if ($user == null || !$user->checkPermissions(1)) { redirectURI("/viewer/index.php"); } } $LOG = new Log(); $tpl = new TemplateEngine("template/viewProduct.html", "template/frame.html", $lang["user_viewProduct"]); $LOG->write('3', 'user/viewProduct.php'); $pID = $_GET['pID']; $tpl->assign('ID', $pID); // In den Warenkorb: if (isset($_POST['action'])) { $action = $_POST['action']; if ($action == "into_basket") { $pid = $_POST['pid']; $uid = $user->getID(); $date = actualDate(); // Product.stock zu der PID der aktuellen Aktion checken $fehlerArray = array(); // für Fehlermeldung, wenn Produktkapazität überschritten $countTry = $_POST['count']; // angeforderte Menge, die in den Warenkorb hinzugefügt werden soll $count = 0; $stock = 0; $name = null; // verfügbare Anzahl für dieses Produkt: $productStock_query = DB_query("\t\n\t\t\tSELECT\n\t\t\tstock, name\n\t\t\tFROM products\n\t\t\tWHERE products_id = {$pid} \n\t\t"); $zeile = DB_fetchArray($productStock_query); $stock = $zeile['stock']; $name = $zeile['name']; // Anzahl aller Produkte im Warenkorb mit dieser PID ermitteln und aufsummieren $productCount_query = DB_query("\t\n\t\t\tSELECT\n\t\t\tcount\n\t\t\tFROM basket\n\t\t\tWHERE products_id = {$pid}\n\t\t");
<?php include '../includes/includes.inc'; include '../includes/startApplication.php'; //include('../includes/functions/verifyadmin.inc'); $user = restoreUser(); if ($user == null || !$user->checkPermissions(1, 1)) { redirectURI("/admin/login.php", "camefrom=editOrder.php"); } $LOG = new Log(); $tpl = new TemplateEngine("template/editOrder.html", "template/frame.html", $lang["admin_orders"]); $order_id = $_GET['id']; if (isset($_POST['ordershipped'])) { $shipping_date = actualDate(); DB_query("UPDATE orders SET\n\t\t\tshipping_date = '" . $shipping_date . "'\n\t\t\tWHERE orders_id = " . $order_id); } //Alle Details zu der Bestellung finden $order_query = DB_query("SELECT\n\t\t\t\t*, UNIX_TIMESTAMP(date) AS formated_date,\n\t\t\t\tUNIX_TIMESTAMP(shipping_date) AS formated_shipping_date\n\t\t\t\tFROM orders\n\t\t\t\tWHERE orders_id = " . $order_id); $order = DB_fetchArray($order_query); $tpl->assign('orderDate', $order['formated_date']); $tpl->assign('shippingDate', $order['formated_shipping_date']); $tpl->assign('orderid', $order_id); $tpl->assign('bill_name', $order['bill_name']); $tpl->assign('bill_street', $order['bill_street']); $tpl->assign('bill_postcode', $order['bill_postcode']); $tpl->assign('bill_city', $order['bill_city']); $tpl->assign('bill_state', $order['bill_state']); $tpl->assign('ship_name', $order['ship_name']); $tpl->assign('ship_street', $order['ship_street']); $tpl->assign('ship_postcode', $order['ship_postcode']); $tpl->assign('ship_city', $order['ship_city']);