function edit_coupon_form($id)
{
global $LANG;
if ($GLOBALS['me']) {
if ($GLOBALS['me']->Stores > 0) {
$coupon = \query\main::item_infos($id);
if ($coupon->userID !== $GLOBALS['me']->ID) {
return '<div class="info_form">' . $LANG['edit_cou_cant'] . '</div>';
}
$form = '<div class="edit_coupon_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_coupon_form']) && \site\utils::check_csrf($_POST['edit_coupon_form']['csrf'], 'edit_coupon_csrf')) {
$pd = \site\utils::validate_user_data($_POST['edit_coupon_form']);
try {
\user\main::edit_coupon($id, $GLOBALS['me']->ID, $pd);
$form .= '<div class="success">' . $LANG['edit_cou_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['edit_coupon_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#">
<div class="form_field"><label for="edit_coupon_form[store]">' . $LANG['submit_cou_addto'] . ':</label>
<div><select name="edit_coupon_form[store]" id="edit_coupon_form[store]">';
foreach (stores_custom(array('user' => $GLOBALS['me']->ID, 'max' => 0)) as $v) {
$form .= '<option value="' . $v->ID . '"' . (!isset($pd['store']) && $coupon->storeID == $v->ID || isset($pd['store']) && $pd['store'] == $v->ID ? ' selected' : '') . '>' . $v->name . '</option>';
}
$form .= '</select></div>
</div>
<div class="form_field"><label for="edit_coupon_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_coupon_form[name]" id="edit_coupon_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $coupon->title) . '" placeholder="' . $LANG['submit_cou_name_ph'] . '" required /></div></div>
<div class="form_field"><label for="edit_coupon_form[code]">' . $LANG['form_code'] . ':</label> <div><input type="text" name="edit_coupon_form[code]" id="edit_coupon_form[code]" value="' . (isset($pd['code']) ? $pd['code'] : $coupon->code) . '" placeholder="' . $LANG['submit_cou_code_ph'] . '" /></div></div>
<div class="form_field"><label for="edit_coupon_form[url]">' . $LANG['form_coupon_url'] . ':</label> <div><input type="text" name="edit_coupon_form[url]" id="edit_coupon_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $coupon->url) . '" placeholder="' . $LANG['submit_cou_url_ph'] . '" /></div></div>
<div class="form_field"><label for="edit_coupon_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_coupon_form[description]" id="edit_coupon_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $coupon->description) . '</textarea></div></div>
<div class="form_field"><label for="edit_coupon_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_coupon_form[tags]" id="edit_coupon_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $coupon->tags) . '" /></div></div>
<div class="form_field"><label for="edit_coupon_form[start]">' . $LANG['form_start_date'] . ':</label> <div><input type="date" name="edit_coupon_form[start]" id="edit_coupon_form[start]" value="' . (isset($pd['start']) ? $pd['start'] : date('Y-m-d', strtotime($coupon->start_date))) . '" style="width: 79%; margin-right: 1%;" /><input type="time" name="edit_coupon_form[start_hour]" value="' . (isset($pd['start_hour']) ? $pd['start_hour'] : date('H:i', strtotime($coupon->start_date))) . '" style="width: 20%" /></div></div>
<div class="form_field"><label for="edit_coupon_form[end]">' . $LANG['form_end_date'] . ':</label> <div><input type="date" name="edit_coupon_form[end]" id="edit_coupon_form[end]" value="' . (isset($pd['end']) ? $pd['end'] : date('Y-m-d', strtotime($coupon->expiration_date))) . '" style="width: 79%; margin-right: 1%;" /><input type="time" name="edit_coupon_form[end_hour]" value="' . (isset($pd['end_hour']) ? $pd['end_hour'] : date('H:i', strtotime($coupon->expiration_date))) . '" style="width: 20%" /></div></div>
<input type="hidden" name="edit_coupon_form[csrf]" value="' . $csrf . '" />
<button>' . $LANG['edit_cou_button'] . '</button>
</form>
</div>';
return $form;
} else {
return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>';
}
} else {
return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
}
}
}
echo '</ul>
</div>';
}
echo '<a href="?route=coupons.php&action=list" class="btn">' . $LANG['coupons_view'] . '</a>
</div>';
if (!empty($LANG['coupons_edit_subtitle'])) {
echo '<span>' . $LANG['coupons_edit_subtitle'] . '</span>';
}
echo '</div>';
if ($item_exists) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'coupons_csrf')) {
if (isset($_POST['store']) && isset($_POST['category']) && isset($_POST['name']) && isset($_POST['code']) && isset($_POST['description']) && isset($_POST['tags']) && isset($_POST['reward_points']) && isset($_POST['start']) && isset($_POST['end']) && isset($_POST['meta_title']) && isset($_POST['meta_desc'])) {
if (actions::edit_item($_GET['id'], array('store' => $_POST['store'], 'category' => $_POST['category'], 'popular' => isset($_POST['popular']) ? 1 : 0, 'exclusive' => isset($_POST['exclusive']) ? 1 : 0, 'name' => $_POST['name'], 'link' => !isset($_POST['coupon_ownlink']) && isset($_POST['link']) && filter_var($_POST['link'], FILTER_VALIDATE_URL) ? $_POST['link'] : '', 'code' => $_POST['code'], 'description' => $_POST['description'], 'tags' => $_POST['tags'], 'cashback' => $_POST['reward_points'], 'start' => $_POST['start']['date'] . ', ' . $_POST['start']['hour'], 'end' => $_POST['end']['date'] . ', ' . $_POST['end']['hour'], 'publish' => isset($_POST['publish']) ? 1 : 0, 'meta_title' => $_POST['meta_title'], 'meta_desc' => $_POST['meta_desc']))) {
$info = \query\main::item_infos($_GET['id']);
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
$_SESSION['coupons_csrf'] = $csrf;
echo '<div class="form-table">
<form action="#" method="POST" autocomplete="off">
<div class="row"><span>' . $LANG['form_store_id'] . ':</span><div data-search="store"><input type="text" name="store" value="' . $info->storeID . '" required /><a href="#">S</a></div></div>
<div class="row"><span>' . $LANG['form_category'] . ':</span>
<div><select name="category">';
public static function edit_coupon($id, $user, $post)
{
global $db, $LANG;
$post = array_map('trim', $post);
if (!isset($post['store']) || !\query\main::have_store($post['store'], $user)) {
throw new \Exception($LANG['msg_error']);
// this error can appear only when user try to modify post data
} else {
if (!isset($post['name']) || trim($post['name']) == '') {
throw new \Exception($LANG['edit_cou_writename']);
} else {
if (!isset($post['url']) || !empty($post['url']) && !preg_match('/(^http(s)?:\\/\\/)([a-zA-Z0-9-]{3,100}).([a-zA-Z]{2,12})/', $post['url'])) {
throw new \Exception($LANG['edit_cou_writeurl']);
} else {
if (!isset($post['description']) || strlen($post['description']) < 10) {
throw new \Exception($LANG['edit_cou_writedesc']);
} else {
$end = $post['end'] . ', ' . $post['end_hour'];
$info = \query\main::item_infos($id);
if (($end_unix = strtotime($post['end'])) > ($paid_until = strtotime($info->paid_until))) {
$prices = prices('object');
$now_unix = strtotime('today 00:00');
// cost for this coupon
$cost = (int) $prices->coupon * ceil(max(ceil(($end_unix - ($paid_until > $now_unix ? $paid_until : $now_unix)) / 86400), 1) / (int) $prices->coupon_max_days);
// save cost until
$paid_until = $end_unix;
} else {
// cost for this coupon
$cost = 0;
}
if ($GLOBALS['me']->Credits < $cost) {
throw new \Exception(sprintf($LANG['msg_notenoughpoints'], $cost, $GLOBALS['me']->Credits));
}
$stmt = $db->stmt_init();
$stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "coupons SET store = ?, title = ?, link = ?, description = ?, tags = ?, code = ?, start = ?, expiration = ?, lastupdate_by = ?, lastupdate = NOW(), paid_until = FROM_UNIXTIME(?) WHERE id = ?");
$start = $post['start'] . ', ' . $post['start_hour'];
if ($cost <= 0) {
$paid_until = strtotime($info->paid_until);
}
$stmt->bind_param("isssssssisi", $post['store'], $post['name'], $post['url'], $post['description'], $post['tags'], $post['code'], $start, $end, $user, $paid_until, $id);
$execute = $stmt->execute();
$stmt->close();
if ($execute) {
// deduct credits
\user\update::add_credits($GLOBALS['me']->ID, -$cost);
return true;
}
throw new \Exception($LANG['msg_error']);
}
}
}
}
}
<?php
/*
PUT THE OBJECT INTO A GLOBAL VARIABLE
*/
$GLOBALS['item'] = \query\main::item_infos(0, array('update_views' => ''));
$GLOBALS['exists'] = \query\main::item_exists(0, array('user_view' => ''));
/*
CHECK IF COUPON EXISTS
*/
function exists()
{
return $GLOBALS['exists'];
}
/*
INFORMATIONS ABOUT COUPON
*/
function the_item()
{
return $GLOBALS['item'];
}
/*
METATAGS - TITLE
*/
function meta_title()
{
if ($GLOBALS['exists'] > 0) {
if (!empty($GLOBALS['item']->meta_title)) {
$repl = array('%YEAR%' => date('Y'), '%MONTH%' => date('F'));
return str_replace(array_keys($repl), array_values($repl), $GLOBALS['item']->meta_title);
} else {
include LBDIR . '/iptocountry/class.php';
$myIP = \site\utils::getIP();
$aIP = new IpToCountry();
$aIP->IP = $myIP;
$IPinfos = $aIP->infos();
//
$coupon = $product = 0;
if (isset($_GET['id'])) {
$infos = \query\main::store_infos($_GET['id']);
$store = $infos->ID;
$url = $infos->url;
$type = 'Store';
$typeID = (int) $_GET['id'];
} else {
if (isset($_GET['coupon'])) {
$infos = \query\main::item_infos($_GET['coupon']);
$store = $infos->storeID;
$coupon = $infos->ID;
$url = $infos->url;
$type = 'Coupon';
$typeID = (int) $_GET['coupon'];
} else {
if (isset($_GET['product'])) {
$infos = \query\main::product_infos($_GET['product']);
$store = $infos->storeID;
$product = $infos->ID;
$url = $infos->url;
$type = 'Product';
$typeID = (int) $_GET['product'];
}
}
