<?php if (!($order_id = $_SESSION['order_id']) || !isset($_POST['field']) || !isset($_POST['value']) || !$_POST['value'] || !isset($_POST['id'])) { die('no order'); } $id = abs((int) $_POST['id']); if ($id) { $result = db_query_to_row("SELECT 1 FROM additional_orders_items WHERE id = {$id} AND order_id = {$order_id}"); if (!empty($result)) { $field = $_POST['field']; if (in_array($field, ['width', 'height', 'amount'])) { $value = abs((int) $_POST['value']); } elseif (in_array($field, ['hanging', 'material'])) { if ($field == 'hanging') { $field = 'ophaeng_id'; } else { $field = 'material_id'; } $value = abs((int) $_POST['value']); } elseif ($field == 'week') { $field = 'week_number'; $value = htmlspecialchars(trim($_POST['value'])); } if ($value) { update_in_db('additional_orders_items', [$field => $value], "id = {$id} AND order_id = {$order_id}"); } } }
<?php if (!($order_id = $_SESSION['order_id']) || !isset($_SESSION['user'])) { header('location: /'); exit; } import('checkout'); $full_price = 0; if ($campaign_orders = get_campaign_orders($order_id)) { $full_price += get_campaign_order_total_price($order_id, $campaign_orders); } if ($banner_orders = get_additional_orders_by_type($order_id, 1)) { $full_price += get_additional_order_total_price($banner_orders, 1); } if ($poster_orders = get_additional_orders_by_type($order_id, 2)) { $full_price += get_additional_order_total_price($poster_orders, 2); } if ($rollup_orders = get_additional_orders_by_type($order_id, 3)) { $full_price += get_additional_order_total_price($rollup_orders, 3); } update_in_db('orders', array('total_price' => $full_price, 'status' => 1), "user_id = {$_SESSION['user']['id']} AND id = {$order_id}"); unset($_SESSION['order_id']); header('location: /test/orders'); exit;
} $valid_count = 7; } else { $valid_count = 6; } if (count($insert) == $valid_count) { $insert_array[] = $insert; } } //inserting order details to db insert_multi_to_db('additional_orders_items', $insert_array); $week_number = isset($_POST['week_number']) ? esc(htmlspecialchars(strip_tags(trim($_POST['week_number'])))) : 1; if (empty($weeks)) { insert_to_db('orders_weeks', array('order_id' => $order_id, 'week_number' => $week_number, 'type' => $type_key)); } else { update_in_db('orders_weeks', array('week_number' => $week_number), 'id = ' . $weeks['id']); } $_SESSION['order_id'] = $order_id; header('location: /test/checkout'); exit; } import('store'); import('checkout'); $template_name = 'additional_' . $type; // if user clicked last button getting last order details and showing last order template if ('last' == get_url_param(3)) { $additional_orders = get_last_additional_banner_order($_SESSION['user']['id'], $type_key); if ($additional_orders) { $template_name .= '_last'; } else { header('location: /test/additional/' . $type);
<?php if (!($order_id = $_SESSION['order_id']) || !isset($_POST['week']) || !isset($_POST['type'])) { die('no order'); } $type = abs((int) $_POST['type']); $week = htmlspecialchars(trim($_POST['week'])); if ($week) { update_in_db('orders_weeks', array('week_number' => $week), "type = {$type} AND order_id = {$order_id}"); }
if ($sku) { $command .= " -c " . escapeshellarg($sku); } if ($debug) { $command .= " --debug"; } $filename = str_replace(" ", "-", $title); $filename = preg_replace("/[^-a-zA-Z0-9]/", "", $filename); $filename = strtolower($filename) . ".pdf"; header("Content-Type: application/pdf"); header("Content-disposition: attachment; filename={$filename}"); passthru($command); } else { if ($_POST['store']) { store_in_db($db, $title, $subtitle, $url, $sku); $rowid = $db->lastInsertRowid(); show_id($rowid); } else { if ($_POST['update']) { update_in_db($db, $id, $title, $subtitle, $url, $sku); show_id($id); } else { if ($_POST['delete']) { delete_from_db($db, $id); show_id(-1); } else { show_id(-1); } } } }
if (!isset($url[2]) || !($id = abs((int) $url[2]))) { die('bad link'); } $store = db_query_to_row("SELECT * FROM `stores` WHERE id = {$id}"); if (!$store) { die('store not found'); } import('store'); if (isset($_POST['shop_name'])) { $update = array(); if (!store_validate($update)) { $error_msg = 'All fields must be filled'; } else { $hanging_methods = $update['hanging_methods']; unset($update['hanging_methods']); if (update_in_db('stores', $update, '`id`=' . $id)) { delete_from_db('stores_hanging_methods', '`store_id`=' . $id); $store_hanging_methods = array(); foreach ($hanging_methods as $value) { $store_hanging_methods[] = array('store_id' => $id, 'hanging_method_id' => $value); } insert_multi_to_db('stores_hanging_methods', $store_hanging_methods); $_SESSION['edit_store_msg'] = 'Store Successfully Updated'; header('location: /store/edit/' . $id); die; } } } $hanging_methods = get_hanging_methods(); $store_hanging_methods = db_query_to_list('SELECT `hanging_method_id` FROM `stores_hanging_methods` WHERE `store_id`=' . $id, 'hanging_method_id'); $template = set_template('store', 'edit');