if (!isset($license2) || $license2 == '0') {
$l2_price = '0';
}
if (!isset($license3) || $license3 == '0') {
$l3_price = '0';
}
//
if (isset($_POST['brand']) && is_numeric($_POST['brand'])) {
$_brand = $_POST['brand'];
} else {
$_brand = $user_brand;
}
if (isset($current_user->wp_capabilities['author']) && $current_user->wp_capabilities['author'] == 1) {
$updatesql = "UPDATE `wp_product_list` SET `name` = '" . $wpdb->escape(removeCrLf(htmlspecialchars($_POST['title']))) . "', `description` = '" . $wpdb->escape(removeCrLf(htmlspecialchars($_POST['description']))) . "', `additional_description` = '" . $wpdb->escape(correct_comma(removeCrLf(htmlspecialchars($_POST['additional_description'])))) . "', `category` = '" . $wpdb->escape($_POST['category'][0]) . "', `brand` = '" . $_brand . "', `display_frontpage`='{$display_frontpage}', `visible`='{$visible}',`color`='{$colored}', `not_for_sale`='{$not_for_sale}', `l1_price`='{$l1_price}', `l2_price`='{$l2_price}', `l3_price`='{$l3_price}' WHERE `id`='" . $_POST['prodid'] . "' LIMIT 1";
} else {
$updatesql = "UPDATE `wp_product_list` SET `name` = '" . $wpdb->escape(removeCrLf(htmlspecialchars($_POST['title']))) . "', `description` = '" . $wpdb->escape(removeCrLf(htmlspecialchars($_POST['description']))) . "', `additional_description` = '" . $wpdb->escape(correct_comma(removeCrLf(htmlspecialchars($_POST['additional_description'])))) . "', `category` = '" . $wpdb->escape($_POST['category'][0]) . "', `brand` = '" . $_brand . "', `display_frontpage`='{$display_frontpage}', `visible`='{$visible}', `approved`='{$approved}', `color`='{$colored}', `not_for_sale`='{$not_for_sale}', `l1_price`='{$l1_price}', `l2_price`='{$l2_price}', `l3_price`='{$l3_price}' WHERE `id`='" . $_POST['prodid'] . "' LIMIT 1";
}
$wpdb->query($updatesql);
// update temadnya
if ($temadnya == '1') {
$sql_temadnya = "insert into `wp_item_category_associations` (product_id, category_id) values ('" . $_POST['prodid'] . "','777')";
$wpdb->query($sql_temadnya);
} elseif ($temadnya == '0') {
$sql_temadnya = "delete from `wp_item_category_associations` where product_id=" . $_POST['prodid'] . " and category_id='777'";
$wpdb->query($sql_temadnya);
}
if ($image != null) {
$updatesql2 = "UPDATE `wp_product_list` SET `image` = '" . $image . "' WHERE `id`='" . $_POST['prodid'] . "' LIMIT 1";
$wpdb->query($updatesql2);
}
if (isset($_POST['deleteimage']) && $_POST['deleteimage'] == 1) {
function fill_product_list($fileid)
{
$l1_price = 250;
$l2_price = 500;
$l3_price = 2500;
$not_for_sale = 0;
$display_frontpage = 1;
$visible = 1;
$user_brand = 8;
//todo
$image = '';
if (isset($_POST['colored']) && $_POST['colored'] == 'on') {
$colored = 1;
} else {
$colored = 0;
}
if (isset($_POST['carcategory']) && is_numeric($_POST['carcategory'])) {
$category_id = $_POST['carcategory'];
} else {
$category_id = 5;
//cartoon
}
if (isset($_POST['brand']) && is_numeric($_POST['brand'])) {
$_brand = mysql_real_escape_string($_POST['brand']);
} else {
$_brand = trim($user_brand);
}
$insertsql = "INSERT INTO `wp_product_list` ( `id`, `name`, `description`, `additional_description`, `file` , `image` , `category`, `brand`, `display_frontpage`, `visible`, `approved`, `color`, `not_for_sale`, `l1_price`, `l2_price`, `l3_price`) VALUES ('', '" . removeCrLf(htmlspecialchars($_POST['carname'])) . "', '" . removeCrLf(htmlspecialchars($_POST['cardescription'])) . "', '" . correct_comma(removeCrLf(htmlspecialchars($_POST['cartags']))) . "','" . $fileid . "', '" . $image . "', '" . $category_id . "', '" . $_brand . "', '{$display_frontpage}', '{$visible}', NULL, '{$colored}', '{$not_for_sale}', {$l1_price}, {$l2_price}, {$l3_price});";
if (!($result = mysql_query($insertsql))) {
die('Invalid query: ' . mysql_error());
}
$new_id = mysql_insert_id();
$sql_purgery = "insert into al_editors_votes (image_id, up, down) values ('" . $new_id . "','0','0')";
if (!($result = mysql_query($sql_purgery))) {
die('Invalid query: ' . mysql_error());
}
}
