protected void Page_Load(object sender, System.EventArgs e) { Customer thisCustomer; int customerId = 0; String postData = String.IsNullOrEmpty(Request.Form.ToString()) ? Request.QueryString.ToString() : Request.Form.ToString(); if (Request.Form["USER1"] != null && Request.Form["USER1"] != "" && int.TryParse(Request.Form["USER1"], out customerId)) //silent post { thisCustomer = new Customer(customerId, true); PayPalEmbeddedCheckoutCallBackProcessor processor = new PayPalEmbeddedCheckoutCallBackProcessor(PayFlowProController.GetParameterStringAsDictionary(postData, true), thisCustomer); string redirectPage = processor.ProccessCallBack(); } else if (!String.IsNullOrEmpty(Request.Form.ToString())) //notification (ipn) { } else // customer returning to site { if (QSResultCode == 0) { int OrderNumber = DB.GetSqlN("select MAX(OrderNumber) N from dbo.orders where CustomerID = " + ThisCustomer.CustomerID.ToString()); Response.Redirect("orderconfirmation.aspx?ordernumber=" + OrderNumber.ToString() + "&paymentmethod=PayPalEmbeddedCheckout", true); return; } ErrorMessage er = new ErrorMessage(QSResponseMessage); ShoppingCart cart = new ShoppingCart(SkinID, ThisCustomer, CartTypeEnum.ShoppingCart, 0, false); var checkoutController = CheckOutPageControllerFactory.CreateCheckOutPageController(ThisCustomer, cart); Response.Redirect(checkoutController.GetCheckoutPaymentPage() + "?ErrorMsg=" + er.MessageId, true); } }
private string GetSmartOPCReturnURL(string returnURL, Customer ThisCustomer, ShoppingCart Cart) { if (string.IsNullOrEmpty(returnURL)) { return(returnURL); } bool phoneCustomer = ((HttpContext.Current.Items["IsBeingImpersonated"] != null) && ((string)HttpContext.Current.Items["IsBeingImpersonated"] == "true")); var checkoutController = CheckOutPageControllerFactory.CreateCheckOutPageController(ThisCustomer, Cart); if (checkoutController.GetCheckoutType() == CheckOutType.SmartOPC) { // if we are using SmartOPC, and there is an error, // then return the user to shoppingcart.aspx so the checkout controller can make a decision on how to proceed. if (!phoneCustomer) { if (returnURL.IndexOf("errormsg") >= 0) { return(returnURL.Replace("checkoutpayment.aspx", "shoppingcart.aspx")); } } } return(returnURL); }
private string ReturnFirstPayError() { ErrorMessage er; if (!string.IsNullOrEmpty(ErrorMessage)) { er = new ErrorMessage("Transaction Error: " + HttpUtility.UrlDecode(ErrorMessage)); } else if (!string.IsNullOrEmpty(AuthResponse) && !AuthResponse.ToLower().Contains("approved")) { er = new ErrorMessage("Transaction Declined: " + HttpUtility.UrlDecode(AuthResponse)); } else { er = new ErrorMessage("The transaction was declined."); } var checkoutController = CheckOutPageControllerFactory.CreateCheckOutPageController(ThisCustomer, cart); return(checkoutController.GetCheckoutPaymentPage() + "?errormsg=" + er.MessageId); }
/// <summary> /// Handles the Load event of the Page control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> protected void Page_Load(object sender, EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); // This is for one page checkout var checkoutController = CheckOutPageControllerFactory.CreateCheckOutPageController(); bool UseOnePageCheckout = checkoutController.GetCheckoutType() == CheckOutType.BasicOPC; // SmartOPC doesn't support Netaxept string opcCheckoutPage = checkoutController.GetBasicOnePageCheckoutPage(); bool UseFinalReviewOrderPage = AppLogic.AppConfigBool("Checkout.UseOnePageCheckout.UseFinalReviewOrderPage"); loadingshipping.ImageUrl = AppLogic.SkinImage("loadingshipping.gif"); // We redirect the customer if he doesnt have customer record // this add a security, i8f try to access this page in the url if (!Customer.Current.HasCustomerRecord) { Response.Redirect("default.aspx"); } AspDotNetStorefrontGateways.Processors.Netaxept netaxeptBBS = new AspDotNetStorefrontGateways.Processors.Netaxept(); string setUp = string.Empty; ShoppingCart cart = new ShoppingCart(Customer.Current.SkinID, Customer.Current, CartTypeEnum.ShoppingCart, 0, false); // Lets get the order total amount Decimal CartTotal = cart.Total(true); Decimal OrderTotal = CartTotal - CommonLogic.IIF(cart.Coupon.CouponType == CouponTypeEnum.GiftCard, CommonLogic.IIF(CartTotal < cart.Coupon.DiscountAmount, CartTotal, cart.Coupon.DiscountAmount), 0); // The designated url for BBS Hosted UI string url = string.Empty; // Determine to go live or test. if (AppLogic.AppConfigBool("UseLiveTransactions")) { url = AppLogic.AppConfig("NETAXEPT.Live_UI"); // use live } else { url = AppLogic.AppConfig("NETAXEPT.Test_UI"); // use test } // This is the return transaction string when calling their setup // To start off a payment operation, a setup-call needs to be made // This is always the first operation made for a transaction. setUp = netaxeptBBS.GetTransactionString(cart, Customer.Current, OrderTotal); if (setUp.IndexOf(AppLogic.GetString("toc.aspx.6", Customer.Current.SkinID, Customer.Current.LocaleSetting)) != -1) { // This will show the setup error in the checkoutpayment page if (AppLogic.AppConfigBool("NETAXEPT.Error.Setup")) { ErrorMessage err = new ErrorMessage(Server.HtmlEncode(setUp)); if (UseOnePageCheckout) { Response.Redirect(opcCheckoutPage + "?errormsg=" + err.MessageId); } Response.Redirect("CheckoutPayment.aspx?nexaxepterror=" + err.MessageId); } } else { // We'll put the transaction string in the literal // so it will be included on form data ltlNexaxept.Text = setUp; } btnNetaxept.PostBackUrl = url; frmNetaxept.Action = url; }
public void btnContinueToCheckOut_Click(object sender, EventArgs e) { btnUpdateAccount_Click(null, null); Response.Redirect(CheckOutPageControllerFactory.CreateCheckOutPageController().GetContinueCheckoutPage()); }
protected void Page_Load(object sender, EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); // This is for one page checkout var checkoutController = CheckOutPageControllerFactory.CreateCheckOutPageController(); bool UseOnePageCheckout = checkoutController.GetCheckoutType() == CheckOutType.BasicOPC; // SmartOPC doesn't support Netaxept string opcCheckoutPage = checkoutController.GetBasicOnePageCheckoutPage(); bool UseFinalReviewOrderPage = AppLogic.AppConfigBool("Checkout.UseOnePageCheckout.UseFinalReviewOrderPage"); ErrorMessage err; // We redirect the customer if he doesnt have customer record // this add a security, i8f try to access this page in the url if (!Customer.Current.HasCustomerRecord) { Response.Redirect("default.aspx"); } // check if has customer record bool errorOccur = false; bool cancelButtonWasPressed = false; // The transaction string they provided. string bbsEpayTransactionString = CommonLogic.QueryStringCanBeDangerousContent("BBSePay_transaction"); // Merchant account. string token = AppLogic.AppConfig("NETAXEPT.Merchant_Token"); string merchantID = AppLogic.AppConfig("NETAXEPT.Merchant_Id"); TokenService service = new TokenService(); // The server url. string url = string.Empty; // Determine to go live or test. if (AppLogic.AppConfigBool("UseLiveTransactions")) { url = AppLogic.AppConfig("NETAXEPT.Live_Server"); // use live. } else { url = AppLogic.AppConfig("NETAXEPT.Test_Server"); // use test. } // Set the url. service.Url = url; string errorResult = string.Empty; try { Result result; // try to process if it fails, it will redirect to the checkoutpayment page // this usually occur when you click cancel button on the BBS UI Interface. result = service.ProcessSetup(token, merchantID, bbsEpayTransactionString); // if succesful, add the transaction string to the customer session so we can access it in another page // and redirect to the checkoutreview page. Customer.Current.ThisCustomerSession["Nextaxept_TransactionString"] = bbsEpayTransactionString; } catch (Exception ex) { SoapException se = ex as SoapException; errorResult = AppLogic.GetString("toc.aspx.6", Customer.Current.SkinID, Customer.Current.LocaleSetting) + ex.Message; if (se != null) // this is just oocur when pressing the cancel button, no need to output { if (se.Detail["UserCancelledException"] != null) { errorResult = string.Empty; cancelButtonWasPressed = true; } } errorOccur = true; } if (errorOccur) { // We will not display the error causese by cancel button on BBS UI interface if (cancelButtonWasPressed == true) { if (UseOnePageCheckout) { Response.Redirect(opcCheckoutPage); } Response.Redirect("checkoutpayment.aspx"); } err = new ErrorMessage(Server.HtmlEncode(errorResult)); if (UseOnePageCheckout) { Response.Redirect(opcCheckoutPage + "?errormsg=" + err.MessageId); } Response.Redirect("checkoutpayment.aspx?nexaxepterror=" + err.MessageId); } else { if (UseOnePageCheckout) { if (!UseFinalReviewOrderPage) { string status = string.Empty; int ordnum = 0; try { ShoppingCart cart = new ShoppingCart(Customer.Current.SkinID, Customer.Current, CartTypeEnum.ShoppingCart, 0, false); bool result = int.TryParse(Customer.Current.ThisCustomerSession["Nextaxept_OrderNumber"], out ordnum); status = Gateway.MakeOrder(String.Empty, AppLogic.TransactionMode(), cart, ordnum, String.Empty, String.Empty, String.Empty, String.Empty); } catch (Exception ex) { status = ex.Message; err = new ErrorMessage(Server.HtmlEncode(status)); Response.Redirect(opcCheckoutPage + "?errormsg=" + err.MessageId); } if (status != AppLogic.ro_OK) { err = new ErrorMessage(Server.HtmlEncode(status)); Response.Redirect(opcCheckoutPage + "errormsg=" + err.MessageId); } Response.Redirect("orderconfirmation.aspx?ordernumber=" + ordnum.ToString() + "&paymentmethod=" + Server.UrlEncode(AppLogic.ro_PMCreditCard)); } } Response.Redirect("checkoutreview.aspx?paymentmethod=" + Server.UrlEncode(AppLogic.ro_PMCreditCard)); } }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = -1; Response.AddHeader("pragma", "no-cache"); ErrorMessage err; if (AppLogic.AppConfigBool("RequireOver13Checked") && !ThisCustomer.IsOver13) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("checkout.over13required", ThisCustomer.SkinID, ThisCustomer.LocaleSetting))); Response.Redirect("shoppingcart.aspx?errormsg=" + err.MessageId); } bool phoneCustomer = ((HttpContext.Current.Items["IsBeingImpersonated"] != null) && ((string)HttpContext.Current.Items["IsBeingImpersonated"] == "true")); bool paypalExpressCheckout = (ThisCustomer.ThisCustomerSession["paypalexpresspayerid"].ToString().Length == 0 && ThisCustomer.ThisCustomerSession["paypalexpresstoken"].ToString().Length == 0); var checkoutController = CheckOutPageControllerFactory.CreateCheckOutPageController(ThisCustomer, cart); if (checkoutController.GetCheckoutType() == CheckOutType.SmartOPC) { if (!phoneCustomer && checkoutController.CanUseOnePageCheckout()) { Response.Redirect(checkoutController.GetSmartOnePageCheckoutPage()); } } else if (checkoutController.GetCheckoutType() == CheckOutType.BasicOPC) { if (!paypalExpressCheckout && checkoutController.CanUseOnePageCheckout()) { Response.Redirect(checkoutController.GetBasicOnePageCheckoutPage()); } } RequireSecurePage(); // ----------------------------------------------------------------------------------------------- // NOTE ON PAGE LOAD LOGIC: // We are checking here for required elements to allowing the customer to stay on this page. // Many of these checks may be redundant, and they DO add a bit of overhead in terms of db calls, but ANYTHING really // could have changed since the customer was on the last page. Remember, the web is completely stateless. Assume this // page was executed by ANYONE at ANYTIME (even someone trying to break the cart). // It could have been yesterday, or 1 second ago, and other customers could have purchased limitied inventory products, // coupons may no longer be valid, etc, etc, etc... // ----------------------------------------------------------------------------------------------- ThisCustomer.RequireCustomerRecord(); if (!ThisCustomer.IsRegistered) { bool boolAllowAnon = AppLogic.ProductIsMLExpress() == false && AppLogic.AppConfigBool("PasswordIsOptionalDuringCheckout"); if (!boolAllowAnon && ThisCustomer.PrimaryBillingAddressID > 0) { Address BillingAddress = new Address(); BillingAddress.LoadByCustomer(ThisCustomer.CustomerID, ThisCustomer.PrimaryBillingAddressID, AddressTypes.Billing); if (BillingAddress.PaymentMethodLastUsed == AppLogic.ro_PMPayPalExpress || BillingAddress.PaymentMethodLastUsed == AppLogic.ro_PMPayPalExpressMark) { boolAllowAnon = AppLogic.ProductIsMLExpress() == false && AppLogic.AppConfigBool("PayPal.Express.AllowAnonCheckout"); } } if (!boolAllowAnon) { Response.Redirect("createaccount.aspx?checkout=true"); } } if (ThisCustomer.PrimaryBillingAddressID == 0 || ThisCustomer.PrimaryShippingAddressID == 0) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("checkoutpayment.aspx.2", ThisCustomer.SkinID, ThisCustomer.LocaleSetting))); Response.Redirect("shoppingcart.aspx?resetlinkback=1&errormsg=" + err.MessageId); } SectionTitle = AppLogic.GetString("checkoutshipping.aspx.1", SkinID, ThisCustomer.LocaleSetting); cart = new ShoppingCart(SkinID, ThisCustomer, CartTypeEnum.ShoppingCart, 0, false); cart.ValidProceedCheckout(); // will not come back from this if any issue. they are sent back to the cart page! GatewayCheckoutByAmazon.CheckoutByAmazon checkoutByAmazon = new GatewayCheckoutByAmazon.CheckoutByAmazon(); if (checkoutByAmazon.IsCheckingOut) { if (checkoutByAmazon.GetDefaultShippingAddress() == null) { btnContinueCheckout.OnClientClick = "alert('" + "gw.checkoutbyamazon.display.3".StringResource() + "'); return false;"; } } if (!cart.IsAllDownloadComponents() && !cart.IsAllFreeShippingComponents() && !cart.IsAllSystemComponents() && (cart.HasMultipleShippingAddresses() || cart.HasGiftRegistryComponents()) && cart.TotalQuantity() <= AppLogic.MultiShipMaxNumItemsAllowed() && cart.CartAllowsShippingMethodSelection && cart.TotalQuantity() > 1 && !checkoutByAmazon.IsCheckingOut) { Response.Redirect("checkoutshippingmult.aspx"); } //MOD GS - If entire cart is email gift cards...redirect to checkoutgiftcard.aspx if (cart.IsAllEmailGiftCards()) { Response.Redirect("checkoutgiftcard.aspx"); } if (AppLogic.AppConfigBool("SkipShippingOnCheckout") || cart.IsAllSystemComponents() || cart.IsAllDownloadComponents() || cart.NoShippingRequiredComponents()) { if (cart.ContainsGiftCard()) { Response.Redirect("checkoutgiftcard.aspx"); } else { if (ThisCustomer.ThisCustomerSession["PayPalExpressToken"] == "") { Response.Redirect("checkoutpayment.aspx"); } else { Response.Redirect("checkoutreview.aspx?PaymentMethod=PAYPALEXPRESS"); } } } pnlSelectShipping.Visible = AppLogic.AppConfigBool("AllowAddressChangeOnCheckoutShipping") && AppLogic.AppConfigBool("AllowShipToDifferentThanBillTo") && !checkoutByAmazon.IsCheckingOut; ctrlShippingMethods.ErrorMessage = string.Empty; pnlErrorMsg.Visible = false; CartItem FirstCartItem = (CartItem)cart.CartItems[0]; Address FirstItemShippingAddress = new Address(); FirstItemShippingAddress.LoadByCustomer(ThisCustomer.CustomerID, FirstCartItem.ShippingAddressID, AddressTypes.Shipping); if (FirstItemShippingAddress.AddressID == 0) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("checkoutshipping.aspx.10", ThisCustomer.SkinID, ThisCustomer.LocaleSetting))); Response.Redirect("shoppingcart.aspx?errormsg=" + err.MessageId); } if (!this.IsPostBack) { if (!AppLogic.AppConfigBool("AllowMultipleShippingAddressPerOrder") && CommonLogic.QueryStringCanBeDangerousContent("dontupdateid").Length == 0) { // force primary shipping address id to be active on all cart items (safety check): DB.ExecuteSQL("update ShoppingCart set ShippingAddressID=(select ShippingAddressID from customer where CustomerID=" + ThisCustomer.CustomerID.ToString() + ") where CustomerID=" + ThisCustomer.CustomerID.ToString() + " and CartType=" + ((int)CartTypeEnum.ShoppingCart).ToString()); Response.Redirect("checkoutshipping.aspx?dontupdateid=true"); } InitializePageContent(); } else { pnlErrorMsg.Visible = false; if (CommonLogic.FormCanBeDangerousContent("btnContinueCheckout") != "") { ProcessCheckOut(); } } ctrlShoppingCart.HeaderTabImageURL = AppLogic.SkinImage("OrderInfo.gif"); ctrlShoppingCart.HeaderTabEditOderLink = string.Format(" {0}<a href=\"ShoppingCart.aspx\"> {1}</a>", AppLogic.GetString("checkoutcard.aspx.9", SkinID, ThisCustomer.LocaleSetting), AppLogic.GetString("checkoutcard.aspx.10", SkinID, ThisCustomer.LocaleSetting)); AppLogic.eventHandler("CheckoutShipping").CallEvent("&CheckoutShipping=true"); }
public string ProcessCallBack() { string PM = AppLogic.CleanPaymentMethod(AppLogic.ro_PMCreditCard); AppLogic.ValidatePM(PM); // this WILL throw a hard security exception on any problem! //recalculate total for verification decimal cartTotal = cart.Total(true); decimal orderTotal = cartTotal - CommonLogic.IIF(cart.Coupon.CouponType == CouponTypeEnum.GiftCard, CommonLogic.IIF(cartTotal < cart.Coupon.DiscountAmount, cartTotal, cart.Coupon.DiscountAmount), 0); orderTotal = Localization.ParseNativeDecimal(Localization.CurrencyStringForGatewayWithoutExchangeRate(orderTotal)); if (!ThisCustomer.HasCustomerRecord) { FirstPay.order_id = 0; throw new System.Security.SecurityException("Customer not signed in to complete transaction."); } if (!Success) { string IP = ""; if (cart != null) { IP = cart.ThisCustomer.LastIPAddress; } string sql = "insert into FailedTransaction(CustomerID,OrderNumber,IPAddress,OrderDate,PaymentGateway,PaymentMethod,TransactionCommand,TransactionResult) values(" + ThisCustomer.CustomerID.ToString() + "," + OrderNumber.ToString() + "," + DB.SQuote(IP) + ",getdate()," + DB.SQuote("1stPay") + "," + DB.SQuote(AppLogic.ro_PMCreditCard) + "," + DB.SQuote("") + "," + DB.SQuote(ParamString) + ")"; DB.ExecuteSQL(sql); return(ReturnFirstPayError()); } //Need to add this to check that the transaction processed through the gateway and that the charged amount matches the orderTotal. ConfirmTransaction(orderTotal); // this WILL throw a hard security exception on any problem! if (cart.IsEmpty()) { ErrorMessage er = new ErrorMessage("Could not complete the transaction because the shopping cart was empty."); var checkoutController = CheckOutPageControllerFactory.CreateCheckOutPageController(ThisCustomer, cart); return(checkoutController.GetCheckoutPaymentPage() + "?errormsg=" + er.MessageId); } //the callback is valid. make the order. int orderNumber = OrderNumber; //Setup param list List <SqlParameter> sqlParams = new List <SqlParameter>(); try { ThisCustomer.PrimaryBillingAddress.PaymentMethodLastUsed = AppLogic.ro_PMCreditCard; ThisCustomer.PrimaryBillingAddress.UpdateDB(); //Process as AuthOnly first string status = Gateway.MakeOrder(AppLogic.ro_PMCreditCard, AppLogic.TransactionModeIsAuthOnly() ? AppLogic.ro_TXModeAuthOnly : AppLogic.ro_TXModeAuthCapture, cart, orderNumber, "", "", ReferenceNumber, ""); if (status == AppLogic.ro_OK) { string AVSResult = AVSResponse; string AuthorizationCode = AuthCode; string AuthorizationTransID = ReferenceNumber; //Add all the params needed. sqlParams.Add(new SqlParameter("@AuthorizationTransId", AuthorizationTransID)); sqlParams.Add(new SqlParameter("@AVSResult", AVSResult)); sqlParams.Add(new SqlParameter("@AuthorizationCode", AuthorizationCode)); sqlParams.Add(new SqlParameter("@CCType", CCType)); sqlParams.Add(new SqlParameter("@CCExpMonth", CCExpMonth)); sqlParams.Add(new SqlParameter("@CCExpYear", CCExpYear)); sqlParams.Add(new SqlParameter("@CCNumberLast4", CCNumberLast4)); sqlParams.Add(new SqlParameter("@OrderNumber", orderNumber)); sqlParams.Add(new SqlParameter("@TransactionState", ADNSFTransactionState)); if (CVV2Response.Length > 0) { AVSResult += ", CV Result: " + CVV2Response; } // Now, if paid for, process as Captured if (ADNSFTransactionState == AppLogic.ro_TXStateAuthorized) { string sql = "Update Orders Set AuthorizationPNREF=@AuthorizationTransId" + ", AVSResult=@AVSResult" + ", AuthorizationCode=@AuthorizationCode" + ", CardType=@CCType" + ", CardExpirationMonth=@CCExpMonth" + ", CardExpirationYear=@CCExpYear" + ", Last4=@CCNumberLast4" + " Where OrderNumber=@OrderNumber;"; DB.ExecuteSQL(sql, sqlParams.ToArray()); } if (ADNSFTransactionState == AppLogic.ro_TXStateCaptured) { string sql = "Update Orders Set AuthorizationPNREF=@AuthorizationTransId + '|CAPTURE=' + @AuthorizationTransId" + ", AVSResult=@AVSResult" + ", AuthorizationCode=@AuthorizationCode" + ", CardType=@CCType" + ", CardExpirationMonth=@CCExpMonth" + ", CardExpirationYear=@CCExpYear" + ", Last4=@CCNumberLast4" + ", CapturedOn=getdate()" + " Where OrderNumber=@OrderNumber;"; Gateway.ProcessOrderAsCaptured(orderNumber); DB.ExecuteSQL(sql, sqlParams.ToArray()); } else if (ADNSFTransactionState == AppLogic.ro_TXStateError) { DB.ExecuteSQL("update orders set TransactionState=@TransactionState where OrderNumber=@OrderNumber;", sqlParams.ToArray()); } if (!string.IsNullOrEmpty(ReferenceNumber)) { OrderTransactionCollection transactions = new OrderTransactionCollection(orderNumber); transactions.AddTransaction(ADNSFTransactionState, null, ParamString, AuthorizationTransID, AuthorizationCode, AppLogic.ro_PMCreditCard, gateway.DisplayName(ThisCustomer.LocaleSetting), orderTotal); } } else if (status != AppLogic.ro_3DSecure) // If the status is anything but Ok or 3DSecure then send them back to the checkout process and display the error status { ErrorMessage er = new ErrorMessage(status); var checkoutController = CheckOutPageControllerFactory.CreateCheckOutPageController(ThisCustomer, cart); return(checkoutController.GetCheckoutPaymentPage() + "?errormsg=" + er.MessageId); } if (Math.Abs(orderTotal - Total) > 0.05M) // allow 0.05 descrepency to allow minor rounding errors { Order.MarkOrderAsFraud(orderNumber, true); DB.ExecuteSQL("update orders set FraudedOn=getdate(), IsNew=1 where OrderNumber=@OrderNumber;", sqlParams.ToArray()); } } catch // if we failed, did the IPN come back at the same time? { cart = new ShoppingCart(1, ThisCustomer, CartTypeEnum.ShoppingCart, 0, false); if (cart.IsEmpty()) { using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (SqlCommand cmd = new SqlCommand("select MAX(OrderNumber) N from dbo.orders where CustomerID = @CustomerId;", dbconn)) { cmd.Parameters.Add(new SqlParameter("@CustomerId", ThisCustomer.CustomerID)); orderNumber = cmd.ExecuteScalar() as int? ?? 0; } } } } return("orderconfirmation.aspx?ordernumber=" + orderNumber + "&paymentmethod=CreditCard"); }