Exemple #1
0
function nzshpcrt_submit_ajax()
{
    global $wpdb, $user_level, $wp_rewrite;
    get_currentuserinfo();
    if (get_option('permalink_structure') != '') {
        $seperator = "?";
    } else {
        $seperator = "&";
    }
    $cartt = $_SESSION['nzshpcrt_cart'];
    $cartt1 = $cartt[0]->product_id;
    // if is an AJAX request, cruddy code, could be done better but getting approval would be impossible
    if ($_POST['ajax'] == "true" || $_GET['ajax'] == "true") {
        if ($_POST['changetax'] == "true") {
            if (isset($_POST['billing_region'])) {
                $billing_region = $_POST['billing_region'];
            } else {
                $billing_region = $_SESSION['selected_region'];
            }
            $billing_country = $_POST['billing_country'];
            foreach ($cartt as $cart_item) {
                $product_id = $cart_item->product_id;
                $quantity = $cart_item->quantity;
                //echo("<pre>".print_r($cart_item->product_variations,true)."</pre>");
                $product = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "product_list` WHERE `id` = '{$product_id}' LIMIT 1", ARRAY_A);
                if ($product['donation'] == 1) {
                    $price = $quantity * $cart_item->donation_price;
                } else {
                    $price = $quantity * calculate_product_price($product_id, $cart_item->product_variations);
                    if ($product['notax'] != 1) {
                        $tax += nzshpcrt_calculate_tax($price, $billing_country, $billing_region) - $price;
                    }
                    $all_donations = false;
                }
                if ($_SESSION['delivery_country'] != null) {
                    $total_shipping += nzshpcrt_determine_item_shipping($product['id'], $quantity, $_SESSION['delivery_country']);
                }
            }
            echo $tax . ":" . $price . ":" . $total_shipping;
            exit;
        }
        if ($_POST['submittogoogle']) {
            $newvalue = $_POST['value'];
            $amount = $_POST['amount'];
            $reason = $_POST['reason'];
            $comment = $_POST['comment'];
            $message = $_POST['message'];
            $amount = number_format($amount, 2, '.', '');
            $log_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "purchase_logs` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1", ARRAY_A);
            if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
                wpsc_member_activate_subscriptions($_POST['id']);
            }
            $google_status = unserialize($log_data['google_status']);
            switch ($newvalue) {
                case "Charge":
                    if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
                        if ($amount == '') {
                            $google_status['0'] = 'Partially Charged';
                        } else {
                            $google_status['0'] = 'CHARGED';
                            $google_status['partial_charge_amount'] = $amount;
                        }
                    }
                    break;
                case "Cancel":
                    if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
                        $google_status[0] = 'CANCELLED';
                    }
                    if ($google_status[1] != 'DELIVERED') {
                        $google_status[1] = 'WILL_NOT_DELIVER';
                    }
                    break;
                case "Refund":
                    if ($amount == '') {
                        $google_status['0'] = 'Partially Refund';
                    } else {
                        $google_status['0'] = 'REFUND';
                        $google_status['partial_refund_amount'] = $amount;
                    }
                    break;
                case "Ship":
                    if ($google_status[1] != 'WILL_NOT_DELIVER') {
                        $google_status[1] = 'DELIVERED';
                    }
                    break;
                case "Archive":
                    $google_status[1] = 'ARCHIVED';
                    break;
            }
            $google_status_sql = "UPDATE `" . $wpdb->prefix . "purchase_logs` SET google_status='" . serialize($google_status) . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
            $wpdb->query($google_status_sql);
            $merchant_id = get_option('google_id');
            $merchant_key = get_option('google_key');
            $server_type = get_option('google_server_type');
            $currency = get_option('google_cur');
            $Grequest = new GoogleRequest($merchant_id, $merchant_key, $server_type, $currency);
            $google_order_number = $wpdb->get_var("SELECT google_order_number FROM `" . $wpdb->prefix . "purchase_logs` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1");
            switch ($newvalue) {
                case 'Charge':
                    $Grequest->SendChargeOrder($google_order_number, $amount);
                    break;
                case 'Ship':
                    $Grequest->SendDeliverOrder($google_order_number);
                    break;
                case 'Archive':
                    $Grequest->SendArchiveOrder($google_order_number);
                    break;
                case 'Refund':
                    $Grequest->SendRefundOrder($google_order_number, $amount, $reason);
                    break;
                case 'Cancel':
                    $Grequest->SendCancelOrder($google_order_number, $reason, $comment);
                    break;
                case 'Send Message':
                    $Grequest->SendBuyerMessage($google_order_number, $message);
                    break;
            }
            $newvalue++;
            $update_sql = "UPDATE `" . $wpdb->prefix . "purchase_logs` SET `processed` = '" . $newvalue . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
            //$wpdb->query($update_sql);
            exit;
        }
        ////changes for usps
        if ($_POST['uspsswitch']) {
            foreach ($_SESSION['uspsQuote'] as $quotes) {
                $total = $_POST['total'];
                if ($quotes[$_POST['key']] != '') {
                    echo nzshpcrt_currency_display($total + $quotes[$_POST['key']], 1);
                    echo "<input type='hidden' value='" . $total . "' id='shopping_cart_total_price'>";
                    $_SESSION['usps_shipping'] = $quotes[$_POST['key']];
                }
            }
            exit;
        }
        //changes for usps ends
        if ($_GET['user'] == "true" && is_numeric($_POST['prodid'])) {
            $memberstatus = get_product_meta($_POST['prodid'], 'is_membership', true);
            if ($memberstatus[0] == '1' && $_SESSION['nzshopcrt_cart'] != NULL) {
            } else {
                $sql = "SELECT * FROM `" . $wpdb->prefix . "product_list` WHERE `id`='" . $_POST['prodid'] . "' LIMIT 1";
                $item_data = $wpdb->get_results($sql, ARRAY_A);
                $item_quantity = 0;
                if ($_SESSION['nzshpcrt_cart'] != null) {
                    foreach ($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
                        if ($memberstatus[0] != '1' && $_SESSION['nzshpcrt_cart'] != NULL) {
                            if ($cart_item->product_id == $_POST['prodid']) {
                                if ($_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $_POST['variation'] && $_SESSION['nzshpcrt_cart'][$cart_key]->extras === $_POST['extras']) {
                                    $item_quantity += $_SESSION['nzshpcrt_cart'][$cart_key]->quantity;
                                    $item_variations = $_SESSION['nzshpcrt_cart'][$cart_key]->product_variations;
                                }
                            }
                        }
                    }
                }
                $item_stock = null;
                $variation_count = count($_POST['variation']);
                if ($variation_count >= 1 && $variation_count <= 2) {
                    foreach ($_POST['variation'] as $variation_id) {
                        if (is_numeric($variation_id)) {
                            $variation_ids[] = (int) $variation_id;
                        }
                    }
                    if (count($variation_ids) == 2) {
                        $variation_stock_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "variation_priceandstock` WHERE `product_id` = '" . $_POST['prodid'] . "' AND (`variation_id_1` = '" . $variation_ids[0] . "' AND `variation_id_2` = '" . $variation_ids[1] . "') OR (`variation_id_1` = '" . $variation_ids[1] . "' AND `variation_id_2` = '" . $variation_ids[0] . "') LIMIT 1", ARRAY_A);
                        $item_stock = $variation_stock_data['stock'];
                    } else {
                        if (count($variation_ids) == 1) {
                            $variation_stock_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "variation_priceandstock` WHERE `product_id` = '" . $_POST['prodid'] . "' AND (`variation_id_1` = '" . $variation_ids[0] . "' AND `variation_id_2` = '0') LIMIT 1", ARRAY_A);
                            $item_stock = $variation_stock_data['stock'];
                        }
                    }
                }
                if ($item_stock === null) {
                    $item_stock = $item_data[0]['quantity'];
                }
                if ($item_data[0]['quantity_limited'] == 1 && $item_stock > 0 && $item_stock > $item_quantity || $item_data[0]['quantity_limited'] == 0) {
                    $cartcount = count($_SESSION['nzshpcrt_cart']);
                    if (is_array($_POST['variation'])) {
                        $variations = $_POST['variation'];
                    } else {
                        $variations = null;
                    }
                    if (is_array($_POST['extras'])) {
                        $extras = $_POST['extras'];
                    } else {
                        $extras = null;
                    }
                    $updated_quantity = false;
                    if ($_SESSION['nzshpcrt_cart'] != null) {
                        foreach ($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
                            if (!($memberstatus[0] == '1') && count($_SESSION['nzshpcrt_cart']) > 0) {
                                if ((int) $cart_item->product_id === (int) $_POST['prodid']) {
                                    // force both to integer before testing for identicality
                                    if ($_SESSION['nzshpcrt_cart'][$cart_key]->extras === $extras && $_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $variations && (int) $_SESSION['nzshpcrt_cart'][$cart_key]->donation_price == (int) $_POST['donation_price']) {
                                        if (is_numeric($_POST['quantity'])) {
                                            $_SESSION['nzshpcrt_cart'][$cart_key]->quantity += (int) $_POST['quantity'];
                                        } else {
                                            $_SESSION['nzshpcrt_cart'][$cart_key]->quantity++;
                                        }
                                        $updated_quantity = true;
                                    }
                                }
                            }
                        }
                    }
                    if ($item_data[0]['donation'] == 1) {
                        $donation = $_POST['donation_price'];
                    } else {
                        $donation = false;
                    }
                    if (!($memberstatus[0] == '1' && count($_SESSION['nzshpcrt_cart']) > 0)) {
                        $status = get_product_meta($cartt1, 'is_membership', true);
                        if ($status[0] == '1') {
                            exit;
                        }
                        if ($updated_quantity === false) {
                            if (is_numeric($_POST['quantity'])) {
                                if ($_POST['quantity'] > 0) {
                                    $new_cart_item = new cart_item($_POST['prodid'], $variations, $_POST['quantity'], $donation, $extras);
                                }
                            } else {
                                //echo "correct";
                                $new_cart_item = new cart_item($_POST['prodid'], $variations, 1, $donation, $extras);
                            }
                            $_SESSION['nzshpcrt_cart'][] = $new_cart_item;
                        }
                    }
                } else {
                    $quantity_limit = true;
                }
                $cart = $_SESSION['nzshpcrt_cart'];
                if ($memberstatus[0] == '1' && count($cart) > 1) {
                } else {
                    $status = get_product_meta($cartt1, 'is_membership', true);
                    if ($status[0] == '1') {
                        exit('st');
                    }
                    echo "if(document.getElementById('shoppingcartcontents') != null)\n\t\t\t\t\t  {\n\t\t\t\t\t  document.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart, $quantity_limit))) . "\";\n\t\t\t\t\t  }\n\t\t\t\t\t";
                    if ($_POST['prodid'] != null && get_option('fancy_notifications') == 1) {
                        echo "if(document.getElementById('fancy_notification_content') != null)\n\t\t\t\t\t  {\n\t\t\t\t\t  document.getElementById('fancy_notification_content').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(fancy_notification_content($_POST['prodid'], $quantity_limit))) . "\";\n\t\t\t\t\t  jQuery('#loading_animation').css('display', 'none');\n\t\t\t\t\t  jQuery('#fancy_notification_content').css('display', 'block');  \n\t\t\t\t\t  }\n\t\t\t\t\t";
                    }
                    if ($_SESSION['slider_state'] == 0) {
                        echo 'jQuery("#sliding_cart").css({ display: "none"});' . "\n\r";
                    } else {
                        echo 'jQuery("#sliding_cart").css({ display: "block"});' . "\n\r";
                    }
                }
            }
            exit;
        } else {
            if ($_POST['user'] == "true" && $_POST['emptycart'] == "true") {
                //exit("/* \n\r ".get_option('shopping_cart_url')." \n\r ".print_r($_POST,true)." \n\r */");
                $_SESSION['nzshpcrt_cart'] = '';
                $_SESSION['nzshpcrt_cart'] = array();
                echo "if(document.getElementById('shoppingcartcontents') != null) {   \n\t\t\tdocument.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart))) . "\";\n\t\t\t}\n\r";
                if ($_POST['current_page'] == get_option('shopping_cart_url')) {
                    echo "window.location = '" . get_option('shopping_cart_url') . "';\n\r";
                    // if we are on the checkout page, redirect back to it to clear the non-ajax cart too
                }
                exit;
            }
        }
        if ($_POST['store_list'] == "true") {
            $map_data['address'] = $_POST['addr'];
            $map_data['city'] = $_POST['city'];
            $map_data['country'] = 'US';
            $map_data['zipcode'] = '';
            $map_data['radius'] = '50000';
            $map_data['state'] = '';
            $map_data['submit'] = 'Find Store';
            $stores = getdistance($map_data);
            $i = 0;
            while ($rows = mysql_fetch_array($stores)) {
                //echo "<pre>".print_r($rows,1)."</pre>";
                if ($i == 0) {
                    $closest_store = $rows[5];
                }
                $i++;
                $store_list[$i] = $rows[5];
            }
            foreach ($store_list as $store) {
                $output .= "<option value='{$store}'>{$store}</option>";
            }
            echo $output;
            exit;
        }
        if ($_POST['admin'] == "true") {
            if (is_numeric($_POST['prodid'])) {
                /* fill product form */
                echo nzshpcrt_getproductform($_POST['prodid']);
                exit;
            } else {
                if (is_numeric($_POST['catid'])) {
                    /* fill category form */
                    echo nzshpcrt_getcategoryform($_POST['catid']);
                    exit;
                } else {
                    if (is_numeric($_POST['brandid'])) {
                        /* fill brand form */
                        echo nzshpcrt_getbrandsform($_POST['brandid']);
                        exit;
                    } else {
                        if (is_numeric($_POST['variation_id'])) {
                            echo nzshpcrt_getvariationform($_POST['variation_id']);
                            exit;
                        }
                    }
                }
            }
            if ($_POST['hide_ecom_dashboard'] == 'true') {
                require_once ABSPATH . WPINC . '/rss.php';
                $rss = fetch_rss('http://www.instinct.co.nz/feed/');
                $rss->items = array_slice($rss->items, 0, 5);
                $rss_hash = sha1(serialize($rss->items));
                update_option('wpsc_ecom_news_hash', $rss_hash);
                exit(1);
            }
            if ($_POST['remove_meta'] == 'true' && is_numeric($_POST['meta_id'])) {
                $meta_id = (int) $_POST['meta_id'];
                $selected_meta = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}wpsc_productmeta` WHERE `id` IN('{$meta_id}') ", ARRAY_A);
                if ($selected_meta != null) {
                    if ($wpdb->query("DELETE FROM `{$wpdb->prefix}wpsc_productmeta` WHERE `id` IN('{$meta_id}')  LIMIT 1")) {
                        echo $meta_id;
                        exit;
                    }
                }
                echo 0;
                exit;
            }
            exit;
        }
        if (is_numeric($_POST['currencyid'])) {
            $currency_data = $wpdb->get_results("SELECT `symbol`,`symbol_html`,`code` FROM `" . $wpdb->prefix . "currency_list` WHERE `id`='" . $_POST['currencyid'] . "' LIMIT 1", ARRAY_A);
            $price_out = null;
            if ($currency_data[0]['symbol'] != '') {
                $currency_sign = $currency_data[0]['symbol_html'];
            } else {
                $currency_sign = $currency_data[0]['code'];
            }
            echo $currency_sign;
            exit;
        }
        //echo "--==->";
        if ($_POST['buynow'] == "true") {
            $id = $_REQUEST['product_id'];
            $price = $_REQUEST['price'];
            $downloads = get_option('max_downloads');
            $product_sql = "SELECT * FROM " . $wpdb->prefix . "product_list WHERE id = " . $id . " LIMIT 1";
            $product_info = $wpdb->get_results($product_sql, ARRAY_A);
            $product_info = $product_info[0];
            $sessionid = mt_rand(100, 999) . time();
            $sql = "INSERT INTO `" . $wpdb->prefix . "purchase_logs` ( `totalprice` , `sessionid` , `date`, `billing_country`, `shipping_country`,`shipping_region`, `user_ID`, `discount_value` ) VALUES ( '" . $price . "', '" . $sessionid . "', '" . time() . "', 'BuyNow', 'BuyNow', 'BuyNow' , NULL , 0)";
            $wpdb->query($sql);
            $log_id = $wpdb->get_var("SELECT `id` FROM `" . $wpdb->prefix . "purchase_logs` WHERE `sessionid` IN('" . $sessionid . "') LIMIT 1");
            $cartsql = "INSERT INTO `" . $wpdb->prefix . "cart_contents` ( `prodid` , `purchaseid`, `price`, `pnp`, `gst`, `quantity`, `donation`, `no_shipping` ) VALUES ('" . $id . "', '" . $log_id . "','" . $price . "','0', '0','1', '" . $donation . "', '1')";
            $wpdb->query($cartsql);
            $wpdb->query("INSERT INTO `" . $wpdb->prefix . "download_status` ( `fileid` , `purchid` , `downloads` , `active` , `datetime` ) VALUES ( '" . $product_info['file'] . "', '" . $log_id . "', '{$downloads}', '0', NOW( ));");
            exit;
        }
        if ($_POST['changeorder'] == "true" && is_numeric($_POST['category_id'])) {
            $category_id = (int) $_POST['category_id'];
            $hash = $_POST['sort1'];
            $order = 1;
            foreach ($hash as $id) {
                $wpdb->query("UPDATE `" . $wpdb->prefix . "product_order` SET `order`={$order} WHERE `product_id`=" . (int) $id . " AND `category_id`=" . (int) $category_id . " LIMIT 1");
                $order++;
            }
            exit(" ");
        }
        /* rate item */
        if ($_POST['rate_item'] == "true" && is_numeric($_POST['product_id']) && is_numeric($_POST['rating'])) {
            $nowtime = time();
            $prodid = $_POST['product_id'];
            $ip_number = $_SERVER['REMOTE_ADDR'];
            $rating = $_POST['rating'];
            $cookie_data = explode(",", $_COOKIE['voting_cookie'][$prodid]);
            if (is_numeric($cookie_data[0]) && $cookie_data[0] > 0) {
                $vote_id = $cookie_data[0];
                $wpdb->query("UPDATE `" . $wpdb->prefix . "product_rating` SET `rated` = '" . $rating . "' WHERE `id` ='" . $vote_id . "' LIMIT 1 ;");
            } else {
                $insert_sql = "INSERT INTO `" . $wpdb->prefix . "product_rating` ( `ipnum`  , `productid` , `rated`, `time`) VALUES ( '" . $ip_number . "', '" . $prodid . "', '" . $rating . "', '" . $nowtime . "');";
                $wpdb->query($insert_sql);
                $data = $wpdb->get_results("SELECT `id`,`rated` FROM `" . $wpdb->prefix . "product_rating` WHERE `ipnum`='" . $ip_number . "' AND `productid` = '" . $prodid . "'  AND `rated` = '" . $rating . "' AND `time` = '" . $nowtime . "' ORDER BY `id` DESC LIMIT 1", ARRAY_A);
                $vote_id = $data[0]['id'];
                setcookie("voting_cookie[{$prodid}]", $vote_id . "," . $rating, time() + 60 * 60 * 24 * 360);
            }
            $output[1] = $prodid;
            $output[2] = $rating;
            echo $output[1] . "," . $output[2];
            exit;
        }
        //written by allen
        if ($_REQUEST['save_tracking_id'] == "true") {
            $id = $_POST['id'];
            $value = $_POST['value'];
            $update_sql = "UPDATE " . $wpdb->prefix . "purchase_logs SET track_id = '" . $value . "' WHERE id={$id}";
            $wpdb->query($update_sql);
            exit;
        }
        if ($_POST['get_rating_count'] == "true" && is_numeric($_POST['product_id'])) {
            $prodid = $_POST['product_id'];
            $data = $wpdb->get_results("SELECT COUNT(*) AS `count` FROM `" . $wpdb->prefix . "product_rating` WHERE `productid` = '" . $prodid . "'", ARRAY_A);
            echo $data[0]['count'] . "," . $prodid;
            exit;
        }
        /// Pointless AJAX call is pointless
        // 	if(isset($_POST['changeperpage'])) {
        // 		$item_per_page = $_POST['changeperpage'];
        // 		echo $item_per_page;
        // 		exit();
        // 	}
        if ($_POST['remove_variation_value'] == "true" && is_numeric($_POST['variation_value_id'])) {
            $wpdb->query("DELETE FROM `" . $wpdb->prefix . "variation_values_associations` WHERE `value_id` = '" . $_POST['variation_value_id'] . "'");
            $wpdb->query("DELETE FROM `" . $wpdb->prefix . "variation_values` WHERE `id` = '" . $_POST['variation_value_id'] . "' LIMIT 1");
            exit;
        }
        if ($_POST['get_updated_price'] == "true" && is_numeric($_POST['product_id'])) {
            $notax = $wpdb->get_var("SELECT `notax` FROM `" . $wpdb->prefix . "product_list` WHERE `id` IN('" . $_POST['product_id'] . "') LIMIT 1");
            foreach ((array) $_POST['variation'] as $variation) {
                if (is_numeric($variation)) {
                    $variations[] = $variation;
                }
            }
            foreach ((array) $_POST['extra'] as $extra) {
                if (is_numeric($extra)) {
                    $extras[] = $extra;
                }
            }
            $pm = $_POST['pm'];
            echo "product_id=" . $_POST['product_id'] . ";\n";
            echo "price=\"" . nzshpcrt_currency_display(calculate_product_price($_POST['product_id'], $variations, 'stay', $extras), $notax) . "\";\n";
            //exit(print_r($extras,1));
            exit;
        }
        if ($_REQUEST['log_state'] == "true" && is_numeric($_POST['id']) && is_numeric($_POST['value'])) {
            $newvalue = $_POST['value'];
            if ($_REQUEST['suspend'] == 'true') {
                if ($_REQUEST['value'] == 1) {
                    wpsc_member_dedeactivate_subscriptions($_POST['id']);
                } else {
                    wpsc_member_deactivate_subscriptions($_POST['id']);
                }
                exit;
            } else {
                $log_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "purchase_logs` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1", ARRAY_A);
                if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
                    wpsc_member_activate_subscriptions($_POST['id']);
                }
                $update_sql = "UPDATE `" . $wpdb->prefix . "purchase_logs` SET `processed` = '" . $newvalue . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
                $wpdb->query($update_sql);
                //echo("/*");
                if ($newvalue > $log_data['processed'] && $log_data['processed'] < 2) {
                    transaction_results($log_data['sessionid'], false);
                }
                //echo("*/");
                $stage_sql = "SELECT * FROM `" . $wpdb->prefix . "purchase_statuses` WHERE `id`='" . $newvalue . "' AND `active`='1' LIMIT 1";
                $stage_data = $wpdb->get_row($stage_sql, ARRAY_A);
                echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").innerHTML = '" . $stage_data['name'] . "';\n";
                echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").style.color = '#" . $stage_data['colour'] . "';\n";
                $year = date("Y");
                $month = date("m");
                $start_timestamp = mktime(0, 0, 0, $month, 1, $year);
                $end_timestamp = mktime(0, 0, 0, $month + 1, 0, $year);
                echo "document.getElementById(\"log_total_month\").innerHTML = '" . addslashes(nzshpcrt_currency_display(admin_display_total_price($start_timestamp, $end_timestamp), 1)) . "';\n";
                echo "document.getElementById(\"log_total_absolute\").innerHTML = '" . addslashes(nzshpcrt_currency_display(admin_display_total_price(), 1)) . "';\n";
                exit;
            }
        }
        if ($_POST['list_variation_values'] == "true" && is_numeric($_POST['new_variation_id'])) {
            $variation_processor = new nzshpcrt_variations();
            echo "variation_value_id = \"" . $_POST['new_variation_id'] . "\";\n";
            echo "variation_value_html = \"" . $variation_processor->display_variation_values($_POST['prefix'], $_POST['new_variation_id']) . "\";\n";
            $variations_selected = array_values(array_unique(array_merge((array) $_POST['new_variation_id'], (array) $_POST['variation_id'])));
            echo "variation_subvalue_html = \"" . str_replace("\n\r", '\\n\\r', $variation_processor->variations_add_grid_view((array) $variations_selected)) . "\";\n";
            //echo "/*\n\r".print_r(array_values(array_unique(array_merge((array)$_POST['new_variation_id'], $_POST['variation_id']))),true)."\n\r*/";
            exit;
        }
        if ($_POST['redisplay_variation_values'] == "true") {
            $variation_processor = new nzshpcrt_variations();
            $variations_selected = array_values(array_unique(array_merge((array) $_POST['new_variation_id'], (array) $_POST['variation_id'])));
            foreach ($variations_selected as $variation_id) {
                // cast everything to integer to make sure nothing nasty gets in.
                $variation_list[] = (int) $variation_id;
            }
            echo $variation_processor->variations_add_grid_view((array) $variation_list);
            //echo "/*\n\r".print_r(array_values(array_unique($_POST['variation_id'])),true)."\n\r*/";
            exit;
        }
        if ($_POST['edit_variation_value_list'] == 'true' && is_numeric($_POST['variation_id']) && is_numeric($_POST['product_id'])) {
            $variation_id = (int) $_POST['variation_id'];
            $product_id = (int) $_POST['product_id'];
            $variations_processor = new nzshpcrt_variations();
            $variation_values = $variations_processor->falsepost_variation_values($variation_id);
            if (is_array($variation_values)) {
                //echo(print_r($variation_values,true));
                $check_variation_added = $wpdb->get_var("SELECT `id` FROM `" . $wpdb->prefix . "variation_associations` WHERE `type` IN ('product') AND `associated_id` IN ('{$product_id}') AND `variation_id` IN ('{$variation_id}') LIMIT 1");
                if ($check_variation_added == null) {
                    $variations_processor->add_to_existing_product($product_id, $variation_values);
                }
                echo $variations_processor->display_attached_variations($product_id);
                echo $variations_processor->variations_grid_view($product_id);
            } else {
                echo "false";
            }
            exit;
        }
        if ($_POST['remove_form_field'] == "true" && is_numeric($_POST['form_id'])) {
            //exit(print_r($user,true));
            if (current_user_can('level_7')) {
                $wpdb->query("UPDATE `" . $wpdb->prefix . "collect_data_forms` SET `active` = '0' WHERE `id` ='" . $_POST['form_id'] . "' LIMIT 1 ;");
                exit(' ');
            }
        }
        /*
         * function for handling the checkout billing address
         */
        if (preg_match("/[a-zA-Z]{2,4}/", $_POST['billing_country'])) {
            if ($_SESSION['selected_country'] == $_POST['billing_country']) {
                $do_not_refresh_regions = true;
            } else {
                $do_not_refresh_regions = false;
                $_SESSION['selected_country'] = $_POST['billing_country'];
            }
            if (is_numeric($_POST['form_id'])) {
                $form_id = $_POST['form_id'];
                $html_form_id = "region_country_form_{$form_id}";
            } else {
                $html_form_id = 'region_country_form';
            }
            if (is_numeric($_POST['billing_region'])) {
                $_SESSION['selected_region'] = $_POST['billing_region'];
            }
            $cart =& $_SESSION['nzshpcrt_cart'];
            if ($memberstatus[0] == '1' && count($cart) > 0) {
                echo "\n\t\t\t";
            } else {
                if ($status[0] == '1') {
                    exit;
                }
                echo "if(document.getElementById('shoppingcartcontents') != null)\n\t\t\t\t\t  {\n\t\t\t\t\t  document.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart, $quantity_limit))) . "\";\n\t\t\t\t\t  }\n\t\t\t\t\t";
                if ($do_not_refresh_regions == false) {
                    $region_list = $wpdb->get_results("SELECT `" . $wpdb->prefix . "region_tax`.* FROM `" . $wpdb->prefix . "region_tax`, `" . $wpdb->prefix . "currency_list`  WHERE `" . $wpdb->prefix . "currency_list`.`isocode` IN('" . $_POST['billing_country'] . "') AND `" . $wpdb->prefix . "currency_list`.`id` = `" . $wpdb->prefix . "region_tax`.`country_id`", ARRAY_A);
                    if ($region_list != null) {
                        $output .= "<select name='collected_data[" . $form_id . "][1]' class='current_region' onchange='set_billing_country(\\\"{$html_form_id}\\\", \\\"{$form_id}\\\");'>";
                        //$output .= "<option value=''>None</option>";
                        foreach ($region_list as $region) {
                            if ($_SESSION['selected_region'] == $region['id']) {
                                $selected = "selected='true'";
                            } else {
                                $selected = "";
                            }
                            $output .= "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>";
                        }
                        $output .= "</select>";
                        echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t  {\n\t\t  document.getElementById('region_select_{$form_id}').innerHTML = \"" . $output . "\";\n\t\t  }\n\t\t";
                    } else {
                        echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t  {\n\t\t  document.getElementById('region_select_{$form_id}').innerHTML = \"\";\n\t\t  }\n\t\t";
                    }
                }
            }
            exit;
        }
        if ($_POST['get_country_tax'] == "true" && preg_match("/[a-zA-Z]{2,4}/", $_POST['country_id'])) {
            $country_id = $_POST['country_id'];
            $region_list = $wpdb->get_results("SELECT `" . $wpdb->prefix . "region_tax`.* FROM `" . $wpdb->prefix . "region_tax`, `" . $wpdb->prefix . "currency_list`  WHERE `" . $wpdb->prefix . "currency_list`.`isocode` IN('" . $country_id . "') AND `" . $wpdb->prefix . "currency_list`.`id` = `" . $wpdb->prefix . "region_tax`.`country_id`", ARRAY_A);
            if ($region_list != null) {
                echo "<select name='base_region'>\n\r";
                foreach ($region_list as $region) {
                    if (get_option('base_region') == $region['id']) {
                        $selected = "selected='true'";
                    } else {
                        $selected = "";
                    }
                    echo "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>\n\r";
                }
                echo "</select>\n\r";
            } else {
                echo "&nbsp;";
            }
            exit;
        }
        /* fill product form */
        if ($_POST['set_slider'] == "true" && is_numeric($_POST['state'])) {
            $_SESSION['slider_state'] = $_POST['state'];
            exit;
        }
        /* fill category form */
        if ($_GET['action'] == "register") {
            $siteurl = get_option('siteurl');
            require_once ABSPATH . WPINC . '/registration-functions.php';
            if ($_POST['action'] == 'register' && get_settings('users_can_register')) {
                //exit("fail for testing purposes");
                $user_login = sanitize_user($_POST['user_login']);
                $user_email = $_POST['user_email'];
                $errors = array();
                if ($user_login == '') {
                    exit($errors['user_login'] = __('<strong>ERROR</strong>: Please enter a username.'));
                }
                /* checking e-mail address */
                if ($user_email == '') {
                    exit(__('<strong>ERROR</strong>: Please type your e-mail address.'));
                } else {
                    if (!is_email($user_email)) {
                        exit(__('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
                        $user_email = '';
                    }
                }
                if (!validate_username($user_login)) {
                    $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
                    $user_login = '';
                }
                if (username_exists($user_login)) {
                    exit(__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
                }
                /* checking the email isn't already used by another user */
                $email_exists = $wpdb->get_row("SELECT user_email FROM {$wpdb->users} WHERE user_email = '{$user_email}'");
                if ($email_exists) {
                    die(__('<strong>ERROR</strong>: This email address is already registered, please supply another.'));
                }
                if (0 == count($errors)) {
                    $password = substr(md5(uniqid(microtime())), 0, 7);
                    //xit('there?');
                    $user_id = wp_create_user($user_login, $password, $user_email);
                    if (!$user_id) {
                        exit(sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email')));
                    } else {
                        wp_new_user_notification($user_id, $password);
                        ?>
<div id="login"> 
  <h2><?php 
                        _e('Registration Complete');
                        ?>
</h2>
  <p><?php 
                        printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>");
                        ?>
<br />
  <?php 
                        printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>');
                        ?>
 <br />
  <?php 
                        printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>");
                        ?>
</p>
</div>
<?php 
                    }
                }
            } else {
                // onsubmit='submit_register_form(this);return false;'
                echo "<div id='login'>\n    <h2>Register for this blog</h2>\n    <form id='registerform' action='index.php?ajax=true&amp;action=register'  onsubmit='submit_register_form(this);return false;' method='post'>\n      <p><input type='hidden' value='register' name='action'/>\n      <label for='user_login'>Username:</label><br/> <input type='text' value='' maxlength='20' size='20' id='user_login' name='user_login'/><br/></p>\n      <p><label for='user_email'>E-mail:</label><br/> <input type='text' value='' maxlength='100' size='25' id='user_email' name='user_email'/></p>\n      <p>A password will be emailed to you.</p>\n      <p class='submit'><input type='submit' name='submit_form' id='submit' value='Register »'/><img id='register_loading_img' src='" . WPSC_URL . "/images/loading.gif' alt='' title=''></p>\n      \n    </form>\n    </div>";
            }
            exit;
        }
    }
    /*
    * AJAX stuff stops here, I would put an exit here, but it may screw up other plugins
    //exit();
    */
}
function wpsc_admin_ajax()
{
    global $wpdb, $user_level, $wp_rewrite;
    get_currentuserinfo();
    if (is_numeric($_POST['catid'])) {
        /* fill category form */
        echo nzshpcrt_getcategoryform($_POST['catid']);
        exit;
    } else {
        if (is_numeric($_POST['brandid'])) {
            /* fill brand form */
            echo nzshpcrt_getbrandsform($_POST['brandid']);
            exit;
        } else {
            if (is_numeric($_POST['variation_id'])) {
                echo nzshpcrt_getvariationform($_POST['variation_id']);
                exit;
            }
        }
    }
    if ($_POST['action'] == 'product-page-order') {
        $order = $_POST['order'];
        if (!isset($order[0])) {
            $order = $order['normal'];
        } else {
            $order = $order[0];
        }
        $order = array_unique(explode(',', $order));
        update_option('wpsc_product_page_order', $order);
        exit(print_r($order, 1));
    }
    if ($_POST['save_image_upload_state'] == "true" && is_numeric($_POST['image_upload_state'])) {
        //get_option('wpsc_image_upload_state');
        $upload_state = (int) (bool) $_POST['image_upload_state'];
        update_option('wpsc_use_flash_uploader', $upload_state);
        exit("done");
    }
    if ($_POST['remove_variation_value'] == "true" && is_numeric($_POST['variation_value_id'])) {
        $wpdb->query("DELETE FROM `" . WPSC_TABLE_VARIATION_VALUES_ASSOC . "` WHERE `value_id` = '" . (int) $_POST['variation_value_id'] . "'");
        $wpdb->query("DELETE FROM `" . WPSC_TABLE_VARIATION_VALUES . "` WHERE `id` = '" . (int) $_POST['variation_value_id'] . "' LIMIT 1");
        exit;
    }
    if ($_POST['edit_variation_value_list'] == 'true' && is_numeric($_POST['variation_id']) && is_numeric($_POST['product_id'])) {
        $variation_id = (int) $_POST['variation_id'];
        $product_id = (int) $_POST['product_id'];
        $variations_processor = new nzshpcrt_variations();
        $variation_values = $variations_processor->falsepost_variation_values($variation_id);
        if (is_array($variation_values)) {
            //echo(print_r($variation_values,true));
            $check_variation_added = $wpdb->get_var("SELECT `id` FROM `" . WPSC_TABLE_VARIATION_ASSOC . "` WHERE `type` IN ('product') AND `associated_id` IN ('{$product_id}') AND `variation_id` IN ('{$variation_id}') LIMIT 1");
            //exit("<pre>".print_r($variation_values,true)."<pre>");
            if ($check_variation_added == null) {
                $variations_processor->add_to_existing_product($product_id, $variation_values);
            }
            echo $variations_processor->display_attached_variations($product_id);
            echo $variations_processor->variations_grid_view($product_id);
        } else {
            echo "false";
        }
        exit;
    }
    if ($_POST['remove_form_field'] == "true" && is_numeric($_POST['form_id'])) {
        //exit(print_r($user,true));
        if (current_user_can('level_7')) {
            $wpdb->query($wpdb->prepare("UPDATE `" . WPSC_TABLE_CHECKOUT_FORMS . "` SET `active` = '0' WHERE `id` = %d LIMIT 1 ;", $_POST['form_id']));
            exit(' ');
        }
    }
    if ($_POST['hide_ecom_dashboard'] == 'true') {
        require_once ABSPATH . WPINC . '/rss.php';
        $rss = fetch_rss('http://www.instinct.co.nz/feed/');
        $rss->items = array_slice($rss->items, 0, 5);
        $rss_hash = sha1(serialize($rss->items));
        update_option('wpsc_ecom_news_hash', $rss_hash);
        exit(1);
    }
    if ($_POST['remove_meta'] == 'true' && is_numeric($_POST['meta_id'])) {
        $meta_id = (int) $_POST['meta_id'];
        $selected_meta = $wpdb->get_row("SELECT * FROM `" . WPSC_TABLE_PRODUCTMETA . "` WHERE `id` IN('{$meta_id}') ", ARRAY_A);
        if ($selected_meta != null) {
            if ($wpdb->query("DELETE FROM `" . WPSC_TABLE_PRODUCTMETA . "` WHERE `id` IN('{$meta_id}')  LIMIT 1")) {
                echo $meta_id;
                exit;
            }
        }
        echo 0;
        exit;
    }
    if ($_REQUEST['log_state'] == "true" && is_numeric($_POST['id']) && is_numeric($_POST['value'])) {
        $newvalue = $_POST['value'];
        if ($_REQUEST['suspend'] == 'true') {
            if ($_REQUEST['value'] == 1) {
                wpsc_member_dedeactivate_subscriptions($_POST['id']);
            } else {
                wpsc_member_deactivate_subscriptions($_POST['id']);
            }
            exit;
        } else {
            $log_data = $wpdb->get_row("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1", ARRAY_A);
            if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
                wpsc_member_activate_subscriptions($_POST['id']);
            }
            $update_sql = "UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed` = '" . $newvalue . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
            $wpdb->query($update_sql);
            //echo("/*");
            if ($newvalue > $log_data['processed'] && $log_data['processed'] < 2) {
                transaction_results($log_data['sessionid'], false);
            }
            //echo("*/");
            $stage_sql = "SELECT * FROM `" . WPSC_TABLE_PURCHASE_STATUSES . "` WHERE `id`='" . $newvalue . "' AND `active`='1' LIMIT 1";
            $stage_data = $wpdb->get_row($stage_sql, ARRAY_A);
            echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").innerHTML = '" . $stage_data['name'] . "';\n";
            echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").style.color = '#" . $stage_data['colour'] . "';\n";
            $year = date("Y");
            $month = date("m");
            $start_timestamp = mktime(0, 0, 0, $month, 1, $year);
            $end_timestamp = mktime(0, 0, 0, $month + 1, 0, $year);
            echo "document.getElementById(\"log_total_month\").innerHTML = '" . addslashes(nzshpcrt_currency_display(admin_display_total_price($start_timestamp, $end_timestamp), 1)) . "';\n";
            echo "document.getElementById(\"log_total_absolute\").innerHTML = '" . addslashes(nzshpcrt_currency_display(admin_display_total_price(), 1)) . "';\n";
            exit;
        }
    }
    if ($_POST['list_variation_values'] == "true") {
        // retrieve the forms for associating variations and their values with products
        $variation_processor = new nzshpcrt_variations();
        $variations_selected = array();
        foreach ((array) $_POST['variations'] as $variation_id => $checked) {
            $variations_selected[] = (int) $variation_id;
        }
        if (is_numeric($_POST['product_id']) && $_POST['product_id'] > 0) {
            $product_id = absint($_POST['product_id']);
            $selected_price = (double) $_POST['selected_price'];
            // variation values housekeeping
            $completed_variation_values = $variation_processor->edit_product_values($product_id, $_POST['edit_var_val'], $selected_price);
            // get all the currently associated variations from the database
            $associated_variations = $wpdb->get_results("SELECT * FROM `" . WPSC_TABLE_VARIATION_ASSOC . "` WHERE `type` IN ('product') AND `associated_id` IN ('{$product_id}')", ARRAY_A);
            $variations_still_associated = array();
            foreach ((array) $associated_variations as $associated_variation) {
                // remove variations not checked that are in the database
                if (array_search($associated_variation['variation_id'], $variations_selected) === false) {
                    $wpdb->query("DELETE FROM `" . WPSC_TABLE_VARIATION_ASSOC . "` WHERE `id` = '{$associated_variation['id']}' LIMIT 1");
                    $wpdb->query("DELETE FROM `" . WPSC_TABLE_VARIATION_VALUES_ASSOC . "` WHERE `product_id` = '{$product_id}' AND `variation_id` = '{$associated_variation['variation_id']}' ");
                } else {
                    // make an array for adding in the variations next step, for efficiency
                    $variations_still_associated[] = $associated_variation['variation_id'];
                }
            }
            foreach ((array) $variations_selected as $variation_id) {
                // add variations not already in the database that have been checked.
                $variation_values = $variation_processor->falsepost_variation_values($variation_id);
                if (array_search($variation_id, $variations_still_associated) === false) {
                    $variation_processor->add_to_existing_product($product_id, $variation_values);
                }
            }
            //echo "/* ".print_r($variation_values,true)." */\n\r";
            echo "edit_variation_combinations_html = \"" . str_replace(array("\n", "\r"), array('\\n', '\\r'), addslashes($variation_processor->variations_grid_view($product_id, (array) $completed_variation_values))) . "\";\n";
        } else {
            if (count($variations_selected) > 0) {
                // takes an array of variations, returns a form for adding data to those variations.
                if ((double) $_POST['selected_price'] > 0) {
                    $selected_price = (double) $_POST['selected_price'];
                }
                $limited_stock = false;
                if ($_POST['limited_stock'] == 'true') {
                    $limited_stock = true;
                }
                $selected_variation_values = array();
                foreach ($_POST['edit_var_val'] as $variation_value_array) {
                    //echo "/* ".print_r($variation_value_array,true)." */\n\r";
                    $selected_variation_values = array_merge(array_keys($variation_value_array), $selected_variation_values);
                }
                ////echo "/* ".print_r($selected_variation_values,true)." */\n\r";
                echo "edit_variation_combinations_html = \"" . __('Edit Variation Set', 'wpsc') . "<br />" . str_replace(array("\n", "\r"), array('\\n', '\\r'), addslashes($variation_processor->variations_grid_view(0, (array) $variations_selected, (array) $selected_variation_values, $selected_price, $limited_stock))) . "\";\n";
            } else {
                echo "edit_variation_combinations_html = \"\";\n";
            }
        }
        exit;
    }
    if (isset($_POST['language_setting']) && ($_GET['page'] = WPSC_DIR_NAME . '/wpsc-admin/display-options.page.php')) {
        if ($user_level >= 7) {
            update_option('language_setting', $_POST['language_setting']);
        }
    }
}
function nzshpcrt_getproductform($prodid)
{
    global $wpdb, $nzshpcrt_imagesize_info;
    $variations_processor = new nzshpcrt_variations();
    /*
     * makes the product form
     * has functions inside a function
     */
    function brandslist($current_brand = '')
    {
        global $wpdb;
        $options = "";
        //$options .= "<option value=''>".TXT_WPSC_SELECTACATEGORY."</option>\r\n";
        $values = $wpdb->get_results("SELECT * FROM `" . $wpdb->prefix . "product_brands` WHERE `active`='1' ORDER BY `id` ASC", ARRAY_A);
        $options .= "<option  {$selected} value='0'>" . TXT_WPSC_SELECTABRAND . "</option>\r\n";
        foreach ((array) $values as $option) {
            if ($current_brand == $option['id']) {
                $selected = "selected='selected'";
            }
            $options .= "<option  {$selected} value='" . $option['id'] . "'>" . $option['name'] . "</option>\r\n";
            $selected = "";
        }
        $concat .= "<select name='brand'>" . $options . "</select>\r\n";
        return $concat;
    }
    function variationslist($current_variation = '')
    {
        global $wpdb;
        $options = "";
        //$options .= "<option value=''>".TXT_WPSC_SELECTACATEGORY."</option>\r\n";
        $values = $wpdb->get_results("SELECT * FROM `" . $wpdb->prefix . "product_variations` ORDER BY `id` ASC", ARRAY_A);
        $options .= "<option  {$selected} value='0'>" . TXT_WPSC_PLEASECHOOSE . "</option>\r\n";
        foreach ((array) $values as $option) {
            if ($current_brand == $option['id']) {
                $selected = "selected='selected'";
            }
            $options .= "<option  {$selected} value='" . $option['id'] . "'>" . $option['name'] . "</option>\r\n";
            $selected = "";
        }
        $concat .= "<select name='variations' onChange='edit_variation_value_list(this.options[this.selectedIndex].value)'>" . $options . "</select>\r\n";
        return $concat;
    }
    $sql = "SELECT * FROM `" . $wpdb->prefix . "product_list` WHERE `id`={$prodid} LIMIT 1";
    $product_data = $wpdb->get_results($sql, ARRAY_A);
    $product = $product_data[0];
    $sql = "SELECT * FROM `" . $wpdb->prefix . "wpsc_productmeta` WHERE `product_id`={$prodid} AND meta_key='external_link' LIMIT 1";
    $meta_data = $wpdb->get_results($sql, ARRAY_A);
    $product['external_link'] = $meta_data[0]['meta_value'];
    $sql = "SELECT * FROM `" . $wpdb->prefix . "wpsc_productmeta` WHERE `product_id`={$prodid} AND meta_key='merchant_notes' LIMIT 1";
    $meta_data = $wpdb->get_results($sql, ARRAY_A);
    $product['merchant_notes'] = $meta_data[0]['meta_value'];
    $engrave = get_product_meta($prodid, 'engraved', true);
    $can_have_uploaded_image = get_product_meta($prodid, 'can_have_uploaded_image', true);
    if (function_exists('wp_insert_term')) {
        $term_relationships = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "term_relationships WHERE object_id = {$prodid}", ARRAY_A);
        foreach ((array) $term_relationships as $term_relationship) {
            $tt_ids[] = $term_relationship['term_taxonomy_id'];
        }
        foreach ((array) $tt_ids as $tt_id) {
            $results = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "term_taxonomy WHERE term_taxonomy_id = " . $tt_id . " AND taxonomy = 'product_tag'", ARRAY_A);
            $term_ids[] = $results[0]['term_id'];
        }
        foreach ((array) $term_ids as $term_id) {
            if ($term_id != NULL) {
                $results = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "terms WHERE term_id=" . $term_id . " ", ARRAY_A);
                $tags[] = $results[0]['name'];
            }
        }
        if ($tags != NULL) {
            $imtags = implode(',', $tags);
        }
    }
    $check_variation_value_count = $wpdb->get_var("SELECT COUNT(*) as `count` FROM `" . $wpdb->prefix . "variation_values_associations` WHERE `product_id` = '" . $product['id'] . "'");
    $output .= "        <table class='product_editform'>\n\r";
    $output .= "          <tr>\n\r";
    $output .= "            <td class='itemfirstcol'>\n\r";
    $output .= TXT_WPSC_PRODUCTNAME . ": ";
    $output .= "            </td>\n\r";
    $output .= "            <td class='itemformcol'>\n\r";
    $output .= "        <div class='admin_product_name'>\n\r";
    $output .= "          <input  size='30' type='text' class='text'  name='title' value='" . htmlentities(stripslashes($product['name']), ENT_QUOTES, 'UTF-8') . "' />\n\r";
    $output .= "\t\t\t\t   <a href='#' class='shorttag_toggle'></a>\n\r";
    $output .= "\t\t\t\t   <div class='admin_product_shorttags'>\n\r";
    $output .= "\t\t\t\t     <dl>\n\r";
    // 	$output .= "				       <dt>Embed Product:</dt><dd>[buy_now_button={$product['id']}]</dd>\n\r";
    // 	$output .= "				       <dt>Buy Now Button:</dt><dd></dd>\n\r";
    $output .= "\t\t\t\t       <dt>Buy Now Shortcode:</dt><dd>[buy_now_button={$product['id']}]</dd>\n\r";
    $output .= "\t\t\t\t       <dt>Buy Now PHP:</dt><dd>&lt;?php echo wpsc_buy_now_button({$product['id']}); ?&gt;</dd>\n\r";
    $output .= "\t\t\t\t     </dl>\n\r";
    $output .= "\t\t\t\t     <br clear='both' />\n\r";
    $output .= "\t\t\t\t   </div>\n\r";
    $output .= "        </div>\n\r";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "          <tr>\n\r";
    $output .= "            <td class='itemfirstcol'>\n\r";
    $output .= TXT_WPSC_SKU . ": ";
    $output .= "            </td>\n\r";
    $output .= "            <td class='itemformcol'>\n\r";
    $sku = get_product_meta($product['id'], 'sku');
    $sku = $sku[0];
    $output .= "<input  size='30' type='text' class='text'  name='productmeta_values[sku]' value='" . htmlentities(stripslashes($sku), ENT_QUOTES, 'UTF-8') . "' />\n\r";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "          <tr>\n\r";
    $output .= "            <td class='itemfirstcol'>\n\r";
    $output .= TXT_WPSC_PRODUCTDESCRIPTION . ": ";
    $output .= "            </td>\n\r";
    $output .= "            <td class='itemformcol'>\n\r";
    $output .= "<textarea name='description' cols='40' rows='8' >" . stripslashes($product['description']) . "</textarea>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "          <tr>\n\r";
    $output .= "            <td class='itemfirstcol'>\n\r";
    $output .= TXT_WPSC_ADDITIONALDESCRIPTION . ": ";
    $output .= "            </td>\n\r";
    $output .= "            <td class='itemformcol'>\n\r";
    $output .= "<textarea name='additional_description' cols='40' rows='8' >" . stripslashes($product['additional_description']) . "</textarea>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "          <tr>\n\r";
    $output .= "            <td class='itemfirstcol'>\n\r";
    $output .= TXT_WPSC_PRODUCT_TAGS . ": ";
    $output .= "            </td>\n\r";
    $output .= "            <td class='itemformcol'>\n\r";
    $output .= "<input type='text' class='text'  name='product_tags' value='{$imtags}'><br /><span class='small_italic'>Seperate with commas</span>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    //   $output .="<tr><td>&nbsp;</td></tr>";
    $output .= "          <tr>\n\r";
    $output .= "            <td class='itemfirstcol'>" . TXT_WPSC_CATEGORISATION . ":</td>\n\r";
    $output .= "            <td>\n\r";
    $categorisation_groups = $wpdb->get_results("SELECT * FROM `{$wpdb->prefix}wpsc_categorisation_groups` WHERE `active` IN ('1')", ARRAY_A);
    foreach ((array) $categorisation_groups as $categorisation_group) {
        $category_count = $wpdb->get_var("SELECT COUNT(*) FROM `{$wpdb->prefix}product_categories` WHERE `group_id` IN ('{$categorisation_group['id']}')");
        if ($category_count > 0) {
            $output .= "<p>";
            $category_group_name = str_replace("[categorisation]", $categorisation_group['name'], TXT_WPSC_PRODUCT_CATEGORIES);
            $output .= "<strong>" . $category_group_name . ":</strong><br>";
            $output .= categorylist($categorisation_group['id'], $product['id'], 'edit_');
            $output .= "</p>\n\r";
        }
    }
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "<tr><td  colspan='2'><div id='edit_price_and_stock' class='postbox'>\n\t<h3>\n\t\t<a class='togbox'>+</a>";
    $output .= "" . TXT_WPSC_PRICE_AND_STOCK_CONTROL . "";
    $output .= " </h3> <div class='inside'> <table>";
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= TXT_WPSC_PRICE . ": <input type='text' name='price' size='10' value='" . number_format($product['price'], 2, '.', '') . "' />";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if ($product['notax'] == 1) {
        $checked = "checked='true'";
    } else {
        $checked = "";
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "<input id='tax' type='checkbox' name='notax' value='yes' {$checked} />&nbsp;<label for='tax'>" . TXT_WPSC_TAXALREADYINCLUDED . "</label>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if ($product['donation'] == 1) {
        $checked = "checked='true'";
    } else {
        $checked = "";
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "<input id='edit_form_donation' type='checkbox' {$checked} name='donation' value='yes' />&nbsp;<label for='edit_form_donation'>" . TXT_WPSC_IS_DONATION . "</label>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if ($product['no_shipping'] == 1) {
        $checked = "checked='true'";
    } else {
        $checked = "";
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "<input id='add_form_no_shipping' type='checkbox' {$checked} name='no_shipping' value='yes' />&nbsp;<label for='add_form_no_shipping'>" . TXT_WPSC_NO_SHIPPING . "</label>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if ($product['special'] == 1) {
        $checked = "checked='true'";
    } else {
        $checked = "";
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $disable_form = '';
    if ($check_variation_value_count > 0) {
        if ($product['special'] != 1) {
            $disable_form = "disabled='true'";
            $disable_form_label = " style='color: #cccccc;'";
        }
    }
    $output .= "<input id='form_special' type='checkbox' {$checked} name='special' {$disable_form} value='yes' onclick='hideelement(\"edit_special\")' /> <label for='form_special' {$disable_form_label}>" . TXT_WPSC_SPECIAL . "</label>";
    if ($disable_form != '') {
        $output .= "<br /><span class='small'>" . TXT_WPSC_VARIATIONS_AND_SPECIALS_DONT_MIX . "<span>";
    }
    if ($product['special'] == 1) {
        $output .= "            <div id='edit_special' style='display: block;'>\n\r";
        $output .= "<input type='text' name='special_price' value='" . number_format($product['price'] - $product['special_price'], 2, '.', '') . "' size='10' />";
    } else {
        $output .= "            <div id='edit_special' style='display: none;'>\n\r";
        $output .= "<input type='text' name='special_price' value='0.00' size='10' />";
    }
    $output .= "              </div>\n\r";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if ($product['quantity_limited'] == 1) {
        $checked = "checked='true'";
    } else {
        $checked = "";
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td style='width:350px;'>\n\r";
    $output .= "<input id='form_quantity_limited' type='checkbox' {$checked} name='quantity_limited' value='yes' onclick='hideelement(\"edit_stock\")' /><label for='form_quantity_limited' class='small'>" . TXT_WPSC_UNTICKBOX . "</label>";
    $variations_output = $variations_processor->variations_grid_view($product['id']);
    if ($variations_output != '') {
        //$output .= $variations_output;
        $output .= "<div id='edit_stock' style='display: none;'>\n\r";
        $output .= "<input type='hidden' name='quantity' value='" . $product['quantity'] . "' />";
        $output .= "</div>\n\r";
    } else {
        switch ($product['quantity_limited']) {
            case 1:
                $output .= "            <div id='edit_stock' style='display: block;'>\n\r";
                break;
            default:
                $output .= "            <div id='edit_stock' style='display: none;'>\n\r";
                break;
        }
        $output .= "<input type='text' name='quantity' size='10' value='" . $product['quantity'] . "' />";
        $output .= "              </div>\n\r";
    }
    $output .= "</td></tr>";
    $output .= "\n    </table></div></div></TD></tr>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    ob_start();
    do_action('wpsc_product_form', $product['id']);
    $output .= ob_get_contents();
    ob_end_clean();
    $output .= "          <tr>\n\r";
    $output .= "            <td colspan='2'>\n\r";
    $output .= "<div id='edit_variation' class='postbox closed'>\n        <h3>\n\t\t<a class='togbox'>+</a>";
    $output .= "" . TXT_WPSC_VARIATION_CONTROL . "";
    $output .= " </h3>\n\t<div class='inside'>\n    <table>";
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= TXT_WPSC_ADD_VAR . ": ";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= variationslist();
    if ($check_variation_value_count < 1) {
        $output .= "            \t<div id='edit_variations_container'>\n\r";
        $output .= "            \t</div>\n\r";
    }
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if ($check_variation_value_count > 0) {
        $output .= "          <tr>\n\r";
        $output .= "            <td>\n\r";
        $output .= TXT_WPSC_EDIT_VAR . ": ";
        $output .= "            </td>\n\r";
        $output .= "            <td>\n\r";
        $output .= "            <div id='edit_product_variations'>";
        $output .= "            </div>";
        $output .= "            \t<div id='edit_variations_container'>\n\r";
        //$variations_processor = new nzshpcrt_variations;
        $output .= $variations_processor->display_attached_variations($product['id']);
        $output .= $variations_output;
        $output .= "            \t</div>\n\r";
        $output .= "            </td>\n\r";
        $output .= "          </tr>\n\r";
    }
    $output .= "</table></div></div></td></tr>";
    $output .= "    <tr>\n\r";
    $output .= "      <td colspan='2'>\n\r";
    $output .= "  <div class='postbox closed' id='edit_shipping'>\n\t     <h3>\n\t\t     <a class='togbox'>+</a>" . TXT_WPSC_SHIPPING_DETAILS . "";
    $output .= "</h3>\n      <div class='inside'>\n  <table>";
    if ($product['weight_unit'] == 'pound') {
        $unit1 = "selected='selected'";
    } else {
        $unit2 = "selected='selected'";
    }
    $output .= "<tr>\n\r";
    $output .= "\t<td>\n\r";
    $output .= "\t\t" . TXT_WPSC_WEIGHT . "\n\r";
    $output .= "\t</td>\n\r";
    $output .= "\t<td>\n\r";
    $output .= "\t\t<input type='text' size='5' name='weight' value='" . $product['weight'] . "'>\n\r";
    $output .= "   <select name='weight_unit'>\n\r";
    $output .= "\t\t\t<option {$unit1} value='pound'>Pounds</option>\n\r";
    $output .= "\t\t\t<option {$unit2} value='once'>Ounce</option>\n\r";
    $output .= "\t\t</select>\n\r";
    $output .= "\t</td>\n\r";
    $output .= "</tr>";
    $output .= "    <tr>\n\r";
    $output .= "      <td>";
    $output .= TXT_WPSC_LOCAL_PNP;
    $output .= "      </td>\n\r";
    $output .= "      <td>\n\r";
    $output .= "        <input type='text' size='10' name='pnp' value='" . $product['pnp'] . "' />\n\r";
    $output .= "      </td>\n\r";
    $output .= "    </tr>\n\r";
    $output .= "    <tr>\n\r";
    $output .= "      <td>";
    $output .= TXT_WPSC_INTERNATIONAL_PNP;
    if ($product['international_pnp'] == 0) {
        $product['international_pnp'] = "0.00";
    }
    $output .= "      </td>\n\r";
    $output .= "      <td>\n\r";
    $output .= "        <input type='text' size='10' name='international_pnp' value='" . $product['international_pnp'] . "' />\n\r";
    $output .= "      </td>\n\r";
    $output .= "    </tr>\n\r";
    $output .= "</table></div></div></td></tr>";
    $output .= "<tr><td colspan='2'>";
    $output .= "<div id='edit_advanced' class='postbox closed'>\n\t    <h3>\n\t\t    <a class='togbox'>+</a>";
    $output .= TXT_WPSC_ADVANCED_OPTIONS;
    $output .= "</h3><div class='inside'>";
    $output .= '<table>';
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= TXT_WPSC_ADMINNOTES . ": ";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= "<textarea name='merchant_notes' cols='40' rows='3' >" . stripslashes($product['merchant_notes']) . "</textarea>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    if ($product['display_frontpage'] == 1) {
        $output .= "<input type='checkbox' checked='true' value='yes' name='display_frontpage' id='form_display_frontpage'/>\n\r";
    } else {
        $output .= "<input type='checkbox' value='yes' name='display_frontpage' id='form_display_frontpage'/>\n\r";
    }
    $output .= "<label for='form_display_frontpage'>" . TXT_WPSC_DISPLAY_FRONT_PAGE . "</form>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if ($engrave[0] == 'on') {
        $engra = "checked='checked'";
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= "<input type='hidden' name='productmeta_values[engraved]' value='0'>";
    $output .= "<input {$engra} type='checkbox' name='productmeta_values[engraved]'>" . TXT_WPSC_ENGRAVE . "<br />";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if ($can_have_uploaded_image[0] == 'on') {
        $can_have_uploaded_image_state = "checked='checked'";
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= "<input type='hidden' name='productmeta_values[can_have_uploaded_image]' value='0'>";
    $output .= "<input {$can_have_uploaded_image_state} type='checkbox' name='productmeta_values[can_have_uploaded_image]'>" . TXT_WPSC_ALLOW_UPLOADING_IMAGE . "<br />";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if (get_option('payment_gateway') == 'google') {
        $output .= "          <tr>\n\r";
        $output .= "            <td>\n\r";
        $output .= TXT_WPSC_PROHIBITED . ": ";
        $output .= "            </td>\n\r";
        $output .= "            <td>\n\r";
        $output .= "<input type='checkbox' name='productmeta_values[\"google_prohibited\"]'/> ";
        $output .= "Prohibited <a href='http://checkout.google.com/support/sell/bin/answer.py?answer=75724'>by Google?</a>";
        $output .= "            </td>\n\r";
        $output .= "          </tr>\n\r";
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= TXT_WPSC_PRODUCT_ID . ": ";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= $product['id'];
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= TXT_WPSC_EXTERNALLINK . ": ";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= "<input type='text' class='text'  value='" . $product['external_link'] . "' name='external_link' id='external_link' size='40'> ";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= TXT_WPSC_USEONLYEXTERNALLINK;
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= TXT_WPSC_ADD_CUSTOM_FIELD;
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    //foreach
    $output .= "<label></label>\n  <div class='product_custom_meta'>\n\t\t<label >\n\t\t" . TXT_WPSC_NAME . "\n\t\t<input type='text' class='text'  value='' name='new_custom_meta[name][]' >\n\t\t</label>\n\t\t\n\t\t<label >\n\t\t" . TXT_WPSC_VALUE . "\n\t\t<input type='text' class='text'  value='' name='new_custom_meta[value][]' > \n\t\t</label>\t\t\n\t\t<a href='#' class='add_more_meta' onclick='return add_more_meta(this)'>+</a>\n\t <br />\n  </div>\n   ";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    $custom_fields = $wpdb->get_results("SELECT * FROM `{$wpdb->prefix}wpsc_productmeta` WHERE `product_id` IN('{$product['id']}') AND `custom` IN('1') ", ARRAY_A);
    if (count($custom_fields) > 0) {
        $output .= "          <tr>\n\r";
        $output .= "            <td>\n\r";
        $output .= TXT_WPSC_EDIT_CUSTOM_FIELDS;
        $output .= "            </td>\n\r";
        $output .= "            <td>\n\r";
        //$i = 1;
        foreach ((array) $custom_fields as $custom_field) {
            $i = $custom_field['id'];
            // for editing, the container needs an id, I can find no other tidyish method of passing a way to target this object through an ajax request
            $output .= "\n\t\t\t<div class='product_custom_meta'  id='custom_meta_{$i}'>\n\t\t\t\t<label for='custom_meta_name_{$i}'>\n\t\t\t\t" . TXT_WPSC_NAME . "\n\t\t\t\t<input type='text' class='text'  value='{$custom_field['meta_key']}' name='custom_meta[{$i}][name]' id='custom_meta_name_{$i}'>\n\t\t\t\t</label>\n\t\t\t\t\n\t\t\t\t<label for='custom_meta_value_{$i}'>\n\t\t\t\t" . TXT_WPSC_VALUE . "\n\t\t\t\t<input type='text' class='text'  value='{$custom_field['meta_value']}' name='custom_meta[{$i}][value]' id='custom_meta_value_{$i}'> \n\t\t\t\t</label>\n\t\t\t\t<a href='#' class='remove_meta' onclick='return remove_meta(this, {$i})'>&ndash;</a>\n\t\t\t\t<br />\n\t\t\t</div>\n\t\t\t";
        }
        $output .= "            </td>\n\r";
        $output .= "          </tr>\n\r";
    }
    $output .= "</table></div></div></td></tr>";
    $output .= "          <tr>\n\r";
    $output .= "            <td colspan='2'>\n\r";
    $output .= "<div id='edit_product_image' class='postbox'>\n        <h3> \n\t\t<a class='togbox'>+</a>" . TXT_WPSC_PRODUCTIMAGE . "";
    $output .= "</h3>\n\t<div class='inside'>\n\t<table>";
    if (function_exists("getimagesize")) {
        if ($product['image'] != '') {
            $imagedir = WPSC_THUMBNAIL_DIR;
            $image_size = @getimagesize(WPSC_THUMBNAIL_DIR . $product['image']);
            $output .= "          <tr>\n\r";
            $output .= "            <td>\n\r";
            $output .= TXT_WPSC_RESIZEIMAGE . ": <br />";
            $output .= "<span class='image_size_text'>" . $image_size[0] . "x" . $image_size[1] . "</span>";
            $output .= "            </td>\n\r";
            $output .= "            <td>\n\r";
            $output .= "<table>";
            // style='border: 1px solid black'
            $output .= "  <tr>";
            $output .= "    <td style='height: 1em;'>";
            $output .= "<input type='hidden' id='current_thumbnail_image' name='current_thumbnail_image' value='" . $product['thumbnail_image'] . "' />";
            $output .= "<input type='radio' ";
            // 			if ($product['thumbnail_state'] == 0) {
            $output .= "checked='true'";
            // 			}
            $output .= " name='image_resize' value='0' id='image_resize0' class='image_resize' onclick='hideOptionElement(null, \"image_resize0\")' /> <label for='image_resize0'> " . TXT_WPSC_DONOTRESIZEIMAGE . "<br />";
            $output .= "    </td>";
            // Put lightbox here so doesn't move around with DHTML bits
            $output .= "    <td rowspan=4>";
            $image_link = WPSC_IMAGE_URL . $product['image'];
            $output .= "<a  href='" . $image_link . "' rel='edit_product_1' class='thickbox preview_link'><img id='previewimage' src='{$image_link}' alt='" . TXT_WPSC_PREVIEW . "' title='" . TXT_WPSC_PREVIEW . "' />" . "</a>";
            $output .= "<br /><span style=\"font-size: 7pt;\">" . TXT_WPSC_PRODUCT_IMAGE_PREVIEW . "</span><br /><br />";
            if ($product['thumbnail_image'] != null) {
                $output .= "<a id='preview_link' href='" . WPSC_THUMBNAIL_URL . $product['thumbnail_image'] . "' rel='edit_product_2' class='thickbox'><img id='previewimage' src='" . WPSC_THUMBNAIL_URL . $product['thumbnail_image'] . "' alt='" . TXT_WPSC_PREVIEW . "' title='" . TXT_WPSC_PREVIEW . "' />" . "</a>";
                $output .= "<br /><span style=\"font-size: 7pt;\">" . TXT_WPSC_PRODUCT_THUMBNAIL_PREVIEW . "</span><br />";
            }
            //<div id='preview_button'><a id='preview_button' href='#'>".TXT_WPSC_PREVIEW."</a></div>
            // onclick='return display_preview_image(".$product['id'].")'
            $output .= "    </td>";
            $output .= "  </tr>";
            $output .= "  <tr>";
            $output .= "    <td>";
            $output .= "<input type='radio' ";
            if ($product['thumbnail_state'] == 1) {
                //$output .= "checked='true'";
            }
            $output .= "name='image_resize' value='1' id='image_resize1' class='image_resize' onclick='hideOptionElement(null, \"image_resize1\")' /> <label for='image_resize1'>" . TXT_WPSC_USEDEFAULTSIZE . " (" . get_option('product_image_height') . "x" . get_option('product_image_width') . ")";
            $output .= "    </td>";
            $output .= "  </tr>";
            $output .= "  <tr>";
            $output .= "    <td>";
            $output .= "<input type='radio' ";
            if ($product['thumbnail_state'] == 2) {
                // 				$output .= "checked='true'";
            }
            $output .= " name='image_resize' value='2' id='image_resize2' class='image_resize' onclick='hideOptionElement(\"heightWidth\", \"image_resize2\")' /> <label for='image_resize2'>" . TXT_WPSC_USESPECIFICSIZE . " </label>\n\t\t\t<div id=\"heightWidth\" style=\"display: ";
            if ($product['thumbnail_state'] == 2) {
                $output .= "block;";
            } else {
                $output .= "none;";
            }
            $output .= "\">\n\t\t\t<input id='image_width' type='text' size='4' name='width' value='' /><label for='image_resize2'>" . TXT_WPSC_PXWIDTH . "</label>\n\t\t\t<input id='image_height' type='text' size='4' name='height' value='' /><label for='image_resize2'>" . TXT_WPSC_PXHEIGHT . " </label></div>";
            $output .= "    </td>";
            $output .= "  </tr>";
            $output .= "  <tr>";
            $output .= "    <td>";
            $output .= "<input type='radio' ";
            if ($product['thumbnail_state'] == 3) {
                // 				$output .= "checked='true'";
            }
            $output .= " name='image_resize' value='3' id='image_resize3' class='image_resize' onclick='hideOptionElement(\"browseThumb\", \"image_resize3\")' /> <label for='image_resize3'> " . TXT_WPSC_SEPARATETHUMBNAIL . "</label><br />";
            $output .= "<div id='browseThumb' style='display: ";
            if ($product['thumbnail_state'] == 3) {
                $output .= "block";
            } else {
                $output .= "none";
            }
            $output .= ";'>\n\r<input type='file' name='thumbnailImage' size='15' value='' />";
            $output .= "</div>\n\r";
            $output .= "    </td>";
            $output .= "  </tr>";
            // }.pe
            $output .= "</table>";
            $output .= "            </td>\n\r";
            $output .= "          </tr>\n\r";
        }
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= TXT_WPSC_UPLOADNEWIMAGE . ": <br />";
    $output .= "<input type='file' name='image' value='' />";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if (function_exists("getimagesize")) {
        if ($product['image'] == '') {
            $output .= "          <tr>\n\r";
            $output .= "            <td></td>\n\r";
            $output .= "            <td>\n\r";
            $output .= "<table>\n\r";
            if (is_numeric(get_option('product_image_height')) && is_numeric(get_option('product_image_width'))) {
                $output .= "      <tr>\n\r";
                $output .= "        <td>\n\r";
                $output .= "      <input type='radio' name='image_resize' value='0' id='image_resize0' class='image_resize' onclick='hideOptionElement(null, \"image_resize0\");' /> <label for='image_resize0'>" . TXT_WPSC_DONOTRESIZEIMAGE . "</label>\n\r";
                $output .= "        </td>\n\r";
                $output .= "      </tr>\n\r";
                $output .= "      <tr>\n\r";
                $output .= "        <td>\n\r";
                $output .= "          <input type='radio' checked='true' name='image_resize' value='1' id='image_resize1' class='image_resize' onclick='hideOptionElement(null, \"image_resize1\");' /> <label for='image_resize1'>" . TXT_WPSC_USEDEFAULTSIZE . " (" . get_option('product_image_height') . "x" . get_option('product_image_width') . ")</label>\n\r";
                $output .= "        </td>\n\r";
                $output .= "      </tr>\n\r";
            }
            $output .= "      <tr>\n\r";
            $output .= "        <td>\n\r";
            $output .= "          <input type='radio' name='image_resize' value='2' id='image_resize2' class='image_resize' onclick='hideOptionElement(\"heightWidth\", \"image_resize2\");' />\n\r";
            $output .= "      <label for='image_resize2'>" . TXT_WPSC_USESPECIFICSIZE . "</label>\n\r";
            $output .= "          <div id='heightWidth' style='display: none;'>\n\r";
            $output .= "        <input type='text' size='4' name='width' value='' /><label for='image_resize2'>" . TXT_WPSC_PXWIDTH . "</label>\n\r";
            $output .= "        <input type='text' size='4' name='height' value='' /><label for='image_resize2'>" . TXT_WPSC_PXHEIGHT . "</label>\n\r";
            $output .= "      </div>\n\r";
            $output .= "        </td>\n\r";
            $output .= "      </tr>\n\r";
            $output .= "      <tr>\n\r";
            $output .= "      <td>\n\r";
            $output .= "        <input type='radio' name='image_resize' value='3' id='image_resize3' class='image_resize' onclick='hideOptionElement(\"browseThumb\", \"image_resize3\");' />\n\r";
            $output .= "        <label for='image_resize3'>" . TXT_WPSC_SEPARATETHUMBNAIL . "</label><br />";
            $output .= "        <div id='browseThumb' style='display: none;'>\n\r";
            $output .= "          <input type='file' name='thumbnailImage' value='' />\n\r";
            $output .= "        </div>\n\r";
            $output .= "      </td>\n\r";
            $output .= "    </tr>\n\r";
            $output .= "  </table>\n\r";
            $output .= "            </td>\n\r";
            $output .= "          </tr>\n\r";
        }
    }
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= "<input id='delete_image' type='checkbox' name='deleteimage' value='1' /> ";
    $output .= "<label for='delete_image'>" . TXT_WPSC_DELETEIMAGE . "</label>";
    $output .= "            </td>\n\r";
    $output .= "          </tr>\n\r";
    if (function_exists('edit_multiple_image_form')) {
        $output .= edit_multiple_image_form($product['id']);
    }
    $output .= "</table></div></div></td></tr>";
    if ($product['file'] > 0) {
        $output .= "          <tr>\n\r";
        $output .= "            <td colspan='2'>\n\r";
        $output .= "<div id='edit_product_download' class='postbox closed'>\n        <h3>\n\t\t<a class='togbox'>+</a>" . TXT_WPSC_PRODUCTDOWNLOAD . "";
        $output .= " </h3>\n\t<div class='inside'>\n\t<table>";
        $output .= "          <tr>\n\r";
        $output .= "            <td>\n\r";
        $output .= TXT_WPSC_PREVIEW_FILE . ": ";
        $output .= "            </td>\n\r";
        $output .= "            <td>\n\r";
        $output .= "<a class='admin_download' href='index.php?admin_preview=true&product_id=" . $product['id'] . "' style='float: left;' ><img align='absmiddle' src='" . WPSC_URL . "/images/download.gif' alt='' title='' /><span>" . TXT_WPSC_CLICKTODOWNLOAD . "</span></a>";
        $file_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "product_files` WHERE `id`='" . $product['file'] . "' LIMIT 1", ARRAY_A);
        if ($file_data != null && function_exists('listen_button')) {
            $output .= "" . listen_button($file_data['idhash'], $file_data['id']);
        }
        $output .= "            </td>\n\r";
        $output .= "          </tr>\n\r";
        $output .= "          <tr>\n\r";
        $output .= "            <td>\n\r";
        $output .= TXT_WPSC_DOWNLOADABLEPRODUCT . ": ";
        $output .= "            </td>\n\r";
        $output .= "            <td>\n\r";
        $output .= "<input type='file' name='file' value='' /><br />";
        $output .= wpsc_select_product_file($product['id']);
        $output .= "            </td>\n\r";
        $output .= "          </tr>\n\r";
        if (function_exists("make_mp3_preview") && $file_data['mimetype'] == 'audio/mpeg' || function_exists("wpsc_media_player")) {
            $output .= "          <tr>\n\r";
            $output .= "            <td>\n\r";
            $output .= TXT_WPSC_NEW_PREVIEW_FILE . ": ";
            $output .= "            </td>\n\r";
            $output .= "            <td>\n\r";
            $output .= "<input type='file' name='preview_file' value='' /><br />";
            //$output .= "<span class='admin_product_notes'>".TXT_WPSC_PREVIEW_FILE_NOTE."</span>";
            $output .= "<br /><br />";
            $output .= "            </td>\n\r";
            $output .= "          </tr>\n\r";
        }
    } else {
        $output .= "<tr><td  colspan='2'>";
        $output .= "<div id='edit_product_download' class='postbox closed'>\n        <h3>\n\t\t<a class='togbox'>+</a>" . TXT_WPSC_PRODUCTDOWNLOAD . "";
        $output .= " </h3>\n\t<div class='inside'>\n\t<table>";
        $output .= "       <tr>";
        $output .= "         <td>";
        //  $output .= "".TXT_WPSC_DOWNLOADABLEPRODUCT.":";
        $output .= "        </td>";
        $output .= "        <td>";
        $output .= "          <input type='file' name='file' value='' />";
        $output .= wpsc_select_product_file($product['id']);
        $output .= "        </td>";
        $output .= "      </tr>";
    }
    $output .= " </table></div></div></td></tr>";
    $output .= "          <tr>\n\r";
    $output .= "            <td>\n\r";
    $output .= "            </td>\n\r";
    $output .= "            <td>\n\r";
    $output .= "            <br />\n\r";
    $output .= "<input type='hidden' name='prodid' id='prodid' value='" . $product['id'] . "' />";
    $output .= "<input type='hidden' name='submit_action' value='edit' />";
    $output .= "<input  class='button' style='float:left;'  type='submit' name='submit' value='" . TXT_WPSC_EDIT_PRODUCT . "' />";
    $output .= "<a class='button delete_button' ' href='admin.php?page=" . WPSC_DIR_NAME . "/display-items.php&amp;deleteid=" . $product['id'] . "' onclick=\"return conf();\" >" . TXT_WPSC_DELETE_PRODUCT . "</a>";
    $output .= "            <td>\n\r";
    $output .= "          </tr>\n\r";
    $output .= "        </table>\n\r";
    return $output;
}