}
/** we didn't have a post? maybe we need to show the form... */
if (isset($_GET['op_add'])) {
$ACTION = OP_ADD;
} elseif (isset($_GET['op_edit'])) {
$ACTION = OP_EDIT;
$req_id = $_GET['op_edit'];
}
if ($ACTION) {
$SHOWFORM = true;
}
/** either show an adding/editing form **************************************************/
if ($SHOWFORM) {
$c = CSHOP_CLASSES_PRODUCT;
$pc = new $c($pdb);
$fex = new formex();
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->field_prefix = '';
$fex->add_element($sm->colmap_zones);
// all those things in $colmap are in the form now
$fex->add_element('op', array($ACTION, 'submit'));
// the button
$country_opts = formex::get_country_opts(true);
$fex->set_element_opts('cm_shipmethods_zone_locales', $country_opts);
if ($ACTION == OP_EDIT) {
$vals = $sm->fetch_zone($req_id);
/* convert linear array of ISO codes to isocode => countryname */
$cy = array();
foreach ($vals['cm_shipmethods_zone_locales'] as $iso) {
$cy[$iso] = $country_opts[$iso];
function auth_loginform($failed = 0)
{
global $sess;
global $smarty;
global $fex;
// see note below
$this->error_log('called ' . __FUNCTION__ . '()');
// here we put the entire page using smarty
$smarty->assign("page_id", 'login');
require_once "formex.class.php";
// this is a bad kludge to get uname/pw filled pre-filled-out for users that just
// registered + confirmed their account - if $fex exists it can be filled out with
// a $db_row attrib and maybe $FEx, etc. - see activate.php, e.g.
if (!$fex) {
$fex = new formex();
// try to save any GET params we might have had during timeout
if ($_SERVER['REQUEST_URI']) {
$fex->form_action = $_SERVER['REQUEST_URI'];
}
}
$fex->max_size = 16;
$fex->add_element('username', array('Username/email', 'text', null, array('class' => 'cartLogin'), 1));
$fex->add_element('password', array('Password', 'password', null, array('class' => 'cartLogin'), 1));
$fex->add_element("op_login", array("LOGIN", "submit", 1));
$smarty->assign("cform", $fex->get_struct());
$smarty->assign(array("self" => $_SERVER['PHP_SELF'], "BAD_PASS" => $failed));
$smarty->display("float:checkout_login.tpl");
}
}
}
}
}
PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'pear_error_handler');
} elseif ($ACTION == OP_KILL) {
$cpo->set_id($reqid);
$cpo->kill();
}
if ($msg and !count($errs)) {
/** redir on success **/
header(sprintf("Location: %s?nid=%d&msg=%s", $_SERVER['PHP_SELF'], $productid, base64_encode($msg)));
exit;
}
if ($ACTION == OP_ADD or $ACTION == OP_EDIT) {
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->add_element($colmap);
$fex->add_element('op', array($ACTION, 'submit', null, null, 1));
$fex->add_element('nid', array('id', 'hidden', $productid, 1));
if ($ACTION == OP_EDIT) {
$cpo->set_id($reqid);
$hdr = $cpo->fetch();
$fex->elem_vals = $hdr;
$fex->add_element('reqid', array('reqid', 'hidden', $reqid, null));
$fex->add_element('op_kill', array(OP_KILL, 'submit', null, null, 'onclick="return confirm(\'Are you sure?\')"'));
}
} else {
/** list all cm_categories in one big ass dump using HTML_Table **/
$table = new fu_HTML_Table(array('width' => '90%', 'align' => 'center'));
$table->setAutoGrow(true);
}
} elseif (isset($_POST['f_op_kill']) and $ACTION == OP_KILL) {
/** kill from all 3 tables where we find manufacturer stuffs. Ideally a ON
* DELETE CASCADE would take care of this but this is mysql afterall */
$sql = sprintf("DELETE FROM products_categories WHERE categoryid = %d", $mfrid);
$res = $pdb->query($sql);
$sql = sprintf("DELETE FROM bundle_categories WHERE categoryid = %d", $mfrid);
$res = $pdb->query($sql);
$sql = sprintf("DELETE FROM manufacturers WHERE id = %d", $mfrid);
$res = $pdb->query($sql);
$msg = "The selected manufacturer was totally removed.";
// send back to self with messageness
header("Location: {$_SERVER['PHP_SELF']}?info=" . base64_encode($msg));
}
if ($SHOWFORM) {
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->add_element($colmap);
// all those things in $colmap are in the form now
$fex->add_element('op', array($ACTION, 'submit'));
// the button
if ($ACTION == OP_EDIT) {
$sql = sprintf("SELECT sName, descrip\n , m.sFilename AS iconid\n FROM manufacturers mfr LEFT JOIN media m ON (m.id = mfr.iconid)\n WHERE mfr.id = %d", $mfrid);
$fex->elem_vals = $pdb->getRow($sql);
$fex->add_element('id', array('hid id', 'hidden', $mfrid));
// important
$cat_name = $fex->elem_vals['sName'];
/** if there are zero products in this manufacturer, let them delete it **/
$sql = sprintf("SELECT COUNT(*) FROM products WHERE manufacturerid = %d", $mfrid);
$product_count = $pdb->getOne($sql);
}
}
}
} elseif (isset($_POST['op_kill']) and $ACTION == OP_KILL) {
$dbc->set_id($itemid);
$res = $dbc->kill();
if (!PEAR::isError($res)) {
$msg = "The selected {$table_title} was totally removed.";
// send back to self with messageness
header("Location: {$_SERVER['PHP_SELF']}?class={$class}&info=" . base64_encode($msg));
} else {
$errs[] = "ERROR: could not delete: " . $res->getMessage();
}
}
if ($SHOWFORM) {
$fex = new formex();
$fex->field_prefix = '';
$fex->js_src_inline = true;
$fex->add_element($colmap);
// all those things in $colmap are in the form now
if (isset($dbc->colmap_help) && is_array($dbc->colmap_help)) {
foreach ($dbc->colmap_help as $k => $text) {
$fex->set_elem_helptext($k, $text);
}
}
$fex->add_element('op', array($ACTION, 'submit'));
// the button
$fex->add_element('class', array(null, 'hidden', $class));
// important
if ($ACTION == OP_EDIT) {
$dbc->set_id($itemid);
</tr>';
$opts = $this->_array_stringify($this->opts);
$i = 0;
foreach ($opts as $k => $txt) {
$link = sprintf('<a href="../store.edit.php?productid=%d">%s</a>', $k, $txt);
$res .= sprintf("<tr bgcolor=\"%s\"><td align=\"left\">%s</td>\n <td align=\"left\"><input type=\"checkbox\" value=\"%s\" name=\"%s[]\" %s /></td>\n <td align=\"left\"><input type=\"text\" value=\"%s\" name=\"adders_%s\" size=\"8\" /></td></tr>\n", $i % 2 ? '#c9c9c9' : '#dedede', $link, $k, $this->fname, (is_array($fval) and in_array($k, $fval)) ? "checked" : "", isset($adders[$k]) ? $adders[$k] : "0.00", $k);
$i++;
}
$res .= "</td></tr></table>\n\n";
return $res;
}
}
/****************************************************************************/
/*}}}*/
// set up form for validation and forming
$fex = new formex('POST', 'bundler_formex_field');
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->field_prefix = '';
$fex->add_element($bundle->get_colmap());
foreach ($bundle->colmap_help as $elem => $txt) {
$fex->set_elem_helptext($elem, $txt);
}
// handle ADD and EDIT/*{{{*/
if (isset($_POST['op']) and ($ACTION == OP_ADD or $ACTION == OP_EDIT)) {
$errs = $fex->validate($_POST);
$req_id = $_POST['id'];
if (empty($_POST['pcat_req_vals']) or !is_array($_POST['pcat_req_vals'])) {
$errs[] = "Bundle selection was missing!";
} else {
$catquants = join('', array_values($_POST['pcat_req_vals']));
} else {
$res = $user->change_pword($newpw);
if (PEAR::isError($res) and $res->getMessage() != 'warning: 0 rows were changed') {
$err = $res->getMessage();
}
// added these 2 $_SESSION lines as a hack for momenta :/
$_SESSION['email'] = $user->get_email();
$_SESSION['name'] = $user->get_full_name();
$user->force_pword_change(false);
$auth->force_preauth($user->get_id());
}
}
if ($err) {
$smarty->assign('BACK_LINK', sprintf("%s?%s=%s&u=%d", $_SERVER['PHP_SELF'], $recover_key_name, $_POST['f_mash'], $_POST['f_uid']));
$smarty->assign('CHANGE_ERROR', $err);
} else {
$smarty->assign('CHANGE_SUCCESS', true);
}
}
/*** form for getting email addr (step 1) only **/
if ($SHOWFORM) {
$fex = new formex();
$fex->add_element('op', array($ACTION, 'submit'));
if ($ACTION == OP_GET_EMAIL) {
$fex->add_element('email', array('Enter your username or email address', 'email', null, array('size' => 40), 1));
}
$smarty->assign('cform', $fex->get_struct());
}
$tpl = 'pass.recover.tpl';
$smarty->assign('ACTION', $ACTION);
$smarty->display("float:{$tpl}");
} else {
if ($ACTION == OP_EDIT) {
$msg = "Changes have been made to " . $thing;
}
}
}
}
PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'pear_error_handler');
}
if ($msg and !count($errs)) {
/** redir on success **/
header(sprintf("Location: %s?nid=%d&msg=%s", $_SERVER['PHP_SELF'], $productid, base64_encode($msg)));
exit;
}
/** build form **/
$fex = new formex('POST');
$allproducts = $pc->get_product_list();
$fex->js_src_inline = true;
$fex->add_element($colmap);
$fex->set_element_opts('cm_products_relations', $allproducts);
$fex->add_element('op', array($ACTION, 'submit', null, null, 1));
$fex->add_element('nid', array('id', 'hidden', $productid, 1));
$fex->set_elem_default_vals('cm_products_relations', $pc->fetch_related_products());
/** **/
// get message for display if any
if (isset($_GET['msg'])) {
$msg = base64_decode($_GET['msg']);
}
# output template
##############################################################################
?>
/** making sure they did not mysteriously lose the cart somehow, if so redirect and complain */
$cart_itemcount = $cart->count_items();
if (!$cart_itemcount or PEAR::isError($cart_itemcount)) {
header("Location: cart.php");
trigger_error("Attempt to checkout with an empty cart.", E_USER_ERROR);
exit;
}
$fex = new formex();
/* enter user shipping addr, and possibly new Anonymous user account */
if ($ACTION == OP_ADD_SHIP) {
$pdb->autoCommit(false);
// begin trans, because we have potential two stages here that each can fail validation
/* they would like to proceed without choosing a password and such. Create an "anonymous" user object stub and log them in automatically */
if (CSHOP_ALLOW_ANON_ACCOUNT and $auth->has_bypass_flag()) {
$user = cmClassFactory::getInstanceOf(CSHOP_CLASSES_USER, $pdb);
$fex_anon_user = new formex();
$fex_anon_user->add_element($user->get_anon_colmap());
if (!($errs = $fex_anon_user->validate($_POST))) {
$vals = $fex_anon_user->get_submitted_vals($_POST);
$res = $user->create_anon_user('', $vals);
if (PEAR::isError($res)) {
trigger_error($res->getCode(), E_USER_ERROR);
}
$auth->force_preauth($user->get_id());
// magically logs them in with the new uid
}
}
// save the comments on billing/shipping eitheway, its shared
if (!empty($_POST['f_user_comments'])) {
$cart->set_user_comment($_POST['f_user_comments']);
}
} else {
$ERROR = $res->getMessage();
}
}
PEAR::popErrorHandling();
} elseif ($ACTION == OP_KILL) {
$sql = sprintf("DELETE FROM %s WHERE id = %d", $inventory_table, $invid);
$res = $pdb->query($sql);
if (!PEAR::isError($res)) {
$SUCCESS = "inventory record removed from the system";
}
}
/** setup the form that goes at the top */
$pc->set_id($productid);
$onchange = 'onchange="cmSetSkuField()"';
$fex = new formex('POST');
$fex->add_element('sizes', array('Size', 'select', array(), null, $onchange, 1));
$fex->add_element('colors', array('Colors', 'select', array(), null, $onchange, 1));
$fex->add_element('qty', array('Qty', 'text', 1, array('size' => 3, 'maxlength' => 6), 1));
$fex->add_element('sku', array('SKU', 'text', '', array('size' => 16, 'maxlength' => 64), 1));
if ($USE_ADDERS) {
$fex->add_element('adder', array('Adder', 'text', '0.00', array('size' => 7, 'maxlength' => 10), 'onchange="cmAddPrice(this.value)"', 1));
}
$fex->add_element('nid', array('id', 'hidden', $productid, null));
$fex->set_element_opts('sizes', array('' => '-----') + cshopUtils::get_all_sizes($pdb));
$fex->set_element_opts('colors', array('' => '-----') + cshopUtils::get_all_colors($pdb));
if (isset($invid) and $ACTION == OP_EDIT) {
$sql = sprintf("SELECT i.sizes_id AS sizes, i.colorways_id AS colors, i.qty, i.sku, adder\n , IFNULL((p.price + adder), p.price) AS total_price\n FROM {$inventory_table} i, cm_products p WHERE i.id = %d AND p.id = i.product_id", $invid);
$inv_record = $pdb->getRow($sql);
$fex->elem_vals = $inv_record;
$killlink = sprintf('%s?op_kill=%d&nid=%d', $_SERVER['PHP_SELF'], $invid, $productid);
$user->addr->set_id($itemid);
$res = $user->addr->kill();
$msg = "The selected {$table_title} was totally removed.";
// send back to self with messageness
header("Location: {$_SERVER['PHP_SELF']}?{$reqIdKey}={$parentid}&info=" . base64_encode($msg));
exit;
} elseif ($ACTION == OP_ACTIVATE) {
$type = $_GET['type'] == 'bill' ? 'billing' : 'shipping';
$user->activateAddress($type, $itemid);
$msg = "The {$type} address for this user has been set.";
// send back to self with messageness
header("Location: {$_SERVER['PHP_SELF']}?{$reqIdKey}={$parentid}&info=" . base64_encode($msg));
exit;
}
if ($SHOWFORM) {
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->field_prefix = '';
$fex->add_element($user->addr->colmap);
$fex->add_element('op', array($ACTION, 'submit'));
// the button
$fex->add_element($reqIdKey, array(null, 'hidden', $parentid, 0));
// important
$fex->add_element('itemid', array(null, 'hidden', $itemid, 0));
// important
if ($ACTION == OP_EDIT) {
$user->set_id($parentid);
$user->addr->set_id($itemid);
$fex->elem_vals = $user->addr->fetch();
$confirm_msg = sprintf('This will remove this %s from the site permanently. Are you sure?', $table_title);
}
}
}
if (defined('CSHOP_CONTROL_SHOW_STS_GIFTCARD_LOADER') && CSHOP_CONTROL_SHOW_STS_GIFTCARD_LOADER) {
$inactive_giftcards = array();
foreach ($orderitems as $item) {
$already_activated_cards = empty($item['item_options']['gc_activated']) ? 0 : $item['item_options']['gc_activated']['value'];
if ($already_activated_cards < $item['qty'] && !empty($item['item_options']['swi_cm_amt'])) {
$item['num_to_activate'] = $item['qty'] - $already_activated_cards;
$inactive_giftcards[] = $item;
}
}
$smarty->assign('giftcards', $inactive_giftcards);
}
/* ORDER UPDATE FORM - built in the USA */
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->field_prefix = '';
$fex->max_size = 25;
$fex->add_element($order->colmap);
/* add elements for the customer notify */
$fex->add_element('do_notify', array('Notify Customer?', 'toggle'));
$fex->add_element('comments', array('Comments', 'textarea'));
$fex->add_element('op_update', array('UPDATE', 'submit'));
// the button
$fex->add_element($reqIdKey, array(null, 'hidden', $itemid));
// important
$fex->set_element_opts('orders_status', $order->get_statuses());
$fex->elem_vals = $orderinfo;
if (empty($orderinfo['ship_date'])) {
$fex->elem_vals['ship_date'] = date('Y-m-d');
$productid = $_POST['f_id'];
$ACTION = OP_KILL;
} elseif (isset($_GET['productid']) and !empty($_GET['productid'])) {
$productid = $_GET['productid'];
$ACTION = OP_EDIT;
} else {
$ACTION = OP_ADD;
}
/** **/
$pagetitle .= strtolower($ACTION);
// make a nice title
$errs = array();
$c = CSHOP_CLASSES_PRODUCT;
$pc = new $c($pdb);
$colmap = $pc->get_colmap();
$fex = new formex('POST');
$fex->convert_empty_string_to_null = true;
$fex->add_element($colmap);
/** POST rec'd, check valid, proc. upload and save if OK */
if (isset($_POST['f_op']) and ($ACTION == OP_ADD or $ACTION == OP_EDIT)) {
$msg = '';
$vals = array();
$img_vals = array();
if ($errs = $fex->validate($_POST)) {
// handled below
} else {
$vals = $fex->get_submitted_vals($_POST);
$upfiles = array('imageid' => array(), 'feature_imageid' => array());
// tracks all new files we need to insert in media_prod table
/** process each uploaded image **/
foreach ($upfiles as $upfile => $img_vals) {
}
$SHOWFORM = false;
unlink($fullpathfile);
}
}
}
$DO_VERIFY = true;
}
if (isset($_GET['op_cancel']) && !empty($_GET['op_cancel'])) {
$fullpathfile = CSHOP_MEDIA_FULLPATH . '/' . stripslashes($_GET['op_cancel']);
if (is_file($fullpathfile)) {
unlink($fullpathfile);
}
}
if ($SHOWFORM) {
$uploform = new formex();
$uploform->left_td_style = '';
$uploform->field_prefix = '';
#$uploform->add_element('hdr1', array('<b>Options:</b>', 'heading'));
#$uploform->add_element('do_create_new', array('Create new products/inventory items?', 'toggle'));
$uploform->add_element('skip_first_row', array('Skip first row?', 'toggle'));
//$uploform->add_element('do_reset_zero', array('zero quantities for all existing SKUs not found in the uploaded data?', 'toggle'));
$uploform->add_element('datafile', array('Data File', 'file', true));
$uploform->add_element('op_up', array('NEXT', 'submit'));
}
##############################################################################
# output template
##############################################################################
$smarty->display('control/header.tpl');
?>
<div id="loadInventoryWrap">
}
/** we didn't have a post? maybe we need to show the form... */
if (isset($_GET['op_add'])) {
$ACTION = OP_ADD;
} elseif (isset($_GET['op_edit'])) {
$ACTION = OP_EDIT;
$req_id = $_GET['op_edit'];
}
if ($ACTION) {
$SHOWFORM = true;
}
/** either show an adding/editing form **************************************************/
if ($SHOWFORM) {
$c = CSHOP_CLASSES_PRODUCT;
$pc = new $c($pdb);
$fex = new formex();
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->field_prefix = '';
$fex->add_element($sm->get_colmap());
// all those things in $colmap are in the form now
$fex->add_element('op', array($ACTION, 'submit'));
// the button
if ($ACTION == OP_EDIT) {
$sm->dbc->set_id($req_id);
$vals = $sm->dbc->fetch();
$fex->elem_vals = $vals;
$method_title = $vals['name'];
$curr_basis = $vals['basis'];
$fex->add_element('id', array('hid id', 'hidden', $req_id));
// important
/**
* store an address and associate it with this user
* @param $type str billing or shipping
* @param $addr array assoc address values
* @param $forcenew force creation of a new cm_address_book entry, defaults to true
* @see cmAddressBook
* @return success
*/
function store_address($type, $addr, $forcenew = true)
{
if (!$this->get_id()) {
return $this->raiseError("user id not set");
}
$addr['user_id'] = $this->get_id();
if (!$forcenew) {
// look for existing addr and update it.
if ($addrid = $this->get_header($type . '_addr_id')) {
$this->addr->set_id($addrid);
} else {
// not known.
$this->addr->reset();
}
}
/* use the full country name, not ISO code, whenever possible */
if (!empty($this->addr->colmap['country'][3]['iso_codes']) && $addr['country'] != 'US' and is_callable(array('formex', 'get_country_opts'))) {
$addr['country'] = formex::get_country_opts(true, $addr['country']);
}
$this->addr->store($addr, $forcenew);
return $this->activateAddress($type, $this->addr->get_id());
}
if ($msg and !count($errs) and $ACTION & OP_DO_PROC) {
// send back to self with messageness
#print $msg;
header("Location: {$_SERVER['PHP_SELF']}?{$base_get_vars}&info=" . base64_encode($msg));
exit;
}
/** we didnt have a post - so set ACTION flags depending on some GET inputs */
if (isset($_GET['op_edit']) and is_numeric($_GET['op_edit'])) {
$ACTION |= OP_EDIT;
$dbc->set_id($_GET['op_edit']);
} elseif (isset($_GET['op_add'])) {
$ACTION |= OP_ADD;
}
/** create a formex() object to make a form */
if ($ACTION) {
$fex = new formex();
$fex->field_prefix = '';
$fex->left_td_style = '';
$fex->extra_js_src_dir = "/control/formex_js";
$fex->rte_js_src_dir = "/control/formex_js";
$fex->add_element($colmap);
if ($ACTION & OP_EDIT) {
$fex->add_element('but', array('EDIT', 'submit'));
$s = $dbc->fetch_content();
$vals = array_pop($s);
$fex->elem_default_vals = $vals;
if ($vals['id']) {
$fex->add_element('id', array(null, 'hidden', $dbc->get_id(), null));
}
$confirm_msg = 'This will remove this item from the site permanently. Are you sure?';
$fex->add_element('op_kill', array('REMOVE', 'submit', null, array('class' => 'ccomKillSwitch'), "onclick=\"return confirm('{$confirm_msg}')\""));
/** kill from all 3 tables where we find category stuffs. Ideally a ON
* DELETE CASCADE would take care of this but this is mysql afterall */
$sql = sprintf("DELETE FROM {$tablename} WHERE id = %d", $catid);
$res = $pdb->query($sql);
/*
* $sql = sprintf("DELETE FROM bundle_categories WHERE categoryid = %d", $catid);
* $res = $pdb->query($sql);
* $sql = sprintf("DELETE FROM categories WHERE id = %d", $catid);
* $res = $pdb->query($sql);
*/
$msg = "The selected category was totally removed.";
// send back to self with messageness
header("Location: {$_SERVER['PHP_SELF']}?info=" . base64_encode($msg));
}
if ($SHOWFORM) {
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->add_element($colmap);
// all those things in $colmap are in the form now
$fex->set_element_opts('ship_class_id', $shipTypes);
$fex->add_element('op', array($ACTION, 'submit'));
// the button
$fex->set_element_opts('parent_cat_id', cshopUtils::get_all_parent_categories($pdb));
if ($ACTION == OP_EDIT) {
$sql = sprintf("SELECT name, descrip, ship_class_id, is_taxable, level, feature_rank, is_active, parent_cat_id , order_weight\n , m.filename AS icon_media_id\n FROM cm_categories c LEFT JOIN cm_media_files m ON (m.id = c.icon_media_id)\n WHERE c.id = %d", $catid);
$fex->elem_vals = $pdb->getRow($sql);
$fex->add_element('id', array('hid id', 'hidden', $catid, null));
// important
$cat_name = $fex->elem_vals['name'];
/** if there are zero products in this category, let them delete it **/
$sql = sprintf("SELECT COUNT(*) FROM cm_products_categories WHERE cm_categories_id = %d", $catid);
} else {
if ($ACTION == OP_EDIT) {
$msg = "Changes have been made to " . $thing;
}
}
}
}
PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'pear_error_handler');
}
if ($msg and !count($errs)) {
/** redir on success **/
header(sprintf("Location: %s?nid=%d&msg=%s", $_SERVER['PHP_SELF'], $productid, base64_encode($msg)));
exit;
}
/** build form **/
$fex = new formex('POST');
$allcats = $pcat->get_categories_for_select(0, 0, true);
$fex->js_src_inline = true;
$fex->add_element($colmap);
$fex->set_element_opts('cm_products_categories', $allcats);
$fex->add_element('op', array($ACTION, 'submit', null, null, 1));
$fex->add_element('nid', array('id', 'hidden', $productid, 1));
$product_info = $pc->fetch(array('title'), true);
$fex->set_elem_default_vals('cm_products_categories', $product_info['cm_products_categories']);
/** **/
// get message for display if any
if (isset($_GET['msg'])) {
$msg = base64_decode($_GET['msg']);
}
# output template
##############################################################################
$res = $user->kill();
$msg = "The selected {$table_title} was totally removed.";
}
} elseif ($ACTION == OP_PASS) {
$user->set_id($itemid);
$user->force_pword_change();
$res = $user->send_pass_notification();
$msg = "The password for this user has been reset and an email has been sent to\n {$user->header['email']} allowing them to reset it [{$res}]";
}
// send back to self with messageness
if ($msg) {
header("Location: {$_SERVER['PHP_SELF']}?info=" . base64_encode($msg));
exit;
}
if ($SHOWFORM) {
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->field_prefix = '';
if ($ACTION == OP_EDIT) {
$user->set_id($itemid);
if (!($fex->elem_vals = $user->fetch())) {
$errs[] = 'No such user found';
} else {
if (defined('CSHOP_ALLOW_ANON_ACCOUNT') and empty($fex->elem_vals['email'])) {
$fex->elem_vals['email'] = $fex->elem_vals['anon_email'];
}
$item_name = $fex->elem_vals[$table_namecol];
$fex->add_element($reqIdKey, array('hid id', 'hidden', $itemid, 0));
// important
$confirm_msg = sprintf('This will remove this %s from the site permanently. Are you sure?', $table_title);
$sql = sprintf("DELETE FROM cm_product_images WHERE id = %d", $reqid);
$res = $pdb->query($sql);
if (PEAR::isError($res)) {
$errs[] = $res->getMessage();
} else {
$msg = "Product media file was successfully removed";
}
}
}
if ($msg and !count($errs)) {
/** redir on success **/
header(sprintf("Location: %s?nid=%d&msg=%s", $_SERVER['PHP_SELF'], $productid, base64_encode($msg)));
exit;
}
if ($ACTION == OP_ADD or $ACTION == OP_EDIT) {
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->add_element($colmap);
$fex->add_element('op', array($ACTION, 'submit', null, null, 1));
$fex->add_element('nid', array('id', 'hidden', $productid, null));
$fex->set_element_opts('colorways_id', cshopUtils::get_all_colors($pdb, true));
if ($ACTION == OP_EDIT) {
$sql = sprintf("SELECT colorways_id, order_weight, class, filename_large AS upfile\n FROM {$tablename} WHERE id = %d", $reqid);
$row = $pdb->getRow($sql);
$fex->elem_vals = $row;
$fex->add_element('reqid', array('reqid', 'hidden', $reqid, null));
$fex->add_element('op_kill', array(OP_KILL, 'submit', null, null, 'onclick="return confirm(\'Are you sure?\')"'));
}
} else {
/** list all cm_categories in one big ass dump using HTML_Table **/
$table = new fu_HTML_Table(array('width' => '90%', 'align' => 'center'));
}
} elseif ($ACTION == OP_KILL_ADDR) {
$user->addr->set_id($req_id);
// it doesn't let you remove other peoples addresses (?)
$user->addr->kill();
$msg = "Address was removed from the system";
header("Location: profile.php?info=" . base64_encode($msg));
exit;
} elseif ($ACTION == OP_SHOW_ORDERS) {
$smarty->assign('order_history', $user->fetch_order_history());
$tpl = 'order_list.tpl';
}
$smarty->assign('errors', $errs);
if ($SHOWFORM) {
/* show one of the fine forms for updates */
$fex = new formex();
$fex->max_size = 24;
$fex->add_element('op', array($ACTION, 'submit'));
if ($ACTION == OP_NEW_USER) {
$fex->add_element($user->get_colmap());
if ($user->do_require_address_on_register) {
$fex->add_element($user->addr->colmap);
$smarty->assign('ADDRESS_REQUIRED', true);
}
} elseif ($ACTION == OP_EDIT_PROFILE) {
$fex->add_element($user->colmap);
$fex->elem_vals = $userinfo;
} elseif ($ACTION == OP_EDIT_ADDR) {
$fex->add_element('addr_id', array('', 'hidden', $req_id, null));
$fex->add_element($user->addr->get_colmap());
$user->addr->set_id($req_id);
} elseif (isset($_GET['op_add'])) {
$ACTION = OP_ADD;
}
}
if (empty($productid)) {
trigger_error("productid was not passed", E_USER_ERROR);
}
$product = cmClassFactory::getInstanceOf(CSHOP_CLASSES_PRODUCT, $pdb);
$product->set_id($productid);
if (!$product->fetch(array('title'))) {
trigger_error("unknown product id!", E_USER_ERROR);
}
$download = cmClassFactory::getInstanceOf(CSHOP_CLASSES_DOWNLOADS, $pdb);
$colmap = $download->get_colmap();
/** init form */
$fex = new formex('POST');
$fex->add_element($colmap);
/** POST rec'd, check valid, proc. upload and save if OK */
if (isset($_POST['f_op']) and ($ACTION == OP_EDIT or $ACTION == OP_ADD)) {
if (!($errs = $fex->validate($_POST))) {
$vals = $fex->get_submitted_vals($_POST);
if (!$download->do_validate($vals)) {
foreach ($download->get_validation_errors() as $err) {
$errs[] = $err['message'];
}
} else {
if ($ACTION == OP_EDIT) {
$download->set_id($thisid);
}
PEAR::pushErrorHandling(PEAR_ERROR_RETURN);
$res = $download->store($vals);
