/**
* Play back the full stack of template variables to assign them into the template
*/
protected function play_var_stack()
{
if (!$this->added_template_vars) {
$this->add_template_vars();
}
$this->template_engine->clear();
$stack = call_user_func_array('array_merge', $this->var_stack);
foreach ($stack as $key => $value) {
$this->template_engine->assign($key, $value);
}
}
// falls Admin-Rechte
$isAdmin = 1;
} else {
$isAdmin = 0;
}
if ($user != null && $user->checkPermissions(0, 0, 0, 1)) {
// falls Orderer-Rechte
$isOrderer = 1;
} else {
$isOrderer = 0;
}
$LOG = new Log();
$tpl = new TemplateEngine("template/viewProduct.html", "template/frame.html", $lang["orderer_viewProduct"]);
$LOG->write('3', 'orderer/viewProduct.php');
$pID = $_GET['pID'];
$tpl->assign('ID', $pID);
//Produktdaten
$product_query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM products\n\t\t\t\tWHERE products_id = " . $pID . "\n\t\t\t\tORDER BY sort_order, name\n\t\t\t\t");
$product = DB_fetchArray($product_query);
$tpl->assign('name', $product['name']);
$tpl->assign('description', $product['description']);
//$tpl->assign('sort_order',$product['sort_order']);
$tpl->assign('active', $product['active']);
// zur Unterscheidung, ob anzeigbar, weiterhin mitliefern
$tpl->assign('deleted', $product['deleted']);
$tpl->assign('image_small', $product['image_small']);
$tpl->assign('image_big', $product['image_big']);
$tpl->assign('stock', $product['stock']);
$tpl->assign('price', $product['price']);
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
/**
* A utility method to load a controller. This method loads the controller
* and fetches the contents of the controller into the Controller::$contents
* variable if the get_contents parameter is set to true on call. If a controller
* doesn't exist in the module path, a ModelController is loaded to help
* manipulate the contents of the model. If no model exists in that location,
* it is asumed to be a package and a package controller is loaded.
*
* @param $path The path for the model to be loaded.
* @param $get_contents A flag which determines whether the contents of the
* controller should be displayed.
* @return Controller
*/
public static function load($path, $get_contents = true)
{
global $redirectedPackage;
global $packageSchema;
$controller_path = "";
$controller_name = "";
$redirected = false;
$redirect_path = "";
$package_name = "";
$package_main = "";
//Go through the whole path and build the folder location of the system
for ($i = 0; $i < count($path); $i++) {
$p = $path[$i];
$baseClassName = $package_name . Application::camelize("{$controller_path}/{$p}", "/");
if (file_exists(SOFTWARE_HOME . "app/modules/{$controller_path}/{$p}/{$baseClassName}Controller.php")) {
$controller_class_name = $baseClassName . "Controller";
$controller_name = $p;
$controller_path .= "/{$p}";
$controller_type = Controller::TYPE_MODULE;
add_include_path("app/modules/{$controller_path}/");
break;
} else {
if (file_exists(SOFTWARE_HOME . "app/modules/{$controller_path}/{$p}/{$p}.php")) {
$controller_name = $p;
$controller_path .= "/{$p}";
$controller_type = Controller::TYPE_MODULE;
break;
} else {
if (file_exists(SOFTWARE_HOME . "app/modules/{$controller_path}/{$p}/{$baseClassName}Model.php")) {
$controller_name = $p;
$controller_path .= "/{$p}";
$controller_type = Controller::TYPE_MODEL;
break;
} else {
if (file_exists(SOFTWARE_HOME . "app/modules/{$controller_path}/{$p}/model.xml")) {
$controller_name = $p;
$controller_path .= "/{$p}";
$controller_type = Controller::TYPE_MODEL;
break;
} else {
if (file_exists(SOFTWARE_HOME . "app/modules/{$controller_path}/{$p}/report.xml")) {
$controller_name = $p;
$controller_path .= "/{$p}";
$controller_type = Controller::TYPE_REPORT;
break;
} else {
if (file_exists(SOFTWARE_HOME . "app/modules/{$controller_path}/{$p}/package_redirect.php")) {
include SOFTWARE_HOME . "app/modules/{$controller_path}/{$p}/package_redirect.php";
$redirected = true;
$previousControllerPath = $controller_path . "/{$p}";
$controller_path = "";
$redirectedPackage = $package_path;
$packageSchema = $package_schema;
} else {
if ($redirected === true && file_exists(SOFTWARE_HOME . "{$redirect_path}/{$controller_path}/{$p}/report.xml")) {
$controller_name = $p;
$controller_path .= "/{$p}";
$controller_type = Controller::TYPE_REPORT;
break;
} else {
if ($redirected === true && file_exists(SOFTWARE_HOME . "{$redirect_path}/{$controller_path}/{$p}/{$baseClassName}Controller.php")) {
$controller_class_name = $baseClassName . "Controller";
$controller_name = $p;
$controller_path .= "/{$p}";
$controller_type = Controller::TYPE_MODULE;
$package_main .= $p;
add_include_path("{$redirect_path}/{$controller_path}/");
break;
} else {
$controller_path .= "/{$p}";
if ($redirected) {
$package_main .= "{$p}.";
}
}
}
}
}
}
}
}
}
}
// Check the type of controller and load it.
switch ($controller_type) {
case Controller::TYPE_MODULE:
// Load a module controller which would be a subclass of this
// class
if ($controller_class_name == "") {
require_once SOFTWARE_HOME . "app/modules{$controller_path}/{$controller_name}.php";
$controller = new $controller_name();
} else {
$controller_name = $controller_class_name;
$controller = new $controller_class_name();
$controller->redirected = $redirected;
$controller->redirectPath = $redirect_path;
$controller->redirectedPackage = $package_path;
$controller->mainRedirectedPackage = $package_main;
$controller->redirectedPackageName = $package_name;
}
break;
case Controller::TYPE_MODEL:
// Load the ModelController wrapper around an existing model class.
$model = substr(str_replace("/", ".", $controller_path), 1);
$controller_name = "ModelController";
$controller = new ModelController($model, $package_path);
break;
case Controller::TYPE_REPORT:
$controller = new XmlDefinedReportController($redirect_path . $controller_path . "/report.xml", $redirected);
$controller_name = "XmlDefinedReportController";
break;
default:
// Load a package controller for this folder
if (is_dir("app/modules{$controller_path}")) {
$controller = new PackageController($path);
$controller_name = "PackageController";
$get_contents = true;
$force_output = true;
} else {
if ($redirected === true && is_dir(SOFTWARE_HOME . "{$redirect_path}/{$controller_path}")) {
$controller = new PackageController($path);
$controller_name = "PackageController";
$get_contents = true;
$force_output = true;
} else {
$controller = new ErrorController();
$controller_name = "ErrorController";
}
}
}
// If the get contents flag has been set return all the contents of this
// controller.
$controller->path = $previousControllerPath . $controller_path;
if ($get_contents) {
if ($i == count($path) - 1 || $force_output) {
$ret = $controller->getContents();
} else {
if (method_exists($controller, $path[$i + 1])) {
$controller_class = new ReflectionClass($controller_name);
$method = $controller_class->GetMethod($path[$i + 1]);
$ret = $method->invoke($controller, array_slice($path, $i + 2));
} else {
$ret = "<h2>Error</h2> Method does not exist. [" . $path[$i + 1] . "]";
}
}
if (is_array($ret)) {
$t = new TemplateEngine();
$t->assign('controller_path', $controller_path);
$t->assign($ret["data"]);
$controller->content = $t->fetch(isset($ret["template"]) ? $ret["template"] : $path[$i + 1] . ".tpl");
} else {
if (is_string($ret)) {
$controller->content = $ret;
}
}
}
return $controller;
}
$sign = $_POST['sign'];
$forward = $_POST['camefrom'];
$login = loginUser($sign, $password);
if ($login && $forward != '') {
redirectURI('/admin/' . $forward);
} elseif ($login && $forward == '') {
redirectURI('/admin/index.php');
} elseif (!$login && $forward != '') {
redirectURI('/admin/login.php', 'error=failed&camefrom=' . $forward);
} else {
redirectURI('/admin/login.php', 'error=failed');
}
}
} elseif (isset($_GET['action'])) {
if ($_GET['action'] == 'logout') {
logoutUser();
redirectURI('/admin/index.php');
}
} else {
if (isset($_GET['camefrom'])) {
$tpl->assign('cf', $_GET['camefrom']);
} else {
$tpl->assign('cf', '');
}
if (isset($_GET['error'])) {
$tpl->assign('error', $_GET['error']);
} else {
$tpl->assign('error', '');
}
$tpl->display();
}
$basketPID[] = $line['products_id'];
$basketProducts[] = $line['name'];
$basketSinglePrices[] = $line['price'];
$basketSumPrices[] = $line['price'] * $line['count'];
$basketSumAll += $line['price'] * $line['count'];
}
for ($i = 0; $i < count($basketBID); $i++) {
// Um zu gewährleisten, dass nur das in der Kasse Angezeigte bestellt wird, und keine Änderungen während des Ansehens in der Kasse berücksichtigt werden
$PIDlist .= $basketPID[$i] . ";";
// Liste der ProduktIDs zusammen stellen, die beim Bestellen übergeben wird.
$countList .= $basketCount[$i] . ";";
// Liste der Produkt-Anzahlen zusammen stellen, die beim Bestellen übergeben wird.
$BIDlist .= $basketBID[$i] . ";";
// Liste der BasketIDs zusammen stellen, die beim Bestellen übergeben wird.
}
$tpl->assign('basket_array_bid', $basketBID);
$tpl->assign('basket_array_count', $basketCount);
$tpl->assign('basket_array_pid', $basketPID);
$tpl->assign('basket_array_product', $basketProducts);
$tpl->assign('basket_array_single_prices', $basketSinglePrices);
$tpl->assign('basket_array_sum_prices', $basketSumPrices);
$tpl->assign('basket_array_sum_all', $basketSumAll);
$tpl->assign('bids', $BIDlist);
//CSV
$tpl->assign('pids', $PIDlist);
//CSV
$tpl->assign('counts', $countList);
//CSV
if ($fehler_kapazitaetKurzVorSpeicherung == 0) {
// Wenn nicht bereits obige Fehlerbehandlung greift.
// Product.stock checken (über alle potentiellen Bestellungen)
/**
* Renders a given smarty template and returns the output as a string.
* The template passed to this function could either be a string or a file.
* The type of template is specified through the $proto parameter. If a
* protocol is not specified the render function reads in a file.
*
* @param string $template Template string or path to template
* @param array $data The data to render the template with.
* @param string $proto The type of template. 'file' for files and 'string' for strings.
*
* @return string
*/
public static function render($template, $data, $proto = 'file')
{
$t = new TemplateEngine();
$t->assign($data);
return @$t->fetch("{$proto}:" . ($proto === 'file' ? getcwd() . "/" : '') . "{$template}");
}
redirectURI("/admin/login.php", "camefrom=users.php");
}
$LOG = new Log();
$tpl = new TemplateEngine("template/editUser.html", "template/frame.html", $lang["admin_users"]);
if (isset($_POST['action'])) {
$LOG->write('3', 'admin/editUser.php: action set');
if ($_POST['action'] == 'add') {
$LOG->write('3', 'admin/editUser.php: action=add');
if ($_POST['password'] == $_POST['repeatPassword']) {
addUser();
$LOG->write('2', 'Nutzer ' . mysql_insert_id() . ' hinzugefügt');
redirectURI('/admin/users.php');
} else {
// falsche Passwortwiederholung
$passwordError = "1";
$tpl->assign('action', 'add');
$tpl->assign('uID', '');
$tpl->assign('password_error', $passwordError);
$tpl->assign('name', $_POST['name']);
$tpl->assign('lastname', $_POST['lastname']);
$tpl->assign('email', $_POST['email']);
$tpl->assign('bill_name', $_POST['bill_name']);
$tpl->assign('bill_street', $_POST['bill_street']);
$tpl->assign('bill_postcode', $_POST['bill_postcode']);
$tpl->assign('bill_city', $_POST['bill_city']);
$tpl->assign('bill_state', $_POST['bill_state']);
$tpl->assign('ship_name', $_POST['ship_name']);
$tpl->assign('ship_street', $_POST['ship_street']);
$tpl->assign('ship_postcode', $_POST['ship_postcode']);
$tpl->assign('ship_city', $_POST['ship_city']);
$tpl->assign('ship_state', $_POST['ship_state']);
$isAdmin = 1;
} else {
$isAdmin = 0;
if ($user != null && $user->checkPermissions(0, 0, 0, 1, 1)) {
// wenn ORDERER
redirectURI("/orderer/index.php");
}
if ($user == null || !$user->checkPermissions(1)) {
redirectURI("/viewer/index.php");
}
}
$LOG = new Log();
$tpl = new TemplateEngine("template/viewProduct.html", "template/frame.html", $lang["user_viewProduct"]);
$LOG->write('3', 'user/viewProduct.php');
$pID = $_GET['pID'];
$tpl->assign('ID', $pID);
// In den Warenkorb:
if (isset($_POST['action'])) {
$action = $_POST['action'];
if ($action == "into_basket") {
$pid = $_POST['pid'];
$uid = $user->getID();
$date = actualDate();
// Product.stock zu der PID der aktuellen Aktion checken
$fehlerArray = array();
// für Fehlermeldung, wenn Produktkapazität überschritten
$countTry = $_POST['count'];
// angeforderte Menge, die in den Warenkorb hinzugefügt werden soll
$count = 0;
$stock = 0;
$name = null;
} else {
$isAdmin = 0;
if ($user != null && $user->checkPermissions(0, 0, 0, 1, 1)) {
// wenn ORDERER
redirectURI("/orderer/index.php");
}
if ($user == null || !$user->checkPermissions(1)) {
redirectURI("/user/login.php", "camefrom=index.php");
}
}
$LOG = new Log();
$tpl = new TemplateEngine("template/editUser.html", "template/frame.html", $lang["user_users"]);
// Warenkorb des Users erstellen
$userid = $_SESSION['user'];
$basket = restoreUserBasket($userid);
$tpl->assign('basket_array_bid', $basket["basket_array_bid"]);
$tpl->assign('basket_array_count', $basket["basket_array_count"]);
$tpl->assign('basket_array_pid', $basket["basket_array_pid"]);
$tpl->assign('basket_array_product', $basket["basket_array_product"]);
if (isset($_POST['action'])) {
$LOG->write('3', 'user/editUser.php: action set');
// Eigene Einstellungen editieren (mit Passwort)
if ($_POST['action'] == 'editSelf') {
$LOG->write('3', 'user/editUser.php: action=editSelf');
if ($_POST['password'] == $_POST['repeatPassword']) {
editSelfUser();
$LOG->write('2', 'Nutzer ' . $_GET['catID'] . ' bearbeitet');
redirectURI('/user/categories.php');
} else {
// falsche Passwortwiederholung
$passwordError = "1";
$redirect = urlencode(Application::getLink("/{$_GET["q"]}"));
foreach ($_GET as $key => $value) {
if ($key == "q") {
continue;
}
$redirect .= urlencode("{$key}={$value}");
}
header("Location: " . Application::getLink("/{$authPackage}/login") . "?redirect={$redirect}");
} else {
if ($_SESSION["logged_in"] === true) {
// Force a password reset if user is logging in for the first time
if ($_SESSION["user_mode"] == 2 && $_GET["q"] != "{$authPackage}/login/change_password") {
header("Location: " . Application::getLink("/{$authPackage}/login/change_password"));
}
Application::addJavaScript(Application::getLink(Application::getWyfHome("js/wyf.js")));
$t->assign('username', $_SESSION["user_name"]);
$t->assign('firstname', $_SESSION['user_firstname']);
$t->assign('lastname', $_SESSION['user_lastname']);
if (isset($_GET["notification"])) {
$t->assign('notification', "<div id='notification'>" . $_GET["notification"] . "</div>");
}
// Load the side menus
if (defined('MENU_FILE')) {
$menuFile = MENU_FILE;
} else {
$menuFile = SOFTWARE_HOME . "app/cache/menus/side_menu_{$_SESSION["role_id"]}.html";
}
if (file_exists($menuFile)) {
$t->assign('side_menu', file_get_contents($menuFile));
}
$top_menu_items = explode("/", $_GET["q"]);
if ($user != null && $user->checkPermissions(0, 0, 0, 1, 1)) {
// wenn ORDERER
redirectURI("/orderer/index.php");
}
if ($user == null || !$user->checkPermissions(1)) {
redirectURI("/viewer/index.php");
}
}
$LOG = new Log();
$tpl = new TemplateEngine("template/categories.html", "template/frame.html", $lang["user_categories"]);
if (isset($_GET['catID'])) {
$requestedCategory = $_GET['catID'];
} else {
$requestedCategory = 0;
}
$tpl->assign('catID', $requestedCategory);
// Aus Warenkorb löschen:
if (isset($_GET['action'])) {
if ($_GET['action'] == "removeFromBasket") {
$bid = $_GET['bID'];
// BasketID
$remove_query = DB_query("\t\n\t\t\tDELETE\n\t\t\tFROM basket\n \tWHERE basket_id={$bid}\n\t\t");
}
}
//Kategorie finden
if ($requestedCategory != 0) {
$query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM categories\n\t\t\t\tWHERE categories_id = " . $requestedCategory);
$category = DB_fetchArray($query);
$tpl->assign('parent', $category['parent']);
} else {
$category = null;
redirectURI("/user/login.php", "camefrom=index.php");
}
$user = restoreUser();
if ($user != null && $user->checkPermissions(1, 1)) {
// falls Admin-Rechte
$isAdmin = 1;
} else {
$isAdmin = 0;
}
$LOG = new Log();
$tpl = new TemplateEngine("template/viewUser.html", "template/frame.html", $lang["orderer_users"]);
// Nutzerdaten einsehen
if (isset($_GET['uID'])) {
$LOG->write('3', 'orderer/viewUser.php');
$uID = $_GET['uID'];
$tpl->assign('uID', $uID);
//Alle Daten zum Benutzer
$users_query = DB_query("SELECT\n\t\t\t\tname,\n\t\t\t\tlastname,\n\t\t\t\temail,\n\t\t\t\tbill_name,\n\t\t\t\tbill_street,\n\t\t\t\tbill_postcode,\n\t\t\t\tbill_city,\n\t\t\t\tbill_state,\n\t\t\t\tship_name,\n\t\t\t\tship_street,\n\t\t\t\tship_postcode,\n\t\t\t\tship_city,\n\t\t\t\tship_state,\n\t\t\t\tbank_name,\n\t\t\t\tbank_iban,\n\t\t\t\tbank_number,\n\t\t\t\tbank_account\n\t\t\t\tFROM users\n\t\t\t\tWHERE users_id = " . $uID);
$userdata = DB_fetchArray($users_query);
$tpl->assign('name', $userdata['name']);
$tpl->assign('lastname', $userdata['lastname']);
$tpl->assign('email', $userdata['email']);
$tpl->assign('bill_name', $userdata['bill_name']);
$tpl->assign('bill_street', $userdata['bill_street']);
$tpl->assign('bill_postcode', $userdata['bill_postcode']);
$tpl->assign('bill_city', $userdata['bill_city']);
$tpl->assign('bill_state', $userdata['bill_state']);
$tpl->assign('ship_name', $userdata['ship_name']);
$tpl->assign('ship_street', $userdata['ship_street']);
$tpl->assign('ship_postcode', $userdata['ship_postcode']);
$tpl->assign('ship_city', $userdata['ship_city']);
redirectURI('/admin/addCategory.php', 'action=edit&catID=' . $_POST['catID'] . '&error=name_error');
}
if (!checkInput($_POST['description'], 'string')) {
redirectURI('/admin/addCategory.php', 'action=edit&catID=' . $_POST['catID'] . '&error=desc_error');
}
if (!checkInput($sort_order, 'int')) {
redirectURI('/admin/addCategory.php', 'action=edit&catID=' . $_POST['catID'] . '&error=sort_error');
}
DB_query("UPDATE categories SET \n\t\t\t\t\tname='" . $_POST['name'] . "',\n\t\t\t\t\tactive=" . $active . ",\n\t\t\t\t\tdescription='" . $_POST['description'] . "',\n\t\t\t\t\tsort_order=" . $sort_order . "\n\t\t\t\t\tWHERE categories_id=" . $_POST['catID']);
$LOG->write('2', 'Kategorie ' . $_GET['catID'] . ' bearbeitet');
redirectURI('/admin/categories.php', 'catID=' . $_POST['parent']);
}
} elseif ($_GET['action'] == 'edit') {
$LOG->write('3', 'admin/addCategory.php: get-action=edit');
$catID = $_GET['catID'];
$tpl->assign('catID', $catID);
$tpl->assign('action', 'edit');
//Alte Daten zur Kategorie
$category_query = DB_query("SELECT\n\t\t\t\t\t*\n\t\t\t\t\tFROM categories\n\t\t\t\t\tWHERE categories_id = " . $catID);
$category = DB_fetchArray($category_query);
$tpl->assign('name', $category['name']);
$tpl->assign('description', $category['description']);
$tpl->assign('sort_order', $category['sort_order']);
$tpl->assign('active', $category['active']);
$tpl->assign('parent', $category['parent']);
$tpl->assign('error', $_GET['error']);
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->display();
} elseif ($_GET['action'] == 'delete') {
$LOG->write('3', 'admin/addCategory.php: get-action=delete');
redirectURI("/user/login.php");
}
if ($user != null && $user->checkPermissions(1, 1)) {
// falls Admin-Rechte
$isAdmin = 1;
} else {
$isAdmin = 0;
}
$LOG = new Log();
$tpl = new TemplateEngine("template/categories.html", "template/frame.html", $lang["orderer_categories"]);
if (isset($_GET['catID'])) {
$requestedCategory = $_GET['catID'];
} else {
$requestedCategory = 0;
}
$tpl->assign('catID', $requestedCategory);
//Kategorie finden
if ($requestedCategory != 0) {
$query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM categories\n\t\t\t\tWHERE categories_id = " . $requestedCategory);
$category = DB_fetchArray($query);
$tpl->assign('parent', $category['parent']);
} else {
$category = null;
$tpl->assign('parent', null);
}
//Kinder finden
$children_query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM categories\n\t\t\t\tWHERE parent = " . $requestedCategory . "\n\t\t\t\tORDER BY sort_order, name");
$children = array();
while ($line = DB_fetchArray($children_query)) {
$list = array("id" => $line['categories_id'], "name" => $line['name'], "active" => $line['active']);
$LOG->write('3', "orderer/categories.php:39: " . $list['name']);
/**
* A static function for invoking the smarty template engine given the
* template and the data variables.
*
* @param string $template
* @param string $data
*/
public static function render($template, $data)
{
$t = new TemplateEngine();
$t->assign($data);
return $t->fetch("file:/" . getcwd() . "/{$template}");
}
// wenn ORDERER
redirectURI("/orderer/index.php");
}
if ($user != null && $user->checkPermissions(0, 0, 1)) {
// wenn USER
redirectURI("/user/index.php");
}
}
$LOG = new Log();
$tpl = new TemplateEngine("template/categories.html", "template/frame.html", $lang["viewer_categories"]);
if (isset($_GET['catID'])) {
$requestedCategory = $_GET['catID'];
} else {
$requestedCategory = 0;
}
$tpl->assign('catID', $requestedCategory);
//Kategorie finden
if ($requestedCategory != 0) {
$query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM categories\n\t\t\t\tWHERE categories_id = " . $requestedCategory);
$category = DB_fetchArray($query);
$tpl->assign('parent', $category['parent']);
} else {
$category = null;
$tpl->assign('parent', null);
}
//Kinder finden
$children_query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM categories\n\t\t\t\tWHERE parent = " . $requestedCategory . "\n\t\t\t\tORDER BY sort_order, name");
$children = array();
while ($line = DB_fetchArray($children_query)) {
$list = array("id" => $line['categories_id'], "name" => $line['name'], "active" => $line['active']);
$LOG->write('3', "viewer/categories.php:39: " . $list['name']);
$sortorder = $_POST['sort_order'];
}
DB_query("INSERT INTO products VALUES (\n\t\t\t\t\t0,\n\t\t\t\t\t'" . $_POST['name'] . "',\n\t\t\t\t\t" . $cat . ",\n\t\t\t\t\t0,\n\t\t\t\t\t" . $active . ",\n\t\t\t\t\t'" . $_POST['description'] . "',\n\t\t\t\t\t'" . $image_uri_1 . "',\n\t\t\t\t\t'" . $image_uri_2 . "',\n\t\t\t\t\t'" . $_POST['stock'] . "',\n\t\t\t\t\t'" . $_POST['price'] . "',\n\t\t\t\t\t'" . $createtime . "',\n\t\t\t\t\t" . $sortorder . ")\n\t\t\t\t\t");
$neueID = mysql_insert_id();
DB_query("UPDATE products SET\n\t\t\t\t\tdeleted=1\n\t\t\t\t\twhere products_id=" . $_POST['ID']);
// noch in Warenkörben alte IDs zu neuen IDs ändern.
DB_query("\n\t\t\tUPDATE basket\n\t\t\tSET products_id = " . $neueID . "\n\t\t\tWHERE products_id = " . $_POST['ID']);
$LOG->write('2', 'Produkt ' . $_POST['ID'] . ' geändert, neue ID=' . $neueID);
$parent = $cat;
//redirectURI('/admin/categories.php');
redirectURI('/admin/categories.php', 'catID=' . $parent);
}
} elseif ($_GET['action'] == 'edit') {
$LOG->write('3', 'admin/addProduct.php: get-action=edit');
$pID = $_GET['pID'];
$tpl->assign('ID', $pID);
$tpl->assign('action', 'edit');
//Alte Daten zur Kategorie
$product_query = DB_query("SELECT\n\t\t\t\t\t*\n\t\t\t\t\tFROM products\n\t\t\t\t\tWHERE products_id = " . $pID);
$product = DB_fetchArray($product_query);
$tpl->assign('name', $product['name']);
$tpl->assign('description', $product['description']);
$tpl->assign('sort_order', $product['sort_order']);
$tpl->assign('active', $product['active']);
$tpl->assign('image_small', $product['image_small']);
$tpl->assign('image_big', $product['image_big']);
$tpl->assign('stock', $product['stock']);
$tpl->assign('price', $product['price']);
$tpl->assign('deleted', $product['deleted']);
$tpl->assign('error', $_GET['error']);
$tpl->assign('user_name', $user->getName());
<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
//include('../includes/functions/verifyadmin.inc');
$user = restoreUser();
if ($user == null || !$user->checkPermissions(0, 0, 0, 1, 1)) {
redirectURI("/admin/login.php", "camefrom=orders.php");
}
$LOG = new Log();
$tpl = new TemplateEngine("template/orders.html", "template/frame.html", $lang["orderer_orders"]);
//Alle Bestellungen finden
$orders_query = DB_query("SELECT\n\t\t\t\t*, UNIX_TIMESTAMP(date) AS formated_date\n\t\t\t\tFROM orders\n\t\t\t\tORDER BY date\n\t\t\t");
$orders_list = array();
while ($orders = DB_fetchArray($orders_query)) {
$user_query = DB_query("SELECT \n\t\t\t\t\tname,\n\t\t\t\t\tlastname\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE users_id = " . $orders['users_id']);
$users = DB_fetchArray($user_query);
$orders_list[] = array("id" => $orders['orders_id'], "date" => $orders['formated_date'], "items_id" => $orders['order_items_id'], "users_id" => $orders['users_id'], "username" => $users['name'] . " " . $users['lastname'], "shipping_date" => $orders['shipping_date'], "shipped" => $orders['shipped']);
}
$tpl->assign('orders', $orders_list);
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->display();
//include('../includes/functions/verifyadmin.inc');
$user = restoreUser();
if ($user == null || !$user->checkPermissions(1, 1)) {
redirectURI("/admin/login.php", "camefrom=editOrder.php");
}
$LOG = new Log();
$tpl = new TemplateEngine("template/editOrder.html", "template/frame.html", $lang["admin_orders"]);
$order_id = $_GET['id'];
if (isset($_POST['ordershipped'])) {
$shipping_date = actualDate();
DB_query("UPDATE orders SET\n\t\t\tshipping_date = '" . $shipping_date . "'\n\t\t\tWHERE orders_id = " . $order_id);
}
//Alle Details zu der Bestellung finden
$order_query = DB_query("SELECT\n\t\t\t\t*, UNIX_TIMESTAMP(date) AS formated_date,\n\t\t\t\tUNIX_TIMESTAMP(shipping_date) AS formated_shipping_date\n\t\t\t\tFROM orders\n\t\t\t\tWHERE orders_id = " . $order_id);
$order = DB_fetchArray($order_query);
$tpl->assign('orderDate', $order['formated_date']);
$tpl->assign('shippingDate', $order['formated_shipping_date']);
$tpl->assign('orderid', $order_id);
$tpl->assign('bill_name', $order['bill_name']);
$tpl->assign('bill_street', $order['bill_street']);
$tpl->assign('bill_postcode', $order['bill_postcode']);
$tpl->assign('bill_city', $order['bill_city']);
$tpl->assign('bill_state', $order['bill_state']);
$tpl->assign('ship_name', $order['ship_name']);
$tpl->assign('ship_street', $order['ship_street']);
$tpl->assign('ship_postcode', $order['ship_postcode']);
$tpl->assign('ship_city', $order['ship_city']);
$tpl->assign('ship_state', $order['ship_state']);
$tpl->assign('bank_name', $order['bank_name']);
$tpl->assign('bank_iban', $order['bank_iban']);
$tpl->assign('bank_number', $order['bank_number']);
$isAdmin = 1;
} else {
$isAdmin = 0;
if ($user != null && $user->checkPermissions(0, 0, 0, 1, 1)) {
// wenn ORDERER
redirectURI("/orderer/index.php");
}
if ($user != null && $user->checkPermissions(0, 0, 1)) {
// wenn USER
redirectURI("/user/index.php");
}
}
$LOG = new Log();
$tpl = new TemplateEngine("template/viewProduct.html", "template/frame.html", $lang["viewer_viewProduct"]);
$LOG->write('3', 'viewer/viewProduct.php');
$pID = $_GET['pID'];
$tpl->assign('ID', $pID);
//Produktdaten
$product_query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM products\n\t\t\t\tWHERE products_id = " . $pID . "\n\t\t\t\tAND deleted = 0\n\t\t\t\tORDER BY sort_order, name\n\t\t\t\t");
$product = DB_fetchArray($product_query);
$tpl->assign('name', $product['name']);
$tpl->assign('description', $product['description']);
//$tpl->assign('sort_order',$product['sort_order']);
$tpl->assign('active', $product['active']);
// zur Unterscheidung, ob anzeigbar, weiterhin mitliefern
$tpl->assign('image_small', $product['image_small']);
$tpl->assign('image_big', $product['image_big']);
$tpl->assign('stock', $product['stock']);
$tpl->assign('price', $product['price']);
$tpl->assign('is_admin', $isAdmin);
$tpl->display();
/**
* 模版传递变量信息
*
* @param $var
* @param null $value
*/
protected function assign($var, $value = null)
{
if (C('TEMPLATE_ENGINE_START')) {
parent::assign($var, $value);
} else {
$this->vars[$var] = $value;
}
}
