<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
// anscheinend ist include_db nicht wirklich nützlich, oder?
include '../includes/functions/verifyviewer.inc';
redirectURI("/viewer/categories.php");
/*
$LOG = new Log();
$tpl = new TemplateEngine("../viewer/template/categories.html","../viewer/template/frame.html",$lang["viewer_categories"]);
if (isset($_GET['catID'])) {
$requestedCategory = $_GET['catID'];
} else {
$requestedCategory = 0;
}
$tpl->assign('catID',$requestedCategory);
//Kategorie finden
if ($requestedCategory != 0) {
$query = DB_query("SELECT
*
FROM categories
WHERE categories_id = ".$requestedCategory);
$category = DB_fetchArray($query);
$tpl->assign('parent', $category['parent']);
} else {
$category = null;
$tpl->assign('parent',null);
}
<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
//include('../includes/functions/verifyadmin.inc');
$user = restoreUser();
if ($user == null || !$user->checkPermissions(0, 0, 0, 1, 1)) {
redirectURI("/admin/login.php", "camefrom=orders.php");
}
$LOG = new Log();
$tpl = new TemplateEngine("template/orders.html", "template/frame.html", $lang["orderer_orders"]);
//Alle Bestellungen finden
$orders_query = DB_query("SELECT\n\t\t\t\t*, UNIX_TIMESTAMP(date) AS formated_date\n\t\t\t\tFROM orders\n\t\t\t\tORDER BY date\n\t\t\t");
$orders_list = array();
while ($orders = DB_fetchArray($orders_query)) {
$user_query = DB_query("SELECT \n\t\t\t\t\tname,\n\t\t\t\t\tlastname\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE users_id = " . $orders['users_id']);
$users = DB_fetchArray($user_query);
$orders_list[] = array("id" => $orders['orders_id'], "date" => $orders['formated_date'], "items_id" => $orders['order_items_id'], "users_id" => $orders['users_id'], "username" => $users['name'] . " " . $users['lastname'], "shipping_date" => $orders['shipping_date'], "shipped" => $orders['shipped']);
}
$tpl->assign('orders', $orders_list);
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->display();
$tpl->assign('ship_name', $userdata['ship_name']);
$tpl->assign('ship_street', $userdata['ship_street']);
$tpl->assign('ship_postcode', $userdata['ship_postcode']);
$tpl->assign('ship_city', $userdata['ship_city']);
$tpl->assign('ship_state', $userdata['ship_state']);
$tpl->assign('bank_number', $userdata['bank_number']);
$tpl->assign('bank_iban', $userdata['bank_iban']);
$tpl->assign('bank_name', $userdata['bank_name']);
$tpl->assign('bank_account', $userdata['bank_account']);
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->display();
// Löschvorgang:
} elseif ($_GET['action'] == 'delete') {
$LOG->write('3', 'admin/editUser.php: get-action=delete');
deleteUser();
$LOG->write('2', 'Nutzer ' . $_GET['uID'] . ' gelöscht');
redirectURI('/admin/users.php');
} elseif ($_GET['action'] == 'add') {
//Alle Rollen
$roles_query = DB_query("SELECT\n\t\t\t\t\trole_id,\n\t\t\t\t\tname\n\t\t\t\t\tFROM roles");
$roles = array();
while ($role = DB_fetchArray($roles_query)) {
$roles[] = array("id" => $role['role_id'], "name" => $role['name']);
}
$tpl->assign('roleslist', $roles);
$tpl->assign('action', 'add');
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->display();
}
// falls Admin-Rechte
$isAdmin = 1;
} else {
$isAdmin = 0;
}
$LOG = new Log();
$tpl = new TemplateEngine("template/editUser.html", "template/frame.html", $lang["orderer_users"]);
if (isset($_POST['action'])) {
$LOG->write('3', 'orderer/editUser.php: action set');
// Eigene Einstellungen editieren (mit Passwort)
if ($_POST['action'] == 'editSelf') {
$LOG->write('3', 'orderer/editUser.php: action=editSelf');
if ($_POST['password'] == $_POST['repeatPassword']) {
editSelfUser();
$LOG->write('2', 'Nutzer ' . $_GET['catID'] . ' bearbeitet');
redirectURI('/orderer/categories.php');
} else {
// falsche Passwortwiederholung
$passwordError = "1";
$tpl->assign('action', 'editSelf');
$tpl->assign('uID', $user->getID());
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->assign('password_error', $passwordError);
$tpl->assign('name', $_POST['name']);
$tpl->assign('lastname', $_POST['lastname']);
$tpl->assign('email', $_POST['email']);
$tpl->assign('bill_name', $_POST['bill_name']);
$tpl->assign('bill_street', $_POST['bill_street']);
$tpl->assign('bill_postcode', $_POST['bill_postcode']);
$tpl->assign('bill_city', $_POST['bill_city']);
include '../includes/includes.inc';
include '../includes/startApplication.php';
//include('../includes/functions/verifyuser.inc');
$user = restoreUser();
if ($user != null && $user->checkPermissions(1, 1)) {
// falls Admin-Rechte
$isAdmin = 1;
} else {
$isAdmin = 0;
if ($user != null && $user->checkPermissions(0, 0, 0, 1, 1)) {
// wenn ORDERER
redirectURI("/orderer/index.php");
}
if ($user == null || !$user->checkPermissions(1)) {
redirectURI("/viewer/index.php");
}
}
$LOG = new Log();
$tpl = new TemplateEngine("template/viewProduct.html", "template/frame.html", $lang["user_viewProduct"]);
$LOG->write('3', 'user/viewProduct.php');
$pID = $_GET['pID'];
$tpl->assign('ID', $pID);
// In den Warenkorb:
if (isset($_POST['action'])) {
$action = $_POST['action'];
if ($action == "into_basket") {
$pid = $_POST['pid'];
$uid = $user->getID();
$date = actualDate();
// Product.stock zu der PID der aktuellen Aktion checken
if ($user != null && $forward != '') {
redirectURI('/user/' . $forward);
} elseif ($user != null && $forward == '') {
redirectURI('/user/categories.php');
}
}
if ($user == null && $forward != '') {
// allgemeine Fehlerbehandlung
redirectURI('/user/login.php', 'error=failed&camefrom=' . $forward);
} else {
redirectURI('/user/login.php', 'error=failed');
}
}
} elseif (isset($_GET['action'])) {
if ($_GET['action'] == 'logout') {
logoutUser();
redirectURI('/viewer/index.php');
}
} else {
if (isset($_GET['camefrom'])) {
$tpl->assign('cf', $_GET['camefrom']);
} else {
$tpl->assign('cf', '');
}
if (isset($_GET['error'])) {
$tpl->assign('error', $_GET['error']);
} else {
$tpl->assign('error', '');
}
$tpl->display();
}
<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
//include('../includes/functions/verifyadmin.inc');
redirectURI('/admin/categories.php');
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->display();
} elseif ($_GET['action'] == 'delete') {
$LOG->write('3', 'admin/addCategory.php: get-action=delete');
DB_query("UPDATE products SET\n\t\t\t\t\tdeleted=1\n\t\t\t\t\twhere products_id=" . $_GET['pID']);
$LOG->write('2', 'Produkt ' . $_GET['pID'] . ' gelöscht');
$parent = $_GET['parent'];
redirectURI('/admin/categories.php', 'catID=' . $parent);
} elseif ($_GET['action'] == 'deleteImage') {
// Bild löschen
$LOG->write('3', 'admin/addCategory.php: get-action=deleteImage');
$bild_http = urldecode($_GET['img']);
// http://localhost/wpp aus Bild-URI entfernen:
$bild = str_replace(HTTP_HOSTNAME, "", $bild_http);
// alle Vorkommen der Bild-URI ersetzen, da Bild gelöscht wird.
DB_query("\n\t\tUPDATE products\n\t\tSET image_small='kein Bild'\n\t\tWHERE image_small='{$bild_http}'\n\t");
DB_query("\n\t\tUPDATE products\n\t\tSET image_big='kein Bild'\n\t\tWHERE image_big='{$bild_http}'\n\t");
unlink(WPP_BASE . $bild);
// neu anzeigen:
redirectURI('/admin/addProduct.php', 'action=edit&pID=' . $_GET['pID']);
} else {
$LOG->write('3', 'admin/addProduct.php: get-action=none');
$ID = $_GET['catID'];
$tpl->assign('ID', $ID);
$tpl->assign('action', 'add');
$tpl->assign('error', $_GET['error']);
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->display();
}
<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
//include('../includes/functions/verifyadmin.inc');
$user = restoreUser();
if ($user == null || !$user->checkPermissions(1, 1)) {
redirectURI("/admin/login.php", "camefrom=editOrder.php");
}
$LOG = new Log();
$tpl = new TemplateEngine("template/editOrder.html", "template/frame.html", $lang["admin_orders"]);
$order_id = $_GET['id'];
if (isset($_POST['ordershipped'])) {
$shipping_date = actualDate();
DB_query("UPDATE orders SET\n\t\t\tshipping_date = '" . $shipping_date . "'\n\t\t\tWHERE orders_id = " . $order_id);
}
//Alle Details zu der Bestellung finden
$order_query = DB_query("SELECT\n\t\t\t\t*, UNIX_TIMESTAMP(date) AS formated_date,\n\t\t\t\tUNIX_TIMESTAMP(shipping_date) AS formated_shipping_date\n\t\t\t\tFROM orders\n\t\t\t\tWHERE orders_id = " . $order_id);
$order = DB_fetchArray($order_query);
$tpl->assign('orderDate', $order['formated_date']);
$tpl->assign('shippingDate', $order['formated_shipping_date']);
$tpl->assign('orderid', $order_id);
$tpl->assign('bill_name', $order['bill_name']);
$tpl->assign('bill_street', $order['bill_street']);
$tpl->assign('bill_postcode', $order['bill_postcode']);
$tpl->assign('bill_city', $order['bill_city']);
$tpl->assign('bill_state', $order['bill_state']);
$tpl->assign('ship_name', $order['ship_name']);
$tpl->assign('ship_street', $order['ship_street']);
$tpl->assign('ship_postcode', $order['ship_postcode']);
$tpl->assign('ship_city', $order['ship_city']);
<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
// anscheinend ist include_db nicht wirklich nützlich, oder?
redirectURI("/orderer/categories.php");
/*
$LOG = new Log();
$tpl = new TemplateEngine("../user/template/categories.html","../user/template/frame.html",$lang["user_categories"]);
if (isset($_GET['catID'])) {
$requestedCategory = $_GET['catID'];
} else {
$requestedCategory = 0;
}
$tpl->assign('catID',$requestedCategory);
//Kategorie finden
if ($requestedCategory != 0) {
$query = DB_query("SELECT
*
FROM categories
WHERE categories_id = ".$requestedCategory);
$category = DB_fetchArray($query);
$tpl->assign('parent', $category['parent']);
} else {
$category = null;
$tpl->assign('parent',null);
}
// Warenkorb des Users erstellen
$userid = $_SESSION['user'];
$basket = restoreUserBasket($userid);
$tpl->assign('basket_array_bid', $basket["basket_array_bid"]);
$tpl->assign('basket_array_count', $basket["basket_array_count"]);
$tpl->assign('basket_array_pid', $basket["basket_array_pid"]);
$tpl->assign('basket_array_product', $basket["basket_array_product"]);
if (isset($_POST['action'])) {
$LOG->write('3', 'user/editUser.php: action set');
// Eigene Einstellungen editieren (mit Passwort)
if ($_POST['action'] == 'editSelf') {
$LOG->write('3', 'user/editUser.php: action=editSelf');
if ($_POST['password'] == $_POST['repeatPassword']) {
editSelfUser();
$LOG->write('2', 'Nutzer ' . $_GET['catID'] . ' bearbeitet');
redirectURI('/user/categories.php');
} else {
// falsche Passwortwiederholung
$passwordError = "1";
$tpl->assign('action', 'editSelf');
$tpl->assign('uID', $user->getID());
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->assign('password_error', $passwordError);
$tpl->assign('name', $_POST['name']);
$tpl->assign('lastname', $_POST['lastname']);
$tpl->assign('email', $_POST['email']);
$tpl->assign('bill_name', $_POST['bill_name']);
$tpl->assign('bill_street', $_POST['bill_street']);
$tpl->assign('bill_postcode', $_POST['bill_postcode']);
$tpl->assign('bill_city', $_POST['bill_city']);
<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
//include('../includes/functions/verifyuser.inc');
$user = restoreUser();
if ($user == null || !$user->checkPermissions(0, 0, 0, 1, 1)) {
redirectURI("/user/login.php", "camefrom=index.php");
}
$user = restoreUser();
if ($user != null && $user->checkPermissions(1, 1)) {
// falls Admin-Rechte
$isAdmin = 1;
} else {
$isAdmin = 0;
}
$LOG = new Log();
$tpl = new TemplateEngine("template/viewUser.html", "template/frame.html", $lang["orderer_users"]);
// Nutzerdaten einsehen
if (isset($_GET['uID'])) {
$LOG->write('3', 'orderer/viewUser.php');
$uID = $_GET['uID'];
$tpl->assign('uID', $uID);
//Alle Daten zum Benutzer
$users_query = DB_query("SELECT\n\t\t\t\tname,\n\t\t\t\tlastname,\n\t\t\t\temail,\n\t\t\t\tbill_name,\n\t\t\t\tbill_street,\n\t\t\t\tbill_postcode,\n\t\t\t\tbill_city,\n\t\t\t\tbill_state,\n\t\t\t\tship_name,\n\t\t\t\tship_street,\n\t\t\t\tship_postcode,\n\t\t\t\tship_city,\n\t\t\t\tship_state,\n\t\t\t\tbank_name,\n\t\t\t\tbank_iban,\n\t\t\t\tbank_number,\n\t\t\t\tbank_account\n\t\t\t\tFROM users\n\t\t\t\tWHERE users_id = " . $uID);
$userdata = DB_fetchArray($users_query);
$tpl->assign('name', $userdata['name']);
$tpl->assign('lastname', $userdata['lastname']);
$tpl->assign('email', $userdata['email']);
$tpl->assign('bill_name', $userdata['bill_name']);
$tpl->assign('bill_street', $userdata['bill_street']);
$catID = $_GET['catID'];
$tpl->assign('catID', $catID);
$tpl->assign('action', 'edit');
//Alte Daten zur Kategorie
$category_query = DB_query("SELECT\n\t\t\t\t\t*\n\t\t\t\t\tFROM categories\n\t\t\t\t\tWHERE categories_id = " . $catID);
$category = DB_fetchArray($category_query);
$tpl->assign('name', $category['name']);
$tpl->assign('description', $category['description']);
$tpl->assign('sort_order', $category['sort_order']);
$tpl->assign('active', $category['active']);
$tpl->assign('parent', $category['parent']);
$tpl->assign('error', $_GET['error']);
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->display();
} elseif ($_GET['action'] == 'delete') {
$LOG->write('3', 'admin/addCategory.php: get-action=delete');
DB_query("DELETE FROM categories WHERE categories_id=" . $_GET['catID']);
$LOG->write('2', 'Kategorie ' . $_GET['catID'] . ' gelöscht');
$parent = $_GET['parent'];
redirectURI('/admin/categories.php', 'catID=' . $parent);
} else {
$LOG->write('3', 'admin/addCategory.php: get-action=none');
$catID = $_GET['catID'];
$tpl->assign('catID', $catID);
$tpl->assign('action', 'add');
$tpl->assign('error', $_GET['error']);
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$tpl->display();
}
<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
//include('../includes/functions/verifyviewer.inc');
$user = restoreUser();
if ($user == null || !$user->checkPermissions(0, 0, 0, 1, 1)) {
redirectURI("/user/login.php");
}
if ($user != null && $user->checkPermissions(1, 1)) {
// falls Admin-Rechte
$isAdmin = 1;
} else {
$isAdmin = 0;
}
$LOG = new Log();
$tpl = new TemplateEngine("template/categories.html", "template/frame.html", $lang["orderer_categories"]);
if (isset($_GET['catID'])) {
$requestedCategory = $_GET['catID'];
} else {
$requestedCategory = 0;
}
$tpl->assign('catID', $requestedCategory);
//Kategorie finden
if ($requestedCategory != 0) {
$query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM categories\n\t\t\t\tWHERE categories_id = " . $requestedCategory);
$category = DB_fetchArray($query);
$tpl->assign('parent', $category['parent']);
} else {
$category = null;
$tpl->assign('parent', null);
include '../includes/includes.inc';
include '../includes/startApplication.php';
//include('../includes/functions/verifyviewer.inc');
$user = restoreUser();
if ($user != null && $user->checkPermissions(1, 1)) {
// falls Admin-Rechte
$isAdmin = 1;
} else {
$isAdmin = 0;
if ($user != null && $user->checkPermissions(0, 0, 0, 1, 1)) {
// wenn ORDERER
redirectURI("/orderer/index.php");
}
if ($user != null && $user->checkPermissions(0, 0, 1)) {
// wenn USER
redirectURI("/user/index.php");
}
}
$LOG = new Log();
$tpl = new TemplateEngine("template/viewProduct.html", "template/frame.html", $lang["viewer_viewProduct"]);
$LOG->write('3', 'viewer/viewProduct.php');
$pID = $_GET['pID'];
$tpl->assign('ID', $pID);
//Produktdaten
$product_query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM products\n\t\t\t\tWHERE products_id = " . $pID . "\n\t\t\t\tAND deleted = 0\n\t\t\t\tORDER BY sort_order, name\n\t\t\t\t");
$product = DB_fetchArray($product_query);
$tpl->assign('name', $product['name']);
$tpl->assign('description', $product['description']);
//$tpl->assign('sort_order',$product['sort_order']);
$tpl->assign('active', $product['active']);
// zur Unterscheidung, ob anzeigbar, weiterhin mitliefern
$sign = $_POST['sign'];
$forward = $_POST['camefrom'];
$login = loginUser($sign, $password);
if ($login && $forward != '') {
redirectURI('/admin/' . $forward);
} elseif ($login && $forward == '') {
redirectURI('/admin/index.php');
} elseif (!$login && $forward != '') {
redirectURI('/admin/login.php', 'error=failed&camefrom=' . $forward);
} else {
redirectURI('/admin/login.php', 'error=failed');
}
}
} elseif (isset($_GET['action'])) {
if ($_GET['action'] == 'logout') {
logoutUser();
redirectURI('/admin/index.php');
}
} else {
if (isset($_GET['camefrom'])) {
$tpl->assign('cf', $_GET['camefrom']);
} else {
$tpl->assign('cf', '');
}
if (isset($_GET['error'])) {
$tpl->assign('error', $_GET['error']);
} else {
$tpl->assign('error', '');
}
$tpl->display();
}
<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
// anscheinend ist include_db nicht wirklich nützlich, oder?
include '../includes/functions/verifyuser.inc';
redirectURI("/user/categories.php");
/*
$LOG = new Log();
$tpl = new TemplateEngine("../user/template/categories.html","../user/template/frame.html",$lang["user_categories"]);
if (isset($_GET['catID'])) {
$requestedCategory = $_GET['catID'];
} else {
$requestedCategory = 0;
}
$tpl->assign('catID',$requestedCategory);
//Kategorie finden
if ($requestedCategory != 0) {
$query = DB_query("SELECT
*
FROM categories
WHERE categories_id = ".$requestedCategory);
$category = DB_fetchArray($query);
$tpl->assign('parent', $category['parent']);
} else {
$category = null;
$tpl->assign('parent',null);
}
<?php
include '../includes/includes.inc';
include '../includes/startApplication.php';
//include('../includes/functions/verifyadmin.inc');
$user = restoreUser();
if ($user == null || !$user->checkPermissions(1, 1)) {
redirectURI("/admin/login.php", "camefrom=categories.php");
}
$LOG = new Log();
$tpl = new TemplateEngine("template/categories.html", "template/frame.html", $lang["admin_categories"]);
if (isset($_GET['catID'])) {
$requestedCategory = $_GET['catID'];
} else {
$requestedCategory = 0;
}
$tpl->assign('catID', $requestedCategory);
//Kategorie finden
if ($requestedCategory != 0) {
$query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM categories\n\t\t\t\tWHERE categories_id = " . $requestedCategory);
$category = DB_fetchArray($query);
$tpl->assign('parent', $category['parent']);
} else {
$category = null;
$tpl->assign('parent', null);
}
//Kinder finden
$children_query = DB_query("SELECT\n\t\t\t\t*\n\t\t\t\tFROM categories\n\t\t\t\tWHERE parent = " . $requestedCategory . "\n\t\t\t\tORDER BY sort_order, name");
$children = array();
while ($line = DB_fetchArray($children_query)) {
$list = array("id" => $line['categories_id'], "name" => $line['name'], "active" => $line['active']);
