function eshop_small_stats($stock, $limit = 5)
{
global $wpdb;
$limit = apply_filters('eshop-dashboard-top-sellers-amount', $limit);
$rand = eshop_random_code('3');
$table = $wpdb->prefix . "eshop_downloads";
$stktable = $wpdb->prefix . 'eshop_stock';
switch ($stock) {
case 'dloads':
$mypages = $wpdb->get_results("Select id,title,purchases,downloads From {$table} order by purchases DESC LIMIT {$limit}");
if (!count($mypages) > 0) {
return;
}
echo '<table class="widefat"><caption>' . __('Top Download Purchases', 'eshop') . '</caption>';
echo '<thead><tr><th id="edtitle' . $rand . '">' . __('Download', 'eshop') . '</th><th id="eddown' . $rand . '">' . __('Downloads', 'eshop') . '</th><th id="edpurch' . $rand . '">' . __('Purchases', 'eshop') . '</th></tr></thead><tbody>';
$calt = 0;
foreach ($mypages as $row) {
$calt++;
$alt = $calt % 2 ? '' : ' class="alternate"';
echo '<tr' . $alt . '>';
echo '<td id="redid' . $row->id . '" headers="edtitle' . $rand . '"><a href="?page=eshop-downloads.php&edit=' . $row->id . '" title="edit details for ' . $row->title . '">' . wp_specialchars(stripslashes($row->title), 1) . "</a></td>\n";
echo '<td headers="eddown' . $rand . ' redid' . $row->id . '">' . $row->downloads . "</td>\n";
echo '<td headers="edpurch' . $rand . ' redid' . $row->id . '">' . $row->purchases . "</td>\n";
echo '</tr>' . "\n";
}
echo '</tbody></table>' . "\n";
break;
case 'stock':
default:
$mypages = $wpdb->get_results("SELECT {$wpdb->posts}.ID,{$wpdb->posts}.post_title, stk.purchases, stk.option_id\r\n\t\t\tfrom {$wpdb->postmeta},{$wpdb->posts}, {$stktable} as stk\r\n\t\t\tWHERE {$wpdb->postmeta}.meta_key='_eshop_stock' \r\n\t\t\tAND {$wpdb->posts}.ID={$wpdb->postmeta}.post_id AND {$wpdb->posts}.post_status != 'trash' \r\n\t\t\tAND {$wpdb->posts}.post_status != 'revision' AND stk.post_id={$wpdb->posts}.ID\r\n\t\t\torder by stk.purchases DESC LIMIT {$limit}");
if (!count($mypages) > 0) {
return;
}
echo '<table class="widefat"><caption>' . __('Top Sellers', 'eshop') . '</caption>';
echo '<thead><tr><th id="edprod' . $rand . '">' . __('Product', 'eshop') . '</th><th id="edpurch' . $rand . '">' . __('Purchases', 'eshop') . '</th></tr></thead><tbody>';
$calt = 0;
foreach ($mypages as $page) {
$calt++;
$alt = $calt % 2 ? '' : ' class="alternate"';
echo '<tr' . $alt . '><td id="repid' . $page->ID . $rand . $calt . '" headers="edprod' . $rand . '"><a href="post.php?action=edit&post=' . $page->ID . '">' . $page->post_title . '</a> ' . $page->option_id . '</td>
<td headers="edpurch' . $rand . ' repid' . $page->ID . $rand . $calt . '">' . $page->purchases . '</td></tr>' . "\n";
}
echo '</tbody></table>';
break;
}
}
function eshop_discounts_manager()
{
global $wpdb;
include_once WP_PLUGIN_DIR . '/eshop/cart-functions.php';
$legtext = __('Add a discount code', 'eshop');
$subtext = __('Submit', 'eshop');
$edit = false;
$phpself = 'admin.php?page=eshop-discount-codes.php';
$disctable = $wpdb->prefix . 'eshop_discount_codes';
//blank - will change as we check things
$eshop_code = $eshop_percent = $eshop_remain = $eshop_used = $eshop_live = $eshop_free_ship = $eshop_code_date = $eshop_code_type = '';
$editid = '0';
//delete
if (isset($_GET['delcode']) && is_numeric($_GET['delcode'])) {
$id = $_GET['delcode'];
$wpdb->query("DELETE FROM {$disctable} WHERE id='{$id}' limit 1");
echo '<div class="updated fade"><p>' . __('Discount code deleted.', 'eshop') . '</p></div>';
}
//edit
if (isset($_GET['editcode']) && is_numeric($_GET['editcode'])) {
$editid = $_GET['editcode'];
$row = $wpdb->get_row("SELECT * FROM {$disctable} WHERE id='{$editid}'");
$eshop_code = $row->disccode;
$eshop_code_type = $row->dtype;
$eshop_percent = $row->percent;
$eshop_remain = $row->remain;
$eshop_used = $row->used;
$eshop_live = $row->live;
$eshop_code_date = $row->enddate;
if ($eshop_code_date == '0000-00-00') {
$eshop_code_date = '';
}
$edit = true;
$legtext = __('Edit a discount code', 'eshop');
$subtext = __('Update', 'eshop');
}
//new or edit
if (isset($_POST['editid'])) {
$eshop_id = $wpdb->escape(trim($_POST['editid']));
if (isset($_POST['eshop_live'])) {
$eshop_live = 'yes';
} else {
$eshop_live = 'no';
}
if (isset($_POST['eshop_code_type'])) {
$eshop_code_type = $_POST['eshop_code_type'];
} else {
$eshop_code_type = '';
}
if (isset($_POST['eshop_percent'])) {
$eshop_percent = $_POST['eshop_percent'];
} else {
$eshop_percent = '';
}
$eshop_code_month = $_POST['eshop_code_month'];
$eshop_code_day = $_POST['eshop_code_day'];
$eshop_code_year = $_POST['eshop_code_year'];
//error check - first check if discount
switch ($eshop_code_type) {
case '':
$error[] = __('You must choose a discount code type', 'eshop');
break;
case '1':
case '2':
case '3':
if (!is_numeric($eshop_percent) || $eshop_percent > 100) {
$error[] = __('Percentage must be a number no greater than 100.00', 'eshop');
} elseif ($eshop_percent <= 0) {
$error[] = __('Percentage must be a number above 0', 'eshop');
}
break;
}
//error check if date is required it must be valid
switch ($eshop_code_type) {
case '2':
case '3':
case '5':
case '6':
if (!checkdate($eshop_code_month, $eshop_code_day, $eshop_code_year)) {
$error[] = __('The date you have chosen is not valid', 'eshop');
}
break;
}
//standard errors
if (isset($_POST['eshop_code'])) {
$eshop_code = $_POST['eshop_code'];
} else {
$eshop_code == '';
}
if ($eshop_code == '') {
$error[] = __('You must specify a code', 'eshop');
}
if ($eshop_code != '') {
$ecode = $wpdb->escape(trim(strtolower($eshop_code)));
$ecount = $wpdb->get_var("SELECT COUNT(id) FROM {$disctable} WHERE LOWER(disccode)='{$ecode}' && id!='{$eshop_id}'");
if ($ecount != 0) {
$error[] = __('That code already exists', 'eshop');
}
}
if (isset($_POST['eshop_remain'])) {
$eshop_remain = $_POST['eshop_remain'];
} else {
$eshop_remain = '';
}
if ((!is_numeric($eshop_remain) || $eshop_remain < 0) && $eshop_remain != '') {
$error[] = __('How many times can this be used - must be numeric, or blank', 'eshop');
}
if (isset($error)) {
echo '<div class="error fade"><p>' . __('There were some errors:', 'eshop') . '</p>';
echo '<ul>';
foreach ($error as $err) {
echo '<li>' . $err . "</li>\n";
}
echo "</ul></div>\n";
} else {
//no errors!
//create date
$eshop_code_date = $eshop_code_year . '-' . $eshop_code_month . '-' . $eshop_code_day;
$eshop_id = $wpdb->escape(trim($_POST['editid']));
$eshop_code = $wpdb->escape(trim($_POST['eshop_code']));
$eshop_percent = $wpdb->escape($_POST['eshop_percent']);
$eshop_remain = $wpdb->escape($_POST['eshop_remain']);
$eshop_code_type = $wpdb->escape($_POST['eshop_code_type']);
$eshop_code_month = $wpdb->escape(trim($_POST['eshop_code_month']));
$eshop_code_day = $wpdb->escape(trim($_POST['eshop_code_day']));
$eshop_code_year = $wpdb->escape(trim($_POST['eshop_code_year']));
if ($eshop_id != '0') {
//edit
//$wpdb->query($wpdb->prepare("UPDATE $stocktable set available=$meta_value where post_id=$id"));
$query = "UPDATE {$disctable} SET \r\n\t\t\t\tdtype='{$eshop_code_type}', \r\n\t\t\t\tdisccode='{$eshop_code}',\r\n\t\t\t\tpercent='{$eshop_percent}',\r\n\t\t\t\tremain='{$eshop_remain}',\r\n\t\t\t\tenddate='{$eshop_code_date}',\r\n\t\t\t\tlive='{$eshop_live}'\r\n\t\t\t\tWHERE id='{$eshop_id}' limit 1";
$wpdb->query($query);
echo '<div class="updated fade"><p>' . __('Discount code details updated', 'eshop') . '</p></div>';
} else {
//new
$query = "INSERT INTO {$disctable} \r\n\t\t\t\t(dtype,disccode,percent,remain,enddate,live)\r\n\t\t\t\tVALUES\r\n\t\t\t\t('{$eshop_code_type}','{$eshop_code}','{$eshop_percent}','{$eshop_remain}','{$eshop_code_date}','{$eshop_live}')";
$wpdb->query($wpdb->prepare($query));
echo '<div class="updated fade"><p>' . __('Discount code details entered', 'eshop') . '</p></div>';
//resetvalues
$eshop_code = $eshop_percent = $eshop_remain = $eshop_used = $eshop_live = $eshop_free_ship = $eshop_code_date = $eshop_code_type = '';
$editid = '0';
}
}
}
if ($edit == false) {
$eshop_suggest = '<p>' . __('Suggested random codes:', 'eshop') . '</p>';
$eshop_suggest .= '<ul>' . "\n";
for ($i = 1; $i <= 3; $i++) {
$eshop_suggest .= '<li>' . eshop_random_code('12') . '</li>' . "\n";
}
$eshop_suggest .= "</ul>\n";
} else {
$eshop_suggest = '<p><a href="' . $phpself . '">' . __('Enter new code', 'eshop') . '</a></p>';
}
?>
<div class="wrap">
<div id="eshopicon" class="icon32"></div><h2><?php
_e('eShop Discount Codes', 'eshop');
?>
</h2>
<?php
eshop_admin_mode();
?>
<div id="eshopdisccodesform">
<?php
echo $eshop_suggest;
?>
<form id="eshopdisccodes" action="<?php
echo esc_url($_SERVER['REQUEST_URI']);
?>
" method="post">
<fieldset><legend><?php
echo $legtext;
?>
</legend>
<p><label for="eshop_code_type"><?php
_e('Discount type', 'eshop');
?>
</label>
<select name="eshop_code_type" id="eshop_code_type">
<option value=""><?php
_e('Please select', 'eshop');
?>
</option>
<optgroup label="<?php
_e('Percentage', 'eshop');
?>
">
<option value="1"<?php
echo $eshop_code_type == '1' ? ' selected="selected"' : '';
?>
><?php
_e('% - Limited by Uses', 'eshop');
?>
</option>
<option value="2"<?php
echo $eshop_code_type == '2' ? ' selected="selected"' : '';
?>
><?php
_e('% - Limited by Date', 'eshop');
?>
</option>
<option value="3"<?php
echo $eshop_code_type == '3' ? ' selected="selected"' : '';
?>
><?php
_e('% - Limited by Uses and Date', 'eshop');
?>
</option>
</optgroup>
<optgroup label="<?php
_e('Free Shipping', 'eshop');
?>
">
<option value="4"<?php
echo $eshop_code_type == '4' ? ' selected="selected"' : '';
?>
><?php
_e('Free Ship - Limited by Uses', 'eshop');
?>
</option>
<option value="5"<?php
echo $eshop_code_type == '5' ? ' selected="selected"' : '';
?>
><?php
_e('Free Ship - Limited by Date', 'eshop');
?>
</option>
<option value="6"<?php
echo $eshop_code_type == '6' ? ' selected="selected"' : '';
?>
><?php
_e('Free Ship - Limited by Uses and Date', 'eshop');
?>
</option>
</optgroup>
</select></p>
<p><label for="eshop_code"><?php
_e('Code', 'eshop');
?>
</label><br />
<input type="text" id="eshop_code" name="eshop_code" size="30" value="<?php
echo $eshop_code;
?>
" /></p>
<p><label for="eshop_percent"><?php
_e('Discount percentage:', 'eshop');
?>
</label><br />
<input type="text" id="eshop_percent" name="eshop_percent" size="4" value="<?php
echo $eshop_percent;
?>
" /></p>
<p><label for="eshop_remain"><?php
_e('How many times can this be used (leave blank for unlimited)', 'eshop');
?>
</label><br />
<input type="text" id="eshop_remain" name="eshop_remain" size="4" value="<?php
echo $eshop_remain;
?>
" /></p>
<fieldset><legend><?php
_e('End Date', 'eshop');
?>
</legend>
<p><label for="eshop_code_year"><?php
_e('Year', 'eshop');
?>
</label>
<select name="eshop_code_year" id="eshop_code_year">
<?php
// work this out!!!
$eshopdate = date('Y-m-d', mktime(0, 0, 0, date("m"), date("d"), date("Y")));
if ($eshop_code_date != '') {
$eshopdate = $eshop_code_date;
}
list($eshop_code_year, $eshop_code_month, $eshop_code_day) = explode('-', $eshopdate);
for ($i = date('Y'); $i <= date('Y') + 5; $i++) {
if ($i == $eshop_code_year) {
$sel = ' selected="selected"';
} else {
$sel = '';
}
echo '<option value="' . $i . '"' . $sel . '>' . $i . '</option>' . "\n";
}
?>
</select>
<label for="eshop_code_month"><?php
_e('Month', 'eshop');
?>
</label>
<select name="eshop_code_month" id="eshop_code_month">
<?php
for ($i = 1; $i <= 12; $i++) {
if ($i == $eshop_code_month) {
$sel = ' selected="selected"';
} else {
$sel = '';
}
echo '<option value="' . $i . '"' . $sel . '>' . $i . '</option>' . "\n";
}
?>
</select>
<label for="eshop_code_day"><?php
_e('Day', 'eshop');
?>
</label>
<select name="eshop_code_day" id="eshop_code_day">
<?php
for ($i = 1; $i <= 31; $i++) {
if ($i == $eshop_code_day) {
$sel = ' selected="selected"';
} else {
$sel = '';
}
echo '<option value="' . $i . '"' . $sel . '>' . $i . '</option>' . "\n";
}
?>
</select></p>
</fieldset>
<p><input id="eshop_live" name="eshop_live" value="yes"<?php
echo $eshop_live == 'yes' ? ' checked="checked"' : '';
?>
type="checkbox" /> <label for="eshop_live" class="selectit"><?php
_e('Active?', 'eshop');
?>
</label></p>
<input type="hidden" name="editid" value="<?php
echo $editid;
?>
" />
</fieldset>
<p class="submit eshop"><input type="submit" id="submit" class="button-primary" value="<?php
echo $subtext;
?>
" /></p>
</form>
</div>
<?php
$max = $wpdb->get_var("SELECT COUNT(id) FROM {$disctable} WHERE id > 0");
if ($max > 0) {
?>
<div id="eshopdisccodesexisting">
<h3><?php
_e('Current Discount Codes', 'eshop');
?>
</h3>
<table class="widefat" summary="<?php
_e('Discount Codes', 'eshop');
?>
">
<caption><?php
_e('Discount codes reference table', 'eshop');
?>
</caption>
<thead>
<tr>
<th id="code"><?php
_e('Code', 'eshop');
?>
</th>
<th id="disc"><?php
_e('Discount', 'eshop');
?>
</th>
<th id="type"><?php
_e('Type', 'eshop');
?>
</th>
<th id="remain"><?php
_e('Remaining', 'eshop');
?>
</th>
<th id="enddate"><?php
_e('End Date', 'eshop');
?>
</th>
<th id="used"><?php
_e('Used', 'eshop');
?>
</th>
<th id="active"><?php
_e('Active?', 'eshop');
?>
</th>
<th id="delete"><?php
_e('Delete', 'eshop');
?>
</th>
</tr>
</thead>
<tbody>
<?php
$row = $wpdb->get_results("SELECT * FROM {$disctable}");
$calt = 0;
foreach ($row as $myrow) {
$calt++;
$alt = $calt % 2 ? '' : ' class="alternate"';
$delete = '';
$remain = $myrow->remain;
if ($myrow->remain == '') {
$remain = __('Unlimited', 'eshop');
}
if ($myrow->live != 'yes') {
$delete = '<a href="' . $phpself . '&delcode=' . $myrow->id . '">' . __('Delete', 'eshop') . ' ' . $myrow->disccode . '</a>';
}
$eshopdate = $myrow->enddate;
//add in check to see if used.
switch ($myrow->dtype) {
case '1':
$type = __('% - Limited by Uses', 'eshop');
$eshopdate = __('Not applicable', 'eshop');
break;
case '2':
$type = __('% - Limited by Date', 'eshop');
break;
case '3':
$type = __('% - Limited by Uses and Date', 'eshop');
break;
case '4':
$type = __('Free Ship - Limited by Uses', 'eshop');
$eshopdate = __('Not applicable', 'eshop');
break;
case '5':
$type = __('Free Ship - Limited by Date', 'eshop');
break;
case '6':
$type = __('Free Ship - Limited by Uses and Date', 'eshop');
break;
}
echo '<tr' . $alt . '>
<td headers="code" id="numb' . $calt . '"><a href="' . $phpself . '&editcode=' . $myrow->id . '" title="' . __('Edit this discount', 'eshop') . '">' . $myrow->disccode . '</a></td>
<td headers="disc numb' . $calt . '">' . number_format_i18n($myrow->percent, 2) . '%</td>
<td headers="type numb' . $calt . '">' . $type . '</td>
<td headers="remain numb' . $calt . '">' . $remain . '</td>
<td headers="enddate numb' . $calt . '">' . $eshopdate . '</td>
<td headers="used numb' . $calt . '">' . $myrow->used . '</td>
<td headers="active numb' . $calt . '">' . $myrow->live . '</td>
<td headers="delete numb' . $calt . '">' . $delete . '</td>' . "</tr>\n";
}
echo "</tbody></table></div>\n";
}
?>
</div>
<?php
}
function orderhandle($_POST, $checkid)
{
//This function puts the order into the db.
global $wpdb, $blog_id, $eshopoptions;
if (!is_user_logged_in() && isset($eshopoptions['users']) && $eshopoptions['users'] == 'yes' && isset($_SESSION['eshop_user' . $blog_id])) {
//set up blank user if in case anything goes phooey
$user_id = 0;
if (get_bloginfo('version') < '3.1') {
require_once ABSPATH . WPINC . '/registration.php';
}
//auto create a new user if they don't exist - only works if not logged in ;)
$user_email = $_POST['email'];
$utable = $wpdb->prefix . "users";
$filtnames = apply_filters('eshop_add_username', $_POST['first_name'], $_POST['last_name']);
$names = str_replace(" ", "", $filtnames);
$username = strtolower($names);
$eshopch = $wpdb->get_results("SHOW TABLE STATUS LIKE '{$utable}'");
//a unique'ish number
$altusername = strtolower($names . $eshopch[0]->Auto_increment);
if (!email_exists($user_email)) {
if (username_exists($username)) {
$username = $altusername;
}
if (!username_exists($username)) {
$random_password = wp_generate_password(12, false);
$user_id = wp_create_user($username, $random_password, $user_email);
$eshopuser['company'] = $_POST['company'];
$eshopuser['phone'] = $_POST['phone'];
$eshopuser['address1'] = $_POST['address1'];
$eshopuser['address2'] = $_POST['address2'];
$eshopuser['city'] = $_POST['city'];
$eshopuser['country'] = $_POST['country'];
$eshopuser['state'] = $_POST['state'];
$eshopuser['zip'] = $_POST['zip'];
if (isset($_POST['altstate']) && $_POST['altstate'] != '') {
$eshopuser['altstate'] = $_POST['altstate'];
}
if (!is_numeric($_POST['state'])) {
$statechk = $wpdb->escape($_POST['state']);
$sttable = $wpdb->prefix . 'eshop_states';
$eshopuser['state'] = $wpdb->get_var("SELECT id FROM {$sttable} where code='{$statechk}' limit 1");
} else {
$eshopuser['state'] = $_POST['state'];
}
update_user_meta($user_id, 'eshop', $eshopuser);
update_user_meta($user_id, 'first_name', $_POST['first_name']);
update_user_meta($user_id, 'last_name', $_POST['last_name']);
update_user_option($user_id, 'default_password_nag', true, true);
//Set up the Password change nag.
wp_new_user_notification($user_id, $random_password);
}
}
} else {
global $current_user;
get_currentuserinfo();
$user_id = $current_user->ID;
}
if (!isset($eshopoptions['users'])) {
$user_id = '0';
}
//$wpdb->show_errors();
if (get_magic_quotes_gpc()) {
$_POST = stripslashes_array($_POST);
}
$custom_field = $wpdb->escape($_POST['custom']);
$first_name = $wpdb->escape($_POST['first_name']);
$last_name = $wpdb->escape($_POST['last_name']);
$email = $wpdb->escape($_POST['email']);
//set up some defaults
$phone = $company = $address1 = $address2 = $city = $zip = $state = $country = $paidvia = '';
if (isset($_POST['phone'])) {
$phone = $wpdb->escape($_POST['phone']);
}
if (isset($_POST['company'])) {
$company = $wpdb->escape($_POST['company']);
}
if (isset($_POST['address1'])) {
$address1 = $wpdb->escape($_POST['address1']);
}
if (isset($_POST['address2'])) {
$address2 = $wpdb->escape($_POST['address2']);
}
if (isset($_POST['city'])) {
$city = $wpdb->escape($_POST['city']);
}
if (isset($_POST['zip'])) {
$zip = $wpdb->escape($_POST['zip']);
}
if (isset($_POST['state'])) {
$state = $wpdb->escape($_POST['state']);
}
if (isset($_POST['country'])) {
$country = $wpdb->escape($_POST['country']);
}
$paidvia = $wpdb->escape($_SESSION['eshop_payment' . $blog_id]);
if (strtolower($paidvia) == __('cash', 'eshop')) {
$eshopcash = $eshopoptions['cash'];
if ($eshopcash['rename'] != '') {
$paidvia = $eshopcash['rename'];
}
}
if (strtolower($paidvia) == __('bank', 'eshop')) {
$eshopbank = $eshopoptions['bank'];
if ($eshopbank['rename'] != '') {
$paidvia = $eshopbank['rename'];
}
}
if (isset($_POST['state']) && $_POST['state'] == '' && isset($_POST['altstate']) && $_POST['altstate'] != '') {
$state = $wpdb->escape($_POST['altstate']);
}
if (isset($_POST['ship_name'])) {
$ship_name = $wpdb->escape($_POST['ship_name']);
} else {
$ship_name = $first_name . ' ' . $last_name;
}
if (isset($_POST['ship_phone'])) {
$ship_phone = $wpdb->escape($_POST['ship_phone']);
} else {
$ship_phone = $phone;
}
if (isset($_POST['ship_company'])) {
$ship_company = $wpdb->escape($_POST['ship_company']);
} else {
$ship_company = $company;
}
if (isset($_POST['ship_address'])) {
$ship_address = $wpdb->escape($_POST['ship_address']);
} else {
$ship_address = $address1 . ' ' . $address2;
}
if (isset($_POST['ship_city'])) {
$ship_city = $wpdb->escape($_POST['ship_city']);
} else {
$ship_city = $city;
}
if (isset($_POST['ship_postcode'])) {
$ship_postcode = $wpdb->escape($_POST['ship_postcode']);
} else {
$ship_postcode = $zip;
}
if (isset($_POST['ship_country'])) {
$ship_country = $wpdb->escape($_POST['ship_country']);
} else {
$ship_country = $country;
}
if (isset($_POST['ship_state'])) {
$ship_state = $wpdb->escape($_POST['ship_state']);
} else {
$ship_state = $state;
}
if (empty($_POST['ship_state']) && !empty($_POST['ship_altstate'])) {
$ship_state = $wpdb->escape($_POST['ship_altstate']);
}
if (isset($_POST['reference'])) {
$reference = $wpdb->escape($_POST['reference']);
} else {
$reference = '';
}
if (isset($_POST['comments'])) {
$comments = $wpdb->escape($_POST['comments']);
} else {
$comments = '';
}
if (isset($_POST['affiliate'])) {
$affiliate = $wpdb->escape($_POST['affiliate']);
} else {
$affiliate = '';
}
$detailstable = $wpdb->prefix . 'eshop_orders';
$itemstable = $wpdb->prefix . 'eshop_order_items';
$processing = __('Processing…', 'eshop');
//readjust state if needed
$sttable = $wpdb->prefix . 'eshop_states';
$getstate = $eshopoptions['shipping_state'];
if ($eshopoptions['show_allstates'] != '1') {
$stateList = $wpdb->get_results("SELECT id,code,stateName FROM {$sttable} WHERE list='{$getstate}' ORDER BY stateName", ARRAY_A);
} else {
$stateList = $wpdb->get_results("SELECT id,code,stateName,list FROM {$sttable} ORDER BY list,stateName", ARRAY_A);
}
foreach ($stateList as $code => $value) {
$eshopstatelist[$value['code']] = $value['id'];
}
if (isset($eshopstatelist[$state])) {
$state = $eshopstatelist[$state];
}
if (isset($eshopstatelist[$ship_state])) {
$ship_state = $eshopstatelist[$ship_state];
}
//if (!is_user_logged_in()) {
$eshopching = $wpdb->get_var("SELECT checkid from {$detailstable} where checkid='{$checkid}' limit 1");
if ($eshopching != $checkid) {
$query1 = $wpdb->query("INSERT INTO {$detailstable}\n\t\t\t\t(checkid, first_name, last_name,company,email,phone, address1, address2, city,\n\t\t\t\tstate, zip, country, reference, ship_name,ship_company,ship_phone, \n\t\t\t\tship_address, ship_city, ship_postcode,\tship_state, ship_country, \n\t\t\t\tcustom_field,transid,edited,comments,thememo,paidvia,affiliate,user_id,admin_note,user_notes)VALUES(\n\t\t\t\t'{$checkid}',\n\t\t\t\t'{$first_name}',\n\t\t\t\t'{$last_name}',\n\t\t\t\t'{$company}',\n\t\t\t\t'{$email}',\n\t\t\t\t'{$phone}',\n\t\t\t\t'{$address1}',\n\t\t\t\t'{$address2}',\n\t\t\t\t'{$city}',\n\t\t\t\t'{$state}',\n\t\t\t\t'{$zip}',\n\t\t\t\t'{$country}',\n\t\t\t\t'{$reference}',\n\t\t\t\t'{$ship_name}',\n\t\t\t\t'{$ship_company}',\n\t\t\t\t'{$ship_phone}',\n\t\t\t\t'{$ship_address}',\n\t\t\t\t'{$ship_city}',\n\t\t\t\t'{$ship_postcode}',\n\t\t\t\t'{$ship_state}',\n\t\t\t\t'{$ship_country}',\n\t\t\t\t'{$custom_field}',\n\t\t\t\t'{$processing}',\n\t\t\t\tNOW(),\n\t\t\t\t'{$comments}',\n\t\t\t\t'',\n\t\t\t\t'{$paidvia}',\n\t\t\t\t'{$affiliate}',\n\t\t\t\t'{$user_id}',\n\t\t\t\t'',''\n\t\t\t\t\t);");
$i = 1;
//this is here to generate just one code per order
$code = eshop_random_code();
while ($i <= $_POST['numberofproducts']) {
//test
$addoprice = 0;
$chk_id = 'item_number_' . $i;
$chk_qty = 'quantity_' . $i;
$chk_amt = 'amount_' . $i;
//$chk_opt=$itemoption.$i;
$chk_opt = 'item_name_' . $i;
$chk_postid = 'postid_' . $i;
$chk_weight = 'weight_' . $i;
//tax
$tax_amt = $tax_rate = '';
if (isset($eshopoptions['tax']) && $eshopoptions['tax'] == '1') {
$chk_tax = 'tax_' . $i;
$chk_tax_rate = 'tax_rate_' . $i;
if (isset($_POST[$chk_tax])) {
$tax_amt = $wpdb->escape($_POST[$chk_tax]);
$tax_rate = $wpdb->escape($_POST[$chk_tax_rate]);
}
}
$item_id = $wpdb->escape($_POST[$chk_id]);
$item_qty = $wpdb->escape($_POST[$chk_qty]);
$item_amt = $wpdb->escape(str_replace(',', "", $_POST[$chk_amt]));
$optname = $wpdb->escape($_POST[$chk_opt]);
$post_id = $wpdb->escape($_POST[$chk_postid]);
$weight = $wpdb->escape($_POST[$chk_weight]);
$dlchking = $_POST['eshopident_' . $i];
//add opt sets
if (isset($_SESSION['eshopcart' . $blog_id][$dlchking]['optset'])) {
$data['optset'] = $_SESSION['eshopcart' . $blog_id][$dlchking]['optset'];
$data['addoprice'] = $addoprice;
$data = eshop_parse_optsets($data);
$optset = $data['optset'];
$addoprice = $data['addoprice'];
} else {
$optset = '';
}
$optset = $wpdb->escape($optset);
//end
$thechk = $_SESSION['eshopcart' . $blog_id][$dlchking]['option'];
$option_id = $wpdb->escape($thechk);
if (strpos($thechk, ' ') === true) {
$edown = explode(' ', $thechk);
$edl = $edown[1];
} else {
$edl = $thechk;
}
$eshop_product = maybe_unserialize(get_post_meta($post_id, '_eshop_product', true));
$dlchk = '';
if (isset($eshop_product['products'][$edl]['download'])) {
$dlchk = $eshop_product['products'][$edl]['download'];
}
if ($dlchk != '') {
//there are downloads.
$queryitem = $wpdb->query("INSERT INTO {$itemstable}\n\t\t\t\t\t(checkid, item_id,item_qty,item_amt,tax_rate,tax_amt,optname,post_id,option_id,down_id,optsets,weight)values(\n\t\t\t\t\t'{$checkid}','{$item_id}','{$item_qty}','{$item_amt}', '{$tax_rate}', '{$tax_amt}', \n\t\t\t\t\t'{$optname}','{$post_id}','{$option_id}',\n\t\t\t\t\t'{$dlchk}','{$optset}','{$weight}');");
$wpdb->query("UPDATE {$detailstable} set downloads='yes' where checkid='{$checkid}'");
//add to download orders table
$dloadtable = $wpdb->prefix . 'eshop_download_orders';
//$email,$checkid already set
$producttable = $wpdb->prefix . 'eshop_downloads';
$grabit = $wpdb->get_row("SELECT id,title, files FROM {$producttable} where id='{$dlchk}'");
$downloads = $eshopoptions['downloads_num'];
$wpdb->query("INSERT INTO {$dloadtable}\n\t\t\t\t\t(checkid, title,purchased,files,downloads,code,email)values(\n\t\t\t\t\t'{$checkid}',\n\t\t\t\t\t'{$grabit->title}',\n\t\t\t\t\tNOW(),\n\t\t\t\t\t'{$grabit->files}',\n\t\t\t\t\t'{$downloads}',\n\t\t\t\t\t'{$code}',\n\t\t\t\t\t'{$email}');");
} else {
$queryitem = $wpdb->query("INSERT INTO {$itemstable}\n\t\t\t\t\t(checkid, item_id,item_qty,item_amt,tax_rate,tax_amt,optname,post_id,option_id,optsets,weight)values(\n\t\t\t\t\t'{$checkid}','{$item_id}','{$item_qty}','{$item_amt}','{$tax_rate}', '{$tax_amt}', \n\t\t\t\t\t'{$optname}','{$post_id}','{$option_id}','{$optset}','{$weight}');");
}
$i++;
}
$postage = $wpdb->escape(str_replace(',', "", $_POST['shipping_1']));
$shiptaxamt = $shiptaxrate = '';
if (isset($eshopoptions['tax']) && $eshopoptions['tax'] == '1') {
if (isset($_SESSION['shipping' . $blog_id]['cost'])) {
$postage = $wpdb->escape(str_replace(',', "", $_SESSION['shipping' . $blog_id]['cost']));
}
if (isset($_SESSION['shipping' . $blog_id]['tax'])) {
$shiptaxamt = $wpdb->escape(str_replace(',', "", $_SESSION['shipping' . $blog_id]['tax']));
}
if (isset($_SESSION['shipping' . $blog_id]['taxrate'])) {
$shiptaxrate = $wpdb->escape(str_replace(',', "", $_SESSION['shipping' . $blog_id]['taxrate']));
}
}
$postage_name = '';
if (isset($_SESSION['eshopshiptype' . $blog_id]) && !eshop_only_downloads() && $_SESSION['eshopshiptype' . $blog_id] != '0') {
$st = $_SESSION['eshopshiptype' . $blog_id] - 1;
$typearr = explode("\n", $eshopoptions['ship_types']);
$postage_name = stripslashes(esc_attr($typearr[$st])) . ' ';
}
$postage_name .= __('Shipping', 'eshop');
$querypostage = $wpdb->query("INSERT INTO {$itemstable} \n\t\t\t\t\t(checkid, item_id,item_qty,item_amt,tax_rate,tax_amt,optsets)values(\n\t\t\t\t\t'{$checkid}',\n\t\t\t\t\t'{$postage_name}',\n\t\t\t\t\t'1',\n\t\t\t\t\t'{$postage}',\n\t\t\t\t\t'{$shiptaxrate}',\n\t\t\t\t\t'{$shiptaxamt}',\n\t\t\t\t\t'');");
//update the discount codes used, and remove from remaining
$disctable = $wpdb->prefix . 'eshop_discount_codes';
if (eshop_discount_codes_check()) {
if (isset($_SESSION['eshop_discount' . $blog_id]) && valid_eshop_discount_code($_SESSION['eshop_discount' . $blog_id])) {
$discvalid = $wpdb->escape($_SESSION['eshop_discount' . $blog_id]);
do_action('eshop_discount_code_used', $checkid, $discvalid);
$wpdb->query("UPDATE {$disctable} SET used=used+1 where disccode='{$discvalid}' limit 1");
$remaining = $wpdb->get_var("SELECT remain FROM {$disctable} where disccode='{$discvalid}' && dtype!='2' && dtype!='5' limit 1");
//reduce remaining
if (is_numeric($remaining) && $remaining != '') {
$wpdb->query("UPDATE {$disctable} SET remain=remain-1 where disccode='{$discvalid}' limit 1");
}
}
}
do_action('eshoporderhandle', $_POST, $checkid);
if ($eshopoptions['status'] != 'live') {
echo "<p class=\"testing\"><strong>" . __('Test Mode — No money will be collected. This page will not auto redirect in test mode.', 'eshop') . "</strong></p>\n";
}
}
}