function remove($cp_id, $order_id) { $val = Validation::own_cus_product($cp_id, $_SESSION["user_id"]); if ($val) { $cus_pro = CusProduct::find($cp_id); $order = Order::find($order_id); $order->remove_product($cus_pro); $order->update(); } }
static function search($product_ids) { for ($i = 0; $i < count($product_ids); $i++) { $product_ids[$i] = intval($product_ids[$i]); } $str = empty($product_ids) ? "" : "AND c.product_id IN (" . implode(",", $product_ids) . ")"; $query = "SELECT c.id FROM cus_products c, orders o, order_products p\n WHERE c.id = p.cus_product_id AND o.id = p.order_id AND o.status='completed' {$str}"; $result = sql($query, SQL_SINGLE_COL); if (!$result) { log2("sql error! -- " . mysql_error() . ": {$query}"); return array(); } $ret = array(); foreach ($result as $id) { $obj = CusProduct::find($id); if ($obj instanceof CusProduct) { $ret[] = $obj; } } return $ret; }
<?php include 'inc.php'; $cp_id = $_GET["id"]; $val = Validation::own_cus_product($cp_id, $_SESSION["user_id"]); if (!$val or empty($cp_id)) { header("Location: cart.php"); exit; } $cp = CusProduct::find($cp_id); if ($_SERVER["REQUEST_METHOD"] == "GET") { $_POST["attr"]["quantity"] = $cp->get_quantity(); foreach ($cp->get_custom() as $type => $value) { $_POST["attr"][$type] = $value; } } if ($_SERVER["REQUEST_METHOD"] == "POST") { $_POST["attr"]["image"] = intval($_POST["attr"]["image"]); //handle add product request if ($_POST["attr"]["image"] <= 0) { $_POST["attr"]["image"] = Image::process_image($_FILES['upload'], $user); } if ($_POST["attr"]["image"] <= 0) { set_msg("Image Error: " . get_error_msg($_POST["attr"]["image"])); } else { $result = modify_product($user, $cp, $_POST["attr"]); if ($result) { header("Location: cart.php"); exit; } }
static function find($id, $isCommitted = false) { if (!$id) { return false; } if ((string) (int) $id != (string) $id) { return false; } $id = intval($id); $committed_sql = $isCommitted ? "AND status='completed'" : ""; $info = sql("SELECT * FROM orders WHERE id = {$id} {$committed_sql}", SQL_SINGLE_ROW); if (!$info) { log2("failed to find the order with id {$id}"); return false; } $order = new Order(); $order->info = $info; $order->info["user"] = new User($info["user_id"]); $cus_product_ids = sql("SELECT cus_product_id FROM order_products WHERE order_id= {$id}", SQL_SINGLE_COL); foreach ($cus_product_ids as $cp_id) { $obj = CusProduct::find(intval($cp_id)); if ($obj instanceof CusProduct) { $order->cus_products[] = $obj; } } return $order; }