Esempio n. 1
0
 public function HandleToDo($Do)
 {
     $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => 'index.php?ToDo=viewOrders');
     switch (isc_strtolower($Do)) {
         case 'saveneworder':
             $this->SaveNewOrder();
             break;
         case 'saveupdatedorder':
             $this->SaveUpdatedOrder();
             break;
         case "addorder":
             $this->AddOrder();
             break;
         case 'editorder':
             $this->EditOrder();
             break;
         case "createorderview":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['BreadcrumEntries'][GetLang('CreateOrderView')] = "index.php?ToDo=createOrderView";
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->CreateView();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "printmultiorderinvoices":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $this->PrintMultiInvoices();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "deletecustomordersearch":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->DeleteCustomSearch();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "customordersearch":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['BreadcrumEntries'][GetLang('CustomView')] = "index.php?ToDo=customOrderSearch";
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->CustomSearch();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "searchordersredirect":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['BreadcrumEntries'][GetLang('SearchResults')] = "index.php?ToDo=searchOrders";
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->SearchOrdersRedirect();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "searchorders":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['BreadcrumEntries'][GetLang('SearchResults')] = "index.php?ToDo=searchOrders";
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->SearchOrders();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "saveupdatedordermessage":
             if (!gzte11(ISC_LARGEPRINT)) {
                 exit;
             }
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Order_Messages)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('ViewMessages') => "index.php?ToDo=saveUpdatedOrderMessage");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->SavedUpdatedOrderMessage();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "editordermessage":
             if (!gzte11(ISC_LARGEPRINT)) {
                 exit;
             }
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Order_Messages)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('ViewMessages') => "index.php?ToDo=viewOrderMessages&orderId=" . @(int) $_GET['orderId'], GetLang('EditMessage') => "index.php?ToDo=editOrderMessage");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->EditOrderMessage();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "savenewordermessage":
             if (!gzte11(ISC_LARGEPRINT)) {
                 exit;
             }
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Order_Messages)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('ViewMessages') => "index.php?ToDo=saveUpdatedOrderMessage");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->SaveNewOrderMessage();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "createordermessage":
             if (!gzte11(ISC_LARGEPRINT)) {
                 exit;
             }
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Order_Messages)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('ViewMessages') => "index.php?ToDo=viewOrderMessages&orderId=" . @(int) $_GET['orderId'], GetLang('CreateMessage') => "index.php?ToDo=createOrderMessage");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->CreateOrderMessage();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "deleteordermessages":
             if (!gzte11(ISC_LARGEPRINT)) {
                 exit;
             }
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Order_Messages)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('ViewMessages') => "index.php?ToDo=saveUpdatedOrderMessage");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->DeleteOrderMessages();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "flagordermessage":
             if (!gzte11(ISC_LARGEPRINT)) {
                 exit;
             }
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Order_Messages)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('ViewMessages') => "index.php?ToDo=viewOrderMessages");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->FlagOrderMessage();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "updateordermessagestatus":
             if (!gzte11(ISC_LARGEPRINT)) {
                 exit;
             }
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Order_Messages)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('ViewMessages') => "index.php?ToDo=viewOrderMessages");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->UpdateOrderMessageStatus();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "viewordermessages":
             if (!gzte11(ISC_LARGEPRINT)) {
                 exit;
             }
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Order_Messages)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('ViewMessages') => "index.php?ToDo=viewOrderMessages");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->ViewOrderMessages();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "deleteorders":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Delete_Orders)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->DeleteOrders();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "printorderinvoice":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $this->PrintInvoice();
             } else {
                 echo "<script type=\"text/javascript\">window.close();</script>";
             }
             break;
         case "importordertrackingnumbers":
             if (gzte11(ISC_MEDIUMPRINT)) {
                 if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Import_Order_Tracking_Numbers)) {
                     if (!gzte11(ISC_MEDIUMPRINT)) {
                         exit;
                     }
                     $this->ImportTrackingNumbers();
                 } else {
                     $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
                 }
             }
             break;
         case "viewsingleorder":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $output = ISC_ADMIN_REMOTE::GetOrderQuickView();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
                 echo $output;
             }
             break;
         case "updatemultiorderstatus":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['ISC_CLASS_TEMPLATE']->SetTemplate("pageheader.popup");
                 $GLOBALS['ISC_CLASS_TEMPLATE']->ParseTemplate();
                 $this->updateOrderStatusBox();
                 $GLOBALS['ISC_CLASS_TEMPLATE']->SetTemplate("pagefooter.popup");
                 $GLOBALS['ISC_CLASS_TEMPLATE']->ParseTemplate();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "refundorder":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->RefundOrder();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
             /* Added for Save and Pay -- Baskaran */
         /* Added for Save and Pay -- Baskaran */
         case "payorder":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('PayOrder') => "index.php?ToDo=viewOrderMessages");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->payOrder();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
         case "paymentorder":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('PayOrder') => "index.php?ToDo=viewOrderMessages");
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->PaymentOrder();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
             //Wirror_20110301: confirm the order
         //Wirror_20110301: confirm the order
         case "confirmorder":
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('ConfirmOrder') => 'index.php?ToDo=confirmOrder');
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 $this->ConfirmOrder();
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
             break;
             /* Baskaran */
         /* Baskaran */
         default:
             if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Orders)) {
                 if (isset($_GET['searchQuery'])) {
                     $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders", GetLang('SearchResults') => "index.php?ToDo=viewOrders");
                 } else {
                     $GLOBALS['BreadcrumEntries'] = array(GetLang('Home') => "index.php", GetLang('Orders') => "index.php?ToDo=viewOrders");
                 }
                 if (GetSession('ordersearch') > 0) {
                     if (!isset($_GET['searchId'])) {
                         $_GET['searchId'] = GetSession('ordersearch');
                         $_REQUEST['searchId'] = GetSession('ordersearch');
                     }
                     if ($_GET['searchId'] > 0) {
                         $GLOBALS['BreadcrumEntries'] = array_merge($GLOBALS['BreadcrumEntries'], array(GetLang('CustomView') => "index.php?ToDo=customOrderSearch"));
                     }
                 }
                 if (!isset($_REQUEST['ajax'])) {
                     $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintHeader();
                 }
                 if (GetSession('ordersearch') > 0) {
                     $this->CustomSearch();
                 } else {
                     UnsetSession('ordersearch');
                     $this->ManageOrders();
                 }
                 if (!isset($_REQUEST['ajax'])) {
                     $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->PrintFooter();
                 }
             } else {
                 $GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
             }
     }
 }
Esempio n. 2
0
	/**
	* Takes a product id and product image id and modifies the sorting values of all affected product images to "move this image after another image"
	*
	* @param ISC_ADMIN_REMOTE $remote
	*/
	public function remoteMoveImageAfterOtherImage(ISC_ADMIN_REMOTE $remote)
	{
		// this method is used instead of simply receiving a full serialize of the new product order, it allows us to update more efficiently by knowing which image was moved and only updating the affected sort orders

		$response = array();

		$productId = false;
		$productHash = false;

		if (isset($_POST['product'])) {
			$productId = (int)@$_POST['product'];
			if (!isId($productId) || !ProductExists($productId)) {
				$response[] = $remote->MakeXMLTag('error', GetLang('ProductDoesntExist'), true);
			} else if (!$GLOBALS["ISC_CLASS_ADMIN_AUTH"]->HasPermission(AUTH_Edit_Products)) {
				$response[] = $remote->MakeXMLTag('error', GetLang('Unauthorized'), true);
			}
		} else if (isset($_POST['hash']) && $_POST['hash']) {
			$productHash = $_POST['hash'];
			if (!$GLOBALS["ISC_CLASS_ADMIN_AUTH"]->HasPermission(AUTH_Create_Product)) {
				$response[] = $remote->MakeXMLTag('error', GetLang('Unauthorized'), true);
			}
		} else {
			$response[] = $remote->MakeXMLTag('error', GetLang('ProductDoesntExist'), true);
		}

		if (!empty($response)) {
			$remote->SendXMLHeader();
			$remote->SendXMLResponse($response);
			die();
		}

		$moveId = (int)$_POST['move'];

		try {
			$moveImage = new ISC_PRODUCT_IMAGE($moveId);
		} catch (ISC_PRODUCT_IMAGE_INVALIDID_EXCEPTION $e) {
			$response[] = $remote->MakeXMLTag('error', sprintf(GetLang('ProductImageInvalidId'), $moveId), true);
		} catch (ISC_PRODUCT_IMAGE_RECORDNOTFOUND_EXCEPTION $e) {
			$response[] = $remote->MakeXMLTag('error', sprintf(GetLang('ProductImageNotFound'), $moveId), true);
		} catch (Exception $e) {
			$response[] = $remote->MakeXMLTag('error', GetLang('ProductImageMoveDatabaseError'), true);
		}

		if (!empty($response)) {
			$remote->SendXMLHeader();
			$remote->SendXMLResponse($response);
			die();
		}

		$moveSort = $moveImage->getSort();

		if ($productId && $moveImage->getProductId() !== $productId || $productHash && $moveImage->getProductHash() !== $productHash) {
			// provided image id does not belong to provided product id
			$response[] = $remote->MakeXMLTag('error', sprintf(GetLang('ProductImageMismatchError'), $moveId, $productId), true);
			$remote->SendXMLHeader();
			$remote->SendXMLResponse($response);
			die();
		}

		if (isset($_POST['after'])) {
			$afterId = (int)$_POST['after'];

			try {
				$afterImage = new ISC_PRODUCT_IMAGE($afterId);
			} catch (ISC_PRODUCT_IMAGE_INVALIDID_EXCEPTION $e) {
				$response[] = $remote->MakeXMLTag('error', sprintf(GetLang('ProductImageInvalidId'), $afterId), true);
				$remote->SendXMLHeader();
				$remote->SendXMLResponse($response);
				die();
			} catch (ISC_PRODUCT_IMAGE_RECORDNOTFOUND_EXCEPTION $e) {
				$response[] = $remote->MakeXMLTag('error', sprintf(GetLang('ProductImageNotFound'), $afterId), true);
				$remote->SendXMLHeader();
				$remote->SendXMLResponse($response);
				die();
			} catch (Exception $e) {
				$response[] = $remote->MakeXMLTag('error', GetLang('ProductImageMoveDatabaseError'), true);
				$remote->SendXMLHeader();
				$remote->SendXMLResponse($response);
				die();
			}

			if ($productId && $afterImage->getProductId() !== $productId || $productHash && $afterImage->getProductHash() !== $productHash) {
				// provided image id does not belong to provided product id
				$response[] = $remote->MakeXMLTag('error', sprintf(GetLang('ProductImageMismatchError'), $afterId, $productId), true);
				$remote->SendXMLHeader();
				$remote->SendXMLResponse($response);
				die();
			}

			$afterSort = $afterImage->getSort();
		} else {
			$after = false;
			$afterSort = -1;
		}

		if ($moveImage->getProductHash()) {
			if (!$GLOBALS["ISC_CLASS_ADMIN_AUTH"]->HasPermission(AUTH_Create_Product)) {
				$response[] = GetLang('Unauthorized');
				$remote->SendXMLHeader();
				$remote->SendXMLResponse($response);
				die();
			}
		} else {
			if (!$GLOBALS["ISC_CLASS_ADMIN_AUTH"]->HasPermission(AUTH_Edit_Products)) {
				$response[] = GetLang('Unauthorized');
				$remote->SendXMLHeader();
				$remote->SendXMLResponse($response);
				die();
			}
		}

		// create an sql query to shift all sorting values between the two anchor points
		if ($moveSort > $afterSort) {
			$sql = "UPDATE `[|PREFIX|]product_images` SET imagesort = imagesort + 1 WHERE imageprodid = " . $moveImage->getProductId() . " AND imagesort > " . $afterSort . " AND imagesort < " . $moveSort;
			$newSort = $afterSort + 1;
		} else {
			$sql = "UPDATE `[|PREFIX|]product_images` SET imagesort = imagesort - 1 WHERE imageprodid = " . $moveImage->getProductId() . " AND imagesort > " . $moveSort . " AND imagesort <= " . $afterSort;
			$newSort = $afterSort;
		}

		$db = $GLOBALS['ISC_CLASS_DB'];

		$db->Query("SET autocommit = 0");
		$db->Query("LOCK TABLES `[|PREFIX|]product_images` WRITE");

		$result = $db->Query($sql);

		if ($result) {
			$moveImage->setSort($newSort);

			try {
				$moveImage->saveToDatabase(false);
				$db->Query("COMMIT");
				$response[] = $remote->MakeXMLTag('success', GetLang('ProductImagesSortOrderChanged'), true);
			} catch (Exception $e) {
				$db->Query("ROLLBACK");
				$response[] = $remote->MakeXMLTag('success', GetLang('ProductImageMoveDatabaseError'), true);
			}
			$db->Query("UNLOCK TABLES");

		} else {
			$db->Query("ROLLBACK");
			$db->Query("UNLOCK TABLES");
			$response[] = $remote->MakeXMLTag('success', GetLang('ProductImageMoveDatabaseError'), true);
		}

		$remote->SendXMLHeader();
		$remote->SendXMLResponse($response);
		die();
	}