Exemple #1
0
 function eshop_checkout($espost)
 {
     $espost = stripslashes_deep($espost);
     global $blog_id, $eshopoptions, $wpdb;
     $contineproceed = '1';
     //cache
     eshop_cache();
     $echoit = '';
     include_once ABSPATH . 'wp-includes/wp-db.php';
     include_once WP_PLUGIN_DIR . "/eshop/cart-functions.php";
     if (isset($espost['eshop_payment'])) {
         $_SESSION['eshop_payment' . $blog_id] = preg_replace('/[^a-zA-Z0-9\\-_]/', '', $espost['eshop_payment']);
     }
     if (!isset($_SESSION['eshop_payment' . $blog_id])) {
         $paymentmethod = 'paypal';
     } else {
         $paymentmethod = $_SESSION['eshop_payment' . $blog_id];
     }
     //left over from previous script, leaving in just in case another payment method is used.
     $chkerror = 0;
     $numberofproducts = 0;
     //filter for plugin merchant gateways
     $eshopmgincpath = apply_filters('eshop_mg_inc_path', WP_PLUGIN_DIR . '/eshop/' . $paymentmethod . '.php', $paymentmethod);
     // if everything went ok do the following, hopefully the rest won't happen!
     if (isset($_GET['eshopaction'])) {
         if ($_GET['eshopaction'] == 'success') {
             include_once $eshopmgincpath;
         }
     }
     //filter for plugin merchant gateways
     $eshopmgincidxpath = apply_filters('eshop_mg_inc_idx_path', WP_PLUGIN_DIR . '/eshop/' . $paymentmethod . '/index.php', $paymentmethod);
     if (file_exists($eshopmgincidxpath)) {
         include_once $eshopmgincidxpath;
     }
     if (isset($_SESSION['eshopcart' . $blog_id])) {
         $shopcart = $_SESSION['eshopcart' . $blog_id];
         $numberofproducts = sizeof($_SESSION['eshopcart' . $blog_id]);
         /* unused code?
         			$productsandqty='';
         			while (list ($product, $amount) = each ($_SESSION['eshopcart'.$blog_id])){
         				$productsandqty.=" $product-$amount";
         				$productsandqty=trim($productsandqty);
         			}
         			*/
         $keys = array_keys($_SESSION['eshopcart' . $blog_id]);
         $productidkeys = implode(",", $keys);
         $productidkeys = trim($productidkeys);
         //reqd for shipping - finds the correct state for working out shipping, and set things up for later usage.
         if (isset($espost['ship_name'])) {
             if ($espost['ship_name'] != '' || $espost['ship_address'] != '' || $espost['ship_city'] != '' || $espost['ship_postcode'] != '' || $espost['ship_company'] != '' || $espost['ship_phone'] != '' || $espost['ship_country'] != '' || $espost['ship_state'] != '') {
                 if ($espost['ship_name'] == '') {
                     $espost['ship_name'] = $espost['first_name'] . " " . $espost['last_name'];
                 }
                 if ($espost['ship_company'] == '') {
                     $espost['ship_company'] = $espost['company'];
                 }
                 if ($espost['ship_phone'] == '') {
                     $espost['ship_phone'] = $espost['phone'];
                 }
                 if ($espost['ship_address'] == '') {
                     $espost['ship_address'] = $espost['address1'];
                     if ($espost['address2'] != '') {
                         $espost['ship_address'] .= ", " . $espost['address2'];
                     }
                 }
                 if ($espost['ship_city'] == '') {
                     $espost['ship_city'] = $espost['city'];
                 }
                 if ($espost['ship_postcode'] == '') {
                     $espost['ship_postcode'] = $espost['zip'];
                 }
                 if ($espost['ship_country'] == '') {
                     $espost['ship_country'] = $espost['country'];
                 }
                 if ($espost['ship_state'] == '') {
                     $espost['ship_state'] = $espost['state'];
                 }
                 if ($espost['ship_altstate'] == '') {
                     $espost['ship_altstate'] = $espost['altstate'];
                 }
             } else {
                 $espost['ship_name'] = $espost['first_name'] . " " . $espost['last_name'];
                 $espost['ship_company'] = $espost['company'];
                 $espost['ship_phone'] = $espost['phone'];
                 if ($espost['ship_address'] == '') {
                     $espost['ship_address'] = $espost['address1'];
                     if ($espost['address2'] != '') {
                         $espost['ship_address'] .= ", " . $espost['address2'];
                     }
                 }
                 $espost['ship_city'] = $espost['city'];
                 $espost['ship_postcode'] = $espost['zip'];
                 $espost['ship_country'] = $espost['country'];
                 $espost['ship_state'] = $espost['state'];
                 $espost['ship_altstate'] = $espost['altstate'];
             }
             $tablecountries = $wpdb->prefix . 'eshop_countries';
             $tablestates = $wpdb->prefix . 'eshop_states';
             $shippingzone = $eshopoptions['shipping_zone'];
             if (isset($espost['eshop_shiptype']) && $espost['eshop_shiptype'] != '0') {
                 $sztype = $espost['eshop_shiptype'];
                 $shippingzone = $wpdb->get_var("SELECT area FROM " . $wpdb->prefix . "eshop_rates WHERE rate_type='ship_weight' && class='{$sztype}' LIMIT 1");
             }
             $pzoneid = '';
             //$eshopoptions['unknown_state'];
             if ($shippingzone == 'country') {
                 if (isset($espost['ship_country']) && $espost['ship_country'] != '') {
                     $pzoneid = $espost['ship_country'];
                 } elseif (isset($espost['country']) && $espost['country'] != '') {
                     $pzoneid = $espost['country'];
                 }
                 $pzone = $wpdb->get_var("SELECT zone FROM {$tablecountries} WHERE code='{$pzoneid}' LIMIT 1");
             } else {
                 if (isset($espost['state']) && $espost['state'] != '') {
                     $pzoneid = $espost['state'];
                 }
                 if (isset($espost['ship_state']) && $espost['ship_state'] != '') {
                     $pzoneid = $espost['ship_state'];
                 }
                 $pzone = $wpdb->get_var("SELECT zone FROM {$tablestates} WHERE id='{$pzoneid}' LIMIT 1");
                 if (isset($espost['altstate']) && $espost['altstate'] != '') {
                     $pzone = $eshopoptions['unknown_state'];
                 }
                 if (isset($espost['ship_altstate']) && $espost['ship_altstate'] != '') {
                     $pzone = $eshopoptions['unknown_state'];
                 }
             }
             $_SESSION['shiptocountry' . $blog_id] = $eshopoptions['location'];
             if (isset($espost['ship_country']) && $espost['ship_country'] != '') {
                 $_SESSION['shiptocountry' . $blog_id] = $espost['ship_country'];
             } elseif (isset($espost['country']) && $espost['country'] != '') {
                 $_SESSION['shiptocountry' . $blog_id] = $espost['country'];
             }
         } else {
             $pzoneid = '';
             //$eshopoptions['unknown_state'];
             $tablecountries = $wpdb->prefix . 'eshop_countries';
             $tablestates = $wpdb->prefix . 'eshop_states';
             $shippingzone = $eshopoptions['shipping_zone'];
             if (isset($espost['eshop_shiptype'])) {
                 $sztype = $espost['eshop_shiptype'];
                 $shippingzone = $wpdb->get_var("SELECT area FROM " . $wpdb->prefix . "eshop_rates WHERE rate_type='ship_weight' && class='{$sztype}' LIMIT 1");
             }
             if ($shippingzone == 'country') {
                 if (isset($espost['ship_country']) && $espost['ship_country'] != '') {
                     $pzoneid = $espost['ship_country'];
                 } elseif (isset($espost['country']) && $espost['country'] != '') {
                     $pzoneid = $espost['country'];
                 }
                 $pzone = $wpdb->get_var("SELECT zone FROM {$tablecountries} WHERE code='{$pzoneid}' LIMIT 1");
             } else {
                 if (isset($espost['ship_state']) && $espost['ship_state'] != '') {
                     $pzoneid = $espost['ship_state'];
                 }
                 if (isset($espost['state']) && $espost['state'] != '') {
                     $pzoneid = $espost['state'];
                 }
                 $pzone = $wpdb->get_var("SELECT zone FROM {$tablestates} WHERE id='{$pzoneid}' LIMIT 1");
                 if (isset($espost['altstate']) && $espost['altstate'] != '') {
                     $pzone = $eshopoptions['unknown_state'];
                 }
                 if (isset($espost['ship_altstate']) && $espost['ship_altstate'] != '') {
                     $pzone = $eshopoptions['unknown_state'];
                 }
             }
         }
         //
         $shiparray = array();
         $eshopcartarray = $_SESSION['eshopcart' . $blog_id];
         foreach ($eshopcartarray as $productid => $opt) {
             if (is_array($opt)) {
                 switch ($eshopoptions['shipping']) {
                     case '1':
                         //( per quantity of 1, prices reduced for additional items )
                         for ($i = 1; $i <= $opt['qty']; $i++) {
                             array_push($shiparray, $opt["pclas"]);
                         }
                         break;
                     case '2':
                         //( once per shipping class no matter what quantity is ordered )
                         if (!in_array($opt["pclas"], $shiparray)) {
                             array_push($shiparray, $opt["pclas"]);
                         }
                         break;
                     case '3':
                         //( one overall charge no matter how many are ordered )
                         if (!in_array($opt["pclas"], $shiparray)) {
                             if ($opt["pclas"] != 'F') {
                                 array_push($shiparray, 'A');
                             }
                         }
                         break;
                     case '4':
                         //( weight )
                         if (isset($espost['eshop_shiptype'])) {
                             unset($shiparray);
                             $shiparray = $espost['eshop_shiptype'];
                         }
                         break;
                 }
             }
         }
         //need an extra check
         if ($eshopoptions['shipping'] == '4' && 'no' == $eshopoptions['downloads_only'] && isset($espost['submit']) && !isset($espost['eshop_shiptype']) && !eshop_only_downloads()) {
             $pzone = '';
         }
         //need to check the discount codes here as well:
         if (eshop_discount_codes_check()) {
             $_SESSION['eshop_discount' . $blog_id] = '';
             unset($_SESSION['eshop_discount' . $blog_id]);
             if (isset($espost['eshop_discount']) && $espost['eshop_discount'] != '') {
                 $chkcode = valid_eshop_discount_code($espost['eshop_discount']);
                 if ($chkcode) {
                     $_SESSION['eshop_discount' . $blog_id] = $espost['eshop_discount'];
                 }
             }
         }
         //show the cart
         if (isset($_GET['eshopaction']) && $_GET['eshopaction'] != 'redirect' || !isset($_GET['eshopaction'])) {
             $echoit .= display_cart($_SESSION['eshopcart' . $blog_id], false, $eshopoptions['checkout'], $pzone, $shiparray);
         }
     }
     $error = '';
     if (isset($espost['submit'])) {
         //form handling
         foreach ($espost as $key => $value) {
             $key = $value;
         }
         //setupshipping arrays
         $reqdvalues = array('shipping', 'first_name', 'last_name', 'email', 'phone', 'address', 'city', 'zip', 'pay');
         if ($eshopoptions['shipping'] != '4') {
             if ($eshopoptions['shipping_zone'] == 'country') {
                 $reqdvalues[] = 'country';
             } else {
                 $reqdvalues[] = 'state';
             }
         } else {
             $creqd = '';
             $dtable = $wpdb->prefix . 'eshop_rates';
             $query = $wpdb->get_results("SELECT DISTINCT(area) from {$dtable} where rate_type='ship_weight'");
             foreach ($query as $k) {
                 $reqdvalues[] = $k->area;
             }
         }
         $linkattr = apply_filters('eShopCheckoutLinksAttr', '');
         $reqdarray = apply_filters('eshopCheckoutReqd', $reqdvalues);
         if ($eshopoptions['shipping'] == '4' && 'no' == $eshopoptions['downloads_only'] && !isset($espost['eshop_shiptype']) && !eshop_only_downloads()) {
             $error .= '<li>' . __('<strong>Shipping</strong> - not selected.', 'eshop') . '</li>';
         }
         if (isset($espost['first_name'])) {
             $valid = checkAlpha($espost['first_name']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'first_name')) {
                 $error .= '<li>' . __('<strong>First name</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['last_name'])) {
             $valid = checkAlpha($espost['last_name']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'last_name')) {
                 $error .= '<li>' . __('<strong>Last name</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['email'])) {
             $valid = checkEmail($espost['email']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'email')) {
                 $error .= '<li>' . __('<strong>Email address</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['phone'])) {
             $valid = checkPhone($espost['phone']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'phone')) {
                 $error .= '<li>' . __('<strong>Phone Number</strong> - missing or incorrect', 'eshop') . '.</li>';
             }
         }
         if (isset($espost['address1'])) {
             $valid = checkAlpha($espost['address1']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'address')) {
                 $error .= '<li>' . __('<strong>Address</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['city'])) {
             $valid = checkAlpha($espost['city']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'city')) {
                 $error .= '<li>' . __('<strong>City or town</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (eshop_checkreqd($reqdarray, 'state')) {
             if (isset($espost['state']) && $espost['state'] == '' && $espost['altstate'] == '') {
                 $error .= '<li>' . __('<strong>State/County/Province</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (eshop_checkreqd($reqdarray, 'country')) {
             if (isset($espost['country'])) {
                 $valid = checkAlpha($espost['country']);
                 if ($valid == FALSE) {
                     $error .= '<li>' . __('<strong>Country</strong> - missing or incorrect.', 'eshop') . '</li>';
                 }
             }
         }
         if (isset($espost['country']) && $espost['country'] == 'US' && $espost['state'] == '' && $espost['altstate'] == '') {
             //must pick a state for US deliveries
             $error .= '<li>' . __('<strong><abbr title="United States">US</abbr> State</strong> - missing or incorrect.', 'eshop') . '</li>';
         }
         if (isset($espost['zip'])) {
             $valid = checkAlphaNum($espost['zip']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'zip')) {
                 $error .= '<li>' . __('<strong>Zip/Post code</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['reference'])) {
             if ($espost['reference'] == '' && eshop_checkreqd($reqdarray, 'ref')) {
                 $error .= '<li>' . __('<strong>Reference</strong> - missing.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['comments'])) {
             if ($espost['comments'] == '' && eshop_checkreqd($reqdarray, 'comments')) {
                 $error .= '<li>' . __('<strong>Comments</strong> - missing.', 'eshop') . '</li>';
             }
         }
         if (isset($eshopoptions['users']) && $eshopoptions['users'] == 'yes' && !is_user_logged_in()) {
             if (!isset($espost['eshop_users']) && eshop_checkreqd($reqdarray, 'signup')) {
                 $error .= '<li>' . __('<strong>Sign Up</strong> - not checked.', 'eshop') . '</li>';
             }
         }
         //add in error checking for any new values here
         $temperror = apply_filters('eshoperrorcheckout', $espost);
         if (!is_array($temperror)) {
             $error .= $temperror;
         }
         ////////////////////////////////////////////////
         if ('yes' == $eshopoptions['tandc_use']) {
             if (!isset($espost['eshop_tandc'])) {
                 $error .= '<li><strong>' . $eshopoptions['tandc'] . '</strong>' . __(' - not checked.', 'eshop') . '</li>';
             }
         }
         if (!isset($espost['eshop_payment'])) {
             $error .= '<li>' . __('You have not chosen a <strong>payment option</strong>.', 'eshop') . '</li>';
         }
         if (eshop_discount_codes_check()) {
             $_SESSION['eshop_discount' . $blog_id] = '';
             unset($_SESSION['eshop_discount' . $blog_id]);
             if (isset($espost['eshop_discount']) && $espost['eshop_discount'] != '') {
                 $chkcode = valid_eshop_discount_code($espost['eshop_discount']);
                 if (!$chkcode) {
                     $error .= '<li>' . __('<strong>Discount Code</strong> - is not valid.', 'eshop') . '</li>';
                 } else {
                     $_SESSION['eshop_discount' . $blog_id] = $espost['eshop_discount'];
                 }
             }
         }
         if (isset($eshopoptions['users']) && $eshopoptions['users'] == 'yes' && isset($espost['eshop_users']) && !is_user_logged_in()) {
             $_SESSION['eshop_user' . $blog_id] = '1';
         }
         if ($error != '') {
             $echoit .= "<p><strong class=\"eshoperror error\">" . __('There were some errors in the details you entered&#8230;', 'eshop') . "</strong></p><ul class=\"eshoperrors errors\">" . $error . '</ul>';
             $first_name = $last_name = $company = $phone = $reference = '';
             $email = $address1 = $address2 = $city = $country = '';
             $state = $altstate = $zip = $ship_name = $ship_company = '';
             $ship_phone = $ship_address = $ship_city = $ship_postcode = '';
             $ship_country = $ship_state = $ship_altstate = $comments = '';
             if (isset($espost['first_name'])) {
                 $first_name = $espost['first_name'];
             }
             if (isset($espost['last_name'])) {
                 $last_name = $espost['last_name'];
             }
             if (isset($espost['phone'])) {
                 $phone = $espost['phone'];
             }
             if (isset($espost['reference'])) {
                 $reference = $espost['reference'];
             }
             if (isset($espost['email'])) {
                 $email = $espost['email'];
             }
             if (isset($espost['address1'])) {
                 $address1 = $espost['address1'];
             }
             if (isset($espost['address2'])) {
                 $address2 = $espost['address2'];
             }
             if (isset($espost['city'])) {
                 $city = $espost['city'];
             }
             if (isset($espost['country'])) {
                 $country = $espost['country'];
             }
             if (isset($espost['state'])) {
                 $state = $espost['state'];
             }
             if (isset($espost['altstate'])) {
                 $altstate = $espost['altstate'];
             }
             if (isset($espost['zip'])) {
                 $zip = $espost['zip'];
             }
             if (isset($espost['ship_name'])) {
                 $ship_name = $espost['ship_name'];
             }
             if (isset($espost['ship_company'])) {
                 $ship_company = $espost['ship_company'];
             }
             if (isset($espost['ship_phone'])) {
                 $ship_phone = $espost['ship_phone'];
             }
             if (isset($espost['ship_address'])) {
                 $ship_address = $espost['ship_address'];
             }
             if (isset($espost['ship_city'])) {
                 $ship_city = $espost['ship_city'];
             }
             if (isset($espost['ship_country'])) {
                 $ship_country = $espost['ship_country'];
             }
             if (isset($espost['ship_state'])) {
                 $ship_state = $espost['ship_state'];
             }
             if (isset($espost['ship_altstate'])) {
                 $ship_altstate = $espost['ship_altstate'];
             }
             if (isset($espost['ship_postcode'])) {
                 $ship_postcode = $espost['ship_postcode'];
             }
             if (isset($espost['comments'])) {
                 $comments = $espost['comments'];
             }
             $chkerror = '1';
         } else {
             if (!isset($_GET['eshopaction'])) {
                 $shipping = 0;
                 $echoit .= "<div class=\"hr\"></div><div class=\"eshopcheckoutconf\"><h3>" . __('<span class="noprint">Please Confirm </span>Your Details', 'eshop') . '</h3>';
                 // create a custom id, and shove details in database
                 $date = date('YmdHis');
                 $_SESSION['date' . $blog_id] = $date;
                 $fprice = number_format($_SESSION['final_price' . $blog_id], 2, '.', '');
                 $espost['amount'] = $fprice;
                 $espost['custom'] = $date;
                 $espost['numberofproducts'] = sizeof($_SESSION['eshopcart' . $blog_id]);
                 //shipping
                 if (isset($_SESSION['shipping' . $blog_id])) {
                     $shipping = eshopShipTaxAmt();
                 }
                 //discount shipping
                 if (is_shipfree(calculate_total())) {
                     $shipping = 0;
                 }
                 //shipping
                 $espost['shipping_1'] = $shipping;
                 $ctable = $wpdb->prefix . 'eshop_countries';
                 $stable = $wpdb->prefix . 'eshop_states';
                 if ('no' == $eshopoptions['downloads_only']) {
                     $echoit .= '<h4>' . __('Mailing Address', 'eshop') . '</h4><ul class="eshop confirm">';
                 } else {
                     $echoit .= '<h4>' . __('Contact Details', 'eshop') . '</h4><ul class="eshop confirm">';
                 }
                 $echoit .= "<li><span class=\"items fullname\">" . __('Full name:', 'eshop') . "</span> " . $espost['first_name'] . " " . $espost['last_name'] . "</li>\n";
                 if ('no' == $eshopoptions['downloads_only']) {
                     $echoit .= "<li class=\"company\"><span class=\"items\">" . __('Company:', 'eshop') . "</span> " . $espost['company'] . "</li>\n";
                 }
                 $echoit .= "<li class=\"email\"><span class=\"items\">" . __('Email:', 'eshop') . "</span> " . $espost['email'] . "</li>\n";
                 if ('no' == $eshopoptions['downloads_only']) {
                     $echoit .= "<li class=\"phone\"><span class=\"items\">" . __('Phone:', 'eshop') . "</span> " . $espost['phone'] . "</li>\n";
                     $echoit .= "<li class=\"address\"><span class=\"items\">" . __('Address:', 'eshop') . "</span> " . $espost['address1'] . " " . $espost['address2'] . "</li>\n";
                     $echoit .= "<li class=\"city\"><span class=\"items\">" . __('City or town:', 'eshop') . "</span> " . $espost['city'] . "</li>\n";
                     $qcode = $wpdb->escape($espost['state']);
                     $qstate = $wpdb->get_var("SELECT stateName FROM {$stable} WHERE id='{$qcode}' limit 1");
                     if ($espost['altstate'] != '') {
                         $echoit .= "<li class=\"state\"><span class=\"items\">" . __('State/County/Province:', 'eshop') . "</span> " . $espost['altstate'] . "</li>\n";
                     } elseif ($qstate != '') {
                         $echoit .= "<li class=\"state\"><span class=\"items\">" . __('State/County/Province:', 'eshop') . "</span> " . $qstate . "</li>\n";
                     }
                     $echoit .= "<li class=\"zip\"><span class=\"items\">" . __('Zip/Post code:', 'eshop') . "</span> " . $espost['zip'] . "</li>\n";
                     $qccode = $wpdb->escape($espost['country']);
                     $qcountry = $wpdb->get_var("SELECT country FROM {$ctable} WHERE code='{$qccode}' limit 1");
                     $echoit .= "<li class=\"country\"><span class=\"items\">" . __('Country:', 'eshop') . "</span> " . $qcountry . "</li>\n";
                 }
                 $echoit .= "</ul>\n";
                 //
                 $temp = apply_filters('eshopconfcheckout', $espost);
                 if (!is_array($temp)) {
                     $echoit .= $temp;
                 }
                 //
                 if (!isset($espost['reference'])) {
                     $espost['reference'] = '';
                 }
                 if (!isset($espost['comments'])) {
                     $espost['comments'] = '';
                 }
                 if (trim($espost['reference']) != '' && trim($espost['comments']) == '') {
                     $echoit .= "<div class=\"eshop fld3\"><h4>" . __('Additional information', 'eshop') . "</h4>\n<ul class=\"eshop confirmref\">\n";
                     $echoit .= '<li><span class="items">' . __('Reference or <abbr title="Purchase Order number">PO</abbr>', 'eshop') . '</span> ' . $espost['reference'] . '</li>' . "\n";
                     $echoit .= '</ul></div>' . "\n";
                 }
                 if (trim($espost['reference']) == '' && trim($espost['comments']) != '') {
                     $echoit .= "<div class=\"eshop fld3\"><h4>" . __('Additional information', 'eshop') . "</h4>\n<ul class=\"eshop confirmref\">\n";
                     $echoit .= '<li><span class="items">' . __('Comments or instructions:', 'eshop') . '</span> ' . $espost['comments'] . '</li>' . "\n";
                     $echoit .= '</ul></div>' . "\n";
                 }
                 if (trim($espost['reference']) != '' && trim($espost['comments']) != '') {
                     $echoit .= "<div class=\"eshop fld3\"><h4>" . __('Additional information', 'eshop') . "</h4>\n<ul class=\"eshop confirmref\">\n";
                     $echoit .= '<li><span class="items">' . __('Reference or PO:', 'eshop') . '</span> ' . $espost['reference'] . '</li>' . "\n";
                     $echoit .= '<li><span class="items">' . __('Comments or instructions:', 'eshop') . '</span> ' . $espost['comments'] . '</li>' . "\n";
                     $echoit .= '</ul></div>' . "\n";
                 }
                 if ('no' == $eshopoptions['downloads_only']) {
                     if ('yes' != $eshopoptions['hide_shipping']) {
                         if ($espost['ship_name'] != '' || $espost['ship_address'] != '' || $espost['ship_city'] != '' || $espost['ship_postcode'] != '') {
                             $echoit .= "<div class=\"eshop fld4\"><h4>" . __('Shipping Address', 'eshop') . "</h4>\n<ul class=\"eshop confirmship\">\n";
                             $echoit .= "<li><span class=\"items\">" . __('Full name:', 'eshop') . "</span> " . $espost['ship_name'] . "</li>\n";
                             $echoit .= "<li class=\"ship_company\"><span class=\"items\">" . __('Company:', 'eshop') . "</span> " . $espost['ship_company'] . "</li>\n";
                             $echoit .= "<li><span class=\"items\">" . __('Phone:', 'eshop') . "</span> " . $espost['ship_phone'] . "</li>\n";
                             $echoit .= "<li><span class=\"items\">" . __('Address:', 'eshop') . "</span> " . $espost['ship_address'] . "</li>\n";
                             $echoit .= "<li><span class=\"items\">" . __('City or town:', 'eshop') . "</span> " . $espost['ship_city'] . "</li>\n";
                             $qcode = $wpdb->escape($espost['ship_state']);
                             $qstate = $wpdb->get_var("SELECT stateName FROM {$stable} WHERE id='{$qcode}' limit 1");
                             if ($espost['ship_altstate'] != '') {
                                 $echoit .= "<li class=\"ship_state\"><span class=\"items\">" . __('State/County/Province:', 'eshop') . "</span> " . $espost['ship_altstate'] . "</li>\n";
                             } elseif ($qstate != '') {
                                 $echoit .= "<li class=\"ship_state\"><span class=\"items\">" . __('State/County/Province:', 'eshop') . "</span> " . $qstate . "</li>\n";
                             }
                             $echoit .= "<li><span class=\"items\">" . __('Zip/Post code:', 'eshop') . "</span> " . $espost['ship_postcode'] . "</li>\n";
                             $qccode = $wpdb->escape($espost['ship_country']);
                             $qcountry = $wpdb->get_var("SELECT country FROM {$ctable} WHERE code='{$qccode}' limit 1");
                             $echoit .= "<li class=\"shipcountry\"><span class=\"items\">" . __('Country:', 'eshop') . "</span> " . $qcountry . "</li>\n";
                             $echoit .= "</ul></div>\n";
                         }
                     }
                 }
                 $echoit .= "\n";
                 $echoit .= "</div>\n";
             }
             //add to a session to store address:
             $_SESSION['addy' . $blog_id]['first_name'] = $espost['first_name'];
             $_SESSION['addy' . $blog_id]['last_name'] = $espost['last_name'];
             $_SESSION['addy' . $blog_id]['email'] = $espost['email'];
             if (isset($espost['company'])) {
                 $_SESSION['addy' . $blog_id]['company'] = $espost['company'];
             } else {
                 $_SESSION['addy' . $blog_id]['company'] = '';
             }
             if (isset($espost['phone'])) {
                 $_SESSION['addy' . $blog_id]['phone'] = $espost['phone'];
             } else {
                 $_SESSION['addy' . $blog_id]['phone'] = '';
             }
             if (isset($espost['reference'])) {
                 $_SESSION['addy' . $blog_id]['reference'] = $espost['reference'];
             } else {
                 $_SESSION['addy' . $blog_id]['reference'] = '';
             }
             if (isset($espost['address1'])) {
                 $_SESSION['addy' . $blog_id]['address1'] = $espost['address1'];
             } else {
                 $_SESSION['addy' . $blog_id]['address1'] = '';
             }
             if (isset($espost['address2'])) {
                 $_SESSION['addy' . $blog_id]['address2'] = $espost['address2'];
             } else {
                 $_SESSION['addy' . $blog_id]['address2'] = '';
             }
             if (isset($espost['city'])) {
                 $_SESSION['addy' . $blog_id]['city'] = $espost['city'];
             }
             if (isset($espost['country'])) {
                 $_SESSION['addy' . $blog_id]['country'] = $espost['country'];
             } else {
                 $_SESSION['addy' . $blog_id]['country'] = '';
             }
             if (isset($espost['state'])) {
                 $_SESSION['addy' . $blog_id]['state'] = $espost['state'];
             } else {
                 $_SESSION['addy' . $blog_id]['state'] = '';
             }
             if (isset($espost['altstate']) && $espost['altstate'] != '') {
                 $_SESSION['addy' . $blog_id]['state'] = $espost['altstate'];
             }
             if (isset($espost['zip'])) {
                 $_SESSION['addy' . $blog_id]['zip'] = $espost['zip'];
             } else {
                 $_SESSION['addy' . $blog_id]['zip'] = '';
             }
             if (isset($espost['ship_name'])) {
                 $_SESSION['addy' . $blog_id]['ship_name'] = $espost['ship_name'];
                 $_SESSION['addy' . $blog_id]['ship_company'] = $espost['ship_company'];
                 $_SESSION['addy' . $blog_id]['ship_phone'] = $espost['ship_phone'];
                 $_SESSION['addy' . $blog_id]['ship_address'] = $espost['ship_address'];
                 $_SESSION['addy' . $blog_id]['ship_city'] = $espost['ship_city'];
                 $_SESSION['addy' . $blog_id]['ship_country'] = $espost['ship_country'];
                 $_SESSION['addy' . $blog_id]['ship_state'] = $espost['ship_state'];
                 if (isset($espost['ship_altstate']) && $espost['ship_altstate'] != '') {
                     $_SESSION['addy' . $blog_id]['ship_state'] = $espost['ship_altstate'];
                 }
                 $_SESSION['addy' . $blog_id]['ship_postcode'] = $espost['ship_postcode'];
             }
             if (isset($espost['comments'])) {
                 $_SESSION['addy' . $blog_id]['comments'] = $espost['comments'];
             } else {
                 $_SESSION['addy' . $blog_id]['comments'] = '';
             }
             if (!isset($_SESSION['shipping' . $blog_id])) {
                 $_SESSION['shipping' . $blog_id]['cost'] = $shipping;
             }
             //grab all the POST variables and store in cookie
             $array = $espost;
             //but first make a few extra equal nothing
             //add others in here if needed
             $array['comments'] = $array['reference'] = '';
             $eshopsetcookie = apply_filters('eshop_use_cookie', true);
             if ($eshopsetcookie == true) {
                 $biscuits = eshop_build_cookie($array);
                 setcookie("eshopcart", $biscuits, time() + 60 * 60 * 24 * 365);
             }
             $eshopmgincpath = apply_filters('eshop_mg_inc_path', WP_PLUGIN_DIR . '/eshop/' . $paymentmethod . '.php', $paymentmethod);
             include_once $eshopmgincpath;
             $contineproceed = '3';
         }
     } else {
         //for first time form usage.
         if (isset($_SESSION['addy' . $blog_id])) {
             $first_name = $_SESSION['addy' . $blog_id]['first_name'];
             $last_name = $_SESSION['addy' . $blog_id]['last_name'];
             $company = $_SESSION['addy' . $blog_id]['company'];
             $phone = $_SESSION['addy' . $blog_id]['phone'];
             $reference = $_SESSION['addy' . $blog_id]['reference'];
             $email = $_SESSION['addy' . $blog_id]['email'];
             $address1 = $_SESSION['addy' . $blog_id]['address1'];
             $address2 = $_SESSION['addy' . $blog_id]['address2'];
             $city = '';
             if (isset($_SESSION['addy' . $blog_id]['city'])) {
                 $city = $_SESSION['addy' . $blog_id]['city'];
             }
             $country = $_SESSION['addy' . $blog_id]['country'];
             $state = $_SESSION['addy' . $blog_id]['state'];
             if (!is_numeric($state)) {
                 $li = $wpdb->escape($state);
                 $table = $wpdb->prefix . 'eshop_states';
                 $stateList = $wpdb->get_var("SELECT id FROM {$table} WHERE code='{$li}' limit 1");
                 $state = $stateList;
             }
             if (isset($_SESSION['addy' . $blog_id]['altstate'])) {
                 $altstate = $_SESSION['addy' . $blog_id]['altstate'];
             } else {
                 $altstate = '';
             }
             $zip = $_SESSION['addy' . $blog_id]['zip'];
             /* defaults */
             $ship_name = $ship_company = '';
             $ship_phone = $ship_address = $ship_city = $ship_postcode = '';
             $ship_country = $ship_state = $ship_altstate = $comments = '';
             if (isset($_SESSION['addy' . $blog_id]['ship_name'])) {
                 $ship_name = $_SESSION['addy' . $blog_id]['ship_name'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_company'])) {
                 $ship_company = $_SESSION['addy' . $blog_id]['ship_company'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_phone'])) {
                 $ship_phone = $_SESSION['addy' . $blog_id]['ship_phone'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_address'])) {
                 $ship_address = $_SESSION['addy' . $blog_id]['ship_address'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_city'])) {
                 $ship_city = $_SESSION['addy' . $blog_id]['ship_city'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_country'])) {
                 $ship_country = $_SESSION['addy' . $blog_id]['ship_country'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_state'])) {
                 $ship_state = $_SESSION['addy' . $blog_id]['ship_state'];
                 if (!is_numeric($ship_state)) {
                     $li = $wpdb->escape($ship_state);
                     $table = $wpdb->prefix . 'eshop_states';
                     $stateSList = $wpdb->get_var("SELECT id FROM {$table} WHERE code='{$li}' limit 1");
                     $ship_state = $stateSList;
                 }
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_altstate'])) {
                 $ship_altstate = $_SESSION['addy' . $blog_id]['ship_altstate'];
             } else {
                 $ship_altstate = '';
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_postcode'])) {
                 $ship_postcode = $_SESSION['addy' . $blog_id]['ship_postcode'];
             }
             if (isset($_SESSION['addy' . $blog_id]['comments'])) {
                 $comments = $_SESSION['addy' . $blog_id]['comments'];
             }
         } else {
             $first_name = $last_name = $company = $phone = $reference = '';
             $email = $address1 = $address2 = $city = $country = '';
             $state = $altstate = $zip = $ship_name = $ship_company = '';
             $ship_phone = $ship_address = $ship_city = $ship_postcode = '';
             $ship_country = $ship_state = $ship_altstate = $comments = '';
             $eshopsetcookie = apply_filters('eshop_use_cookie', true);
             if (isset($_COOKIE["eshopcart"]) && calculate_items() != 0 && $eshopsetcookie == true) {
                 $crumbs = eshop_break_cookie($_COOKIE["eshopcart"]);
                 foreach ($crumbs as $k => $v) {
                     ${$k} = $v;
                 }
             }
             if (is_user_logged_in() && isset($eshopoptions['users']) && 'yes' == $eshopoptions['users']) {
                 global $current_user;
                 get_currentuserinfo();
                 $crumbs = stripslashes_deep(get_the_author_meta('eshop', $current_user->ID));
                 if (is_array($crumbs)) {
                     foreach ($crumbs as $k => $v) {
                         ${$k} = esc_attr($v);
                     }
                     $first_name = esc_attr($current_user->user_firstname);
                     $last_name = esc_attr($current_user->user_lastname);
                     $email = esc_attr($current_user->user_email);
                 }
             }
         }
     }
     if ($chkerror != 0 || !isset($espost['submit']) && $numberofproducts >= 1) {
         // only show form if not filled in.
         $echoit .= eshopShowform($first_name, $last_name, $company, $phone, $email, $address1, $address2, $city, $state, $altstate, $zip, $country, $reference, $comments, $ship_name, $ship_company, $ship_phone, $ship_address, $ship_city, $ship_postcode, $ship_state, $ship_altstate, $ship_country);
     }
     if (isset($_SESSION['eshopcart' . $blog_id])) {
         switch ($contineproceed) {
             case '1':
                 $echoit .= '<ul class="continue-proceed eshopcp1"><li class="editcart"><a href="' . get_permalink($eshopoptions['cart']) . '">' . __('&laquo; Edit Cart or Continue Shopping', 'eshop') . '</a></li></ul>';
                 break;
             case '2':
                 $echoit .= '<ul class="continue-proceed redirect eshopcp2"><li class="editcheckout"><a href="' . get_permalink($eshopoptions['checkout']) . '">' . __('&laquo; Edit Details or Continue Shopping', 'eshop') . '</a></li></ul>';
                 break;
             case '3':
                 $echoit .= '<ul class="continue-proceed redirect eshopcp3"><li class="editcheckout"><a href="' . get_permalink($eshopoptions['checkout']) . '">' . __('&laquo; Edit Details or Continue Shopping', 'eshop') . '</a></li></ul>';
                 break;
         }
     } else {
         $echoit .= "<p><strong class=\"eshoperror error\">" . __('Your shopping cart is currently empty.', 'eshop') . "</strong></p>";
     }
     return $echoit;
 }
 function eshop_cart_process($data = '')
 {
     global $wpdb, $blog_id, $wp_query, $eshopoptions, $_POST;
     if ($data != '') {
         $_POST = $data;
     }
     if (!isset($_POST['eshopnon'])) {
         return;
     }
     wp_verify_nonce('eshop_add_product_cart');
     unset($_POST['eshopnon']);
     //setup variables:
     $option = $qty = $pclas = $productid = $pid = $pname = $iprice = '';
     $echo = '';
     //cache
     eshop_cache();
     //delete the session, empties the cart
     if (isset($_POST['unset']) || calculate_items() == 0 && isset($_SESSION['eshopcart' . $blog_id]) && sizeof($_SESSION['eshopcart' . $blog_id]) > 0) {
         unset($_SESSION['eshopcart' . $blog_id]);
         unset($_SESSION['final_price' . $blog_id]);
         unset($_SESSION['items' . $blog_id]);
         $_POST['save'] = 'false';
     }
     if (isset($eshopoptions['min_qty']) && $eshopoptions['min_qty'] != '') {
         $min = $eshopoptions['min_qty'];
     }
     if (isset($eshopoptions['max_qty']) && $eshopoptions['max_qty'] != '') {
         $max = $eshopoptions['max_qty'];
     }
     if (!isset($_POST['save'])) {
         //on windows this check isn't working correctly, so I've added ==0
         if (get_magic_quotes_gpc()) {
             $_COOKIE = stripslashes_array($_COOKIE);
             $_FILES = stripslashes_array($_FILES);
             $_GET = stripslashes_array($_GET);
             $_POST = stripslashes_array($_POST);
             $_REQUEST = stripslashes_array($_REQUEST);
         }
         $_POST = sanitise_array($_POST);
         //if adding a product to the cart
         if (isset($_POST['qty']) && !isset($_POST['save']) && (!is_numeric(trim($_POST['qty'])) || strlen($_POST['qty']) > 3)) {
             $qty = $_POST['qty'] = 1;
             $v = '999';
             if (isset($max)) {
                 $v = $max;
             }
             $error = '<p><strong class="eshoperror error">' . sprintf(__('Error: The quantity must contain numbers only, with a maximum of %s.', 'eshop'), $v) . '</strong></p>';
         }
         if (isset($min) && isset($_POST['qty']) && $_POST['qty'] < $min) {
             $qty = $_POST['qty'] = $min;
             $v = '999';
             if (isset($max)) {
                 $v = $max;
             }
             $k = $min;
             $enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
         }
         if (isset($max) && isset($_POST['qty']) && $_POST['qty'] > $max) {
             $qty = $_POST['qty'] = $max;
             $v = $max;
             $k = 1;
             if (isset($min)) {
                 $k = $min;
             }
             $enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
         }
         if (isset($_POST['postid'])) {
             $stkav = get_post_meta($_POST['postid'], '_eshop_stock', true);
             $eshop_product = maybe_unserialize(get_post_meta($_POST['postid'], '_eshop_product', true));
         }
         if (isset($_POST['option']) && !isset($_POST['save'])) {
             $edown = $getprice = $option = $_POST['option'];
             if (!isset($_POST['qty'])) {
                 $enote = '<p><strong class="eshoperror error">' . __('Warning: you must supply a quantity.', 'eshop') . '</strong></p>';
             }
             $qty = $_POST['qty'];
             $plcas = '';
             if (isset($_POST['pclas'])) {
                 $pclas = $_POST['pclas'];
             }
             $productid = $pid = $_POST['pid'];
             $pname = $_POST['pname'];
             /* if download option then it must be free shipping */
             $postid = $wpdb->escape($_POST['postid']);
             $eshop_product = maybe_unserialize(get_post_meta($postid, '_eshop_product', true));
             $dlchk = '';
             if (isset($eshop_product['products'][$option]['download'])) {
                 $dlchk = $eshop_product['products'][$option]['download'];
             }
             if ($dlchk != '') {
                 $pclas = 'F';
             }
             $iprice = $eshop_product['products'][$option]['price'];
             if (isset($eshopoptions['sale_prices']) && $eshopoptions['sale_prices'] == 1 && isset($eshopoptions['sale']) && 'yes' == $eshopoptions['sale'] && isset($eshop_product['products'][$option]['saleprice']) && $eshop_product['products'][$option]['saleprice'] != '' && isset($eshop_product['sale']) && $eshop_product['sale'] == 'yes') {
                 $iprice = $eshop_product['products'][$option]['saleprice'];
             }
             if ($iprice == '') {
                 $error = '<p><strong class="eshoperror error">' . __('Error: That product is currently not available.', 'eshop') . '</strong></p>';
                 $option = $_POST['option'] = '';
                 $qty = $_POST['qty'] = '';
                 $pclas = $_POST['pclas'] = '';
                 $productid = $pid = $_POST['pid'] = '';
                 $pname = $_POST['pname'] = '';
                 $iprice = '';
             }
         }
         //unique identifier
         $optset = '';
         if (isset($_POST['optset'])) {
             $xx = 0;
             foreach ($_POST['optset'] as $opts) {
                 $optset .= 'os' . $xx . implode('os' . $xx, $opts);
                 $xx++;
             }
         }
         if (!isset($pid)) {
             $pid = '';
         }
         if (!isset($option)) {
             $option = '';
         }
         if (!isset($postid)) {
             $postid = '';
         }
         $identifier = $pid . $option . $postid . $optset;
         //$needle=array(" ","-","$","\r","\r\n","\n","\\","&","#",";");
         $identifier = md5($identifier);
         //str_replace($needle,"",$identifier);
         $stocktable = $wpdb->prefix . "eshop_stock";
         if (isset($_SESSION['eshopcart' . $blog_id][$identifier])) {
             $testqty = $_SESSION['eshopcart' . $blog_id][$identifier]['qty'] + $qty;
             $eshopid = $_SESSION['eshopcart' . $blog_id][$identifier]['postid'];
             $eshop_product = maybe_unserialize(get_post_meta($postid, '_eshop_product', true));
             $optnum = $_SESSION['eshopcart' . $blog_id][$identifier]['option'];
             $item = $eshop_product['products'][$_SESSION['eshopcart' . $blog_id][$identifier]['option']]['option'];
             if (isset($min) && $testqty < $min) {
                 $qty = 0;
                 $v = '999';
                 if (isset($max)) {
                     $v = $max;
                 }
                 $k = $min;
                 $enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
             }
             if (isset($max) && $testqty > $max) {
                 $qty = 0;
                 $v = $max;
                 $k = 1;
                 if (isset($min)) {
                     $k = $min;
                 }
                 $enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
             }
             if ('yes' == $eshopoptions['stock_control']) {
                 $stkqty = $eshop_product['products'][$optnum]['stkqty'];
                 //recheck stkqty
                 $stktableqty = $wpdb->get_var("SELECT available FROM {$stocktable} where post_id={$eshopid} && option_id={$optnum}");
                 if (isset($stktableqty) && is_numeric($stktableqty)) {
                     $stkqty = $stktableqty;
                 }
                 if (!ctype_digit(trim($testqty)) || strlen($testqty) > 3) {
                     $error = '<p><strong class="eshoperror error">' . __('Error: The quantity must contain numbers only, with a 999 maximum.', 'eshop') . '</strong></p>';
                 } elseif ('yes' == $eshopoptions['stock_control'] && ($stkav != '1' || $stkqty < $testqty)) {
                     $error = '<p><strong class="eshoperror error">' . __('Error: That quantity is not available for that product.', 'eshop') . '</strong></p>';
                 } else {
                     $_SESSION['eshopcart' . $blog_id][$identifier]['qty'] += $qty;
                 }
             } else {
                 $_SESSION['eshopcart' . $blog_id][$identifier]['qty'] += $qty;
             }
             $_SESSION['lastproduct' . $blog_id] = $postid;
             do_action('eshop_product_updated_cart', $_SESSION['eshopcart' . $blog_id][$identifier]);
         } elseif ($identifier != '') {
             $weight = 0;
             if (isset($_POST['save']) && $_POST['save'] == 'true') {
                 $postid = $_SESSION['eshopcart' . $blog_id][$identifier]['postid'];
                 $optid = $_SESSION['eshopcart' . $blog_id][$identifier]['option'];
                 $optnum = $optid;
                 $testqty = $qty;
             } else {
                 $postid = $wpdb->escape($_POST['postid']);
                 $optid = $wpdb->escape($_POST['option']);
                 $optnum = $optid;
                 $_SESSION['eshopcart' . $blog_id][$identifier]['postid'] = $postid;
                 $testqty = $qty;
             }
             $eshop_product = maybe_unserialize(get_post_meta($postid, '_eshop_product', true));
             $item = $eshop_product['products'][$optnum]['option'];
             if ('yes' == $eshopoptions['stock_control']) {
                 $stkqty = $eshop_product['products'][$optnum]['stkqty'];
                 //recheck stkqty
                 $stktableqty = $wpdb->get_var("SELECT available FROM {$stocktable} where post_id={$postid} && option_id={$optid}");
                 if (isset($stktableqty) && is_numeric($stktableqty)) {
                     $stkqty = $stktableqty;
                 }
                 if (!ctype_digit(trim($testqty)) || strlen($testqty) > 3) {
                     $error = '<p><strong class="eshoperror error">' . __('Error: The quantity must contain numbers only, with a 999 maximum.', 'eshop') . '</strong></p>';
                 } elseif ('yes' == $eshopoptions['stock_control'] && ($stkav != '1' || $stkqty < $testqty)) {
                     $error = '<p><strong class="eshoperror error">' . __('Error: That quantity is not available for that product.', 'eshop') . '</strong></p>';
                     //$_SESSION['eshopcart'.$blog_id][$identifier]['qty']=$stkqty;
                 } else {
                     $_SESSION['eshopcart' . $blog_id][$identifier]['qty'] = $qty;
                 }
             } else {
                 $_SESSION['eshopcart' . $blog_id][$identifier]['qty'] = $qty;
             }
             $_SESSION['lastproduct' . $blog_id] = $postid;
             $_SESSION['eshopcart' . $blog_id][$identifier]['item'] = $item;
             $_SESSION['eshopcart' . $blog_id][$identifier]['option'] = stripslashes($option);
             $_SESSION['eshopcart' . $blog_id][$identifier]['pclas'] = stripslashes($pclas);
             $_SESSION['eshopcart' . $blog_id][$identifier]['pid'] = $pid;
             $_SESSION['eshopcart' . $blog_id][$identifier]['pname'] = stripslashes($pname);
             $_SESSION['eshopcart' . $blog_id][$identifier]['price'] = $iprice;
             if (isset($_POST['optset'])) {
                 foreach ($_POST['optset'] as $k => $v) {
                     $newoptset[] = $v;
                 }
                 $_SESSION['eshopcart' . $blog_id][$identifier]['optset'] = serialize($newoptset);
                 $oset = $qb = array();
                 $optings = $newoptset;
                 //$opttable=$wpdb->prefix.'eshop_option_sets';
                 foreach ($optings as $foo => $opst) {
                     $qb[] = "id={$opst['id']}";
                 }
                 $qbs = implode(" OR ", $qb);
                 $otable = $wpdb->prefix . 'eshop_option_sets';
                 $orowres = $wpdb->get_results("select weight from {$otable} where {$qbs} ORDER BY id ASC");
                 $x = 0;
                 foreach ($orowres as $orow) {
                     $weight += $orow->weight;
                     $x++;
                 }
             }
             //weights?
             if (isset($eshop_product['products'][$option]['weight'])) {
                 $weight += $eshop_product['products'][$option]['weight'];
             }
             $_SESSION['eshopcart' . $blog_id][$identifier]['weight'] = $weight;
             if (isset($error)) {
                 unset($_SESSION['eshopcart' . $blog_id][$identifier]);
             }
             do_action('eshop_product_added_to_cart', $_SESSION['eshopcart' . $blog_id][$identifier]);
         }
     }
     if (!isset($error)) {
         //save? not sure why I used that, but its working so why make trouble for myself.
         if (isset($_POST['save'])) {
             $save = $_POST['save'];
         }
         //this bit is possibly not required
         if (isset($productid)) {
             //new item selected ******* may need checking
             $_SESSION['final_price' . $blog_id] = calculate_price();
             $_SESSION['items' . $blog_id] = calculate_items();
         }
         if (isset($_POST['eshopdeleteitem'])) {
             foreach ($_POST['eshopdeleteitem'] as $chkey => $chkval) {
                 $tochkkey = $chkey;
                 $tochkqty = $_SESSION['eshopcart' . $blog_id][$chkey]['qty'];
             }
         }
         if (isset($eshopoptions['min_qty']) && $eshopoptions['min_qty'] != '') {
             $min = $eshopoptions['min_qty'];
         }
         if (isset($eshopoptions['max_qty']) && $eshopoptions['max_qty'] != '') {
             $max = $eshopoptions['max_qty'];
         }
         if (isset($min) && isset($_POST['qty']) && $_POST['qty'] < $min) {
             $qty = $_POST['qty'] = $min;
             $v = '999';
             if (isset($max)) {
                 $v = $max;
             }
             $k = $min;
             $enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
         }
         if (isset($max) && isset($_POST['qty']) && $_POST['qty'] > $max) {
             $qty = $_POST['qty'] = $max;
             $v = $max;
             $k = 1;
             if (isset($min)) {
                 $k = $min;
             }
             $enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
         }
         //update products in the cart
         if (isset($_POST['save']) && $_POST['save'] == 'true' && isset($_SESSION['eshopcart' . $blog_id])) {
             $eshopcartarray = $_SESSION['eshopcart' . $blog_id];
             foreach ($eshopcartarray as $productid => $opt) {
                 $needle = array(" ", ".");
                 $sessproductid = str_replace($needle, "_", $productid);
                 foreach ($_POST as $key => $value) {
                     if ($key == $sessproductid) {
                         foreach ($value as $notused => $qty) {
                             if (isset($tochkkey) && $tochkkey == $key && $tochkqty == $qty) {
                                 $qty = 0;
                             }
                             if ($qty == "0") {
                                 unset($_SESSION['eshopcart' . $blog_id][$productid]);
                             } else {
                                 $postid = $eshopid = $_SESSION['eshopcart' . $blog_id][$productid]['postid'];
                                 $eshop_product = maybe_unserialize(get_post_meta($postid, '_eshop_product', true));
                                 $optnum = $_SESSION['eshopcart' . $blog_id][$productid]['option'];
                                 if (isset($eshop_product['products'][$_SESSION['eshopcart' . $blog_id][$productid]['option']]['stkqty'])) {
                                     $stkqty = $eshop_product['products'][$_SESSION['eshopcart' . $blog_id][$productid]['option']]['stkqty'];
                                 }
                                 //recheck stkqty
                                 $stocktable = $wpdb->prefix . "eshop_stock";
                                 $stktableqty = $wpdb->get_var("SELECT available FROM {$stocktable} where post_id={$eshopid} AND option_id={$optnum}");
                                 if (isset($stktableqty) && is_numeric($stktableqty)) {
                                     $stkqty = $stktableqty;
                                 }
                                 if (!ctype_digit(trim($qty)) || strlen($qty) > 3) {
                                     $v = '999';
                                     if (isset($max)) {
                                         $v = $max;
                                     }
                                     $error = '<p><strong class="eshoperror error">' . sprintf(__('Error: The quantity must contain numbers only, with a maximum of %s.', 'eshop'), $v) . '</strong></p>';
                                 } elseif ('yes' == $eshopoptions['stock_control'] && $stkqty < $qty) {
                                     $error = '<p><strong class="eshoperror error">' . __('Error: That quantity is not available for that product.', 'eshop') . '</strong></p>';
                                 } elseif (isset($min) && isset($qty) && $qty < $min) {
                                     $qty = $min;
                                     $v = '999';
                                     if (isset($max)) {
                                         $v = $max;
                                     }
                                     $k = $min;
                                     $enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
                                 } elseif (isset($max) && isset($qty) && $qty > $max) {
                                     $qty = $max;
                                     $v = $max;
                                     $k = 1;
                                     if (isset($min)) {
                                         $k = $min;
                                     }
                                     $enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
                                 } else {
                                     $_SESSION['eshopcart' . $blog_id][$productid]['qty'] = $qty;
                                 }
                             }
                         }
                     }
                 }
             }
             $_SESSION['final_price' . $blog_id] = calculate_price();
             //$_SESSION['items'.$blog_id] = calculate_items();
         }
     }
     //any errors will print here.
     if (isset($error)) {
         $_SESSION['eshopcart' . $blog_id]['error'] = $error;
     }
     if (isset($enote)) {
         $_SESSION['eshopcart' . $blog_id]['enote'] = $enote;
     }
     if (isset($_SESSION['eshopcart' . $blog_id]) && sizeof($_SESSION['eshopcart' . $blog_id]) == '0') {
         unset($_SESSION['eshopcart' . $blog_id]);
         unset($_SESSION['final_price' . $blog_id]);
         unset($_SESSION['items' . $blog_id]);
     }
 }
    function eshop_downloads($_POST, $images, $content)
    {
        global $wpdb, $eshopoptions;
        //cache
        eshop_cache();
        $table = $wpdb->prefix . "eshop_downloads";
        $ordertable = $wpdb->prefix . "eshop_download_orders";
        $dir_upload = eshop_download_directory();
        $echo = '';
        //download is handled via cart functions as it needs to
        //be accessible before anything is printed on the page
        if (isset($_POST['code']) && isset($_POST['email'])) {
            /*
            Need to add in check about number of downloads here, including unlimited!
            */
            $code = $wpdb->escape($_POST['code']);
            $email = $wpdb->escape($_POST['email']);
            $dlcount = $wpdb->get_var("SELECT COUNT(id) FROM {$ordertable} where email='{$email}' && code='{$code}' && downloads!='0'");
            if ($dlcount > 0) {
                $echo .= $content;
                $tsize = 0;
                $x = 0;
                if ($dlcount > 1 && $eshopoptions['downloads_hideall'] != 'yes') {
                    $echo .= '<p class="jdl"><a href="#dlall">' . __('Download all files', 'eshop') . '</a></p>';
                }
                $dlresult = $wpdb->get_results("Select * from {$ordertable} where email='{$email}' && code='{$code}' && downloads!='0'");
                foreach ($dlresult as $dlrow) {
                    //download single items.
                    $filepath = $dir_upload . $dlrow->files;
                    $dlfilesize = eshop_filesize($dlrow->files);
                    $tsize = $tsize + $dlfilesize;
                    if ($dlrow->downloads == 1) {
                        $dlword = __('download', 'eshop');
                    } else {
                        $dlword = __('downloads', 'eshop');
                    }
                    $imagetoadd = '';
                    if ($images == 'add') {
                        $checkit = wp_check_filetype($filepath);
                        $eshopext = wp_ext2type($checkit['ext']);
                        $eshopfiletypeimgurl = wp_mime_type_icon($eshopext);
                        $eshophead = wp_remote_head($eshopfiletypeimgurl);
                        $eshophresult = wp_remote_retrieve_response_code($eshophead);
                        if ($eshophresult == '200' || $eshophresult == '302') {
                            $dims = getimagesize($eshopfiletypeimgurl);
                        }
                        if (is_array($dims)) {
                            $dimensions = $dims[3];
                        } else {
                            $dimensions = '';
                        }
                        $imagetoadd = apply_filters('eshop_download_imgs', '<img class="eshop-download-icon" src="' . $eshopfiletypeimgurl . '" ' . $dimensions . ' alt="" />', $checkit['ext']);
                    }
                    $dltitle = strlen($dlrow->title) >= 20 ? substr($dlrow->title, 0, 20) . "&#8230;" : $dlrow->title;
                    $echo .= '
					<form method="post" action="" class="eshop dlproduct"><fieldset>
					<legend>' . $dltitle . ' (' . check_filesize($dlfilesize) . ')</legend>
					' . $imagetoadd . '
					<input name="email" type="hidden" value="' . $_POST['email'] . '" />
					<input name="code" type="hidden" value="' . $_POST['code'] . '" />
					<input name="id" type="hidden" value="' . $dlrow->id . '" />
					<input name="eshoplongdownloadname" type="hidden" value="yes" />
					<label for="ro' . $x . '">' . __('Number of downloads remaining', 'eshop') . '</label>
					<input type="text" readonly="readonly" name="ro" class="ro" id="ro' . $x . '" value="' . $dlrow->downloads . '" />
					<span class="buttonwrap"><input type="submit" class="button" id="submit' . $x . '" name="Submit" value="' . __('Download', 'eshop') . ' ' . $dltitle . '" /></span>
					</fieldset></form>';
                    $x++;
                    $size = 0;
                }
                if ($dlcount > 1 && $eshopoptions['downloads_hideall'] != 'yes') {
                    //download all form.
                    $echo .= '
					<form method="post" action="" id="dlall" class="eshop"><fieldset>
					<legend>' . __('Download all files', 'eshop') . ' (' . check_filesize($tsize) . ') ' . __('in one zip file.', 'eshop') . '</legend>
					<input name="email" type="hidden" value="' . $_POST['email'] . '" />
					<input name="code" type="hidden" value="' . $_POST['code'] . '" />
					<input name="id" type="hidden" value="all" />
					<input name="eshoplongdownloadname" type="hidden" value="yes" />
					<p><span class="buttonwrap"><input class="button" type="submit" id="submit" name="Submit" value="' . __('Download All Files', 'eshop') . '" /></span></p>
					</fieldset></form>
					';
                }
                //allow plugin to change output, validated email/passcode already
                $echo = apply_filters('eshop_download_page', $echo, $code, $email);
            } else {
                $prevdlcount = $wpdb->get_var("SELECT COUNT(id) FROM {$ordertable} where email='{$email}' && code='{$code}'");
                if ($dlcount == $prevdlcount) {
                    $error = '<p class="eshoperror error">' . __('Either your email address or code is incorrect, please try again.', 'eshop') . '</p>';
                } else {
                    $error = '<p class="eshoperror error">' . __('Your email address and code are correct, however you have no downloads remaining.', 'eshop') . '</p>';
                }
                $echo .= eshop_dloadform($email, $code, $error);
            }
        } else {
            $echo .= eshop_dloadform('', '');
        }
        return $echo;
    }
function eshop_show_cart()
{
    global $wpdb, $blog_id, $wp_query, $eshopoptions;
    $echo = '';
    include "cart-functions.php";
    //cache
    eshop_cache();
    if (isset($_SESSION['eshopcart' . $blog_id]['error'])) {
        $echo .= $_SESSION['eshopcart' . $blog_id]['error'];
        unset($_SESSION['eshopcart' . $blog_id]['error']);
    }
    if (isset($_SESSION['eshopcart' . $blog_id]['enote'])) {
        $echo .= $_SESSION['eshopcart' . $blog_id]['enote'];
        unset($_SESSION['eshopcart' . $blog_id]['enote']);
    }
    if (isset($_SESSION['eshopcart' . $blog_id])) {
        if (isset($wp_query->query_vars['eshopaction']) && urldecode($wp_query->query_vars['eshopaction']) == 'cancel' && !isset($_POST['save'])) {
            $echo .= "<h3>" . __('The order was cancelled.', 'eshop') . "</h3>";
            $echo .= '<p>' . __('We have not deleted the contents of your shopping cart in case you may want to edit its content.', 'eshop') . '</p>';
        }
        if ($eshopoptions['shop_page'] != '') {
            $return = get_permalink($eshopoptions['shop_page']);
        } elseif (isset($_SESSION['lastproduct' . $blog_id])) {
            $return = get_permalink($_SESSION['lastproduct' . $blog_id]);
        } else {
            $return = get_permalink($eshopoptions['cart']);
        }
        $echo .= display_cart($_SESSION['eshopcart' . $blog_id], 'true', $eshopoptions['checkout']);
        $echo .= '<ul class="continue-proceed eshopcp0"><li class="rtnshopping"><a href="' . $return . '">' . __('&laquo; Continue Shopping', 'eshop') . '</a></li>
		<li class="gotocheckout"><a href="' . get_permalink($eshopoptions['checkout']) . '">' . __('Proceed to Checkout &raquo;', 'eshop') . '</a></li></ul>';
    } else {
        //can be altered as desired.
        $echo .= '<p><strong class="eshoperror error">' . __('Your shopping cart is currently empty.', 'eshop') . '</strong></p>';
    }
    return $echo;
}