function edit_coupon_form($id) { global $LANG; if ($GLOBALS['me']) { if ($GLOBALS['me']->Stores > 0) { $coupon = \query\main::item_infos($id); if ($coupon->userID !== $GLOBALS['me']->ID) { return '<div class="info_form">' . $LANG['edit_cou_cant'] . '</div>'; } $form = '<div class="edit_coupon_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_coupon_form']) && \site\utils::check_csrf($_POST['edit_coupon_form']['csrf'], 'edit_coupon_csrf')) { $pd = \site\utils::validate_user_data($_POST['edit_coupon_form']); try { \user\main::edit_coupon($id, $GLOBALS['me']->ID, $pd); $form .= '<div class="success">' . $LANG['edit_cou_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['edit_coupon_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#"> <div class="form_field"><label for="edit_coupon_form[store]">' . $LANG['submit_cou_addto'] . ':</label> <div><select name="edit_coupon_form[store]" id="edit_coupon_form[store]">'; foreach (stores_custom(array('user' => $GLOBALS['me']->ID, 'max' => 0)) as $v) { $form .= '<option value="' . $v->ID . '"' . (!isset($pd['store']) && $coupon->storeID == $v->ID || isset($pd['store']) && $pd['store'] == $v->ID ? ' selected' : '') . '>' . $v->name . '</option>'; } $form .= '</select></div> </div> <div class="form_field"><label for="edit_coupon_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_coupon_form[name]" id="edit_coupon_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $coupon->title) . '" placeholder="' . $LANG['submit_cou_name_ph'] . '" required /></div></div> <div class="form_field"><label for="edit_coupon_form[code]">' . $LANG['form_code'] . ':</label> <div><input type="text" name="edit_coupon_form[code]" id="edit_coupon_form[code]" value="' . (isset($pd['code']) ? $pd['code'] : $coupon->code) . '" placeholder="' . $LANG['submit_cou_code_ph'] . '" /></div></div> <div class="form_field"><label for="edit_coupon_form[url]">' . $LANG['form_coupon_url'] . ':</label> <div><input type="text" name="edit_coupon_form[url]" id="edit_coupon_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $coupon->url) . '" placeholder="' . $LANG['submit_cou_url_ph'] . '" /></div></div> <div class="form_field"><label for="edit_coupon_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_coupon_form[description]" id="edit_coupon_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $coupon->description) . '</textarea></div></div> <div class="form_field"><label for="edit_coupon_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_coupon_form[tags]" id="edit_coupon_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $coupon->tags) . '" /></div></div> <div class="form_field"><label for="edit_coupon_form[start]">' . $LANG['form_start_date'] . ':</label> <div><input type="date" name="edit_coupon_form[start]" id="edit_coupon_form[start]" value="' . (isset($pd['start']) ? $pd['start'] : date('Y-m-d', strtotime($coupon->start_date))) . '" style="width: 79%; margin-right: 1%;" /><input type="time" name="edit_coupon_form[start_hour]" value="' . (isset($pd['start_hour']) ? $pd['start_hour'] : date('H:i', strtotime($coupon->start_date))) . '" style="width: 20%" /></div></div> <div class="form_field"><label for="edit_coupon_form[end]">' . $LANG['form_end_date'] . ':</label> <div><input type="date" name="edit_coupon_form[end]" id="edit_coupon_form[end]" value="' . (isset($pd['end']) ? $pd['end'] : date('Y-m-d', strtotime($coupon->expiration_date))) . '" style="width: 79%; margin-right: 1%;" /><input type="time" name="edit_coupon_form[end_hour]" value="' . (isset($pd['end_hour']) ? $pd['end_hour'] : date('H:i', strtotime($coupon->expiration_date))) . '" style="width: 20%" /></div></div> <input type="hidden" name="edit_coupon_form[csrf]" value="' . $csrf . '" /> <button>' . $LANG['edit_cou_button'] . '</button> </form> </div>'; return $form; } else { return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>'; } } else { return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>'; } }
} echo '</ul> </div>'; } echo '<a href="?route=coupons.php&action=list" class="btn">' . $LANG['coupons_view'] . '</a> </div>'; if (!empty($LANG['coupons_edit_subtitle'])) { echo '<span>' . $LANG['coupons_edit_subtitle'] . '</span>'; } echo '</div>'; if ($item_exists) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'coupons_csrf')) { if (isset($_POST['store']) && isset($_POST['category']) && isset($_POST['name']) && isset($_POST['code']) && isset($_POST['description']) && isset($_POST['tags']) && isset($_POST['reward_points']) && isset($_POST['start']) && isset($_POST['end']) && isset($_POST['meta_title']) && isset($_POST['meta_desc'])) { if (actions::edit_item($_GET['id'], array('store' => $_POST['store'], 'category' => $_POST['category'], 'popular' => isset($_POST['popular']) ? 1 : 0, 'exclusive' => isset($_POST['exclusive']) ? 1 : 0, 'name' => $_POST['name'], 'link' => !isset($_POST['coupon_ownlink']) && isset($_POST['link']) && filter_var($_POST['link'], FILTER_VALIDATE_URL) ? $_POST['link'] : '', 'code' => $_POST['code'], 'description' => $_POST['description'], 'tags' => $_POST['tags'], 'cashback' => $_POST['reward_points'], 'start' => $_POST['start']['date'] . ', ' . $_POST['start']['hour'], 'end' => $_POST['end']['date'] . ', ' . $_POST['end']['hour'], 'publish' => isset($_POST['publish']) ? 1 : 0, 'meta_title' => $_POST['meta_title'], 'meta_desc' => $_POST['meta_desc']))) { $info = \query\main::item_infos($_GET['id']); echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } $_SESSION['coupons_csrf'] = $csrf; echo '<div class="form-table"> <form action="#" method="POST" autocomplete="off"> <div class="row"><span>' . $LANG['form_store_id'] . ':</span><div data-search="store"><input type="text" name="store" value="' . $info->storeID . '" required /><a href="#">S</a></div></div> <div class="row"><span>' . $LANG['form_category'] . ':</span> <div><select name="category">';
public static function edit_coupon($id, $user, $post) { global $db, $LANG; $post = array_map('trim', $post); if (!isset($post['store']) || !\query\main::have_store($post['store'], $user)) { throw new \Exception($LANG['msg_error']); // this error can appear only when user try to modify post data } else { if (!isset($post['name']) || trim($post['name']) == '') { throw new \Exception($LANG['edit_cou_writename']); } else { if (!isset($post['url']) || !empty($post['url']) && !preg_match('/(^http(s)?:\\/\\/)([a-zA-Z0-9-]{3,100}).([a-zA-Z]{2,12})/', $post['url'])) { throw new \Exception($LANG['edit_cou_writeurl']); } else { if (!isset($post['description']) || strlen($post['description']) < 10) { throw new \Exception($LANG['edit_cou_writedesc']); } else { $end = $post['end'] . ', ' . $post['end_hour']; $info = \query\main::item_infos($id); if (($end_unix = strtotime($post['end'])) > ($paid_until = strtotime($info->paid_until))) { $prices = prices('object'); $now_unix = strtotime('today 00:00'); // cost for this coupon $cost = (int) $prices->coupon * ceil(max(ceil(($end_unix - ($paid_until > $now_unix ? $paid_until : $now_unix)) / 86400), 1) / (int) $prices->coupon_max_days); // save cost until $paid_until = $end_unix; } else { // cost for this coupon $cost = 0; } if ($GLOBALS['me']->Credits < $cost) { throw new \Exception(sprintf($LANG['msg_notenoughpoints'], $cost, $GLOBALS['me']->Credits)); } $stmt = $db->stmt_init(); $stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "coupons SET store = ?, title = ?, link = ?, description = ?, tags = ?, code = ?, start = ?, expiration = ?, lastupdate_by = ?, lastupdate = NOW(), paid_until = FROM_UNIXTIME(?) WHERE id = ?"); $start = $post['start'] . ', ' . $post['start_hour']; if ($cost <= 0) { $paid_until = strtotime($info->paid_until); } $stmt->bind_param("isssssssisi", $post['store'], $post['name'], $post['url'], $post['description'], $post['tags'], $post['code'], $start, $end, $user, $paid_until, $id); $execute = $stmt->execute(); $stmt->close(); if ($execute) { // deduct credits \user\update::add_credits($GLOBALS['me']->ID, -$cost); return true; } throw new \Exception($LANG['msg_error']); } } } } }
<?php /* PUT THE OBJECT INTO A GLOBAL VARIABLE */ $GLOBALS['item'] = \query\main::item_infos(0, array('update_views' => '')); $GLOBALS['exists'] = \query\main::item_exists(0, array('user_view' => '')); /* CHECK IF COUPON EXISTS */ function exists() { return $GLOBALS['exists']; } /* INFORMATIONS ABOUT COUPON */ function the_item() { return $GLOBALS['item']; } /* METATAGS - TITLE */ function meta_title() { if ($GLOBALS['exists'] > 0) { if (!empty($GLOBALS['item']->meta_title)) { $repl = array('%YEAR%' => date('Y'), '%MONTH%' => date('F')); return str_replace(array_keys($repl), array_values($repl), $GLOBALS['item']->meta_title); } else {
include LBDIR . '/iptocountry/class.php'; $myIP = \site\utils::getIP(); $aIP = new IpToCountry(); $aIP->IP = $myIP; $IPinfos = $aIP->infos(); // $coupon = $product = 0; if (isset($_GET['id'])) { $infos = \query\main::store_infos($_GET['id']); $store = $infos->ID; $url = $infos->url; $type = 'Store'; $typeID = (int) $_GET['id']; } else { if (isset($_GET['coupon'])) { $infos = \query\main::item_infos($_GET['coupon']); $store = $infos->storeID; $coupon = $infos->ID; $url = $infos->url; $type = 'Coupon'; $typeID = (int) $_GET['coupon']; } else { if (isset($_GET['product'])) { $infos = \query\main::product_infos($_GET['product']); $store = $infos->storeID; $product = $infos->ID; $url = $infos->url; $type = 'Product'; $typeID = (int) $_GET['product']; } }