// hier erfolgt der mail-versand bzw db-eintrag if ($ausgaben["form_error"] == "") { if ($mail_order == -1) { if ($confirm == -1) { $cfg["autoform"]["captcha"]["letter_pot"] ? $put = $cfg["autoform"]["captcha"] : ($put["letter_pot"] = "abcde"); $hazard = crc32(captcha_randomize("43", $put)); $bestaetigungslink = "http://" . $_SERVER["HTTP_HOST"] . $environment["ebene"] . ".html?eintragen=" . $hazard; $message = parser($cfg["autoform"]["location"][$environment["ebene"]]["email"]["confirm_template"], ""); mail($_POST[$cfg["autoform"]["location"][$environment["ebene"]]["email"]["form_email_feld"]], "Confirm", $message); } else { foreach ($_POST as $key => $value) { ${$key} = $value; } $message1 = parser($cfg["autoform"]["location"][$environment["ebene"]]["email"]["template1"], ""); $message2 = parser($cfg["autoform"]["location"][$environment["ebene"]]["email"]["template2"], ""); mail_order($_POST, $cfg["autoform"]["location"][$environment["ebene"]]["email"]); } } if ($db_entry == -1) { $kick = array("PHPSESSID", "form_referer", "send", "last_viewed", "captcha", "captcha_proof"); foreach ($_POST as $name => $value) { if (!in_array($name, $kick) && !strstr($name, ")")) { // posts absichern if (!get_magic_quotes_gpc()) { $value = addslashes($value); } if ($sqla != "") { $sqla .= ", "; } if ($sqlb != "") { $sqlb .= ", ";
function save_order($customer_id, $delivery_id, $payment_id, $comment) { $comment = clear($comment); $query = "INSERT INTO `order` (customer_id, data, delivery_id, payment_id, comment)\n VALUES ({$customer_id}, NOW(), {$delivery_id}, '{$payment_id}', '{$comment}')"; mysql_query($query) or die(mysql_error()); //в переменную не сохраняем, т к результат запроса нам не потребуется if (mysql_affected_rows() == -1) { //фун-я возвращает колво измененных строк в результате последнего запроса // если не получилось сохранить заказ то удаляем гостя-заказчика из таблицы mysql_query("DELETE FROM customers \n WHERE customer_id = {$customer_id}\n AND login = ''"); return false; //далее выполнение прекращается } $order_id = mysql_insert_id(); //id последнего вставленного запороса //id сохраненного заказа //для отправления в запросе в таблицу заказыннй товар foreach ($_SESSION['card'] as $goods_id => $value) { $val .= "({$order_id}, {$goods_id}, {$value['qty']}, '{$value['name']}', {$value['price']}),"; } $val = substr($val, 0, -1); //удаляем последнюю запятую //заполняем таблицу заказ товар $query = "INSERT INTO order_goods (order_id, goods_id, quantity, name, price)\n VALUES {$val}"; mysql_query($query) or die(mysql_error()); if (mysql_affected_rows() == -1) { //если не выгрузился заказ, то удаляем его (order) и заказчика-гостя (customers) тоже mysql_query("DELETE FROM `order` WHERE order_id = {$order_id}"); mysql_query("DELETE FROM customers \n WHERE customer_id = {$customer_id}\n AND login = ''"); return false; } else { //количество товара $i = 0; foreach ($_SESSION['card'] as $goods_id => $value) { $query = "SELECT quantity FROM goods WHERE goods_id = '{$goods_id}' LIMIT 1"; $res = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($res); $qty = $row['quantity']; //echo $qty; $qty = $qty - $value['qty']; //echo $qty; $query = "UPDATE goods SET quantity = '{$qty}'\n WHERE goods_id = '{$goods_id}'"; mysql_query($query) or die(mysql_error()); } } if ($_SESSION['auth']['email']) { $email = $_SESSION['auth']['email']; } else { $email = $_SESSION['order']['email']; } // если работаем с гостем mail_order($order_id, $email); //если заказ прошел удачно, то удаляем корзину unset($_SESSION['card']); unset($_SESSION['total_sum']); unset($_SESSION['total_quantity']); $_SESSION['order']['res'] = "<div class='success'>Ваш заказ проведен успешно! Ожидайте звонка менеджера.</div>"; return true; }
function save_order($customer_id, $prim) { $query = "INSERT INTO orders (`customer_id`, `date`, `prim`)\n VALUES ({$customer_id}, NOW(), '{$prim}')"; mysql_query($query) or die(mysql_error()); if (mysql_affected_rows() == -1) { // если не получилось сохранить заказ - удаляем заказчика mysql_query("DELETE FROM customers\n WHERE customer_id = {$customer_id} AND login = ''"); return false; } $order_id = mysql_insert_id(); // ID сохраненного заказа foreach ($_SESSION['cart'] as $goods_id => $value) { $val .= "({$order_id}, {$goods_id}, {$value['qty']}),"; } $val = substr($val, 0, -1); // удаляем последнюю запятую $query = "INSERT INTO zakaz_tovar (orders_id, goods_id, quantity)\n VALUES {$val}"; mysql_query($query) or die(mysql_error()); if (mysql_affected_rows() == -1) { // если не выгрузился заказа - удаляем заказчика (customers) и заказ (orders) mysql_query("DELETE FROM orders WHERE order_id = {$order_id}"); mysql_query("DELETE FROM customers\n WHERE customer_id = {$customer_id} AND login = ''"); return false; } if (isset($_SESSION['auth']['email'])) { $email = $_SESSION['auth']['email']; } else { $email = $_SESSION['order']['email']; } mail_order($order_id, $email); // если заказ выгрузился unset($_SESSION['cart']); unset($_SESSION['total_sum']); unset($_SESSION['total_quantity']); $_SESSION['order']['res'] = "<div>Спасибо за Ваш заказ. В ближайшее время мы с вами свяжемся.</div>"; return true; }
$free_or_not .= "X"; } if ($_POST['free_item_2'] == $row['id']) { $free_or_not .= "X"; } $msg .= "<tr>" . "<td style=\"" . $row_style . "text-align:left;\">" . $row['name'] . "</td>" . "<td style=\"" . $row_style . "text-align:left;\">" . $row['type'] . "</td>" . "<td style=\"" . $row_style . "\">" . $row['size'] . "</td>" . "<td style=\"" . $row_style . "\">" . $qtys[$row['id']] . "</td>" . "<td style=\"" . $row_style . "\">\$" . number_format($row['price'], 2) . "</td>" . "<td style=\"" . $row_style . "text-align:right;\">\$" . number_format($qtys[$row['id']] * $row['price'], 2) . "</td>" . "<td style=\"" . $row_style . "\">" . $free_or_not . "</td></tr>\n"; if ($row_count > 1) { $insert_query .= ", "; } $insert_query .= "('" . $order_number . "','" . $_SESSION['user_real_name'] . "','" . $row['name'] . "','" . $row['description'] . "','" . $row['type'] . "','" . $row['size'] . "'," . number_format($row['price'], 2) . "," . $qtys[$row['id']] . "," . strlen($free_or_not) . ")"; } $insert_query .= ";"; $msg .= "<tr><td colspan=\"5\" style=\"text-align:right;\">Subtotal:</td><td style=\"text-align:right;\">\$" . $_POST['final_subtotal1'] . "</td></tr>\n" . "<tr><td colspan=\"5\" style=\"text-align:right;\">Free Item #1:</td><td style=\"text-align:right;\">\$" . $_POST['free_item_1_1'] . "</td></tr>\n" . "<tr><td colspan=\"5\" style=\"text-align:right;\">Free Item #2:</td><td style=\"text-align:right;\">\$" . $_POST['free_item_2_1'] . "</td></tr>\n" . "<tr><td colspan=\"5\" style=\"text-align:right;\">Grand Total:</td><td style=\"text-align:right;\">\$" . $_POST['grand_total1'] . "</td></tr>\n"; $msg .= "</table>\n</body>\n</html>\n"; $result = mydb::cxn()->query($insert_query); if ($r = mail_order($mail_recipient, $msg, $order_number) && mydb::cxn()->error == "") { $alert = "<div style=\"color:#33dd33; font-weight:bold; font-size:2em;\">Your order has been submitted!</div>"; } else { $alert = "<div style=\"color:#dd3333; font-weight:bold;\">There was a problem sending your order.</div>"; } } function mail_order($to, $msg, $order_number) { $subject = "SRC Apparel Order - " . $_POST['purchased_by'] . " - Order #" . $order_number; $headers = "From: SRC-Apparel@siskiyourappellers.com\r\n"; $headers .= "Reply-To: donotreply@siskiyourappellers.com\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; $result = mail($to, $subject, $msg, $headers); return $result; }