function valid_auth($auth_type)
 {
     // If the current auth_type is not even "member" then go to the login page
     if (!CurrentMember::auth_type('member')) {
         session_start();
         if (count($_GET) > 0) {
             $_SESSION['_GET'] = $_GET;
         }
         if (count($_POST) > 0) {
             $_SESSION['_POST'] = $_POST;
         }
         $_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
         header('Location: index.php?action=login');
         exit(0);
     } else {
         $auth_fail = true;
         foreach (explode(',', $auth_type) as $test_auth) {
             if (CurrentMember::auth_type($test_auth)) {
                 $auth_fail = false;
             }
         }
         if ($auth_fail) {
             header("Location: index.php");
             exit(0);
         } else {
             // Restore the $_POST and $_GET variables from the last (failed) access
             // But do not unset any *real* GET or POST values
             if (isset($_SESSION['_POST'])) {
                 $_POST = $_SESSION['_POST'];
                 unset($_SESSION['_POST']);
             }
             if (isset($_SESSION['_GET'])) {
                 $_GET = $_SESSION['_GET'];
                 unset($_SESSION['_GET']);
             }
         }
     }
 }
    $product_id = $_POST['product_id'];
    $product_version = $_POST['product_version'];
    $producer_id = $_GET['producer_id'];
    // Always _GET ... not _POST
    $action = 'edit';
    $check_validation = true;
} elseif (isset($_GET['product_id']) && isset($_GET['product_version']) && isset($_GET['producer_id'])) {
    $product_id = $_GET['product_id'];
    $product_version = $_GET['product_version'];
    $producer_id = $_GET['producer_id'];
    $action = 'edit';
    $check_validation = false;
    // Get product_info from the database to display in form
    $product_info = get_product($_GET['product_id'], $_GET['product_version'], '');
    // Abort if the producer does not match the selected producer
    if ($product_info['producer_id'] != $producer_id && !CurrentMember::auth_type('producer_admin')) {
        die(debug_print("ERROR: 367634 ", 'Product requested is not associated with this producer.', basename(__FILE__) . ' LINE ' . __LINE__));
    }
} elseif (isset($_GET['producer_id'])) {
    $action = 'add';
    $producer_id = $_GET['producer_id'];
    $check_validation = false;
    // Set some new-product defaults
    $product_info['tangible'] = 1;
    $product_info['listing_auth_type'] = 'member';
} else {
    die(debug_print("ERROR: 543612 ", 'Attempt to edit a product without providing required arguments.', basename(__FILE__) . ' LINE ' . __LINE__));
}
// Process any information posted previously
include 'func/edit_product_screen_updatequery.php';
// Now go get the main part of the screen
function open_list_top(&$product, &$unique)
{
    $display_list_top = ($_GET['output'] == 'pdf' ? '' : '
      <span class="current_view">
        Current view: ' . ucfirst($unique['view']) . ' invoice<br>
        View as
          ' . ($unique['view'] != 'adjusted' ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&amp;delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['producer_id'] ? '&amp;producer_id=' . $_GET['producer_id'] : '') . '&amp;view=adjusted">Adjusted</a>]' : '') . '
          ' . ($unique['view'] != 'original' ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&amp;delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['producer_id'] ? '&amp;producer_id=' . $_GET['producer_id'] : '') . '&amp;view=original">Original</a>]' : '') . '
          ' . ($unique['view'] != 'editable' && CurrentMember::auth_type('cashier') && $_GET['producer_id'] != $_SESSION['producer_id_you'] ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&amp;delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['producer_id'] ? '&amp;producer_id=' . $_GET['producer_id'] : '') . '&amp;view=editable">Editable</a>]' : '') . '
        invoice.
      </span>') . '
          <table width="100%" cellpadding="0" cellspacing="0" border="0">
            <tr>
              <td align="left" valign="top" width="50%"><!-- FOOTER LEFT "' . $unique['business_name'] . '" -->
                <font size="+2"><b>' . $unique['business_name'] . '</b></font>
              </td>
              <td valign="top" align="right" rowspan="2" style="text-align:right;" width="50%">
                <img src="' . BASE_URL . DIR_GRAPHICS . 'invoice_logo.gif" alt="logo" width="250" height="71">
              </td>
            </tr>
            <tr>
              <td align="left">
                <br>
                <table cellpadding="0" cellspacing="0" border="0">
                  <tr>
                    <td valign="top"><strong>Home:</strong><br>' . $unique['address_line1'] . ($unique['address_line2'] != '' ? '
                      <br>' . $unique['address_line2'] . '' : '') . '
                      <br>' . implode(', ', array_filter(array($unique['city'], $unique['state'], $unique['zip']))) . '<br>' . ($unique['home_phone'] != '' ? '
                      <br>' . $unique['home_phone'] : '') . '
                    </td>
                    <td width="8" style="width:8px;">
                    </td>
                    <td width="1" bgcolor="#888888" style="width:1px;">
                    </td>
                    <td width="8" style="width:8px;">
                    </td>
                    <td valign="top"><strong>Business:</strong><br>' . $unique['work_address_line1'] . ($unique['work_address_line2'] != '' ? '
                      <br>' . $unique['address_line2'] . '' : '') . '
                      <br>' . implode(', ', array_filter(array($unique['work_city'], $unique['work_state'], $unique['work_zip']))) . '<br>' . ($unique['work_phone'] != '' ? '
                      <br>' . $unique['work_phone'] : '') . '
                    </td>
                  </tr>
                </table>
              </td>
            </tr>
            <tr>
              <td valign="top">' . ($unique['email_address'] != '' ? '
                <br><a href="mailto:' . $unique['email_address'] . '">' . $unique['email_address'] . '</a>' : '') . ($unique['email_address_2'] != '' ? '
                <br><a href="mailto:' . $unique['email_address_2'] . '">' . $unique['email_address_2'] . '</a>' : '') . ($unique['mobile_phone'] != '' ? '
                <br>' . $unique['mobile_phone'] . ' (mobile)' : '') . ($unique['fax'] != '' ? '
                <br>' . $unique['fax'] . ' (fax)' : '') . '
              </td>
              <td valign="bottom" align="right" style="vertical-align:bottom;text-align:right">
                <font size="+2">' . date("F j, Y", strtotime($unique['delivery_date'])) . '</font>
              </td>
            </tr>
            <tr>
              <td colspan="2">
                ' . ($unique['msg_all'] != '' ? '
                <font color="#990000" size="-1">' . $unique['msg_all'] . '  E-mail any problems with your order to <a href="mailto:' . PROBLEMS_EMAIL . '">' . PROBLEMS_EMAIL . '</a><br>' : '') . ($unique['msg_unique'] != '' ? '
                <br><font color="#990000" size="-1">' . $unique['msg_unique'] . '<br>' : '') . '
              </td>
            </tr>
            <tr>
              <td colspan="2" height="20" align="center"><img class="wide-line" src="' . BASE_URL . DIR_GRAPHICS . 'black_pixel.gif" width="750" height="1" alt="divider"></td>
            </tr>
            <tr>
              <td colspan="2" align="right" padding="0"></td>
            </tr>
          </table>
        <table cellpadding="0" cellspacing="0" border="0" style="width:100%;" width="750">
          <tr>
            <td colspan="7"><br></td>
          </tr>
          <tr>
            <th valign="bottom" bgcolor="#444444" width="40"></th>
            <th valign="bottom" bgcolor="#444444" width="35"><font color="#ffffff" size="-1">#</font></th>
            <th valign="bottom" bgcolor="#444444" align="left"><font color="#ffffff" size="-1">Product Name</font></th>
            <th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Shipped</font></th>
            <th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Weight</font></th>
            <th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Order</font></th>
            <th valign="bottom" bgcolor="#444444" align=right width="8%" style="text-align:right;"><font color="#ffffff" size="-1">Total</font></th>
          </tr>';
    return $display_list_top;
}
    $chk3d = ' style="display:none;"';
    // hide this section if not needed
} elseif ($product_info['random_weight'] == 1) {
    $chk3 = '';
    $chk4 = ' checked';
}
// Begin main display for edit-product screen (start table/form)
if ($action == 'edit') {
    $display = '<form action="' . $_SERVER['SCRIPT_NAME'] . '?product_id=' . $product_id . '&product_version=' . $product_version . '&producer_id=' . $producer_id . '&a=' . $_GET['a'] . '" method="post">';
} elseif ($action == 'add') {
    $display = '<form action="' . $_SERVER['SCRIPT_NAME'] . '?producer_id=' . $producer_id . '&a=' . $_GET['a'] . '" method="post">';
}
$display .= '
  <table bgcolor="#CCCCCC" border="0" cellpadding="2" cellspacing="2">';
// Admin-related fields
if (CurrentMember::auth_type('producer_admin,site_admin,cashier')) {
    $display .= '
    <tr bgcolor="#770000">
      <th colspan="2" align="center"><font color="#FFFFFF">Administrative Options</font></th>
    </tr>
    <tr ' . $admin_bg . '>
      <td>' . format_help_link('account_number') . 'Account</a></td>
      <td><b>Attach an account for sales of this product</b><br>
        <font size="-2">Probably should not use this field for regular member-producers</font>
        ' . $account_number_select . '<br>
        <font size="-2">Rather than being applied to the respective producer account, proceeds from this
        transaction will be sent to some other &quot;internal&quot; account. This might be useful for
        things like membership &quot;products&quot;.</font>
      </td>
    </tr>
    <tr ' . $admin_bg . '>
<?php

include_once 'config_openfood.php';
session_start();
if (CurrentMember::auth_type('cashier') && $call_ajax_as_function != true) {
    echo receive_payments_detail($_POST);
}
function receive_payments_detail($argument)
{
    global $connection;
    switch ($argument['request']) {
        // BASKET TOTAL AND PAYMENTS ******************************************************
        case 'basket_total_and_payments':
            $non_payment_total = 0;
            $non_payment_count = 0;
            $payment_total = 0;
            $payment_count = 0;
            $query = '
            SELECT
              text_key,
              SUM(amount) AS total,
              COUNT(amount) AS count
            FROM ' . NEW_TABLE_LEDGER . '
            WHERE
              basket_id = "' . mysql_real_escape_string($argument['basket_id']) . '"
              AND (source_type = "member"
                OR target_type = "member")
              AND replaced_by IS NULL
            GROUP BY
              text_key';
            $result = @mysql_query($query, $connection) or die(debug_print("ERROR: 768933 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        <div class="tab_frame">
          <a href="' . PATH . 'panel_cashier.php" class="' . ($page_tab == 'cashier_panel' ? ' current_tab' : '') . '">Cashiers</a>
        </div>';
    }
    if (CurrentMember::auth_type('site_admin')) {
        $panel_admin_menu = '
        <div class="tab_frame">
          <a href="' . PATH . 'panel_admin.php" class="' . ($page_tab == 'admin_panel' ? ' current_tab' : '') . '">Site Admin</a>
        </div>';
    }
    $logout_menu = '
        <div class="tab_frame right">
          <a href="' . PATH . 'index.php?action=logout" class="' . ($page_tab == 'login' ? ' current_tab' : '') . '">Logout</a>
        </div>';
    if (isset($basket_id) && $basket_id != 0) {
        if (CurrentMember::auth_type('orderex') || ActiveCycle::ordering_window() == 'open') {
            $basket_menu = '
        <div class="tab_frame right">
          <a href="' . PATH . 'product_list.php?type=basket" class="">View Basket [' . $basket_quantity . ' ' . Inflect::pluralize_if($basket_quantity, 'item') . ']</a>
        </div>';
        }
    }
} else {
    $login_menu = '
        <div class="tab_frame right">
          <a href="' . PATH . 'index.php?action=login" class="' . ($page_tab == 'login' ? ' current_tab' : '') . '">Login</a>
        </div>';
}
// Put it all together now
////////////////////////////////////////////////////////////////////////////////
//////////////                                              ////////////////////
Exemple #7
0
// Items dependent upon the location of this header
$pager = array();
// Set up some variables that might be needed
if (isset($_SESSION['member_id'])) {
    $member_id = $_SESSION['member_id'];
}
if (isset($_SESSION['producer_id_you'])) {
    $producer_id_you = $_SESSION['producer_id_you'];
}
$delivery_id = mysql_real_escape_string(ActiveCycle::delivery_id());
// Allow cashier to override member_id
if (isset($_GET['member_id']) && CurrentMember::auth_type('cashier')) {
    $member_id = $_GET['member_id'];
}
// Allow producer_admin or cashier to override producer_id_you
if (isset($_GET['producer_id']) && CurrentMember::auth_type('cashier,producer_admin')) {
    $producer_id_you = $_GET['producer_id'];
}
// Allow anyone to override the delivery_id
if ($_GET['delivery_id']) {
    $delivery_id = mysql_real_escape_string($_GET['delivery_id']);
}
// Initialize display of wholesale and retail to false
$wholesale_member = false;
$retail_member = false;
//////////////////////////////////////////////////////////////////////////////////////
//                                                                                  //
//                         QUERY AND DISPLAY THE DATA                               //
//                                                                                  //
//////////////////////////////////////////////////////////////////////////////////////
// Include the appropriate list "module" from the show_report directory
function open_list_top(&$product, &$unique)
{
    $list_top = ($_GET['output'] == 'pdf' ? '' : '
      <span class="current_view">
        Current view: ' . ucfirst($unique['view']) . ' invoice<br>
        View as
          ' . ($unique['view'] != 'adjusted' ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&amp;delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['member_id'] ? '&amp;member_id=' . $_GET['member_id'] : '') . '&amp;view=adjusted">Adjusted</a>]' : '') . '
          ' . ($unique['view'] != 'original' ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&amp;delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['member_id'] ? '&amp;member_id=' . $_GET['member_id'] : '') . '&amp;view=original">Original</a>]' : '') . '
          ' . ($unique['view'] != 'editable' && CurrentMember::auth_type('cashier') && $_GET['member_id'] != $member_id ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&amp;delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['member_id'] ? '&amp;member_id=' . $_GET['member_id'] : '') . '&amp;view=editable">Editable</a>]' : '') . '
        invoice.
      </span>') . '
          <table width="100%" cellpadding="0" cellspacing="0" border="0">
            <tr>
              <td align="left" valign="top"><!-- FOOTER LEFT "' . (strpos($unique['auth_type'], 'institution') !== false ? $unique['business_name'] : '') . $unique['last_name'] . ', ' . $unique['first_name'] . '" -->
                <font size="+2"><b>' . $unique['preferred_name'] . ' ' . (strpos($unique['auth_type'], 'institution') !== false ? $unique['business_name'] . '<br>(attn: ' . $unique['first_name'] . ' ' . $unique['last_name'] . ')' : '') . '</b></font>
              </td>
              <td valign="top" align="right">
                <table border="0" style="width:300px;float:right">
                  <tr>
                    <td align="center" style="text-align:center;">
                      <img src="' . BASE_URL . DIR_GRAPHICS . 'invoice_logo.gif" alt="logo" width="250" height="72">
                    </td>
                  </tr>
                  <tr>
                    <td align="center" style="text-align:center;">
                      <font size="-2">' . SITE_CONTACT_INFO . '</font>
                    </td>
                  </tr>
                </table>
              </td>
            </tr>
            <tr>
              <td colspan="2">
                <table width="100%" cellpadding="0" cellspacing="0" border="0">
                  <tr>
                    <td align="left">
                      <font size="+2">' . $unique['member_id'] . '-' . $unique['site_short'] . ' (' . $unique['site_long'] . ')</font>
                    </td>
                    <td align="right" style="text-align:right;">
                      <font size="+2">' . date("F j, Y", strtotime($unique['delivery_date'])) . '</font>
                    </td>
                  </tr>
                </table>
              </td>
            </tr>
            <tr>
              <td colspan="2" height="20"><img class="wide-line" src="' . BASE_URL . DIR_GRAPHICS . 'black_pixel.gif" width="100%" height="1" alt="divider"></td>
            </tr>
            <tr>
              <td valign="top"><strong>Customer info</strong>' . ($unique['delivery_type'] == 'H' || $unique['delivery_type'] == 'P' ? '
                (home):<br><br>' . $unique['address_line1'] . '' . ($unique['address_line2'] != '' ? '
                <br>' . $unique['address_line2'] . '' : '') . '
                <br>' . $unique['city'] . ', ' . $unique['state'] . ', ' . $unique['zip'] . '<br>' : '') . ($unique['delivery_type'] == 'W' ? '
                (work):<br><br>' . $unique['work_address_line1'] . '' . ($unique['work_address_line2'] != '' ? '
                <br>' . $unique['work_address_line2'] . '' : '') . '
                <br>' . $unique['work_city'] . ', ' . $unique['work_state'] . ', ' . $unique['work_zip'] . '<br>' : '') . ($unique['email_address'] != '' ? '
                <br><a href="mailto:' . $unique['email_address'] . '">' . $unique['email_address'] . '</a>' : '') . ($unique['email_address_2'] != '' ? '
                <br><a href="mailto:' . $unique['email_address_2'] . '">' . $unique['email_address_2'] . '</a>' : '') . ($unique['home_phone'] != '' ? '
                <br>' . $unique['home_phone'] . ' (home)' : '') . ($unique['work_phone'] != '' ? '
                <br>' . $unique['work_phone'] . ' (work)' : '') . ($unique['mobile_phone'] != '' ? '
                <br>' . $unique['mobile_phone'] . ' (mobile)' : '') . ($unique['fax'] != '' ? '
                <br>' . $unique['fax'] . ' (fax)' : '') . '<br><br>
              </td>
              <td valign="top"><strong>Delivery/pickup details:</strong>
                <dl>
                  <dt><font face="Times New Roman">' . $unique['site_long'] . '</font></dt>
                  <dd><pre><font face="Times New Roman">' . $unique['site_description'] . '</font></pre></dd>
                </dl>
              </td>
            </tr>
            <tr>
              <td colspan="2">
                ' . ($unique['msg_all'] != '' ? '
                <font color="#990000" size="-1">' . $unique['msg_all'] . '</font>' : '') . ($unique['msg_unique'] != '' ? '
                <br><font color="#990000" size="-1">' . $unique['msg_unique'] . '<br></font>' : '') . '
              </td>
            </tr>
          </table>
        <font face="arial">
        <table width="100%" cellpadding="0" cellspacing="0" border="0">' . ($unique['checked_out'] != 0 ? '
          <tr>
            <td colspan="7"><br></td>
          </tr>
          <tr>
            <th valign="bottom" bgcolor="#444444" width="40"></th>
            <th valign="bottom" bgcolor="#444444" width="35"><font color="#ffffff" size="-1">#</font></th>
            <th valign="bottom" bgcolor="#444444" align="left"><font color="#ffffff" size="-1">Product Name</font></th>
            <th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Price</font></th>
            <th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Quantity</font></th>
            <th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Weight</font></th>
            <th valign="bottom" bgcolor="#444444" align=right width="8%"><font color="#ffffff" size="-1">Amount</font></th>
          </tr>' : '
          <tr>
            <td colspan="7" align="center"><br><br><br><br>EMPTY INVOICE<br>Nothing ordered<br><br><br></td>
          </tr>');
    return $list_top;
}
function update_basket(array $data)
{
    //    debug_print ('INFO: Update Basket', $data);
    global $connection;
    //    $member_id_you = $_SESSION['member_id'];
    $producer_id_you = $_SESSION['producer_id_you'];
    // Allow admins to override certain checks if the requested action is not for themselves
    $admin_override = true;
    if ($member_id_you == $data['member_id'] || !CurrentMember::auth_type('cashier')) {
        $admin_override = false;
    }
    // Set this value manually when converting from transactions to ledger accounting
    $admin_override = true;
    // Set flags for needed validations and operations
    switch ($data['action']) {
        // checkout will checkout all the items in the basket
        case 'checkout':
            $test_for_membership_privilege = true;
            $test_customer_ordering_window = true;
            $initiate_set_checkout = true;
            $initiate_checkout_items = true;
            break;
            // same as "checkout" but only synchs items that were already checked out
        // same as "checkout" but only synchs items that were already checked out
        case 'synch_ledger_items':
            $test_for_membership_privilege = true;
            $test_customer_ordering_window = true;
            $initiate_set_checkout = true;
            $synch_ledger_items = true;
            break;
            // set_uncheckout is currently disabled
        // set_uncheckout is currently disabled
        case 'set_checkout':
            $test_for_membership_privilege = true;
            $test_customer_ordering_window = true;
            $initiate_set_checkout = true;
            break;
            // un_checkout is currently disabled
        // un_checkout is currently disabled
        case 'un_checkout':
            $test_customer_ordering_window = true;
            $initiate_un_checkout = true;
            break;
            // update the site (Pickup|Home|Work)
        // update the site (Pickup|Home|Work)
        case 'set_site':
            $update_site = true;
            break;
        default:
            die(debug_print('ERROR: 679217 ', 'unexpected request', basename(__FILE__) . ' LINE ' . __LINE__));
            break;
    }
    // Get  information about the basket for this member
    // Prefer to access basket by basket_id
    if ($data['basket_id'] != 0) {
        $basket_info = get_basket($data['basket_id']);
    } elseif ($data['member_id'] != 0 && $data['delivery_id'] != 0) {
        $basket_info = get_basket($data['member_id'], $data['delivery_id']);
    } else {
        die(debug_print('ERROR: 970893 ', 'incomplete information to locate basket', basename(__FILE__) . ' LINE ' . __LINE__));
    }
    // Check that we actually got some basket information
    if (!is_array($basket_info)) {
        die(debug_print('ERROR: 701854 ', 'basket does not exist', basename(__FILE__) . ' LINE ' . __LINE__));
    }
    // Check that the member is not pending or discontinued
    if ($test_for_membership_privilege && !$admin_override) {
        if ($member_info['pending'] == 1 || $member_info['membership_discontinued'] == 1) {
            die(debug_print('ERROR: 974383 ', 'incorrect privilege to order', basename(__FILE__) . ' LINE ' . __LINE__));
        }
    }
    // Check if shopping is closed for this order
    if ($test_customer_ordering_window && !$admin_override) {
        if (ActiveCycle::ordering_window() == 'closed') {
            die(debug_print('ERROR: 823186 ', 'customer ordering period is not in effect', basename(__FILE__) . ' LINE ' . __LINE__));
        }
    }
    // Update the basket with a new site and information related to the new site
    if ($update_site) {
        debug_print("ERROR: 892573 ", "UPDATE DELCODE", basename(__FILE__) . ' LINE ' . __LINE__);
        if ($data['delivery_type'] == 'H' || $data['delivery_type'] == 'W') {
            $query_delivery_type = 'D';
        } else {
            $query_delivery_type = $data['delivery_type'];
        }
        // P[ickup]
        // Could check for changes and abort otherwise, but this will force updating
        // delivery_postal_code just in case it might have changed.
        $query_site = '
          SELECT
            delivery_charge,
            delivery_postal_code
          FROM ' . NEW_TABLE_SITES . '
          WHERE
            site_id = "' . mysql_real_escape_string($data['site_id']) . '"
            AND delivery_type = "' . $query_delivery_type . '"
            AND inactive = "0"
            AND site_type = "customer"';
        $result_site = mysql_query($query_site, $connection) or die(debug_print("ERROR: 892573 ", array($query_site, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        // Got we some information, then post the new information
        if ($row_site = mysql_fetch_array($result_site)) {
            $query_update_basket = '
              UPDATE ' . NEW_TABLE_BASKETS . '
              SET
                delivery_cost = "' . mysql_real_escape_string($row_site['delivery_charge']) . '",
                delivery_postal_code = "' . mysql_real_escape_string($row['delivery_postal_code']) . '",
                site_id = "' . mysql_real_escape_string($data['site_id']) . '",
                delivery_type = "' . mysql_real_escape_string($data['delivery_type']) . '"
              WHERE basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"';
            $result_update_basket = mysql_query($query_update_basket, $connection) or die(debug_print("ERROR: 892764 ", array($query_update_basket, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
            debug_print("INFO: 892573 ", $query_update_basket, basename(__FILE__) . ' LINE ' . __LINE__);
            // Update the $basket_info with changes
            $basket_info['delivery_cost'] = $row_site['delivery_charge'];
            $initiate_delivery_charge = true;
        } else {
            die(debug_print('ERROR: 898952 ', 'requested site does not exist or is not available', basename(__FILE__) . ' LINE ' . __LINE__));
        }
    }
    // Change the checked_out setting on the basket
    // Do this early so the update_basket_item will process the ledger items (only if they are in a checked-out state)
    if ($initiate_set_checkout) {
        // Get the number of items in the basket that are checked out
        $query = '
          SELECT
            ' . NEW_TABLE_PRODUCTS . '.tangible,
            COUNT(' . NEW_TABLE_BASKET_ITEMS . '.bpid) AS count
          FROM
            ' . NEW_TABLE_BASKET_ITEMS . '
          LEFT JOIN
            ' . NEW_TABLE_PRODUCTS . ' USING(product_id,product_version)
          WHERE
            ' . NEW_TABLE_BASKET_ITEMS . '.basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"
          GROUP BY
            ' . NEW_TABLE_PRODUCTS . '.tangible';
        $result = mysql_query($query, $connection) or die(debug_print("ERROR: 758023 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        while ($row = mysql_fetch_array($result)) {
            if ($row['tangible'] == '0') {
                $intangible_count = $row['count'];
            }
            if ($row['tangible'] == '1') {
                $tangible_count = $row['count'];
            }
        }
        // Preference is to set basket count to the number of *tangible* items in the basket
        if ($tangible_count > 0) {
            $checked_out = $tangible_count;
        } elseif ($intangible_count > 0) {
            $checked_out = 0 - $intangible_count;
        } else {
            $checked_out = 0;
        }
        $query = '
          UPDATE ' . NEW_TABLE_BASKETS . '
          SET checked_out = "' . mysql_real_escape_string($checked_out) . '"
          WHERE basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"';
        $result = mysql_query($query, $connection) or die(debug_print("ERROR: 892764 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        // Sync the variable we just changed
        $basket_info['checked_out'] = $checked_out;
        // If there is an order cost (fixed), then post it (or clear it if wrongly set).
        if ($basket_info['order_cost'] != 0 && $basket_info['order_cost_type'] == 'fixed' && $basket_info['checked_out'] != 0) {
            // Add the order cost to the ledger for this basket
            $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'internal', 'target_key' => 'order_cost', 'amount' => $basket_info['order_cost'], 'text_key' => 'order cost', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'match_keys' => array('source_type', 'source_key', 'target_type', 'target_key', 'text_key', 'basket_id')));
        } elseif ($basket_info['order_cost'] != 0 && $basket_info['order_cost_type'] == 'percent' && $basket_info['checked_out'] != 0) {
            // First need to know the basket total to calculate the percent cost
            $query = '
              SELECT
                SUM(amount) AS order_total
              FROM
                ' . NEW_TABLE_LEDGER . '
              WHERE
                basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"
                AND (text_key = "quantity cost"
                  OR text_key = "weight cost")';
            $result = mysql_query($query, $connection) or die(debug_print("ERROR: 678304 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
            if ($row = mysql_fetch_array($result)) {
                $order_total = $row['order_total'];
                $order_cost_total = round($row['order_total'] * $basket_info['order_cost'] / 100, 2);
            }
            // Add the order cost to the ledger for this basket
            $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'internal', 'target_key' => 'order_cost', 'amount' => $basket_info['order_cost'], 'text_key' => 'order cost', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'match_keys' => array('source_type', 'source_key', 'target_type', 'target_key', 'text_key', 'basket_id')));
        }
    }
    // For checkout, synchronize ledger entries to all basket_items
    if ($initiate_checkout_items || $synch_ledger_items) {
        // $initiate_checkout_items: check out all items and synch ledger
        // $synch_ledger_items:      repost existing checked_out items to the ledger
        if ($synch_ledger_items) {
            // Restrict to just the checked_out items
            $query_where = '
              AND checked_out != "0"';
        }
        // Get the items currently in the basket
        $query_basket_items = '
          SELECT
            bpid,
            product_id,
            product_version
          FROM ' . NEW_TABLE_BASKET_ITEMS . '
          WHERE basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"' . $query_where;
        $result_basket_items = mysql_query($query_basket_items, $connection) or die(debug_print("ERROR: 892785 ", array($query_basket_items, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        // Go through all the basket items (or all the checked_out items)
        while ($row_basket_items = mysql_fetch_array($result_basket_items)) {
            $basket_item_info = update_basket_item(array('action' => 'synch_ledger', 'delivery_id' => $data['delivery_id'], 'member_id' => $data['member_id'], 'product_id' => $row_basket_items['product_id'], 'product_version' => $row_basket_items['product_version']));
            if (!is_array($basket_item_info)) {
                die(debug_print("ERROR: 902784 ", 'update_basket_item() did not return array.', basename(__FILE__) . ' LINE ' . __LINE__));
            }
        }
    }
    // This is done for any/all changes, so not conditional except for baskets that are not checked-out.
    if ($basket_info['checked_out'] != 0) {
        // If there is a delivery charge, then post it (or clear it if wrongly set).
        if ($basket_info['delivery_cost'] != 0 || $initiate_delivery_charge) {
            // Add the delivery cost to the ledger for this basket
            $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'internal', 'target_key' => 'delivery_cost', 'amount' => $basket_info['delivery_cost'], 'text_key' => 'delivery cost', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'match_keys' => array('source_type', 'source_key', 'target_type', 'target_key', 'text_key', 'basket_id')));
        }
    }
    //     // For un_checkout, clear all ledger entries related to the basket and basket_items
    //     // This will remove or clear the cost of ledger entries for all products in the basket
    //     if ($initiate_un_checkout)
    //       {
    //         // Get the items currently in the basket
    //         $query_basket_items = '
    //           SELECT
    //             bpid,
    //             product_id,
    //             product_version
    //           FROM '.NEW_TABLE_BASKET_ITEMS.'
    //           WHERE basket_id = "'.mysql_real_escape_string($basket_info['basket_id']).'"';
    //         $result_basket_items = mysql_query($query_basket_items, $connection) or die(debug_print ("ERROR: 892785 ", array ($query_basket_items,mysql_error()), basename(__FILE__).' LINE '.__LINE__));
    //         // Go through all the basket items
    //         while ($row_basket_items = mysql_fetch_array($result_basket_items))
    //           {
    //             // Problem: clear_item removes all quantity from the basket. We would like to leave the basket unchanged.
    //             // ... but if we define that as the desired behavior, then we have something, at least...
    //             $basket_item_info = update_basket_item (array(
    //               'action' => 'un_checkout',
    //               'delivery_id' => $data['delivery_id'],
    //               'member_id' => $data['member_id'],
    //               'product_id' => $row_basket_items['product_id'],
    //               'product_version' => $row_basket_items['product_version'],
    //               'post_even_if_zero' => 'YES'
    //               ));
    //             if ($basket_item_info != 'clear_item:'.$row_basket_items['bpid'])
    //               {
    //                 return('error 100: expected "clear_item:'.$row_basket_items['bpid'].'" but got "'.$basket_item_info.'"');
    //               }
    //           }
    //         // And un-checkout the basket as well
    //         // Remove the delivery cost from the ledger for this basket
    //         $ledger_status = basket_item_to_ledger(array (
    //           'source_type' => 'member',
    //           'source_key' => $data['member_id'],
    //           'target_type' => 'internal',
    //           'target_key' => 'delivery_cost',
    //           'amount' => 0,
    //           'text_key' => 'delivery cost',
    //           'posted_by' => $_SESSION['member_id'],
    //           'basket_id' => $basket_info['basket_id'],
    //           'site_id' => $basket_info['site_id'],
    //           'delivery_id' => $basket_info['delivery_id'],
    //           'match_keys' => array ('source_type','source_key','target_type','target_key','text_key','basket_id')
    //           ));
    //       }
    //     // Change the checked_out setting on the basket
    //     // Do this last so the update_basket_item will clear ledger items (only if they are in a checked-out state)
    //     if ($initiate_un_checkout)
    //       {
    //         $query = '
    //           UPDATE '.NEW_TABLE_BASKETS.'
    //           SET checked_out = "0"
    //           WHERE basket_id = "'.mysql_real_escape_string($basket_info['basket_id']).'"';
    //         $result = mysql_query($query, $connection) or die(debug_print ("ERROR: 892764 ", array ($query,mysql_error()), basename(__FILE__).' LINE '.__LINE__));
    //         $basket_info['checked_out'] = 0;
    //       }
    // At this point, all basket information has been updated, so we need to consider any changes to the ledger.
    // * messages                    link a message to this transaction
    // * post_even_if_zero              'YES' will delete the transaction is zero and a singleton
    // NEED TO ADD PAYPAL SURCHARGE CALCULATION
    // Return the new (possibly changed) basket_info array
    return $basket_info;
}
Exemple #10
0
}
// Get a delivery_id for pulling current producer "invoices"
if ($_GET['delivery_id']) {
    $delivery_id = mysql_real_escape_string($_GET['delivery_id']);
} else {
    $delivery_id = mysql_real_escape_string(ActiveCycle::delivery_id());
}
// Get a basket_id in cases where we are looking at baskets or invoices...
if ($_GET['basket_id']) {
    $basket_id = mysql_real_escape_string($_GET['basket_id']);
} else {
    $basket_id = mysql_real_escape_string(CurrentBasket::basket_id());
}
// Determine whether the order is open or not
$order_open = false;
if (ActiveCycle::ordering_window() == 'open' && ActiveCycle::delivery_id() == $delivery_id || CurrentMember::auth_type('orderex')) {
    $order_open = true;
}
// Initialize display of wholesale and retail to false
$display_wholesale_price = false;
$display_retail_price = false;
$is_wholesale_item = false;
// SET UP QUERY PARAMETERS THAT APPLY TO MOST LISTS
// Only show for listed producers -- not unlisted (1) or suspended (2)
$where_unlisted_producer = '
    AND unlisted_producer = "0"';
// Normally, do not show producers that are pending (1)
$where_producer_pending = '
    ' . TABLE_PRODUCER . '.pending = 0';
// Set up an exception for hiding zero-inventory products
$where_zero_inventory = '';
<?php

include_once 'config_openfood.php';
session_start();
if (!CurrentMember::auth_type('cashier')) {
    echo '
        <div id="make_payment_row" class="data_row">
          <span class="error_message">Only cashiers are permitted to execute this function.</span>
        </div>';
    exit(1);
    // Not permitted to access this page
}
switch ($_POST['process']) {
    // MAKE PAYMENTS FORM ******************************************************
    case 'get_make_payment_form':
        echo get_make_payment_form($_POST['delivery_id'], $_POST['producer_id'], $_POST['business_name'], '');
        break;
        // POST MAKE PAYMENTS ******************************************************
    // POST MAKE PAYMENTS ******************************************************
    case 'make_payment':
        $error_array = array();
        // Validate the data: amount
        if (preg_match('/^[-]{0,1}[0-9]*(\\.[0-9]{2}){0,1}$/', $_POST['amount']) != 1) {
            array_push($error_array, 'Payment must be numeric with decimal cents<br>(e.g. 45.67 or .89).');
        }
        // Validate the data: payment_type
        if ($_POST['payment_type'] != 'cash' && $_POST['payment_type'] != 'check' && $_POST['payment_type'] != 'paypal') {
            array_push($error_array, 'Please select a payment type.');
        }
        // Validate the data: memo
        if (preg_match('/^[0-9]*$/', $_POST['memo']) != 1) {
Exemple #12
0
<?php

include_once 'config_openfood.php';
session_start();
valid_auth('producer,producer_admin,site_admin');
// store.php3 - by Florian Dittmer <*****@*****.**>
// Example php script to demonstrate the storing of binary files into
// an sql database. More information can be found at http://www.phpbuilder.com/
// producer_admin and site_admin are allowed to pass $_GET directive
if ($_GET['producer_id'] && CurrentMember::auth_type('site_admin,cashier')) {
    // Keep the same producer_id value
    $producer_id = $_GET['producer_id'];
} elseif ($_SESSION['producer_id_you']) {
    $producer_id = $_SESSION['producer_id_you'];
}
$sqll = '
  SELECT
    ' . TABLE_PRODUCER_LOGOS . '.logo_id,
    ' . TABLE_PRODUCER . '.business_name
  FROM
    ' . TABLE_PRODUCER . '
  LEFT JOIN
    ' . TABLE_PRODUCER_LOGOS . ' USING(producer_id)
  WHERE
    ' . TABLE_PRODUCER . '.producer_id = "' . mysql_real_escape_string($producer_id) . '"';
$rsrl = @mysql_query($sqll, $connection) or die(mysql_error() . "<br><b>Error No: </b>" . mysql_errno());
$num = mysql_numrows($rsrl);
while ($row = mysql_fetch_array($rsrl)) {
    $logo_id = $row['logo_id'];
    $business_name = $row['business_name'];
}
      LEFT JOIN ' . NEW_TABLE_BASKETS . ' USING(basket_id)
      LEFT JOIN ' . NEW_TABLE_PRODUCTS . ' USING(product_id,product_version)
      WHERE
        ' . NEW_TABLE_PRODUCTS . '.producer_id = "' . mysql_real_escape_string($producer_id) . '"
        AND ' . NEW_TABLE_BASKETS . '.delivery_id = "' . mysql_real_escape_string($delivery_id) . '"
        AND ' . NEW_TABLE_BASKET_ITEMS . '.out_of_stock != ' . NEW_TABLE_BASKET_ITEMS . '.quantity
        AND ' . NEW_TABLE_PRODUCTS . '.random_weight != "0"
        AND ' . NEW_TABLE_BASKET_ITEMS . '.total_weight = "0"
      ORDER BY producer_id ASC';
    $resultprp = @mysql_query($sqlp, $connection) or die(debug_print("ERROR: 869307 ", array($sqlp, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
    $num = mysql_numrows($resultprp);
    while ($row = mysql_fetch_array($resultprp)) {
        $display .= '<a href="product_list.php?&amp;type=producer_byproduct&amp;producer_id=' . $row['producer_id'] . '&amp;delivery_id=' . $delivery_id . '">Weight needed: #' . $row['product_id'] . '</a><br>';
    }
    $display .= '</td>
      <td class="producer_links">' . (CurrentMember::auth_type('producer_admin') == true ? '<a class="producer" onclick="popup_src(\'edit_producer.php?action=edit&producer_id=' . $producer_id . '&display_as=popup\', \'edit_producer\', \'\')">Edit</a>' : '') . '
      </td>
      <td class="order_links" valign="top"><a href="product_list.php?&type=producer_byproduct&amp;delivery_id=' . $delivery_id . '&amp;producer_id=' . $producer_id . '">Basket</a>&nbsp;|&nbsp;<a href="show_report.php?type=producer_invoice&amp;delivery_id=' . $delivery_id . '&amp;producer_id=' . $producer_id . '">Invoice</a></font></td>
    </tr>';
    $member_id_list .= '#' . $member_id;
}
$content_list = '
  <div align="center">
  <div id="delivery_id_nav">
    <a class="prior" href="' . $_SERVER['SCRIPT_NAME'] . '?delivery_id=' . ($delivery_id - 1) . '">&larr; PRIOR CYCLE </a>
    <a class="next" href="' . $_SERVER['SCRIPT_NAME'] . '?delivery_id=' . ($delivery_id + 1) . '"> NEXT CYCLE &rarr;</a>
  </div>
<table width="100%">
  <tr>
    <td align="left">
      <h3>Producer Orders: ' . date('F j, Y', strtotime($delivery_date)) . ' (' . $num_orders . ' Orders)</h3>
function update_basket_item(array $data)
{
    //    debug_print ('INFO: Update Basket', $data);
    global $connection;
    //    $member_id_you = $_SESSION['member_id'];
    $producer_id_you = $_SESSION['producer_id_you'];
    // Allow admins to override certain checks if the requested action is not for themselves
    $admin_override_not_set = false;
    if ($member_id_you == $data['member_id'] || !CurrentMember::auth_type('cashier')) {
        $admin_override_not_set = true;
    }
    // Set flags for needed validations and operations
    switch ($data['action']) {
        case 'set_quantity':
            $test_for_valid_product = true;
            $test_for_customer_privilege = true;
            $test_for_membership_privilege = true;
            $test_customer_ordering_window = true;
            $test_product_availability = true;
            $test_for_producer_privilege = true;
            $initiate_basket_item = true;
            $initiate_change_quantity = true;
            $initiate_set_message_to_producer = true;
            break;
        case 'set_message_to_producer':
            $test_for_valid_product = true;
            $test_customer_ordering_window = true;
            $initiate_set_message_to_producer = true;
            break;
        case 'set_outs':
            $test_for_valid_product = true;
            $test_for_producer_privilege = true;
            $test_basket_item_exists = true;
            $test_producer_update_window = true;
            $initiate_change_outs = true;
            break;
        case 'set_weight':
            $test_for_valid_product = true;
            $test_for_producer_privilege = true;
            $test_basket_item_exists = true;
            $test_producer_update_window = true;
            $initiate_change_weight = true;
            break;
        case 'checkout':
            $test_for_valid_product = true;
            $test_for_membership_privilege = true;
            $test_customer_ordering_window = true;
            $test_basket_item_exists = true;
            $initiate_set_message_to_producer = true;
            $initiate_synch_ledger = true;
            break;
        case 'set_all_producer':
            $test_for_valid_product = true;
            $test_basket_item_exists = true;
            $test_for_producer_privilege = true;
            $test_producer_update_window = true;
            $initiate_change_outs = true;
            $initiate_change_weight = true;
            break;
        case 'set_everything':
            $test_for_valid_product = true;
            $test_basket_item_exists = true;
            $test_customer_ordering_window = true;
            $initiate_change_quantity = true;
            $initiate_change_outs = true;
            $initiate_clear_weight = true;
            $initiate_clear_item = true;
            $initiate_set_message_to_producer = true;
            break;
        case 'clear_item':
            // Used when un_checking_out
            $test_for_valid_product = true;
            $test_basket_item_exists = true;
            $test_customer_ordering_window = true;
            $data['quantity'] = '0';
            $data['out_of_stock'] = '0';
            $data['weight'] = '0';
            $initiate_change_quantity = true;
            $initiate_change_outs = true;
            $initiate_clear_weight = true;
            $initiate_clear_item = true;
            break;
        case 'synch_ledger':
            // Used when checking_out
            $test_for_valid_product = true;
            $test_basket_item_exists = true;
            $test_for_membership_privilege = true;
            $test_customer_ordering_window = true;
            $test_basket_item_exists = true;
            $initiate_synch_ledger = true;
            break;
        case 'producer_synch_ledger':
            // Used when checking_out
            $test_for_valid_product = true;
            $test_basket_item_exists = true;
            $test_for_producer_privilege = true;
            $test_producer_update_window = true;
            $initiate_synch_ledger = true;
            break;
        default:
            return 'Unexpected request ' . $action;
            break;
    }
    // Check if the product exists, regardless of $admin_override_not_set
    if ($test_for_valid_product) {
        $product_info = get_product($data['product_id'], $data['product_version'], $data['pvid']);
        if (!is_array($product_info)) {
            return 'Product not found in database';
        }
    }
    // Get  information about the basket for this member
    // This needs to be done before the availability check
    $basket_info = get_basket($data['member_id'], $data['delivery_id']);
    // See if we already have this basket_item
    if (is_array($basket_info)) {
        $basket_item_info = get_basket_item($basket_info['basket_id'], $data['product_id']);
    } else {
        return 'Basket does not exist';
    }
    // Check for basket item
    if ($test_basket_item_exists && !is_array($basket_item_info)) {
        return 'Basket item does not exist';
    }
    // Check if the basket is locked
    if ($basket_info['locked'] == 1) {
        return 'Basket is locked';
    }
    // Check if this producer is permitted and enabled to sell
    if ($test_for_producer_privilege && $admin_override_not_set) {
        $producer_info = get_producer($product_info['producer_id']);
        if ($producer_info['unlisted_producer'] > 0 || $producer_info['pending'] == 1) {
            return 'Producer is restricted from selling';
        }
    }
    // Check if the customer is allowed to purchase this product
    if ($test_for_customer_privilege && $admin_override_not_set) {
        $member_info = get_member($data['member_id']);
        $member_auth_type_array = explode(',', $member_info['auth_type']);
        // $product_info['listing_auth_type'] contains the *necessary* auth_type to buy this product
        // and $member_auth_type_array contains all the members' allowable auth_types
        // listing_auth_types archived and unlisted are not allowed for members, so can never be ordered
        if (!is_array($member_auth_type_array) || !in_array($product_info['listing_auth_type'], $member_auth_type_array)) {
            return 'Incorrect privilege to purchase requested product';
        }
    }
    // Check that the member is not pending or discontinued
    if ($test_for_membership_privilege && $admin_override_not_set) {
        if ($member_info['pending'] == 1 || $member_info['membership_discontinued'] == 1) {
            return 'Incorrect privilege to order';
        }
    }
    // Check if shopping is closed for this order
    if ($test_customer_ordering_window && $admin_override_not_set) {
        if (ActiveCycle::ordering_window() == 'closed') {
            return 'Customer ordering period is not in effect';
        }
    }
    // Check if the product can be delivered to this site_id
    if ($test_product_availability && $admin_override_not_set) {
        if ($producer_info['available_site_ids'] != '' && !in_array($basket_info['site_id'], explode(',', $producer_info['available_site_ids']))) {
            return 'Producer does not sell at this location';
        }
    }
    // Check if producer activity is taking place within the producer update window
    if ($test_producer_update_window && $producer_id_you && $admin_override_not_set) {
        if (ActiveCycle::producer_update_window() == 'closed') {
            return 'Producer update window is closed';
        }
    }
    // Create an empty basket item if one does not already exist
    if ($initiate_basket_item && !is_array($basket_item_info)) {
        $query = '
          INSERT INTO ' . NEW_TABLE_BASKET_ITEMS . '
            (
              /* bpid, */
              basket_id,
              product_id,
              product_version,
              quantity,
              total_weight,
              product_fee_percent,
              subcategory_fee_percent,
              producer_fee_percent,
              taxable,
              out_of_stock,
              future_delivery,
              future_delivery_type,
              date_added
            )
          SELECT
            ' . mysql_real_escape_string($basket_info['basket_id']) . ' AS basket_id,
            product_id,
            product_version,
            "0" AS quantity,
            "0" AS total_weight,
            product_fee_percent,
            subcategory_fee_percent,
            producer_fee_percent,
            taxable,
            "0" AS out_of_stock,
            future_delivery,
            future_delivery_type,
            NOW() AS date_added
          FROM ' . NEW_TABLE_PRODUCTS . '
          LEFT JOIN ' . TABLE_SUBCATEGORY . ' USING(subcategory_id)
          LEFT JOIN ' . TABLE_CATEGORY . ' USING(category_id)
          LEFT JOIN ' . TABLE_PRODUCER . ' USING(producer_id)
          WHERE
            product_id = "' . mysql_real_escape_string($product_info['product_id']) . '"
            AND product_version = "' . mysql_real_escape_string($product_info['product_version']) . '"';
        $result = mysql_query($query, $connection) or die(debug_print("ERROR: 748032 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        // Now get the basket information we just posted
        $basket_item_info = get_basket_item($basket_info['basket_id'], $data['product_id']);
    }
    // Update the quantity for this basket_item and adjust inventory accordingly
    if ($initiate_change_quantity) {
        $old_requested_quantity = $basket_item_info['quantity'];
        $old_out_of_stock = $basket_item_info['out_of_stock'];
        // The following code is built around adding/subtracting [quantity], so we will first adjust
        // the input to fit that method. If $data['quantity'] is like "+1" or "-2" then increment/decrement
        if (preg_match('/^([\\+\\-])(\\d+)$/', $data['quantity'], $matches)) {
            if ($matches[1] == '+') {
                $data['quantity'] = $matches[2];
            } elseif ($matches[1] == '-') {
                $data['quantity'] = 0 - $matches[2];
            } else {
                return 'Unexpected result 789830';
            }
        } elseif (preg_match('/^(\\d+)$/', $data['quantity'], $matches)) {
            $data['quantity'] = $matches[1] - $old_requested_quantity;
            // Amount to increase the basket by
        } else {
            return 'Unexpected result 785932';
        }
        // If this is an inventory-controlled item
        if ($product_info['inventory_id']) {
            $old_actual_quantity = $old_requested_quantity - $old_out_of_stock;
            // Note that available_inventory is the number of inventory_pull units available for this
            // particular product and might actually leave a few inventory items remaining.
            $available_inventory = floor($product_info['inventory_quantity'] / $product_info['inventory_pull']);
            $inventory_reduction = 0;
            // Just for sanity, make sure the old out_of_stock is not more than the old_requested_quantity
            if ($old_out_of_stock > $old_requested_quantity) {
                $old_out_of_stock = $old_requested_quantity;
            }
            // Add the request, no matter what (unless the quantity goes negative)
            $new_requested_quantity = $old_requested_quantity + $data['quantity'];
            // If we brought the requested quantity in the basket down to zero
            if ($new_requested_quantity <= 0) {
                // then set the new_requested_quantity to [all of it]
                $data['quantity'] = 0 - $old_requested_quantity;
                $new_requested_quantity = 0;
                // and set out_of_stock to zero (empty the basket completely)
                $new_out_of_stock = 0;
            } else {
                // We will begin by considering all of the new quantity as "out"
                $new_out_of_stock = $old_out_of_stock + $data['quantity'];
            }
            // At this point, the new_requested_quantity is correct, but we might
            // have set the new_out_of_stock incorrectly, so we will adjust that
            // according to the inventory available
            // Check if there is enough inventory to cover our entire out_of_stock request
            if ($available_inventory > $new_out_of_stock) {
                $inventory_reduction = $new_out_of_stock;
                $new_out_of_stock = 0;
            } else {
                $inventory_reduction = $available_inventory;
                // all of it
                $new_out_of_stock = $new_out_of_stock - $inventory_reduction;
            }
        } else {
            // If this somehow changed, then clear the out_of_stock setting
            $new_out_of_stock = 0;
            $inventory_reduction = 0;
            // Add the new requested quantity
            $new_requested_quantity = $old_requested_quantity + $data['quantity'];
            // And make sure it isn't less than zero
            if ($new_requested_quantity < 0) {
                $new_requested_quantity = 0;
            }
        }
        // Set these variables for use later
        $basket_item_info['quantity'] = $new_requested_quantity;
        $basket_item_info['out_of_stock'] = $new_out_of_stock;
        // Update the basket quantity and out_of_stock
        $query = '
          UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
          SET
            quantity = "' . mysql_real_escape_string($new_requested_quantity) . '",
            out_of_stock = "' . mysql_real_escape_string($new_out_of_stock) . '"
          WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
        $result = mysql_query($query, $connection) or die(debug_print("ERROR: 842075 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        // And update the inventory amount
        if ($inventory_reduction != 0) {
            // This does work with negative numbers for $new_requested_quantity
            $query = '
              UPDATE ' . TABLE_INVENTORY . '
              SET quantity = quantity + "' . mysql_real_escape_string($new_requested_quantity * $product_info['inventory_pull']) . '"
              WHERE inventory_id = "' . mysql_real_escape_string($product_info['inventory_id']) . '"';
            $result = mysql_query($query, $connection) or die(debug_print("ERROR: 902784 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        }
    } else {
        $new_requested_quantity = $basket_item_info['quantity'];
    }
    // Change the "out" setting on this item
    if ($initiate_change_outs) {
        // If $data['out_of_stock'] is like "+1" or "-2" then increment/decrement
        if (preg_match('/^([\\+\\-])(\\d+)$/', $data['out_of_stock'], $matches)) {
            // Increase out_of_stock :: decreases actual order quantity
            if ($matches[1] == '+') {
                $new_out_of_stock = $basket_item_info['out_of_stock'] + $matches[2];
            } elseif ($matches[1] == '-') {
                $new_out_of_stock = $basket_item_info['out_of_stock'] - $matches[2];
            } else {
                return 'Unexpected result 578932';
            }
        } elseif (preg_match('/^(\\d+)$/', $data['out_of_stock'], $matches)) {
            $new_out_of_stock = $matches[1];
        } else {
            return 'Unexpected result 874042';
        }
        // Make sure we have not outed more than the total quantity in the basket
        if ($new_out_of_stock > $basket_item_info['quantity']) {
            $new_out_of_stock = $basket_item_info['quantity'];
        }
        // Make sure we have not outed a negative number
        if ($new_out_of_stock < 0) {
            $new_out_of_stock = 0;
        }
        // Update the basket_item with the new quantities
        $query = '
          UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
          SET out_of_stock = "' . mysql_real_escape_string($new_out_of_stock) . '"
          WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
        $result = mysql_query($query, $connection) or die(debug_print("ERROR: 784303 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
    }
    // Set a basket_item message for this item
    if ($initiate_set_message_to_producer && $basket_item_info['bpid'] && is_array($data['messages'])) {
        foreach ($data['messages'] as $message_type => $message) {
            // If there is a message, then add the message or replace an existing one
            if (strlen($message) > 0) {
                // Use [0]:orphaned message in case the description is not found
                $query_post_message = '
                  REPLACE INTO ' . NEW_TABLE_MESSAGES . '
                  SET
                    message = "' . mysql_real_escape_string($message) . '",
                    message_type_id = 
                      COALESCE((
                        SELECT message_type_id
                        FROM ' . NEW_TABLE_MESSAGE_TYPES . '
                        WHERE key1_target = "basket_items.bpid"
                        AND description = "' . mysql_real_escape_string($message_type) . '"
                        LIMIT 1
                        )
                      ,0),
                    referenced_key1 = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
            } else {
                $query_post_message = '
                  DELETE FROM ' . NEW_TABLE_MESSAGES . '
                  WHERE
                    message_type_id = 
                      COALESCE((
                        SELECT message_type_id
                        FROM ' . NEW_TABLE_MESSAGE_TYPES . '
                        WHERE key1_target = "basket_items.bpid"
                        AND description = "' . mysql_real_escape_string($message_type) . '"
                        LIMIT 1
                        )
                      ,0)
                    AND referenced_key1 = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
            }
            $result_post_message = mysql_query($query_post_message, $connection) or die(debug_print("ERROR: 789021 ", array($query_post_message, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        }
    }
    // Clear any weight that might have been set for this item
    if ($initiate_clear_weight && $basket_item_info['random_weight']) {
        $total_weight = $data['weight'];
        $query = '
          UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
          SET total_weight = "' . mysql_real_escape_string($total_weight) . '"
          WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
        $result = mysql_query($query, $connection) or die(debug_print("ERROR: 890254 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
    }
    // Update the weight for this item
    if ($initiate_change_weight && $basket_item_info['random_weight']) {
        $total_weight = $data['weight'];
        if ($new_requested_quantity - $new_out_of_stock) {
            $average_weight = $data['weight'] / ($new_requested_quantity - $new_out_of_stock);
            //             // Check for weight in specified range (admins may override this check)
            //             if (($average_weight < $basket_item_info['minimum_weight'] ||
            //               $average_weight > $basket_item_info['maximum_weight']) &&
            //               $admin_override_not_set)
            //               {
            //                 return ('Random-weight item outside declared weight range');
            //               }
        } else {
            $average_weight = 0;
            $total_weight = 0;
        }
        $query = '
          UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
          SET total_weight = "' . mysql_real_escape_string($total_weight) . '"
          WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
        $result = mysql_query($query, $connection) or die(debug_print("ERROR: 520561 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
    }
    if ($initiate_synch_ledger == true) {
        // If the requested action is just to synch the ledger, then we need to preset these values:
        $new_out_of_stock = $basket_item_info['out_of_stock'];
        $new_requested_quantity = $basket_item_info['quantity'];
        $product_tax_basis = 0;
        $fee_tax_basis = 0;
        // And make sure the basket is also checked out
        $test_info = update_basket(array('action' => 'set_checkout', 'basket_id' => $basket_info['basket_id']));
        // Sync the checked_out field
        $basket_info['checked_out'] = $test_info['checked_out'];
        $query = '
          UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
          SET checked_out = "1"
          WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
        $result = mysql_query($query, $connection) or die(debug_print("ERROR: 893020 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        // Sync the checked_out field
        $basket_item_info['checked_out'] = "1";
    }
    // If the quantity has become zero (i.e. out_of_stock == requested_quantity) then we don't want to
    // charge people for random weight items -- even if a weight is entered -- so clobber the weight
    if ($new_out_of_stock == $new_requested_quantity) {
        // i.e. There are no items in stock... then multiply certain costs by zero
        $basket_item_info['total_weight'] = 0;
    }
    // At this point, all basket_item information has been set, so we need to consider
    // changes in the ledger. This is done for any/all changes, so not conditional
    // except for baskets that are not checked-out.
    if ($basket_info['checked_out'] != 0) {
        // If this product is configured with an extra_charge, then post it
        if ($product_info['extra_charge'] != 0) {
            $extra_charge = ($new_requested_quantity - $new_out_of_stock) * $product_info['extra_charge'];
            // Assumption is that extra_charges are passed through to the producer
            // Should they/could they be held by the co-op???
            $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'producer', 'target_key' => $product_info['producer_id'], 'amount' => $extra_charge, 'text_key' => 'extra charge', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
        }
        // If this product is configured with a regular cost, then post it
        if ($product_info['unit_price'] != 0) {
            if ($product_info['random_weight'] == 1) {
                $total_price = $product_info['unit_price'] * $basket_item_info['total_weight'];
                $text_key = 'weight cost';
            } elseif ($product_info['random_weight'] == 0) {
                $total_price = $product_info['unit_price'] * ($new_requested_quantity - $new_out_of_stock);
                $text_key = 'quantity cost';
            } else {
                return 'Unexpected result 579210';
            }
            // Start accumulating basis for taxation
            $product_tax_basis += $total_price;
            // Write the transaction to the ledger
            $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'producer', 'target_key' => $product_info['producer_id'], 'amount' => $total_price, 'text_key' => $text_key, 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
        }
        // If there is a product fee, post it
        if ($basket_item_info['product_fee_percent'] != 0 && PAYS_PRODUCT_FEE != 'nobody') {
            $product_adjust_amount = $basket_item_info['product_fee_percent'] * $total_price / 100;
            if (PAYS_PRODUCT_FEE == 'customer') {
                $source_type = 'member';
                $source_key = $data['member_id'];
                // Accumulate basis for taxation
                $fee_tax_basis += $product_adjust_amount;
            } elseif (PAYS_PRODUCT_FEE == 'producer') {
                $source_type = 'producer';
                $source_key = $product_info['producer_id'];
            } else {
                return 'No designated payee for product fee';
            }
            // Post product fee to the ledger for each product
            $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => $source_type, 'source_key' => $source_key, 'target_type' => 'internal', 'target_key' => 'product_fee', 'amount' => $product_adjust_amount, 'text_key' => 'product fee', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
        }
        // If there is a subcategory fee, post it
        if ($basket_item_info['subcategory_fee_percent'] != 0 && PAYS_SUBCATEGORY_FEE != 'nobody') {
            $subcategory_adjust_amount = $basket_item_info['subcategory_fee_percent'] * $total_price / 100;
            if (PAYS_SUBCATEGORY_FEE == 'customer') {
                $source_type = 'member';
                $source_key = $data['member_id'];
                // Accumulate basis for taxation
                $fee_tax_basis += $subcategory_adjust_amount;
            } elseif (PAYS_SUBCATEGORY_FEE == 'producer') {
                $source_type = 'producer';
                $source_key = $product_info['producer_id'];
            } else {
                return 'No designated payee for subcategory fee';
            }
            // Post subcategory fee to the ledger for each product
            $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => $source_type, 'source_key' => $source_key, 'target_type' => 'internal', 'target_key' => 'subcategory_fee', 'amount' => $subcategory_adjust_amount, 'text_key' => 'subcategory fee', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
        }
        // If there is a producer fee, post it
        if ($basket_item_info['producer_fee_percent'] != 0 && PAYS_PRODUCER_FEE != 'nobody') {
            $producer_adjust_amount = $basket_item_info['producer_fee_percent'] * $total_price / 100;
            if (PAYS_PRODUCER_FEE == 'customer') {
                $source_type = 'member';
                $source_key = $data['member_id'];
                // Accumulate basis for taxation
                $fee_tax_basis += $producer_adjust_amount;
            } elseif (PAYS_PRODUCER_FEE == 'producer') {
                $source_type = 'producer';
                $source_key = $product_info['producer_id'];
            } else {
                return 'No designated payee for producer fee';
            }
            // Post producer fee to the ledger for each product
            $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => $source_type, 'source_key' => $source_key, 'target_type' => 'internal', 'target_key' => 'producer_fee', 'amount' => $producer_adjust_amount, 'text_key' => 'producer fee', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
        }
        // If there is a customer fee, post it
        if ($basket_info['customer_fee_percent'] != 0 && PAYS_CUSTOMER_FEE != 'nobody') {
            $customer_adjust_amount = $basket_info['customer_fee_percent'] * $total_price / 100;
            if (PAYS_CUSTOMER_FEE == 'customer') {
                $source_type = 'member';
                $source_key = $data['member_id'];
                // Accumulate basis for taxation
                $fee_tax_basis += $customer_adjust_amount;
            } elseif (PAYS_CUSTOMER_FEE == 'producer') {
                $source_type = 'producer';
                $source_key = $product_info['producer_id'];
            } else {
                return 'No designated payee for customer fee';
            }
            // Post customer fee to the ledger for each product
            $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => $source_type, 'source_key' => $source_key, 'target_type' => 'internal', 'target_key' => 'customer_fee', 'amount' => $customer_adjust_amount, 'text_key' => 'customer fee', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
        }
        // If this is a taxable item, then collect all the requisite taxes
        if ($basket_item_info['taxable'] == 1 || COOP_FEE_IS_TAXED == 'always') {
            // Get the tax information...
            $query = '
              SELECT
                tax_id,
                region_code,
                region_type,
                tax_percent
              FROM ' . NEW_TABLE_TAX_RATES . '
              WHERE
                postal_code = "' . mysql_real_escape_string($basket_info['delivery_postal_code']) . '"
                AND order_id_start <= "' . mysql_real_escape_string($data['delivery_id']) . '"
                AND (
                  order_id_stop >= "' . mysql_real_escape_string($data['delivery_id']) . '"
                  OR order_id_stop = "0"
                  )';
            $result = mysql_query($query, $connection) or die(debug_print("ERROR: 890236 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
            while ($row = mysql_fetch_array($result)) {
                $text_key = $row['region_type'] . ' tax';
                // e.g. 'county tax'
                // Just tax the item and not the fees
                if (COOP_FEE_IS_TAXED == 'never') {
                    $tax_amount = $row['tax_percent'] * $product_tax_basis / 100;
                } elseif (COOP_FEE_IS_TAXED == 'on taxable items' || COOP_FEE_IS_TAXED == 'always' && $basket_item_info['taxable'] == 1) {
                    $tax_amount = $row['tax_percent'] * ($product_tax_basis + $fee_tax_basis) / 100;
                } elseif (COOP_FEE_IS_TAXED == 'always' && $basket_item_info['taxable'] == 0) {
                    $tax_amount = $row['tax_percent'] * $fee_tax_basis / 100;
                }
                $ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'tax', 'target_key' => $row['tax_id'], 'amount' => $tax_amount, 'text_key' => $text_key, 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
            }
        }
    }
    return $basket_item_info;
}
Exemple #15
0
 public static function clear_member_info()
 {
     self::get_member_info();
     self::$pending = false;
     self::$username = false;
     self::$auth_type = false;
     self::$business_name = false;
     self::$first_name = false;
     self::$last_name = false;
     self::$first_name_2 = false;
     self::$last_name_2 = false;
     self::$query_complete = false;
 }
/// [show_parts: null]       Default condition will output the selected      ///
///                          category list with headers and footers          ///
///                                                                          ///
/// &depth=#                 Will truncate display to this many levels       ///
///                                                                          ///
/// &offset=#                Subtract this number to get the proper level    ///
///                          category for css markup                         ///
///                                                                          ///
////////////////////////////////////////////////////////////////////////////////
//Configure dividers for between the category text and the number of items
$classA_divider = ' ';
$classB_divider = '&nbsp;&mdash; ';
$classC_divider = '&nbsp;&mdash; ';
// Set up the "listing_auth_type" field condition based on whether the member is an "institution" or not
// Only institutions are allowed to see listing_auth_type=3 (wholesale products)
if (CurrentMember::auth_type('institution') && $seconds_until_close < INSTITUTION_WINDOW) {
    $where_auth_type = '
                AND (
                  ' . NEW_TABLE_PRODUCTS . '.listing_auth_type = "member"
                  OR ' . NEW_TABLE_PRODUCTS . '.listing_auth_type = "institution")';
} else {
    $where_auth_type = '
                AND ' . NEW_TABLE_PRODUCTS . '.listing_auth_type = "member"';
}
// Normally, do not show producers that are pending (1) or suspended (2)
$where_producer_pending = '
                AND ' . TABLE_PRODUCER . '.pending = 0';
// Only show for listed producers -- not unlisted (1) or suspended (2)
$where_unlisted_producer = '
                AND unlisted_producer = "0"';
// Set the default subquery_confirmed to look only at confirmed products
                ' . NEW_TABLE_SITES . $query_values;
        } else {
            $query = '
              UPDATE
                ' . NEW_TABLE_SITES . '
                ' . $query_values . '
              WHERE
                site_id = "' . mysql_real_escape_string($_POST['site_id']) . '"';
        }
        $result = @mysql_query($query, $connection) or die(mysql_error() . "<br><b>Error No: </b>" . mysql_errno());
        $message = ': <font color="#FFFFFF">Delivery Information Updated</font>';
    } else {
        $message = ': <font color="#FFFFFF">You can only update the route you manage</font>';
    }
} elseif ($_POST['action'] == "Save changes to this route") {
    if ($_SESSION['member_id'] == $_POST['rtemgr_member_id'] || CurrentMember::auth_type('site_admin')) {
        $query_values = '
              SET
                route_name = "' . mysql_real_escape_string($_POST['route_name']) . '",
                rtemgr_member_id = "' . mysql_real_escape_string($_POST['rtemgr_member_id']) . '",
                rtemgr_namecd = "' . mysql_real_escape_string($_POST['rtemgr_namecd']) . '",
                route_desc = "' . mysql_real_escape_string($_POST['route_desc']) . '",
                hub_id = "' . mysql_real_escape_string($_POST['hub_id']) . '"';
        if ($_POST['route_id'] == 'new') {
            $query = '
              INSERT INTO
                ' . TABLE_ROUTE . $query_values;
        } else {
            $query = '
              UPDATE
                ' . TABLE_ROUTE . $query_values . '
<?php

include_once 'config_openfood.php';
session_start();
valid_auth('producer,producer_admin');
$date_today = date("F j, Y");
// Check if auth_type = producer_admin and there is a producer_id provided
if (CurrentMember::auth_type('producer_admin') && $_GET['producer_id']) {
    // Keep the same producer_id value
    $producer_id = $_GET['producer_id'];
} elseif ($_SESSION['producer_id_you']) {
    $producer_id = $_SESSION['producer_id_you'];
}
if ($_SESSION['producer_id_you'] != $producer_id) {
    $fulllist_link = '<b> - <a href="edit_info_list.php#p_' . $producer_id . '">Return to List</a></b>';
}
if ($_REQUEST['producer_submit']) {
    $sql = '
      UPDATE
        ' . TABLE_PRODUCER . '
      SET
        producttypes = "' . mysql_real_escape_string($_REQUEST['producttypes']) . '",
        about = "' . mysql_real_escape_string(nl2br2($_REQUEST['about'])) . '",
        general_practices = "' . mysql_real_escape_string(nl2br2($_REQUEST['practices'])) . '",
        ingredients = "' . mysql_real_escape_string(nl2br2($_REQUEST['ingredients'])) . '",
        additional = "' . mysql_real_escape_string(nl2br2($_REQUEST['additional'])) . '",
        highlights = "' . mysql_real_escape_string(nl2br2($_REQUEST['highlights'])) . '"
      WHERE
        producer_id = "' . mysql_real_escape_string($producer_id) . '"';
    $result = mysql_query($sql, $connection) or die(mysql_error() . "<br><b>Error No: </b>" . mysql_errno());
    $message = "<font color=#3333FF><b>Your information has been updated</b></font><br>";
<?php

valid_auth('member');
$view = 'adjusted';
if ($_GET['view'] == 'original') {
    $view = 'original';
} elseif ($_GET['view'] == 'editable' && CurrentMember::auth_type('cashier') && $member_id != $_SESSION['member_id']) {
    $view = 'editable';
}
if ($view == 'original') {
    $view_original = '
    AND ' . NEW_TABLE_LEDGER . '.transaction_group_id = ""
    OR ( ' . NEW_TABLE_LEDGER . '.replaced_by IS NOT NULL
      AND ' . NEW_TABLE_LEDGER . '.replaced_datetime <= delivery_date )';
} else {
    $view_original = '';
}
// Do not paginate invoices under any circumstances (web pages)
$per_page = 1000000;
// Assign page tab and title information
$page_title_html = '<span class="title">Basket</span>';
$page_subtitle_html = '<span class="subtitle">Basket Items</span>';
$page_title = 'Basket: Basket Items';
$page_tab = 'shopping_panel';
// Set display groupings
$major_product = 'producer_id';
$major_product_prior = $major_product . '_prior';
$minor_product = 'product_id';
$minor_product_prior = $minor_product . '_prior';
$show_major_product = true;
$show_minor_product = true;
  </form>';
$display .= '
          <li class="last_of_group">' . $search_display . '</li>';
if (CurrentMember::auth_type('unfi')) {
    $display .= '
          <!-- <li><a href="product_list.php?type=unfi">All products (UNFI)</a></li> -->';
}
$display .= '
          <li>                        <a href=category_list2.php>                     Browse by category</a></li>
          <li>                        <a href="prdcr_list.php">                       Browse by producer</a></li>
          <li class="last_of_group">  <a href="product_list.php?type=prior_baskets">  Previously ordered products</a></li>
          <li>                        <a href="product_list.php?type=by_id">          All products by number</a></li>
          <li class="last_of_group">  <a href="product_list.php?type=full">           All products by category</a></li>
          <li>                        <a href="product_list.php?type=organic">        Organic products</a></li>
          <li>                        <a href="product_list.php?type=new">            New products</a></li>
          <li>                        <a href="product_list.php?type=changed">        Changed products</a></li>' . (CurrentMember::auth_type('institution') ? '
          <li>                        <a href="product_list.php?type=wholesale">      Wholesale products</a></li>' : '') . '
        </ul>
      </td>
    </tr>
  </table>';
$page_specific_javascript .= '';
$page_specific_css .= '
<link rel="stylesheet" type="text/css" href="delivery_dropdown.css">
<link rel="stylesheet" type="text/css" href="basket_dropdown.css">
<style type="text/css">
.content_top {
  margin-bottom:45px;
  width:300px;
  }
#basket_dropdown {
<?php

include_once 'config_openfood.php';
session_start();
valid_auth('site_admin,cashier,member');
if (isset($_GET['member_id']) && is_numeric($_GET['member_id'])) {
    // If not authorized then force to member's own member_id
    if (!CurrentMember::auth_type('cashier') && !CurrentMember::auth_type('site_admin')) {
        $member_id = $_SESSION['member_id'];
    } else {
        $member_id = $_GET['member_id'];
    }
    $query_where = '
      WHERE ' . NEW_TABLE_BASKETS . '.member_id = "' . mysql_real_escape_string($member_id) . '"';
    $query_member_name = '
      SELECT
        preferred_name
      FROM
        ' . TABLE_MEMBER . '
      WHERE
        member_id = "' . mysql_real_escape_string($member_id) . '"';
    $result_member_name = @mysql_query($query_member_name, $connection) or die("Couldn't execute query.");
    if ($row = mysql_fetch_array($result_member_name)) {
        $preferred_name = $row['preferred_name'];
    }
} else {
    $member_id = 0;
}
$content = '
<table width="80%">
  <tr>
function get_delivery_codes_list($request_data)
{
    global $connection;
    // See if it is okay to open a basket...
    if (ActiveCycle::delivery_id() && (ActiveCycle::ordering_window() == 'open' || CurrentMember::auth_type('orderex'))) {
        // If requested to open-basket...
        if ($request_data['action'] == 'open_basket') {
            if ($request_data['site_id'] && $request_data['delivery_type']) {
                $site_id = $request_data['site_id'];
                $delivery_type = $request_data['delivery_type'];
                // First try an assigned delivery_id... then use the current active one
                $delivery_id = $request_data['delivery_id'];
                if (!$delivery_id) {
                    $delivery_id = ActiveCycle::delivery_id();
                }
                // First try an assigned member_id... then use the current session one
                $member_id = $request_data['member_id'];
                if (!$member_id) {
                    $member_id = $_SESSION['member_id'];
                }
                // Update the basket
                $basket_info = open_update_basket(array('member_id' => $member_id, 'delivery_id' => $delivery_id, 'site_id' => $site_id, 'delivery_type' => $delivery_type));
            }
        } else {
            $basket_info = get_basket($request_data['member_id'], $request_data['delivery_id']);
        }
        //         // Ordering is open and there is no basket open yet
        //         // Get this member's most recent delivery location
        //         $query = '
        //           SELECT
        //             '.NEW_TABLE_SITES.'.site_id,
        //             '.NEW_TABLE_SITES.'.deltype
        //           FROM
        //             '.NEW_TABLE_BASKETS.'
        //           LEFT JOIN
        //             '.NEW_TABLE_SITES.' USING(site_id)
        //           WHERE
        //             '.NEW_TABLE_BASKETS.'.member_id = "'.mysql_real_escape_string($_SESSION['member_id']).'"
        //             AND '.NEW_TABLE_SITES.'.inactive = "0"
        //           ORDER BY
        //             delivery_id DESC
        //           LIMIT
        //             1';
        //           $result = mysql_query ($query, $connection) or die(debug_print ("ERROR: 548167 ", array ($query,mysql_error()), basename(__FILE__).' LINE '.__LINE__));
        //           if ($row = mysql_fetch_array ($result))
        //             {
        //               $site_id_prior = $row['site_id'];
        //               $deltype_prior = $row['deltype'];
        //             }
        // Constrain this shopper's baskets to the site_type they are enabled to use
        $site_type_constraint = '';
        if (CurrentMember::auth_type('member')) {
            $site_type_constraint .= '
              ' . (strlen($site_type_constraint) > 0 ? 'OR ' : '') . 'site_type LIKE "%customer%"';
        }
        if (CurrentMember::auth_type('institution')) {
            $site_type_constraint .= '
              ' . (strlen($site_type_constraint) > 0 ? 'OR ' : '') . 'site_type LIKE "%institution%"';
        }
        $site_type_constraint = '
            AND (' . $site_type_constraint . '
              )';
        // Now get the list of all available delivery codes and flag the one
        // that corresponds to this member's prior order
        $query = '
          SELECT
            ' . NEW_TABLE_SITES . '.site_id,
            ' . NEW_TABLE_SITES . '.site_short,
            ' . NEW_TABLE_SITES . '.site_long,
            ' . NEW_TABLE_SITES . '.delivery_type,
            ' . NEW_TABLE_SITES . '.site_description,
            ' . NEW_TABLE_SITES . '.delivery_charge,
            ' . NEW_TABLE_SITES . '.inactive,
            ' . TABLE_MEMBER . '.address_line1,
            ' . TABLE_MEMBER . '.work_address_line1
          FROM
            (' . NEW_TABLE_SITES . ',
            ' . TABLE_MEMBER . ')
          WHERE
            ' . NEW_TABLE_SITES . '.inactive != "1"
            AND ' . TABLE_MEMBER . '.member_id = "' . mysql_real_escape_string($_SESSION['member_id']) . '"' . $site_type_constraint . '
          ORDER BY
            site_long';
        $result = mysql_query($query, $connection) or die(debug_print("ERROR: 671934 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        $site_id_array = array();
        $delivery_type_array = array();
        $display .= '
            <div id="delivery_dropdown" class="dropdown">
              <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=delivery_list_only"><h1 class="delivery_select">' . ($basket_info['site_id'] ? 'Selected: ' . $basket_info['site_long'] : 'Select Location') . '
              </h1></a>
              <div id="delivery_select">
                <ul class="delivery_select">';
        while ($row = mysql_fetch_array($result)) {
            // Simplify variables
            $site_id = $row['site_id'];
            $site_long = $row['site_long'];
            $delivery_type = $row['delivery_type'];
            $site_description = $row['site_description'];
            $delivery_charge = $row['delivery_charge'];
            $inactive = $row['inactive'];
            $address = $row['address_line1'];
            $work_address = $row['work_address_line1'];
            // Set up some text for the $delivery type (delivery or pickup)
            if ($delivery_type == 'P') {
                $delivery_type_text = 'Pick up your order here';
                $delivery_type_class = 'delivery_type-p';
            } elseif ($delivery_type == 'D') {
                $delivery_type_text_h = 'HOME delivery';
                $delivery_type_text_w = 'WORK delivery';
                if ($delivery_charge) {
                    $delivery_type_text_h .= ' ($' . number_format($delivery_charge, 2) . ' charge)';
                    $delivery_type_text_w .= ' ($' . number_format($delivery_charge, 2) . ' charge)';
                }
                $delivery_type_class = 'delivery_type-d';
            } else {
                $delivery_type_text = '';
                $delivery_type_class = '';
            }
            // Process the inactive options
            if ($inactive == 0) {
                $show_site = true;
                $active_class = ' active';
                $select_link_href = $_SERVER['SCRIPT_NAME'] . '?action=open_basket&amp;site_id=' . $site_id . '&amp;delivery_type=P';
                $select_link_h_href = $_SERVER['SCRIPT_NAME'] . '?action=open_basket&amp;site_id=' . $site_id . '&amp;delivery_type=H';
                $select_link_w_href = $_SERVER['SCRIPT_NAME'] . '?action=open_basket&amp;site_id=' . $site_id . '&amp;delivery_type=W';
                $delivery_type_class .= 'a';
                // color
            } elseif ($inactive == 2) {
                $show_site = true;
                $active_class = ' inactive';
                $select_link_href = '';
                $select_link_h_href = '';
                $select_link_w_href = '';
                $delivery_type_class .= 'i';
                // color
                $delivery_type_text = '(Not available for pick up this cycle)';
                // clobber the delivery type text
                $delivery_type_text_h = '(Not available for home delivery this cycle)';
                // clobber the delivery type text
                $delivery_type_text_w = '(Not available for work delivery this cycle)';
                // clobber the delivery type text
            } else {
                $show_site = false;
                $active_class = ' suspended';
                $select_link_href = '';
                $select_link_h_href = '';
                $select_link_w_href = '';
                $delivery_type_class .= 'i';
                // color
                $delivery_type_text = '(Not available for pick up this cycle)';
                // clobber the delivery type text
                $delivery_type_text_h = '(Not available for home delivery this cycle)';
                // clobber the delivery type text
                $delivery_type_text_w = '(Not available for work delivery this cycle)';
                // clobber the delivery type text
            }
            // Process current selection
            if ($site_id == CurrentBasket::site_id()) {
                $selected = true;
                $select_class = ' select';
                $delivery_type_class .= 'c';
                // color
            } else {
                $selected = 'false';
                $select_class = '';
                $delivery_type_class .= 'g';
                // greyscale
            }
            if ($show_site == true) {
                if ($delivery_type == 'P') {
                    $display .= '
                  <li class="' . $delivery_type_class . $active_class . $select_class . '" ' . ($select_link_href != '' ? 'onclick="javascript:location.href=\'' . $select_link_href : '') . '\';parent.close_delivery_selector();">
                      <span class="site_long">' . $site_long . '</span>
                      <span class="site_action">' . $delivery_type_text . '</span>
                      <span class="site_description">' . br2nl($site_description) . '</span>
                  </li>';
                }
                // For delivery_type = delivery, we will give an option for "home"
                if ($delivery_type == 'D' && $address) {
                    if ($basket_info['delivery_type'] != 'H') {
                        $select_class = '';
                    }
                    $display .= '
                  <li class="' . $delivery_type_class . $active_class . $select_class . '" ' . ($select_link_h_href != '' ? 'onclick="javascript:location.href=\'' . $select_link_h_href : '') . '\';parent.close_delivery_selector();">
                      <span class="site_long">' . $site_long . '</span>
                      <span class="site_action">' . $delivery_type_text_h . '</span>
                      <span class="site_description"><strong>To home address:</strong> ' . $address . '<br>' . br2nl($site_description) . '</span>
                  </li>';
                }
                // For delivery_type = delivery, we will also give an option for "work"
                if ($delivery_type == 'D' && $work_address) {
                    if ($basket_info['delivery_type'] != 'W') {
                        $select_class = '';
                    }
                    $display .= '
                  <li class="' . $delivery_type_class . $active_class . $select_class . '" ' . ($select_link_w_href != '' ? 'onclick="javascript:location.href=\'' . $select_link_w_href : '') . '\';parent.close_delivery_selector();">
                      <span class="site_long">' . $site_long . '</span>
                      <span class="site_action">' . $delivery_type_text_w . '</span>
                      <span class="site_description"><strong>To work address:</strong> ' . $work_address . '<br>' . br2nl($site_description) . '</span>
                  </li>';
                }
            }
        }
        $display .= '
                </ul>
              </div>
            </div>';
    }
    return $display;
}
<?php

include_once 'config_openfood.php';
session_start();
// First ensure we have authority to execute member updates
if (!CurrentMember::auth_type('site_admin,member_admin')) {
    echo 'Unauthorizied access';
    exit(0);
}
////////////////////////////////////////////////////////////////////////////////
///                                                                          ///
///     AJAX BACKEND FOR UPDATING A SINGLE VALUE IN THE MEMBER TABLE         ///
///                                                                          ///
////////////////////////////////////////////////////////////////////////////////
// Get the arguments passed in the query_data variable
list($member_id, $field_name, $new_value) = explode(':', $_POST['query_data']);
// Get an array of all member columns
$query = '
  SHOW COLUMNS FROM
    ' . TABLE_MEMBER;
$result = mysql_query($query) or die("Error: " . mysql_error());
$member_columns_array = array();
while ($row = mysql_fetch_object($result)) {
    array_push($member_columns_array, $row->Field);
    // Get an array of all available auth_types
    if ($row->Field == 'auth_type') {
        // $row->Type will give something like this:
        // set('member','producer','route_admin','cashier','member_admin','site_admin')
        // so substr ($row->Type, 5, 2) removes the first five and last two characters
        // leaving the split to operate on the intermediate ',' strings.
        $auth_types_array = array();
Exemple #24
0
<?php

include_once 'config_openfood.php';
session_start();
// valid_auth('member');
// In the case of site-admin auth_types, allow resetting the MOTD views in the database
if (CurrentMember::auth_type('site_admin')) {
    if ($_GET['action'] == 'reset_motd') {
        $query = '
          DELETE FROM ' . NEW_TABLE_STATUS . '
          WHERE
            status_scope = "motd_viewed"
            AND status_value = "popup"';
        $result = @mysql_query($query, $connection) or die(debug_print("ERROR: 786340 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
        // We would send the return value and exit here, but we still need to get
        // the current number of views to send back, so do the next query first...
    }
    $query = '
      SELECT
        COUNT(status_key) AS total_views,
        MIN(timestamp) AS oldest_view
      FROM ' . NEW_TABLE_STATUS . '
      WHERE
        status_scope = "motd_viewed"
        AND status_value = "popup"';
    $result = @mysql_query($query, $connection) or die(debug_print("ERROR: 578230 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
    if ($row = mysql_fetch_object($result)) {
        $total_views = $row->total_views;
        $oldest_view = $row->oldest_view;
    }
    $views_text = 'Viewed by ' . $total_views . ' ' . Inflect::pluralize_if($total_views, 'member') . (isset($oldest_view) ? ' since<br />' . $oldest_view : '') . '.';
Exemple #25
0
// No zero-inventory exclusion for producers' own products
$where_zero_inventory = '';
// This is the producer's own listing, so no restriction on producers
$where_producer_pending = '
    1';
// For producer product list, show both the wholesale and retail prices... unless it is a wholesale-only product
$display_wholesale_price_true = 1;
// Force display
$display_retail_price_true = 1;
// Force display
// Listing all versions of a product, which includes the un-confirmed ones
$where_confirmed = '';
// Showing all versions, so no restrict by listing_auth_type_condition
$where_auth_type = '';
// Producer admin is allowed to see the versions for anyone...
if (CurrentMember::auth_type('producer_admin')) {
    $where_misc = '
    AND ' . NEW_TABLE_PRODUCTS . '.product_id = "' . mysql_real_escape_string($_GET['product_id']) . '"';
} else {
    $where_misc = '
    AND ' . NEW_TABLE_PRODUCTS . '.producer_id = "' . mysql_real_escape_string($producer_id_you) . '"
    AND ' . NEW_TABLE_PRODUCTS . '.product_id = "' . mysql_real_escape_string($_GET['product_id']) . '"';
}
$order_by = '
    ' . TABLE_CATEGORY . '.sort_order ASC,
    ' . TABLE_SUBCATEGORY . '.subcategory_name ASC,
    ' . NEW_TABLE_PRODUCTS . '.product_version DESC';
// Assign page tab and title information
$page_title_html = '<span class="title">Products</span>';
$page_subtitle_html = '<span class="subtitle">Listed by Category</span>';
$page_title = 'Products: Listed by Category';
      LEFT JOIN ' . NEW_TABLE_BASKETS . ' USING(basket_id)
      LEFT JOIN ' . NEW_TABLE_PRODUCTS . ' USING(product_id,product_version)
      WHERE
        ' . NEW_TABLE_BASKETS . '.member_id = "' . mysql_real_escape_string($member_id) . '"
        AND ' . NEW_TABLE_BASKETS . '.basket_id = "' . mysql_real_escape_string($basket_id) . '"
        AND ' . NEW_TABLE_BASKET_ITEMS . '.out_of_stock != ' . NEW_TABLE_BASKET_ITEMS . '.quantity
        AND ' . NEW_TABLE_PRODUCTS . '.random_weight != "0"
        AND ' . NEW_TABLE_BASKET_ITEMS . '.total_weight = "0"
      ORDER BY producer_id ASC';
    $resultprp = @mysql_query($sqlp, $connection) or die(debug_print("ERROR: 785033 ", array($sqlp, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
    $num = mysql_numrows($resultprp);
    while ($row = mysql_fetch_array($resultprp)) {
        $display .= '<a href="product_list.php?&amp;type=producer_byproduct&amp;producer_id=' . $row['producer_id'] . '&amp;delivery_id=' . $delivery_id . '">Weight needed: #' . $row['product_id'] . '</a><br>';
    }
    $display .= '</td>
      <td class="member_links">' . (CurrentMember::auth_type('member_admin') == true ? '<a class="popup" onclick="popup_src(\'edit_member.php?action=edit&member_id=' . $member_id . '&display_as=popup\', \'edit_producer\', \'\')">Edit</a>' : '') . (CurrentMember::auth_type('member_admin') == true && CurrentMember::auth_type('cashier') == true ? ' | ' : '') . (CurrentMember::auth_type('cashier') == true ? '<a class="popup" onclick="popup_src(\'member_information.php?member_id=' . $member_id . '&display_as=popup\', \'edit_member\', \'\')">View</a>' : '') . '
      </td>
      <td class="order_links" valign="top"><a href="product_list.php?type=basket&amp;delivery_id=' . $delivery_id . '&amp;member_id=' . $member_id . '&amp;basket_id=' . $basket_id . '">Basket</a>&nbsp;|&nbsp;<a href="show_report.php?type=customer_invoice&amp;delivery_id=' . $delivery_id . '&amp;member_id=' . $member_id . '">Invoice</a></td>
    </tr>';
    $member_id_list .= '#' . $member_id;
}
$content_list = '
  <div align="center">
  <div id="delivery_id_nav">
    <a class="prior" href="' . $_SERVER['SCRIPT_NAME'] . '?delivery_id=' . ($delivery_id - 1) . '">&larr; PRIOR CYCLE </a>
    <a class="next" href="' . $_SERVER['SCRIPT_NAME'] . '?delivery_id=' . ($delivery_id + 1) . '"> NEXT CYCLE &rarr;</a>
  </div>
<table width="100%">
  <tr>
    <td align="left">
      <h3>Customer Orders: ' . date('F j, Y', strtotime($delivery_date)) . ' (' . $num_orders . ' Orders)</h3>
Exemple #27
0
                <td align="left" valign=top colspan=2>' . nl2br($site_description) . '<br><br></td>
              </tr>';
        $display_charge = '';
        $route_id_prev = $route_id;
    }
    $display .= '
              <tr>
                <td><br></td>
              </tr>';
}
$display_block = '
<table bgcolor="#ffffff" cellspacing="0" cellpadding="2" border="0" width="90%">
  <tr>
    <td colspan="3">
      Note: If you don&rsquo;t see your town listed here, please contact <a href="mailto:' . GENERAL_EMAIL . '">' . GENERAL_EMAIL . '</a>.
      We are adding new routes all the time and if there is interest in a particular location, we may be able to add it.' . (CurrentMember::auth_type('institution') ? ' Sites are marked &lowast; for institution/wholesale deliveries and &bull; for retail deliveries.' : '') . '
    </td>
  </tr>
  <tr>
    <td colspan="3">
      Quick Links:
      <ul>
        ' . $quicklinks . '
      </ul>
    </td>
  </tr>
    ' . $display . '
</table>
';
$page_title_html = '<span class="title">' . SITE_NAME . '</span>';
$page_subtitle_html = '<span class="subtitle">Pickup and Delivery Locations</span>';
<?php

include_once 'config_openfood.php';
session_start();
valid_auth('site_admin,member_admin');
// Disable this line to allow member access to their own information
include_once 'func.check_membership.php';
// Restrict view to member_admin and cashier except for a person's own information
if (CurrentMember::auth_type('member_admin,cashier') && isset($_GET['member_id'])) {
    $member_id = $_GET['member_id'];
} else {
    $member_id = $_SESSION['member_id'];
}
// Process any updates
// --- NONE ---
// Do queries and create content
$query_member_info = '
  SELECT
    *
  FROM ' . TABLE_MEMBER . '
  LEFT JOIN ' . TABLE_MEMBERSHIP_TYPES . ' USING (membership_type_id)
  WHERE
    member_id = "' . mysql_real_escape_string($member_id) . '"';
$result_member_info = @mysql_query($query_member_info, $connection) or die(debug_print("ERROR: 785033 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
$member_data_found = false;
if ($row_member_info = mysql_fetch_array($result_member_info)) {
    $member_data_found = true;
}
$renewal_info = check_membership_renewal(get_membership_info($member_id));
$member_content = '
  <div id="member_info_main">
Exemple #29
0
<?php

include_once 'config_openfood.php';
session_start();
valid_auth('route_admin,producer,producer_admin');
$type = $_GET['type'];
$delivery_id = $_GET['delivery_id'];
$checkbox = '<img src="' . DIR_GRAPHICS . 'checkbox.gif" style="height:1em;vertical-align:text-top;">';
// Check how to restrict the results...
if (isset($_GET['producer_id'])) {
    // Producers and Route Admins get the specified list, if requested.
    $and_producer_id = '
      AND ' . NEW_TABLE_PRODUCTS . '.producer_id = "' . mysql_real_escape_string($_GET['producer_id']) . '"';
    // Use only ONE checkbox on these listings
    $checkbox = ' <img src="' . DIR_GRAPHICS . 'checkbox.gif" style="height:1em;vertical-align:text-top;">  ';
} elseif (CurrentMember::auth_type('route_admin')) {
    $and_producer_id = '';
} else {
    $and_producer_id = '
      AND ' . NEW_TABLE_PRODUCTS . '.producer_id = ""';
}
if ($type == 'pickup') {
    $output .= '
              <h1>Producer Pick-up List</h1>
              <pre>';
    $query = '
      SELECT
        ' . TABLE_PRODUCT_STORAGE_TYPES . '.storage_code,
        ' . NEW_TABLE_BASKET_ITEMS . '.product_id,
        ' . NEW_TABLE_PRODUCTS . '.product_name,
        ' . NEW_TABLE_SITES . '.*,
Exemple #30
0
//     [provide redirect]
//   }
// else
//   {
//     [provide site message(s)]
//     [provide order cycle information]
//   }
// If being asked to logout, then do that first
if ($_REQUEST['action'] == 'logout') {
    session_destroy();
    unset($_SESSION);
    if (WORDPRESS_ENABLED == true) {
        require 'wordpress_utilities.php';
        wordpress_logout();
    }
    CurrentMember::clear_member_info();
    $page_title_html = '<span class="title">' . SITE_NAME . '</span>';
    $page_subtitle_html = '<span class="subtitle">Logout</span>';
    $page_title = 'Logout';
    $page_tab = 'login';
}
// Check if the member is not already logged in
if ($_REQUEST['action'] == 'login' && !$_SESSION['member_id']) {
    // Check if we already have a posted username/password combination
    if ($_POST['username'] && $_POST['password']) {
        $query_login = '
          SELECT
            member_id,
            username,
            pending,
            membership_discontinued