function edit_product_form($id) { global $LANG; if ($GLOBALS['me']) { if ($GLOBALS['me']->Stores > 0) { $product = \query\main::product_infos($id); if ($product->userID !== $GLOBALS['me']->ID) { return '<div class="info_form">' . $LANG['edit_prod_cant'] . '</div>'; } /* */ $product_image = $product->image; $form = '<div class="edit_product_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_product_form']) && \site\utils::check_csrf($_POST['edit_product_form']['csrf'], 'edit_coupon_csrf')) { $pd = \site\utils::validate_user_data($_POST['edit_product_form']); try { $post_info = \user\main::edit_product($id, $GLOBALS['me']->ID, $pd); $product_image = $post_info->image; $form .= '<div class="success">' . $LANG['edit_cou_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['edit_coupon_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#" enctype="multipart/form-data"> <div class="form_field"><label for="edit_product_form[store]">' . $LANG['submit_prod_addto'] . ':</label> <div><select name="edit_product_form[store]" id="edit_product_form[store]">'; foreach (stores_custom(array('user' => $GLOBALS['me']->ID, 'max' => 0)) as $v) { $form .= '<option value="' . $v->ID . '"' . (!isset($pd['store']) && $product->storeID == $v->ID || isset($pd['store']) && $pd['store'] == $v->ID ? ' selected' : '') . '>' . $v->name . '</option>'; } $form .= '</select></div> </div> <div class="form_field"><label for="edit_product_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_product_form[name]" id="edit_product_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $product->title) . '" placeholder="' . $LANG['submit_prod_name_ph'] . '" required /></div></div> <div class="form_field"><label for="edit_product_form[price]">' . $LANG['form_price'] . ':</label> <div><input type="text" name="edit_product_form[price]" id="edit_product_form[price]" value="' . (isset($pd['price']) ? $pd['price'] : (empty($product->price) ? '' : $product->price)) . '" placeholder="' . $LANG['submit_prod_price_ph'] . '" /></div></div> <div class="form_field"><label for="edit_product_form[old_price]">' . $LANG['form_old_price'] . ':</label> <div><input type="text" name="edit_product_form[old_price]" id="edit_product_form[old_price]" value="' . (isset($pd['old_price']) ? $pd['old_price'] : (empty($product->old_price) ? '' : $product->old_price)) . '" placeholder="' . $LANG['submit_prod_oldprice_ph'] . '" /></div></div> <div class="form_field"><label for="edit_product_form[currency]">' . $LANG['form_currency'] . ':</label> <div><input type="text" name="edit_product_form[currency]" id="edit_product_form[currency]" value="' . (isset($pd['currency']) ? $pd['currency'] : $product->currency) . '" /></div></div> <div class="form_field"><label for="edit_product_form[url]">' . $LANG['form_product_url'] . ':</label> <div><input type="text" name="edit_product_form[url]" id="edit_product_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $product->url) . '" placeholder="' . $LANG['submit_cou_url_ph'] . '" /></div></div> <div class="form_field"><label for="edit_product_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_product_form[description]" id="edit_product_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $product->description) . '</textarea></div></div> <div class="form_field"><label for="edit_product_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_product_form[tags]" id="edit_product_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $product->tags) . '" /></div></div> <div class="form_field"><label for="edit_product_form_image">' . $LANG['form_image'] . ':</label> <div><img src="' . product_avatar($product_image) . '" alt="" style="width:90px; height:90px;" /> <input type="file" name="edit_product_form_image" id="edit_product_form_image" /> <span>Note:* max width: 800px, max height: 800px.</span></div></div> <div class="form_field"><label for="edit_product_form[start]">' . $LANG['form_start_date'] . ':</label> <div><input type="date" name="edit_product_form[start]" id="edit_product_form[start]" value="' . (isset($pd['start']) ? $pd['start'] : date('Y-m-d', strtotime($product->start_date))) . '" style="width: 79%; margin-right: 1%;" /><input type="time" name="edit_product_form[start_hour]" value="' . (isset($pd['start_hour']) ? $pd['start_hour'] : date('H:i', strtotime($product->start_date))) . '" style="width: 20%" /></div></div> <div class="form_field"><label for="edit_product_form[end]">' . $LANG['form_end_date'] . ':</label> <div><input type="date" name="edit_product_form[end]" id="edit_product_form[end]" value="' . (isset($pd['end']) ? $pd['end'] : date('Y-m-d', strtotime($product->expiration_date))) . '" style="width: 79%; margin-right: 1%;" /><input type="time" name="edit_product_form[end_hour]" value="' . (isset($pd['end_hour']) ? $pd['end_hour'] : date('H:i', strtotime($product->expiration_date))) . '" style="width: 20%" /></div></div> <input type="hidden" name="edit_product_form[csrf]" value="' . $csrf . '" /> <button>' . $LANG['edit_prod_button'] . '</button> </form> </div>'; return $form; } else { return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>'; } } else { return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>'; } }
<?php /* PUT THE OBJECT INTO A GLOBAL VARIABLE */ $GLOBALS['item'] = \query\main::product_infos(0, array('update_views' => '')); $GLOBALS['exists'] = \query\main::product_exists(0, array('user_view' => '')); /* CHECK IF PRODUCT EXISTS */ function exists() { return $GLOBALS['exists']; } /* INFORMATIONS ABOUT PRODUCT */ function the_item() { return $GLOBALS['item']; } /* METATAGS - TITLE */ function meta_title() { if ($GLOBALS['exists'] > 0) { if (!empty($GLOBALS['item']->meta_title)) { $repl = array('%YEAR%' => date('Y'), '%MONTH%' => date('F')); return str_replace(array_keys($repl), array_values($repl), $GLOBALS['item']->meta_title); } else {
public static function delete_product_image($id) { global $db; if (!ab_to(array('products' => 'edit'))) { return false; } $id = (array) $id; $stmt = $db->stmt_init(); foreach ($id as $ID) { if (\query\main::product_exists($ID)) { $product = \query\main::product_infos($ID); $stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "products SET image = '' WHERE id = ?"); $stmt->bind_param("i", $ID); $stmt->execute(); if (!empty($product->image)) { @unlink(DIR . '/' . $product->image); } } } @$stmt->close(); return true; }
public static function edit_product($id, $user, $post) { global $db, $LANG; $post = array_map('trim', $post); if (!isset($post['store']) || !\query\main::have_store($post['store'], $user)) { throw new \Exception($LANG['msg_error']); // this error can appear only when user try to modify post data } else { if (!isset($post['name']) || trim($post['name']) == '') { throw new \Exception($LANG['edit_prod_writename']); } else { if (!isset($post['url']) || !empty($post['url']) && !preg_match('/(^http(s)?:\\/\\/)([a-zA-Z0-9-]{3,100}).([a-zA-Z]{2,12})/', $post['url'])) { throw new \Exception($LANG['edit_prod_writeurl']); } else { if (!isset($post['description']) || strlen($post['description']) < 10) { throw new \Exception($LANG['edit_prod_writedesc']); } else { $end = $post['end'] . ', ' . $post['end_hour']; $info = \query\main::product_infos($id); if (($end_unix = strtotime($post['end'])) > ($paid_until = strtotime($info->paid_until))) { $prices = prices('object'); $now_unix = strtotime('today 00:00'); // cost for this product $cost = (int) $prices->product * ceil(max(ceil(($end_unix - ($paid_until > $now_unix ? $paid_until : $now_unix)) / 86400), 1) / (int) $prices->product_max_days); // save cost until $paid_until = $end_unix; } else { // cost for this product $cost = 0; } if ($GLOBALS['me']->Credits < $cost) { throw new \Exception(sprintf($LANG['msg_notenoughpoints'], $cost, $GLOBALS['me']->Credits)); } $image = \site\images::upload($_FILES['edit_product_form_image'], 'product_', array('path' => '', 'max_size' => 1024, 'max_width' => 800, 'max_height' => 800, 'current' => $info->image)); $stmt = $db->stmt_init(); $stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "products SET store = ?, title = ?, link = ?, description = ?, tags = ?, image = ?, price = ?, old_price = ?, currency = ?, start = ?, expiration = ?, lastupdate_by = ?, lastupdate = NOW(), paid_until = FROM_UNIXTIME(?) WHERE id = ?"); $start = $post['start'] . ', ' . $post['start_hour']; if ($cost <= 0) { $paid_until = strtotime($info->paid_until); } $stmt->bind_param("isssssddsssisi", $post['store'], $post['name'], $post['url'], $post['description'], $post['tags'], $image, $post['price'], $post['old_price'], $post['currency'], $start, $end, $user, $paid_until, $id); $execute = $stmt->execute(); $stmt->close(); if ($execute) { // deduct credits \user\update::add_credits($GLOBALS['me']->ID, -$cost); return (object) array('image' => $image); } throw new \Exception($LANG['msg_error']); } } } } }
$infos = \query\main::store_infos($_GET['id']); $store = $infos->ID; $url = $infos->url; $type = 'Store'; $typeID = (int) $_GET['id']; } else { if (isset($_GET['coupon'])) { $infos = \query\main::item_infos($_GET['coupon']); $store = $infos->storeID; $coupon = $infos->ID; $url = $infos->url; $type = 'Coupon'; $typeID = (int) $_GET['coupon']; } else { if (isset($_GET['product'])) { $infos = \query\main::product_infos($_GET['product']); $store = $infos->storeID; $product = $infos->ID; $url = $infos->url; $type = 'Product'; $typeID = (int) $_GET['product']; } } } // prepare URL for traking $ID_replace = $GLOBALS['me'] ? $GLOBALS['me']->ID : 'UNL'; $url = str_ireplace(array('{TYPE}', '{UID}', '{ID}', '_mystore365_track_id_'), array($type, $ID_replace, $typeID, $type . '_' . $ID_replace . '_' . $typeID), $url); $stmt = $db->stmt_init(); $stmt->prepare("SELECT COUNT(*) FROM " . DB_TABLE_PREFIX . "click WHERE store = ? AND coupon = ? AND product = ? AND ipaddr = ? AND date > DATE_ADD(NOW(), INTERVAL -5 MINUTE)"); $stmt->bind_param("iiis", $store, $coupon, $product, $myIP); $stmt->execute();
} echo '</ul> </div>'; } echo '<a href="?route=products.php&action=list" class="btn">' . $LANG['products_view'] . '</a> </div>'; if (!empty($LANG['products_edit_subtitle'])) { echo '<span>' . $LANG['products_edit_subtitle'] . '</span>'; } echo '</div>'; if ($item_exists) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'products_csrf')) { if (isset($_POST['store']) && isset($_POST['category']) && isset($_POST['name']) && isset($_POST['price']) && isset($_POST['old_price']) && isset($_POST['currency']) && isset($_POST['description']) && isset($_POST['tags']) && isset($_POST['reward_points']) && isset($_POST['start']) && isset($_POST['end']) && isset($_POST['meta_title']) && isset($_POST['meta_desc'])) { if (actions::edit_product($_GET['id'], array('store' => $_POST['store'], 'image_url' => $_POST['image_url'], 'category' => $_POST['category'], 'popular' => isset($_POST['popular']) ? 1 : 0, 'name' => $_POST['name'], 'price' => $_POST['price'], 'old_price' => $_POST['old_price'], 'currency' => strtoupper($_POST['currency']), 'link' => !isset($_POST['product_ownlink']) && isset($_POST['link']) && filter_var($_POST['link'], FILTER_VALIDATE_URL) ? $_POST['link'] : '', 'description' => $_POST['description'], 'tags' => $_POST['tags'], 'cashback' => $_POST['reward_points'], 'start' => $_POST['start']['date'] . ', ' . $_POST['start']['hour'], 'end' => $_POST['end']['date'] . ', ' . $_POST['end']['hour'], 'publish' => isset($_POST['publish']) ? 1 : 0, 'meta_title' => $_POST['meta_title'], 'meta_desc' => $_POST['meta_desc']))) { $info = \query\main::product_infos($_GET['id']); echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (isset($_GET['type']) && isset($_GET['token']) && check_csrf($_GET['token'], 'products_csrf')) { if ($_GET['type'] == 'delete_image') { if (isset($_GET['id'])) { if (actions::delete_product_image($_GET['id'])) { $info->image = ''; echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; }