// hier erfolgt der mail-versand bzw db-eintrag
if ($ausgaben["form_error"] == "") {
if ($mail_order == -1) {
if ($confirm == -1) {
$cfg["autoform"]["captcha"]["letter_pot"] ? $put = $cfg["autoform"]["captcha"] : ($put["letter_pot"] = "abcde");
$hazard = crc32(captcha_randomize("43", $put));
$bestaetigungslink = "http://" . $_SERVER["HTTP_HOST"] . $environment["ebene"] . ".html?eintragen=" . $hazard;
$message = parser($cfg["autoform"]["location"][$environment["ebene"]]["email"]["confirm_template"], "");
mail($_POST[$cfg["autoform"]["location"][$environment["ebene"]]["email"]["form_email_feld"]], "Confirm", $message);
} else {
foreach ($_POST as $key => $value) {
${$key} = $value;
}
$message1 = parser($cfg["autoform"]["location"][$environment["ebene"]]["email"]["template1"], "");
$message2 = parser($cfg["autoform"]["location"][$environment["ebene"]]["email"]["template2"], "");
mail_order($_POST, $cfg["autoform"]["location"][$environment["ebene"]]["email"]);
}
}
if ($db_entry == -1) {
$kick = array("PHPSESSID", "form_referer", "send", "last_viewed", "captcha", "captcha_proof");
foreach ($_POST as $name => $value) {
if (!in_array($name, $kick) && !strstr($name, ")")) {
// posts absichern
if (!get_magic_quotes_gpc()) {
$value = addslashes($value);
}
if ($sqla != "") {
$sqla .= ", ";
}
if ($sqlb != "") {
$sqlb .= ", ";
function save_order($customer_id, $delivery_id, $payment_id, $comment)
{
$comment = clear($comment);
$query = "INSERT INTO `order` (customer_id, data, delivery_id, payment_id, comment)\n VALUES ({$customer_id}, NOW(), {$delivery_id}, '{$payment_id}', '{$comment}')";
mysql_query($query) or die(mysql_error());
//в переменную не сохраняем, т к результат запроса нам не потребуется
if (mysql_affected_rows() == -1) {
//фун-я возвращает колво измененных строк в результате последнего запроса
// если не получилось сохранить заказ то удаляем гостя-заказчика из таблицы
mysql_query("DELETE FROM customers \n WHERE customer_id = {$customer_id}\n AND login = ''");
return false;
//далее выполнение прекращается
}
$order_id = mysql_insert_id();
//id последнего вставленного запороса
//id сохраненного заказа
//для отправления в запросе в таблицу заказыннй товар
foreach ($_SESSION['card'] as $goods_id => $value) {
$val .= "({$order_id}, {$goods_id}, {$value['qty']}, '{$value['name']}', {$value['price']}),";
}
$val = substr($val, 0, -1);
//удаляем последнюю запятую
//заполняем таблицу заказ товар
$query = "INSERT INTO order_goods (order_id, goods_id, quantity, name, price)\n VALUES {$val}";
mysql_query($query) or die(mysql_error());
if (mysql_affected_rows() == -1) {
//если не выгрузился заказ, то удаляем его (order) и заказчика-гостя (customers) тоже
mysql_query("DELETE FROM `order` WHERE order_id = {$order_id}");
mysql_query("DELETE FROM customers \n WHERE customer_id = {$customer_id}\n AND login = ''");
return false;
} else {
//количество товара
$i = 0;
foreach ($_SESSION['card'] as $goods_id => $value) {
$query = "SELECT quantity FROM goods WHERE goods_id = '{$goods_id}' LIMIT 1";
$res = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($res);
$qty = $row['quantity'];
//echo $qty;
$qty = $qty - $value['qty'];
//echo $qty;
$query = "UPDATE goods SET quantity = '{$qty}'\n WHERE goods_id = '{$goods_id}'";
mysql_query($query) or die(mysql_error());
}
}
if ($_SESSION['auth']['email']) {
$email = $_SESSION['auth']['email'];
} else {
$email = $_SESSION['order']['email'];
}
// если работаем с гостем
mail_order($order_id, $email);
//если заказ прошел удачно, то удаляем корзину
unset($_SESSION['card']);
unset($_SESSION['total_sum']);
unset($_SESSION['total_quantity']);
$_SESSION['order']['res'] = "<div class='success'>Ваш заказ проведен успешно! Ожидайте звонка менеджера.</div>";
return true;
}
function save_order($customer_id, $prim)
{
$query = "INSERT INTO orders (`customer_id`, `date`, `prim`)\n VALUES ({$customer_id}, NOW(), '{$prim}')";
mysql_query($query) or die(mysql_error());
if (mysql_affected_rows() == -1) {
// если не получилось сохранить заказ - удаляем заказчика
mysql_query("DELETE FROM customers\n WHERE customer_id = {$customer_id} AND login = ''");
return false;
}
$order_id = mysql_insert_id();
// ID сохраненного заказа
foreach ($_SESSION['cart'] as $goods_id => $value) {
$val .= "({$order_id}, {$goods_id}, {$value['qty']}),";
}
$val = substr($val, 0, -1);
// удаляем последнюю запятую
$query = "INSERT INTO zakaz_tovar (orders_id, goods_id, quantity)\n VALUES {$val}";
mysql_query($query) or die(mysql_error());
if (mysql_affected_rows() == -1) {
// если не выгрузился заказа - удаляем заказчика (customers) и заказ (orders)
mysql_query("DELETE FROM orders WHERE order_id = {$order_id}");
mysql_query("DELETE FROM customers\n WHERE customer_id = {$customer_id} AND login = ''");
return false;
}
if (isset($_SESSION['auth']['email'])) {
$email = $_SESSION['auth']['email'];
} else {
$email = $_SESSION['order']['email'];
}
mail_order($order_id, $email);
// если заказ выгрузился
unset($_SESSION['cart']);
unset($_SESSION['total_sum']);
unset($_SESSION['total_quantity']);
$_SESSION['order']['res'] = "<div>Спасибо за Ваш заказ. В ближайшее время мы с вами свяжемся.</div>";
return true;
}
$free_or_not .= "X";
}
if ($_POST['free_item_2'] == $row['id']) {
$free_or_not .= "X";
}
$msg .= "<tr>" . "<td style=\"" . $row_style . "text-align:left;\">" . $row['name'] . "</td>" . "<td style=\"" . $row_style . "text-align:left;\">" . $row['type'] . "</td>" . "<td style=\"" . $row_style . "\">" . $row['size'] . "</td>" . "<td style=\"" . $row_style . "\">" . $qtys[$row['id']] . "</td>" . "<td style=\"" . $row_style . "\">\$" . number_format($row['price'], 2) . "</td>" . "<td style=\"" . $row_style . "text-align:right;\">\$" . number_format($qtys[$row['id']] * $row['price'], 2) . "</td>" . "<td style=\"" . $row_style . "\">" . $free_or_not . "</td></tr>\n";
if ($row_count > 1) {
$insert_query .= ", ";
}
$insert_query .= "('" . $order_number . "','" . $_SESSION['user_real_name'] . "','" . $row['name'] . "','" . $row['description'] . "','" . $row['type'] . "','" . $row['size'] . "'," . number_format($row['price'], 2) . "," . $qtys[$row['id']] . "," . strlen($free_or_not) . ")";
}
$insert_query .= ";";
$msg .= "<tr><td colspan=\"5\" style=\"text-align:right;\">Subtotal:</td><td style=\"text-align:right;\">\$" . $_POST['final_subtotal1'] . "</td></tr>\n" . "<tr><td colspan=\"5\" style=\"text-align:right;\">Free Item #1:</td><td style=\"text-align:right;\">\$" . $_POST['free_item_1_1'] . "</td></tr>\n" . "<tr><td colspan=\"5\" style=\"text-align:right;\">Free Item #2:</td><td style=\"text-align:right;\">\$" . $_POST['free_item_2_1'] . "</td></tr>\n" . "<tr><td colspan=\"5\" style=\"text-align:right;\">Grand Total:</td><td style=\"text-align:right;\">\$" . $_POST['grand_total1'] . "</td></tr>\n";
$msg .= "</table>\n</body>\n</html>\n";
$result = mydb::cxn()->query($insert_query);
if ($r = mail_order($mail_recipient, $msg, $order_number) && mydb::cxn()->error == "") {
$alert = "<div style=\"color:#33dd33; font-weight:bold; font-size:2em;\">Your order has been submitted!</div>";
} else {
$alert = "<div style=\"color:#dd3333; font-weight:bold;\">There was a problem sending your order.</div>";
}
}
function mail_order($to, $msg, $order_number)
{
$subject = "SRC Apparel Order - " . $_POST['purchased_by'] . " - Order #" . $order_number;
$headers = "From: SRC-Apparel@siskiyourappellers.com\r\n";
$headers .= "Reply-To: donotreply@siskiyourappellers.com\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$result = mail($to, $subject, $msg, $headers);
return $result;
}
