$sellerid = addslashes($_POST[$seller]);
$seller_name = getSellerFullname($sellerid);
$userid = addslashes($_POST['userid']);
$reason = addslashes($_POST[$reasonid]);
$quantity = addslashes($_POST[$qty]);
$productname = $_POST[$product];
$product_price = $_POST[$price];
$comments = addslashes($_POST['comments']);
$orderid = addslashes($_POST['orderid']);
$sql_insert = "insert into " . $tableprefix . "refunds(seller_id,buyer_id,product_id,order_id,quantity,return_reason,Additional_info,date)\n\t\t\t\t\tVALUES('" . $sellerid . "','" . $userid . "','" . $pid . "','" . $orderid . "','" . $quantity . "','" . $reason . "','" . $comments . "',now()) ";
$rs_insert = mysql_query($sql_insert) or die(mysql_error());
$refund_id = mysql_insert_id();
////////////////////////insert into support desk ticket table//////////
//
//fetch user deatails from support desk user table
$supportUser = getUserSupportDetails($userid);
//echo "<pre>";print_r($supportUser);
$deptid = $supportUser['nDeptId'];
$var_username = $supportUser['vUserName'];
$priority = $supportUser['vPriority'];
$varclip = getClientIP();
$title = "Refund Request for " . $productname;
$commentstkt = "";
$commentstkt .= "Product Name : " . $productname;
$commentstkt .= "<br/>Quantity : " . $quantity;
$commentstkt .= "<br/>Price : " . $currencySymbol . " " . number_format($product_price, 2);
$commentstkt .= "<br/>Reason : " . $reason;
$commentstkt .= "<br/>Vendor : " . $seller_name;
$commentstkt .= "<br/>Comments : " . $comments . "<br/><br/>";
//echo $commentstkt;
$sql_insert_ticket = "insert into sptbl_tickets(nTicketId,nDeptId,vRefNo,nUserId,vUserName,vTitle,tQuestion,vPriority,dPostDate,vMachineIP,dLastAttempted)";
if ($username_flag == 1 && $password_flag == 1) {
$message = "Invalid username or password";
}
if ($username_flag == 1 && $password_flag == 0) {
$message = "Invalid username or password";
}
if ($username_flag != 1 && $password_flag != 1) {
$sql = " SELECT user_id,user_name,password FROM " . $tableprefix . "users WHERE user_name='" . addslashes($txtUserName) . "' AND password = '******' AND deleted = 'N'";
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
$message = "Success!";
$_SESSION["sess_username"] = $row["user_name"];
$_SESSION["sess_userid"] = $row["user_id"];
//set supportdesk user details in sessio
$userSupportDetails = getUserSupportDetails($row["user_id"]);
$useremail = $userSupportDetails["vEmail"];
$userfullname = $userSupportDetails["vUserName"];
$compid = $userSupportDetails["nCompId"];
$_SESSION["sess_useremail"] = $useremail;
$_SESSION["sess_userfullname"] = $userfullname;
$_SESSION["sess_usercompid"] = $compid;
//end
//Add to wish list
$wishMessage = addproductToWishList();
// Ending Session for Sellers, Affiliates
if (isset($_SESSION["sess_artistid"]) and $_SESSION["sess_artistid"] != "") {
// Logging Out User from same window
session_unregister($_SESSION["sess_artistid"]);
}
if (isset($_SESSION["sess_affiliateid"]) and $_SESSION["sess_affiliateid"] != "") {
