$user->addr->set_id($req_id);
// it doesn't let you remove other peoples addresses (?)
$user->addr->kill();
$msg = "Address was removed from the system";
header("Location: profile.php?info=" . base64_encode($msg));
exit;
} elseif ($ACTION == OP_SHOW_ORDERS) {
$smarty->assign('order_history', $user->fetch_order_history());
$tpl = 'order_list.tpl';
}
$smarty->assign('errors', $errs);
if ($SHOWFORM) {
/* show one of the fine forms for updates */
$fex = new formex();
$fex->max_size = 24;
$fex->add_element('op', array($ACTION, 'submit'));
if ($ACTION == OP_NEW_USER) {
$fex->add_element($user->get_colmap());
if ($user->do_require_address_on_register) {
$fex->add_element($user->addr->colmap);
$smarty->assign('ADDRESS_REQUIRED', true);
}
} elseif ($ACTION == OP_EDIT_PROFILE) {
$fex->add_element($user->colmap);
$fex->elem_vals = $userinfo;
} elseif ($ACTION == OP_EDIT_ADDR) {
$fex->add_element('addr_id', array('', 'hidden', $req_id, null));
$fex->add_element($user->addr->get_colmap());
$user->addr->set_id($req_id);
$fex->elem_vals = $user->addr->fetch();
}
}
if ($SHOWFORM) {
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->field_prefix = '';
if ($ACTION == OP_EDIT) {
$user->set_id($itemid);
if (!($fex->elem_vals = $user->fetch())) {
$errs[] = 'No such user found';
} else {
if (defined('CSHOP_ALLOW_ANON_ACCOUNT') and empty($fex->elem_vals['email'])) {
$fex->elem_vals['email'] = $fex->elem_vals['anon_email'];
}
$item_name = $fex->elem_vals[$table_namecol];
$fex->add_element($reqIdKey, array('hid id', 'hidden', $itemid, 0));
// important
$confirm_msg = sprintf('This will remove this %s from the site permanently. Are you sure?', $table_title);
$fex->add_element('op_kill', array(OP_KILL, 'submit', null, null, 'onclick="return confirm(\'' . $confirm_msg . '\')"'));
/** get all addrs belonging to this captain **/
$billaddr = $user->fetchBillingAddr();
}
}
$fex->add_element($user->get_colmap());
$fex->add_element('op', array($ACTION, 'submit'));
// the button
if ($orders = $user->fetch_order_history()) {
$table = new fu_HTML_Table(array("width" => "820"));
$table->setAutoGrow(true);
$table->setAutoFill("-");
$table->addRow(array('Order Number', 'Ship name', 'Status', 'Date', 'Amt Quoted'), 'header', false);
$link = sprintf('<a href="../store.edit.php?productid=%d">%s</a>', $k, $txt);
$res .= sprintf("<tr bgcolor=\"%s\"><td align=\"left\">%s</td>\n <td align=\"left\"><input type=\"checkbox\" value=\"%s\" name=\"%s[]\" %s /></td>\n <td align=\"left\"><input type=\"text\" value=\"%s\" name=\"adders_%s\" size=\"8\" /></td></tr>\n", $i % 2 ? '#c9c9c9' : '#dedede', $link, $k, $this->fname, (is_array($fval) and in_array($k, $fval)) ? "checked" : "", isset($adders[$k]) ? $adders[$k] : "0.00", $k);
$i++;
}
$res .= "</td></tr></table>\n\n";
return $res;
}
}
/****************************************************************************/
/*}}}*/
// set up form for validation and forming
$fex = new formex('POST', 'bundler_formex_field');
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->field_prefix = '';
$fex->add_element($bundle->get_colmap());
foreach ($bundle->colmap_help as $elem => $txt) {
$fex->set_elem_helptext($elem, $txt);
}
// handle ADD and EDIT/*{{{*/
if (isset($_POST['op']) and ($ACTION == OP_ADD or $ACTION == OP_EDIT)) {
$errs = $fex->validate($_POST);
$req_id = $_POST['id'];
if (empty($_POST['pcat_req_vals']) or !is_array($_POST['pcat_req_vals'])) {
$errs[] = "Bundle selection was missing!";
} else {
$catquants = join('', array_values($_POST['pcat_req_vals']));
if (empty($catquants)) {
$errs[] = "Bundle must contain one or more categories of products to select from.";
}
}
}
}
}
}
PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'pear_error_handler');
}
if ($msg and !count($errs)) {
/** redir on success **/
header(sprintf("Location: %s?nid=%d&msg=%s", $_SERVER['PHP_SELF'], $productid, base64_encode($msg)));
exit;
}
/** build form **/
$fex = new formex('POST');
$allproducts = $pc->get_product_list();
$fex->js_src_inline = true;
$fex->add_element($colmap);
$fex->set_element_opts('cm_products_relations', $allproducts);
$fex->add_element('op', array($ACTION, 'submit', null, null, 1));
$fex->add_element('nid', array('id', 'hidden', $productid, 1));
$fex->set_elem_default_vals('cm_products_relations', $pc->fetch_related_products());
/** **/
// get message for display if any
if (isset($_GET['msg'])) {
$msg = base64_decode($_GET['msg']);
}
# output template
##############################################################################
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
} elseif (isset($_POST['op_kill']) and $ACTION == OP_KILL) {
$dbc->set_id($itemid);
$res = $dbc->kill();
if (!PEAR::isError($res)) {
$msg = "The selected {$table_title} was totally removed.";
// send back to self with messageness
header("Location: {$_SERVER['PHP_SELF']}?class={$class}&info=" . base64_encode($msg));
} else {
$errs[] = "ERROR: could not delete: " . $res->getMessage();
}
}
if ($SHOWFORM) {
$fex = new formex();
$fex->field_prefix = '';
$fex->js_src_inline = true;
$fex->add_element($colmap);
// all those things in $colmap are in the form now
if (isset($dbc->colmap_help) && is_array($dbc->colmap_help)) {
foreach ($dbc->colmap_help as $k => $text) {
$fex->set_elem_helptext($k, $text);
}
}
$fex->add_element('op', array($ACTION, 'submit'));
// the button
$fex->add_element('class', array(null, 'hidden', $class));
// important
if ($ACTION == OP_EDIT) {
$dbc->set_id($itemid);
$fex->elem_vals = $dbc->fetch('', true);
$fex->add_element('id', array(null, 'hidden', $itemid));
// important
function auth_loginform($failed = 0)
{
global $sess;
global $smarty;
global $fex;
// see note below
$this->error_log('called ' . __FUNCTION__ . '()');
// here we put the entire page using smarty
$smarty->assign("page_id", 'login');
require_once "formex.class.php";
// this is a bad kludge to get uname/pw filled pre-filled-out for users that just
// registered + confirmed their account - if $fex exists it can be filled out with
// a $db_row attrib and maybe $FEx, etc. - see activate.php, e.g.
if (!$fex) {
$fex = new formex();
// try to save any GET params we might have had during timeout
if ($_SERVER['REQUEST_URI']) {
$fex->form_action = $_SERVER['REQUEST_URI'];
}
}
$fex->max_size = 16;
$fex->add_element('username', array('Username/email', 'text', null, array('class' => 'cartLogin'), 1));
$fex->add_element('password', array('Password', 'password', null, array('class' => 'cartLogin'), 1));
$fex->add_element("op_login", array("LOGIN", "submit", 1));
$smarty->assign("cform", $fex->get_struct());
$smarty->assign(array("self" => $_SERVER['PHP_SELF'], "BAD_PASS" => $failed));
$smarty->display("float:checkout_login.tpl");
}
}
$DO_VERIFY = true;
}
if (isset($_GET['op_cancel']) && !empty($_GET['op_cancel'])) {
$fullpathfile = CSHOP_MEDIA_FULLPATH . '/' . stripslashes($_GET['op_cancel']);
if (is_file($fullpathfile)) {
unlink($fullpathfile);
}
}
if ($SHOWFORM) {
$uploform = new formex();
$uploform->left_td_style = '';
$uploform->field_prefix = '';
#$uploform->add_element('hdr1', array('<b>Options:</b>', 'heading'));
#$uploform->add_element('do_create_new', array('Create new products/inventory items?', 'toggle'));
$uploform->add_element('skip_first_row', array('Skip first row?', 'toggle'));
//$uploform->add_element('do_reset_zero', array('zero quantities for all existing SKUs not found in the uploaded data?', 'toggle'));
$uploform->add_element('datafile', array('Data File', 'file', true));
$uploform->add_element('op_up', array('NEXT', 'submit'));
}
##############################################################################
# output template
##############################################################################
$smarty->display('control/header.tpl');
?>
<div id="loadInventoryWrap">
<h2 class="headline">Inventory Data Loader</h2>
<? if (!empty($errs)) { ?>
<div class="userError">
Errors occurred while processing your request.
* DELETE CASCADE would take care of this but this is mysql afterall */
$sql = sprintf("DELETE FROM products_categories WHERE categoryid = %d", $mfrid);
$res = $pdb->query($sql);
$sql = sprintf("DELETE FROM bundle_categories WHERE categoryid = %d", $mfrid);
$res = $pdb->query($sql);
$sql = sprintf("DELETE FROM manufacturers WHERE id = %d", $mfrid);
$res = $pdb->query($sql);
$msg = "The selected manufacturer was totally removed.";
// send back to self with messageness
header("Location: {$_SERVER['PHP_SELF']}?info=" . base64_encode($msg));
}
if ($SHOWFORM) {
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->add_element($colmap);
// all those things in $colmap are in the form now
$fex->add_element('op', array($ACTION, 'submit'));
// the button
if ($ACTION == OP_EDIT) {
$sql = sprintf("SELECT sName, descrip\n , m.sFilename AS iconid\n FROM manufacturers mfr LEFT JOIN media m ON (m.id = mfr.iconid)\n WHERE mfr.id = %d", $mfrid);
$fex->elem_vals = $pdb->getRow($sql);
$fex->add_element('id', array('hid id', 'hidden', $mfrid));
// important
$cat_name = $fex->elem_vals['sName'];
/** if there are zero products in this manufacturer, let them delete it **/
$sql = sprintf("SELECT COUNT(*) FROM products WHERE manufacturerid = %d", $mfrid);
$product_count = $pdb->getOne($sql);
if ($product_count) {
$confirm_msg = "There are {$product_count} products that are associated with this manufacturer. You cannot delete the manufacturer until all these products have been removed or reassigned";
$fex->add_element('op_kill', array(OP_KILL, 'submit', null, null, 'onclick="alert(\'' . $confirm_msg . '\'); return false"'));
} elseif (isset($_GET['op_edit'])) {
$ACTION = OP_EDIT;
$req_id = $_GET['op_edit'];
}
if ($ACTION) {
$SHOWFORM = true;
}
/** either show an adding/editing form **************************************************/
if ($SHOWFORM) {
$c = CSHOP_CLASSES_PRODUCT;
$pc = new $c($pdb);
$fex = new formex();
$fex->js_src_inline = true;
$fex->left_td_style = '';
$fex->field_prefix = '';
$fex->add_element($sm->colmap_zones);
// all those things in $colmap are in the form now
$fex->add_element('op', array($ACTION, 'submit'));
// the button
$country_opts = formex::get_country_opts(true);
$fex->set_element_opts('cm_shipmethods_zone_locales', $country_opts);
if ($ACTION == OP_EDIT) {
$vals = $sm->fetch_zone($req_id);
/* convert linear array of ISO codes to isocode => countryname */
$cy = array();
foreach ($vals['cm_shipmethods_zone_locales'] as $iso) {
$cy[$iso] = $country_opts[$iso];
}
$vals['cm_shipmethods_zone_locales'] = $cy;
$fex->elem_vals = $vals;
$method_title = $vals['zone_name'];
}
/** we didnt have a post - so set ACTION flags depending on some GET inputs */
if (isset($_GET['op_edit']) and is_numeric($_GET['op_edit'])) {
$ACTION |= OP_EDIT;
$dbc->set_id($_GET['op_edit']);
} elseif (isset($_GET['op_add'])) {
$ACTION |= OP_ADD;
}
/** create a formex() object to make a form */
if ($ACTION) {
$fex = new formex();
$fex->field_prefix = '';
$fex->left_td_style = '';
$fex->extra_js_src_dir = "/control/formex_js";
$fex->rte_js_src_dir = "/control/formex_js";
$fex->add_element($colmap);
if ($ACTION & OP_EDIT) {
$fex->add_element('but', array('EDIT', 'submit'));
$s = $dbc->fetch_content();
$vals = array_pop($s);
$fex->elem_default_vals = $vals;
if ($vals['id']) {
$fex->add_element('id', array(null, 'hidden', $dbc->get_id(), null));
}
$confirm_msg = 'This will remove this item from the site permanently. Are you sure?';
$fex->add_element('op_kill', array('REMOVE', 'submit', null, array('class' => 'ccomKillSwitch'), "onclick=\"return confirm('{$confirm_msg}')\""));
if (isset($vals[$dbc->_table_namecol])) {
$crumbs[$vals[$dbc->_table_namecol]] = $_SERVER['PHP_SELF'] . "?{$base_get_vars}&op_edit=" . $vals['id'];
}
$action_name = 'edit';
} else {
if (PEAR::isError($res)) {
$errs[] = $res->getMessage();
} else {
$msg = "Product media file was successfully removed";
}
}
}
if ($msg and !count($errs)) {
/** redir on success **/
header(sprintf("Location: %s?nid=%d&msg=%s", $_SERVER['PHP_SELF'], $productid, base64_encode($msg)));
exit;
}
if ($ACTION == OP_ADD or $ACTION == OP_EDIT) {
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->add_element($colmap);
$fex->add_element('op', array($ACTION, 'submit', null, null, 1));
$fex->add_element('nid', array('id', 'hidden', $productid, null));
$fex->set_element_opts('colorways_id', cshopUtils::get_all_colors($pdb, true));
if ($ACTION == OP_EDIT) {
$sql = sprintf("SELECT colorways_id, order_weight, class, filename_large AS upfile\n FROM {$tablename} WHERE id = %d", $reqid);
$row = $pdb->getRow($sql);
$fex->elem_vals = $row;
$fex->add_element('reqid', array('reqid', 'hidden', $reqid, null));
$fex->add_element('op_kill', array(OP_KILL, 'submit', null, null, 'onclick="return confirm(\'Are you sure?\')"'));
}
} else {
/** list all cm_categories in one big ass dump using HTML_Table **/
$table = new fu_HTML_Table(array('width' => '90%', 'align' => 'center'));
$table->setAutoGrow(true);
$table->setAutoFill("-");
} else {
$res = $user->change_pword($newpw);
if (PEAR::isError($res) and $res->getMessage() != 'warning: 0 rows were changed') {
$err = $res->getMessage();
}
// added these 2 $_SESSION lines as a hack for momenta :/
$_SESSION['email'] = $user->get_email();
$_SESSION['name'] = $user->get_full_name();
$user->force_pword_change(false);
$auth->force_preauth($user->get_id());
}
}
if ($err) {
$smarty->assign('BACK_LINK', sprintf("%s?%s=%s&u=%d", $_SERVER['PHP_SELF'], $recover_key_name, $_POST['f_mash'], $_POST['f_uid']));
$smarty->assign('CHANGE_ERROR', $err);
} else {
$smarty->assign('CHANGE_SUCCESS', true);
}
}
/*** form for getting email addr (step 1) only **/
if ($SHOWFORM) {
$fex = new formex();
$fex->add_element('op', array($ACTION, 'submit'));
if ($ACTION == OP_GET_EMAIL) {
$fex->add_element('email', array('Enter your username or email address', 'email', null, array('size' => 40), 1));
}
$smarty->assign('cform', $fex->get_struct());
}
$tpl = 'pass.recover.tpl';
$smarty->assign('ACTION', $ACTION);
$smarty->display("float:{$tpl}");
$ERROR = $res->getMessage();
}
}
PEAR::popErrorHandling();
} elseif ($ACTION == OP_KILL) {
$sql = sprintf("DELETE FROM %s WHERE id = %d", $inventory_table, $invid);
$res = $pdb->query($sql);
if (!PEAR::isError($res)) {
$SUCCESS = "inventory record removed from the system";
}
}
/** setup the form that goes at the top */
$pc->set_id($productid);
$onchange = 'onchange="cmSetSkuField()"';
$fex = new formex('POST');
$fex->add_element('sizes', array('Size', 'select', array(), null, $onchange, 1));
$fex->add_element('colors', array('Colors', 'select', array(), null, $onchange, 1));
$fex->add_element('qty', array('Qty', 'text', 1, array('size' => 3, 'maxlength' => 6), 1));
$fex->add_element('sku', array('SKU', 'text', '', array('size' => 16, 'maxlength' => 64), 1));
if ($USE_ADDERS) {
$fex->add_element('adder', array('Adder', 'text', '0.00', array('size' => 7, 'maxlength' => 10), 'onchange="cmAddPrice(this.value)"', 1));
}
$fex->add_element('nid', array('id', 'hidden', $productid, null));
$fex->set_element_opts('sizes', array('' => '-----') + cshopUtils::get_all_sizes($pdb));
$fex->set_element_opts('colors', array('' => '-----') + cshopUtils::get_all_colors($pdb));
if (isset($invid) and $ACTION == OP_EDIT) {
$sql = sprintf("SELECT i.sizes_id AS sizes, i.colorways_id AS colors, i.qty, i.sku, adder\n , IFNULL((p.price + adder), p.price) AS total_price\n FROM {$inventory_table} i, cm_products p WHERE i.id = %d AND p.id = i.product_id", $invid);
$inv_record = $pdb->getRow($sql);
$fex->elem_vals = $inv_record;
$killlink = sprintf('%s?op_kill=%d&nid=%d', $_SERVER['PHP_SELF'], $invid, $productid);
}
$cart_itemcount = $cart->count_items();
if (!$cart_itemcount or PEAR::isError($cart_itemcount)) {
header("Location: cart.php");
trigger_error("Attempt to checkout with an empty cart.", E_USER_ERROR);
exit;
}
$fex = new formex();
/* enter user shipping addr, and possibly new Anonymous user account */
if ($ACTION == OP_ADD_SHIP) {
$pdb->autoCommit(false);
// begin trans, because we have potential two stages here that each can fail validation
/* they would like to proceed without choosing a password and such. Create an "anonymous" user object stub and log them in automatically */
if (CSHOP_ALLOW_ANON_ACCOUNT and $auth->has_bypass_flag()) {
$user = cmClassFactory::getInstanceOf(CSHOP_CLASSES_USER, $pdb);
$fex_anon_user = new formex();
$fex_anon_user->add_element($user->get_anon_colmap());
if (!($errs = $fex_anon_user->validate($_POST))) {
$vals = $fex_anon_user->get_submitted_vals($_POST);
$res = $user->create_anon_user('', $vals);
if (PEAR::isError($res)) {
trigger_error($res->getCode(), E_USER_ERROR);
}
$auth->force_preauth($user->get_id());
// magically logs them in with the new uid
}
}
// save the comments on billing/shipping eitheway, its shared
if (!empty($_POST['f_user_comments'])) {
$cart->set_user_comment($_POST['f_user_comments']);
}
if (empty($errs) && !$cart->requires_shipping()) {
$inactive_giftcards = array();
foreach ($orderitems as $item) {
$already_activated_cards = empty($item['item_options']['gc_activated']) ? 0 : $item['item_options']['gc_activated']['value'];
if ($already_activated_cards < $item['qty'] && !empty($item['item_options']['swi_cm_amt'])) {
$item['num_to_activate'] = $item['qty'] - $already_activated_cards;
$inactive_giftcards[] = $item;
}
}
$smarty->assign('giftcards', $inactive_giftcards);
}
/* ORDER UPDATE FORM - built in the USA */
$fex = new formex('POST');
$fex->js_src_inline = true;
$fex->field_prefix = '';
$fex->max_size = 25;
$fex->add_element($order->colmap);
/* add elements for the customer notify */
$fex->add_element('do_notify', array('Notify Customer?', 'toggle'));
$fex->add_element('comments', array('Comments', 'textarea'));
$fex->add_element('op_update', array('UPDATE', 'submit'));
// the button
$fex->add_element($reqIdKey, array(null, 'hidden', $itemid));
// important
$fex->set_element_opts('orders_status', $order->get_statuses());
$fex->elem_vals = $orderinfo;
if (empty($orderinfo['ship_date'])) {
$fex->elem_vals['ship_date'] = date('Y-m-d');
}
if (empty($orderinfo['delivery_date'])) {
$fex->elem_vals['delivery_date'] = date('Y-m-d');
}
} elseif (isset($_GET['productid']) and !empty($_GET['productid'])) {
$productid = $_GET['productid'];
$ACTION = OP_EDIT;
} else {
$ACTION = OP_ADD;
}
/** **/
$pagetitle .= strtolower($ACTION);
// make a nice title
$errs = array();
$c = CSHOP_CLASSES_PRODUCT;
$pc = new $c($pdb);
$colmap = $pc->get_colmap();
$fex = new formex('POST');
$fex->convert_empty_string_to_null = true;
$fex->add_element($colmap);
/** POST rec'd, check valid, proc. upload and save if OK */
if (isset($_POST['f_op']) and ($ACTION == OP_ADD or $ACTION == OP_EDIT)) {
$msg = '';
$vals = array();
$img_vals = array();
if ($errs = $fex->validate($_POST)) {
// handled below
} else {
$vals = $fex->get_submitted_vals($_POST);
$upfiles = array('imageid' => array(), 'feature_imageid' => array());
// tracks all new files we need to insert in media_prod table
/** process each uploaded image **/
foreach ($upfiles as $upfile => $img_vals) {
// upfile = name of field with uploaded file in it
$uplo = new uploadable("f_{$upfile}");
