DB_getFromDatabase (sSQLText, rsStoreData, "") If ( NOT rsStoreData.EOF ) Then While ( NOT rsStoreData.EOF ) sRequired = Trim(rsStoreData("Required")) sSQLText = "SELECT O.priceToAdd, O.optionDescrip, O.idOption, OG.idOptionGroup, OG.optionGroupDesc, OG.Type FROM OptionsGroups OG, Options_OptionsGroups OOG, Options O WHERE OG.idOptionGroup = " & rsStoreData("idOptionGroup") & " AND OG.idOptionGroup = OOG.idOptionGroup AND O.idOption = OOG.idOption ORDER BY O.optionDescrip" Call DB_getFromDatabase (sSQLText, rsStoreData2, "") If ( NOT rsStoreData2.EOF ) Then iCount = iCount + 1 sType = Trim(rsStoreData2("Type")) Select Case sType Case "Checkbox", "Radio" iCount2 = 0 %> <%If ( sRequired <> "Y" ) Then%> <%End If%> <%While ( NOT rsStoreData2.EOF )%> <% iCount2 = iCount2 + 1 rsStoreData2.MoveNext Wend response.write Vbcrlf & "

<%If ( sRequired = "Y" ) Then%> (*) <%End If%> <%=LANG_DT( "PROD_DETAIL_SELECTA", "Select a " ) & rsStoreData2("optionGroupDesc")%>
<%=LANG_DT( "PROD_DETAIL_NOCHOICE", "None" )%>
<%=rsStoreData2("optionDescrip")%>	<%If ( sRequired = "Y" ) And ( iCount2 = 0 ) Then%> "> <%Else%> "> <%End If%>	<% If ( CDbl(rsStoreData2("priceToAdd")) > 0 ) Then response.write " +" & CONVERSION_Currency(rsStoreData2("priceToAdd")) End If %>

" Case "Dropdown" %> <%If ( sRequired = "Y" ) Then%> <%End If%>

<%=rsStoreData2("optionGroupDesc")%>:

<%If ( sRequired = "Y" ) Then%> <%Else%> <%End If%> <%=LANG_DT( "PROD_DETAIL_NOCHOICE", "None" )%> <% While ( NOT rsStoreData2.EOF ) response.write "" & rsStoreData2("optionDescrip") If ( CDbl(rsStoreData2("priceToAdd")) > 0 ) Then response.write " +" & CONVERSION_Currency(rsStoreData2("priceToAdd")) End If response.write "" & VBcrlf rsStoreData2.MoveNext Wend %>

(*)

<% Case "Text" %> <%While ( NOT rsStoreData2.EOF )%> <% rsStoreData2.MoveNext Wend response.write Vbcrlf & "

<%If ( sRequired = "Y" ) Then%> (*) <%End If%> <%=LANG_DT( "PROD_DETAIL_ENTERTEXT", "Enter text for " ) & " " & rsStoreData2("optionGroupDesc")%>
<%=rsStoreData2("optionDescrip")%>	alt='blank' emsg='<%=Replace(LANG_DT( "PROD_DETAIL_CHOOSETEXT", "Please enter text for 1:." ), "1:", rsStoreData2("optionGroupDesc"))%>'<%End If%> name='idOption_Text_<%=rsStoreData2("idOptionGroup")%>_<%=rsStoreData2("idOption")%>' value="" size=40 maxlength=250>	<% If ( CDbl(rsStoreData2("priceToAdd")) > 0 ) Then response.write " +" & CONVERSION_Currency(rsStoreData2("priceToAdd")) End If %>

" End Select Call DB_closeRecordset(rsStoreData2) End If rsStoreData.MoveNext Wend Response.Write LANG_DT( "PROD_DETAIL_REQOPTION", "(*) Required Option" ) Response.Write "

" End If Call DB_closeRecordset(rsStoreData) set rsStoreData = Nothing set rsStoreData2 = Nothing End Function '************************************************************************************ '************************************************************************************ '* * '* * '* * '************************************************************************************ Sub DisplayRating() Call DB_getFromDatabase("SELECT NumRanking, Ranking FROM Products WHERE idProduct = " & sIDProduct, rsStoreData, "") If ( NOT rsStoreData.EOF ) Then dNumRanking = rsStoreData("NumRanking") dRanking = rsStoreData("Ranking") If ( dNumRanking > 0 ) Then iRank = Int((sRanking/sNumRanking)/2) If ( iRank > 5 ) Then ' in case the admin changed it to a rating/#raters combo that's more than 5 If ( iRank > 10 ) Then iRank = 5 Else iRank = Int(iRank/2) End If End If Response.Write LANG_DT( "PROD_DETAIL_AVERATE", "Average rating: " ) & "" Response.Write "
" Response.Write LANG_DT( "PROD_DETAIL_NUMREVIEWS", "Number of Reviews: " ) & dNumRanking End If End If Call DB_closeRecordset(rsStoreData) End Sub '************************************************************************************ '************************************************************************************ '* * '* * '* * '************************************************************************************ Sub ProductReviews(sIDProduct, sIDCategory, sModerateReviews) %>

<%=LANG_DT( "PROD_DETAIL_REVIEWHEAD", "PRODUCT REVIEWS" )%>

<% sSQLText = "SELECT * FROM owReviews R, owReviewThread RT WHERE R.idReviewThread = RT.idReviewThread AND RT.idProduct = " & sIDProduct & " AND R.ApprovalState = 'Y'" Call DB_getFromDatabase(sSQLText, rsStoreData, "") If ( NOT rsStoreData.EOF ) Then %> <% End If Call DB_closeRecordset(rsStoreData) %> <%=LANG_DT( "PROD_DETAIL_REVNAME", "Your Name" )%>: <%=LANG_DT( "PROD_DETAIL_REVEMAIL", "Your Email Address" )%>: <%=LANG_DT( "PROD_DETAIL_RATING", "Your rating of this product" )%>: <%=LANG_DT( "PROD_DETAIL_RATING1", "1 out of 5" )%> <%=LANG_DT( "PROD_DETAIL_RATING2", "2 out of 5" )%> <%=LANG_DT( "PROD_DETAIL_RATING3", "3 out of 5" )%> <%=LANG_DT( "PROD_DETAIL_RATING4", "4 out of 5" )%> <%=LANG_DT( "PROD_DETAIL_RATING5", "5 out of 5" )%> <%=LANG_DT( "PROD_DETAIL_REVBODY", "Your review of this product" )%>: <%=LANG_DT( "PROD_DETAIL_REVREQUIRED", "All fields are required." )%> <%=LANG_DT( "PROD_DETAIL_CURREV", "Current Reviews" )%> <% While ( NOT rsStoreData.EOF ) sUserName = Trim(rsStoreData("UserName")) sUserEmail = Trim(rsStoreData("UserEmail")) sBody = Trim(rsStoreData("Body")) ' have to un-replace like this so that the Server.HTMLEncode can be entered here so that there is no way to do a JavaScript/XSS inject sBody = Replace(sBody, "<", "<") sBody = Replace(sBody, ">", ">") sBody = Replace(sBody, VbCrlf, " ") %> <%=Server.HTMLEncode(sUserName)%> <%=Server.HTMLEncode(sUserEmail)%> <%=Server.HTMLEncode(sBody)%> <% rsStoreData.MoveNext Wend %>

<% End Sub '************************************************************************************ '************************************************************************************ '* * '* * '* * '************************************************************************************ Function ProcessReview(sIDProduct, sAllowReviews, sModerateReviews) Dim rsStoreData, sIDReviewThread, sTemp If ( sAllowReviews = "Y" ) Then Set rsStoreData = CreateObject("ADODB.Recordset") sUserName = CONVERSION_SQLEncode2(Request("sUserName"),250) sBody = Trim(SQLEncode(Request("sBody"))) sUserEmail = CONVERSION_SQLEncode2(Request("sUserEmail"),250) sRating = CONVERSION_Numeric(Request("sRating"), C_INTEGER) sBody = Replace(Replace(sBody, "<", "<"), ">", ">") If ( sUserEmail = "" ) Then ' users don't have to enter their email addresses, but this will enable us to make sure they don't ' repost, at least w/o having to close their browser first. And it'll give us a bit of tracking info sUserEmail = LANG_DT( "PROD_DETAIL_REV_ANON", "Anonymous" ) & Session.SessionID End If If ( sBody = "" ) Then ProcessReview = LANG_DT( "PROD_DETAIL_REVERR_ENTERBODY", "Please enter the body of your product review." ) Else If ( sUserName = "" ) Then ProcessReview = LANG_DT( "PROD_DETAIL_REVERR_NAME", "Please enter your name if you would like to leave a product review." ) Else If ( ( InStr(sUserEmail, "@") < InStrRev(sUserEmail, ".") ) And ( InStr(sUserEmail, "@") > 0 ) Or ( sUserEmail = LANG_DT( "PROD_DETAIL_REV_ANON", "Anonymous" ) & Session.SessionID ) ) Then ' see if there is an existing thread for this product - check owReviewThread ' if there is, use that idReviewThread to insert the new review into owReviews ' set the review status to approved if there is no moderation on this product Call DB_getFromDatabase("SELECT * FROM owReviewThread WHERE idProduct = " & sIDProduct, rsStoreData, "") If ( rsStoreData.EOF ) Then ' the thread pointer doesn't exist, so create one, then return the id number for the review Call DB_updateDatabase("INSERT INTO owReviewThread (idProduct, NumReviews) VALUES (" & sIDProduct & ", 1)") Call DB_closeRecordset(rsStoreData) Call DB_getFromDatabase("SELECT * FROM owReviewThread WHERE idProduct = " & sIDProduct, rsStoreData, "") If ( NOT rsStoreData.EOF ) Then sIDReviewThread = rsStoreData("idReviewThread") iNumReviews = 0 End If Else sIDReviewThread = rsStoreData("idReviewThread") iNumReviews = CInt(rsStoreData("NumReviews")) + 1 End If Call DB_closeRecordset(rsStoreData) If ( sIDReviewThread <> "" ) Then Call DB_getFromDatabase("SELECT * FROM owReviews WHERE idReviewThread = " & sIDReviewThread & " AND UserEmail = '" & sUserEmail & "'", rsStoreData, "") If ( NOT rsStoreData.EOF ) Then ProcessReview = LANG_DT( "PROD_DETAIL_REVERR_ALREADY", "You have already reviewed this product. We encourage your reviews and would ask that you review another of our fine products!" ) Else If ( iLoginAccountUnq = "" ) Then ' customer might not be logged in and we can't add blank to a numeric db field sTemp = "0" Else sTemp = iLoginAccountUnq End If If ( sModerateReviews = "N" ) Then Call DB_updateDatabase("INSERT INTO owReviews (idReviewThread, AccountUnq, UserName, UserEmail, UserURL, Body, ApprovalState) VALUES (" & sIDReviewThread & ", " & sTemp & ", '" & sUserName & "', '" & sUserEmail & "', '', '" & sBody & "', 'Y')") Else Call DB_updateDatabase("INSERT INTO owReviews (idReviewThread, AccountUnq, UserName, UserEmail, UserURL, Body, ApprovalState) VALUES (" & sIDReviewThread & ", " & sTemp & ", '" & sUserName & "', '" & sUserEmail & "', '', '" & sBody & "', 'N')") ProcessReview = LANG_DT( "PROD_DETAIL_MODERATENOTE", "Thank you for your input. Your review will appear as soon as it has been approved.") End If If ( iNumReviews > 1 ) Then ' don't bother updating it unless it's actually the second or higher review Call DB_updateDatabase("UPDATE owReviewThread SET NumReviews = " & iNumReviews & " WHERE idReviewThread = " & sIDReviewThread) End If ' increase the ranking Call DB_getFromDatabase("SELECT NumRanking, Ranking FROM Products WHERE idProduct = " & sIDProduct, rsStoreData2, "") If ( NOT rsStoreData2.EOF ) Then dNumRanking = rsStoreData2("NumRanking") + 1 dRanking = rsStoreData2("Ranking") + sRating Call DB_updateDatabase("UPDATE Products SET NumRanking = " & dNumRanking & ", Ranking = " & dRanking & " WHERE idProduct = " & sIDProduct) End If Call DB_closeRecordset(rsStoreData2) End If Call DB_closeRecordset(rsStoreData) Else ProcessReview = LANG_DT( "PROD_DETAIL_REVERR_BADTHREAD", "Unable to add review - thread master is invalid. Please contact the store owner." ) End If Else ' the email logic is easier if we do it reversed from the other methods ProcessReview = LANG_DT( "PROD_DETAIL_REVERR_EMAIL", "Please enter your email address if you would like to leave a product review.
It must be a valid email address." ) End If End If End If Set rsStoreData = Nothing Else ProcessReview = LANG_DT( "PROD_DETAIL_REVERR_NOTALLOWED", "Sorry, reviews are not allowed on this product." ) End If End Function '************************************************************************************ '************************************************************************************ '* * '* * '* * '************************************************************************************ Function ReturnProductData() sIDProduct = CONVERSION_Numeric(request("idProduct"), C_INTEGER) sIDCategory = CONVERSION_Numeric(request("idCategory"), C_INTEGER) sSQLText = "SELECT * FROM products WHERE idProduct = " & sIDProduct & " AND active = -1" Call DB_getFromDatabase (sSQLText, rsStoreData, "") If ( NOT rsStoreData.EOF ) Then sDescription = Trim(rsStoreData("description")) sPrice = CONVERSION_Numeric(Trim(rsStoreData("price")), C_DOUBLE) sBtoBPrice = CONVERSION_Numeric(Trim(rsStoreData("bToBPrice")), C_DOUBLE) sDetails = Trim(rsStoreData("details")) sListPrice = CONVERSION_Numeric(Trim(rsStoreData("listPrice")), C_DOUBLE) simageUrl = Trim(rsStoreData("imageUrl")) sSmallImageURL = Trim(rsStoreData("smallimageUrl")) sStock = CONVERSION_Numeric(Trim(rsStoreData("stock")), C_INTEGER) sSku = Trim(rsStoreData("sku")) sFormQuantity = CONVERSION_Numeric(Trim(rsStoreData("formQuantity")), C_INTEGER) sFreeShipping = Trim(rsStoreData("freeShipping")) sFreeShipStartDate = Trim(rsStoreData("FreeShipStartDate")) sFreeShipEndDate = Trim(rsStoreData("FreeShipEndDate")) sFreeShipQty = CONVERSION_Numeric(Trim(rsStoreData("FreeShipQty")), C_INTEGER) sSearchKeywords = Trim(rsStoreData("SearchKeywords")) sAllowReviews = Trim(rsStoreData("AllowReviews")) sModerateReviews = Trim(rsStoreData("ModerateReviews")) sNumRanking = CONVERSION_Numeric(Trim(rsStoreData("NumRanking")), C_DOUBLE) sRanking = CONVERSION_Numeric(Trim(rsStoreData("Ranking")), C_DOUBLE) ReturnProductData = True Else ReturnProductData = False End If Call DB_closeRecordset(rsStoreData) End Function '************************************************************************************ %>