$user->addr->set_id($req_id); // it doesn't let you remove other peoples addresses (?) $user->addr->kill(); $msg = "Address was removed from the system"; header("Location: profile.php?info=" . base64_encode($msg)); exit; } elseif ($ACTION == OP_SHOW_ORDERS) { $smarty->assign('order_history', $user->fetch_order_history()); $tpl = 'order_list.tpl'; } $smarty->assign('errors', $errs); if ($SHOWFORM) { /* show one of the fine forms for updates */ $fex = new formex(); $fex->max_size = 24; $fex->add_element('op', array($ACTION, 'submit')); if ($ACTION == OP_NEW_USER) { $fex->add_element($user->get_colmap()); if ($user->do_require_address_on_register) { $fex->add_element($user->addr->colmap); $smarty->assign('ADDRESS_REQUIRED', true); } } elseif ($ACTION == OP_EDIT_PROFILE) { $fex->add_element($user->colmap); $fex->elem_vals = $userinfo; } elseif ($ACTION == OP_EDIT_ADDR) { $fex->add_element('addr_id', array('', 'hidden', $req_id, null)); $fex->add_element($user->addr->get_colmap()); $user->addr->set_id($req_id); $fex->elem_vals = $user->addr->fetch(); }
} if ($SHOWFORM) { $fex = new formex('POST'); $fex->js_src_inline = true; $fex->left_td_style = ''; $fex->field_prefix = ''; if ($ACTION == OP_EDIT) { $user->set_id($itemid); if (!($fex->elem_vals = $user->fetch())) { $errs[] = 'No such user found'; } else { if (defined('CSHOP_ALLOW_ANON_ACCOUNT') and empty($fex->elem_vals['email'])) { $fex->elem_vals['email'] = $fex->elem_vals['anon_email']; } $item_name = $fex->elem_vals[$table_namecol]; $fex->add_element($reqIdKey, array('hid id', 'hidden', $itemid, 0)); // important $confirm_msg = sprintf('This will remove this %s from the site permanently. Are you sure?', $table_title); $fex->add_element('op_kill', array(OP_KILL, 'submit', null, null, 'onclick="return confirm(\'' . $confirm_msg . '\')"')); /** get all addrs belonging to this captain **/ $billaddr = $user->fetchBillingAddr(); } } $fex->add_element($user->get_colmap()); $fex->add_element('op', array($ACTION, 'submit')); // the button if ($orders = $user->fetch_order_history()) { $table = new fu_HTML_Table(array("width" => "820")); $table->setAutoGrow(true); $table->setAutoFill("-"); $table->addRow(array('Order Number', 'Ship name', 'Status', 'Date', 'Amt Quoted'), 'header', false);
$link = sprintf('<a href="../store.edit.php?productid=%d">%s</a>', $k, $txt); $res .= sprintf("<tr bgcolor=\"%s\"><td align=\"left\">%s</td>\n <td align=\"left\"><input type=\"checkbox\" value=\"%s\" name=\"%s[]\" %s /></td>\n <td align=\"left\"><input type=\"text\" value=\"%s\" name=\"adders_%s\" size=\"8\" /></td></tr>\n", $i % 2 ? '#c9c9c9' : '#dedede', $link, $k, $this->fname, (is_array($fval) and in_array($k, $fval)) ? "checked" : "", isset($adders[$k]) ? $adders[$k] : "0.00", $k); $i++; } $res .= "</td></tr></table>\n\n"; return $res; } } /****************************************************************************/ /*}}}*/ // set up form for validation and forming $fex = new formex('POST', 'bundler_formex_field'); $fex->js_src_inline = true; $fex->left_td_style = ''; $fex->field_prefix = ''; $fex->add_element($bundle->get_colmap()); foreach ($bundle->colmap_help as $elem => $txt) { $fex->set_elem_helptext($elem, $txt); } // handle ADD and EDIT/*{{{*/ if (isset($_POST['op']) and ($ACTION == OP_ADD or $ACTION == OP_EDIT)) { $errs = $fex->validate($_POST); $req_id = $_POST['id']; if (empty($_POST['pcat_req_vals']) or !is_array($_POST['pcat_req_vals'])) { $errs[] = "Bundle selection was missing!"; } else { $catquants = join('', array_values($_POST['pcat_req_vals'])); if (empty($catquants)) { $errs[] = "Bundle must contain one or more categories of products to select from."; } }
} } } } PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'pear_error_handler'); } if ($msg and !count($errs)) { /** redir on success **/ header(sprintf("Location: %s?nid=%d&msg=%s", $_SERVER['PHP_SELF'], $productid, base64_encode($msg))); exit; } /** build form **/ $fex = new formex('POST'); $allproducts = $pc->get_product_list(); $fex->js_src_inline = true; $fex->add_element($colmap); $fex->set_element_opts('cm_products_relations', $allproducts); $fex->add_element('op', array($ACTION, 'submit', null, null, 1)); $fex->add_element('nid', array('id', 'hidden', $productid, 1)); $fex->set_elem_default_vals('cm_products_relations', $pc->fetch_related_products()); /** **/ // get message for display if any if (isset($_GET['msg'])) { $msg = base64_decode($_GET['msg']); } # output template ############################################################################## ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head>
} elseif (isset($_POST['op_kill']) and $ACTION == OP_KILL) { $dbc->set_id($itemid); $res = $dbc->kill(); if (!PEAR::isError($res)) { $msg = "The selected {$table_title} was totally removed."; // send back to self with messageness header("Location: {$_SERVER['PHP_SELF']}?class={$class}&info=" . base64_encode($msg)); } else { $errs[] = "ERROR: could not delete: " . $res->getMessage(); } } if ($SHOWFORM) { $fex = new formex(); $fex->field_prefix = ''; $fex->js_src_inline = true; $fex->add_element($colmap); // all those things in $colmap are in the form now if (isset($dbc->colmap_help) && is_array($dbc->colmap_help)) { foreach ($dbc->colmap_help as $k => $text) { $fex->set_elem_helptext($k, $text); } } $fex->add_element('op', array($ACTION, 'submit')); // the button $fex->add_element('class', array(null, 'hidden', $class)); // important if ($ACTION == OP_EDIT) { $dbc->set_id($itemid); $fex->elem_vals = $dbc->fetch('', true); $fex->add_element('id', array(null, 'hidden', $itemid)); // important
function auth_loginform($failed = 0) { global $sess; global $smarty; global $fex; // see note below $this->error_log('called ' . __FUNCTION__ . '()'); // here we put the entire page using smarty $smarty->assign("page_id", 'login'); require_once "formex.class.php"; // this is a bad kludge to get uname/pw filled pre-filled-out for users that just // registered + confirmed their account - if $fex exists it can be filled out with // a $db_row attrib and maybe $FEx, etc. - see activate.php, e.g. if (!$fex) { $fex = new formex(); // try to save any GET params we might have had during timeout if ($_SERVER['REQUEST_URI']) { $fex->form_action = $_SERVER['REQUEST_URI']; } } $fex->max_size = 16; $fex->add_element('username', array('Username/email', 'text', null, array('class' => 'cartLogin'), 1)); $fex->add_element('password', array('Password', 'password', null, array('class' => 'cartLogin'), 1)); $fex->add_element("op_login", array("LOGIN", "submit", 1)); $smarty->assign("cform", $fex->get_struct()); $smarty->assign(array("self" => $_SERVER['PHP_SELF'], "BAD_PASS" => $failed)); $smarty->display("float:checkout_login.tpl"); }
} $DO_VERIFY = true; } if (isset($_GET['op_cancel']) && !empty($_GET['op_cancel'])) { $fullpathfile = CSHOP_MEDIA_FULLPATH . '/' . stripslashes($_GET['op_cancel']); if (is_file($fullpathfile)) { unlink($fullpathfile); } } if ($SHOWFORM) { $uploform = new formex(); $uploform->left_td_style = ''; $uploform->field_prefix = ''; #$uploform->add_element('hdr1', array('<b>Options:</b>', 'heading')); #$uploform->add_element('do_create_new', array('Create new products/inventory items?', 'toggle')); $uploform->add_element('skip_first_row', array('Skip first row?', 'toggle')); //$uploform->add_element('do_reset_zero', array('zero quantities for all existing SKUs not found in the uploaded data?', 'toggle')); $uploform->add_element('datafile', array('Data File', 'file', true)); $uploform->add_element('op_up', array('NEXT', 'submit')); } ############################################################################## # output template ############################################################################## $smarty->display('control/header.tpl'); ?> <div id="loadInventoryWrap"> <h2 class="headline">Inventory Data Loader</h2> <? if (!empty($errs)) { ?> <div class="userError"> Errors occurred while processing your request.
* DELETE CASCADE would take care of this but this is mysql afterall */ $sql = sprintf("DELETE FROM products_categories WHERE categoryid = %d", $mfrid); $res = $pdb->query($sql); $sql = sprintf("DELETE FROM bundle_categories WHERE categoryid = %d", $mfrid); $res = $pdb->query($sql); $sql = sprintf("DELETE FROM manufacturers WHERE id = %d", $mfrid); $res = $pdb->query($sql); $msg = "The selected manufacturer was totally removed."; // send back to self with messageness header("Location: {$_SERVER['PHP_SELF']}?info=" . base64_encode($msg)); } if ($SHOWFORM) { $fex = new formex('POST'); $fex->js_src_inline = true; $fex->left_td_style = ''; $fex->add_element($colmap); // all those things in $colmap are in the form now $fex->add_element('op', array($ACTION, 'submit')); // the button if ($ACTION == OP_EDIT) { $sql = sprintf("SELECT sName, descrip\n , m.sFilename AS iconid\n FROM manufacturers mfr LEFT JOIN media m ON (m.id = mfr.iconid)\n WHERE mfr.id = %d", $mfrid); $fex->elem_vals = $pdb->getRow($sql); $fex->add_element('id', array('hid id', 'hidden', $mfrid)); // important $cat_name = $fex->elem_vals['sName']; /** if there are zero products in this manufacturer, let them delete it **/ $sql = sprintf("SELECT COUNT(*) FROM products WHERE manufacturerid = %d", $mfrid); $product_count = $pdb->getOne($sql); if ($product_count) { $confirm_msg = "There are {$product_count} products that are associated with this manufacturer. You cannot delete the manufacturer until all these products have been removed or reassigned"; $fex->add_element('op_kill', array(OP_KILL, 'submit', null, null, 'onclick="alert(\'' . $confirm_msg . '\'); return false"'));
} elseif (isset($_GET['op_edit'])) { $ACTION = OP_EDIT; $req_id = $_GET['op_edit']; } if ($ACTION) { $SHOWFORM = true; } /** either show an adding/editing form **************************************************/ if ($SHOWFORM) { $c = CSHOP_CLASSES_PRODUCT; $pc = new $c($pdb); $fex = new formex(); $fex->js_src_inline = true; $fex->left_td_style = ''; $fex->field_prefix = ''; $fex->add_element($sm->colmap_zones); // all those things in $colmap are in the form now $fex->add_element('op', array($ACTION, 'submit')); // the button $country_opts = formex::get_country_opts(true); $fex->set_element_opts('cm_shipmethods_zone_locales', $country_opts); if ($ACTION == OP_EDIT) { $vals = $sm->fetch_zone($req_id); /* convert linear array of ISO codes to isocode => countryname */ $cy = array(); foreach ($vals['cm_shipmethods_zone_locales'] as $iso) { $cy[$iso] = $country_opts[$iso]; } $vals['cm_shipmethods_zone_locales'] = $cy; $fex->elem_vals = $vals; $method_title = $vals['zone_name'];
} /** we didnt have a post - so set ACTION flags depending on some GET inputs */ if (isset($_GET['op_edit']) and is_numeric($_GET['op_edit'])) { $ACTION |= OP_EDIT; $dbc->set_id($_GET['op_edit']); } elseif (isset($_GET['op_add'])) { $ACTION |= OP_ADD; } /** create a formex() object to make a form */ if ($ACTION) { $fex = new formex(); $fex->field_prefix = ''; $fex->left_td_style = ''; $fex->extra_js_src_dir = "/control/formex_js"; $fex->rte_js_src_dir = "/control/formex_js"; $fex->add_element($colmap); if ($ACTION & OP_EDIT) { $fex->add_element('but', array('EDIT', 'submit')); $s = $dbc->fetch_content(); $vals = array_pop($s); $fex->elem_default_vals = $vals; if ($vals['id']) { $fex->add_element('id', array(null, 'hidden', $dbc->get_id(), null)); } $confirm_msg = 'This will remove this item from the site permanently. Are you sure?'; $fex->add_element('op_kill', array('REMOVE', 'submit', null, array('class' => 'ccomKillSwitch'), "onclick=\"return confirm('{$confirm_msg}')\"")); if (isset($vals[$dbc->_table_namecol])) { $crumbs[$vals[$dbc->_table_namecol]] = $_SERVER['PHP_SELF'] . "?{$base_get_vars}&op_edit=" . $vals['id']; } $action_name = 'edit'; } else {
if (PEAR::isError($res)) { $errs[] = $res->getMessage(); } else { $msg = "Product media file was successfully removed"; } } } if ($msg and !count($errs)) { /** redir on success **/ header(sprintf("Location: %s?nid=%d&msg=%s", $_SERVER['PHP_SELF'], $productid, base64_encode($msg))); exit; } if ($ACTION == OP_ADD or $ACTION == OP_EDIT) { $fex = new formex('POST'); $fex->js_src_inline = true; $fex->add_element($colmap); $fex->add_element('op', array($ACTION, 'submit', null, null, 1)); $fex->add_element('nid', array('id', 'hidden', $productid, null)); $fex->set_element_opts('colorways_id', cshopUtils::get_all_colors($pdb, true)); if ($ACTION == OP_EDIT) { $sql = sprintf("SELECT colorways_id, order_weight, class, filename_large AS upfile\n FROM {$tablename} WHERE id = %d", $reqid); $row = $pdb->getRow($sql); $fex->elem_vals = $row; $fex->add_element('reqid', array('reqid', 'hidden', $reqid, null)); $fex->add_element('op_kill', array(OP_KILL, 'submit', null, null, 'onclick="return confirm(\'Are you sure?\')"')); } } else { /** list all cm_categories in one big ass dump using HTML_Table **/ $table = new fu_HTML_Table(array('width' => '90%', 'align' => 'center')); $table->setAutoGrow(true); $table->setAutoFill("-");
} else { $res = $user->change_pword($newpw); if (PEAR::isError($res) and $res->getMessage() != 'warning: 0 rows were changed') { $err = $res->getMessage(); } // added these 2 $_SESSION lines as a hack for momenta :/ $_SESSION['email'] = $user->get_email(); $_SESSION['name'] = $user->get_full_name(); $user->force_pword_change(false); $auth->force_preauth($user->get_id()); } } if ($err) { $smarty->assign('BACK_LINK', sprintf("%s?%s=%s&u=%d", $_SERVER['PHP_SELF'], $recover_key_name, $_POST['f_mash'], $_POST['f_uid'])); $smarty->assign('CHANGE_ERROR', $err); } else { $smarty->assign('CHANGE_SUCCESS', true); } } /*** form for getting email addr (step 1) only **/ if ($SHOWFORM) { $fex = new formex(); $fex->add_element('op', array($ACTION, 'submit')); if ($ACTION == OP_GET_EMAIL) { $fex->add_element('email', array('Enter your username or email address', 'email', null, array('size' => 40), 1)); } $smarty->assign('cform', $fex->get_struct()); } $tpl = 'pass.recover.tpl'; $smarty->assign('ACTION', $ACTION); $smarty->display("float:{$tpl}");
$ERROR = $res->getMessage(); } } PEAR::popErrorHandling(); } elseif ($ACTION == OP_KILL) { $sql = sprintf("DELETE FROM %s WHERE id = %d", $inventory_table, $invid); $res = $pdb->query($sql); if (!PEAR::isError($res)) { $SUCCESS = "inventory record removed from the system"; } } /** setup the form that goes at the top */ $pc->set_id($productid); $onchange = 'onchange="cmSetSkuField()"'; $fex = new formex('POST'); $fex->add_element('sizes', array('Size', 'select', array(), null, $onchange, 1)); $fex->add_element('colors', array('Colors', 'select', array(), null, $onchange, 1)); $fex->add_element('qty', array('Qty', 'text', 1, array('size' => 3, 'maxlength' => 6), 1)); $fex->add_element('sku', array('SKU', 'text', '', array('size' => 16, 'maxlength' => 64), 1)); if ($USE_ADDERS) { $fex->add_element('adder', array('Adder', 'text', '0.00', array('size' => 7, 'maxlength' => 10), 'onchange="cmAddPrice(this.value)"', 1)); } $fex->add_element('nid', array('id', 'hidden', $productid, null)); $fex->set_element_opts('sizes', array('' => '-----') + cshopUtils::get_all_sizes($pdb)); $fex->set_element_opts('colors', array('' => '-----') + cshopUtils::get_all_colors($pdb)); if (isset($invid) and $ACTION == OP_EDIT) { $sql = sprintf("SELECT i.sizes_id AS sizes, i.colorways_id AS colors, i.qty, i.sku, adder\n , IFNULL((p.price + adder), p.price) AS total_price\n FROM {$inventory_table} i, cm_products p WHERE i.id = %d AND p.id = i.product_id", $invid); $inv_record = $pdb->getRow($sql); $fex->elem_vals = $inv_record; $killlink = sprintf('%s?op_kill=%d&nid=%d', $_SERVER['PHP_SELF'], $invid, $productid); }
$cart_itemcount = $cart->count_items(); if (!$cart_itemcount or PEAR::isError($cart_itemcount)) { header("Location: cart.php"); trigger_error("Attempt to checkout with an empty cart.", E_USER_ERROR); exit; } $fex = new formex(); /* enter user shipping addr, and possibly new Anonymous user account */ if ($ACTION == OP_ADD_SHIP) { $pdb->autoCommit(false); // begin trans, because we have potential two stages here that each can fail validation /* they would like to proceed without choosing a password and such. Create an "anonymous" user object stub and log them in automatically */ if (CSHOP_ALLOW_ANON_ACCOUNT and $auth->has_bypass_flag()) { $user = cmClassFactory::getInstanceOf(CSHOP_CLASSES_USER, $pdb); $fex_anon_user = new formex(); $fex_anon_user->add_element($user->get_anon_colmap()); if (!($errs = $fex_anon_user->validate($_POST))) { $vals = $fex_anon_user->get_submitted_vals($_POST); $res = $user->create_anon_user('', $vals); if (PEAR::isError($res)) { trigger_error($res->getCode(), E_USER_ERROR); } $auth->force_preauth($user->get_id()); // magically logs them in with the new uid } } // save the comments on billing/shipping eitheway, its shared if (!empty($_POST['f_user_comments'])) { $cart->set_user_comment($_POST['f_user_comments']); } if (empty($errs) && !$cart->requires_shipping()) {
$inactive_giftcards = array(); foreach ($orderitems as $item) { $already_activated_cards = empty($item['item_options']['gc_activated']) ? 0 : $item['item_options']['gc_activated']['value']; if ($already_activated_cards < $item['qty'] && !empty($item['item_options']['swi_cm_amt'])) { $item['num_to_activate'] = $item['qty'] - $already_activated_cards; $inactive_giftcards[] = $item; } } $smarty->assign('giftcards', $inactive_giftcards); } /* ORDER UPDATE FORM - built in the USA */ $fex = new formex('POST'); $fex->js_src_inline = true; $fex->field_prefix = ''; $fex->max_size = 25; $fex->add_element($order->colmap); /* add elements for the customer notify */ $fex->add_element('do_notify', array('Notify Customer?', 'toggle')); $fex->add_element('comments', array('Comments', 'textarea')); $fex->add_element('op_update', array('UPDATE', 'submit')); // the button $fex->add_element($reqIdKey, array(null, 'hidden', $itemid)); // important $fex->set_element_opts('orders_status', $order->get_statuses()); $fex->elem_vals = $orderinfo; if (empty($orderinfo['ship_date'])) { $fex->elem_vals['ship_date'] = date('Y-m-d'); } if (empty($orderinfo['delivery_date'])) { $fex->elem_vals['delivery_date'] = date('Y-m-d'); }
} elseif (isset($_GET['productid']) and !empty($_GET['productid'])) { $productid = $_GET['productid']; $ACTION = OP_EDIT; } else { $ACTION = OP_ADD; } /** **/ $pagetitle .= strtolower($ACTION); // make a nice title $errs = array(); $c = CSHOP_CLASSES_PRODUCT; $pc = new $c($pdb); $colmap = $pc->get_colmap(); $fex = new formex('POST'); $fex->convert_empty_string_to_null = true; $fex->add_element($colmap); /** POST rec'd, check valid, proc. upload and save if OK */ if (isset($_POST['f_op']) and ($ACTION == OP_ADD or $ACTION == OP_EDIT)) { $msg = ''; $vals = array(); $img_vals = array(); if ($errs = $fex->validate($_POST)) { // handled below } else { $vals = $fex->get_submitted_vals($_POST); $upfiles = array('imageid' => array(), 'feature_imageid' => array()); // tracks all new files we need to insert in media_prod table /** process each uploaded image **/ foreach ($upfiles as $upfile => $img_vals) { // upfile = name of field with uploaded file in it $uplo = new uploadable("f_{$upfile}");