function edit_product_form($id)
{
global $LANG;
if ($GLOBALS['me']) {
if ($GLOBALS['me']->Stores > 0) {
$product = \query\main::product_infos($id);
if ($product->userID !== $GLOBALS['me']->ID) {
return '<div class="info_form">' . $LANG['edit_prod_cant'] . '</div>';
}
/* */
$product_image = $product->image;
$form = '<div class="edit_product_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_product_form']) && \site\utils::check_csrf($_POST['edit_product_form']['csrf'], 'edit_coupon_csrf')) {
$pd = \site\utils::validate_user_data($_POST['edit_product_form']);
try {
$post_info = \user\main::edit_product($id, $GLOBALS['me']->ID, $pd);
$product_image = $post_info->image;
$form .= '<div class="success">' . $LANG['edit_cou_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['edit_coupon_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#" enctype="multipart/form-data">
<div class="form_field"><label for="edit_product_form[store]">' . $LANG['submit_prod_addto'] . ':</label>
<div><select name="edit_product_form[store]" id="edit_product_form[store]">';
foreach (stores_custom(array('user' => $GLOBALS['me']->ID, 'max' => 0)) as $v) {
$form .= '<option value="' . $v->ID . '"' . (!isset($pd['store']) && $product->storeID == $v->ID || isset($pd['store']) && $pd['store'] == $v->ID ? ' selected' : '') . '>' . $v->name . '</option>';
}
$form .= '</select></div>
</div>
<div class="form_field"><label for="edit_product_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_product_form[name]" id="edit_product_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $product->title) . '" placeholder="' . $LANG['submit_prod_name_ph'] . '" required /></div></div>
<div class="form_field"><label for="edit_product_form[price]">' . $LANG['form_price'] . ':</label> <div><input type="text" name="edit_product_form[price]" id="edit_product_form[price]" value="' . (isset($pd['price']) ? $pd['price'] : (empty($product->price) ? '' : $product->price)) . '" placeholder="' . $LANG['submit_prod_price_ph'] . '" /></div></div>
<div class="form_field"><label for="edit_product_form[old_price]">' . $LANG['form_old_price'] . ':</label> <div><input type="text" name="edit_product_form[old_price]" id="edit_product_form[old_price]" value="' . (isset($pd['old_price']) ? $pd['old_price'] : (empty($product->old_price) ? '' : $product->old_price)) . '" placeholder="' . $LANG['submit_prod_oldprice_ph'] . '" /></div></div>
<div class="form_field"><label for="edit_product_form[currency]">' . $LANG['form_currency'] . ':</label> <div><input type="text" name="edit_product_form[currency]" id="edit_product_form[currency]" value="' . (isset($pd['currency']) ? $pd['currency'] : $product->currency) . '" /></div></div>
<div class="form_field"><label for="edit_product_form[url]">' . $LANG['form_product_url'] . ':</label> <div><input type="text" name="edit_product_form[url]" id="edit_product_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $product->url) . '" placeholder="' . $LANG['submit_cou_url_ph'] . '" /></div></div>
<div class="form_field"><label for="edit_product_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_product_form[description]" id="edit_product_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $product->description) . '</textarea></div></div>
<div class="form_field"><label for="edit_product_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_product_form[tags]" id="edit_product_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $product->tags) . '" /></div></div>
<div class="form_field"><label for="edit_product_form_image">' . $LANG['form_image'] . ':</label> <div><img src="' . product_avatar($product_image) . '" alt="" style="width:90px; height:90px;" /> <input type="file" name="edit_product_form_image" id="edit_product_form_image" />
<span>Note:* max width: 800px, max height: 800px.</span></div></div>
<div class="form_field"><label for="edit_product_form[start]">' . $LANG['form_start_date'] . ':</label> <div><input type="date" name="edit_product_form[start]" id="edit_product_form[start]" value="' . (isset($pd['start']) ? $pd['start'] : date('Y-m-d', strtotime($product->start_date))) . '" style="width: 79%; margin-right: 1%;" /><input type="time" name="edit_product_form[start_hour]" value="' . (isset($pd['start_hour']) ? $pd['start_hour'] : date('H:i', strtotime($product->start_date))) . '" style="width: 20%" /></div></div>
<div class="form_field"><label for="edit_product_form[end]">' . $LANG['form_end_date'] . ':</label> <div><input type="date" name="edit_product_form[end]" id="edit_product_form[end]" value="' . (isset($pd['end']) ? $pd['end'] : date('Y-m-d', strtotime($product->expiration_date))) . '" style="width: 79%; margin-right: 1%;" /><input type="time" name="edit_product_form[end_hour]" value="' . (isset($pd['end_hour']) ? $pd['end_hour'] : date('H:i', strtotime($product->expiration_date))) . '" style="width: 20%" /></div></div>
<input type="hidden" name="edit_product_form[csrf]" value="' . $csrf . '" />
<button>' . $LANG['edit_prod_button'] . '</button>
</form>
</div>';
return $form;
} else {
return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>';
}
} else {
return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
}
}
<?php
/*
PUT THE OBJECT INTO A GLOBAL VARIABLE
*/
$GLOBALS['item'] = \query\main::product_infos(0, array('update_views' => ''));
$GLOBALS['exists'] = \query\main::product_exists(0, array('user_view' => ''));
/*
CHECK IF PRODUCT EXISTS
*/
function exists()
{
return $GLOBALS['exists'];
}
/*
INFORMATIONS ABOUT PRODUCT
*/
function the_item()
{
return $GLOBALS['item'];
}
/*
METATAGS - TITLE
*/
function meta_title()
{
if ($GLOBALS['exists'] > 0) {
if (!empty($GLOBALS['item']->meta_title)) {
$repl = array('%YEAR%' => date('Y'), '%MONTH%' => date('F'));
return str_replace(array_keys($repl), array_values($repl), $GLOBALS['item']->meta_title);
} else {
public static function delete_product_image($id)
{
global $db;
if (!ab_to(array('products' => 'edit'))) {
return false;
}
$id = (array) $id;
$stmt = $db->stmt_init();
foreach ($id as $ID) {
if (\query\main::product_exists($ID)) {
$product = \query\main::product_infos($ID);
$stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "products SET image = '' WHERE id = ?");
$stmt->bind_param("i", $ID);
$stmt->execute();
if (!empty($product->image)) {
@unlink(DIR . '/' . $product->image);
}
}
}
@$stmt->close();
return true;
}
public static function edit_product($id, $user, $post)
{
global $db, $LANG;
$post = array_map('trim', $post);
if (!isset($post['store']) || !\query\main::have_store($post['store'], $user)) {
throw new \Exception($LANG['msg_error']);
// this error can appear only when user try to modify post data
} else {
if (!isset($post['name']) || trim($post['name']) == '') {
throw new \Exception($LANG['edit_prod_writename']);
} else {
if (!isset($post['url']) || !empty($post['url']) && !preg_match('/(^http(s)?:\\/\\/)([a-zA-Z0-9-]{3,100}).([a-zA-Z]{2,12})/', $post['url'])) {
throw new \Exception($LANG['edit_prod_writeurl']);
} else {
if (!isset($post['description']) || strlen($post['description']) < 10) {
throw new \Exception($LANG['edit_prod_writedesc']);
} else {
$end = $post['end'] . ', ' . $post['end_hour'];
$info = \query\main::product_infos($id);
if (($end_unix = strtotime($post['end'])) > ($paid_until = strtotime($info->paid_until))) {
$prices = prices('object');
$now_unix = strtotime('today 00:00');
// cost for this product
$cost = (int) $prices->product * ceil(max(ceil(($end_unix - ($paid_until > $now_unix ? $paid_until : $now_unix)) / 86400), 1) / (int) $prices->product_max_days);
// save cost until
$paid_until = $end_unix;
} else {
// cost for this product
$cost = 0;
}
if ($GLOBALS['me']->Credits < $cost) {
throw new \Exception(sprintf($LANG['msg_notenoughpoints'], $cost, $GLOBALS['me']->Credits));
}
$image = \site\images::upload($_FILES['edit_product_form_image'], 'product_', array('path' => '', 'max_size' => 1024, 'max_width' => 800, 'max_height' => 800, 'current' => $info->image));
$stmt = $db->stmt_init();
$stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "products SET store = ?, title = ?, link = ?, description = ?, tags = ?, image = ?, price = ?, old_price = ?, currency = ?, start = ?, expiration = ?, lastupdate_by = ?, lastupdate = NOW(), paid_until = FROM_UNIXTIME(?) WHERE id = ?");
$start = $post['start'] . ', ' . $post['start_hour'];
if ($cost <= 0) {
$paid_until = strtotime($info->paid_until);
}
$stmt->bind_param("isssssddsssisi", $post['store'], $post['name'], $post['url'], $post['description'], $post['tags'], $image, $post['price'], $post['old_price'], $post['currency'], $start, $end, $user, $paid_until, $id);
$execute = $stmt->execute();
$stmt->close();
if ($execute) {
// deduct credits
\user\update::add_credits($GLOBALS['me']->ID, -$cost);
return (object) array('image' => $image);
}
throw new \Exception($LANG['msg_error']);
}
}
}
}
}
$infos = \query\main::store_infos($_GET['id']);
$store = $infos->ID;
$url = $infos->url;
$type = 'Store';
$typeID = (int) $_GET['id'];
} else {
if (isset($_GET['coupon'])) {
$infos = \query\main::item_infos($_GET['coupon']);
$store = $infos->storeID;
$coupon = $infos->ID;
$url = $infos->url;
$type = 'Coupon';
$typeID = (int) $_GET['coupon'];
} else {
if (isset($_GET['product'])) {
$infos = \query\main::product_infos($_GET['product']);
$store = $infos->storeID;
$product = $infos->ID;
$url = $infos->url;
$type = 'Product';
$typeID = (int) $_GET['product'];
}
}
}
// prepare URL for traking
$ID_replace = $GLOBALS['me'] ? $GLOBALS['me']->ID : 'UNL';
$url = str_ireplace(array('{TYPE}', '{UID}', '{ID}', '_mystore365_track_id_'), array($type, $ID_replace, $typeID, $type . '_' . $ID_replace . '_' . $typeID), $url);
$stmt = $db->stmt_init();
$stmt->prepare("SELECT COUNT(*) FROM " . DB_TABLE_PREFIX . "click WHERE store = ? AND coupon = ? AND product = ? AND ipaddr = ? AND date > DATE_ADD(NOW(), INTERVAL -5 MINUTE)");
$stmt->bind_param("iiis", $store, $coupon, $product, $myIP);
$stmt->execute();
}
echo '</ul>
</div>';
}
echo '<a href="?route=products.php&action=list" class="btn">' . $LANG['products_view'] . '</a>
</div>';
if (!empty($LANG['products_edit_subtitle'])) {
echo '<span>' . $LANG['products_edit_subtitle'] . '</span>';
}
echo '</div>';
if ($item_exists) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'products_csrf')) {
if (isset($_POST['store']) && isset($_POST['category']) && isset($_POST['name']) && isset($_POST['price']) && isset($_POST['old_price']) && isset($_POST['currency']) && isset($_POST['description']) && isset($_POST['tags']) && isset($_POST['reward_points']) && isset($_POST['start']) && isset($_POST['end']) && isset($_POST['meta_title']) && isset($_POST['meta_desc'])) {
if (actions::edit_product($_GET['id'], array('store' => $_POST['store'], 'image_url' => $_POST['image_url'], 'category' => $_POST['category'], 'popular' => isset($_POST['popular']) ? 1 : 0, 'name' => $_POST['name'], 'price' => $_POST['price'], 'old_price' => $_POST['old_price'], 'currency' => strtoupper($_POST['currency']), 'link' => !isset($_POST['product_ownlink']) && isset($_POST['link']) && filter_var($_POST['link'], FILTER_VALIDATE_URL) ? $_POST['link'] : '', 'description' => $_POST['description'], 'tags' => $_POST['tags'], 'cashback' => $_POST['reward_points'], 'start' => $_POST['start']['date'] . ', ' . $_POST['start']['hour'], 'end' => $_POST['end']['date'] . ', ' . $_POST['end']['hour'], 'publish' => isset($_POST['publish']) ? 1 : 0, 'meta_title' => $_POST['meta_title'], 'meta_desc' => $_POST['meta_desc']))) {
$info = \query\main::product_infos($_GET['id']);
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_GET['type']) && isset($_GET['token']) && check_csrf($_GET['token'], 'products_csrf')) {
if ($_GET['type'] == 'delete_image') {
if (isset($_GET['id'])) {
if (actions::delete_product_image($_GET['id'])) {
$info->image = '';
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
