<?php

session_start();
require "db.php";
require "functions.php";
$validid = pf_validate_number($_GET['id'], "redirect", $config_basedir);
$prodsql = "SELECT * FROM products WHERE id = " . $validid . ";";
//	$prodres = mysql_query($prodsql);
//	$numrows = mysql_num_rows($prodres);
//	$prodrow = mysql_fetch_assoc($prodres);
$prodres = $db->query($prodsql);
$numrows = $prodres->rowCount();
$prodrow = $prodres->fetchAll(PDO::FETCH_ASSOC);
if ($numrows == 0) {
    header("Location: " . $config_basedir);
} else {
    if ($_POST['submit']) {
        if ($_SESSION['SESS_ORDERNUM']) {
            $itemsql = "INSERT INTO orderitems(order_id, product_id, quantity) VALUES(" . $_SESSION['SESS_ORDERNUM'] . ", " . $validid . ", " . $_POST['amountBox'] . ")";
            //mysql_query($itemsql);
            $db->query($itemsql);
        } else {
            if ($_SESSION['SESS_LOGGEDIN']) {
                $sql = "INSERT INTO orders(customer_id, registered, date) VALUES(" . $_SESSION['SESS_USERID'] . ", 1, NOW())";
                //mysql_query($sql);
                $db->query($sql);
                //session_register("SESS_ORDERNUM");
                //$_SESSION['SESS_ORDERNUM'] = mysql_insert_id();
                $_SESSION['SESS_ORDERNUM'] = null;
                $_SESSION['SESS_ORDERNUM'] = $db->lastInsertId();
                $itemsql = "INSERT INTO orderitems(order_id, product_id, quantity) VALUES(" . $_SESSION['SESS_ORDERNUM'] . ", " . $validid . ", " . $_POST['amountBox'] . ")";
<?php

require "config.php";
require "db.php";
require "functions.php";
$validid = pf_validate_number($_GET['id'], "redirect", $config_basedir . "showcart.php");
$itemsql = "SELECT * FROM orderitems WHERE id = " . $_GET['id'] . ";";
//	$itemres = mysql_query($itemsql);
//	$numrows = mysql_num_rows($itemres);
$itemres = $db->query($itemsql);
$numrows = $itemres->rowCount();
if ($numrows == 0) {
    header("Location: " . $config_basedir . "showcart.php");
}
//$itemrow = mysql_fetch_assoc($itemres);
$itemrow = $itemres->fetchAll(PDO::FETCH_ASSOC);
$prodsql = "SELECT price FROM products WHERE id = " . $itemrow[0]['product_id'] . ";";
//	$prodres = mysql_query($prodsql);
//	$prodrow = mysql_fetch_assoc($prodres);
$prodres = $db->query($prodsql);
$prodrow = $prodres->fetchAll(PDO::FETCH_ASSOC);
$sql = "DELETE FROM orderitems WHERE id = " . $_GET['id'];
//mysql_query($sql);
$db->query($sql);
$totalprice = $prodrow[0]['price'] * $itemrow[0]['quantity'];
$updsql = "UPDATE orders SET total = total - " . $totalprice . " WHERE id = " . $_SESSION['SESS_ORDERNUM'] . ";";
//mysql_query($updres);
$db->query($updres);
header("Location: " . $config_basedir . "/showcart.php");
?>
	
<?php

include "config.php";
include "functions.php";
$validid = pf_validate_number($_GET['id'], "value", $config_basedir);
require "header.php";
if ($validid == 0) {
    $sql = "SELECT items.* FROM items WHERE dateends > NOW()";
} else {
    $sql = "SELECT * FROM items WHERE dateends > NOW() AND cat_id = " . $validid . ";";
}
//$result = mysql_query($sql);
//$numrows = mysql_num_rows($result);
$result = $db->query($sql);
$numrows = $result->rowCount();
echo "<h1>Items available</h1>";
echo "<table cellpadding='5'>";
echo "<tr>";
echo "<th>Image</th>";
echo "<th>Item</th>";
echo "<th>Bids</th>";
echo "<th>Price</th>";
echo "</tr>";
if ($numrows == 0) {
    echo "<tr><td colspan=4>No items!</td></tr>";
} else {
    //while($row = mysql_fetch_assoc($result)) {
    foreach ($result as $row) {
        $imagesql = "SELECT * FROM images WHERE item_id = " . $row['id'] . " LIMIT 1";
        //		$imageresult = mysql_query($imagesql);
        //		$imagenumrows = mysql_num_rows($imageresult);
<?php

session_start();
require "config.php";
require "functions.php";
if (isset($_SESSION['SESS_ADMINLOGGEDIN']) == FALSE) {
    header("Location: " . $basedir);
}
$validid = pf_validate_number($_GET['id'], "redirect", $config_basedir . "adminorders.php");
require "header.php";
echo "<h1>Order Details</h1>";
echo "<a href='adminorders.php'><-- go back to the main orders screen</a>";
$ordsql = "SELECT * from orders WHERE id = " . $validid;
//	$ordres = mysql_query($ordsql);
//	$ordrow = mysql_fetch_assoc($ordres);
$ordres = $db->query($ordsql);
$ordrow = $ordres->fetchAll(PDO::FETCH_ASSOC);
echo "<table cellpadding=10>";
echo "<tr><td><strong>Order Number</strong></td><td>" . $ordrow[0]['id'] . "</td>";
echo "<tr><td><strong>Date of order</strong></td><td>" . date('D jS F Y g.iA', strtotime($ordrow[0]['date'])) . "</td>";
echo "<tr><td><strong>Payment Type</strong></td><td>";
if ($ordrow[0]['payment_type'] == 1) {
    echo "PayPal";
} else {
    echo "Cheque";
}
echo "</td>";
echo "</table>";
if ($ordrow[0]['delivery_add_id'] == 0) {
    $addsql = "SELECT * FROM customers WHERE id = " . $ordrow[0]['customer_id'];
    //$addres = mysql_query($addsql);
<?php

session_start();
include "config.php";
include "functions.php";
//$db = mysql_connect($dbhost, $dbuser, $dbpassword);
//mysql_select_db($dbdatabase, $db);
try {
    $db = new PDO("mysql:host={$dbhost};dbname={$dbdatabase}", $dbuser, $dbpassword);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    echo 'database connection error: ' . $e->getMessage();
}
$validid = pf_validate_number($_GET['id'], "redirect", "index.php");
if (isset($_SESSION['USERNAME']) == FALSE) {
    //header("Location: " . $HOST_NAME . "login.php?ref=images&id=" . $validid);
    header("Location: " . $_SERVER['HTTP_HOST'] . "login.php?ref=images&id=" . $validid);
}
$theitemsql = "SELECT user_id FROM items WHERE id = " . $validid . ";";
//$theitemresult = mysql_query($theitemsql);
//$theitemrow = mysql_fetch_assoc($theitemresult);
$theitemresult = $db->query($theitemsql);
$theitemrow = $theitemresult->fetchAll(PDO::FETCH_ASSOC);
if ($theitemrow[0]['user_id'] != $_SESSION['USERID']) {
    header("Location: " . $config_basedir);
}
if ($_POST['submit']) {
    if ($_FILES['userfile']['name'] == '') {
        //		header("Location: " . $HOST_NAME . $SCRIPT_NAME . "?error=nophoto");
        header("Location: " . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . "?error=nophoto");
    } elseif ($_FILES['userfile']['size'] == 0) {